add integration test for function and procedures

MarcusGoldschmidt · MarcusGoldschmidt · commit 491f7ad12593 · 2025-05-30T13:28:12.000-04:00
diff --git a/pkg/connector/function.go b/pkg/connector/function.go
@@ -150,7 +150,7 @@ func (r *functionSyncer) Grant(ctx context.Context, principal *v2.Resource, enti
 		return nil, nil, err
 	}
 
-	err = dbClient.GrantSequence(ctx, function.Schema, function.Signature(), principal.DisplayName, privilegeName, isGrant)
+	err = dbClient.GrantSequence(ctx, function.Schema, function.Name, principal.DisplayName, privilegeName, isGrant)
 	return nil, nil, err
 }
 
@@ -182,7 +182,7 @@ func (r *functionSyncer) Revoke(ctx context.Context, grant *v2.Grant) (annotatio
 		return nil, err
 	}
 
-	err = dbClient.RevokeSequence(ctx, function.Schema, function.Signature(), principal.DisplayName, privilegeName, isGrant)
+	err = dbClient.RevokeSequence(ctx, function.Schema, function.Name, principal.DisplayName, privilegeName, isGrant)
 	return nil, err
 }
 
diff --git a/pkg/connector/procedure.go b/pkg/connector/procedure.go
@@ -133,7 +133,7 @@ func (r *procedureSyncer) Grant(ctx context.Context, principal *v2.Resource, ent
 		return nil, nil, err
 	}
 
-	err = dbClient.GrantProcedure(ctx, procedure.Schema, procedure.Signature(), principal.DisplayName, privilegeName, isGrant)
+	err = dbClient.GrantProcedure(ctx, procedure.Schema, procedure.Name, principal.DisplayName, privilegeName, isGrant)
 	return nil, nil, err
 }
 
@@ -165,7 +165,7 @@ func (r *procedureSyncer) Revoke(ctx context.Context, grant *v2.Grant) (annotati
 		return nil, err
 	}
 
-	err = dbClient.RevokeProcedure(ctx, procedure.Schema, procedure.Signature(), principal.DisplayName, privilegeName, isGrant)
+	err = dbClient.RevokeProcedure(ctx, procedure.Schema, procedure.Name, principal.DisplayName, privilegeName, isGrant)
 	return nil, err
 }
 
diff --git a/pkg/postgres/functions.go b/pkg/postgres/functions.go
@@ -40,6 +40,7 @@ func (t *FunctionModel) AllPrivileges() PrivilegeSet {
 func (t *FunctionModel) DefaultPrivileges() PrivilegeSet {
 	return Execute
 }
+
 func (t *FunctionModel) Signature() string {
 	return fmt.Sprintf("%s(%s)", t.Name, t.Arguments)
 }
diff --git a/pkg/postgres/functions_test.go b/pkg/postgres/functions_test.go
@@ -0,0 +1,39 @@
+package postgres
+
+import (
+	"context"
+	"testing"
+
+	"github.com/conductorone/baton-postgresql/pkg/testutil"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestFunctionGrantRevoke(t *testing.T) {
+	ctx := context.Background()
+
+	container := testutil.SetupPostgresContainer(ctx, t)
+
+	client, err := New(ctx, container.Dsn())
+	assert.NoError(t, err)
+
+	// Is grant true
+	err = client.GrantFunction(ctx, "public", "get_test_item_count", container.Role(), Execute.Name(), true)
+	assert.NoError(t, err)
+
+	err = client.RevokeFunction(ctx, "public", "get_test_item_count", container.Role(), Execute.Name(), true)
+	assert.NoError(t, err)
+
+	// is grant false
+	err = client.GrantFunction(ctx, "public", "get_test_item_count", container.Role(), Execute.Name(), false)
+	assert.NoError(t, err)
+
+	err = client.RevokeFunction(ctx, "public", "get_test_item_count", container.Role(), Execute.Name(), false)
+	assert.NoError(t, err)
+
+	// revoke without grant
+	err = client.RevokeFunction(ctx, "public", "get_test_item_count", container.Role(), Execute.Name(), false)
+	assert.NoError(t, err)
+
+	err = client.RevokeFunction(ctx, "public", "get_test_item_count", container.Role(), Execute.Name(), true)
+	assert.NoError(t, err)
+}
diff --git a/pkg/postgres/procedures.go b/pkg/postgres/procedures.go
@@ -39,6 +39,7 @@ func (t *ProcedureModel) AllPrivileges() PrivilegeSet {
 func (t *ProcedureModel) DefaultPrivileges() PrivilegeSet {
 	return Execute
 }
+
 func (t *ProcedureModel) Signature() string {
 	return fmt.Sprintf("%s(%s)", t.Name, t.Arguments)
 }
diff --git a/pkg/postgres/procedures_test.go b/pkg/postgres/procedures_test.go
@@ -0,0 +1,39 @@
+package postgres
+
+import (
+	"context"
+	"testing"
+
+	"github.com/conductorone/baton-postgresql/pkg/testutil"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestProcedureGrantRevoke(t *testing.T) {
+	ctx := context.Background()
+
+	container := testutil.SetupPostgresContainer(ctx, t)
+
+	client, err := New(ctx, container.Dsn())
+	assert.NoError(t, err)
+
+	// Is grant true
+	err = client.GrantProcedure(ctx, "public", "add_test_item", container.Role(), Execute.Name(), true)
+	assert.NoError(t, err)
+
+	err = client.RevokeProcedure(ctx, "public", "add_test_item", container.Role(), Execute.Name(), true)
+	assert.NoError(t, err)
+
+	// is grant false
+	err = client.GrantProcedure(ctx, "public", "add_test_item", container.Role(), Execute.Name(), false)
+	assert.NoError(t, err)
+
+	err = client.RevokeProcedure(ctx, "public", "add_test_item", container.Role(), Execute.Name(), false)
+	assert.NoError(t, err)
+
+	// revoke without grant
+	err = client.RevokeProcedure(ctx, "public", "add_test_item", container.Role(), Execute.Name(), false)
+	assert.NoError(t, err)
+
+	err = client.RevokeProcedure(ctx, "public", "add_test_item", container.Role(), Execute.Name(), true)
+	assert.NoError(t, err)
+}
diff --git a/pkg/postgres/sequences_test.go b/pkg/postgres/sequences_test.go
@@ -0,0 +1,39 @@
+package postgres
+
+import (
+	"context"
+	"testing"
+
+	"github.com/conductorone/baton-postgresql/pkg/testutil"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSequencesGrantRevoke(t *testing.T) {
+	ctx := context.Background()
+
+	container := testutil.SetupPostgresContainer(ctx, t)
+
+	client, err := New(ctx, container.Dsn())
+	assert.NoError(t, err)
+
+	// Is grant true
+	err = client.GrantSequence(ctx, "public", "test_table_seq", container.Role(), Select.Name(), true)
+	assert.NoError(t, err)
+
+	err = client.RevokeSequence(ctx, "public", "test_table_seq", container.Role(), Select.Name(), true)
+	assert.NoError(t, err)
+
+	// is grant false
+	err = client.GrantSequence(ctx, "public", "test_table_seq", container.Role(), Select.Name(), false)
+	assert.NoError(t, err)
+
+	err = client.RevokeSequence(ctx, "public", "test_table_seq", container.Role(), Select.Name(), false)
+	assert.NoError(t, err)
+
+	// revoke without grant
+	err = client.RevokeSequence(ctx, "public", "test_table_seq", container.Role(), Select.Name(), false)
+	assert.NoError(t, err)
+
+	err = client.RevokeSequence(ctx, "public", "test_table_seq", container.Role(), Select.Name(), true)
+	assert.NoError(t, err)
+}
diff --git a/pkg/testutil/container.go b/pkg/testutil/container.go
@@ -51,7 +51,9 @@ func SetupPostgresContainer(ctx context.Context, t *testing.T) *SQLContainer {
 		postgres.WithPassword("postgres"),
 		testcontainers.WithWaitStrategy(
 			wait.ForLog("database system is ready to accept connections").
-				WithOccurrence(2).WithStartupTimeout(5*time.Second)),
+				WithOccurrence(2).
+				WithStartupTimeout(5*time.Second),
+		),
 	)
 
 	assert.NoError(t, err)
diff --git a/pkg/testutil/init.sql b/pkg/testutil/init.sql
@@ -56,6 +56,16 @@ CREATE SEQUENCE test_table_seq
     NO MAXVALUE
     CACHE 1;
 
+-- Create procedures for testing
+CREATE OR REPLACE PROCEDURE add_test_item(item_name VARCHAR)
+    LANGUAGE plpgsql
+AS
+$$
+BEGIN
+    INSERT INTO test_table (name) VALUES (item_name);
+END;
+$$;
+
 -- create roles and users
 
 CREATE ROLE test_role WITH LOGIN PASSWORD 'test_password';

Original file line number	Diff line number	Diff line change
`@@ -150,7 +150,7 @@ func (r functionSyncer) Grant(ctx context.Context, principal v2.Resource, enti`
`150`	`150`	`return nil, nil, err`
`151`	`151`	`}`
`152`	`152`
`153`		`- err = dbClient.GrantSequence(ctx, function.Schema, function.Signature(), principal.DisplayName, privilegeName, isGrant)`
	`153`	`+ err = dbClient.GrantSequence(ctx, function.Schema, function.Name, principal.DisplayName, privilegeName, isGrant)`
`154`	`154`	`return nil, nil, err`
`155`	`155`	`}`
`156`	`156`
`@@ -182,7 +182,7 @@ func (r functionSyncer) Revoke(ctx context.Context, grant v2.Grant) (annotatio`
`182`	`182`	`return nil, err`
`183`	`183`	`}`
`184`	`184`
`185`		`- err = dbClient.RevokeSequence(ctx, function.Schema, function.Signature(), principal.DisplayName, privilegeName, isGrant)`
	`185`	`+ err = dbClient.RevokeSequence(ctx, function.Schema, function.Name, principal.DisplayName, privilegeName, isGrant)`
`186`	`186`	`return nil, err`
`187`	`187`	`}`
`188`	`188`
Original file line number	Diff line number	Diff line change
`@@ -133,7 +133,7 @@ func (r procedureSyncer) Grant(ctx context.Context, principal v2.Resource, ent`
`133`	`133`	`return nil, nil, err`
`134`	`134`	`}`
`135`	`135`
`136`		`- err = dbClient.GrantProcedure(ctx, procedure.Schema, procedure.Signature(), principal.DisplayName, privilegeName, isGrant)`
	`136`	`+ err = dbClient.GrantProcedure(ctx, procedure.Schema, procedure.Name, principal.DisplayName, privilegeName, isGrant)`
`137`	`137`	`return nil, nil, err`
`138`	`138`	`}`
`139`	`139`
`@@ -165,7 +165,7 @@ func (r procedureSyncer) Revoke(ctx context.Context, grant v2.Grant) (annotati`
`165`	`165`	`return nil, err`
`166`	`166`	`}`
`167`	`167`
`168`		`- err = dbClient.RevokeProcedure(ctx, procedure.Schema, procedure.Signature(), principal.DisplayName, privilegeName, isGrant)`
	`168`	`+ err = dbClient.RevokeProcedure(ctx, procedure.Schema, procedure.Name, principal.DisplayName, privilegeName, isGrant)`
`169`	`169`	`return nil, err`
`170`	`170`	`}`
`171`	`171`
Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,7 @@ func (t *FunctionModel) AllPrivileges() PrivilegeSet {`
`40`	`40`	`func (t *FunctionModel) DefaultPrivileges() PrivilegeSet {`
`41`	`41`	`return Execute`
`42`	`42`	`}`
	`43`	`+`
`43`	`44`	`func (t *FunctionModel) Signature() string {`
`44`	`45`	`return fmt.Sprintf("%s(%s)", t.Name, t.Arguments)`
`45`	`46`	`}`
Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,7 @@ func (t *ProcedureModel) AllPrivileges() PrivilegeSet {`
`39`	`39`	`func (t *ProcedureModel) DefaultPrivileges() PrivilegeSet {`
`40`	`40`	`return Execute`
`41`	`41`	`}`
	`42`	`+`
`42`	`43`	`func (t *ProcedureModel) Signature() string {`
`43`	`44`	`return fmt.Sprintf("%s(%s)", t.Name, t.Arguments)`
`44`	`45`	`}`