NotificationsYou must be signed in to change notification settings
Fork5
Star26

Commit49562f5

committed

Adjustments to regression tests for security_barrier views.

Drop the role we create, so regression tests pass even when run morethan once against the same cluster, a problem noted by Tom Lane andJeff Janes. Also, rename the temporary role so that it starts with"regress_", to make it unlikely that we'll collide with an existingrole name while running "make installcheck", per further gripe fromTom Lane.

1 parentc172b7b commit49562f5Copy full SHA for 49562f5

File tree

3 files changed

+96

-86

lines changed

src/test/regress
- expected
  - select_views.out
  - select_views_1.out
- sql
  - select_views.sql

3 files changed

+96

-86

lines changed

`‎src/test/regress/expected/select_views.out`

Lines changed: 43 additions & 40 deletions

Original file line number	Diff line number	Diff line change
`@@ -1250,7 +1250,7 @@ SELECT * FROM toyemp WHERE name = 'sharon';`
`1250`	`1250`	`--`
`1251`	`1251`	`-- Test for Leaky view scenario`
`1252`	`1252`	`--`
`1253`		`-CREATEUSER alice;`
	`1253`	`+CREATEROLE regress_alice;`
`1254`	`1254`	`CREATE FUNCTION f_leak (text)`
`1255`	`1255`	`RETURNS bool LANGUAGE 'plpgsql' COST 0.0000001`
`1256`	`1256`	`AS 'BEGIN RAISE NOTICE ''f_leak => %'', $1; RETURN true; END';`
`@@ -1272,9 +1272,9 @@ CREATE TABLE credit_usage (`
`1272`	`1272`	`usage int`
`1273`	`1273`	`);`
`1274`	`1274`	`INSERT INTO customer`
`1275`		`- VALUES (101, 'alice', '+81-12-3456-7890', 'passwd123'),`
`1276`		`- (102, 'bob', '+01-234-567-8901', 'beafsteak'),`
`1277`		`- (103, 'eve', '+49-8765-43210', 'hamburger');`
	`1275`	`+ VALUES (101, 'regress_alice', '+81-12-3456-7890', 'passwd123'),`
	`1276`	`+ (102, 'regress_bob', '+01-234-567-8901', 'beafsteak'),`
	`1277`	`+ (103, 'regress_eve', '+49-8765-43210', 'hamburger');`
`1278`	`1278`	`INSERT INTO credit_card`
`1279`	`1279`	`VALUES (101, '1111-2222-3333-4444', 4000),`
`1280`	`1280`	`(102, '5555-6666-7777-8888', 3000),`
`@@ -1312,7 +1312,7 @@ GRANT SELECT ON my_credit_card_usage_secure TO public;`
`1312`	`1312`	`--`
`1313`	`1313`	`-- Run leaky view scenarios`
`1314`	`1314`	`--`
`1315`		`-SET SESSION AUTHORIZATIONalice;`
	`1315`	`+SET SESSION AUTHORIZATIONregress_alice;`
`1316`	`1316`	`--`
`1317`	`1317`	`-- scenario: if a qualifier with tiny-cost is given, it shall be launched`
`1318`	`1318`	`-- prior to the security policy of the view.`
`@@ -1321,9 +1321,9 @@ SELECT * FROM my_property_normal WHERE f_leak(passwd);`
`1321`	`1321`	`NOTICE: f_leak => passwd123`
`1322`	`1322`	`NOTICE: f_leak => beafsteak`
`1323`	`1323`	`NOTICE: f_leak => hamburger`
`1324`		`- cid \| name \| tel \| passwd`
`1325`		`------+-------+------------------+-----------`
`1326`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123`
	`1324`	`+ cid \|name \| tel \| passwd`
	`1325`	`+-----+---------------+------------------+-----------`
	`1326`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123`
`1327`	`1327`	`(1 row)`
`1328`	`1328`
`1329`	`1329`	`EXPLAIN (COSTS OFF) SELECT * FROM my_property_normal WHERE f_leak(passwd);`
`@@ -1335,9 +1335,9 @@ EXPLAIN (COSTS OFF) SELECT * FROM my_property_normal WHERE f_leak(passwd);`
`1335`	`1335`
`1336`	`1336`	`SELECT * FROM my_property_secure WHERE f_leak(passwd);`
`1337`	`1337`	`NOTICE: f_leak => passwd123`
`1338`		`- cid \| name \| tel \| passwd`
`1339`		`------+-------+------------------+-----------`
`1340`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123`
	`1338`	`+ cid \|name \| tel \| passwd`
	`1339`	`+-----+---------------+------------------+-----------`
	`1340`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123`
`1341`	`1341`	`(1 row)`
`1342`	`1342`
`1343`	`1343`	`EXPLAIN (COSTS OFF) SELECT * FROM my_property_secure WHERE f_leak(passwd);`
`@@ -1358,9 +1358,9 @@ SELECT * FROM my_credit_card_normal WHERE f_leak(cnum);`
`1358`	`1358`	`NOTICE: f_leak => 1111-2222-3333-4444`
`1359`	`1359`	`NOTICE: f_leak => 5555-6666-7777-8888`
`1360`	`1360`	`NOTICE: f_leak => 9801-2345-6789-0123`
`1361`		`- cid \| name \| tel \| passwd \| cnum \| climit`
`1362`		`------+-------+------------------+-----------+---------------------+--------`
`1363`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000`
	`1361`	`+ cid \|name \| tel \| passwd \| cnum \| climit`
	`1362`	`+-----+---------------+------------------+-----------+---------------------+--------`
	`1363`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000`
`1364`	`1364`	`(1 row)`
`1365`	`1365`
`1366`	`1366`	`EXPLAIN (COSTS OFF) SELECT * FROM my_credit_card_normal WHERE f_leak(cnum);`
`@@ -1377,9 +1377,9 @@ EXPLAIN (COSTS OFF) SELECT * FROM my_credit_card_normal WHERE f_leak(cnum);`
`1377`	`1377`
`1378`	`1378`	`SELECT * FROM my_credit_card_secure WHERE f_leak(cnum);`
`1379`	`1379`	`NOTICE: f_leak => 1111-2222-3333-4444`
`1380`		`- cid \| name \| tel \| passwd \| cnum \| climit`
`1381`		`------+-------+------------------+-----------+---------------------+--------`
`1382`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000`
	`1380`	`+ cid \|name \| tel \| passwd \| cnum \| climit`
	`1381`	`+-----+---------------+------------------+-----------+---------------------+--------`
	`1382`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000`
`1383`	`1383`	`(1 row)`
`1384`	`1384`
`1385`	`1385`	`EXPLAIN (COSTS OFF) SELECT * FROM my_credit_card_secure WHERE f_leak(cnum);`
`@@ -1402,11 +1402,11 @@ EXPLAIN (COSTS OFF) SELECT * FROM my_credit_card_secure WHERE f_leak(cnum);`
`1402`	`1402`	`SELECT * FROM my_credit_card_usage_normal`
`1403`	`1403`	`WHERE f_leak(cnum) AND ymd >= '2011-10-01' AND ymd < '2011-11-01';`
`1404`	`1404`	`NOTICE: f_leak => 1111-2222-3333-4444`
`1405`		`- cid \| name \| tel \| passwd \| cnum \| climit \| ymd \| usage`
`1406`		`------+-------+------------------+-----------+---------------------+--------+------------+-------`
`1407`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-05-2011 \| 90`
`1408`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-18-2011 \| 110`
`1409`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-21-2011 \| 200`
	`1405`	`+ cid \|name \| tel \| passwd \| cnum \| climit \| ymd \| usage`
	`1406`	`+-----+---------------+------------------+-----------+---------------------+--------+------------+-------`
	`1407`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-05-2011 \| 90`
	`1408`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-18-2011 \| 110`
	`1409`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-21-2011 \| 200`
`1410`	`1410`	`(3 rows)`
`1411`	`1411`
`1412`	`1412`	`EXPLAIN (COSTS OFF) SELECT * FROM my_credit_card_usage_normal`
`@@ -1435,11 +1435,11 @@ NOTICE: f_leak => 1111-2222-3333-4444`
`1435`	`1435`	`NOTICE: f_leak => 1111-2222-3333-4444`
`1436`	`1436`	`NOTICE: f_leak => 1111-2222-3333-4444`
`1437`	`1437`	`NOTICE: f_leak => 1111-2222-3333-4444`
`1438`		`- cid \| name \| tel \| passwd \| cnum \| climit \| ymd \| usage`
`1439`		`------+-------+------------------+-----------+---------------------+--------+------------+-------`
`1440`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-05-2011 \| 90`
`1441`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-18-2011 \| 110`
`1442`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-21-2011 \| 200`
	`1438`	`+ cid \|name \| tel \| passwd \| cnum \| climit \| ymd \| usage`
	`1439`	`+-----+---------------+------------------+-----------+---------------------+--------+------------+-------`
	`1440`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-05-2011 \| 90`
	`1441`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-18-2011 \| 110`
	`1442`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-21-2011 \| 200`
`1443`	`1443`	`(3 rows)`
`1444`	`1444`
`1445`	`1445`	`EXPLAIN (COSTS OFF) SELECT * FROM my_credit_card_usage_secure`
`@@ -1470,35 +1470,38 @@ EXECUTE p1;`
`1470`	`1470`	`NOTICE: f_leak => passwd123`
`1471`	`1471`	`NOTICE: f_leak => beafsteak`
`1472`	`1472`	`NOTICE: f_leak => hamburger`
`1473`		`- cid \| name \| tel \| passwd`
`1474`		`------+-------+------------------+-----------`
`1475`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123`
	`1473`	`+ cid \|name \| tel \| passwd`
	`1474`	`+-----+---------------+------------------+-----------`
	`1475`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123`
`1476`	`1476`	`(1 row)`
`1477`	`1477`
`1478`	`1478`	`EXECUTE p2;`
`1479`	`1479`	`NOTICE: f_leak => passwd123`
`1480`		`- cid \| name \| tel \| passwd`
`1481`		`------+-------+------------------+-----------`
`1482`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123`
	`1480`	`+ cid \|name \| tel \| passwd`
	`1481`	`+-----+---------------+------------------+-----------`
	`1482`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123`
`1483`	`1483`	`(1 row)`
`1484`	`1484`
`1485`	`1485`	`RESET SESSION AUTHORIZATION;`
`1486`	`1486`	`ALTER VIEW my_property_normal SET (security_barrier=true);`
`1487`	`1487`	`ALTER VIEW my_property_secure SET (security_barrier=false);`
`1488`		`-SET SESSION AUTHORIZATIONalice;`
	`1488`	`+SET SESSION AUTHORIZATIONregress_alice;`
`1489`	`1489`	`EXECUTE p1;-- To be perform as a view with security-barrier`
`1490`	`1490`	`NOTICE: f_leak => passwd123`
`1491`		`- cid \| name \| tel \| passwd`
`1492`		`------+-------+------------------+-----------`
`1493`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123`
	`1491`	`+ cid \|name \| tel \| passwd`
	`1492`	`+-----+---------------+------------------+-----------`
	`1493`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123`
`1494`	`1494`	`(1 row)`
`1495`	`1495`
`1496`	`1496`	`EXECUTE p2;-- To be perform as a view without security-barrier`
`1497`	`1497`	`NOTICE: f_leak => passwd123`
`1498`	`1498`	`NOTICE: f_leak => beafsteak`
`1499`	`1499`	`NOTICE: f_leak => hamburger`
`1500`		`- cid \| name \| tel \| passwd`
`1501`		`------+-------+------------------+-----------`
`1502`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123`
	`1500`	`+ cid \|name \| tel \| passwd`
	`1501`	`+-----+---------------+------------------+-----------`
	`1502`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123`
`1503`	`1503`	`(1 row)`
`1504`	`1504`
	`1505`	`+-- Cleanup.`
	`1506`	`+RESET SESSION AUTHORIZATION;`
	`1507`	`+DROP ROLE regress_alice;`

`‎src/test/regress/expected/select_views_1.out`

Lines changed: 43 additions & 40 deletions

Original file line number	Diff line number	Diff line change
`@@ -1250,7 +1250,7 @@ SELECT * FROM toyemp WHERE name = 'sharon';`
`1250`	`1250`	`--`
`1251`	`1251`	`-- Test for Leaky view scenario`
`1252`	`1252`	`--`
`1253`		`-CREATEUSER alice;`
	`1253`	`+CREATEROLE regress_alice;`
`1254`	`1254`	`CREATE FUNCTION f_leak (text)`
`1255`	`1255`	`RETURNS bool LANGUAGE 'plpgsql' COST 0.0000001`
`1256`	`1256`	`AS 'BEGIN RAISE NOTICE ''f_leak => %'', $1; RETURN true; END';`
`@@ -1272,9 +1272,9 @@ CREATE TABLE credit_usage (`
`1272`	`1272`	`usage int`
`1273`	`1273`	`);`
`1274`	`1274`	`INSERT INTO customer`
`1275`		`- VALUES (101, 'alice', '+81-12-3456-7890', 'passwd123'),`
`1276`		`- (102, 'bob', '+01-234-567-8901', 'beafsteak'),`
`1277`		`- (103, 'eve', '+49-8765-43210', 'hamburger');`
	`1275`	`+ VALUES (101, 'regress_alice', '+81-12-3456-7890', 'passwd123'),`
	`1276`	`+ (102, 'regress_bob', '+01-234-567-8901', 'beafsteak'),`
	`1277`	`+ (103, 'regress_eve', '+49-8765-43210', 'hamburger');`
`1278`	`1278`	`INSERT INTO credit_card`
`1279`	`1279`	`VALUES (101, '1111-2222-3333-4444', 4000),`
`1280`	`1280`	`(102, '5555-6666-7777-8888', 3000),`
`@@ -1312,7 +1312,7 @@ GRANT SELECT ON my_credit_card_usage_secure TO public;`
`1312`	`1312`	`--`
`1313`	`1313`	`-- Run leaky view scenarios`
`1314`	`1314`	`--`
`1315`		`-SET SESSION AUTHORIZATIONalice;`
	`1315`	`+SET SESSION AUTHORIZATIONregress_alice;`
`1316`	`1316`	`--`
`1317`	`1317`	`-- scenario: if a qualifier with tiny-cost is given, it shall be launched`
`1318`	`1318`	`-- prior to the security policy of the view.`
`@@ -1321,9 +1321,9 @@ SELECT * FROM my_property_normal WHERE f_leak(passwd);`
`1321`	`1321`	`NOTICE: f_leak => passwd123`
`1322`	`1322`	`NOTICE: f_leak => beafsteak`
`1323`	`1323`	`NOTICE: f_leak => hamburger`
`1324`		`- cid \| name \| tel \| passwd`
`1325`		`------+-------+------------------+-----------`
`1326`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123`
	`1324`	`+ cid \|name \| tel \| passwd`
	`1325`	`+-----+---------------+------------------+-----------`
	`1326`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123`
`1327`	`1327`	`(1 row)`
`1328`	`1328`
`1329`	`1329`	`EXPLAIN (COSTS OFF) SELECT * FROM my_property_normal WHERE f_leak(passwd);`
`@@ -1335,9 +1335,9 @@ EXPLAIN (COSTS OFF) SELECT * FROM my_property_normal WHERE f_leak(passwd);`
`1335`	`1335`
`1336`	`1336`	`SELECT * FROM my_property_secure WHERE f_leak(passwd);`
`1337`	`1337`	`NOTICE: f_leak => passwd123`
`1338`		`- cid \| name \| tel \| passwd`
`1339`		`------+-------+------------------+-----------`
`1340`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123`
	`1338`	`+ cid \|name \| tel \| passwd`
	`1339`	`+-----+---------------+------------------+-----------`
	`1340`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123`
`1341`	`1341`	`(1 row)`
`1342`	`1342`
`1343`	`1343`	`EXPLAIN (COSTS OFF) SELECT * FROM my_property_secure WHERE f_leak(passwd);`
`@@ -1358,9 +1358,9 @@ SELECT * FROM my_credit_card_normal WHERE f_leak(cnum);`
`1358`	`1358`	`NOTICE: f_leak => 1111-2222-3333-4444`
`1359`	`1359`	`NOTICE: f_leak => 5555-6666-7777-8888`
`1360`	`1360`	`NOTICE: f_leak => 9801-2345-6789-0123`
`1361`		`- cid \| name \| tel \| passwd \| cnum \| climit`
`1362`		`------+-------+------------------+-----------+---------------------+--------`
`1363`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000`
	`1361`	`+ cid \|name \| tel \| passwd \| cnum \| climit`
	`1362`	`+-----+---------------+------------------+-----------+---------------------+--------`
	`1363`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000`
`1364`	`1364`	`(1 row)`
`1365`	`1365`
`1366`	`1366`	`EXPLAIN (COSTS OFF) SELECT * FROM my_credit_card_normal WHERE f_leak(cnum);`
`@@ -1377,9 +1377,9 @@ EXPLAIN (COSTS OFF) SELECT * FROM my_credit_card_normal WHERE f_leak(cnum);`
`1377`	`1377`
`1378`	`1378`	`SELECT * FROM my_credit_card_secure WHERE f_leak(cnum);`
`1379`	`1379`	`NOTICE: f_leak => 1111-2222-3333-4444`
`1380`		`- cid \| name \| tel \| passwd \| cnum \| climit`
`1381`		`------+-------+------------------+-----------+---------------------+--------`
`1382`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000`
	`1380`	`+ cid \|name \| tel \| passwd \| cnum \| climit`
	`1381`	`+-----+---------------+------------------+-----------+---------------------+--------`
	`1382`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000`
`1383`	`1383`	`(1 row)`
`1384`	`1384`
`1385`	`1385`	`EXPLAIN (COSTS OFF) SELECT * FROM my_credit_card_secure WHERE f_leak(cnum);`
`@@ -1402,11 +1402,11 @@ EXPLAIN (COSTS OFF) SELECT * FROM my_credit_card_secure WHERE f_leak(cnum);`
`1402`	`1402`	`SELECT * FROM my_credit_card_usage_normal`
`1403`	`1403`	`WHERE f_leak(cnum) AND ymd >= '2011-10-01' AND ymd < '2011-11-01';`
`1404`	`1404`	`NOTICE: f_leak => 1111-2222-3333-4444`
`1405`		`- cid \| name \| tel \| passwd \| cnum \| climit \| ymd \| usage`
`1406`		`------+-------+------------------+-----------+---------------------+--------+------------+-------`
`1407`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-05-2011 \| 90`
`1408`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-18-2011 \| 110`
`1409`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-21-2011 \| 200`
	`1405`	`+ cid \|name \| tel \| passwd \| cnum \| climit \| ymd \| usage`
	`1406`	`+-----+---------------+------------------+-----------+---------------------+--------+------------+-------`
	`1407`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-05-2011 \| 90`
	`1408`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-18-2011 \| 110`
	`1409`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-21-2011 \| 200`
`1410`	`1410`	`(3 rows)`
`1411`	`1411`
`1412`	`1412`	`EXPLAIN (COSTS OFF) SELECT * FROM my_credit_card_usage_normal`
`@@ -1435,11 +1435,11 @@ NOTICE: f_leak => 1111-2222-3333-4444`
`1435`	`1435`	`NOTICE: f_leak => 1111-2222-3333-4444`
`1436`	`1436`	`NOTICE: f_leak => 1111-2222-3333-4444`
`1437`	`1437`	`NOTICE: f_leak => 1111-2222-3333-4444`
`1438`		`- cid \| name \| tel \| passwd \| cnum \| climit \| ymd \| usage`
`1439`		`------+-------+------------------+-----------+---------------------+--------+------------+-------`
`1440`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-05-2011 \| 90`
`1441`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-18-2011 \| 110`
`1442`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-21-2011 \| 200`
	`1438`	`+ cid \|name \| tel \| passwd \| cnum \| climit \| ymd \| usage`
	`1439`	`+-----+---------------+------------------+-----------+---------------------+--------+------------+-------`
	`1440`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-05-2011 \| 90`
	`1441`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-18-2011 \| 110`
	`1442`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123 \| 1111-2222-3333-4444 \| 4000 \| 10-21-2011 \| 200`
`1443`	`1443`	`(3 rows)`
`1444`	`1444`
`1445`	`1445`	`EXPLAIN (COSTS OFF) SELECT * FROM my_credit_card_usage_secure`
`@@ -1470,35 +1470,38 @@ EXECUTE p1;`
`1470`	`1470`	`NOTICE: f_leak => passwd123`
`1471`	`1471`	`NOTICE: f_leak => beafsteak`
`1472`	`1472`	`NOTICE: f_leak => hamburger`
`1473`		`- cid \| name \| tel \| passwd`
`1474`		`------+-------+------------------+-----------`
`1475`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123`
	`1473`	`+ cid \|name \| tel \| passwd`
	`1474`	`+-----+---------------+------------------+-----------`
	`1475`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123`
`1476`	`1476`	`(1 row)`
`1477`	`1477`
`1478`	`1478`	`EXECUTE p2;`
`1479`	`1479`	`NOTICE: f_leak => passwd123`
`1480`		`- cid \| name \| tel \| passwd`
`1481`		`------+-------+------------------+-----------`
`1482`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123`
	`1480`	`+ cid \|name \| tel \| passwd`
	`1481`	`+-----+---------------+------------------+-----------`
	`1482`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123`
`1483`	`1483`	`(1 row)`
`1484`	`1484`
`1485`	`1485`	`RESET SESSION AUTHORIZATION;`
`1486`	`1486`	`ALTER VIEW my_property_normal SET (security_barrier=true);`
`1487`	`1487`	`ALTER VIEW my_property_secure SET (security_barrier=false);`
`1488`		`-SET SESSION AUTHORIZATIONalice;`
	`1488`	`+SET SESSION AUTHORIZATIONregress_alice;`
`1489`	`1489`	`EXECUTE p1;-- To be perform as a view with security-barrier`
`1490`	`1490`	`NOTICE: f_leak => passwd123`
`1491`		`- cid \| name \| tel \| passwd`
`1492`		`------+-------+------------------+-----------`
`1493`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123`
	`1491`	`+ cid \|name \| tel \| passwd`
	`1492`	`+-----+---------------+------------------+-----------`
	`1493`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123`
`1494`	`1494`	`(1 row)`
`1495`	`1495`
`1496`	`1496`	`EXECUTE p2;-- To be perform as a view without security-barrier`
`1497`	`1497`	`NOTICE: f_leak => passwd123`
`1498`	`1498`	`NOTICE: f_leak => beafsteak`
`1499`	`1499`	`NOTICE: f_leak => hamburger`
`1500`		`- cid \| name \| tel \| passwd`
`1501`		`------+-------+------------------+-----------`
`1502`		`- 101 \|alice \| +81-12-3456-7890 \| passwd123`
	`1500`	`+ cid \|name \| tel \| passwd`
	`1501`	`+-----+---------------+------------------+-----------`
	`1502`	`+ 101 \|regress_alice \| +81-12-3456-7890 \| passwd123`
`1503`	`1503`	`(1 row)`
`1504`	`1504`
	`1505`	`+-- Cleanup.`
	`1506`	`+RESET SESSION AUTHORIZATION;`
	`1507`	`+DROP ROLE regress_alice;`

`‎src/test/regress/sql/select_views.sql`

Lines changed: 10 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ SELECT * FROM toyemp WHERE name = 'sharon';`
`12`	`12`	`--`
`13`	`13`	`-- Test for Leaky view scenario`
`14`	`14`	`--`
`15`		`-CREATEUSERalice;`
	`15`	`+CREATEROLE regress_alice;`
`16`	`16`
`17`	`17`	`CREATEFUNCTIONf_leak (text)`
`18`	`18`	`RETURNS bool LANGUAGE'plpgsql' COST0.0000001`
`@@ -38,9 +38,9 @@ CREATE TABLE credit_usage (`
`38`	`38`	`);`
`39`	`39`
`40`	`40`	`INSERT INTO customer`
`41`		`-VALUES (101,'alice','+81-12-3456-7890','passwd123'),`
`42`		`- (102,'bob','+01-234-567-8901','beafsteak'),`
`43`		`- (103,'eve','+49-8765-43210','hamburger');`
	`41`	`+VALUES (101,'regress_alice','+81-12-3456-7890','passwd123'),`
	`42`	`+ (102,'regress_bob','+01-234-567-8901','beafsteak'),`
	`43`	`+ (103,'regress_eve','+49-8765-43210','hamburger');`
`44`	`44`	`INSERT INTO credit_card`
`45`	`45`	`VALUES (101,'1111-2222-3333-4444',4000),`
`46`	`46`	`(102,'5555-6666-7777-8888',3000),`
`@@ -83,7 +83,7 @@ GRANT SELECT ON my_credit_card_usage_secure TO public;`
`83`	`83`	`--`
`84`	`84`	`-- Run leaky view scenarios`
`85`	`85`	`--`
`86`		`-SET SESSION AUTHORIZATIONalice;`
	`86`	`+SET SESSION AUTHORIZATIONregress_alice;`
`87`	`87`
`88`	`88`	`--`
`89`	`89`	`-- scenario: if a qualifier with tiny-cost is given, it shall be launched`
`@@ -131,6 +131,10 @@ EXECUTE p2;`
`131`	`131`	`RESET SESSION AUTHORIZATION;`
`132`	`132`	`ALTERVIEW my_property_normalSET (security_barrier=true);`
`133`	`133`	`ALTERVIEW my_property_secureSET (security_barrier=false);`
`134`		`-SET SESSION AUTHORIZATIONalice;`
	`134`	`+SET SESSION AUTHORIZATIONregress_alice;`
`135`	`135`	`EXECUTE p1;-- To be perform as a view with security-barrier`
`136`	`136`	`EXECUTE p2;-- To be perform as a view without security-barrier`
	`137`	`+`
	`138`	`+-- Cleanup.`
	`139`	`+RESET SESSION AUTHORIZATION;`
	`140`	`+DROP ROLE regress_alice;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit49562f5

File tree

3 files changed

3 files changed

`‎src/test/regress/expected/select_views.out`

`‎src/test/regress/expected/select_views_1.out`

`‎src/test/regress/sql/select_views.sql`

0 commit comments