Fix tests for 3.1.7 (michelp#83)

* Fix test error on schema caused by pgtap bug Bug reported to pgtap upstream here: theory/pgtap#311 * Test minimal postgresql supported version * Fix test failing because of objects order the test can fail when running the test on a database with a different collation than the one used to write the test. * Fix SQL error with pg 16 * Fix test errors with pg_read_all_data and pg_write_all_data roles * Update pgsodium version in test generator * Add tests about masking_rule.security_invoker column * Comply tests generator and SQL schema to the new test.sql script * Create role and extension inside the test's transaction * Create pgsodium extension outside of the transaction When creating the extension inside the xact, one test is failing with the following error: ERROR: unsafe use of new value "secretbox" of enum type key_type LINE 1: SELECT id as secretbox_key_id from create_key('secretbox') ^ HINT: New enum values must be committed before they can be used * Make volumes accessible inside the container with podman
ioguix · Jun 8, 2023 · 9ab96e1 · 9ab96e1
1 parent b84ee30
commit 9ab96e1
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 69 deletions.
diff --git a/pgsodium_tapgen.pl b/pgsodium_tapgen.pl
@@ -7,7 +7,7 @@
 use Getopt::Long;
 use File::Spec;
 
-my $PGSODIUM_VERSION = '3.1.5';
+my $PGSODIUM_VERSION = '3.1.7';
 
 my $curr;
 my $rs;
@@ -46,12 +46,15 @@
 
 ################################################################################
 
-print "BEGIN;\n",
-      "CREATE EXTENSION IF NOT EXISTS pgtap;\n",
-      "CREATE EXTENSION IF NOT EXISTS pgsodium;\n\n",
-      "SET search_path TO 'public';\n\n";
+print "SET search_path TO 'public';\n";
 
-print "SELECT plan(1); -- FIXME!\n";
+print "\n\n\n---- POSTGRESQL MINIMAL VERSION\n";
+print "SELECT cmp_ok("
+     ."current_setting('server_version_num')::int, "
+     ."'>=', "
+     ."130000, "
+     ."format('PostgreSQL version %s >= 13', current_setting('server_version'))"
+     .");\n";
 
 print "\n\n\n---- EXTENSION VERSION\n";
 
@@ -71,16 +74,15 @@
     WHERE refclassid = 'pg_catalog.pg_extension'::pg_catalog.regclass
       AND refobjid = (SELECT oid FROM pg_extension WHERE extname = 'pgsodium')
       AND deptype = 'e'
-    ORDER BY 1;
+    ORDER BY pg_catalog.pg_describe_object(classid, objid, 0) COLLATE "C"
 }) or die;
 
-print q{SELECT results_eq($$
+print q{SELECT bag_eq($$
   SELECT pg_catalog.pg_describe_object(classid, objid, 0)
   FROM pg_catalog.pg_depend
   WHERE refclassid = 'pg_catalog.pg_extension'::pg_catalog.regclass
     AND refobjid = (SELECT oid FROM pg_extension WHERE extname = 'pgsodium')
-    AND deptype = 'e'
-  ORDER BY 1$$,
+    AND deptype = 'e'$$,
   $$ VALUES
     }, join(",\n    ", @$rs), q{
   $$,
@@ -113,30 +115,27 @@
     printf "SELECT is_member_of( %s, %s );\n", $r->[0], $r->[1];
 }
 
+print "\n\n\n---- SCHEMAS\n\n";
+
 $rs = $dbh->selectall_arrayref(q{
     SELECT quote_literal(nspname),
       quote_literal(pg_catalog.pg_get_userbyid(nspowner))
     FROM pg_catalog.pg_namespace
-    WHERE nspname NOT IN ('pg_catalog', 'pg_toast', 'information_schema')
+    WHERE nspname NOT IN ('public', 'pg_catalog', 'pg_toast', 'information_schema')
     ORDER BY nspname
 }) or die;
 
-print "\n\n\n---- SCHEMAS\n\n";
-
-print "SELECT schemas_are(ARRAY[\n    ",
-      join(",\n    ", map {$_->[0]} @$rs),
-      "\n]);\n";
-
 foreach my $r ( @$rs ) {
-    printf "SELECT schema_owner_is(%-10s, %s);\n", @$r;
+    printf "SELECT has_schema(%s);\n", $r->[0];
+    printf "SELECT schema_owner_is(%s, %s);\n\n", @$r;
 }
 
 print "\n\n\n---- EVENT TRIGGERS\n\n";
 
 # pgtap doesn't support event triggers yet.
 $rs = $dbh->selectall_arrayref(q{
     SELECT quote_literal(evtname), quote_literal(evtevent),
-      quote_literal(evtenabled), ARRAY(SELECT quote_literal(unnest(evttags)) ORDER BY 1),
+      quote_literal(evtenabled::text), ARRAY(SELECT quote_literal(unnest(evttags)) ORDER BY 1),
       quote_literal(pg_catalog.pg_get_userbyid(evtowner)),
       quote_literal(evtfoid::regproc)
     FROM pg_catalog.pg_event_trigger
@@ -429,8 +428,6 @@
   "]);\n";
 }
 
-print "\n\nROLLBACK;\n";
-
 $dbh->rollback;
 
 exit;
@@ -528,6 +525,7 @@ sub privs_tests {
                 WHEN r.relkind = 'S' THEN has_sequence_privilege(a.oid, r.oid, s.p)
            END
        AND s.k = r.relkind
+       AND a.rolname NOT IN ('pg_read_all_data', 'pg_write_all_data')
      GROUP BY a.rolname, r.nspname, r.relname
      ORDER BY a.rolname}, undef, $schema, $tname);
 
@@ -542,7 +540,7 @@ sub privs_tests {
           ."FROM pg_catalog.pg_roles\n"
           ."WHERE rolname NOT IN (%s);\n",
           $type, $privs->[0][2], $privs->[0][3],
-          join(',',  map { $_->[0] } @$privs);
+          join(',', ("'pg_read_all_data'", "'pg_write_all_data'", map { $_->[0] } @$privs ));
 }
 
 sub idxs_tests {

diff --git a/test.sh b/test.sh
@@ -19,8 +19,8 @@ do
 
 		echo running test container
 		docker run --rm -e POSTGRES_HOST_AUTH_METHOD=trust -d \
-               -v `pwd`/test:/home/postgres/pgsodium/test \
-               -v `pwd`/example:/home/postgres/pgsodium/example \
+               -v `pwd`/test:/home/postgres/pgsodium/test:Z \
+               -v `pwd`/example:/home/postgres/pgsodium/example:Z \
                --name "$DB_HOST" $TAG postgres $config
 
 		echo waiting for database to accept connections

diff --git a/test/pgsodium_schema.sql b/test/pgsodium_schema.sql
@@ -1,8 +1,11 @@
+SET search_path TO 'public';
+
+
+
+---- POSTGRESQL MINIMAL VERSION
+SELECT cmp_ok(current_setting('server_version_num')::int, '>=', 130000, format('PostgreSQL version %s >= 13', current_setting('server_version')));
 
-CREATE EXTENSION IF NOT EXISTS pgtap;
-CREATE EXTENSION IF NOT EXISTS pgsodium;
 
-SET search_path TO 'public';
 
 ---- EXTENSION VERSION
 SELECT results_eq('SELECT pgsodium.version()', $$VALUES ('3.1.7'::text)$$, 'Version of pgsodium is 3.1.7');
@@ -12,13 +15,12 @@ SELECT results_eq('SELECT pgsodium.version()', $$VALUES ('3.1.7'::text)$$, 'Vers
 -- Note: pay close attention to the objects schema when applicable,
 -- it MUST be pgsodium.
 
-SELECT results_eq($$
+SELECT bag_eq($$
   SELECT pg_catalog.pg_describe_object(classid, objid, 0)
   FROM pg_catalog.pg_depend
   WHERE refclassid = 'pg_catalog.pg_extension'::pg_catalog.regclass
     AND refobjid = (SELECT oid FROM pg_extension WHERE extname = 'pgsodium')
-    AND deptype = 'e'
-  ORDER BY 1$$,
+    AND deptype = 'e'$$,
   $$ VALUES
     ('event trigger pgsodium_trg_mask_update'                                                                      ::text),
     ('function pgsodium.create_key(pgsodium.key_type,text,bytea,bytea,uuid,bytea,timestamp with time zone,text)'   ::text),
@@ -192,14 +194,12 @@ SELECT is_member_of( 'pgsodium_keyiduser', 'pgsodium_keymaker' );
 
 ---- SCHEMAS
 
--- SELECT schemas_are(ARRAY[
---     'pgsodium',
---     'pgsodium_masks',
---     'public'
--- ]);
+SELECT has_schema('pgsodium');
 SELECT schema_owner_is('pgsodium', 'postgres');
+
+SELECT has_schema('pgsodium_masks');
 SELECT schema_owner_is('pgsodium_masks', 'postgres');
--- SELECT schema_owner_is('public'  , 'postgres');
+
 
 
 
@@ -448,13 +448,13 @@ SELECT table_owner_is('pgsodium'::name, 'key'::name, 'postgres'::name);
 -- privs of relation key
 SELECT table_privs_are('pgsodium'::name, 'key'::name, 'pgsodium_keymaker'         ::name, '{DELETE,INSERT,REFERENCES,SELECT,TRIGGER,TRUNCATE,UPDATE}'::text[]);
 SELECT table_privs_are('pgsodium'::name, 'key'::name, 'postgres'                  ::name, '{DELETE,INSERT,REFERENCES,SELECT,TRIGGER,TRUNCATE,UPDATE}'::text[]);
--- SELECT table_privs_are('pgsodium'::name, 'key'::name, rolname,                    '{}'::text[])
--- FROM pg_catalog.pg_roles
--- WHERE rolname NOT IN ('pgsodium_keymaker','postgres');
+SELECT table_privs_are('pgsodium'::name, 'key'::name, rolname,                    '{}'::text[])
+FROM pg_catalog.pg_roles
+WHERE rolname NOT IN ('pg_read_all_data','pg_write_all_data','pgsodium_keymaker','postgres');
 
 
 
----- Views
+---- VIEWS
 
 SELECT views_are('pgsodium', ARRAY[
     'decrypted_key',
@@ -562,9 +562,9 @@ SELECT view_owner_is('pgsodium'::name, 'decrypted_key'::name, 'postgres'::name);
 SELECT table_privs_are('pgsodium'::name, 'decrypted_key'::name, 'pgsodium_keyholder'        ::name, '{DELETE,INSERT,REFERENCES,SELECT,TRIGGER,TRUNCATE,UPDATE}'::text[]);
 SELECT table_privs_are('pgsodium'::name, 'decrypted_key'::name, 'pgsodium_keymaker'         ::name, '{DELETE,INSERT,REFERENCES,SELECT,TRIGGER,TRUNCATE,UPDATE}'::text[]);
 SELECT table_privs_are('pgsodium'::name, 'decrypted_key'::name, 'postgres'                  ::name, '{DELETE,INSERT,REFERENCES,SELECT,TRIGGER,TRUNCATE,UPDATE}'::text[]);
--- SELECT table_privs_are('pgsodium'::name, 'decrypted_key'::name, rolname,                    '{}'::text[])
--- FROM pg_catalog.pg_roles
--- WHERE rolname NOT IN ('pgsodium_keyholder','pgsodium_keymaker','postgres');
+SELECT table_privs_are('pgsodium'::name, 'decrypted_key'::name, rolname,                    '{}'::text[])
+FROM pg_catalog.pg_roles
+WHERE rolname NOT IN ('pg_read_all_data','pg_write_all_data','pgsodium_keyholder','pgsodium_keymaker','postgres');
 ---- VIEW mask_columns
 
 -- cols of relation mask_columns
@@ -622,9 +622,9 @@ SELECT view_owner_is('pgsodium'::name, 'mask_columns'::name, 'postgres'::name);
 SELECT table_privs_are('pgsodium'::name, 'mask_columns'::name, 'pgsodium_keyholder'        ::name, '{DELETE,INSERT,REFERENCES,SELECT,TRIGGER,TRUNCATE,UPDATE}'::text[]);
 SELECT table_privs_are('pgsodium'::name, 'mask_columns'::name, 'pgsodium_keymaker'         ::name, '{DELETE,INSERT,REFERENCES,SELECT,TRIGGER,TRUNCATE,UPDATE}'::text[]);
 SELECT table_privs_are('pgsodium'::name, 'mask_columns'::name, 'postgres'                  ::name, '{DELETE,INSERT,REFERENCES,SELECT,TRIGGER,TRUNCATE,UPDATE}'::text[]);
--- SELECT table_privs_are('pgsodium'::name, 'mask_columns'::name, rolname,                    '{}'::text[])
--- FROM pg_catalog.pg_roles
--- WHERE rolname NOT IN ('pgsodium_keyholder','pgsodium_keymaker','postgres');
+SELECT table_privs_are('pgsodium'::name, 'mask_columns'::name, rolname,                    '{}'::text[])
+FROM pg_catalog.pg_roles
+WHERE rolname NOT IN ('pg_read_all_data','pg_write_all_data','pgsodium_keyholder','pgsodium_keymaker','postgres');
 ---- VIEW masking_rule
 
 -- cols of relation masking_rule
@@ -710,6 +710,11 @@ SELECT col_type_is(      'pgsodium', 'masking_rule', 'priority'       , 'integer
 SELECT col_is_null(      'pgsodium', 'masking_rule', 'priority'       , 'col_is_null( masking_rule.priority )');
 SELECT col_hasnt_default('pgsodium', 'masking_rule', 'priority'       , 'col_hasnt_default( masking_rule.priority )');
 
+SELECT has_column(       'pgsodium', 'masking_rule', 'security_invoker', 'has column masking_rule.security_invoker');
+SELECT col_type_is(      'pgsodium', 'masking_rule', 'security_invoker', 'boolean', 'type of column masking_rule.security_invoker is boolean');
+SELECT col_is_null(      'pgsodium', 'masking_rule', 'security_invoker', 'col_is_null( masking_rule.security_invoker )');
+SELECT col_hasnt_default('pgsodium', 'masking_rule', 'security_invoker', 'col_hasnt_default( masking_rule.security_invoker )');
+
 
 -- owner of view masking_rule
 SELECT view_owner_is('pgsodium'::name, 'masking_rule'::name, 'postgres'::name);
@@ -719,9 +724,9 @@ SELECT view_owner_is('pgsodium'::name, 'masking_rule'::name, 'postgres'::name);
 SELECT table_privs_are('pgsodium'::name, 'masking_rule'::name, 'pgsodium_keyholder'        ::name, '{DELETE,INSERT,REFERENCES,SELECT,TRIGGER,TRUNCATE,UPDATE}'::text[]);
 SELECT table_privs_are('pgsodium'::name, 'masking_rule'::name, 'pgsodium_keymaker'         ::name, '{DELETE,INSERT,REFERENCES,SELECT,TRIGGER,TRUNCATE,UPDATE}'::text[]);
 SELECT table_privs_are('pgsodium'::name, 'masking_rule'::name, 'postgres'                  ::name, '{DELETE,INSERT,REFERENCES,SELECT,TRIGGER,TRUNCATE,UPDATE}'::text[]);
--- SELECT table_privs_are('pgsodium'::name, 'masking_rule'::name, rolname,                    '{}'::text[])
--- FROM pg_catalog.pg_roles
--- WHERE rolname NOT IN ('pgsodium_keyholder','pgsodium_keymaker','postgres');
+SELECT table_privs_are('pgsodium'::name, 'masking_rule'::name, rolname,                    '{}'::text[])
+FROM pg_catalog.pg_roles
+WHERE rolname NOT IN ('pg_read_all_data','pg_write_all_data','pgsodium_keyholder','pgsodium_keymaker','postgres');
 ---- VIEW valid_key
 
 -- cols of relation valid_key
@@ -792,9 +797,9 @@ SELECT table_privs_are('pgsodium'::name, 'valid_key'::name, 'pgsodium_keyholder'
 SELECT table_privs_are('pgsodium'::name, 'valid_key'::name, 'pgsodium_keyiduser'        ::name, '{SELECT}'::text[]);
 SELECT table_privs_are('pgsodium'::name, 'valid_key'::name, 'pgsodium_keymaker'         ::name, '{DELETE,INSERT,REFERENCES,SELECT,TRIGGER,TRUNCATE,UPDATE}'::text[]);
 SELECT table_privs_are('pgsodium'::name, 'valid_key'::name, 'postgres'                  ::name, '{DELETE,INSERT,REFERENCES,SELECT,TRIGGER,TRUNCATE,UPDATE}'::text[]);
--- SELECT table_privs_are('pgsodium'::name, 'valid_key'::name, rolname,                    '{}'::text[])
--- FROM pg_catalog.pg_roles
--- WHERE rolname NOT IN ('pgsodium_keyholder','pgsodium_keyiduser','pgsodium_keymaker','postgres');
+SELECT table_privs_are('pgsodium'::name, 'valid_key'::name, rolname,                    '{}'::text[])
+FROM pg_catalog.pg_roles
+WHERE rolname NOT IN ('pg_read_all_data','pg_write_all_data','pgsodium_keyholder','pgsodium_keyiduser','pgsodium_keymaker','postgres');
 
 
 
@@ -813,9 +818,9 @@ SELECT sequence_owner_is('pgsodium'::name, 'key_key_id_seq'::name, 'postgres'::n
 -- privs of relation key_key_id_seq
 SELECT sequence_privs_are('pgsodium'::name, 'key_key_id_seq'::name, 'pgsodium_keymaker'         ::name, '{SELECT,UPDATE,USAGE}'::text[]);
 SELECT sequence_privs_are('pgsodium'::name, 'key_key_id_seq'::name, 'postgres'                  ::name, '{SELECT,UPDATE,USAGE}'::text[]);
--- SELECT sequence_privs_are('pgsodium'::name, 'key_key_id_seq'::name, rolname,                    '{}'::text[])
--- FROM pg_catalog.pg_roles
--- WHERE rolname NOT IN ('pgsodium_keymaker','postgres');
+SELECT sequence_privs_are('pgsodium'::name, 'key_key_id_seq'::name, rolname,                    '{}'::text[])
+FROM pg_catalog.pg_roles
+WHERE rolname NOT IN ('pg_read_all_data','pg_write_all_data','pgsodium_keymaker','postgres');
 
 
 
@@ -5776,5 +5781,3 @@ SELECT enums_are('pgsodium', ARRAY[
 
 SELECT enum_has_labels('pgsodium','key_status', ARRAY['default','valid','invalid','expired']);
 SELECT enum_has_labels('pgsodium','key_type', ARRAY['aead-ietf','aead-det','hmacsha512','hmacsha256','auth','shorthash','generichash','kdf','secretbox','secretstream','stream_xchacha20']);
-
-SET search_path = pgsodium, public;
diff --git a/test/test.sql b/test/test.sql
@@ -10,27 +10,23 @@
 
 SET client_min_messages TO WARNING;
 
-CREATE ROLE bobo with login password 'foo';
+SELECT EXISTS (SELECT * FROM pg_settings
+    WHERE name = 'shared_preload_libraries'
+    AND setting ilike '%pgsodium%') serverkeys \gset
 
 CREATE EXTENSION IF NOT EXISTS pgtap;
 
-CREATE EXTENSION pgsodium;
+CREATE EXTENSION IF NOT EXISTS pgsodium;
 
 BEGIN;
-SELECT * FROM no_plan();
+CREATE ROLE bobo with login password 'foo';
 
+SELECT * FROM no_plan();
 
+\ir pgsodium_schema.sql
 
 SET search_path = pgsodium, public;
 
-SELECT EXISTS (SELECT * FROM pg_settings
-    WHERE name = 'shared_preload_libraries'
-    AND setting ilike '%pgsodium%') serverkeys \gset
-
-SELECT pg_version_num() / 10000 major_version \gset
-SELECT :major_version = 15 pg15 \gset
-
-\ir pgsodium_schema.sql
 \ir random.sql
 \ir secretbox.sql
 \ir secretstream.sql
@@ -52,5 +48,6 @@ SELECT :major_version = 15 pg15 \gset
 \ir tce_rls.sql
 \ir keys.sql
 
-select * from finish();
+SELECT * FROM finish();
+
 ROLLBACK;