Make CDB_OAuth independent of the PG version

This commit is contained in:
Raul Marin 2019-10-24 11:33:07 +02:00
parent 409b067721
commit 7f9a748119
5 changed files with 49 additions and 215 deletions

View File

@ -182,11 +182,7 @@ legacy_regress: $(REGRESS_OLD) Makefile
$(SED) -e 's/@@VERSION@@/$(EXTVERSION)/' -e 's/@extschema@/cartodb/g' -e "s/@postgisschema@/public/g" >> $${of}; \ $(SED) -e 's/@@VERSION@@/$(EXTVERSION)/' -e 's/@extschema@/cartodb/g' -e "s/@postgisschema@/public/g" >> $${of}; \
exp=expected/test/$${tn}.out; \ exp=expected/test/$${tn}.out; \
echo '\set ECHO none' > $${exp}; \ echo '\set ECHO none' > $${exp}; \
if [[ -f "test/$${tn}_expect.pg$(PG_VERSION)" ]]; then \
cat test/$${tn}_expect.pg$(PG_VERSION) >> $${exp}; \
else \
cat test/$${tn}_expect >> $${exp}; \ cat test/$${tn}_expect >> $${exp}; \
fi \
done done
test_organization: test_organization:

View File

@ -1,6 +1,23 @@
-- Create user and enable OAuth event trigger -- Create user and enable OAuth event trigger
\set QUIET on \set QUIET on
SET client_min_messages TO error; SET client_min_messages TO error;
-- The permission error changed between pre PG11 and post 11 (before everythin "relation", now it's "view", "table" and so on
CREATE OR REPLACE FUNCTION catch_permission_error(query text)
RETURNS bool
AS $$
BEGIN
EXECUTE query;
RETURN FALSE;
EXCEPTION
WHEN insufficient_privilege THEN
RETURN TRUE;
WHEN OTHERS THEN
RAISE WARNING 'Exception %', sqlstate;
RETURN FALSE;
END
$$ LANGUAGE 'plpgsql';
DROP ROLE IF EXISTS "creator_role"; DROP ROLE IF EXISTS "creator_role";
CREATE ROLE "creator_role" LOGIN; CREATE ROLE "creator_role" LOGIN;
DROP ROLE IF EXISTS "ownership_role"; DROP ROLE IF EXISTS "ownership_role";
@ -30,11 +47,11 @@ SELECT * FROM test_selectinto;
SET SESSION AUTHORIZATION "ownership_role"; SET SESSION AUTHORIZATION "ownership_role";
\set QUIET off \set QUIET off
SELECT * FROM test; SELECT 'denied_table', catch_permission_error($$SELECT * FROM test;$$);
SELECT * FROM test_tablesas; SELECT 'denied_tableas', catch_permission_error($$SELECT * FROM test_tablesas;$$);
SELECT * FROM test_view; SELECT 'denied_view', catch_permission_error($$SELECT * FROM test_view;$$);
SELECT * FROM test_mview; SELECT 'denied_mview', catch_permission_error($$SELECT * FROM test_mview;$$);
SELECT * FROM test_selectinto; SELECT 'denied_selectinto', catch_permission_error($$SELECT * FROM test_selectinto;$$);
\set QUIET on \set QUIET on
SET SESSION AUTHORIZATION "creator_role"; SET SESSION AUTHORIZATION "creator_role";
@ -71,11 +88,11 @@ SELECT * FROM test2_selectinto;
SET SESSION AUTHORIZATION "ownership_role"; SET SESSION AUTHORIZATION "ownership_role";
\set QUIET off \set QUIET off
SELECT * FROM test2; SELECT 'denied_table2', catch_permission_error($$SELECT * FROM test2;$$);
SELECT * FROM test2_tablesas; SELECT 'denied_tableas2', catch_permission_error($$SELECT * FROM test2_tablesas;$$);
SELECT * FROM test2_view; SELECT 'denied_view2', catch_permission_error($$SELECT * FROM test2_view;$$);
SELECT * FROM test2_mview; SELECT 'denied_mview2', catch_permission_error($$SELECT * FROM test2_mview;$$);
SELECT * FROM test2_selectinto; SELECT 'denied_selectinto2', catch_permission_error($$SELECT * FROM test2_selectinto;$$);
\set QUIET on \set QUIET on
SET SESSION AUTHORIZATION "creator_role"; SET SESSION AUTHORIZATION "creator_role";
@ -112,11 +129,11 @@ SELECT * FROM test3_selectinto;
SET SESSION AUTHORIZATION "ownership_role"; SET SESSION AUTHORIZATION "ownership_role";
\set QUIET off \set QUIET off
SELECT * FROM test3; SELECT 'denied_table3', catch_permission_error($$SELECT * FROM test3;$$);
SELECT * FROM test3_tablesas; SELECT 'denied_tableas3', catch_permission_error($$SELECT * FROM test3_tablesas;$$);
SELECT * FROM test3_view; SELECT 'denied_view3', catch_permission_error($$SELECT * FROM test3_view;$$);
SELECT * FROM test3_mview; SELECT 'denied_mview3', catch_permission_error($$SELECT * FROM test3_mview;$$);
SELECT * FROM test3_selectinto; SELECT 'denied_selectinto3', catch_permission_error($$SELECT * FROM test3_selectinto;$$);
\set QUIET on \set QUIET on
SET SESSION AUTHORIZATION "creator_role"; SET SESSION AUTHORIZATION "creator_role";
@ -174,4 +191,5 @@ DROP ROLE "ownership_role";
REVOKE ALL ON SCHEMA cartodb FROM "creator_role"; REVOKE ALL ON SCHEMA cartodb FROM "creator_role";
DROP ROLE "creator_role"; DROP ROLE "creator_role";
DELETE FROM cdb_conf WHERE key = 'api_keys_creator_role'; DELETE FROM cdb_conf WHERE key = 'api_keys_creator_role';
DROP FUNCTION catch_permission_error(text);
\set QUIET off \set QUIET off

View File

@ -10,11 +10,11 @@ SELECT 1
1 1
1 1
1 1
ERROR: permission denied for relation test denied_table|t
ERROR: permission denied for relation test_tablesas denied_tableas|t
ERROR: permission denied for relation test_view denied_view|t
ERROR: permission denied for relation test_mview denied_mview|t
ERROR: permission denied for relation test_selectinto denied_selectinto|t
DROP TABLE DROP TABLE
DROP VIEW DROP VIEW
DROP MATERIALIZED VIEW DROP MATERIALIZED VIEW
@ -33,11 +33,11 @@ SELECT 1
1 1
1 1
1 1
ERROR: permission denied for relation test2 denied_table2|t
ERROR: permission denied for relation test2_tablesas denied_tableas2|t
ERROR: permission denied for relation test2_view denied_view2|t
ERROR: permission denied for relation test2_mview denied_mview2|t
ERROR: permission denied for relation test2_selectinto denied_selectinto2|t
DROP TABLE DROP TABLE
DROP VIEW DROP VIEW
DROP MATERIALIZED VIEW DROP MATERIALIZED VIEW
@ -55,11 +55,11 @@ SELECT 1
1 1
1 1
1 1
ERROR: permission denied for relation test3 denied_table3|t
ERROR: permission denied for relation test3_tablesas denied_tableas3|t
ERROR: permission denied for relation test3_view denied_view3|t
ERROR: permission denied for relation test3_mview denied_mview3|t
ERROR: permission denied for relation test3_selectinto denied_selectinto3|t
DROP TABLE DROP TABLE
DROP VIEW DROP VIEW
DROP MATERIALIZED VIEW DROP MATERIALIZED VIEW

View File

@ -1,90 +0,0 @@
CREATE TABLE
INSERT 0 1
SELECT 1
CREATE VIEW
SELECT 1
SELECT 1
1
1
1
1
1
ERROR: permission denied for table test
ERROR: permission denied for table test_tablesas
ERROR: permission denied for view test_view
ERROR: permission denied for materialized view test_mview
ERROR: permission denied for table test_selectinto
DROP TABLE
DROP VIEW
DROP MATERIALIZED VIEW
DROP TABLE
DROP TABLE
NOTICE: event trigger "oauth_reassign_tables_trigger" does not exist, skipping
CREATE TABLE
INSERT 0 1
SELECT 1
CREATE VIEW
SELECT 1
SELECT 1
1
1
1
1
1
ERROR: permission denied for table test2
ERROR: permission denied for table test2_tablesas
ERROR: permission denied for view test2_view
ERROR: permission denied for materialized view test2_mview
ERROR: permission denied for table test2_selectinto
DROP TABLE
DROP VIEW
DROP MATERIALIZED VIEW
DROP TABLE
DROP TABLE
CREATE TABLE
INSERT 0 1
SELECT 1
CREATE VIEW
SELECT 1
SELECT 1
1
1
1
1
1
ERROR: permission denied for table test3
ERROR: permission denied for table test3_tablesas
ERROR: permission denied for view test3_view
ERROR: permission denied for materialized view test3_mview
ERROR: permission denied for table test3_selectinto
DROP TABLE
DROP VIEW
DROP MATERIALIZED VIEW
DROP TABLE
DROP TABLE
CREATE TABLE
INSERT 0 1
SELECT 1
CREATE VIEW
SELECT 1
SELECT 1
1
1
1
1
1
1
1
1
1
1
DROP TABLE
DROP VIEW
DROP MATERIALIZED VIEW
DROP TABLE
DROP TABLE

View File

@ -1,90 +0,0 @@
CREATE TABLE
INSERT 0 1
SELECT 1
CREATE VIEW
SELECT 1
SELECT 1
1
1
1
1
1
ERROR: permission denied for table test
ERROR: permission denied for table test_tablesas
ERROR: permission denied for view test_view
ERROR: permission denied for materialized view test_mview
ERROR: permission denied for table test_selectinto
DROP TABLE
DROP VIEW
DROP MATERIALIZED VIEW
DROP TABLE
DROP TABLE
NOTICE: event trigger "oauth_reassign_tables_trigger" does not exist, skipping
CREATE TABLE
INSERT 0 1
SELECT 1
CREATE VIEW
SELECT 1
SELECT 1
1
1
1
1
1
ERROR: permission denied for table test2
ERROR: permission denied for table test2_tablesas
ERROR: permission denied for view test2_view
ERROR: permission denied for materialized view test2_mview
ERROR: permission denied for table test2_selectinto
DROP TABLE
DROP VIEW
DROP MATERIALIZED VIEW
DROP TABLE
DROP TABLE
CREATE TABLE
INSERT 0 1
SELECT 1
CREATE VIEW
SELECT 1
SELECT 1
1
1
1
1
1
ERROR: permission denied for table test3
ERROR: permission denied for table test3_tablesas
ERROR: permission denied for view test3_view
ERROR: permission denied for materialized view test3_mview
ERROR: permission denied for table test3_selectinto
DROP TABLE
DROP VIEW
DROP MATERIALIZED VIEW
DROP TABLE
DROP TABLE
CREATE TABLE
INSERT 0 1
SELECT 1
CREATE VIEW
SELECT 1
SELECT 1
1
1
1
1
1
1
1
1
1
1
DROP TABLE
DROP VIEW
DROP MATERIALIZED VIEW
DROP TABLE
DROP TABLE