From 4f75a68844e19aa32f91880d9c6f7debce602064 Mon Sep 17 00:00:00 2001 From: Astha Mohta Date: Thu, 23 Feb 2023 22:25:46 +0530 Subject: [PATCH 1/3] feat: fgac pg testing --- system-test/spanner.ts | 66 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/system-test/spanner.ts b/system-test/spanner.ts index 7b6bc90ca..65e845d1e 100644 --- a/system-test/spanner.ts +++ b/system-test/spanner.ts @@ -2166,6 +2166,14 @@ describe('Spanner', () => { await new Promise(resolve => setTimeout(resolve, 60000)); }); + it('POSTGRESQL should create a user defined role', async function () { + if (IS_EMULATOR_ENABLED) { + this.skip(); + } + await createUserDefinedDatabaseRole(PG_DATABASE, 'CREATE ROLE parent'); + await new Promise(resolve => setTimeout(resolve, 60000)); + }); + const grantAccessToRole = async ( database, createRoleQuery, @@ -2196,6 +2204,18 @@ describe('Spanner', () => { await new Promise(resolve => setTimeout(resolve, 60000)); }); + it('POSTGRESQL should grant access to a user defined role', async function () { + if (IS_EMULATOR_ENABLED) { + this.skip(); + } + await grantAccessToRole( + PG_DATABASE, + 'CREATE ROLE child', + 'GRANT SELECT ON TABLE Singers TO ROLE child' + ); + await new Promise(resolve => setTimeout(resolve, 60000)); + }); + const userDefinedDatabaseRoleRevoked = async ( database, createRoleQuery, @@ -2238,6 +2258,19 @@ describe('Spanner', () => { await new Promise(resolve => setTimeout(resolve, 60000)); }); + it('POSTGRESQL should revoke permissions of a user defined role', async function () { + if (IS_EMULATOR_ENABLED) { + this.skip(); + } + await userDefinedDatabaseRoleRevoked( + PG_DATABASE, + 'CREATE ROLE orphan', + 'GRANT SELECT ON TABLE Singers TO ROLE orphan', + 'REVOKE SELECT ON TABLE Singers FROM ROLE orphan' + ); + await new Promise(resolve => setTimeout(resolve, 60000)); + }); + const userDefinedDatabaseRoleDropped = async ( database, createRoleQuery, @@ -2277,6 +2310,18 @@ describe('Spanner', () => { await new Promise(resolve => setTimeout(resolve, 60000)); }); + it('POSTGRESQL should drop the user defined role', async function () { + if (IS_EMULATOR_ENABLED) { + this.skip(); + } + await userDefinedDatabaseRoleDropped( + PG_DATABASE, + 'CREATE ROLE new_parent', + 'DROP ROLE new_parent' + ); + await new Promise(resolve => setTimeout(resolve, 60000)); + }); + const grantAccessSuccess = (done, database) => { const id = 7; database.updateSchema( @@ -2318,6 +2363,13 @@ describe('Spanner', () => { grantAccessSuccess(done, DATABASE); }); + it('POSTGRESQL should run query with access granted', function (done) { + if (IS_EMULATOR_ENABLED) { + this.skip(); + } + grantAccessSuccess(done, PG_DATABASE); + }); + const grantAccessFailure = (done, database) => { const id = 8; database.updateSchema( @@ -2359,6 +2411,13 @@ describe('Spanner', () => { grantAccessFailure(done, DATABASE); }); + it('POSTGRESQL should fail run query due to no access granted', function (done) { + if (IS_EMULATOR_ENABLED) { + this.skip(); + } + grantAccessFailure(done, PG_DATABASE); + }); + const listDatabaseRoles = async database => { const [updateRole] = await database.updateSchema([ 'CREATE ROLE new_parent', @@ -2383,6 +2442,13 @@ describe('Spanner', () => { await listDatabaseRoles(DATABASE); }); + it('POSTGRESQL should list database roles', async function () { + if (IS_EMULATOR_ENABLED) { + this.skip(); + } + await listDatabaseRoles(PG_DATABASE); + }); + const getIamPolicy = (done, database) => { database.getIamPolicy((err, policy) => { assert.ifError(err); From 1f2509cb166f2f01dff2339ac6a339cf12b081e9 Mon Sep 17 00:00:00 2001 From: Astha Mohta Date: Tue, 6 Jun 2023 11:15:02 +0530 Subject: [PATCH 2/3] changes --- system-test/spanner.ts | 44 ++++++++++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 17 deletions(-) diff --git a/system-test/spanner.ts b/system-test/spanner.ts index 65e845d1e..0210ae22a 100644 --- a/system-test/spanner.ts +++ b/system-test/spanner.ts @@ -2211,7 +2211,7 @@ describe('Spanner', () => { await grantAccessToRole( PG_DATABASE, 'CREATE ROLE child', - 'GRANT SELECT ON TABLE Singers TO ROLE child' + 'GRANT SELECT ON TABLE Singers TO child' ); await new Promise(resolve => setTimeout(resolve, 60000)); }); @@ -2265,8 +2265,8 @@ describe('Spanner', () => { await userDefinedDatabaseRoleRevoked( PG_DATABASE, 'CREATE ROLE orphan', - 'GRANT SELECT ON TABLE Singers TO ROLE orphan', - 'REVOKE SELECT ON TABLE Singers FROM ROLE orphan' + 'GRANT SELECT ON TABLE Singers TO orphan', + 'REVOKE SELECT ON TABLE Singers FROM orphan' ); await new Promise(resolve => setTimeout(resolve, 60000)); }); @@ -2322,13 +2322,10 @@ describe('Spanner', () => { await new Promise(resolve => setTimeout(resolve, 60000)); }); - const grantAccessSuccess = (done, database) => { + const grantAccessSuccess = (done, database, grantPermissionQuery) => { const id = 7; database.updateSchema( - [ - 'CREATE ROLE read_access', - 'GRANT SELECT ON TABLE Singers TO ROLE read_access', - ], + ['CREATE ROLE read_access', grantPermissionQuery], execAfterOperationComplete(async err => { assert.ifError(err); const table = database.table('Singers'); @@ -2360,23 +2357,28 @@ describe('Spanner', () => { if (IS_EMULATOR_ENABLED) { this.skip(); } - grantAccessSuccess(done, DATABASE); + grantAccessSuccess( + done, + DATABASE, + 'GRANT SELECT ON TABLE Singers TO ROLE read_access' + ); }); it('POSTGRESQL should run query with access granted', function (done) { if (IS_EMULATOR_ENABLED) { this.skip(); } - grantAccessSuccess(done, PG_DATABASE); + grantAccessSuccess( + done, + PG_DATABASE, + 'GRANT SELECT ON TABLE Singers TO read_access' + ); }); - const grantAccessFailure = (done, database) => { + const grantAccessFailure = (done, database, grantPermissionQuery) => { const id = 8; database.updateSchema( - [ - 'CREATE ROLE write_access', - 'GRANT INSERT ON TABLE Singers TO ROLE write_access', - ], + ['CREATE ROLE write_access', grantPermissionQuery], execAfterOperationComplete(async err => { assert.ifError(err); const table = database.table('Singers'); @@ -2408,14 +2410,22 @@ describe('Spanner', () => { if (IS_EMULATOR_ENABLED) { this.skip(); } - grantAccessFailure(done, DATABASE); + grantAccessFailure( + done, + DATABASE, + 'GRANT INSERT ON TABLE Singers TO ROLE write_access' + ); }); it('POSTGRESQL should fail run query due to no access granted', function (done) { if (IS_EMULATOR_ENABLED) { this.skip(); } - grantAccessFailure(done, PG_DATABASE); + grantAccessFailure( + done, + PG_DATABASE, + 'GRANT INSERT ON TABLE Singers TO write_access' + ); }); const listDatabaseRoles = async database => { From ed37dfe81af52b8eff4a775b033d60d4f70a8ee3 Mon Sep 17 00:00:00 2001 From: Astha Mohta Date: Tue, 6 Jun 2023 12:49:44 +0530 Subject: [PATCH 3/3] changes --- system-test/spanner.ts | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/system-test/spanner.ts b/system-test/spanner.ts index 3d1ed4fbb..2d4ad2aef 100644 --- a/system-test/spanner.ts +++ b/system-test/spanner.ts @@ -2259,7 +2259,7 @@ describe('Spanner', () => { await grantAccessToRole( PG_DATABASE, 'CREATE ROLE child', - 'GRANT SELECT ON TABLE Singers TO child' + 'GRANT SELECT ON TABLE singers TO child' ); await new Promise(resolve => setTimeout(resolve, 60000)); }); @@ -2313,8 +2313,8 @@ describe('Spanner', () => { await userDefinedDatabaseRoleRevoked( PG_DATABASE, 'CREATE ROLE orphan', - 'GRANT SELECT ON TABLE Singers TO orphan', - 'REVOKE SELECT ON TABLE Singers FROM orphan' + 'GRANT SELECT ON TABLE singers TO orphan', + 'REVOKE SELECT ON TABLE singers FROM orphan' ); await new Promise(resolve => setTimeout(resolve, 60000)); }); @@ -2419,7 +2419,7 @@ describe('Spanner', () => { grantAccessSuccess( done, PG_DATABASE, - 'GRANT SELECT ON TABLE Singers TO read_access' + 'GRANT SELECT ON TABLE singers TO read_access' ); }); @@ -2472,7 +2472,7 @@ describe('Spanner', () => { grantAccessFailure( done, PG_DATABASE, - 'GRANT INSERT ON TABLE Singers TO write_access' + 'GRANT INSERT ON TABLE singers TO write_access' ); });