Move security_label test

Rather than have the core security_label regression test depend on the dummy_seclabel module, have that part of the test be executed by dummy_seclabel itself directly. This simplifies the testing rig a bit; in particular it should silence the problems from the MSVC buildfarm phylum, which haven't yet gotten taught how to install src/test/modules.
author: Alvaro Herrera 2014-12-01 19:12:43 +0000
committer: Alvaro Herrera 2014-12-01 19:12:43 +0000
commit: df761e3cf79db09d602610ee61e51cb378288382 (patch)
tree: 30781e0286dfc6bcaf6d9b7dcec3a7b940a2a5ed /src/test/modules
parent: e09996ff8dee3f70b0a027cffebccef4388ed5b7 (diff)
3 files changed, 168 insertions, 0 deletions
diff --git a/src/test/modules/dummy_seclabel/Makefile b/src/test/modules/dummy_seclabel/Makefile
index 909ac9ace72..41f50cc41ee 100644
--- a/src/test/modules/dummy_seclabel/Makefile
+++ b/src/test/modules/dummy_seclabel/Makefile
@@ -3,6 +3,8 @@
 MODULES = dummy_seclabel
 PGFILEDESC = "dummy_seclabel - regression testing of the SECURITY LABEL statement"
 
+REGRESS = dummy_seclabel
+
 ifdef USE_PGXS
 PG_CONFIG = pg_config
 PGXS := $(shell $(PG_CONFIG) --pgxs)
diff --git a/src/test/modules/dummy_seclabel/input/dummy_seclabel.source b/src/test/modules/dummy_seclabel/input/dummy_seclabel.source
new file mode 100644
index 00000000000..d39ce88aee9
--- /dev/null
+++ b/src/test/modules/dummy_seclabel/input/dummy_seclabel.source
@@ -0,0 +1,79 @@
+--
+-- Test for facilities of security label
+--
+LOAD '@libdir@/dummy_seclabel@DLSUFFIX@';
+
+-- initial setups
+SET client_min_messages TO 'warning';
+
+DROP ROLE IF EXISTS dummy_seclabel_user1;
+DROP ROLE IF EXISTS dummy_seclabel_user2;
+
+DROP TABLE IF EXISTS dummy_seclabel_tbl1;
+DROP TABLE IF EXISTS dummy_seclabel_tbl2;
+DROP TABLE IF EXISTS dummy_seclabel_tbl3;
+
+CREATE USER dummy_seclabel_user1 WITH CREATEROLE;
+CREATE USER dummy_seclabel_user2;
+
+CREATE TABLE dummy_seclabel_tbl1 (a int, b text);
+CREATE TABLE dummy_seclabel_tbl2 (x int, y text);
+CREATE VIEW dummy_seclabel_view1 AS SELECT * FROM dummy_seclabel_tbl2;
+CREATE FUNCTION dummy_seclabel_four() RETURNS integer AS $$SELECT 4$$ language sql;
+CREATE DOMAIN dummy_seclabel_domain AS text;
+
+ALTER TABLE dummy_seclabel_tbl1 OWNER TO dummy_seclabel_user1;
+ALTER TABLE dummy_seclabel_tbl2 OWNER TO dummy_seclabel_user2;
+
+RESET client_min_messages;
+
+--
+-- Test of SECURITY LABEL statement with a plugin
+--
+SET SESSION AUTHORIZATION dummy_seclabel_user1;
+
+SECURITY LABEL ON TABLE dummy_seclabel_tbl1 IS 'classified';			-- OK
+SECURITY LABEL ON COLUMN dummy_seclabel_tbl1.a IS 'unclassified';		-- OK
+SECURITY LABEL ON COLUMN dummy_seclabel_tbl1 IS 'unclassified';	-- fail
+SECURITY LABEL ON TABLE dummy_seclabel_tbl1 IS '...invalid label...';	-- fail
+SECURITY LABEL FOR 'dummy' ON TABLE dummy_seclabel_tbl1 IS 'unclassified';	-- OK
+SECURITY LABEL FOR 'unknown_seclabel' ON TABLE dummy_seclabel_tbl1 IS 'classified';	-- fail
+SECURITY LABEL ON TABLE dummy_seclabel_tbl2 IS 'unclassified';	-- fail (not owner)
+SECURITY LABEL ON TABLE dummy_seclabel_tbl1 IS 'secret';		-- fail (not superuser)
+SECURITY LABEL ON TABLE dummy_seclabel_tbl3 IS 'unclassified';	-- fail (not found)
+
+SET SESSION AUTHORIZATION dummy_seclabel_user2;
+SECURITY LABEL ON TABLE dummy_seclabel_tbl1 IS 'unclassified';		-- fail
+SECURITY LABEL ON TABLE dummy_seclabel_tbl2 IS 'classified';			-- OK
+
+--
+-- Test for shared database object
+--
+SET SESSION AUTHORIZATION dummy_seclabel_user1;
+
+SECURITY LABEL ON ROLE dummy_seclabel_user1 IS 'classified';			-- OK
+SECURITY LABEL ON ROLE dummy_seclabel_user1 IS '...invalid label...';	-- fail
+SECURITY LABEL FOR 'dummy' ON ROLE dummy_seclabel_user2 IS 'unclassified';	-- OK
+SECURITY LABEL FOR 'unknown_seclabel' ON ROLE dummy_seclabel_user1 IS 'unclassified';	-- fail
+SECURITY LABEL ON ROLE dummy_seclabel_user1 IS 'secret';	-- fail (not superuser)
+SECURITY LABEL ON ROLE dummy_seclabel_user3 IS 'unclassified';	-- fail (not found)
+
+SET SESSION AUTHORIZATION dummy_seclabel_user2;
+SECURITY LABEL ON ROLE dummy_seclabel_user2 IS 'unclassified';	-- fail (not privileged)
+
+RESET SESSION AUTHORIZATION;
+
+--
+-- Test for various types of object
+--
+RESET SESSION AUTHORIZATION;
+
+SECURITY LABEL ON TABLE dummy_seclabel_tbl1 IS 'top secret';			-- OK
+SECURITY LABEL ON VIEW dummy_seclabel_view1 IS 'classified';			-- OK
+SECURITY LABEL ON FUNCTION dummy_seclabel_four() IS 'classified';		-- OK
+SECURITY LABEL ON DOMAIN dummy_seclabel_domain IS 'classified';		-- OK
+CREATE SCHEMA dummy_seclabel_test;
+SECURITY LABEL ON SCHEMA dummy_seclabel_test IS 'unclassified';		-- OK
+
+SELECT objtype, objname, provider, label FROM pg_seclabels
+	ORDER BY objtype, objname;
diff --git a/src/test/modules/dummy_seclabel/output/dummy_seclabel.source b/src/test/modules/dummy_seclabel/output/dummy_seclabel.source
new file mode 100644
index 00000000000..8275764cb9c
--- /dev/null
+++ b/src/test/modules/dummy_seclabel/output/dummy_seclabel.source
@@ -0,0 +1,87 @@
+--
+-- Test for facilities of security label
+--
+LOAD '@libdir@/dummy_seclabel@DLSUFFIX@';
+-- initial setups
+SET client_min_messages TO 'warning';
+DROP ROLE IF EXISTS dummy_seclabel_user1;
+DROP ROLE IF EXISTS dummy_seclabel_user2;
+DROP TABLE IF EXISTS dummy_seclabel_tbl1;
+DROP TABLE IF EXISTS dummy_seclabel_tbl2;
+DROP TABLE IF EXISTS dummy_seclabel_tbl3;
+CREATE USER dummy_seclabel_user1 WITH CREATEROLE;
+CREATE USER dummy_seclabel_user2;
+CREATE TABLE dummy_seclabel_tbl1 (a int, b text);
+CREATE TABLE dummy_seclabel_tbl2 (x int, y text);
+CREATE VIEW dummy_seclabel_view1 AS SELECT * FROM dummy_seclabel_tbl2;
+CREATE FUNCTION dummy_seclabel_four() RETURNS integer AS $$SELECT 4$$ language sql;
+CREATE DOMAIN dummy_seclabel_domain AS text;
+ALTER TABLE dummy_seclabel_tbl1 OWNER TO dummy_seclabel_user1;
+ALTER TABLE dummy_seclabel_tbl2 OWNER TO dummy_seclabel_user2;
+RESET client_min_messages;
+--
+-- Test of SECURITY LABEL statement with a plugin
+--
+SET SESSION AUTHORIZATION dummy_seclabel_user1;
+SECURITY LABEL ON TABLE dummy_seclabel_tbl1 IS 'classified';			-- OK
+SECURITY LABEL ON COLUMN dummy_seclabel_tbl1.a IS 'unclassified';		-- OK
+SECURITY LABEL ON COLUMN dummy_seclabel_tbl1 IS 'unclassified';	-- fail
+ERROR:  column name must be qualified
+SECURITY LABEL ON TABLE dummy_seclabel_tbl1 IS '...invalid label...';	-- fail
+ERROR:  '...invalid label...' is not a valid security label
+SECURITY LABEL FOR 'dummy' ON TABLE dummy_seclabel_tbl1 IS 'unclassified';	-- OK
+SECURITY LABEL FOR 'unknown_seclabel' ON TABLE dummy_seclabel_tbl1 IS 'classified';	-- fail
+ERROR:  security label provider "unknown_seclabel" is not loaded
+SECURITY LABEL ON TABLE dummy_seclabel_tbl2 IS 'unclassified';	-- fail (not owner)
+ERROR:  must be owner of relation dummy_seclabel_tbl2
+SECURITY LABEL ON TABLE dummy_seclabel_tbl1 IS 'secret';		-- fail (not superuser)
+ERROR:  only superuser can set 'secret' label
+SECURITY LABEL ON TABLE dummy_seclabel_tbl3 IS 'unclassified';	-- fail (not found)
+ERROR:  relation "dummy_seclabel_tbl3" does not exist
+SET SESSION AUTHORIZATION dummy_seclabel_user2;
+SECURITY LABEL ON TABLE dummy_seclabel_tbl1 IS 'unclassified';		-- fail
+ERROR:  must be owner of relation dummy_seclabel_tbl1
+SECURITY LABEL ON TABLE dummy_seclabel_tbl2 IS 'classified';			-- OK
+--
+-- Test for shared database object
+--
+SET SESSION AUTHORIZATION dummy_seclabel_user1;
+SECURITY LABEL ON ROLE dummy_seclabel_user1 IS 'classified';			-- OK
+SECURITY LABEL ON ROLE dummy_seclabel_user1 IS '...invalid label...';	-- fail
+ERROR:  '...invalid label...' is not a valid security label
+SECURITY LABEL FOR 'dummy' ON ROLE dummy_seclabel_user2 IS 'unclassified';	-- OK
+SECURITY LABEL FOR 'unknown_seclabel' ON ROLE dummy_seclabel_user1 IS 'unclassified';	-- fail
+ERROR:  security label provider "unknown_seclabel" is not loaded
+SECURITY LABEL ON ROLE dummy_seclabel_user1 IS 'secret';	-- fail (not superuser)
+ERROR:  only superuser can set 'secret' label
+SECURITY LABEL ON ROLE dummy_seclabel_user3 IS 'unclassified';	-- fail (not found)
+ERROR:  role "dummy_seclabel_user3" does not exist
+SET SESSION AUTHORIZATION dummy_seclabel_user2;
+SECURITY LABEL ON ROLE dummy_seclabel_user2 IS 'unclassified';	-- fail (not privileged)
+ERROR:  must have CREATEROLE privilege
+RESET SESSION AUTHORIZATION;
+--
+-- Test for various types of object
+--
+RESET SESSION AUTHORIZATION;
+SECURITY LABEL ON TABLE dummy_seclabel_tbl1 IS 'top secret';			-- OK
+SECURITY LABEL ON VIEW dummy_seclabel_view1 IS 'classified';			-- OK
+SECURITY LABEL ON FUNCTION dummy_seclabel_four() IS 'classified';		-- OK
+SECURITY LABEL ON DOMAIN dummy_seclabel_domain IS 'classified';		-- OK
+CREATE SCHEMA dummy_seclabel_test;
+SECURITY LABEL ON SCHEMA dummy_seclabel_test IS 'unclassified';		-- OK
+SELECT objtype, objname, provider, label FROM pg_seclabels
+	ORDER BY objtype, objname;
+ objtype  |        objname        | provider |    label     
+----------+-----------------------+----------+--------------
+ column   | dummy_seclabel_tbl1.a | dummy    | unclassified
+ domain   | dummy_seclabel_domain | dummy    | classified
+ function | dummy_seclabel_four() | dummy    | classified
+ role     | dummy_seclabel_user1  | dummy    | classified
+ role     | dummy_seclabel_user2  | dummy    | unclassified
+ schema   | dummy_seclabel_test   | dummy    | unclassified
+ table    | dummy_seclabel_tbl1   | dummy    | top secret
+ table    | dummy_seclabel_tbl2   | dummy    | classified
+ view     | dummy_seclabel_view1  | dummy    | classified
+(9 rows)
+
author	Alvaro Herrera	2014-12-01 19:12:43 +0000
committer	Alvaro Herrera	2014-12-01 19:12:43 +0000
commit	df761e3cf79db09d602610ee61e51cb378288382 (patch)
tree	30781e0286dfc6bcaf6d9b7dcec3a7b940a2a5ed /src/test/modules
parent	e09996ff8dee3f70b0a027cffebccef4388ed5b7 (diff)