mirror of
https://github.com/neondatabase/neon.git
synced 2026-01-07 13:32:57 +00:00
24654b8eee
This PR introduces a `/grants` endpoint which allows setting specific `privileges` to certain `role` for a certain `schema`. Related to #9344 Together these endpoints will be used to configure JWT extension and set correct usage to its schema to specific roles that will need them. --------- Co-authored-by: Conrad Ludgate <conradludgate@gmail.com>
42 lines
1.5 KiB
Python
42 lines
1.5 KiB
Python
import psycopg2
|
|
from fixtures.neon_fixtures import NeonEnv
|
|
|
|
|
|
def test_role_grants(neon_simple_env: NeonEnv):
|
|
"""basic test for the endpoint that grants permissions for a role against a schema"""
|
|
|
|
env = neon_simple_env
|
|
|
|
env.create_branch("test_role_grants")
|
|
|
|
endpoint = env.endpoints.create_start("test_role_grants")
|
|
|
|
endpoint.safe_psql("CREATE DATABASE test_role_grants")
|
|
endpoint.safe_psql("CREATE SCHEMA IF NOT EXISTS test_schema", dbname="test_role_grants")
|
|
endpoint.safe_psql("CREATE ROLE test_role WITH LOGIN", dbname="test_role_grants")
|
|
|
|
# confirm we do not yet have access
|
|
pg_conn = endpoint.connect(dbname="test_role_grants", user="test_role")
|
|
with pg_conn.cursor() as cur:
|
|
try:
|
|
cur.execute('CREATE TABLE "test_schema"."test_table" (id integer primary key)')
|
|
raise ValueError("create table should not succeed")
|
|
except psycopg2.errors.InsufficientPrivilege:
|
|
pass
|
|
except BaseException as e:
|
|
raise e
|
|
|
|
client = endpoint.http_client()
|
|
res = client.set_role_grants(
|
|
"test_role_grants", "test_role", "test_schema", ["CREATE", "USAGE"]
|
|
)
|
|
|
|
# confirm we have access
|
|
with pg_conn.cursor() as cur:
|
|
cur.execute('CREATE TABLE "test_schema"."test_table" (id integer primary key)')
|
|
cur.execute('INSERT INTO "test_schema"."test_table" (id) VALUES (1)')
|
|
cur.execute('SELECT id from "test_schema"."test_table"')
|
|
res = cur.fetchall()
|
|
|
|
assert res == [(1,)], "select should not succeed"
|