mirror of
https://github.com/djrobstep/migra.git
synced 2024-10-26 07:00:54 +03:00
rls support
This commit is contained in:
parent
87de693ef5
commit
aa9a3031c0
@ -17,6 +17,7 @@ THINGS = [
|
||||
"extensions",
|
||||
"privileges",
|
||||
"collations",
|
||||
"rlspolicies",
|
||||
]
|
||||
PK = "PRIMARY KEY"
|
||||
|
||||
@ -173,6 +174,10 @@ def get_table_changes(tables_from, tables_target, enums_from, enums_target):
|
||||
statements.append(alter)
|
||||
for k, c in c_modified.items():
|
||||
statements += c.alter_table_statements(before.columns[k], t)
|
||||
|
||||
if v.rowsecurity != before.rowsecurity:
|
||||
rls_alter = v.alter_rls_statement
|
||||
statements += [rls_alter]
|
||||
return statements
|
||||
|
||||
|
||||
|
@ -1,8 +1,9 @@
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from schemainspect import DBInspector, get_inspector
|
||||
from sqlbag import raw_execute
|
||||
|
||||
from schemainspect import DBInspector, get_inspector
|
||||
|
||||
from .changes import Changes
|
||||
from .statements import Statements
|
||||
|
||||
@ -67,6 +68,7 @@ class Migration(object):
|
||||
self.add(self.changes.collations(creations_only=True))
|
||||
self.add(self.changes.enums(creations_only=True, modifications=False))
|
||||
self.add(self.changes.sequences(creations_only=True))
|
||||
self.add(self.changes.rlspolicies(drops_only=True))
|
||||
if privileges:
|
||||
self.add(self.changes.privileges(drops_only=True))
|
||||
self.add(self.changes.non_pk_constraints(drops_only=True))
|
||||
@ -83,6 +85,7 @@ class Migration(object):
|
||||
self.add(self.changes.non_pk_constraints(creations_only=True))
|
||||
if privileges:
|
||||
self.add(self.changes.privileges(creations_only=True))
|
||||
self.add(self.changes.rlspolicies(creations_only=True))
|
||||
self.add(self.changes.collations(drops_only=True))
|
||||
self.add(self.changes.schemas(drops_only=True))
|
||||
|
||||
|
@ -13,7 +13,7 @@ homepage = "https://migra.djrobstep.com/"
|
||||
python = "*"
|
||||
sqlbag = "*"
|
||||
six = "*"
|
||||
schemainspect = "*"
|
||||
schemainspect = ">=0.1.1543655873"
|
||||
psycopg2-binary = { version="*", optional = true }
|
||||
|
||||
[tool.poetry.dev-dependencies]
|
||||
|
8
tests/FIXTURES/rls/a.sql
Normal file
8
tests/FIXTURES/rls/a.sql
Normal file
@ -0,0 +1,8 @@
|
||||
CREATE TABLE accounts (manager text, company text, contact_email text);
|
||||
|
||||
ALTER TABLE accounts ENABLE ROW LEVEL SECURITY;
|
||||
|
||||
CREATE POLICY account_managers ON accounts TO schemainspect_test_role
|
||||
USING (manager = current_user);
|
||||
|
||||
CREATE TABLE accounts2 (manager text, company text, contact_email text);
|
0
tests/FIXTURES/rls/additions.sql
Normal file
0
tests/FIXTURES/rls/additions.sql
Normal file
10
tests/FIXTURES/rls/b.sql
Normal file
10
tests/FIXTURES/rls/b.sql
Normal file
@ -0,0 +1,10 @@
|
||||
CREATE TABLE accounts (manager text, company text, contact_email text);
|
||||
|
||||
ALTER TABLE accounts ENABLE ROW LEVEL SECURITY;
|
||||
|
||||
CREATE POLICY account_managers ON accounts as restrictive TO schemainspect_test_role
|
||||
USING (manager = current_user);
|
||||
|
||||
CREATE TABLE accounts2 (manager text, company text, contact_email text);
|
||||
|
||||
ALTER TABLE accounts2 ENABLE ROW LEVEL SECURITY;
|
10
tests/FIXTURES/rls/expected.sql
Normal file
10
tests/FIXTURES/rls/expected.sql
Normal file
@ -0,0 +1,10 @@
|
||||
drop policy "account_managers" on "public"."accounts";
|
||||
|
||||
alter table "public"."accounts2" enable row level security;
|
||||
|
||||
create policy "account_managers"
|
||||
on "public"."accounts"
|
||||
as restrictive
|
||||
for all
|
||||
to schemainspect_test_role
|
||||
using (manager = (CURRENT_USER)::text);
|
0
tests/FIXTURES/rls/expected2.sql
Normal file
0
tests/FIXTURES/rls/expected2.sql
Normal file
@ -3,11 +3,11 @@ from __future__ import unicode_literals
|
||||
import io
|
||||
|
||||
from pytest import raises
|
||||
from schemainspect import get_inspector
|
||||
from sqlbag import S, load_sql_from_file, temporary_database
|
||||
|
||||
from migra import Migration, Statements, UnsafeMigrationException
|
||||
from migra.command import parse_args, run
|
||||
from schemainspect import get_inspector
|
||||
|
||||
SQL = """select 1;
|
||||
|
||||
@ -69,6 +69,32 @@ def test_privs():
|
||||
do_fixture_test(FIXTURE_NAME, with_privileges=True)
|
||||
|
||||
|
||||
schemainspect_test_role = "schemainspect_test_role"
|
||||
|
||||
|
||||
def create_role(s, rolename):
|
||||
role = s.execute(
|
||||
f"""
|
||||
SELECT 1 FROM pg_roles WHERE rolname=:rolename
|
||||
""",
|
||||
dict(rolename=rolename),
|
||||
)
|
||||
|
||||
role_exists = bool(list(role))
|
||||
|
||||
if not role_exists:
|
||||
s.execute(
|
||||
f"""
|
||||
create role {rolename};
|
||||
"""
|
||||
)
|
||||
|
||||
|
||||
def test_rls():
|
||||
for FIXTURE_NAME in ["rls"]:
|
||||
do_fixture_test(FIXTURE_NAME, with_privileges=True)
|
||||
|
||||
|
||||
def do_fixture_test(
|
||||
fixture_name, schema=None, create_extensions_only=False, with_privileges=False
|
||||
):
|
||||
|
Loading…
Reference in New Issue
Block a user