Skip to content

Commit

Permalink
feat: testing for fgac in pg (#1811)
Browse files Browse the repository at this point in the history
  • Loading branch information
asthamohta authored Jun 6, 2023
1 parent d1fc0b9 commit c48945f
Showing 1 changed file with 88 additions and 12 deletions.
100 changes: 88 additions & 12 deletions system-test/spanner.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2214,6 +2214,14 @@ describe('Spanner', () => {
await new Promise(resolve => setTimeout(resolve, 60000));
});

it('POSTGRESQL should create a user defined role', async function () {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
await createUserDefinedDatabaseRole(PG_DATABASE, 'CREATE ROLE parent');
await new Promise(resolve => setTimeout(resolve, 60000));
});

const grantAccessToRole = async (
database,
createRoleQuery,
Expand Down Expand Up @@ -2244,6 +2252,18 @@ describe('Spanner', () => {
await new Promise(resolve => setTimeout(resolve, 60000));
});

it('POSTGRESQL should grant access to a user defined role', async function () {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
await grantAccessToRole(
PG_DATABASE,
'CREATE ROLE child',
'GRANT SELECT ON TABLE singers TO child'
);
await new Promise(resolve => setTimeout(resolve, 60000));
});

const userDefinedDatabaseRoleRevoked = async (
database,
createRoleQuery,
Expand Down Expand Up @@ -2286,6 +2306,19 @@ describe('Spanner', () => {
await new Promise(resolve => setTimeout(resolve, 60000));
});

it('POSTGRESQL should revoke permissions of a user defined role', async function () {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
await userDefinedDatabaseRoleRevoked(
PG_DATABASE,
'CREATE ROLE orphan',
'GRANT SELECT ON TABLE singers TO orphan',
'REVOKE SELECT ON TABLE singers FROM orphan'
);
await new Promise(resolve => setTimeout(resolve, 60000));
});

const userDefinedDatabaseRoleDropped = async (
database,
createRoleQuery,
Expand Down Expand Up @@ -2325,13 +2358,22 @@ describe('Spanner', () => {
await new Promise(resolve => setTimeout(resolve, 60000));
});

const grantAccessSuccess = (done, database) => {
it('POSTGRESQL should drop the user defined role', async function () {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
await userDefinedDatabaseRoleDropped(
PG_DATABASE,
'CREATE ROLE new_parent',
'DROP ROLE new_parent'
);
await new Promise(resolve => setTimeout(resolve, 60000));
});

const grantAccessSuccess = (done, database, grantPermissionQuery) => {
const id = 7;
database.updateSchema(
[
'CREATE ROLE read_access',
'GRANT SELECT ON TABLE Singers TO ROLE read_access',
],
['CREATE ROLE read_access', grantPermissionQuery],
execAfterOperationComplete(async err => {
assert.ifError(err);
const table = database.table('Singers');
Expand Down Expand Up @@ -2363,16 +2405,28 @@ describe('Spanner', () => {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
grantAccessSuccess(done, DATABASE);
grantAccessSuccess(
done,
DATABASE,
'GRANT SELECT ON TABLE Singers TO ROLE read_access'
);
});

it('POSTGRESQL should run query with access granted', function (done) {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
grantAccessSuccess(
done,
PG_DATABASE,
'GRANT SELECT ON TABLE singers TO read_access'
);
});

const grantAccessFailure = (done, database) => {
const grantAccessFailure = (done, database, grantPermissionQuery) => {
const id = 8;
database.updateSchema(
[
'CREATE ROLE write_access',
'GRANT INSERT ON TABLE Singers TO ROLE write_access',
],
['CREATE ROLE write_access', grantPermissionQuery],
execAfterOperationComplete(async err => {
assert.ifError(err);
const table = database.table('Singers');
Expand Down Expand Up @@ -2404,7 +2458,22 @@ describe('Spanner', () => {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
grantAccessFailure(done, DATABASE);
grantAccessFailure(
done,
DATABASE,
'GRANT INSERT ON TABLE Singers TO ROLE write_access'
);
});

it('POSTGRESQL should fail run query due to no access granted', function (done) {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
grantAccessFailure(
done,
PG_DATABASE,
'GRANT INSERT ON TABLE singers TO write_access'
);
});

const listDatabaseRoles = async database => {
Expand All @@ -2431,6 +2500,13 @@ describe('Spanner', () => {
await listDatabaseRoles(DATABASE);
});

it('POSTGRESQL should list database roles', async function () {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
await listDatabaseRoles(PG_DATABASE);
});

const getIamPolicy = (done, database) => {
database.getIamPolicy((err, policy) => {
assert.ifError(err);
Expand Down

0 comments on commit c48945f

Please sign in to comment.