diff --git a/tsl/test/expected/privilege_maintain.out b/tsl/test/expected/privilege_maintain.out new file mode 100644 index 000000000..707bd514d --- /dev/null +++ b/tsl/test/expected/privilege_maintain.out @@ -0,0 +1,139 @@ +-- This file and its contents are licensed under the Apache License 2.0. +-- Please see the included NOTICE for copyright information and +-- LICENSE-APACHE for a copy of the license. +\c :TEST_DBNAME :ROLE_SUPERUSER +CREATE ROLE r_maintain; +CREATE TABLE metrics(time timestamptz, device text, value float); +SELECT create_hypertable('metrics', 'time'); +NOTICE: adding not-null constraint to column "time" + create_hypertable +---------------------- + (1,public,metrics,t) +(1 row) + +INSERT INTO metrics SELECT generate_series('2020-01-01'::timestamptz, '2020-01-09'::timestamptz, '3 day'::interval); +\dp metrics + Access privileges + Schema | Name | Type | Access privileges | Column privileges | Policies +--------+---------+-------+-------------------+-------------------+---------- + public | metrics | table | | | +(1 row) + +\dp _timescaledb_internal._hyper_* + Access privileges + Schema | Name | Type | Access privileges | Column privileges | Policies +-----------------------+------------------+-------+-------------------+-------------------+---------- + _timescaledb_internal | _hyper_1_1_chunk | table | | | + _timescaledb_internal | _hyper_1_2_chunk | table | | | +(2 rows) + +GRANT MAINTAIN ON TABLE metrics TO r_maintain; +-- check privilege is present on all the chunks +\dp metrics + Access privileges + Schema | Name | Type | Access privileges | Column privileges | Policies +--------+---------+-------+--------------------------------+-------------------+---------- + public | metrics | table | super_user=arwdDxtm/super_user+| | + | | | r_maintain=m/super_user | | +(1 row) + +\dp _timescaledb_internal._hyper_* + Access privileges + Schema | Name | Type | Access privileges | Column privileges | Policies +-----------------------+------------------+-------+--------------------------------+-------------------+---------- + _timescaledb_internal | _hyper_1_1_chunk | table | super_user=arwdDxtm/super_user+| | + | | | r_maintain=m/super_user | | + _timescaledb_internal | _hyper_1_2_chunk | table | super_user=arwdDxtm/super_user+| | + | | | r_maintain=m/super_user | | +(2 rows) + +REVOKE MAINTAIN ON TABLE metrics FROM r_maintain; +-- check privilege got removed from all the chunks +\dp metrics + Access privileges + Schema | Name | Type | Access privileges | Column privileges | Policies +--------+---------+-------+--------------------------------+-------------------+---------- + public | metrics | table | super_user=arwdDxtm/super_user | | +(1 row) + +\dp _timescaledb_internal._hyper_* + Access privileges + Schema | Name | Type | Access privileges | Column privileges | Policies +-----------------------+------------------+-------+--------------------------------+-------------------+---------- + _timescaledb_internal | _hyper_1_1_chunk | table | super_user=arwdDxtm/super_user | | + _timescaledb_internal | _hyper_1_2_chunk | table | super_user=arwdDxtm/super_user | | +(2 rows) + +ALTER TABLE metrics SET (timescaledb.compress); +WARNING: there was some uncertainty picking the default segment by for the hypertable: You do not have any indexes on columns that can be used for segment_by and thus we are not using segment_by for compression. Please make sure you are not missing any indexes +NOTICE: default segment by for hypertable "metrics" is set to "" +NOTICE: default order by for hypertable "metrics" is set to ""time" DESC" +SELECT compress_chunk(chunk) FROM show_chunks('metrics') chunk; + compress_chunk +---------------------------------------- + _timescaledb_internal._hyper_1_1_chunk + _timescaledb_internal._hyper_1_2_chunk +(2 rows) + +GRANT MAINTAIN ON TABLE metrics TO r_maintain; +-- check privilege is present on all the chunks +\dp metrics + Access privileges + Schema | Name | Type | Access privileges | Column privileges | Policies +--------+---------+-------+--------------------------------+-------------------+---------- + public | metrics | table | super_user=arwdDxtm/super_user+| | + | | | r_maintain=m/super_user | | +(1 row) + +\dp _timescaledb_internal._hyper_* + Access privileges + Schema | Name | Type | Access privileges | Column privileges | Policies +-----------------------+------------------+-------+--------------------------------+-------------------+---------- + _timescaledb_internal | _hyper_1_1_chunk | table | super_user=arwdDxtm/super_user+| | + | | | r_maintain=m/super_user | | + _timescaledb_internal | _hyper_1_2_chunk | table | super_user=arwdDxtm/super_user+| | + | | | r_maintain=m/super_user | | +(2 rows) + +\dp _timescaledb_internal.*compress* + Access privileges + Schema | Name | Type | Access privileges | Column privileges | Policies +-----------------------+--------------------------+-------+--------------------------------+-------------------+---------- + _timescaledb_internal | _compressed_hypertable_2 | table | super_user=arwdDxtm/super_user+| | + | | | r_maintain=m/super_user | | + _timescaledb_internal | compress_hyper_2_3_chunk | table | super_user=arwdDxtm/super_user+| | + | | | r_maintain=m/super_user | | + _timescaledb_internal | compress_hyper_2_4_chunk | table | super_user=arwdDxtm/super_user+| | + | | | r_maintain=m/super_user | | + _timescaledb_internal | compressed_chunk_stats | view | super_user=arwdDxtm/super_user+| | + | | | =r/super_user | | +(4 rows) + +REVOKE MAINTAIN ON TABLE metrics FROM r_maintain; +-- check privilege got removed from all the chunks +\dp metrics + Access privileges + Schema | Name | Type | Access privileges | Column privileges | Policies +--------+---------+-------+--------------------------------+-------------------+---------- + public | metrics | table | super_user=arwdDxtm/super_user | | +(1 row) + +\dp _timescaledb_internal._hyper_* + Access privileges + Schema | Name | Type | Access privileges | Column privileges | Policies +-----------------------+------------------+-------+--------------------------------+-------------------+---------- + _timescaledb_internal | _hyper_1_1_chunk | table | super_user=arwdDxtm/super_user | | + _timescaledb_internal | _hyper_1_2_chunk | table | super_user=arwdDxtm/super_user | | +(2 rows) + +\dp _timescaledb_internal.*compress* + Access privileges + Schema | Name | Type | Access privileges | Column privileges | Policies +-----------------------+--------------------------+-------+--------------------------------+-------------------+---------- + _timescaledb_internal | _compressed_hypertable_2 | table | super_user=arwdDxtm/super_user | | + _timescaledb_internal | compress_hyper_2_3_chunk | table | super_user=arwdDxtm/super_user | | + _timescaledb_internal | compress_hyper_2_4_chunk | table | super_user=arwdDxtm/super_user | | + _timescaledb_internal | compressed_chunk_stats | view | super_user=arwdDxtm/super_user+| | + | | | =r/super_user | | +(4 rows) + diff --git a/tsl/test/sql/CMakeLists.txt b/tsl/test/sql/CMakeLists.txt index b8abd5a5f..a0e4d9c2a 100644 --- a/tsl/test/sql/CMakeLists.txt +++ b/tsl/test/sql/CMakeLists.txt @@ -110,6 +110,10 @@ if((${PG_VERSION_MAJOR} GREATER_EQUAL "15")) list(APPEND TEST_FILES merge_compress.sql) endif() +if((${PG_VERSION_MAJOR} GREATER_EQUAL "17")) + list(APPEND TEST_FILES privilege_maintain.sql) +endif() + set(SOLO_TESTS # This interferes with other tests since it reloads the config to increase # log level. diff --git a/tsl/test/sql/privilege_maintain.sql b/tsl/test/sql/privilege_maintain.sql new file mode 100644 index 000000000..8bcf5a543 --- /dev/null +++ b/tsl/test/sql/privilege_maintain.sql @@ -0,0 +1,45 @@ +-- This file and its contents are licensed under the Timescale License. +-- Please see the included NOTICE for copyright information and +-- LICENSE-TIMESCALE for a copy of the license. + +\c :TEST_DBNAME :ROLE_SUPERUSER + +CREATE ROLE r_maintain; + +CREATE TABLE metrics(time timestamptz, device text, value float); + +SELECT create_hypertable('metrics', 'time'); + +INSERT INTO metrics SELECT generate_series('2020-01-01'::timestamptz, '2020-01-09'::timestamptz, '3 day'::interval); + +\dp metrics +\dp _timescaledb_internal._hyper_* + +GRANT MAINTAIN ON TABLE metrics TO r_maintain; + +-- check privilege is present on all the chunks +\dp metrics +\dp _timescaledb_internal._hyper_* + +REVOKE MAINTAIN ON TABLE metrics FROM r_maintain; + +-- check privilege got removed from all the chunks +\dp metrics +\dp _timescaledb_internal._hyper_* + +ALTER TABLE metrics SET (timescaledb.compress); +SELECT compress_chunk(chunk) FROM show_chunks('metrics') chunk; +GRANT MAINTAIN ON TABLE metrics TO r_maintain; + +-- check privilege is present on all the chunks +\dp metrics +\dp _timescaledb_internal._hyper_* +\dp _timescaledb_internal.*compress* + +REVOKE MAINTAIN ON TABLE metrics FROM r_maintain; + +-- check privilege got removed from all the chunks +\dp metrics +\dp _timescaledb_internal._hyper_* +\dp _timescaledb_internal.*compress* +