test: postgres_fdw

soedirgo · soedirgo · commit 1b46e8dc6aca · 2025-10-15T19:04:19.000-05:00
diff --git a/nix/tests/expected/postgres_fdw.out b/nix/tests/expected/postgres_fdw.out
@@ -1,50 +1,33 @@
 /*
 
-Test to verify supautils (v3.0.0+) allows non-superuser postgres role to own FDWs.
+Test to verify supautils (v3.0.0+) allows non-superuser postgres role to use postgres_fdw.
 
-This test ensures that the supautils extension properly handles FDW ownership
+This test ensures that the supautils extension properly handles FDW usage
 for the privileged postgres role without requiring temporary superuser privileges.
 
 This verifies the fix that eliminated the need for:
-ansible/files/postgresql_extension_custom_scripts/postgres_fdw/after-create.sql (removed)
+https://github.com/supabase/postgres/blob/a638c6fce0baf90b654e762eddcdac1bc8df01ee/ansible/files/postgresql_extension_custom_scripts/postgres_fdw/after-create.sql (removed)
 
 */
-BEGIN;
+begin;
 -- Switch to the postgres role (non-superuser) to test supautils behavior
-SET ROLE postgres;
--- Test 1: Create a custom FDW directly (this is what supautils v3.0.0 fixes)
--- Before v3.0.0, this would fail because only superusers can create FDWs
--- With v3.0.0, supautils allows postgres (privileged role) to create and own FDWs
-CREATE FOREIGN DATA WRAPPER test_fdw_postgres_owned;
--- Reset to original role for queries because the tests run under a superuser context
-RESET ROLE;
--- Verify that the custom FDW is owned by postgres (non-superuser)
-SELECT
-  fdw.fdwname as fdw_name,
-  owner.rolname as owner_name,
-  owner.rolsuper as owner_is_superuser
-FROM
-  pg_foreign_data_wrapper fdw
-  JOIN pg_roles owner ON fdw.fdwowner = owner.oid
-WHERE
-  fdw.fdwname = 'test_fdw_postgres_owned';
-        fdw_name         | owner_name | owner_is_superuser 
--------------------------+------------+--------------------
- test_fdw_postgres_owned | postgres   | f
-(1 row)
+set role postgres;
 
--- Verify the postgres role's superuser status
--- The key test: postgres should NOT be a superuser, yet can own the FDW
-SELECT
-  rolname,
-  rolsuper as is_superuser
-FROM
-  pg_roles
-WHERE
-  rolname = 'postgres';
- rolname  | is_superuser 
-----------+--------------
- postgres | f
+-- postgres_fdw should be owned by the superuser
+select fdwowner::regrole from pg_foreign_data_wrapper where fdwname = 'postgres_fdw';
+    fdwowner    
+----------------
+ supabase_admin 
 (1 row)
 
-ROLLBACK;
+-- Verify that `postgres` can use the FDW despite not owning it
+create server s
+  foreign data wrapper postgres_fdw
+  options (
+    host '127.0.0.1',
+    port '5432',
+    dbname 'postgres'
+  );
+CREATE SERVER
+
+rollback;
diff --git a/nix/tests/sql/postgres_fdw.sql b/nix/tests/sql/postgres_fdw.sql
@@ -1,47 +1,30 @@
 /*
 
-Test to verify supautils (v3.0.0+) allows non-superuser postgres role to own FDWs.
+Test to verify supautils (v3.0.0+) allows non-superuser postgres role to use postgres_fdw.
 
-This test ensures that the supautils extension properly handles FDW ownership
+This test ensures that the supautils extension properly handles FDW usage
 for the privileged postgres role without requiring temporary superuser privileges.
 
 This verifies the fix that eliminated the need for:
-ansible/files/postgresql_extension_custom_scripts/postgres_fdw/after-create.sql (removed)
+https://github.com/supabase/postgres/blob/a638c6fce0baf90b654e762eddcdac1bc8df01ee/ansible/files/postgresql_extension_custom_scripts/postgres_fdw/after-create.sql (removed)
 
 */
 
-BEGIN;
+begin;
 
 -- Switch to the postgres role (non-superuser) to test supautils behavior
-SET ROLE postgres;
-
--- Test 1: Create a custom FDW directly (this is what supautils v3.0.0 fixes)
--- Before v3.0.0, this would fail because only superusers can create FDWs
--- With v3.0.0, supautils allows postgres (privileged role) to create and own FDWs
-CREATE FOREIGN DATA WRAPPER test_fdw_postgres_owned;
-
--- Reset to original role for queries because the tests run under a superuser context
-RESET ROLE;
-
--- Verify that the custom FDW is owned by postgres (non-superuser)
-SELECT
-  fdw.fdwname as fdw_name,
-  owner.rolname as owner_name,
-  owner.rolsuper as owner_is_superuser
-FROM
-  pg_foreign_data_wrapper fdw
-  JOIN pg_roles owner ON fdw.fdwowner = owner.oid
-WHERE
-  fdw.fdwname = 'test_fdw_postgres_owned';
-
--- Verify the postgres role's superuser status
--- The key test: postgres should NOT be a superuser, yet can own the FDW
-SELECT
-  rolname,
-  rolsuper as is_superuser
-FROM
-  pg_roles
-WHERE
-  rolname = 'postgres';
-
-ROLLBACK;
+set role postgres;
+
+-- postgres_fdw should be owned by the superuser
+select fdwowner::regrole from pg_foreign_data_wrapper where fdwname = 'postgres_fdw';
+
+-- Verify that `postgres` can use the FDW despite not owning it
+create server s
+  foreign data wrapper postgres_fdw
+  options (
+    host '127.0.0.1',
+    port '5432',
+    dbname 'postgres'
+  );
+
+rollback;
