Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: testing for fgac in pg #1811

Merged
merged 5 commits into from
Jun 6, 2023
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
100 changes: 88 additions & 12 deletions system-test/spanner.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2214,6 +2214,14 @@ describe('Spanner', () => {
await new Promise(resolve => setTimeout(resolve, 60000));
});

it('POSTGRESQL should create a user defined role', async function () {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
await createUserDefinedDatabaseRole(PG_DATABASE, 'CREATE ROLE parent');
await new Promise(resolve => setTimeout(resolve, 60000));
});

const grantAccessToRole = async (
database,
createRoleQuery,
Expand Down Expand Up @@ -2244,6 +2252,18 @@ describe('Spanner', () => {
await new Promise(resolve => setTimeout(resolve, 60000));
});

it('POSTGRESQL should grant access to a user defined role', async function () {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
await grantAccessToRole(
PG_DATABASE,
'CREATE ROLE child',
'GRANT SELECT ON TABLE singers TO child'
);
await new Promise(resolve => setTimeout(resolve, 60000));
});

const userDefinedDatabaseRoleRevoked = async (
database,
createRoleQuery,
Expand Down Expand Up @@ -2286,6 +2306,19 @@ describe('Spanner', () => {
await new Promise(resolve => setTimeout(resolve, 60000));
});

it('POSTGRESQL should revoke permissions of a user defined role', async function () {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
await userDefinedDatabaseRoleRevoked(
PG_DATABASE,
'CREATE ROLE orphan',
'GRANT SELECT ON TABLE singers TO orphan',
'REVOKE SELECT ON TABLE singers FROM orphan'
);
await new Promise(resolve => setTimeout(resolve, 60000));
});

const userDefinedDatabaseRoleDropped = async (
database,
createRoleQuery,
Expand Down Expand Up @@ -2325,13 +2358,22 @@ describe('Spanner', () => {
await new Promise(resolve => setTimeout(resolve, 60000));
});

const grantAccessSuccess = (done, database) => {
it('POSTGRESQL should drop the user defined role', async function () {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
await userDefinedDatabaseRoleDropped(
PG_DATABASE,
'CREATE ROLE new_parent',
'DROP ROLE new_parent'
);
await new Promise(resolve => setTimeout(resolve, 60000));
});

const grantAccessSuccess = (done, database, grantPermissionQuery) => {
const id = 7;
database.updateSchema(
[
'CREATE ROLE read_access',
'GRANT SELECT ON TABLE Singers TO ROLE read_access',
],
['CREATE ROLE read_access', grantPermissionQuery],
execAfterOperationComplete(async err => {
assert.ifError(err);
const table = database.table('Singers');
Expand Down Expand Up @@ -2363,16 +2405,28 @@ describe('Spanner', () => {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
grantAccessSuccess(done, DATABASE);
grantAccessSuccess(
done,
DATABASE,
'GRANT SELECT ON TABLE Singers TO ROLE read_access'
);
});

it('POSTGRESQL should run query with access granted', function (done) {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
grantAccessSuccess(
done,
PG_DATABASE,
'GRANT SELECT ON TABLE singers TO read_access'
);
});

const grantAccessFailure = (done, database) => {
const grantAccessFailure = (done, database, grantPermissionQuery) => {
const id = 8;
database.updateSchema(
[
'CREATE ROLE write_access',
'GRANT INSERT ON TABLE Singers TO ROLE write_access',
],
['CREATE ROLE write_access', grantPermissionQuery],
execAfterOperationComplete(async err => {
assert.ifError(err);
const table = database.table('Singers');
Expand Down Expand Up @@ -2404,7 +2458,22 @@ describe('Spanner', () => {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
grantAccessFailure(done, DATABASE);
grantAccessFailure(
done,
DATABASE,
'GRANT INSERT ON TABLE Singers TO ROLE write_access'
);
});

it('POSTGRESQL should fail run query due to no access granted', function (done) {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
grantAccessFailure(
done,
PG_DATABASE,
'GRANT INSERT ON TABLE singers TO write_access'
);
});

const listDatabaseRoles = async database => {
Expand All @@ -2431,6 +2500,13 @@ describe('Spanner', () => {
await listDatabaseRoles(DATABASE);
});

it('POSTGRESQL should list database roles', async function () {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
await listDatabaseRoles(PG_DATABASE);
});

const getIamPolicy = (done, database) => {
database.getIamPolicy((err, policy) => {
assert.ifError(err);
Expand Down