summaryrefslogtreecommitdiffstats
path: root/src/test/regress/sql/security_label.sql
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 13:44:03 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 13:44:03 +0000
commit293913568e6a7a86fd1479e1cff8e2ecb58d6568 (patch)
treefc3b469a3ec5ab71b36ea97cc7aaddb838423a0c /src/test/regress/sql/security_label.sql
parentInitial commit. (diff)
downloadpostgresql-16-293913568e6a7a86fd1479e1cff8e2ecb58d6568.tar.xz
postgresql-16-293913568e6a7a86fd1479e1cff8e2ecb58d6568.zip
Adding upstream version 16.2.upstream/16.2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/test/regress/sql/security_label.sql')
-rw-r--r--src/test/regress/sql/security_label.sql45
1 files changed, 45 insertions, 0 deletions
diff --git a/src/test/regress/sql/security_label.sql b/src/test/regress/sql/security_label.sql
new file mode 100644
index 0000000..98e6a5f
--- /dev/null
+++ b/src/test/regress/sql/security_label.sql
@@ -0,0 +1,45 @@
+--
+-- Test for facilities of security label
+--
+
+-- initial setups
+SET client_min_messages TO 'warning';
+
+DROP ROLE IF EXISTS regress_seclabel_user1;
+DROP ROLE IF EXISTS regress_seclabel_user2;
+
+RESET client_min_messages;
+
+CREATE USER regress_seclabel_user1 WITH CREATEROLE;
+CREATE USER regress_seclabel_user2;
+
+CREATE TABLE seclabel_tbl1 (a int, b text);
+CREATE TABLE seclabel_tbl2 (x int, y text);
+CREATE VIEW seclabel_view1 AS SELECT * FROM seclabel_tbl2;
+CREATE FUNCTION seclabel_four() RETURNS integer AS $$SELECT 4$$ language sql;
+CREATE DOMAIN seclabel_domain AS text;
+
+ALTER TABLE seclabel_tbl1 OWNER TO regress_seclabel_user1;
+ALTER TABLE seclabel_tbl2 OWNER TO regress_seclabel_user2;
+
+--
+-- Test of SECURITY LABEL statement without a plugin
+--
+SECURITY LABEL ON TABLE seclabel_tbl1 IS 'classified'; -- fail
+SECURITY LABEL FOR 'dummy' ON TABLE seclabel_tbl1 IS 'classified'; -- fail
+SECURITY LABEL ON TABLE seclabel_tbl1 IS '...invalid label...'; -- fail
+SECURITY LABEL ON TABLE seclabel_tbl3 IS 'unclassified'; -- fail
+
+SECURITY LABEL ON ROLE regress_seclabel_user1 IS 'classified'; -- fail
+SECURITY LABEL FOR 'dummy' ON ROLE regress_seclabel_user1 IS 'classified'; -- fail
+SECURITY LABEL ON ROLE regress_seclabel_user1 IS '...invalid label...'; -- fail
+SECURITY LABEL ON ROLE regress_seclabel_user3 IS 'unclassified'; -- fail
+
+-- clean up objects
+DROP FUNCTION seclabel_four();
+DROP DOMAIN seclabel_domain;
+DROP VIEW seclabel_view1;
+DROP TABLE seclabel_tbl1;
+DROP TABLE seclabel_tbl2;
+DROP USER regress_seclabel_user1;
+DROP USER regress_seclabel_user2;