|
1 | 1 | /* |
2 | 2 |
|
3 | | -Test to verify supautils (v3.0.0+) allows non-superuser postgres role to own FDWs. |
| 3 | +Test to verify supautils (v3.0.0+) allows non-superuser postgres role to use postgres_fdw. |
4 | 4 |
|
5 | | -This test ensures that the supautils extension properly handles FDW ownership |
| 5 | +This test ensures that the supautils extension properly handles FDW usage |
6 | 6 | for the privileged postgres role without requiring temporary superuser privileges. |
7 | 7 |
|
8 | 8 | This verifies the fix that eliminated the need for: |
9 | | -ansible/files/postgresql_extension_custom_scripts/postgres_fdw/after-create.sql (removed) |
| 9 | +https://github.com/supabase/postgres/blob/a638c6fce0baf90b654e762eddcdac1bc8df01ee/ansible/files/postgresql_extension_custom_scripts/postgres_fdw/after-create.sql (removed) |
10 | 10 |
|
11 | 11 | */ |
12 | 12 |
|
13 | | -BEGIN; |
| 13 | +begin; |
14 | 14 |
|
15 | 15 | -- Switch to the postgres role (non-superuser) to test supautils behavior |
16 | | -SET ROLE postgres; |
17 | | - |
18 | | --- Test 1: Create a custom FDW directly (this is what supautils v3.0.0 fixes) |
19 | | --- Before v3.0.0, this would fail because only superusers can create FDWs |
20 | | --- With v3.0.0, supautils allows postgres (privileged role) to create and own FDWs |
21 | | -CREATE FOREIGN DATA WRAPPER test_fdw_postgres_owned; |
22 | | - |
23 | | --- Reset to original role for queries because the tests run under a superuser context |
24 | | -RESET ROLE; |
25 | | - |
26 | | --- Verify that the custom FDW is owned by postgres (non-superuser) |
27 | | -SELECT |
28 | | - fdw.fdwname as fdw_name, |
29 | | - owner.rolname as owner_name, |
30 | | - owner.rolsuper as owner_is_superuser |
31 | | -FROM |
32 | | - pg_foreign_data_wrapper fdw |
33 | | - JOIN pg_roles owner ON fdw.fdwowner = owner.oid |
34 | | -WHERE |
35 | | - fdw.fdwname = 'test_fdw_postgres_owned'; |
36 | | - |
37 | | --- Verify the postgres role's superuser status |
38 | | --- The key test: postgres should NOT be a superuser, yet can own the FDW |
39 | | -SELECT |
40 | | - rolname, |
41 | | - rolsuper as is_superuser |
42 | | -FROM |
43 | | - pg_roles |
44 | | -WHERE |
45 | | - rolname = 'postgres'; |
46 | | - |
47 | | -ROLLBACK; |
| 16 | +set role postgres; |
| 17 | + |
| 18 | +-- Create the ext, which creates the FDW |
| 19 | +create extension postgres_fdw; |
| 20 | + |
| 21 | +-- It should be owned by the superuser |
| 22 | +select fdwowner::regrole from pg_foreign_data_wrapper where fdwname = 'postgres_fdw'; |
| 23 | + |
| 24 | +-- Verify that `postgres` can use the FDW despite not owning it |
| 25 | +create server s |
| 26 | + foreign data wrapper postgres_fdw |
| 27 | + options ( |
| 28 | + host '127.0.0.1', |
| 29 | + port '5432', |
| 30 | + dbname 'postgres' |
| 31 | + ); |
| 32 | + |
| 33 | +rollback; |
0 commit comments