Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: testing for fgac in pg #1811

Merged
merged 5 commits into from Jun 6, 2023
Merged

feat: testing for fgac in pg #1811

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
4f75a68
feat: fgac pg testing
asthamohta Feb 23, 2023
1f2509c
changes
asthamohta Jun 6, 2023
74db758
Merge branch 'main' into fgac-pg
asthamohta Jun 6, 2023
2a3f171
Merge branch 'fgac-pg' of github.com:asthamohta/nodejs-spanner into f…
asthamohta Jun 6, 2023
ed37dfe
changes
asthamohta Jun 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
100 changes: 88 additions & 12 deletions system-test/spanner.ts
View file
Open in desktop
Expand Up @@ -2214,6 +2214,14 @@ describe('Spanner', () => {
await new Promise(resolve => setTimeout(resolve, 60000));
});

it('POSTGRESQL should create a user defined role', async function () {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
await createUserDefinedDatabaseRole(PG_DATABASE, 'CREATE ROLE parent');
await new Promise(resolve => setTimeout(resolve, 60000));
});

const grantAccessToRole = async (
database,
createRoleQuery,
Expand Down Expand Up @@ -2244,6 +2252,18 @@ describe('Spanner', () => {
await new Promise(resolve => setTimeout(resolve, 60000));
});

it('POSTGRESQL should grant access to a user defined role', async function () {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
await grantAccessToRole(
PG_DATABASE,
'CREATE ROLE child',
'GRANT SELECT ON TABLE singers TO child'
);
await new Promise(resolve => setTimeout(resolve, 60000));
});

const userDefinedDatabaseRoleRevoked = async (
database,
createRoleQuery,
Expand Down Expand Up @@ -2286,6 +2306,19 @@ describe('Spanner', () => {
await new Promise(resolve => setTimeout(resolve, 60000));
});

it('POSTGRESQL should revoke permissions of a user defined role', async function () {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
await userDefinedDatabaseRoleRevoked(
PG_DATABASE,
'CREATE ROLE orphan',
'GRANT SELECT ON TABLE singers TO orphan',
'REVOKE SELECT ON TABLE singers FROM orphan'
);
await new Promise(resolve => setTimeout(resolve, 60000));
});

const userDefinedDatabaseRoleDropped = async (
database,
createRoleQuery,
Expand Down Expand Up @@ -2325,13 +2358,22 @@ describe('Spanner', () => {
await new Promise(resolve => setTimeout(resolve, 60000));
});

const grantAccessSuccess = (done, database) => {
it('POSTGRESQL should drop the user defined role', async function () {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
await userDefinedDatabaseRoleDropped(
PG_DATABASE,
'CREATE ROLE new_parent',
'DROP ROLE new_parent'
);
await new Promise(resolve => setTimeout(resolve, 60000));
});

const grantAccessSuccess = (done, database, grantPermissionQuery) => {
const id = 7;
database.updateSchema(
[
'CREATE ROLE read_access',
'GRANT SELECT ON TABLE Singers TO ROLE read_access',
],
['CREATE ROLE read_access', grantPermissionQuery],
execAfterOperationComplete(async err => {
assert.ifError(err);
const table = database.table('Singers');
Expand Down Expand Up @@ -2363,16 +2405,28 @@ describe('Spanner', () => {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
grantAccessSuccess(done, DATABASE);
grantAccessSuccess(
done,
DATABASE,
'GRANT SELECT ON TABLE Singers TO ROLE read_access'
);
});

it('POSTGRESQL should run query with access granted', function (done) {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
grantAccessSuccess(
done,
PG_DATABASE,
'GRANT SELECT ON TABLE singers TO read_access'
);
});

const grantAccessFailure = (done, database) => {
const grantAccessFailure = (done, database, grantPermissionQuery) => {
const id = 8;
database.updateSchema(
[
'CREATE ROLE write_access',
'GRANT INSERT ON TABLE Singers TO ROLE write_access',
],
['CREATE ROLE write_access', grantPermissionQuery],
execAfterOperationComplete(async err => {
assert.ifError(err);
const table = database.table('Singers');
Expand Down Expand Up @@ -2404,7 +2458,22 @@ describe('Spanner', () => {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
grantAccessFailure(done, DATABASE);
grantAccessFailure(
done,
DATABASE,
'GRANT INSERT ON TABLE Singers TO ROLE write_access'
);
});

it('POSTGRESQL should fail run query due to no access granted', function (done) {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
grantAccessFailure(
done,
PG_DATABASE,
'GRANT INSERT ON TABLE singers TO write_access'
);
});

const listDatabaseRoles = async database => {
Expand All @@ -2431,6 +2500,13 @@ describe('Spanner', () => {
await listDatabaseRoles(DATABASE);
});

it('POSTGRESQL should list database roles', async function () {
if (IS_EMULATOR_ENABLED) {
this.skip();
}
await listDatabaseRoles(PG_DATABASE);
});

const getIamPolicy = (done, database) => {
database.getIamPolicy((err, policy) => {
assert.ifError(err);
Expand Down