def test_user_connect_access(self):
admin = CLI(creds)
try:
user = "******"
db = "test_db"
userdb = Expect(creds)
admin.execute_template("sql/user.sql.tpl",
USER=user,
PASSWORD=Expect.TMP_PASSWORD)
userdb.expect_connect(db, user,
'FATAL: permission denied for database')
admin.execute_template("sql/user_connect.sql.tpl",
APP_DATABASE=db,
USER=user)
userdb.expect_connect(db, user)
admin_on_test_db = Expect({**creds, **{"PGDATABASE": db}})
admin_on_test_db.match_results(
"sql/query_permissions.sql.tpl",
"results/test_user_connect_access/perms.txt",
USER='******')
admin_on_test_db.close()
userdb.close()
finally:
admin.close()
def test_set_search_path(self):
admin = Expect(creds)
try:
databases = ['orig_db']
for db in databases:
admin.execute("CREATE DATABASE %s;" % db, True)
admin.execute_template(
"sql/original_db_prep.sql",
APP_DATABASE=db,
POSTGRES_APP_USERNAME='******' % db,
POSTGRES_APP_PASSWORD=Expect.TMP_PASSWORD)
admin_on_db = Expect({**creds, **{"PGDATABASE": db}})
admin_on_db.execute_template(
"sql/original_db_setup.sql",
APP_DATABASE=db,
WORKSPACE=db,
POSTGRES_APP_PASSWORD=Expect.TMP_PASSWORD)
admin_on_db.execute_template("sql/original_db_user_setup.sql",
WORKSPACE=db,
USER='******' % db,
PASSWORD=Expect.TMP_PASSWORD)
admin_on_db.close()
admin.execute(
"ALTER DATABASE %s SET search_path = working_data" % db,
True)
enduser_on_db = Expect({
**creds,
**{
"PGDATABASE": db,
"PGUSER": "******" % db,
"PGPASSWORD": Expect.TMP_PASSWORD
}
})
enduser_on_db.match_results(
'sql/query_search_path.sql',
'results/test_set_search_path/results.txt')
enduser_on_db.close()
finally:
admin.close()
def test_single_project(self):
admin = CLI(creds)
try:
db = "test_db"
prep_db = Expect({**creds, **{"PGDATABASE": db}})
prep_db.execute_template("sql/test_data_project.sql.tpl")
prep_db.close()
user = Expect({
**creds,
**{
"PGUSER": '******',
"PGDATABASE": db,
"PGPASSWORD": Expect.TMP_PASSWORD
}
})
user.expect_execute("SELECT * from pg_settings",
'permission denied for relation pg_settings')
user.expect_success("SELECT * from protected_data.table_1")
user.expect_execute(
"CREATE TABLE protected_data.table_2 (name varchar(20));",
'permission denied for schema protected_data')
user.expect_success(
"CREATE TABLE working_data.table_2 (name varchar(20));")
admin_on_test_db = Expect({**creds, **{"PGDATABASE": db}})
admin_on_test_db.match_results(
"sql/query_permissions.sql.tpl",
'results/test_single_project/perms.txt',
USER='******')
admin_on_test_db.close()
user.close()
finally:
admin.close()
def test_incremental_user_access(self):
db = "test_db"
admin_on_test_db = CLI({**creds, **{"PGDATABASE": db}})
try:
prep_db = Expect({**creds, **{"PGDATABASE": db}})
prep_db.execute_template("sql/test_data_project.sql.tpl")
user = "******"
admin_on_test_db.execute_template("sql/user.sql.tpl",
USER=user,
PASSWORD=Expect.TMP_PASSWORD)
prep_db.expect_connect(db, user,
'User does not have CONNECT privilege.')
admin_on_test_db.execute_template("sql/user_connect.sql.tpl",
APP_DATABASE=db,
USER=user)
user_db = Expect({
**creds,
**{
"PGUSER": user,
"PGDATABASE": db,
"PGPASSWORD": Expect.TMP_PASSWORD
}
})
user_db.expect_execute(
"SELECT * from pg_settings",
'permission denied for relation pg_settings')
user_db.expect_execute(
"SELECT * from protected_data.table_1",
'permission denied for schema protected_data')
admin_on_test_db.execute_template("sql/setup_user.sql.tpl",
WORKSPACE=db,
USER=user)
user_db.expect_success("SELECT * from protected_data.table_1")
user_db.expect_execute(
"CREATE TABLE protected_data.table_2 (name varchar(20));",
'permission denied for schema protected_data')
user_db.expect_execute(
"CREATE TABLE working_data.table_2 (name varchar(20));",
'permission denied for schema pg_catalog')
admin_on_test_db.execute_template("sql/setup_user_2.sql.tpl",
WORKSPACE=db,
USER=user)
user_db.expect_success(
"CREATE TABLE working_data.table_2 (name varchar(20));")
prep_db.match_results(
"sql/query_permissions.sql.tpl",
'results/test_incremental_user_access/perms.txt',
USER=user)
user_db.close()
prep_db.close()
finally:
admin_on_test_db.close()