(t *testing.T)
| 213 | } |
| 214 | |
| 215 | func TestCreatePolicyWithPgquery(t *testing.T) { |
| 216 | t.Setenv("PSQLDEF_PARSER", "pgquery") |
| 217 | |
| 218 | tests := []struct { |
| 219 | name string |
| 220 | sql string |
| 221 | wantTable string |
| 222 | wantPermissive parser.Permissive |
| 223 | wantScope string |
| 224 | wantRoles []string |
| 225 | wantUsing string |
| 226 | wantWithCheck string |
| 227 | }{ |
| 228 | { |
| 229 | name: "permissive policy with public role and predicates", |
| 230 | sql: ` |
| 231 | CREATE POLICY tenant_isolation_policy ON public.test_table AS PERMISSIVE FOR ALL TO public |
| 232 | USING ((tenant_id)::uuid = tenant_uuid) |
| 233 | WITH CHECK (tenant_id > 0); |
| 234 | `, |
| 235 | wantTable: "public.test_table", |
| 236 | wantPermissive: parser.Permissive("PERMISSIVE"), |
| 237 | wantScope: "ALL", |
| 238 | wantRoles: []string{"public"}, |
| 239 | wantUsing: "tenant_id::uuid = tenant_uuid", |
| 240 | wantWithCheck: "tenant_id > 0", |
| 241 | }, |
| 242 | { |
| 243 | name: "restrictive policy with named role and using only", |
| 244 | sql: ` |
| 245 | CREATE POLICY p_users ON users AS RESTRICTIVE FOR SELECT TO postgres |
| 246 | USING (id = 1); |
| 247 | `, |
| 248 | wantTable: "users", |
| 249 | wantPermissive: parser.Permissive("RESTRICTIVE"), |
| 250 | wantScope: "SELECT", |
| 251 | wantRoles: []string{"postgres"}, |
| 252 | wantUsing: "id = 1", |
| 253 | }, |
| 254 | { |
| 255 | name: "policy without roles or predicates", |
| 256 | sql: ` |
| 257 | CREATE POLICY p_all ON users; |
| 258 | `, |
| 259 | wantTable: "users", |
| 260 | wantPermissive: parser.Permissive("PERMISSIVE"), |
| 261 | wantScope: "ALL", |
| 262 | wantRoles: []string{"public"}, |
| 263 | }, |
| 264 | } |
| 265 | |
| 266 | sqlParser := NewParserWithMode(PsqldefParserModePgquery) |
| 267 | for _, tt := range tests { |
| 268 | t.Run(tt.name, func(t *testing.T) { |
| 269 | statements, err := sqlParser.Parse(tt.sql) |
| 270 | require.NoError(t, err) |
| 271 | require.Len(t, statements, 1) |
| 272 |
nothing calls this directly
no test coverage detected