From 5744921065dde034a083f743c95a773d2352da33 Mon Sep 17 00:00:00 2001
From: Mario de Frutos Dieguez <mario@defrutos.org>
Date: Tue, 2 Jul 2019 18:20:26 +0200
Subject: [PATCH 01/12] OAuth functions

- Create/drop reassign event trigger and the function with the logic
- Function that reassings owner to ownership role if defined
---
 scripts-available/CDB_OAuth.sql | 53 +++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 scripts-available/CDB_OAuth.sql

diff --git a/scripts-available/CDB_OAuth.sql b/scripts-available/CDB_OAuth.sql
new file mode 100644
index 0000000..971bcf0
--- /dev/null
+++ b/scripts-available/CDB_OAuth.sql
@@ -0,0 +1,53 @@
+-- Function that reassign the owner of a table to their ownership_role
+CREATE OR REPLACE FUNCTION @extschema.CDB_OAuthReassignTableOwnerOnCreation()
+  RETURNS event_trigger
+  SECURITY DEFINER
+  AS $$
+DECLARE
+    obj record;
+    owner_role text;
+    creator_role text;
+BEGIN
+    FOR obj IN SELECT * FROM pg_event_trigger_ddl_commands()
+    LOOP
+      RAISE DEBUG '% ddl object: % % % %',
+                  tg_tag,
+                  obj.command_tag,
+                  obj.object_type,
+                  obj.schema_name,
+                  obj.object_identity;
+      SELECT rolname FROM pg_class JOIN pg_roles ON relowner = pg_roles.oid WHERE pg_class.oid = obj.objid INTO creator_role;
+      SELECT value->>'ownership_role_name' from cdb_conf where key = (SELECT 'api_keys_' || rolname FROM pg_class JOIN pg_roles ON relowner = pg_roles.oid WHERE pg_class.oid = obj.objid) INTO owner_role;
+      IF owner_role IS NULL THEN
+        CONTINUE;
+      ELSE
+        EXECUTE 'ALTER ' || obj.object_type || ' ' || obj.object_identity || ' OWNER TO ' || QUOTE_IDENT(owner_role);
+        EXECUTE 'GRANT ALL ON ' || obj.object_identity || ' TO ' || QUOTE_IDENT(creator_role);
+        RAISE DEBUG 'Changing ownership from % to %', creator_role, owner_role;
+      END IF;
+    END LOOP;
+END;
+$$ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE;
+
+-- Creates the trigger on DDL events in order to reassign the owner
+CREATE OR REPLACE FUNCTION @extschema@.CDB_EnableOAuthReassignTablesTrigger()
+RETURNS void
+AS $$
+  BEGIN
+    DROP EVENT TRIGGER IF EXISTS oauth_reassign_tables_trigger;
+
+    CREATE EVENT TRIGGER oauth_reassign_tables_trigger
+    ON ddl_command_end
+    WHEN TAG IN ('CREATE TABLE', 'CREATE TABLE AS', 'SELECT INTO', 'CREATE VIEW', 'CREATE FOREIGN TABLE', 'CREATE MATERIALIZED VIEW')
+    EXECUTE PROCEDURE @extschema@.CDB_OAuthReassignTableOwnerOnCreation();
+  END;
+$$ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE;
+
+-- Deletes the trigger on DDL events in order to reassign the owner
+CREATE OR REPLACE FUNCTION @extschema@.CDB_DisableOAuthReassignTablesTrigger()
+RETURNS void
+AS $$
+  BEGIN
+    DROP EVENT TRIGGER IF EXISTS oauth_reassign_tables_trigger;
+  END;
+$$ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE;

From 2be9d2d81a5c3af414428af35bd2309326acf965 Mon Sep 17 00:00:00 2001
From: Mario de Frutos Dieguez <mario@defrutos.org>
Date: Wed, 3 Jul 2019 16:48:19 +0200
Subject: [PATCH 02/12] Enable OAuth scripts

---
 scripts-enabled/300-CDB_OAuth.sql | 1 +
 1 file changed, 1 insertion(+)
 create mode 120000 scripts-enabled/300-CDB_OAuth.sql

diff --git a/scripts-enabled/300-CDB_OAuth.sql b/scripts-enabled/300-CDB_OAuth.sql
new file mode 120000
index 0000000..6730002
--- /dev/null
+++ b/scripts-enabled/300-CDB_OAuth.sql
@@ -0,0 +1 @@
+../scripts-available/CDB_OAuth.sql
\ No newline at end of file

From fe66b2865aef5fa106fc5ef613a5d03fd8ac08f0 Mon Sep 17 00:00:00 2001
From: Mario de Frutos Dieguez <mario@defrutos.org>
Date: Wed, 3 Jul 2019 16:48:30 +0200
Subject: [PATCH 03/12] Upgrade version to 0.29.0

---
 Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 82034e5..4c3d15a 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
 # cartodb/Makefile
 
 EXTENSION = cartodb
-EXTVERSION = 0.28.1
+EXTVERSION = 0.29.0
 
 SED = sed
 AWK = awk
@@ -100,7 +100,7 @@ UPGRADABLE = \
   0.27.1 \
   0.27.2 \
   0.28.0 \
-  0.28.1 \
+  0.29.0 \
   $(EXTVERSION)dev \
   $(EXTVERSION)next \
   $(END)

From f4be59cae029e7f6f82b8f2f9028ffdfdef6e1ba Mon Sep 17 00:00:00 2001
From: Mario de Frutos Dieguez <mario@defrutos.org>
Date: Wed, 3 Jul 2019 18:00:57 +0200
Subject: [PATCH 04/12] Added tests

---
 scripts-available/CDB_OAuth.sql |  2 +-
 test/CDB_OAuth.sql              | 48 +++++++++++++++++++++++++++++++++
 test/CDB_OAuth_expect           | 15 +++++++++++
 3 files changed, 64 insertions(+), 1 deletion(-)
 create mode 100644 test/CDB_OAuth.sql
 create mode 100644 test/CDB_OAuth_expect

diff --git a/scripts-available/CDB_OAuth.sql b/scripts-available/CDB_OAuth.sql
index 971bcf0..16f75f2 100644
--- a/scripts-available/CDB_OAuth.sql
+++ b/scripts-available/CDB_OAuth.sql
@@ -1,5 +1,5 @@
 -- Function that reassign the owner of a table to their ownership_role
-CREATE OR REPLACE FUNCTION @extschema.CDB_OAuthReassignTableOwnerOnCreation()
+CREATE OR REPLACE FUNCTION @extschema@.CDB_OAuthReassignTableOwnerOnCreation()
   RETURNS event_trigger
   SECURITY DEFINER
   AS $$
diff --git a/test/CDB_OAuth.sql b/test/CDB_OAuth.sql
new file mode 100644
index 0000000..e97a283
--- /dev/null
+++ b/test/CDB_OAuth.sql
@@ -0,0 +1,48 @@
+-- Create user and enable OAuth event trigger
+\set QUIET on
+SET client_min_messages TO error;
+CREATE ROLE "creator_role" LOGIN;
+CREATE ROLE "ownership_role" LOGIN;
+GRANT ALL ON SCHEMA cartodb TO "creator_role";
+SELECT CDB_Conf_SetConf('api_keys_creator_role', '{"username": "creator_role", "permissions":[], "ownership_role_name": "ownership_role"}');
+SET SESSION AUTHORIZATION "creator_role";
+SET client_min_messages TO notice;
+\set QUIET off
+
+CREATE TABLE test(id INT);
+INSERT INTO test VALUES(1);
+SELECT * FROM test;
+
+\set QUIET on
+SET SESSION AUTHORIZATION "ownership_role";
+\set QUIET off
+
+SELECT * FROM test2;
+
+\set QUIET on
+SET SESSION AUTHORIZATION postgres;
+SELECT CDB_EnableOAuthReassignTablesTrigger();
+SET SESSION AUTHORIZATION "creator_role";
+\set QUIET off
+
+CREATE TABLE test2(id INT);
+INSERT INTO test2 VALUES(1);
+SELECT * FROM test2;
+
+\set QUIET on
+SET SESSION AUTHORIZATION "ownership_role";
+\set QUIET off
+
+SELECT * FROM test2;
+
+-- Cleanup
+\set QUIET on
+SET SESSION AUTHORIZATION postgres;
+SELECT CDB_DisableOAuthReassignTablesTrigger();
+DROP TABLE test;
+DROP TABLE test2;
+DROP ROLE "ownership_role";
+REVOKE ALL ON SCHEMA cartodb FROM "creator_role";
+DROP ROLE "creator_role";
+DELETE FROM cdb_conf WHERE key = 'api_keys_creator_role';
+\set QUIET off
diff --git a/test/CDB_OAuth_expect b/test/CDB_OAuth_expect
new file mode 100644
index 0000000..ab0ef0d
--- /dev/null
+++ b/test/CDB_OAuth_expect
@@ -0,0 +1,15 @@
+\set ECHO none
+
+CREATE TABLE
+INSERT 0 1
+1
+ERROR:  relation "test2" does not exist
+LINE 1: SELECT * FROM test2;
+                      ^
+NOTICE:  event trigger "oauth_reassign_tables_trigger" does not exist, skipping
+
+CREATE TABLE
+INSERT 0 1
+1
+1
+

From 8ecd2cd5e20be44441325393604a3358e123a5ac Mon Sep 17 00:00:00 2001
From: Mario de Frutos Dieguez <mario@defrutos.org>
Date: Thu, 4 Jul 2019 11:26:26 +0200
Subject: [PATCH 05/12] Reuser creator_role

Co-Authored-By: Alberto Romeu <alrocar@users.noreply.github.com>
---
 scripts-available/CDB_OAuth.sql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts-available/CDB_OAuth.sql b/scripts-available/CDB_OAuth.sql
index 16f75f2..8a81ae5 100644
--- a/scripts-available/CDB_OAuth.sql
+++ b/scripts-available/CDB_OAuth.sql
@@ -17,7 +17,7 @@ BEGIN
                   obj.schema_name,
                   obj.object_identity;
       SELECT rolname FROM pg_class JOIN pg_roles ON relowner = pg_roles.oid WHERE pg_class.oid = obj.objid INTO creator_role;
-      SELECT value->>'ownership_role_name' from cdb_conf where key = (SELECT 'api_keys_' || rolname FROM pg_class JOIN pg_roles ON relowner = pg_roles.oid WHERE pg_class.oid = obj.objid) INTO owner_role;
+      SELECT value->>'ownership_role_name' from cdb_conf where key = 'api_keys_' || creator_role INTO owner_role;
       IF owner_role IS NULL THEN
         CONTINUE;
       ELSE

From 0f1c98c74363cf3b798fe1680782c0c2af5d439b Mon Sep 17 00:00:00 2001
From: Mario de Frutos Dieguez <mario@defrutos.org>
Date: Thu, 4 Jul 2019 13:07:50 +0200
Subject: [PATCH 06/12] Check for empty strings as well

---
 scripts-available/CDB_OAuth.sql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts-available/CDB_OAuth.sql b/scripts-available/CDB_OAuth.sql
index 8a81ae5..6ae7653 100644
--- a/scripts-available/CDB_OAuth.sql
+++ b/scripts-available/CDB_OAuth.sql
@@ -18,7 +18,7 @@ BEGIN
                   obj.object_identity;
       SELECT rolname FROM pg_class JOIN pg_roles ON relowner = pg_roles.oid WHERE pg_class.oid = obj.objid INTO creator_role;
       SELECT value->>'ownership_role_name' from cdb_conf where key = 'api_keys_' || creator_role INTO owner_role;
-      IF owner_role IS NULL THEN
+      IF owner_role IS NULL OR owner_role = '' THEN
         CONTINUE;
       ELSE
         EXECUTE 'ALTER ' || obj.object_type || ' ' || obj.object_identity || ' OWNER TO ' || QUOTE_IDENT(owner_role);

From 3eb8ab24d89531514c05952c3d4ca50326b0fe90 Mon Sep 17 00:00:00 2001
From: Mario de Frutos Dieguez <mario@defrutos.org>
Date: Thu, 4 Jul 2019 13:46:53 +0200
Subject: [PATCH 07/12] Improved tests

---
 test/CDB_OAuth.sql    | 135 ++++++++++++++++++++++++++++++++++++++++--
 test/CDB_OAuth_expect |  83 ++++++++++++++++++++++++--
 2 files changed, 210 insertions(+), 8 deletions(-)

diff --git a/test/CDB_OAuth.sql b/test/CDB_OAuth.sql
index e97a283..4a2b447 100644
--- a/test/CDB_OAuth.sql
+++ b/test/CDB_OAuth.sql
@@ -4,20 +4,47 @@ SET client_min_messages TO error;
 CREATE ROLE "creator_role" LOGIN;
 CREATE ROLE "ownership_role" LOGIN;
 GRANT ALL ON SCHEMA cartodb TO "creator_role";
-SELECT CDB_Conf_SetConf('api_keys_creator_role', '{"username": "creator_role", "permissions":[], "ownership_role_name": "ownership_role"}');
+SELECT CDB_Conf_SetConf('api_keys_creator_role', '{"username": "creator_role", "permissions":[]}');
 SET SESSION AUTHORIZATION "creator_role";
 SET client_min_messages TO notice;
 \set QUIET off
 
+-- First part without event trigger
+
 CREATE TABLE test(id INT);
 INSERT INTO test VALUES(1);
+CREATE TABLE test_tablesas AS SELECT * FROM test;
+CREATE VIEW test_view AS SELECT * FROM test;
+CREATE MATERIALIZED VIEW test_mview AS SELECT * FROM test;
+SELECT * INTO test_selectinto FROM test;
+
 SELECT * FROM test;
+SELECT * FROM test_tablesas;
+SELECT * FROM test_view;
+SELECT * FROM test_mview;
+SELECT * FROM test_selectinto;
 
 \set QUIET on
 SET SESSION AUTHORIZATION "ownership_role";
 \set QUIET off
 
-SELECT * FROM test2;
+SELECT * FROM test;
+SELECT * FROM test_tablesas;
+SELECT * FROM test_view;
+SELECT * FROM test_mview;
+SELECT * FROM test_selectinto;
+
+\set QUIET on
+SET SESSION AUTHORIZATION "creator_role";
+\set QUIET off
+
+DROP TABLE test_tablesas;
+DROP VIEW test_view;
+DROP MATERIALIZED VIEW test_mview;
+DROP TABLE test_selectinto;
+DROP TABLE test;
+
+-- Second part with event trigger but without ownership_role_name in cdb_conf
 
 \set QUIET on
 SET SESSION AUTHORIZATION postgres;
@@ -27,20 +54,120 @@ SET SESSION AUTHORIZATION "creator_role";
 
 CREATE TABLE test2(id INT);
 INSERT INTO test2 VALUES(1);
+CREATE TABLE test2_tablesas AS SELECT * FROM test2;
+CREATE VIEW test2_view AS SELECT * FROM test2;
+CREATE MATERIALIZED VIEW test2_mview AS SELECT * FROM test2;
+SELECT * INTO test2_selectinto FROM test2;
+
 SELECT * FROM test2;
+SELECT * FROM test2_tablesas;
+SELECT * FROM test2_view;
+SELECT * FROM test2_mview;
+SELECT * FROM test2_selectinto;
 
 \set QUIET on
 SET SESSION AUTHORIZATION "ownership_role";
 \set QUIET off
 
 SELECT * FROM test2;
+SELECT * FROM test2_tablesas;
+SELECT * FROM test2_view;
+SELECT * FROM test2_mview;
+SELECT * FROM test2_selectinto;
+
+\set QUIET on
+SET SESSION AUTHORIZATION "creator_role";
+\set QUIET off
+
+DROP TABLE test2_tablesas;
+DROP VIEW test2_view;
+DROP MATERIALIZED VIEW test2_mview;
+DROP TABLE test2_selectinto;
+DROP TABLE test2;
+
+-- Third part with event trigger but with empty ownership_role_name in cdb_conf
+
+\set QUIET on
+SET SESSION AUTHORIZATION postgres;
+SELECT CDB_Conf_SetConf('api_keys_creator_role', '{"username": "creator_role", "permissions":[], "ownership_role_name": ""}');
+SET SESSION AUTHORIZATION "creator_role";
+\set QUIET off
+
+CREATE TABLE test3(id INT);
+INSERT INTO test3 VALUES(1);
+CREATE TABLE test3_tablesas AS SELECT * FROM test3;
+CREATE VIEW test3_view AS SELECT * FROM test3;
+CREATE MATERIALIZED VIEW test3_mview AS SELECT * FROM test3;
+SELECT * INTO test3_selectinto FROM test3;
+
+SELECT * FROM test3;
+SELECT * FROM test3_tablesas;
+SELECT * FROM test3_view;
+SELECT * FROM test3_mview;
+SELECT * FROM test3_selectinto;
+
+\set QUIET on
+SET SESSION AUTHORIZATION "ownership_role";
+\set QUIET off
+
+SELECT * FROM test3;
+SELECT * FROM test3_tablesas;
+SELECT * FROM test3_view;
+SELECT * FROM test3_mview;
+SELECT * FROM test3_selectinto;
+
+\set QUIET on
+SET SESSION AUTHORIZATION "creator_role";
+\set QUIET off
+
+DROP TABLE test3_tablesas;
+DROP VIEW test3_view;
+DROP MATERIALIZED VIEW test3_mview;
+DROP TABLE test3_selectinto;
+DROP TABLE test3;
+
+-- Fourth part with the event trigger active and configured
+
+\set QUIET on
+SET SESSION AUTHORIZATION postgres;
+SELECT CDB_Conf_SetConf('api_keys_creator_role', '{"username": "creator_role", "permissions":[], "ownership_role_name": "ownership_role"}');
+SET SESSION AUTHORIZATION "creator_role";
+\set QUIET off
+
+CREATE TABLE test4(id INT);
+INSERT INTO test4 VALUES(1);
+CREATE TABLE test4_tablesas AS SELECT * FROM test4;
+CREATE VIEW test4_view AS SELECT * FROM test4;
+CREATE MATERIALIZED VIEW test4_mview AS SELECT * FROM test4;
+SELECT * INTO test4_selectinto FROM test4;
+
+SELECT * FROM test4;
+SELECT * FROM test4_tablesas;
+SELECT * FROM test4_view;
+SELECT * FROM test4_mview;
+SELECT * FROM test4_selectinto;
+
+\set QUIET on
+SET SESSION AUTHORIZATION "ownership_role";
+\set QUIET off
+
+SELECT * FROM test4;
+SELECT * FROM test4_tablesas;
+SELECT * FROM test4_view;
+SELECT * FROM test4_mview;
+SELECT * FROM test4_selectinto;
+
+-- Ownership role drops the tables
+DROP TABLE test4_tablesas;
+DROP VIEW test4_view;
+DROP MATERIALIZED VIEW test4_mview;
+DROP TABLE test4_selectinto;
+DROP TABLE test4;
 
 -- Cleanup
 \set QUIET on
 SET SESSION AUTHORIZATION postgres;
 SELECT CDB_DisableOAuthReassignTablesTrigger();
-DROP TABLE test;
-DROP TABLE test2;
 DROP ROLE "ownership_role";
 REVOKE ALL ON SCHEMA cartodb FROM "creator_role";
 DROP ROLE "creator_role";
diff --git a/test/CDB_OAuth_expect b/test/CDB_OAuth_expect
index ab0ef0d..f536c43 100644
--- a/test/CDB_OAuth_expect
+++ b/test/CDB_OAuth_expect
@@ -1,15 +1,90 @@
-\set ECHO none
 
 CREATE TABLE
 INSERT 0 1
+SELECT 1
+CREATE VIEW
+SELECT 1
+SELECT 1
 1
-ERROR:  relation "test2" does not exist
-LINE 1: SELECT * FROM test2;
-                      ^
+1
+1
+1
+1
+ERROR:  permission denied for relation test
+ERROR:  permission denied for relation test_tablesas
+ERROR:  permission denied for relation test_view
+ERROR:  permission denied for relation test_mview
+ERROR:  permission denied for relation test_selectinto
+DROP TABLE
+DROP VIEW
+DROP MATERIALIZED VIEW
+DROP TABLE
+DROP TABLE
 NOTICE:  event trigger "oauth_reassign_tables_trigger" does not exist, skipping
 
 CREATE TABLE
 INSERT 0 1
+SELECT 1
+CREATE VIEW
+SELECT 1
+SELECT 1
 1
 1
+1
+1
+1
+ERROR:  permission denied for relation test2
+ERROR:  permission denied for relation test2_tablesas
+ERROR:  permission denied for relation test2_view
+ERROR:  permission denied for relation test2_mview
+ERROR:  permission denied for relation test2_selectinto
+DROP TABLE
+DROP VIEW
+DROP MATERIALIZED VIEW
+DROP TABLE
+DROP TABLE
+
+CREATE TABLE
+INSERT 0 1
+SELECT 1
+CREATE VIEW
+SELECT 1
+SELECT 1
+1
+1
+1
+1
+1
+ERROR:  permission denied for relation test3
+ERROR:  permission denied for relation test3_tablesas
+ERROR:  permission denied for relation test3_view
+ERROR:  permission denied for relation test3_mview
+ERROR:  permission denied for relation test3_selectinto
+DROP TABLE
+DROP VIEW
+DROP MATERIALIZED VIEW
+DROP TABLE
+DROP TABLE
+
+CREATE TABLE
+INSERT 0 1
+SELECT 1
+CREATE VIEW
+SELECT 1
+SELECT 1
+1
+1
+1
+1
+1
+1
+1
+1
+1
+1
+DROP TABLE
+DROP VIEW
+DROP MATERIALIZED VIEW
+DROP TABLE
+DROP TABLE
 

From f55d789c4171e78f456536342d533046f7ae4585 Mon Sep 17 00:00:00 2001
From: Mario de Frutos Dieguez <mario@defrutos.org>
Date: Thu, 4 Jul 2019 17:40:00 +0200
Subject: [PATCH 08/12] Make some tests to have different expects for different
 PG versions

---
 Makefile                   |  8 +++-
 test/CDB_OAuth_expect.pg11 | 90 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 97 insertions(+), 1 deletion(-)
 create mode 100644 test/CDB_OAuth_expect.pg11

diff --git a/Makefile b/Makefile
index 4c3d15a..8e51b0f 100644
--- a/Makefile
+++ b/Makefile
@@ -130,6 +130,8 @@ PG_CONFIG = pg_config
 PGXS := $(shell $(PG_CONFIG) --pgxs)
 include $(PGXS)
 
+PG_VERSION := $(shell $(PG_CONFIG) --version | $(AWK) '{split($$2,a,"."); print a[1]}')
+
 $(EXTENSION)--$(EXTVERSION).sql: $(CDBSCRIPTS) cartodb_version.sql Makefile
 	echo '\echo Use "CREATE EXTENSION $(EXTENSION)" to load this file. \quit' > $@
 	cat $(CDBSCRIPTS) | \
@@ -171,7 +173,11 @@ legacy_regress: $(REGRESS_OLD) Makefile
 			$(SED) -e 's/@@VERSION@@/$(EXTVERSION)/' -e 's/@extschema@/cartodb/g' -e "s/@postgisschema@/public/g" >> $${of}; \
 		exp=expected/test/$${tn}.out; \
 		echo '\set ECHO none' > $${exp}; \
-		cat test/$${tn}_expect >> $${exp}; \
+		if [[ -f "test/$${tn}_expect.pg$(PG_VERSION)" ]]; then \
+			cat test/$${tn}_expect.pg$(PG_VERSION) >> $${exp}; \
+		else \
+			cat test/$${tn}_expect >> $${exp}; \
+		fi \
 	done
 
 test_organization:
diff --git a/test/CDB_OAuth_expect.pg11 b/test/CDB_OAuth_expect.pg11
new file mode 100644
index 0000000..73767d2
--- /dev/null
+++ b/test/CDB_OAuth_expect.pg11
@@ -0,0 +1,90 @@
+
+CREATE TABLE
+INSERT 0 1
+SELECT 1
+CREATE VIEW
+SELECT 1
+SELECT 1
+1
+1
+1
+1
+1
+ERROR:  permission denied for table test
+ERROR:  permission denied for table test_tablesas
+ERROR:  permission denied for view test_view
+ERROR:  permission denied for materialized view test_mview
+ERROR:  permission denied for table test_selectinto
+DROP TABLE
+DROP VIEW
+DROP MATERIALIZED VIEW
+DROP TABLE
+DROP TABLE
+NOTICE:  event trigger "oauth_reassign_tables_trigger" does not exist, skipping
+
+CREATE TABLE
+INSERT 0 1
+SELECT 1
+CREATE VIEW
+SELECT 1
+SELECT 1
+1
+1
+1
+1
+1
+ERROR:  permission denied for table test2
+ERROR:  permission denied for table test2_tablesas
+ERROR:  permission denied for view test2_view
+ERROR:  permission denied for materialized view test2_mview
+ERROR:  permission denied for table test2_selectinto
+DROP TABLE
+DROP VIEW
+DROP MATERIALIZED VIEW
+DROP TABLE
+DROP TABLE
+
+CREATE TABLE
+INSERT 0 1
+SELECT 1
+CREATE VIEW
+SELECT 1
+SELECT 1
+1
+1
+1
+1
+1
+ERROR:  permission denied for table test3
+ERROR:  permission denied for table test3_tablesas
+ERROR:  permission denied for view test3_view
+ERROR:  permission denied for materialized view test3_mview
+ERROR:  permission denied for table test3_selectinto
+DROP TABLE
+DROP VIEW
+DROP MATERIALIZED VIEW
+DROP TABLE
+DROP TABLE
+
+CREATE TABLE
+INSERT 0 1
+SELECT 1
+CREATE VIEW
+SELECT 1
+SELECT 1
+1
+1
+1
+1
+1
+1
+1
+1
+1
+1
+DROP TABLE
+DROP VIEW
+DROP MATERIALIZED VIEW
+DROP TABLE
+DROP TABLE
+

From 91c3b86d45e903eb81e9a53784ef1ecaea6a2f12 Mon Sep 17 00:00:00 2001
From: Mario de Frutos Dieguez <mario@defrutos.org>
Date: Thu, 4 Jul 2019 17:53:11 +0200
Subject: [PATCH 09/12] Updated NEWS and tests README

---
 NEWS.md     | 6 ++++++
 test/README | 8 ++++++++
 2 files changed, 14 insertions(+)

diff --git a/NEWS.md b/NEWS.md
index 7ddf483..7d43695 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -1,3 +1,9 @@
+0.29.0 (2019-xx-xx)
+* Added new function CDB_OAuth:
+  * Install event trigger to check for table/views creation
+  * Reassign the ownership of new tables to a defined role in the cdb_conf
+* Changed MakeFile to support different expects for differents PG versions
+
 0.28.1 (2019-07-04)
 * Avoid temporary tables creation in CDB_SyncTable (#366)
 * Make CDB_Get_Foreign_Updated_At robust to missing CDB_TableMetadata (#362)
diff --git a/test/README b/test/README
index 6dcf328..9e630e5 100644
--- a/test/README
+++ b/test/README
@@ -6,6 +6,14 @@ Example, to add a test for CDB_Something function, you'd add:
  - CDB_SomethingTest.sql
  - CDB_SomethingTest_expect
 
+In case you need multiple expects of a test for different versions you have
+to add .pg$(VERSION) at the end of the file.
+
+For example if you want an expect file for PG11 you need to have two expect files:
+
+  - CDB_SomethingTest_expect
+  - CDB_SomethingTest_expect.pg11
+
 To easy the generation of the expected file you can initially omit it,
 then run "make -C .. installcheck" from the top-level dir and copy
 ../results/test/CDB_SomethingTest.out to CDB_SomethingTest_expect chopping

From 2eae7876e271b5da5edfe113d6af2b4582ec0b3e Mon Sep 17 00:00:00 2001
From: Gonzalo Riestra <gonzalor@cartodb.com>
Date: Fri, 12 Jul 2019 08:38:21 +0200
Subject: [PATCH 10/12] fix makefile

---
 Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile b/Makefile
index 8e51b0f..02072ab 100644
--- a/Makefile
+++ b/Makefile
@@ -100,6 +100,7 @@ UPGRADABLE = \
   0.27.1 \
   0.27.2 \
   0.28.0 \
+  0.28.1 \
   0.29.0 \
   $(EXTVERSION)dev \
   $(EXTVERSION)next \

From a5cb9f268d200446037b28366a73c4e8af255717 Mon Sep 17 00:00:00 2001
From: Gonzalo Riestra <gonzalor@cartodb.com>
Date: Mon, 15 Jul 2019 12:31:44 +0200
Subject: [PATCH 11/12] reassign ownership for sequences and functions as well

---
 scripts-available/CDB_OAuth.sql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts-available/CDB_OAuth.sql b/scripts-available/CDB_OAuth.sql
index 6ae7653..29f3e39 100644
--- a/scripts-available/CDB_OAuth.sql
+++ b/scripts-available/CDB_OAuth.sql
@@ -38,7 +38,7 @@ AS $$
 
     CREATE EVENT TRIGGER oauth_reassign_tables_trigger
     ON ddl_command_end
-    WHEN TAG IN ('CREATE TABLE', 'CREATE TABLE AS', 'SELECT INTO', 'CREATE VIEW', 'CREATE FOREIGN TABLE', 'CREATE MATERIALIZED VIEW')
+    WHEN TAG IN ('CREATE TABLE', 'CREATE TABLE AS', 'SELECT INTO', 'CREATE VIEW', 'CREATE FOREIGN TABLE', 'CREATE MATERIALIZED VIEW', 'CREATE SEQUENCE', 'CREATE FUNCTION')
     EXECUTE PROCEDURE @extschema@.CDB_OAuthReassignTableOwnerOnCreation();
   END;
 $$ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE;

From a1e3e9a8dffcac9248fb2751d601ad147808a199 Mon Sep 17 00:00:00 2001
From: Gonzalo Riestra <gonzalor@cartodb.com>
Date: Mon, 15 Jul 2019 13:42:43 +0200
Subject: [PATCH 12/12] update news

---
 NEWS.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/NEWS.md b/NEWS.md
index 7d43695..cf7b0c2 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -1,7 +1,7 @@
-0.29.0 (2019-xx-xx)
+0.29.0 (2019-07-15)
 * Added new function CDB_OAuth:
-  * Install event trigger to check for table/views creation
-  * Reassign the ownership of new tables to a defined role in the cdb_conf
+  * Install event trigger to check for table/view/sequence/function creation
+  * Reassign the ownership of new objects to a defined role in the cdb_conf
 * Changed MakeFile to support different expects for differents PG versions
 
 0.28.1 (2019-07-04)