Split permissions into Types and Metadata

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/8358
GitOrigin-RevId: 2684c01a5ce2808577920fa6f8a53ee4c13b5f4e

server/lib/api-tests/src/Test/Auth/Authorization/DisableRootFields/DefaultRootFieldsSpec.hs

@@ -11,9 +11,9 @@ import Harness.Backend.Cockroach qualified as Cockroach
 import Harness.Backend.Postgres qualified as Postgres
 import Harness.Backend.Sqlserver qualified as SQLServer
 import Harness.GraphqlEngine qualified as GraphqlEngine
+import Harness.Permissions (Permission (..), SelectPermissionDetails (..), selectPermission)
 import Harness.Quoter.Yaml (interpolateYaml)
 import Harness.Test.Fixture qualified as Fixture
-import Harness.Test.Permissions (Permission (..), SelectPermissionDetails (..), selectPermission)
 import Harness.Test.Schema (Table (..), table)
 import Harness.Test.Schema qualified as Schema
 import Harness.Test.SetupAction (setupPermissionsAction)

server/lib/api-tests/src/Test/Queries/FilterSearch/AggregationPredicatesSpec.hs

@@ -16,10 +16,10 @@ import Data.Aeson (Value)
 import Data.List.NonEmpty qualified as NE
 import Harness.Backend.Postgres qualified as Postgres
 import Harness.GraphqlEngine (postGraphql, postGraphqlWithHeaders)
+import Harness.Permissions (Permission (SelectPermission), SelectPermissionDetails (..), selectPermission)
 import Harness.Quoter.Graphql (graphql)
 import Harness.Quoter.Yaml (interpolateYaml, yaml)
 import Harness.Test.Fixture qualified as Fixture
-import Harness.Test.Permissions (Permission (SelectPermission), SelectPermissionDetails (..), selectPermission)
 import Harness.Test.Schema (Table (..), table)
 import Harness.Test.Schema qualified as Schema
 import Harness.Test.SetupAction (setupPermissionsAction)

server/lib/api-tests/src/Test/Queries/Simple/ObjectQueriesSpec.hs

@@ -17,10 +17,10 @@ import Harness.Backend.DataConnector.Sqlite qualified as Sqlite
 import Harness.Backend.Postgres qualified as Postgres
 import Harness.Backend.Sqlserver qualified as Sqlserver
 import Harness.GraphqlEngine (postGraphql)
+import Harness.Permissions (Permission (..), SelectPermissionDetails (..), selectPermission)
 import Harness.Quoter.Graphql (graphql)
 import Harness.Quoter.Yaml (interpolateYaml)
 import Harness.Test.Fixture qualified as Fixture
-import Harness.Test.Permissions (Permission (..), SelectPermissionDetails (..), selectPermission)
 import Harness.Test.Protocol (withEachProtocol)
 import Harness.Test.Schema (Table (..), table)
 import Harness.Test.Schema qualified as Schema

server/lib/api-tests/src/Test/Regression/DropColumnWithPermissions8415Spec.hs

@@ -7,9 +7,9 @@ import Data.List.NonEmpty qualified as NE
 import Harness.Backend.Postgres qualified as Postgres
 import Harness.Constants qualified as Constants
 import Harness.GraphqlEngine qualified as GraphqlEngine
+import Harness.Permissions qualified as Permissions
 import Harness.Quoter.Yaml (yaml)
 import Harness.Test.Fixture qualified as Fixture
-import Harness.Test.Permissions qualified as Permissions
 import Harness.Test.Schema hiding (runSQL)
 import Harness.Test.SetupAction (setupPermissionsAction)
 import Harness.TestEnvironment (GlobalTestEnvironment, TestEnvironment)

server/lib/api-tests/src/Test/Regression/InsertOnConflict8260Spec.hs

@@ -11,11 +11,11 @@ import Harness.Backend.Citus qualified as Citus
 import Harness.Backend.Cockroach qualified as Cockroach
 import Harness.Backend.Postgres qualified as Postgres
 import Harness.GraphqlEngine (postGraphqlWithHeaders)
+import Harness.Permissions (InsertPermissionDetails (..), Permission (..), SelectPermissionDetails (..), insertPermission, selectPermission)
 import Harness.Quoter.Graphql (graphql)
 import Harness.Quoter.Yaml (yaml)
 import Harness.Test.Fixture qualified as Fixture
 import Harness.Test.Introspection (introspectEnums, introspectTypes)
-import Harness.Test.Permissions (InsertPermissionDetails (..), Permission (..), SelectPermissionDetails (..), insertPermission, selectPermission)
 import Harness.Test.Schema qualified as Schema
 import Harness.Test.SetupAction (setupPermissionsAction)
 import Harness.TestEnvironment (GlobalTestEnvironment, TestEnvironment)

server/lib/api-tests/src/Test/Regression/RemoteRelationshipStringifyNum8387Spec.hs

@@ -9,13 +9,13 @@ import Data.List.NonEmpty qualified as NE
 import Data.Text qualified as Text
 import Harness.Backend.Postgres qualified as Postgres
 import Harness.GraphqlEngine qualified as GraphqlEngine
+import Harness.Permissions (SelectPermissionDetails (..))
+import Harness.Permissions qualified as Permissions
 import Harness.Quoter.Graphql (graphql)
 import Harness.Quoter.Yaml (interpolateYaml, yaml)
 import Harness.Test.BackendType qualified as BackendType
 import Harness.Test.Fixture qualified as Fixture
 import Harness.Test.FixtureName (FixtureName (..))
-import Harness.Test.Permissions (SelectPermissionDetails (..))
-import Harness.Test.Permissions qualified as Permissions
 import Harness.Test.Schema (Table (..))
 import Harness.Test.Schema qualified as Schema
 import Harness.Test.SetupAction qualified as SetupAction
@@ -221,10 +221,10 @@ lhsPostgresSetup rhsTableName (testEnvironment, _) = do
 
   -- Setup metadata
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironmentPostgres lhsRole1
+    Permissions.createPermissionMetadata testEnvironmentPostgres lhsRole1
 
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironmentPostgres lhsRole2
+    Permissions.createPermissionMetadata testEnvironmentPostgres lhsRole2
 
   createRemoteRelationship rhsTableName testEnvironmentPostgres
 
@@ -321,10 +321,10 @@ rhsPostgresSetup (testEnvironment, _) = do
 
   -- setup metadata
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironmentPostgres rhsRole1
+    Permissions.createPermissionMetadata testEnvironmentPostgres rhsRole1
 
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironmentPostgres rhsRole2
+    Permissions.createPermissionMetadata testEnvironmentPostgres rhsRole2
 
 --------------------------------------------------------------------------------
 -- Tests

server/lib/api-tests/src/Test/Schema/ComputedFields/TableSpec.hs

@@ -12,12 +12,12 @@ import Data.Text qualified as T
 import Harness.Backend.BigQuery qualified as BigQuery
 import Harness.Backend.Postgres qualified as Postgres
 import Harness.GraphqlEngine qualified as GraphqlEngine
+import Harness.Permissions (Permission (SelectPermission), SelectPermissionDetails (..), selectPermission)
+import Harness.Permissions qualified as Permission
 import Harness.Quoter.Graphql (graphql)
 import Harness.Quoter.Yaml (interpolateYaml, yaml)
 import Harness.Test.BackendType qualified as BackendType
 import Harness.Test.Fixture qualified as Fixture
-import Harness.Test.Permissions (Permission (SelectPermission), SelectPermissionDetails (..), selectPermission)
-import Harness.Test.Permissions qualified as Permission
 import Harness.Test.Schema (SchemaName (..), Table (..), table)
 import Harness.Test.Schema qualified as Schema
 import Harness.TestEnvironment (GlobalTestEnvironment, TestEnvironment (..), getBackendTypeConfig)
@@ -229,7 +229,7 @@ setupMetadata testEnvironment =
               GraphqlEngine.postMetadata_ testEnvironment do
                 -- Role user_1 has select permissions on author and article tables.
                 -- user_1 can query search_articles computed field.
-                Permission.createPermissionCommand
+                Permission.createPermissionMetadata
                   testEnvironment
                   $ SelectPermission
                     selectPermission
@@ -242,7 +242,7 @@ setupMetadata testEnvironment =
         Fixture.SetupAction
           { Fixture.setupAction =
               GraphqlEngine.postMetadata_ testEnvironment do
-                Permission.createPermissionCommand
+                Permission.createPermissionMetadata
                   testEnvironment
                   $ SelectPermission
                     selectPermission
@@ -256,7 +256,7 @@ setupMetadata testEnvironment =
           { Fixture.setupAction =
               GraphqlEngine.postMetadata_ testEnvironment do
                 -- Role user_2 has select permissions only on author table.
-                Permission.createPermissionCommand
+                Permission.createPermissionMetadata
                   testEnvironment
                   $ SelectPermission
                     selectPermission

server/lib/api-tests/src/Test/Schema/RemoteRelationships/XToDBArrayRelationshipSpec.hs

@@ -28,14 +28,14 @@ import Harness.Backend.Cockroach qualified as Cockroach
 import Harness.Backend.Postgres qualified as Postgres
 import Harness.Backend.Sqlserver qualified as SQLServer
 import Harness.GraphqlEngine qualified as GraphqlEngine
+import Harness.Permissions (SelectPermissionDetails (..))
+import Harness.Permissions qualified as Permissions
 import Harness.Quoter.Graphql (graphql)
 import Harness.Quoter.Yaml (interpolateYaml, yaml)
 import Harness.RemoteServer qualified as RemoteServer
 import Harness.Test.BackendType qualified as BackendType
 import Harness.Test.Fixture (LHSFixture, RHSFixture)
 import Harness.Test.Fixture qualified as Fixture
-import Harness.Test.Permissions (SelectPermissionDetails (..))
-import Harness.Test.Permissions qualified as Permissions
 import Harness.Test.Schema (Table (..))
 import Harness.Test.Schema qualified as Schema
 import Harness.Test.SetupAction qualified as SetupAction
@@ -320,10 +320,10 @@ lhsPostgresSetup rhsTableName (wholeTestEnvironment, _) = do
 
   -- Setup permissions
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironment lhsRole1
+    Permissions.createPermissionMetadata testEnvironment lhsRole1
 
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironment lhsRole2
+    Permissions.createPermissionMetadata testEnvironment lhsRole2
 
   createRemoteRelationship rhsTableName testEnvironment
 
@@ -346,10 +346,10 @@ lhsCockroachSetup rhsTableName (wholeTestEnvironment, _) = do
 
   -- Setup permissions
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironment lhsRole1
+    Permissions.createPermissionMetadata testEnvironment lhsRole1
 
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironment lhsRole2
+    Permissions.createPermissionMetadata testEnvironment lhsRole2
 
   createRemoteRelationship rhsTableName testEnvironment
 
@@ -371,10 +371,10 @@ lhsCitusSetup rhsTableName (wholeTestEnvironment, _) = do
 
   -- Setup permissions
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironment lhsRole1
+    Permissions.createPermissionMetadata testEnvironment lhsRole1
 
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironment lhsRole2
+    Permissions.createPermissionMetadata testEnvironment lhsRole2
 
   createRemoteRelationship rhsTableName testEnvironment
 
@@ -396,10 +396,10 @@ lhsSQLServerSetup rhsTableName (wholeTestEnvironment, _) = do
 
   -- Setup permissions
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironment lhsRole1
+    Permissions.createPermissionMetadata testEnvironment lhsRole1
 
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironment lhsRole2
+    Permissions.createPermissionMetadata testEnvironment lhsRole2
 
   createRemoteRelationship rhsTableName testEnvironment
 
@@ -606,10 +606,10 @@ rhsPostgresSetup (wholeTestEnvironment, _) = do
 
   -- Setup permissions
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironment rhsRole1
+    Permissions.createPermissionMetadata testEnvironment rhsRole1
 
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironment rhsRole2
+    Permissions.createPermissionMetadata testEnvironment rhsRole2
 
 --------------------------------------------------------------------------------
 -- RHS Cockroach
@@ -629,10 +629,10 @@ rhsCockroachSetup (wholeTestEnvironment, _) = do
 
   -- Setup permissions
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironment rhsRole1
+    Permissions.createPermissionMetadata testEnvironment rhsRole1
 
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironment rhsRole2
+    Permissions.createPermissionMetadata testEnvironment rhsRole2
 
 --------------------------------------------------------------------------------
 -- RHS Citus
@@ -652,10 +652,10 @@ rhsCitusSetup (wholeTestEnvironment, _) = do
 
   -- Setup permissions
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironment rhsRole1
+    Permissions.createPermissionMetadata testEnvironment rhsRole1
 
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironment rhsRole2
+    Permissions.createPermissionMetadata testEnvironment rhsRole2
 
 --------------------------------------------------------------------------------
 -- RHS SQLServer
@@ -675,10 +675,10 @@ rhsSQLServerSetup (wholeTestEnvironment, _) = do
 
   -- Setup permissions
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironment rhsRole1
+    Permissions.createPermissionMetadata testEnvironment rhsRole1
 
   GraphqlEngine.postMetadata_ testEnvironment do
-    Permissions.createPermissionCommand testEnvironment rhsRole2
+    Permissions.createPermissionMetadata testEnvironment rhsRole2
 
 --------------------------------------------------------------------------------
 -- Tests

server/lib/test-harness/src/Harness/Permissions.hs

@@ -0,0 +1,17 @@
+-- | An entry point to import both types and metadata command builders for
+-- permissions.
+module Harness.Permissions
+  ( Types.Permission (..),
+    Types.SelectPermissionDetails (..),
+    Types.UpdatePermissionDetails (..),
+    Types.InsertPermissionDetails (..),
+    Types.selectPermission,
+    Types.updatePermission,
+    Types.insertPermission,
+    Metadata.createPermissionMetadata,
+    Metadata.dropPermissionMetadata,
+  )
+where
+
+import Harness.Permissions.Metadata qualified as Metadata
+import Harness.Permissions.Types qualified as Types

server/lib/test-harness/src/Harness/Permissions/Metadata.hs

@@ -1,107 +1,23 @@
 {-# LANGUAGE QuasiQuotes #-}
-{-# LANGUAGE ViewPatterns #-}
 
--- | This module captures what different backends happen to have in common with
--- regard to permission metadata handling.
---
--- Tests should never use the setup function in this module directly but instead
--- rely those exposed in specific backend harness modules.
-module Harness.Test.Permissions
-  ( Permission (..),
-    SelectPermissionDetails (..),
-    UpdatePermissionDetails (..),
-    InsertPermissionDetails (..),
-    createPermissionCommand,
-    dropPermissionCommand,
-    selectPermission,
-    updatePermission,
-    insertPermission,
+module Harness.Permissions.Metadata
+  ( createPermissionMetadata,
+    dropPermissionMetadata,
   )
 where
 
-import Data.Aeson qualified as Aeson
+import Data.Aeson (Value)
 import Data.Text qualified as Text
+import Harness.Permissions.Types qualified as Types
 import Harness.Quoter.Yaml (yaml)
 import Harness.Test.BackendType qualified as BackendType
 import Harness.Test.Schema qualified as Schema
-import Harness.TestEnvironment
+import Harness.TestEnvironment (TestEnvironment (..), getBackendTypeConfig)
 import Hasura.Prelude
 
--- | Data type used to model permissions to be setup in tests.
--- Each case of this type mirrors the fields in the correspond permission
--- tracking metadata API payload.
-data Permission
-  = SelectPermission SelectPermissionDetails
-  | UpdatePermission UpdatePermissionDetails
-  | InsertPermission InsertPermissionDetails
-  deriving (Eq, Show)
-
-data SelectPermissionDetails = SelectPermissionDetails
-  { selectPermissionSource :: Maybe Text,
-    selectPermissionTable :: Text,
-    selectPermissionRole :: Text,
-    selectPermissionColumns :: [Text],
-    selectPermissionRows :: Aeson.Value,
-    selectPermissionAllowAggregations :: Bool,
-    selectPermissionLimit :: Aeson.Value
-  }
-  deriving (Eq, Show)
-
-data UpdatePermissionDetails = UpdatePermissionDetails
-  { updatePermissionSource :: Maybe Text,
-    updatePermissionTable :: Text,
-    updatePermissionRole :: Text,
-    updatePermissionColumns :: [Text],
-    updatePermissionRows :: Aeson.Value
-  }
-  deriving (Eq, Show)
-
-data InsertPermissionDetails = InsertPermissionDetails
-  { insertPermissionSource :: Maybe Text,
-    insertPermissionTable :: Text,
-    insertPermissionRole :: Text,
-    insertPermissionColumns :: [Text],
-    insertPermissionRows :: Aeson.Value
-  }
-  deriving (Eq, Show)
-
-selectPermission :: SelectPermissionDetails
-selectPermission =
-  SelectPermissionDetails
-    { selectPermissionSource = Nothing,
-      selectPermissionTable = mempty,
-      selectPermissionRole = mempty,
-      selectPermissionColumns = mempty,
-      selectPermissionRows = [yaml|{}|],
-      selectPermissionAllowAggregations = False,
-      selectPermissionLimit = Aeson.Null
-    }
-
-updatePermission :: UpdatePermissionDetails
-updatePermission =
-  UpdatePermissionDetails
-    { updatePermissionSource = Nothing,
-      updatePermissionTable = mempty,
-      updatePermissionRole = mempty,
-      updatePermissionColumns = mempty,
-      updatePermissionRows = [yaml|{}|]
-    }
-
-insertPermission :: InsertPermissionDetails
-insertPermission =
-  InsertPermissionDetails
-    { insertPermissionSource = Nothing,
-      insertPermissionTable = mempty,
-      insertPermissionRole = mempty,
-      insertPermissionColumns = mempty,
-      insertPermissionRows = [yaml|{}|]
-    }
-
--- | Send a JSON payload of the common `*_create_*_permission` form.
--- Backends where the format of this api call deviates significantly from this
--- should implement their own variation in its harness module.
-createPermissionCommand :: TestEnvironment -> Permission -> Aeson.Value
-createPermissionCommand testEnvironment (InsertPermission InsertPermissionDetails {..}) = do
+-- | Produce a JSON payload of the common `*_create_*_permission` form.
+createPermissionMetadata :: TestEnvironment -> Types.Permission -> Value
+createPermissionMetadata testEnvironment (Types.InsertPermission Types.InsertPermissionDetails {..}) = do
   let backendTypeMetadata = fromMaybe (error "Unknown backend") $ getBackendTypeConfig testEnvironment
       schemaName = Schema.getSchemaName testEnvironment
       backendType = BackendType.backendTypeString backendTypeMetadata
@@ -124,7 +40,7 @@ createPermissionCommand testEnvironment (InsertPermission InsertPermissionDetail
         check: {}
         set: {}
   |]
-createPermissionCommand testEnvironment (UpdatePermission UpdatePermissionDetails {..}) = do
+createPermissionMetadata testEnvironment (Types.UpdatePermission Types.UpdatePermissionDetails {..}) = do
   let backendTypeMetadata = fromMaybe (error "Unknown backend") $ getBackendTypeConfig testEnvironment
       schemaName = Schema.getSchemaName testEnvironment
       backendType = BackendType.backendTypeString backendTypeMetadata
@@ -147,7 +63,7 @@ createPermissionCommand testEnvironment (UpdatePermission UpdatePermissionDetail
         check: {}
         set: {}
   |]
-createPermissionCommand testEnvironment (SelectPermission SelectPermissionDetails {..}) = do
+createPermissionMetadata testEnvironment (Types.SelectPermission Types.SelectPermissionDetails {..}) = do
   let backendTypeMetadata = fromMaybe (error "Unknown backend") $ getBackendTypeConfig testEnvironment
       schemaName = Schema.getSchemaName testEnvironment
       backendType = BackendType.backendTypeString backendTypeMetadata
@@ -171,8 +87,9 @@ createPermissionCommand testEnvironment (SelectPermission SelectPermissionDetail
         limit: *selectPermissionLimit
   |]
 
-dropPermissionCommand :: TestEnvironment -> Permission -> Aeson.Value
-dropPermissionCommand env (InsertPermission InsertPermissionDetails {..}) = do
+-- | Produce a JSON payload of the common `*_drop_*_permission` form.
+dropPermissionMetadata :: TestEnvironment -> Types.Permission -> Value
+dropPermissionMetadata env (Types.InsertPermission Types.InsertPermissionDetails {..}) = do
   let backendTypeMetadata = fromMaybe (error "Unknown backend") $ getBackendTypeConfig env
       schemaName = Schema.getSchemaName env
       backendType = BackendType.backendTypeString backendTypeMetadata
@@ -186,7 +103,7 @@ dropPermissionCommand env (InsertPermission InsertPermissionDetails {..}) = do
       source: *sourceName
       role:  *insertPermissionRole
   |]
-dropPermissionCommand env (SelectPermission SelectPermissionDetails {..}) = do
+dropPermissionMetadata env (Types.SelectPermission Types.SelectPermissionDetails {..}) = do
   let backendTypeMetadata = fromMaybe (error "Unknown backend") $ getBackendTypeConfig env
       schemaName = Schema.getSchemaName env
       backendType = BackendType.backendTypeString backendTypeMetadata
@@ -200,7 +117,7 @@ dropPermissionCommand env (SelectPermission SelectPermissionDetails {..}) = do
       source: *sourceName
       role:  *selectPermissionRole
   |]
-dropPermissionCommand env (UpdatePermission UpdatePermissionDetails {..}) = do
+dropPermissionMetadata env (Types.UpdatePermission Types.UpdatePermissionDetails {..}) = do
   let backendTypeMetadata = fromMaybe (error "Unknown backend") $ getBackendTypeConfig env
       schemaName = Schema.getSchemaName env
       backendType = BackendType.backendTypeString backendTypeMetadata

server/lib/test-harness/src/Harness/Permissions/Types.hs

@@ -0,0 +1,83 @@
+module Harness.Permissions.Types
+  ( Permission (..),
+    InsertPermissionDetails (..),
+    insertPermission,
+    SelectPermissionDetails (..),
+    selectPermission,
+    UpdatePermissionDetails (..),
+    updatePermission,
+  )
+where
+
+import Data.Aeson (Value (Null), object)
+import Hasura.Prelude
+
+-- | Data type used to model permissions to be setup in tests.
+-- Each case of this type mirrors the fields in the correspond permission
+-- tracking metadata API payload.
+data Permission
+  = SelectPermission SelectPermissionDetails
+  | UpdatePermission UpdatePermissionDetails
+  | InsertPermission InsertPermissionDetails
+  deriving (Eq, Show)
+
+data SelectPermissionDetails = SelectPermissionDetails
+  { selectPermissionSource :: Maybe Text,
+    selectPermissionTable :: Text,
+    selectPermissionRole :: Text,
+    selectPermissionColumns :: [Text],
+    selectPermissionRows :: Value,
+    selectPermissionAllowAggregations :: Bool,
+    selectPermissionLimit :: Value
+  }
+  deriving (Eq, Show)
+
+data UpdatePermissionDetails = UpdatePermissionDetails
+  { updatePermissionSource :: Maybe Text,
+    updatePermissionTable :: Text,
+    updatePermissionRole :: Text,
+    updatePermissionColumns :: [Text],
+    updatePermissionRows :: Value
+  }
+  deriving (Eq, Show)
+
+data InsertPermissionDetails = InsertPermissionDetails
+  { insertPermissionSource :: Maybe Text,
+    insertPermissionTable :: Text,
+    insertPermissionRole :: Text,
+    insertPermissionColumns :: [Text],
+    insertPermissionRows :: Value
+  }
+  deriving (Eq, Show)
+
+selectPermission :: SelectPermissionDetails
+selectPermission =
+  SelectPermissionDetails
+    { selectPermissionSource = Nothing,
+      selectPermissionTable = mempty,
+      selectPermissionRole = mempty,
+      selectPermissionColumns = mempty,
+      selectPermissionRows = object [],
+      selectPermissionAllowAggregations = False,
+      selectPermissionLimit = Null
+    }
+
+updatePermission :: UpdatePermissionDetails
+updatePermission =
+  UpdatePermissionDetails
+    { updatePermissionSource = Nothing,
+      updatePermissionTable = mempty,
+      updatePermissionRole = mempty,
+      updatePermissionColumns = mempty,
+      updatePermissionRows = object []
+    }
+
+insertPermission :: InsertPermissionDetails
+insertPermission =
+  InsertPermissionDetails
+    { insertPermissionSource = Nothing,
+      insertPermissionTable = mempty,
+      insertPermissionRole = mempty,
+      insertPermissionColumns = mempty,
+      insertPermissionRows = object []
+    }

server/lib/test-harness/src/Harness/Test/Fixture.hs

@@ -50,12 +50,12 @@ import Harness.Backend.Sqlserver qualified as Sqlserver
 import Harness.Exceptions
 import Harness.GraphqlEngine (postMetadata_)
 import Harness.Logging
+import Harness.Permissions (Permission (..))
+import Harness.Permissions qualified as Permissions
 import Harness.Services.GraphqlEngine
 import Harness.Test.BackendType
 import Harness.Test.CustomOptions
 import Harness.Test.FixtureName
-import Harness.Test.Permissions (Permission (..))
-import Harness.Test.Permissions qualified as Permissions
 import Harness.Test.SetupAction (SetupAction (..))
 import Harness.Test.SetupAction qualified as SetupAction
 import Harness.TestEnvironment
@@ -464,12 +464,12 @@ withPermissions (toList -> permissions) spec = do
 
       for_ permissions' \permission ->
         postMetadata_ testEnvironment do
-          Permissions.createPermissionCommand testEnvironment permission
+          Permissions.createPermissionMetadata testEnvironment permission
 
       test testEnvironment {testingRole = Just "success"}
         `finally` for_ permissions' \permission ->
           postMetadata_ testEnvironment do
-            Permissions.dropPermissionCommand testEnvironment permission
+            Permissions.dropPermissionMetadata testEnvironment permission
 
     failing :: (ActionWith TestEnvironment -> IO ()) -> ActionWith TestEnvironment -> IO ()
     failing k test = k \testEnvironment -> do
@@ -482,7 +482,7 @@ withPermissions (toList -> permissions) spec = do
 
           for_ permissions' \permission ->
             postMetadata_ testEnvironment do
-              Permissions.createPermissionCommand testEnvironment permission
+              Permissions.createPermissionMetadata testEnvironment permission
 
           let attempt :: IO () -> IO ()
               attempt x =
@@ -499,7 +499,7 @@ withPermissions (toList -> permissions) spec = do
           attempt (test testEnvironment {testingRole = Just "failure"})
             `finally` for_ permissions' \permission ->
               postMetadata_ testEnvironment do
-                Permissions.dropPermissionCommand testEnvironment permission
+                Permissions.dropPermissionMetadata testEnvironment permission
 
     withRole :: Text -> Permission -> Permission
     withRole role = \case

server/lib/test-harness/src/Harness/Test/SetupAction.hs

@@ -10,7 +10,7 @@ where
 
 import Control.Exception.Safe (catchAny)
 import Harness.GraphqlEngine qualified as GraphqlEngine
-import Harness.Test.Permissions (Permission, createPermissionCommand, dropPermissionCommand)
+import Harness.Permissions (Permission, createPermissionMetadata, dropPermissionMetadata)
 import Harness.TestEnvironment (TestEnvironment (..))
 import Hasura.Prelude
 
@@ -54,8 +54,8 @@ setupPermissionsAction permissions testEnvironment =
   SetupAction
     { setupAction = for_ permissions \permission ->
         GraphqlEngine.postMetadata_ testEnvironment do
-          createPermissionCommand testEnvironment permission,
+          createPermissionMetadata testEnvironment permission,
       teardownAction = const $ for_ permissions \permission ->
         GraphqlEngine.postMetadata_ testEnvironment do
-          dropPermissionCommand testEnvironment permission
+          dropPermissionMetadata testEnvironment permission
     }

server/lib/test-harness/test-harness.cabal

@@ -137,6 +137,7 @@ library
     Harness.Http
     Harness.Logging
     Harness.Logging.Messages
+    Harness.Permissions
     Harness.PytestPortedCompat
     Harness.Quoter.Graphql
     Harness.Quoter.Yaml
@@ -151,7 +152,6 @@ library
     Harness.Test.Fixture
     Harness.Test.FixtureName
     Harness.Test.Introspection
-    Harness.Test.Permissions
     Harness.Test.Protocol
     Harness.Test.Schema
     Harness.Test.SchemaName
@@ -161,3 +161,7 @@ library
     Harness.Webhook
     Harness.WebSockets
     Harness.Yaml
+
+  other-modules:
+    Harness.Permissions.Metadata
+    Harness.Permissions.Types