mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-09-30 13:51:23 +02:00
18555b1323
To ensure that "make installcheck" can be used safely against an existing installation, we need to be careful about what global object names (database, role, and tablespace names) we use; otherwise we might accidentally clobber important objects. There's been a weak consensus that test databases should have names including "regression", and that test role names should start with "regress_", but we didn't have any particular rule about tablespace names; and neither of the other rules was followed with any consistency either. This commit moves us a long way towards having a hard-and-fast rule that regression test databases must have names including "regression", and that test role and tablespace names must start with "regress_". It's not completely there because I did not touch some test cases in rolenames.sql that test creation of special role names like "session_user". That will require some rethinking of exactly what we want to test, whereas the intent of this patch is just to hit all the cases in which the needed renamings are cosmetic. There is no enforcement mechanism in this patch either, but if we don't add one we can expect that the tests will soon be violating the convention again. Again, that's not such a cosmetic change and it will require discussion. (But I did use a quick-hack enforcement patch to find these cases.) Discussion: <16638.1468620817@sss.pgh.pa.us>
45 lines
1.9 KiB
Plaintext
45 lines
1.9 KiB
Plaintext
--
|
|
-- Test for facilities of security label
|
|
--
|
|
-- initial setups
|
|
SET client_min_messages TO 'warning';
|
|
DROP ROLE IF EXISTS regress_seclabel_user1;
|
|
DROP ROLE IF EXISTS regress_seclabel_user2;
|
|
RESET client_min_messages;
|
|
CREATE USER regress_seclabel_user1 WITH CREATEROLE;
|
|
CREATE USER regress_seclabel_user2;
|
|
CREATE TABLE seclabel_tbl1 (a int, b text);
|
|
CREATE TABLE seclabel_tbl2 (x int, y text);
|
|
CREATE VIEW seclabel_view1 AS SELECT * FROM seclabel_tbl2;
|
|
CREATE FUNCTION seclabel_four() RETURNS integer AS $$SELECT 4$$ language sql;
|
|
CREATE DOMAIN seclabel_domain AS text;
|
|
ALTER TABLE seclabel_tbl1 OWNER TO regress_seclabel_user1;
|
|
ALTER TABLE seclabel_tbl2 OWNER TO regress_seclabel_user2;
|
|
--
|
|
-- Test of SECURITY LABEL statement without a plugin
|
|
--
|
|
SECURITY LABEL ON TABLE seclabel_tbl1 IS 'classified'; -- fail
|
|
ERROR: no security label providers have been loaded
|
|
SECURITY LABEL FOR 'dummy' ON TABLE seclabel_tbl1 IS 'classified'; -- fail
|
|
ERROR: security label provider "dummy" is not loaded
|
|
SECURITY LABEL ON TABLE seclabel_tbl1 IS '...invalid label...'; -- fail
|
|
ERROR: no security label providers have been loaded
|
|
SECURITY LABEL ON TABLE seclabel_tbl3 IS 'unclassified'; -- fail
|
|
ERROR: no security label providers have been loaded
|
|
SECURITY LABEL ON ROLE regress_seclabel_user1 IS 'classified'; -- fail
|
|
ERROR: no security label providers have been loaded
|
|
SECURITY LABEL FOR 'dummy' ON ROLE regress_seclabel_user1 IS 'classified'; -- fail
|
|
ERROR: security label provider "dummy" is not loaded
|
|
SECURITY LABEL ON ROLE regress_seclabel_user1 IS '...invalid label...'; -- fail
|
|
ERROR: no security label providers have been loaded
|
|
SECURITY LABEL ON ROLE regress_seclabel_user3 IS 'unclassified'; -- fail
|
|
ERROR: no security label providers have been loaded
|
|
-- clean up objects
|
|
DROP FUNCTION seclabel_four();
|
|
DROP DOMAIN seclabel_domain;
|
|
DROP VIEW seclabel_view1;
|
|
DROP TABLE seclabel_tbl1;
|
|
DROP TABLE seclabel_tbl2;
|
|
DROP USER regress_seclabel_user1;
|
|
DROP USER regress_seclabel_user2;
|