NotificationsYou must be signed in to change notification settings
Fork28
Star153

Commited6ea8e

committed

Improve pg_audit regression tests

Instead of creating a new superuser role, extract out what the currentuser is and use that user instead. Further, clean up and drop allobjects created by the regression test.Pointed out by Tom.

1 parent333d077 commited6ea8eCopy full SHA for ed6ea8e

File tree

2 files changed

+57

-28

lines changed

contrib/pg_audit
- expected
  - pg_audit.out
- sql
  - pg_audit.sql

2 files changed

+57

-28

lines changed

`‎contrib/pg_audit/expected/pg_audit.out‎`

Lines changed: 31 additions & 16 deletions

Original file line number	Diff line number	Diff line change
`@@ -12,11 +12,11 @@ create extension pg_audit;`
`12`	`12`	`-- STATEMENT - The statement being logged`
`13`	`13`	`-- PARAMETER - If parameter logging is requested, they will follow the`
`14`	`14`	`-- statement`
	`15`	`+select current_user \gset`
`15`	`16`	`--`
`16`		`--- Create a superuser role that we know the name of for testing`
`17`		`-CREATE USER super SUPERUSER;`
`18`		`-ALTER ROLE super SET pg_audit.log = 'Role';`
`19`		`-ALTER ROLE super SET pg_audit.log_level = 'notice';`
	`17`	`+-- Set pg_audit parameters for the current (super)user.`
	`18`	`+ALTER ROLE :current_user SET pg_audit.log = 'Role';`
	`19`	`+ALTER ROLE :current_user SET pg_audit.log_level = 'notice';`
`20`	`20`	`CREATE FUNCTION load_pg_audit( )`
`21`	`21`	`RETURNS VOID`
`22`	`22`	`LANGUAGE plpgsql`
`@@ -31,7 +31,7 @@ $function$;`
`31`	`31`	`-- being loaded from shared_preload_libraries. Otherwise, the hooks`
`32`	`32`	`-- won't be set up and called correctly, leading to lots of ugly`
`33`	`33`	`-- errors.`
`34`		`-\connect -super;`
	`34`	`+\connect -:current_user;`
`35`	`35`	`select load_pg_audit();`
`36`	`36`	`load_pg_audit`
`37`	`37`	`---------------`
`@@ -70,7 +70,7 @@ DROP TABLE test;`
`70`	`70`	`NOTICE: AUDIT: SESSION,2,1,DDL,DROP TABLE,TABLE,public.test,DROP TABLE test;,<not logged>`
`71`	`71`	`--`
`72`	`72`	`-- Create second test user`
`73`		`-\connect -super`
	`73`	`+\connect -:current_user`
`74`	`74`	`select load_pg_audit();`
`75`	`75`	`load_pg_audit`
`76`	`76`	`---------------`
`@@ -241,7 +241,7 @@ UPDATE test3`
`241`	`241`	`WARNING: AUDIT: OBJECT,6,1,WRITE,INSERT,TABLE,public.test2,<previously logged>,<previously logged>`
`242`	`242`	`--`
`243`	`243`	`-- Change permissions of user 2 so that only object logging will be done`
`244`		`-\connect -super`
	`244`	`+\connect -:current_user`
`245`	`245`	`select load_pg_audit();`
`246`	`246`	`load_pg_audit`
`247`	`247`	`---------------`
`@@ -328,7 +328,7 @@ DROP TABLE test3;`
`328`	`328`	`DROP TABLE test4;`
`329`	`329`	`--`
`330`	`330`	`-- Change permissions of user 1 so that session logging will be done`
`331`		`-\connect -super`
	`331`	`+\connect -:current_user`
`332`	`332`	`select load_pg_audit();`
`333`	`333`	`load_pg_audit`
`334`	`334`	`---------------`
`@@ -376,7 +376,7 @@ INSERT INTO account (id, name, password, description)`
`376`	`376`	`VALUES (1, 'user1', 'HASH1', 'blah, blah');`
`377`	`377`	`--`
`378`	`378`	`-- Change permissions of user 1 so that only object logging will be done`
`379`		`-\connect -super`
	`379`	`+\connect -:current_user`
`380`	`380`	`select load_pg_audit();`
`381`	`381`	`load_pg_audit`
`382`	`382`	`---------------`
`@@ -435,7 +435,7 @@ NOTICE: AUDIT: OBJECT,2,1,WRITE,UPDATE,TABLE,public.account,"UPDATE account`
`435`	`435`	`SET password = 'HASH2';",<not logged>`
`436`	`436`	`--`
`437`	`437`	`-- Change permissions of user 1 so that session relation logging will be done`
`438`		`-\connect -super`
	`438`	`+\connect -:current_user`
`439`	`439`	`select load_pg_audit();`
`440`	`440`	`load_pg_audit`
`441`	`441`	`---------------`
`@@ -546,7 +546,7 @@ NOTICE: AUDIT: SESSION,5,1,WRITE,UPDATE,TABLE,public.account,"UPDATE account`
`546`	`546`	`SET password = 'HASH2';",<not logged>`
`547`	`547`	`--`
`548`	`548`	`-- Change back to superuser to do exhaustive tests`
`549`		`-\connect -super`
	`549`	`+\connect -:current_user`
`550`	`550`	`select load_pg_audit();`
`551`	`551`	`load_pg_audit`
`552`	`552`	`---------------`
`@@ -751,12 +751,12 @@ NOTICE: AUDIT: SESSION,26,1,READ,SELECT,TABLE,public.test,"SELECT`
`751`	`751`	`(0 rows)`
`752`	`752`
`753`	`753`	`SELECT 1,`
`754`		`-current_user;`
	`754`	`+substring('Thomas' from 2 for 3);`
`755`	`755`	`NOTICE: AUDIT: SESSION,27,1,READ,SELECT,,,"SELECT 1,`
`756`		`-current_user;",<none>`
`757`		`- ?column? \|current_user`
`758`		`-----------+--------------`
`759`		`- 1 \|super`
	`756`	`+substring('Thomas' from 2 for 3);",<none>`
	`757`	`+ ?column? \|substring`
	`758`	`+----------+-----------`
	`759`	`+ 1 \|hom`
`760`	`760`	`(1 row)`
`761`	`761`
`762`	`762`	`DO $$`
`@@ -1054,3 +1054,18 @@ GRANT user1 TO user2;`
`1054`	`1054`	`NOTICE: AUDIT: SESSION,59,1,ROLE,GRANT ROLE,,,GRANT user1 TO user2;,<none>`
`1055`	`1055`	`REVOKE user1 FROM user2;`
`1056`	`1056`	`NOTICE: AUDIT: SESSION,60,1,ROLE,REVOKE ROLE,,,REVOKE user1 FROM user2;,<none>`
	`1057`	`+DROP TABLE test.account_copy;`
	`1058`	`+DROP TABLE test.test_insert;`
	`1059`	`+DROP SCHEMA test;`
	`1060`	`+DROP TABLE foo.bar;`
	`1061`	`+DROP TABLE foo.baz;`
	`1062`	`+DROP SCHEMA foo;`
	`1063`	`+DROP TABLE hoge;`
	`1064`	`+DROP TABLE account;`
	`1065`	`+DROP TABLE account_role_map;`
	`1066`	`+DROP USER user2;`
	`1067`	`+NOTICE: AUDIT: SESSION,61,1,ROLE,DROP ROLE,,,DROP USER user2;,<none>`
	`1068`	`+DROP USER user1;`
	`1069`	`+NOTICE: AUDIT: SESSION,62,1,ROLE,DROP ROLE,,,DROP USER user1;,<none>`
	`1070`	`+DROP ROLE auditor;`
	`1071`	`+NOTICE: AUDIT: SESSION,63,1,ROLE,DROP ROLE,,,DROP ROLE auditor;,<none>`

`‎contrib/pg_audit/sql/pg_audit.sql‎`

Lines changed: 26 additions & 12 deletions

Original file line number	Diff line number	Diff line change
`@@ -14,11 +14,12 @@ create extension pg_audit;`
`14`	`14`	`-- PARAMETER - If parameter logging is requested, they will follow the`
`15`	`15`	`-- statement`
`16`	`16`
	`17`	`+selectcurrent_user \gset`
	`18`	`+`
`17`	`19`	`--`
`18`		`--- Create a superuser role that we know the name of for testing`
`19`		`-CREATEUSERsuper SUPERUSER;`
`20`		`-ALTER ROLE superSETpg_audit.log='Role';`
`21`		`-ALTER ROLE superSETpg_audit.log_level='notice';`
	`20`	`+-- Set pg_audit parameters for the current (super)user.`
	`21`	`+ALTER ROLE :current_userSETpg_audit.log='Role';`
	`22`	`+ALTER ROLE :current_userSETpg_audit.log_level='notice';`
`22`	`23`
`23`	`24`	`CREATEFUNCTIONload_pg_audit( )`
`24`	`25`	`RETURNS VOID`
`@@ -35,7 +36,7 @@ $function$;`
`35`	`36`	`-- being loaded from shared_preload_libraries. Otherwise, the hooks`
`36`	`37`	`-- won't be set up and called correctly, leading to lots of ugly`
`37`	`38`	`-- errors.`
`38`		`-\connect-super;`
	`39`	`+\connect-:current_user;`
`39`	`40`	`select load_pg_audit();`
`40`	`41`
`41`	`42`	`--`
`@@ -58,7 +59,7 @@ DROP TABLE test;`
`58`	`59`
`59`	`60`	`--`
`60`	`61`	`-- Create second test user`
`61`		`-\connect-super`
	`62`	`+\connect-:current_user`
`62`	`63`	`select load_pg_audit();`
`63`	`64`
`64`	`65`	`CREATEUSERuser2;`
`@@ -168,7 +169,7 @@ UPDATE test3`
`168`	`169`
`169`	`170`	`--`
`170`	`171`	`-- Change permissions of user 2 so that only object logging will be done`
`171`		`-\connect-super`
	`172`	`+\connect-:current_user`
`172`	`173`	`select load_pg_audit();`
`173`	`174`	`alter role user2setpg_audit.log='NONE';`
`174`	`175`
`@@ -243,7 +244,7 @@ DROP TABLE test4;`
`243`	`244`
`244`	`245`	`--`
`245`	`246`	`-- Change permissions of user 1 so that session logging will be done`
`246`		`-\connect-super`
	`247`	`+\connect-:current_user`
`247`	`248`	`select load_pg_audit();`
`248`	`249`	`alter role user1setpg_audit.log='DDL, READ';`
`249`	`250`	`\connect- user1`
`@@ -271,7 +272,7 @@ INSERT INTO account (id, name, password, description)`
`271`	`272`
`272`	`273`	`--`
`273`	`274`	`-- Change permissions of user 1 so that only object logging will be done`
`274`		`-\connect-super`
	`275`	`+\connect-:current_user`
`275`	`276`	`select load_pg_audit();`
`276`	`277`	`alter role user1setpg_audit.log='none';`
`277`	`278`	`alter role user1setpg_audit.role='auditor';`
`@@ -310,7 +311,7 @@ UPDATE account`
`310`	`311`
`311`	`312`	`--`
`312`	`313`	`-- Change permissions of user 1 so that session relation logging will be done`
`313`		`-\connect-super`
	`314`	`+\connect-:current_user`
`314`	`315`	`select load_pg_audit();`
`315`	`316`	`alter role user1setpg_audit.log_relation=on;`
`316`	`317`	`alter role user1setpg_audit.log='read, WRITE';`
`@@ -372,7 +373,7 @@ UPDATE account`
`372`	`373`
`373`	`374`	`--`
`374`	`375`	`-- Change back to superuser to do exhaustive tests`
`375`		`-\connect-super`
	`376`	`+\connect-:current_user`
`376`	`377`	`select load_pg_audit();`
`377`	`378`	`SETpg_audit.log='ALL';`
`378`	`379`	`SETpg_audit.log_level='notice';`
`@@ -486,7 +487,7 @@ SELECT`
`486`	`487`	`FROM test;`
`487`	`488`
`488`	`489`	`SELECT1,`
`489`		`-current_user;`
	`490`	`+substring('Thomas'from2 for3);`
`490`	`491`
`491`	`492`	`DO $$`
`492`	`493`	`DECLARE`
`@@ -644,3 +645,16 @@ drop table bar;`
`644`	`645`	`SETpg_audit.log='role';`
`645`	`646`	`GRANT user1 TO user2;`
`646`	`647`	`REVOKE user1FROM user2;`
	`648`	`+`
	`649`	`+DROPTABLEtest.account_copy;`
	`650`	`+DROPTABLEtest.test_insert;`
	`651`	`+DROPSCHEMA test;`
	`652`	`+DROPTABLEfoo.bar;`
	`653`	`+DROPTABLEfoo.baz;`
	`654`	`+DROPSCHEMA foo;`
	`655`	`+DROPTABLE hoge;`
	`656`	`+DROPTABLE account;`
	`657`	`+DROPTABLE account_role_map;`
	`658`	`+DROPUSER user2;`
	`659`	`+DROPUSER user1;`
	`660`	`+DROP ROLE auditor;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commited6ea8e

File tree

2 files changed

2 files changed

`‎contrib/pg_audit/expected/pg_audit.out‎`

`‎contrib/pg_audit/sql/pg_audit.sql‎`

0 commit comments