when food in ('sandwich')
execute procedure test_event_trigger();
ERROR: EVENT TRIGGER not yet supported in Postgres-XL
--- should fail, sandwhich is not a valid command tag
+-- should fail, sandwich is not a valid command tag
create event trigger regress_event_trigger2 on ddl_command_start
when tag in ('sandwich')
execute procedure test_event_trigger();
create server useless_server foreign data wrapper useless;
ERROR: Postgres-XL does not support SERVER yet
DETAIL: The feature is not currently supported
-create user mapping for regression_bob server useless_server;
+create user mapping for regress_evt_user server useless_server;
ERROR: Postgres-XL does not support USER MAPPING yet
DETAIL: The feature is not currently supported
-alter default privileges for role regression_bob
- revoke delete on tables from regression_bob;
+alter default privileges for role regress_evt_user
+ revoke delete on tables from regress_evt_user;
-- alter owner to non-superuser should fail
-alter event trigger regress_event_trigger owner to regression_bob;
+alter event trigger regress_event_trigger owner to regress_evt_user;
ERROR: event trigger "regress_event_trigger" does not exist
-- alter owner to superuser should work
-alter role regression_bob superuser;
-alter event trigger regress_event_trigger owner to regression_bob;
+alter role regress_evt_user superuser;
+alter event trigger regress_event_trigger owner to regress_evt_user;
ERROR: event trigger "regress_event_trigger" does not exist
-- should fail, name collision
alter event trigger regress_event_trigger rename to regress_event_trigger2;
-- should fail, regress_evt_user owns some objects
drop role regress_evt_user;
ERROR: role "regress_evt_user" cannot be dropped because some objects depend on it
-DETAIL: owner of event trigger regress_event_trigger3
-owner of default privileges on new relations belonging to role regress_evt_user
-owner of user mapping for regress_evt_user on server useless_server
+DETAIL: owner of default privileges on new relations belonging to role regress_evt_user
-- cleanup before next test
-- these are all OK; the second one should emit a NOTICE
drop event trigger if exists regress_event_trigger2;
drop cascades to table schema_one.table_one
drop cascades to table schema_one."table two"
drop cascades to table schema_one.table_three
-NOTICE: table "schema_two_table_two" does not exist, skipping
-NOTICE: table "audit_tbls_schema_two_table_three" does not exist, skipping
-ERROR: object audit_tbls.schema_two_table_three of type table cannot be dropped
-CONTEXT: PL/pgSQL function undroppable() line 14 at RAISE
-SQL statement "DROP TABLE IF EXISTS audit_tbls.schema_two_table_three"
-PL/pgSQL function test_evtrig_dropped_objects() line 8 at EXECUTE
DELETE FROM undroppable_objs WHERE object_identity = 'audit_tbls.schema_two_table_three';
DROP SCHEMA schema_one, schema_two CASCADE;
-NOTICE: drop cascades to 7 other objects
-DETAIL: drop cascades to table schema_two.table_two
-drop cascades to table schema_two.table_three
-drop cascades to function schema_two.add(integer,integer)
-drop cascades to function schema_two.newton(integer)
-drop cascades to table schema_one.table_one
-drop cascades to table schema_one."table two"
-drop cascades to table schema_one.table_three
-NOTICE: table "schema_two_table_two" does not exist, skipping
-NOTICE: table "audit_tbls_schema_two_table_three" does not exist, skipping
-NOTICE: table "schema_one_table_one" does not exist, skipping
-NOTICE: table "schema_one_table two" does not exist, skipping
-NOTICE: table "schema_one_table_three" does not exist, skipping
-ERROR: object schema_one.table_three of type table cannot be dropped
-CONTEXT: PL/pgSQL function undroppable() line 14 at RAISE
+ERROR: schema "schema_one" does not exist
DELETE FROM undroppable_objs WHERE object_identity = 'schema_one.table_three';
DROP SCHEMA schema_one, schema_two CASCADE;
-NOTICE: drop cascades to 7 other objects
-DETAIL: drop cascades to table schema_two.table_two
-drop cascades to table schema_two.table_three
-drop cascades to function schema_two.add(integer,integer)
-drop cascades to function schema_two.newton(integer)
-drop cascades to table schema_one.table_one
-drop cascades to table schema_one."table two"
-drop cascades to table schema_one.table_three
-NOTICE: table "schema_two_table_two" does not exist, skipping
-NOTICE: table "audit_tbls_schema_two_table_three" does not exist, skipping
-NOTICE: table "schema_one_table_one" does not exist, skipping
-NOTICE: table "schema_one_table two" does not exist, skipping
-NOTICE: table "schema_one_table_three" does not exist, skipping
+ERROR: schema "schema_one" does not exist
SELECT * FROM dropped_objects WHERE schema IS NULL OR schema <> 'pg_toast';
type | schema | object
------+--------+--------
(0 rows)
DROP OWNED BY regress_evt_user;
-NOTICE: schema "audit_tbls" does not exist, skipping
SELECT * FROM dropped_objects WHERE type = 'schema';
type | schema | object
------+--------+--------
insert into rewriteme
select x * 1.001 from generate_series(1, 500) as t(x);
alter table rewriteme alter column foo type numeric;
-ERROR: rewrites not allowed
-CONTEXT: PL/pgSQL function test_evtrig_no_rewrite() line 3 at RAISE
alter table rewriteme add column baz int default 0;
-ERROR: rewrites not allowed
-CONTEXT: PL/pgSQL function test_evtrig_no_rewrite() line 3 at RAISE
-- test with more than one reason to rewrite a single table
CREATE OR REPLACE FUNCTION test_evtrig_no_rewrite() RETURNS event_trigger
LANGUAGE plpgsql AS $$
CREATE SERVER "integer" FOREIGN DATA WRAPPER addr_fdw;
ERROR: Postgres-XL does not support SERVER yet
DETAIL: The feature is not currently supported
-CREATE USER MAPPING FOR regtest_addr_user SERVER "integer";
+CREATE USER MAPPING FOR regress_addr_user SERVER "integer";
ERROR: Postgres-XL does not support USER MAPPING yet
DETAIL: The feature is not currently supported
-ALTER DEFAULT PRIVILEGES FOR ROLE regtest_addr_user IN SCHEMA public GRANT ALL ON TABLES TO regtest_addr_user;
-ALTER DEFAULT PRIVILEGES FOR ROLE regtest_addr_user REVOKE DELETE ON TABLES FROM regtest_addr_user;
+ALTER DEFAULT PRIVILEGES FOR ROLE regress_addr_user IN SCHEMA public GRANT ALL ON TABLES TO regress_addr_user;
+ALTER DEFAULT PRIVILEGES FOR ROLE regress_addr_user REVOKE DELETE ON TABLES FROM regress_addr_user;
CREATE TRANSFORM FOR int LANGUAGE SQL (
FROM SQL WITH FUNCTION varchar_transform(internal),
TO SQL WITH FUNCTION int4recv(internal));
-- default for superuser is false
-CREATE ROLE test_def_superuser;
-SELECT * FROM pg_authid WHERE rolname = 'test_def_superuser';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
---------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_def_superuser | f | t | f | f | f | f | f | -1 | |
-(1 row)
-
-CREATE ROLE test_superuser WITH SUPERUSER;
-SELECT * FROM pg_authid WHERE rolname = 'test_superuser';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
-----------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_superuser | t | t | f | f | f | f | f | -1 | |
-(1 row)
-
-ALTER ROLE test_superuser WITH NOSUPERUSER;
-SELECT * FROM pg_authid WHERE rolname = 'test_superuser';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
-----------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_superuser | f | t | f | f | f | f | f | -1 | |
-(1 row)
-
-ALTER ROLE test_superuser WITH SUPERUSER;
-SELECT * FROM pg_authid WHERE rolname = 'test_superuser';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
-----------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_superuser | t | t | f | f | f | f | f | -1 | |
-(1 row)
-
--- default for inherit is true
-CREATE ROLE test_def_inherit;
-SELECT * FROM pg_authid WHERE rolname = 'test_def_inherit';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
-------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_def_inherit | f | t | f | f | f | f | f | -1 | |
-(1 row)
-
-CREATE ROLE test_inherit WITH NOINHERIT;
-SELECT * FROM pg_authid WHERE rolname = 'test_inherit';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
---------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_inherit | f | f | f | f | f | f | f | -1 | |
-(1 row)
-
-ALTER ROLE test_inherit WITH INHERIT;
-SELECT * FROM pg_authid WHERE rolname = 'test_inherit';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
---------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_inherit | f | t | f | f | f | f | f | -1 | |
-(1 row)
-
-ALTER ROLE test_inherit WITH NOINHERIT;
-SELECT * FROM pg_authid WHERE rolname = 'test_inherit';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
---------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_inherit | f | f | f | f | f | f | f | -1 | |
-(1 row)
-
--- default for create role is false
-CREATE ROLE test_def_createrole;
-SELECT * FROM pg_authid WHERE rolname = 'test_def_createrole';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
----------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_def_createrole | f | t | f | f | f | f | f | -1 | |
-(1 row)
-
-CREATE ROLE test_createrole WITH CREATEROLE;
-SELECT * FROM pg_authid WHERE rolname = 'test_createrole';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_createrole | f | t | t | f | f | f | f | -1 | |
-(1 row)
-
-ALTER ROLE test_createrole WITH NOCREATEROLE;
-SELECT * FROM pg_authid WHERE rolname = 'test_createrole';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_createrole | f | t | f | f | f | f | f | -1 | |
-(1 row)
-
-ALTER ROLE test_createrole WITH CREATEROLE;
-SELECT * FROM pg_authid WHERE rolname = 'test_createrole';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_createrole | f | t | t | f | f | f | f | -1 | |
-(1 row)
-
--- default for create database is false
-CREATE ROLE test_def_createdb;
-SELECT * FROM pg_authid WHERE rolname = 'test_def_createdb';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
--------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_def_createdb | f | t | f | f | f | f | f | -1 | |
-(1 row)
-
-CREATE ROLE test_createdb WITH CREATEDB;
-SELECT * FROM pg_authid WHERE rolname = 'test_createdb';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
----------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_createdb | f | t | f | t | f | f | f | -1 | |
-(1 row)
-
-ALTER ROLE test_createdb WITH NOCREATEDB;
-SELECT * FROM pg_authid WHERE rolname = 'test_createdb';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
----------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_createdb | f | t | f | f | f | f | f | -1 | |
-(1 row)
-
-ALTER ROLE test_createdb WITH CREATEDB;
-SELECT * FROM pg_authid WHERE rolname = 'test_createdb';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
----------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_createdb | f | t | f | t | f | f | f | -1 | |
-(1 row)
-
--- default for can login is false for role
-CREATE ROLE test_def_role_canlogin;
-SELECT * FROM pg_authid WHERE rolname = 'test_def_role_canlogin';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
-------------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_def_role_canlogin | f | t | f | f | f | f | f | -1 | |
-(1 row)
-
-CREATE ROLE test_role_canlogin WITH LOGIN;
-SELECT * FROM pg_authid WHERE rolname = 'test_role_canlogin';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
---------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_role_canlogin | f | t | f | f | t | f | f | -1 | |
-(1 row)
-
-ALTER ROLE test_role_canlogin WITH NOLOGIN;
-SELECT * FROM pg_authid WHERE rolname = 'test_role_canlogin';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
---------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_role_canlogin | f | t | f | f | f | f | f | -1 | |
-(1 row)
-
-ALTER ROLE test_role_canlogin WITH LOGIN;
-SELECT * FROM pg_authid WHERE rolname = 'test_role_canlogin';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
---------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_role_canlogin | f | t | f | f | t | f | f | -1 | |
-(1 row)
-
--- default for can login is true for user
-CREATE USER test_def_user_canlogin;
-SELECT * FROM pg_authid WHERE rolname = 'test_def_user_canlogin';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
-------------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_def_user_canlogin | f | t | f | f | t | f | f | -1 | |
-(1 row)
-
-CREATE USER test_user_canlogin WITH NOLOGIN;
-SELECT * FROM pg_authid WHERE rolname = 'test_user_canlogin';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
---------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_user_canlogin | f | t | f | f | f | f | f | -1 | |
-(1 row)
-
-ALTER USER test_user_canlogin WITH LOGIN;
-SELECT * FROM pg_authid WHERE rolname = 'test_user_canlogin';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
---------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_user_canlogin | f | t | f | f | t | f | f | -1 | |
-(1 row)
-
-ALTER USER test_user_canlogin WITH NOLOGIN;
-SELECT * FROM pg_authid WHERE rolname = 'test_user_canlogin';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
---------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_user_canlogin | f | t | f | f | f | f | f | -1 | |
-(1 row)
-
--- default for replication is false
-CREATE ROLE test_def_replication;
-SELECT * FROM pg_authid WHERE rolname = 'test_def_replication';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
-----------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_def_replication | f | t | f | f | f | f | f | -1 | |
-(1 row)
-
-CREATE ROLE test_replication WITH REPLICATION;
-SELECT * FROM pg_authid WHERE rolname = 'test_replication';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
-------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_replication | f | t | f | f | f | t | f | -1 | |
-(1 row)
-
-ALTER ROLE test_replication WITH NOREPLICATION;
-SELECT * FROM pg_authid WHERE rolname = 'test_replication';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
-------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_replication | f | t | f | f | f | f | f | -1 | |
-(1 row)
-
-ALTER ROLE test_replication WITH REPLICATION;
-SELECT * FROM pg_authid WHERE rolname = 'test_replication';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
-------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_replication | f | t | f | f | f | t | f | -1 | |
-(1 row)
-
--- default for bypassrls is false
-CREATE ROLE test_def_bypassrls;
-SELECT * FROM pg_authid WHERE rolname = 'test_def_bypassrls';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
---------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_def_bypassrls | f | t | f | f | f | f | f | -1 | |
-(1 row)
-
-CREATE ROLE test_bypassrls WITH BYPASSRLS;
-SELECT * FROM pg_authid WHERE rolname = 'test_bypassrls';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
-----------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_bypassrls | f | t | f | f | f | f | t | -1 | |
-(1 row)
-
-ALTER ROLE test_bypassrls WITH NOBYPASSRLS;
-SELECT * FROM pg_authid WHERE rolname = 'test_bypassrls';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
-----------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_bypassrls | f | t | f | f | f | f | f | -1 | |
-(1 row)
-
-ALTER ROLE test_bypassrls WITH BYPASSRLS;
-SELECT * FROM pg_authid WHERE rolname = 'test_bypassrls';
- rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
-----------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+-------------+---------------
- test_bypassrls | f | t | f | f | f | f | t | -1 | |
-(1 row)
-
--- remove the one role with LOGIN rights
-DROP ROLE test_role_canlogin;
--- other roles not removed to test pg_dumpall role dump through
--- pg_upgrade
CREATE ROLE regress_test_def_superuser;
SELECT * FROM pg_authid WHERE rolname = 'regress_test_def_superuser';
rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit | rolpassword | rolvaliduntil
CREATE USER MAPPING FOR "Public" SERVER sv7 OPTIONS (user '"Public"');
ERROR: Postgres-XL does not support USER MAPPING yet
DETAIL: The feature is not currently supported
-CREATE USER MAPPING FOR testrolx SERVER sv8 OPTIONS (user 'testrolx');
+CREATE USER MAPPING FOR regress_testrolx SERVER sv8 OPTIONS (user 'regress_testrolx');
ERROR: Postgres-XL does not support USER MAPPING yet
DETAIL: The feature is not currently supported
CREATE USER MAPPING FOR CURRENT_ROLE SERVER sv9
ALTER USER MAPPING FOR "Public" SERVER sv7
OPTIONS (SET user '"Public"_alt');
ERROR: server "sv7" does not exist
-ALTER USER MAPPING FOR testrolx SERVER sv8
- OPTIONS (SET user 'testrolx_alt');
+ALTER USER MAPPING FOR regress_testrolx SERVER sv8
+ OPTIONS (SET user 'regress_testrolx_alt');
ERROR: server "sv8" does not exist
ALTER USER MAPPING FOR CURRENT_ROLE SERVER sv9
OPTIONS (SET user 'CURRENT_ROLE_alt');
ERROR: server "sv6" does not exist
DROP USER MAPPING FOR "Public" SERVER sv7;
ERROR: server "sv7" does not exist
-DROP USER MAPPING FOR testrolx SERVER sv8;
+DROP USER MAPPING FOR regress_testrolx SERVER sv8;
ERROR: server "sv8" does not exist
DROP USER MAPPING FOR CURRENT_ROLE SERVER sv9; -- error
ERROR: syntax error at or near "CURRENT_ROLE"
CREATE USER MAPPING FOR "Public" SERVER sv7 OPTIONS (user '"Public"');
ERROR: Postgres-XL does not support USER MAPPING yet
DETAIL: The feature is not currently supported
-CREATE USER MAPPING FOR testrolx SERVER sv8 OPTIONS (user 'testrolx');
+CREATE USER MAPPING FOR regress_testrolx SERVER sv8 OPTIONS (user 'regress_testrolx');
ERROR: Postgres-XL does not support USER MAPPING yet
DETAIL: The feature is not currently supported
SELECT * FROM chkumapping();
--------+----------+-----------
(0 rows)
-DROP USER MAPPING IF EXISTS FOR testrolx SERVER sv8;
+DROP USER MAPPING IF EXISTS FOR regress_testrolx SERVER sv8;
NOTICE: server does not exist, skipping
SELECT * FROM chkumapping();
umname | umserver | umoptions
('regress_rls_bob', 1),
('regress_rls_carol', 2),
('regress_rls_dave', 3);
+-- PGXL
+-- Distribute by replication so that "document" table below can reference "cid"
+-- column
+--
CREATE TABLE category (
cid int primary key,
cname text
CREATE POLICY p1 ON t1 TO regress_rls_bob USING ((a % 2) = 0);
CREATE POLICY p2 ON t1 TO regress_rls_carol USING ((a % 4) = 0);
ALTER TABLE t1 ENABLE ROW LEVEL SECURITY;
--- Prepare as rls_regress_user1
-SET ROLE rls_regress_user1;
+-- Prepare as regress_rls_bob
+SET ROLE regress_rls_bob;
PREPARE role_inval AS SELECT * FROM t1;
-- Check plan
EXPLAIN (COSTS OFF) EXECUTE role_inval;
Filter: ((a % 2) = 0)
(4 rows)
--- Change to rls_regress_user2
-SET ROLE rls_regress_user2;
+-- Change to regress_rls_carol
+SET ROLE regress_rls_carol;
-- Check plan- should be different
EXPLAIN (COSTS OFF) EXECUTE role_inval;
QUERY PLAN
Filter: ((a % 4) = 0)
(4 rows)
--- Change back to rls_regress_user1
-SET ROLE rls_regress_user1;
+-- Change back to regress_rls_bob
+SET ROLE regress_rls_bob;
-- Check plan- should be back to original
EXPLAIN (COSTS OFF) EXECUTE role_inval;
QUERY PLAN
Filter: ((a % 2) = 0)
(4 rows)
--- Change back to regress_rls_bob
-SET ROLE regress_rls_bob;
--- Check plan- should be back to original
-EXPLAIN (COSTS OFF) EXECUTE role_inval;
- QUERY PLAN
--------------------------
- Seq Scan on t1
- Filter: ((a % 2) = 0)
-(2 rows)
-
--
-- CTE and RLS
--
ERROR: query would be affected by row-level security policy for table "copy_t"
SET row_security TO ON;
COPY copy_t FROM STDIN; --fail - COPY FROM not supported by RLS.
-ERROR: COPY FROM not supported with row level security.
-HINT: Use direct INSERT statements instead.
--- Check COPY TO as user with permissions and BYPASSRLS
-SET SESSION AUTHORIZATION rls_regress_exempt_user;
-SET row_security TO OFF;
-COPY copy_t FROM STDIN; --ok
+ERROR: COPY FROM not supported with row-level security
+HINT: Use INSERT statements instead.
+-- Check COPY FROM as user with permissions and BYPASSRLS
+SET SESSION AUTHORIZATION regress_rls_exempt_user;
SET row_security TO ON;
-COPY copy_t FROM STDIN; --fail - COPY FROM not supported by RLS.
-ERROR: COPY FROM not supported with row level security.
-HINT: Use direct INSERT statements instead.
+COPY copy_t FROM STDIN; --ok
-- Check COPY FROM as user without permissions.
SET SESSION AUTHORIZATION regress_rls_carol;
SET row_security TO OFF;
DROP TABLE copy_t;
DROP TABLE copy_rel_to CASCADE;
-- Check WHERE CURRENT OF
-SET SESSION AUTHORIZATION rls_regress_user0;
+SET SESSION AUTHORIZATION regress_rls_alice;
CREATE TABLE current_check (currentid int, payload text, rlsuser text);
GRANT ALL ON current_check TO PUBLIC;
INSERT INTO current_check VALUES
- (1, 'abc', 'rls_regress_user1'),
- (2, 'bcd', 'rls_regress_user1'),
- (3, 'cde', 'rls_regress_user1'),
- (4, 'def', 'rls_regress_user1');
+ (1, 'abc', 'regress_rls_bob'),
+ (2, 'bcd', 'regress_rls_bob'),
+ (3, 'cde', 'regress_rls_bob'),
+ (4, 'def', 'regress_rls_bob');
CREATE POLICY p1 ON current_check FOR SELECT USING (currentid % 2 = 0);
CREATE POLICY p2 ON current_check FOR DELETE USING (currentid = 4 AND rlsuser = current_user);
CREATE POLICY p3 ON current_check FOR UPDATE USING (currentid = 4) WITH CHECK (rlsuser = current_user);
ALTER TABLE current_check ENABLE ROW LEVEL SECURITY;
-SET SESSION AUTHORIZATION rls_regress_user1;
+SET SESSION AUTHORIZATION regress_rls_bob;
-- Can SELECT even rows
SELECT * FROM current_check;
- currentid | payload | rlsuser
------------+---------+-------------------
- 2 | bcd | rls_regress_user1
- 4 | def | rls_regress_user1
+ currentid | payload | rlsuser
+-----------+---------+-----------------
+ 2 | bcd | regress_rls_bob
+ 4 | def | regress_rls_bob
(2 rows)
-- Cannot UPDATE row 2
-- check pg_stats view filtering
--
SET row_security TO ON;
-SET SESSION AUTHORIZATION rls_regress_user0;
+SET SESSION AUTHORIZATION regress_rls_alice;
ANALYZE current_check;
-- Stats visible
SELECT row_security_active('current_check');
-ERROR: function row_security_active(unknown) does not exist
-LINE 1: SELECT row_security_active('current_check');
- ^
-HINT: No function matches the given name and argument types. You might need to add explicit type casts.
+ row_security_active
+---------------------
+ f
+(1 row)
+
SELECT attname, most_common_vals FROM pg_stats
WHERE tablename = 'current_check'
ORDER BY 1;
- attname | most_common_vals
------------+--------------------------------------
+ attname | most_common_vals
+-----------+------------------------------------
currentid |
payload |
- rlsuser | (pg_catalog.text){rls_regress_user1}
+ rlsuser | (pg_catalog.text){regress_rls_bob}
(3 rows)
-SET SESSION AUTHORIZATION rls_regress_user1;
+SET SESSION AUTHORIZATION regress_rls_bob;
-- Stats not visible
SELECT row_security_active('current_check');
-ERROR: function row_security_active(unknown) does not exist
-LINE 1: SELECT row_security_active('current_check');
- ^
-HINT: No function matches the given name and argument types. You might need to add explicit type casts.
+ row_security_active
+---------------------
+ t
+(1 row)
+
SELECT attname, most_common_vals FROM pg_stats
WHERE tablename = 'current_check'
ORDER BY 1;
- attname | most_common_vals
------------+--------------------------------------
- currentid |
- payload |
- rlsuser | (pg_catalog.text){rls_regress_user1}
-(3 rows)
+ attname | most_common_vals
+---------+------------------
+(0 rows)
--
-- Collation support
CREATE TABLE coll_t (c) AS VALUES ('bar'::text);
CREATE POLICY coll_p ON coll_t USING (c < ('foo'::text COLLATE "C"));
ALTER TABLE coll_t ENABLE ROW LEVEL SECURITY;
-GRANT SELECT ON coll_t TO rls_regress_user0;
+GRANT SELECT ON coll_t TO regress_rls_alice;
SELECT (string_to_array(polqual, ':'))[7] AS inputcollid FROM pg_policy WHERE polrelid = 'coll_t'::regclass;
- inputcollid
-----------------
- inputcollid 0
+ inputcollid
+------------------
+ inputcollid 950
(1 row)
-SET SESSION AUTHORIZATION rls_regress_user0;
+SET SESSION AUTHORIZATION regress_rls_alice;
SELECT * FROM coll_t;
-ERROR: could not determine which collation to use for string comparison
-HINT: Use the COLLATE clause to set the collation explicitly.
+ c
+-----
+ bar
+(1 row)
+
ROLLBACK;
--
-- Shared Object Dependencies
--
RESET SESSION AUTHORIZATION;
BEGIN;
-CREATE ROLE alice;
-CREATE ROLE bob;
+CREATE ROLE regress_rls_eve;
+CREATE ROLE regress_rls_frank;
CREATE TABLE tbl1 (c) AS VALUES ('bar'::text);
-GRANT SELECT ON TABLE tbl1 TO alice;
-CREATE POLICY P ON tbl1 TO alice, bob USING (true);
+GRANT SELECT ON TABLE tbl1 TO regress_rls_eve;
+CREATE POLICY P ON tbl1 TO regress_rls_eve, regress_rls_frank USING (true);
SELECT refclassid::regclass, deptype
FROM pg_depend
WHERE classid = 'pg_policy'::regclass
SELECT refclassid::regclass, deptype
FROM pg_shdepend
WHERE classid = 'pg_policy'::regclass
- AND refobjid IN ('alice'::regrole, 'bob'::regrole);
+ AND refobjid IN ('regress_rls_eve'::regrole, 'regress_rls_frank'::regrole);
refclassid | deptype
------------+---------
-(0 rows)
+ pg_authid | r
+ pg_authid | r
+(2 rows)
SAVEPOINT q;
ERROR: SAVEPOINT is not yet supported.
BEGIN;
CREATE TABLE t (c) AS VALUES ('bar'::text);
CREATE POLICY p ON t USING (max(c)); -- fails: aggregate functions are not allowed in policy expressions
-ERROR: aggregate functions are not allowed in WHERE
+ERROR: aggregate functions are not allowed in policy expressions
ROLLBACK;
--
-- Non-target relations are only subject to SELECT policies
--
-SET SESSION AUTHORIZATION rls_regress_user0;
+SET SESSION AUTHORIZATION regress_rls_alice;
CREATE TABLE r1 (a int);
CREATE TABLE r2 (a int);
INSERT INTO r1 VALUES (10), (20);
INSERT INTO r2 VALUES (10), (20);
-GRANT ALL ON r1, r2 TO rls_regress_user1;
+GRANT ALL ON r1, r2 TO regress_rls_bob;
CREATE POLICY p1 ON r1 USING (true);
ALTER TABLE r1 ENABLE ROW LEVEL SECURITY;
CREATE POLICY p1 ON r2 FOR SELECT USING (true);
CREATE POLICY p3 ON r2 FOR UPDATE USING (false);
CREATE POLICY p4 ON r2 FOR DELETE USING (false);
ALTER TABLE r2 ENABLE ROW LEVEL SECURITY;
-SET SESSION AUTHORIZATION rls_regress_user1;
+SET SESSION AUTHORIZATION regress_rls_bob;
SELECT * FROM r1;
a
----
-- r2 is read-only
INSERT INTO r2 VALUES (2); -- Not allowed
-ERROR: new row violates row level security policy for "r2"
+ERROR: new row violates row-level security policy for table "r2"
UPDATE r2 SET a = 2 RETURNING *; -- Updates nothing
ERROR: could not plan this distributed update
DETAIL: correlated UPDATE or updating distribution column currently not supported in Postgres-XL.
20
(2 rows)
-SET SESSION AUTHORIZATION rls_regress_user0;
+SET SESSION AUTHORIZATION regress_rls_alice;
DROP TABLE r1;
DROP TABLE r2;
--
SET client_min_messages TO 'warning';
DROP SCHEMA regress_rls_schema CASCADE;
RESET client_min_messages;
-DROP USER rls_regress_user0;
-DROP USER rls_regress_user1;
-DROP USER rls_regress_user2;
-DROP USER rls_regress_exempt_user;
-DROP ROLE rls_regress_group1;
-DROP ROLE rls_regress_group2;
+DROP USER regress_rls_alice;
+DROP USER regress_rls_bob;
+DROP USER regress_rls_carol;
+DROP USER regress_rls_exempt_user;
+DROP ROLE regress_rls_group1;
+DROP ROLE regress_rls_group2;
-- Arrange to have a few policies left over, for testing
-- pg_dump/pg_restore
-CREATE SCHEMA rls_regress_schema;
+CREATE SCHEMA regress_rls_schema;
CREATE TABLE rls_tbl (c1 int);
ALTER TABLE rls_tbl ENABLE ROW LEVEL SECURITY;
CREATE POLICY p1 ON rls_tbl USING (c1 > 5);
projects / postgres-xl.git / commitdiff