mirror of
https://github.com/timescale/timescaledb.git
synced 2025-05-17 11:03:36 +08:00
Permission tests for compression commands
Add tests to check that users without adequate privileges cannot execute compression related commands.
This commit is contained in:
gayyappan
Matvey Arye
parent
4c3bb6d2d6
commit
939489d2d7
63
tsl/test/expected/compression_permissions-10.out
Normal file
63
tsl/test/expected/compression_permissions-10.out
Normal file
@ -0,0 +1,63 @@
|
||||
-- This file and its contents are licensed under the Timescale License.
|
||||
-- Please see the included NOTICE for copyright information and
|
||||
-- LICENSE-TIMESCALE for a copy of the license.
|
||||
\set ON_ERROR_STOP 0
|
||||
\c :TEST_DBNAME :ROLE_SUPERUSER
|
||||
-- stop the background workers
|
||||
SELECT _timescaledb_internal.stop_background_workers();
|
||||
stop_background_workers
|
||||
-------------------------
|
||||
t
|
||||
(1 row)
|
||||
|
||||
DELETE FROM _timescaledb_config.bgw_job WHERE TRUE;
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER
|
||||
CREATE TABLE conditions (
|
||||
timec TIMESTAMPTZ NOT NULL,
|
||||
location TEXT NOT NULL,
|
||||
location2 char(10) NOT NULL,
|
||||
temperature DOUBLE PRECISION NULL,
|
||||
humidity DOUBLE PRECISION NULL
|
||||
);
|
||||
select table_name from create_hypertable( 'conditions', 'timec');
|
||||
table_name
|
||||
------------
|
||||
conditions
|
||||
(1 row)
|
||||
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER_2
|
||||
alter table conditions set (timescaledb.compress, timescaledb.compress_segmentby = 'location', timescaledb.compress_orderby = 'timec');
|
||||
ERROR: must be owner of relation conditions
|
||||
insert into conditions
|
||||
select generate_series('2018-12-01 00:00'::timestamp, '2018-12-31 00:00'::timestamp, '1 day'), 'POR', 'klick', 55, 75;
|
||||
ERROR: permission denied for relation conditions
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER
|
||||
--now owner tries and succeeds --
|
||||
alter table conditions set (timescaledb.compress, timescaledb.compress_segmentby = 'location', timescaledb.compress_orderby = 'timec');
|
||||
insert into conditions
|
||||
select generate_series('2018-12-01 00:00'::timestamp, '2018-12-31 00:00'::timestamp, '1 day'), 'POR', 'klick', 55, 75;
|
||||
--try modifying compress properties --
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER_2
|
||||
alter table conditions set (timescaledb.compress, timescaledb.compress_segmentby = 'location', timescaledb.compress_orderby = 'humidity');
|
||||
ERROR: must be owner of relation conditions
|
||||
--- compress_chunks and decompress_chunks fail without correct perm --
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER_2
|
||||
select compress_chunk(ch1.schema_name|| '.' || ch1.table_name)
|
||||
FROM _timescaledb_catalog.chunk ch1, _timescaledb_catalog.hypertable ht where ch1.hypertable_id = ht.id and ht.table_name like 'conditions' and ch1.compressed_chunk_id IS NULL;
|
||||
ERROR: must be owner of hypertable "conditions"
|
||||
select decompress_chunk(ch1.schema_name|| '.' || ch1.table_name)
|
||||
FROM _timescaledb_catalog.chunk ch1, _timescaledb_catalog.hypertable ht where ch1.hypertable_id = ht.id and ht.table_name like 'conditions';
|
||||
ERROR: must be owner of hypertable "conditions"
|
||||
select add_compress_chunks_policy('conditions', '1day'::interval);
|
||||
ERROR: must be owner of hypertable "conditions"
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER
|
||||
select add_compress_chunks_policy('conditions', '1day'::interval);
|
||||
add_compress_chunks_policy
|
||||
----------------------------
|
||||
1000
|
||||
(1 row)
|
||||
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER_2
|
||||
--try dropping policy
|
||||
select remove_compress_chunks_policy('conditions', true);
|
||||
ERROR: must be owner of hypertable "conditions"
|
||||
63
tsl/test/expected/compression_permissions-11.out
Normal file
63
tsl/test/expected/compression_permissions-11.out
Normal file
@ -0,0 +1,63 @@
|
||||
-- This file and its contents are licensed under the Timescale License.
|
||||
-- Please see the included NOTICE for copyright information and
|
||||
-- LICENSE-TIMESCALE for a copy of the license.
|
||||
\set ON_ERROR_STOP 0
|
||||
\c :TEST_DBNAME :ROLE_SUPERUSER
|
||||
-- stop the background workers
|
||||
SELECT _timescaledb_internal.stop_background_workers();
|
||||
stop_background_workers
|
||||
-------------------------
|
||||
t
|
||||
(1 row)
|
||||
|
||||
DELETE FROM _timescaledb_config.bgw_job WHERE TRUE;
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER
|
||||
CREATE TABLE conditions (
|
||||
timec TIMESTAMPTZ NOT NULL,
|
||||
location TEXT NOT NULL,
|
||||
location2 char(10) NOT NULL,
|
||||
temperature DOUBLE PRECISION NULL,
|
||||
humidity DOUBLE PRECISION NULL
|
||||
);
|
||||
select table_name from create_hypertable( 'conditions', 'timec');
|
||||
table_name
|
||||
------------
|
||||
conditions
|
||||
(1 row)
|
||||
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER_2
|
||||
alter table conditions set (timescaledb.compress, timescaledb.compress_segmentby = 'location', timescaledb.compress_orderby = 'timec');
|
||||
ERROR: must be owner of table conditions
|
||||
insert into conditions
|
||||
select generate_series('2018-12-01 00:00'::timestamp, '2018-12-31 00:00'::timestamp, '1 day'), 'POR', 'klick', 55, 75;
|
||||
ERROR: permission denied for table conditions
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER
|
||||
--now owner tries and succeeds --
|
||||
alter table conditions set (timescaledb.compress, timescaledb.compress_segmentby = 'location', timescaledb.compress_orderby = 'timec');
|
||||
insert into conditions
|
||||
select generate_series('2018-12-01 00:00'::timestamp, '2018-12-31 00:00'::timestamp, '1 day'), 'POR', 'klick', 55, 75;
|
||||
--try modifying compress properties --
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER_2
|
||||
alter table conditions set (timescaledb.compress, timescaledb.compress_segmentby = 'location', timescaledb.compress_orderby = 'humidity');
|
||||
ERROR: must be owner of table conditions
|
||||
--- compress_chunks and decompress_chunks fail without correct perm --
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER_2
|
||||
select compress_chunk(ch1.schema_name|| '.' || ch1.table_name)
|
||||
FROM _timescaledb_catalog.chunk ch1, _timescaledb_catalog.hypertable ht where ch1.hypertable_id = ht.id and ht.table_name like 'conditions' and ch1.compressed_chunk_id IS NULL;
|
||||
ERROR: must be owner of hypertable "conditions"
|
||||
select decompress_chunk(ch1.schema_name|| '.' || ch1.table_name)
|
||||
FROM _timescaledb_catalog.chunk ch1, _timescaledb_catalog.hypertable ht where ch1.hypertable_id = ht.id and ht.table_name like 'conditions';
|
||||
ERROR: must be owner of hypertable "conditions"
|
||||
select add_compress_chunks_policy('conditions', '1day'::interval);
|
||||
ERROR: must be owner of hypertable "conditions"
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER
|
||||
select add_compress_chunks_policy('conditions', '1day'::interval);
|
||||
add_compress_chunks_policy
|
||||
----------------------------
|
||||
1000
|
||||
(1 row)
|
||||
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER_2
|
||||
--try dropping policy
|
||||
select remove_compress_chunks_policy('conditions', true);
|
||||
ERROR: must be owner of hypertable "conditions"
|
||||
63
tsl/test/expected/compression_permissions-9.6.out
Normal file
63
tsl/test/expected/compression_permissions-9.6.out
Normal file
@ -0,0 +1,63 @@
|
||||
-- This file and its contents are licensed under the Timescale License.
|
||||
-- Please see the included NOTICE for copyright information and
|
||||
-- LICENSE-TIMESCALE for a copy of the license.
|
||||
\set ON_ERROR_STOP 0
|
||||
\c :TEST_DBNAME :ROLE_SUPERUSER
|
||||
-- stop the background workers
|
||||
SELECT _timescaledb_internal.stop_background_workers();
|
||||
stop_background_workers
|
||||
-------------------------
|
||||
t
|
||||
(1 row)
|
||||
|
||||
DELETE FROM _timescaledb_config.bgw_job WHERE TRUE;
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER
|
||||
CREATE TABLE conditions (
|
||||
timec TIMESTAMPTZ NOT NULL,
|
||||
location TEXT NOT NULL,
|
||||
location2 char(10) NOT NULL,
|
||||
temperature DOUBLE PRECISION NULL,
|
||||
humidity DOUBLE PRECISION NULL
|
||||
);
|
||||
select table_name from create_hypertable( 'conditions', 'timec');
|
||||
table_name
|
||||
------------
|
||||
conditions
|
||||
(1 row)
|
||||
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER_2
|
||||
alter table conditions set (timescaledb.compress, timescaledb.compress_segmentby = 'location', timescaledb.compress_orderby = 'timec');
|
||||
ERROR: must be owner of relation conditions
|
||||
insert into conditions
|
||||
select generate_series('2018-12-01 00:00'::timestamp, '2018-12-31 00:00'::timestamp, '1 day'), 'POR', 'klick', 55, 75;
|
||||
ERROR: permission denied for relation conditions
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER
|
||||
--now owner tries and succeeds --
|
||||
alter table conditions set (timescaledb.compress, timescaledb.compress_segmentby = 'location', timescaledb.compress_orderby = 'timec');
|
||||
insert into conditions
|
||||
select generate_series('2018-12-01 00:00'::timestamp, '2018-12-31 00:00'::timestamp, '1 day'), 'POR', 'klick', 55, 75;
|
||||
--try modifying compress properties --
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER_2
|
||||
alter table conditions set (timescaledb.compress, timescaledb.compress_segmentby = 'location', timescaledb.compress_orderby = 'humidity');
|
||||
ERROR: must be owner of relation conditions
|
||||
--- compress_chunks and decompress_chunks fail without correct perm --
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER_2
|
||||
select compress_chunk(ch1.schema_name|| '.' || ch1.table_name)
|
||||
FROM _timescaledb_catalog.chunk ch1, _timescaledb_catalog.hypertable ht where ch1.hypertable_id = ht.id and ht.table_name like 'conditions' and ch1.compressed_chunk_id IS NULL;
|
||||
ERROR: must be owner of hypertable "conditions"
|
||||
select decompress_chunk(ch1.schema_name|| '.' || ch1.table_name)
|
||||
FROM _timescaledb_catalog.chunk ch1, _timescaledb_catalog.hypertable ht where ch1.hypertable_id = ht.id and ht.table_name like 'conditions';
|
||||
ERROR: must be owner of hypertable "conditions"
|
||||
select add_compress_chunks_policy('conditions', '1day'::interval);
|
||||
ERROR: must be owner of hypertable "conditions"
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER
|
||||
select add_compress_chunks_policy('conditions', '1day'::interval);
|
||||
add_compress_chunks_policy
|
||||
----------------------------
|
||||
1000
|
||||
(1 row)
|
||||
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER_2
|
||||
--try dropping policy
|
||||
select remove_compress_chunks_policy('conditions', true);
|
||||
ERROR: must be owner of hypertable "conditions"
|
||||
@ -33,6 +33,7 @@ set(TEST_TEMPLATES
|
||||
# parallel plans are different between postgres versions
|
||||
continuous_aggs_ddl.sql.in
|
||||
continuous_aggs_permissions.sql.in
|
||||
compression_permissions.sql.in
|
||||
plan_gapfill.sql.in
|
||||
transparent_decompression.sql.in
|
||||
)
|
||||
|
||||
51
tsl/test/sql/compression_permissions.sql.in
Normal file
51
tsl/test/sql/compression_permissions.sql.in
Normal file
@ -0,0 +1,51 @@
|
||||
-- This file and its contents are licensed under the Timescale License.
|
||||
-- Please see the included NOTICE for copyright information and
|
||||
-- LICENSE-TIMESCALE for a copy of the license.
|
||||
|
||||
\set ON_ERROR_STOP 0
|
||||
|
||||
\c :TEST_DBNAME :ROLE_SUPERUSER
|
||||
|
||||
-- stop the background workers
|
||||
SELECT _timescaledb_internal.stop_background_workers();
|
||||
DELETE FROM _timescaledb_config.bgw_job WHERE TRUE;
|
||||
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER
|
||||
CREATE TABLE conditions (
|
||||
timec TIMESTAMPTZ NOT NULL,
|
||||
location TEXT NOT NULL,
|
||||
location2 char(10) NOT NULL,
|
||||
temperature DOUBLE PRECISION NULL,
|
||||
humidity DOUBLE PRECISION NULL
|
||||
);
|
||||
|
||||
select table_name from create_hypertable( 'conditions', 'timec');
|
||||
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER_2
|
||||
alter table conditions set (timescaledb.compress, timescaledb.compress_segmentby = 'location', timescaledb.compress_orderby = 'timec');
|
||||
insert into conditions
|
||||
select generate_series('2018-12-01 00:00'::timestamp, '2018-12-31 00:00'::timestamp, '1 day'), 'POR', 'klick', 55, 75;
|
||||
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER
|
||||
--now owner tries and succeeds --
|
||||
alter table conditions set (timescaledb.compress, timescaledb.compress_segmentby = 'location', timescaledb.compress_orderby = 'timec');
|
||||
insert into conditions
|
||||
select generate_series('2018-12-01 00:00'::timestamp, '2018-12-31 00:00'::timestamp, '1 day'), 'POR', 'klick', 55, 75;
|
||||
|
||||
--try modifying compress properties --
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER_2
|
||||
alter table conditions set (timescaledb.compress, timescaledb.compress_segmentby = 'location', timescaledb.compress_orderby = 'humidity');
|
||||
|
||||
--- compress_chunks and decompress_chunks fail without correct perm --
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER_2
|
||||
select compress_chunk(ch1.schema_name|| '.' || ch1.table_name)
|
||||
FROM _timescaledb_catalog.chunk ch1, _timescaledb_catalog.hypertable ht where ch1.hypertable_id = ht.id and ht.table_name like 'conditions' and ch1.compressed_chunk_id IS NULL;
|
||||
select decompress_chunk(ch1.schema_name|| '.' || ch1.table_name)
|
||||
FROM _timescaledb_catalog.chunk ch1, _timescaledb_catalog.hypertable ht where ch1.hypertable_id = ht.id and ht.table_name like 'conditions';
|
||||
select add_compress_chunks_policy('conditions', '1day'::interval);
|
||||
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER
|
||||
select add_compress_chunks_policy('conditions', '1day'::interval);
|
||||
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER_2
|
||||
--try dropping policy
|
||||
select remove_compress_chunks_policy('conditions', true);
|
||||
Loading…
x
Reference in New Issue
Block a user