def test_user_connect_access(self): admin = CLI(creds) try: user = "******" db = "test_db" userdb = Expect(creds) admin.execute_template("sql/user.sql.tpl", USER=user, PASSWORD=Expect.TMP_PASSWORD) userdb.expect_connect(db, user, 'FATAL: permission denied for database') admin.execute_template("sql/user_connect.sql.tpl", APP_DATABASE=db, USER=user) userdb.expect_connect(db, user) admin_on_test_db = Expect({**creds, **{"PGDATABASE": db}}) admin_on_test_db.match_results( "sql/query_permissions.sql.tpl", "results/test_user_connect_access/perms.txt", USER='******') admin_on_test_db.close() userdb.close() finally: admin.close()
def test_cross_project_granting_access_without_connect(self): con = Expect(creds) try: con.expect_connect('test_db', 'project_1_user_1', 'User does not have CONNECT privilege') finally: con.close() return self
def test_cross_project_connect_to_database(self): admin = Expect(creds) try: admin.expect_connect('test_db', 'project_1_user_1', 'User does not have CONNECT privilege.') admin.expect_connect('project_1', 'project_1_user_1') finally: admin.close() return self
def test_incremental_user_access(self): db = "test_db" admin_on_test_db = CLI({**creds, **{"PGDATABASE": db}}) try: prep_db = Expect({**creds, **{"PGDATABASE": db}}) prep_db.execute_template("sql/test_data_project.sql.tpl") user = "******" admin_on_test_db.execute_template("sql/user.sql.tpl", USER=user, PASSWORD=Expect.TMP_PASSWORD) prep_db.expect_connect(db, user, 'User does not have CONNECT privilege.') admin_on_test_db.execute_template("sql/user_connect.sql.tpl", APP_DATABASE=db, USER=user) user_db = Expect({ **creds, **{ "PGUSER": user, "PGDATABASE": db, "PGPASSWORD": Expect.TMP_PASSWORD } }) user_db.expect_execute( "SELECT * from pg_settings", 'permission denied for relation pg_settings') user_db.expect_execute( "SELECT * from protected_data.table_1", 'permission denied for schema protected_data') admin_on_test_db.execute_template("sql/setup_user.sql.tpl", WORKSPACE=db, USER=user) user_db.expect_success("SELECT * from protected_data.table_1") user_db.expect_execute( "CREATE TABLE protected_data.table_2 (name varchar(20));", 'permission denied for schema protected_data') user_db.expect_execute( "CREATE TABLE working_data.table_2 (name varchar(20));", 'permission denied for schema pg_catalog') admin_on_test_db.execute_template("sql/setup_user_2.sql.tpl", WORKSPACE=db, USER=user) user_db.expect_success( "CREATE TABLE working_data.table_2 (name varchar(20));") prep_db.match_results( "sql/query_permissions.sql.tpl", 'results/test_incremental_user_access/perms.txt', USER=user) user_db.close() prep_db.close() finally: admin_on_test_db.close()