def test_user_connect_access(self): admin = CLI(creds) try: user = "******" db = "test_db" userdb = Expect(creds) admin.execute_template("sql/user.sql.tpl", USER=user, PASSWORD=Expect.TMP_PASSWORD) userdb.expect_connect(db, user, 'FATAL: permission denied for database') admin.execute_template("sql/user_connect.sql.tpl", APP_DATABASE=db, USER=user) userdb.expect_connect(db, user) admin_on_test_db = Expect({**creds, **{"PGDATABASE": db}}) admin_on_test_db.match_results( "sql/query_permissions.sql.tpl", "results/test_user_connect_access/perms.txt", USER='******') admin_on_test_db.close() userdb.close() finally: admin.close()
def test_set_search_path(self): admin = Expect(creds) try: databases = ['orig_db'] for db in databases: admin.execute("CREATE DATABASE %s;" % db, True) admin.execute_template( "sql/original_db_prep.sql", APP_DATABASE=db, POSTGRES_APP_USERNAME='******' % db, POSTGRES_APP_PASSWORD=Expect.TMP_PASSWORD) admin_on_db = Expect({**creds, **{"PGDATABASE": db}}) admin_on_db.execute_template( "sql/original_db_setup.sql", APP_DATABASE=db, WORKSPACE=db, POSTGRES_APP_PASSWORD=Expect.TMP_PASSWORD) admin_on_db.execute_template("sql/original_db_user_setup.sql", WORKSPACE=db, USER='******' % db, PASSWORD=Expect.TMP_PASSWORD) admin_on_db.close() admin.execute( "ALTER DATABASE %s SET search_path = working_data" % db, True) enduser_on_db = Expect({ **creds, **{ "PGDATABASE": db, "PGUSER": "******" % db, "PGPASSWORD": Expect.TMP_PASSWORD } }) enduser_on_db.match_results( 'sql/query_search_path.sql', 'results/test_set_search_path/results.txt') enduser_on_db.close() finally: admin.close()
def test_single_project(self): admin = CLI(creds) try: db = "test_db" prep_db = Expect({**creds, **{"PGDATABASE": db}}) prep_db.execute_template("sql/test_data_project.sql.tpl") prep_db.close() user = Expect({ **creds, **{ "PGUSER": '******', "PGDATABASE": db, "PGPASSWORD": Expect.TMP_PASSWORD } }) user.expect_execute("SELECT * from pg_settings", 'permission denied for relation pg_settings') user.expect_success("SELECT * from protected_data.table_1") user.expect_execute( "CREATE TABLE protected_data.table_2 (name varchar(20));", 'permission denied for schema protected_data') user.expect_success( "CREATE TABLE working_data.table_2 (name varchar(20));") admin_on_test_db = Expect({**creds, **{"PGDATABASE": db}}) admin_on_test_db.match_results( "sql/query_permissions.sql.tpl", 'results/test_single_project/perms.txt', USER='******') admin_on_test_db.close() user.close() finally: admin.close()
def test_incremental_user_access(self): db = "test_db" admin_on_test_db = CLI({**creds, **{"PGDATABASE": db}}) try: prep_db = Expect({**creds, **{"PGDATABASE": db}}) prep_db.execute_template("sql/test_data_project.sql.tpl") user = "******" admin_on_test_db.execute_template("sql/user.sql.tpl", USER=user, PASSWORD=Expect.TMP_PASSWORD) prep_db.expect_connect(db, user, 'User does not have CONNECT privilege.') admin_on_test_db.execute_template("sql/user_connect.sql.tpl", APP_DATABASE=db, USER=user) user_db = Expect({ **creds, **{ "PGUSER": user, "PGDATABASE": db, "PGPASSWORD": Expect.TMP_PASSWORD } }) user_db.expect_execute( "SELECT * from pg_settings", 'permission denied for relation pg_settings') user_db.expect_execute( "SELECT * from protected_data.table_1", 'permission denied for schema protected_data') admin_on_test_db.execute_template("sql/setup_user.sql.tpl", WORKSPACE=db, USER=user) user_db.expect_success("SELECT * from protected_data.table_1") user_db.expect_execute( "CREATE TABLE protected_data.table_2 (name varchar(20));", 'permission denied for schema protected_data') user_db.expect_execute( "CREATE TABLE working_data.table_2 (name varchar(20));", 'permission denied for schema pg_catalog') admin_on_test_db.execute_template("sql/setup_user_2.sql.tpl", WORKSPACE=db, USER=user) user_db.expect_success( "CREATE TABLE working_data.table_2 (name varchar(20));") prep_db.match_results( "sql/query_permissions.sql.tpl", 'results/test_incremental_user_access/perms.txt', USER=user) user_db.close() prep_db.close() finally: admin_on_test_db.close()