Skip to content

Commit 6fc7eeb

Browse files
soedirgosoedirgo
committed
tmp
1 parent b69ffae commit 6fc7eeb

File tree

1 file changed

+86
-46
lines changed

1 file changed

+86
-46
lines changed

nix/ext/001-new-vault.patch

Lines changed: 86 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -139,13 +139,13 @@ index 8c33ac1..e9f0e08 100644
139139
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
140140
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
141141
diff --git a/Makefile b/Makefile
142-
index 7f66766..af0ef00 100644
142+
index 7f66766..d78d401 100644
143143
--- a/Makefile
144144
+++ b/Makefile
145145
@@ -1,5 +1,25 @@
146146
+PG_CFLAGS = -std=c99 -Werror -Wno-declaration-after-statement
147147
EXTENSION = supabase_vault
148-
+EXTVERSION = 0.3.0
148+
+EXTVERSION = 0.3.1
149149
+
150150
DATA = $(wildcard sql/*--*.sql)
151151
+
@@ -1116,6 +1116,13 @@ index ee40004..8973fe0 100644
11161116

11171117
COMMENT ON TABLE vault.secrets IS 'Table with encrypted `secret` column for storing sensitive information on disk.';
11181118

1119+
diff --git a/sql/supabase_vault--0.3.0--0.3.1.sql b/sql/supabase_vault--0.3.0--0.3.1.sql
1120+
new file mode 100644
1121+
index 0000000..ee25f24
1122+
--- /dev/null
1123+
+++ b/sql/supabase_vault--0.3.0--0.3.1.sql
1124+
@@ -0,0 +1 @@
1125+
+-- no SQL changes in 0.3.1
11191126
diff --git a/sql/supabase_vault--0.3.0.sql b/sql/supabase_vault--0.3.0.sql
11201127
new file mode 100644
11211128
index 0000000..af6abe2
@@ -1434,7 +1441,7 @@ index 0000000..91eca9a
14341441
+#endif
14351442
diff --git a/src/pgsodium.c b/src/pgsodium.c
14361443
new file mode 100644
1437-
index 0000000..d337fff
1444+
index 0000000..563c55f
14381445
--- /dev/null
14391446
+++ b/src/pgsodium.c
14401447
@@ -0,0 +1,144 @@
@@ -1552,7 +1559,7 @@ index 0000000..d337fff
15521559
+ {
15531560
+ nonce = NULL;
15541561
+ }
1555-
+ ERRORIF (VARSIZE_ANY_EXHDR (ciphertext) <=
1562+
+ ERRORIF (VARSIZE_ANY_EXHDR (ciphertext) <
15561563
+ crypto_aead_det_xchacha20_ABYTES, "%s: invalid message");
15571564
+ result_len =
15581565
+ VARSIZE_ANY_EXHDR (ciphertext) - crypto_aead_det_xchacha20_ABYTES;
@@ -1992,36 +1999,30 @@ index e6221c2..0000000
19921999
-select * from finish();
19932000
diff --git a/test/expected/test.out b/test/expected/test.out
19942001
new file mode 100644
1995-
index 0000000..28abe9b
2002+
index 0000000..1d69ec5
19962003
--- /dev/null
19972004
+++ b/test/expected/test.out
1998-
@@ -0,0 +1,102 @@
2005+
@@ -0,0 +1,110 @@
19992006
+select no_plan();
20002007
+ no_plan
20012008
+---------
20022009
+(0 rows)
20032010
+
20042011
+do $$
2005-
+select vault.create_secret (
2006-
+ 's3kr3t_k3y', 'a_name', 'this is the foo secret key');
2012+
+begin
2013+
+ perform vault.create_secret('s3kr3t_k3y', 'a_name', 'this is the foo secret key');
2014+
+end
20072015
+$$;
2008-
+ERROR: syntax error at or near "select"
2009-
+LINE 2: select vault.create_secret (
2010-
+ ^
20112016
+SELECT results_eq(
20122017
+ $$
20132018
+ SELECT decrypted_secret = 's3kr3t_k3y', description = 'this is the foo secret key'
20142019
+ FROM vault.decrypted_secrets WHERE name = 'a_name';
20152020
+ $$,
20162021
+ $$VALUES (true, true)$$,
20172022
+ 'can select from masking view with custom key');
2018-
+ results_eq
2019-
+-----------------------------------------------------------------
2020-
+ not ok 1 - can select from masking view with custom key +
2021-
+ # Failed test 1: "can select from masking view with custom key"+
2022-
+ # Results differ beginning at row 1: +
2023-
+ # have: NULL +
2024-
+ # want: (t,t)
2023+
+ results_eq
2024+
+-----------------------------------------------------
2025+
+ ok 1 - can select from masking view with custom key
20252026
+(1 row)
20262027
+
20272028
+SELECT lives_ok(
@@ -2040,25 +2041,20 @@ index 0000000..28abe9b
20402041
+TRUNCATE vault.secrets;
20412042
+set role bob;
20422043
+do $$
2043-
+select vault.create_secret ('foo', 'bar', 'baz');
2044+
+begin
2045+
+ perform vault.create_secret ('foo', 'bar', 'baz');
2046+
+end
20442047
+$$;
2045-
+ERROR: syntax error at or near "select"
2046-
+LINE 2: select vault.create_secret ('foo', 'bar', 'baz');
2047-
+ ^
20482048
+select results_eq(
20492049
+ $test$
20502050
+ SELECT (decrypted_secret COLLATE "default"), name, description FROM vault.decrypted_secrets
20512051
+ WHERE name = 'bar'
20522052
+ $test$,
20532053
+ $results$values ('foo', 'bar', 'baz')$results$,
20542054
+ 'bob can query a secret');
2055-
+ results_eq
2056-
+-------------------------------------------
2057-
+ not ok 3 - bob can query a secret +
2058-
+ # Failed test 3: "bob can query a secret"+
2059-
+ # Results differ beginning at row 1: +
2060-
+ # have: NULL +
2061-
+ # want: (foo,bar,baz)
2055+
+ results_eq
2056+
+-------------------------------
2057+
+ ok 3 - bob can query a secret
20622058
+(1 row)
20632059
+
20642060
+select lives_ok(
@@ -2082,21 +2078,40 @@ index 0000000..28abe9b
20822078
+ $test$,
20832079
+ $results$values ('fooz', 'barz', 'bazz')$results$,
20842080
+ 'bob can query an updated secret');
2085-
+ results_eq
2086-
+----------------------------------------------------
2087-
+ not ok 5 - bob can query an updated secret +
2088-
+ # Failed test 5: "bob can query an updated secret"+
2089-
+ # Results differ beginning at row 1: +
2090-
+ # have: NULL +
2091-
+ # want: (fooz,barz,bazz)
2081+
+ results_eq
2082+
+----------------------------------------
2083+
+ ok 5 - bob can query an updated secret
20922084
+(1 row)
20932085
+
2094-
+select * from finish();
2095-
+ finish
2086+
+truncate vault.secrets;
2087+
+reset role;
2088+
+do $$
2089+
+begin
2090+
+ perform vault.create_secret(
2091+
+ new_secret := '',
2092+
+ new_name := 'empty_secret'
2093+
+ );
2094+
+end
2095+
+$$;
2096+
+select results_eq(
2097+
+ $test$
2098+
+ select decrypted_secret collate "default"
2099+
+ from vault.decrypted_secrets
2100+
+ where name = 'empty_secret'
2101+
+ $test$,
2102+
+ $results$values ('')$results$,
2103+
+ 'secret can be an empty string'
2104+
+);
2105+
+ results_eq
20962106
+--------------------------------------
2097-
+ 1..5
2098-
+ # Looks like you failed 3 tests of 5
2099-
+(2 rows)
2107+
+ ok 6 - secret can be an empty string
2108+
+(1 row)
2109+
+
2110+
+select * from finish();
2111+
+ finish
2112+
+--------
2113+
+ 1..6
2114+
+(1 row)
21002115
+
21012116
diff --git a/test/fixtures.sql b/test/fixtures.sql
21022117
new file mode 100644
@@ -2121,15 +2136,16 @@ index 0000000..b323d22
21212136
+GRANT pgsodium_keyiduser TO bob;
21222137
diff --git a/test/sql/test.sql b/test/sql/test.sql
21232138
new file mode 100644
2124-
index 0000000..f6b6e92
2139+
index 0000000..69dbccd
21252140
--- /dev/null
21262141
+++ b/test/sql/test.sql
2127-
@@ -0,0 +1,59 @@
2142+
@@ -0,0 +1,84 @@
21282143
+select no_plan();
21292144
+
21302145
+do $$
2131-
+select vault.create_secret (
2132-
+ 's3kr3t_k3y', 'a_name', 'this is the foo secret key');
2146+
+begin
2147+
+ perform vault.create_secret('s3kr3t_k3y', 'a_name', 'this is the foo secret key');
2148+
+end
21332149
+$$;
21342150
+
21352151
+SELECT results_eq(
@@ -2154,7 +2170,9 @@ index 0000000..f6b6e92
21542170
+set role bob;
21552171
+
21562172
+do $$
2157-
+select vault.create_secret ('foo', 'bar', 'baz');
2173+
+begin
2174+
+ perform vault.create_secret ('foo', 'bar', 'baz');
2175+
+end
21582176
+$$;
21592177
+
21602178
+select results_eq(
@@ -2183,4 +2201,26 @@ index 0000000..f6b6e92
21832201
+ $results$values ('fooz', 'barz', 'bazz')$results$,
21842202
+ 'bob can query an updated secret');
21852203
+
2204+
+truncate vault.secrets;
2205+
+reset role;
2206+
+
2207+
+do $$
2208+
+begin
2209+
+ perform vault.create_secret(
2210+
+ new_secret := '',
2211+
+ new_name := 'empty_secret'
2212+
+ );
2213+
+end
2214+
+$$;
2215+
+
2216+
+select results_eq(
2217+
+ $test$
2218+
+ select decrypted_secret collate "default"
2219+
+ from vault.decrypted_secrets
2220+
+ where name = 'empty_secret'
2221+
+ $test$,
2222+
+ $results$values ('')$results$,
2223+
+ 'secret can be an empty string'
2224+
+);
2225+
+
21862226
+select * from finish();

0 commit comments

Comments
 (0)