diff --git a/src/test/regress/expected/schema.out b/src/test/regress/expected/schema.out new file mode 100644 index 0000000..c437328 --- /dev/null +++ b/src/test/regress/expected/schema.out @@ -0,0 +1,146 @@ +-- +-- SCHEMA Commands +-- +-- Should work +CREATE SCHEMA schema_sch1; +DROP SCHEMA schema_sch1; +-- Should fail. Disallow CREATE SCHEMA by ROLE with insufficient permission +CREATE ROLE role_sch2; +SET ROLE role_sch2; +CREATE SCHEMA schema_sch2; +ERROR: permission denied for database regression +RESET ROLE; +DROP ROLE role_sch2; +-- Should fail. Disallow CREATE SCHEMA if using a reserved name +CREATE SCHEMA pg_schema_sch2b; +ERROR: unacceptable schema name "pg_schema_sch2b" +DETAIL: The prefix "pg_" is reserved for system schemas. +-- Should fail. Disallow CREATE SCHEMA if already exists +CREATE SCHEMA schema_sch2c; +CREATE SCHEMA schema_sch2c; +ERROR: schema "schema_sch2c" already exists +DROP SCHEMA schema_sch2c; +-- Ensure CREATE SCHEMA uses current_user (and not necessarily session_user) +CREATE ROLE role_sch3; +GRANT CREATE ON DATABASE regression TO role_sch3; +SET ROLE role_sch3; +CREATE SCHEMA schema_sch3; +SELECT schema_owner +FROM information_schema.schemata +WHERE schema_name = 'schema_sch3'; + schema_owner +-------------- + role_sch3 +(1 row) + +DROP SCHEMA schema_sch3; +RESET ROLE; +REVOKE CREATE ON DATABASE regression FROM role_sch3; +DROP ROLE role_sch3; +-- Should work. RENAME SCHEMA +CREATE SCHEMA schema_sch4; +ALTER SCHEMA schema_sch4 RENAME TO schema_sch4b; +DROP SCHEMA schema_sch4b; +-- ALTER SCHEMA ok for user created IN ROLE of one with CREATE DATABASE rights +CREATE ROLE role_sch5; +GRANT CREATE ON DATABASE regression to role_sch5; +CREATE ROLE role_sch5b IN ROLE role_sch5; +SET ROLE role_sch5; +CREATE SCHEMA schema_sch5; +SET ROLE role_sch5b; +ALTER SCHEMA schema_sch5 RENAME TO schema_sch5b; +ALTER SCHEMA schema_sch5b OWNER TO role_sch5b; +DROP SCHEMA schema_sch5b; +RESET ROLE; +REVOKE CREATE ON DATABASE regression FROM role_sch5; +SET ROLE role_sch5; +RESET ROLE; +DROP ROLE role_sch5b; +DROP ROLE role_sch5; +-- Should work, REASSIGN OWNED objects to another OWNER +CREATE ROLE role_sch6; +GRANT CREATE ON DATABASE regression to role_sch6; +CREATE ROLE role_sch6b; +SET ROLE role_sch6; +CREATE SCHEMA schema_sch6; +RESET ROLE; +REVOKE CREATE ON DATABASE regression FROM role_sch6; +REASSIGN OWNED BY role_sch6 TO role_sch6b; +SET ROLE role_sch6b; +DROP SCHEMA schema_sch6; +RESET ROLE; +DROP ROLE role_sch6b; +DROP ROLE role_sch6; +-- Should fail. Shouldn't RENAME SCHEMA if invalid / already existing / etc. +CREATE SCHEMA schema_sch7; +CREATE SCHEMA schema_sch7b; +ALTER SCHEMA schema_sch7b RENAME TO schema_sch7; +ERROR: schema "schema_sch7" already exists +ALTER SCHEMA schema_sch7b RENAME TO public; +ERROR: schema "public" already exists +ALTER SCHEMA schema_sch7b RENAME TO pg_asdf; +ERROR: unacceptable schema name "pg_asdf" +DETAIL: The prefix "pg_" is reserved for system schemas. +DROP SCHEMA schema_sch7; +DROP SCHEMA schema_sch7b; +-- Should fail. Shouldn't ALTER SCHEMA if not OWNER +CREATE SCHEMA schema_sch8; +CREATE ROLE role_sch8; +SET ROLE role_sch8; +ALTER SCHEMA schema_sch8 RENAME TO schema_sch8b; +ERROR: must be owner of schema schema_sch8 +ALTER SCHEMA schema_sch8 OWNER TO role_sch8; +ERROR: must be owner of schema schema_sch8 +RESET ROLE; +DROP SCHEMA schema_sch8; +DROP ROLE role_sch8; +-- Should work. Non-Owner with CREATE ON DATABASE priviledge can RENAME SCHEMA +CREATE ROLE role_sch9; +GRANT CREATE ON DATABASE regression to role_sch9; +SET ROLE role_sch9; +CREATE SCHEMA schema_sch9; +RESET ROLE; +ALTER SCHEMA schema_sch9 RENAME TO schema_sch9b; +DROP SCHEMA schema_sch9b; +REVOKE CREATE ON DATABASE regression FROM role_sch9; +DROP ROLE role_sch9; +-- Should fail. OWNER without CREATE ON DATABASE can't ALTER OWNER SCHEMA +CREATE ROLE role_sch10; +CREATE SCHEMA schema_sch10 AUTHORIZATION role_sch10; +CREATE ROLE role_sch10b; +GRANT role_sch10b TO role_sch10; +SET ROLE role_sch10; +ALTER SCHEMA schema_sch10 RENAME TO schema_sch2; +ERROR: permission denied for database regression +ALTER SCHEMA schema_sch10 OWNER TO role_sch10b; +ERROR: permission denied for database regression +RESET ROLE; +DROP SCHEMA schema_sch10; +REVOKE role_sch10b FROM role_sch10; +DROP ROLE role_sch10b; +DROP ROLE role_sch10; +-- Should work. Try to have multiple OWNERships for a ROLE +CREATE ROLE role_sch11; +CREATE ROLE role_sch11b; +CREATE SCHEMA schema_sch11; +GRANT CREATE ON SCHEMA schema_sch11 TO role_sch11; +GRANT ALL ON SCHEMA schema_sch11 TO role_sch11b; +ALTER SCHEMA schema_sch11 OWNER TO role_sch11; +REVOKE CREATE ON SCHEMA schema_sch11 FROM role_sch11; +REVOKE ALL ON SCHEMA schema_sch11 FROM role_sch11b; +DROP SCHEMA schema_sch11; +DROP ROLE role_sch11b; +DROP ROLE role_sch11; +-- Change OWNER of SCHEMA +CREATE SCHEMA schema_sch12; +CREATE ROLE role_sch12; +ALTER SCHEMA schema_sch12 OWNER TO role_sch12; +DROP SCHEMA schema_sch12; +DROP ROLE role_sch12; +-- Should fail. Can't change OWNER of SCHEMA if doesn't exist/invalid name/etc. +ALTER SCHEMA schema_sch13 RENAME TO schema_sch13; +ERROR: schema "schema_sch13" does not exist +CREATE ROLE role_sch13; +ALTER SCHEMA schema_sch13 OWNER TO role_sch13; +ERROR: schema "schema_sch13" does not exist +DROP ROLE role_sch13; diff --git a/src/test/regress/parallel_schedule b/src/test/regress/parallel_schedule index 2af28b1..7d23aaa 100644 --- a/src/test/regress/parallel_schedule +++ b/src/test/regress/parallel_schedule @@ -78,7 +78,7 @@ ignore: random # ---------- # Another group of parallel tests # ---------- -test: select_into select_distinct select_distinct_on select_implicit select_having subselect union case join aggregates transactions random portals arrays btree_index hash_index update namespace prepared_xacts delete +test: select_into select_distinct select_distinct_on select_implicit select_having subselect union case join aggregates transactions random portals arrays btree_index hash_index update namespace prepared_xacts delete schema # ---------- # Another group of parallel tests diff --git a/src/test/regress/sql/schema.sql b/src/test/regress/sql/schema.sql new file mode 100644 index 0000000..07698fa --- /dev/null +++ b/src/test/regress/sql/schema.sql @@ -0,0 +1,142 @@ +-- +-- SCHEMA Commands +-- + +-- Should work +CREATE SCHEMA schema_sch1; +DROP SCHEMA schema_sch1; + +-- Should fail. Disallow CREATE SCHEMA by ROLE with insufficient permission +CREATE ROLE role_sch2; +SET ROLE role_sch2; +CREATE SCHEMA schema_sch2; +RESET ROLE; +DROP ROLE role_sch2; + +-- Should fail. Disallow CREATE SCHEMA if using a reserved name +CREATE SCHEMA pg_schema_sch2b; + +-- Should fail. Disallow CREATE SCHEMA if already exists +CREATE SCHEMA schema_sch2c; +CREATE SCHEMA schema_sch2c; +DROP SCHEMA schema_sch2c; + +-- Ensure CREATE SCHEMA uses current_user (and not necessarily session_user) +CREATE ROLE role_sch3; +GRANT CREATE ON DATABASE regression TO role_sch3; +SET ROLE role_sch3; +CREATE SCHEMA schema_sch3; +SELECT schema_owner +FROM information_schema.schemata +WHERE schema_name = 'schema_sch3'; +DROP SCHEMA schema_sch3; +RESET ROLE; +REVOKE CREATE ON DATABASE regression FROM role_sch3; +DROP ROLE role_sch3; + +-- Should work. RENAME SCHEMA +CREATE SCHEMA schema_sch4; +ALTER SCHEMA schema_sch4 RENAME TO schema_sch4b; +DROP SCHEMA schema_sch4b; + +-- ALTER SCHEMA ok for user created IN ROLE of one with CREATE DATABASE rights +CREATE ROLE role_sch5; +GRANT CREATE ON DATABASE regression to role_sch5; +CREATE ROLE role_sch5b IN ROLE role_sch5; +SET ROLE role_sch5; +CREATE SCHEMA schema_sch5; +SET ROLE role_sch5b; +ALTER SCHEMA schema_sch5 RENAME TO schema_sch5b; +ALTER SCHEMA schema_sch5b OWNER TO role_sch5b; +DROP SCHEMA schema_sch5b; +RESET ROLE; +REVOKE CREATE ON DATABASE regression FROM role_sch5; +SET ROLE role_sch5; +RESET ROLE; +DROP ROLE role_sch5b; +DROP ROLE role_sch5; + +-- Should work, REASSIGN OWNED objects to another OWNER +CREATE ROLE role_sch6; +GRANT CREATE ON DATABASE regression to role_sch6; +CREATE ROLE role_sch6b; +SET ROLE role_sch6; +CREATE SCHEMA schema_sch6; +RESET ROLE; +REVOKE CREATE ON DATABASE regression FROM role_sch6; +REASSIGN OWNED BY role_sch6 TO role_sch6b; +SET ROLE role_sch6b; +DROP SCHEMA schema_sch6; +RESET ROLE; +DROP ROLE role_sch6b; +DROP ROLE role_sch6; + +-- Should fail. Shouldn't RENAME SCHEMA if invalid / already existing / etc. +CREATE SCHEMA schema_sch7; +CREATE SCHEMA schema_sch7b; +ALTER SCHEMA schema_sch7b RENAME TO schema_sch7; +ALTER SCHEMA schema_sch7b RENAME TO public; +ALTER SCHEMA schema_sch7b RENAME TO pg_asdf; +DROP SCHEMA schema_sch7; +DROP SCHEMA schema_sch7b; + +-- Should fail. Shouldn't ALTER SCHEMA if not OWNER +CREATE SCHEMA schema_sch8; +CREATE ROLE role_sch8; +SET ROLE role_sch8; +ALTER SCHEMA schema_sch8 RENAME TO schema_sch8b; +ALTER SCHEMA schema_sch8 OWNER TO role_sch8; +RESET ROLE; +DROP SCHEMA schema_sch8; +DROP ROLE role_sch8; + +-- Should work. Non-Owner with CREATE ON DATABASE priviledge can RENAME SCHEMA +CREATE ROLE role_sch9; +GRANT CREATE ON DATABASE regression to role_sch9; +SET ROLE role_sch9; +CREATE SCHEMA schema_sch9; +RESET ROLE; +ALTER SCHEMA schema_sch9 RENAME TO schema_sch9b; +DROP SCHEMA schema_sch9b; +REVOKE CREATE ON DATABASE regression FROM role_sch9; +DROP ROLE role_sch9; + +-- Should fail. OWNER without CREATE ON DATABASE can't ALTER OWNER SCHEMA +CREATE ROLE role_sch10; +CREATE SCHEMA schema_sch10 AUTHORIZATION role_sch10; +CREATE ROLE role_sch10b; +GRANT role_sch10b TO role_sch10; +SET ROLE role_sch10; +ALTER SCHEMA schema_sch10 RENAME TO schema_sch2; +ALTER SCHEMA schema_sch10 OWNER TO role_sch10b; +RESET ROLE; +DROP SCHEMA schema_sch10; +REVOKE role_sch10b FROM role_sch10; +DROP ROLE role_sch10b; +DROP ROLE role_sch10; + +-- Should work. Try to have multiple OWNERships for a ROLE +CREATE ROLE role_sch11; +CREATE ROLE role_sch11b; +CREATE SCHEMA schema_sch11; +GRANT CREATE ON SCHEMA schema_sch11 TO role_sch11; +GRANT ALL ON SCHEMA schema_sch11 TO role_sch11b; +ALTER SCHEMA schema_sch11 OWNER TO role_sch11; +REVOKE CREATE ON SCHEMA schema_sch11 FROM role_sch11; +REVOKE ALL ON SCHEMA schema_sch11 FROM role_sch11b; +DROP SCHEMA schema_sch11; +DROP ROLE role_sch11b; +DROP ROLE role_sch11; + +-- Change OWNER of SCHEMA +CREATE SCHEMA schema_sch12; +CREATE ROLE role_sch12; +ALTER SCHEMA schema_sch12 OWNER TO role_sch12; +DROP SCHEMA schema_sch12; +DROP ROLE role_sch12; + +-- Should fail. Can't change OWNER of SCHEMA if doesn't exist/invalid name/etc. +ALTER SCHEMA schema_sch13 RENAME TO schema_sch13; +CREATE ROLE role_sch13; +ALTER SCHEMA schema_sch13 OWNER TO role_sch13; +DROP ROLE role_sch13;