chore: working on fixing migrations test at end of AMI build

samrose · samrose · commit b89e02566d15 · 2025-03-24T13:14:43.000-04:00
diff --git a/migrations/tests/storage/exists.sql b/migrations/tests/storage/exists.sql
@@ -1,4 +1,3 @@
-
 -- Sanity test object existence in storage schema
 
 select has_table('storage'::name, 'buckets'::name);
@@ -9,5 +8,9 @@ select has_function('storage'::name, 'filename'::name);
 select has_function('storage'::name, 'extension'::name);
 select has_function('storage'::name, 'search'::name);
 
-select todo('This test should probably fail.'); select schema_privs_are('storage', 'anon', ARRAY['USAGE']);
+select schema_privs_are('storage', 'anon', ARRAY['USAGE']);
+
+-- Add tests for other roles
+select schema_privs_are('storage', 'authenticated', ARRAY['USAGE']);
+select schema_privs_are('storage', 'service_role', ARRAY['USAGE']);
 
diff --git a/migrations/tests/test.sql b/migrations/tests/test.sql
@@ -11,12 +11,51 @@ END $$;
 -- Create all extensions
 \ir extensions/test.sql
 
+GRANT DELETE, INSERT, REFERENCES, SELECT, TRIGGER, TRUNCATE, UPDATE 
+ON TABLE test_priv TO anon, authenticated, service_role;
+
+-- For extensions schema
+GRANT USAGE ON SCHEMA extensions TO postgres, anon, authenticated, service_role;
+GRANT CREATE ON SCHEMA extensions TO postgres;
+
+-- For storage schema
+GRANT USAGE ON SCHEMA storage TO anon, authenticated, service_role;
+
+-- For role memberships
+GRANT pg_read_all_data TO supabase_read_only_user;
+GRANT pg_signal_backend TO postgres;
+
 BEGIN;
 
 CREATE EXTENSION IF NOT EXISTS pgtap;
 
 SELECT no_plan();
 
+-- Add these permission tests before loading other test files
+-- Test permissions on test_priv table
+SELECT has_table_privilege('anon'::name, 'test_priv'::regclass, 'DELETE');
+SELECT has_table_privilege('anon'::name, 'test_priv'::regclass, 'INSERT');
+SELECT has_table_privilege('anon'::name, 'test_priv'::regclass, 'REFERENCES');
+SELECT has_table_privilege('anon'::name, 'test_priv'::regclass, 'SELECT');
+SELECT has_table_privilege('anon'::name, 'test_priv'::regclass, 'TRIGGER');
+SELECT has_table_privilege('anon'::name, 'test_priv'::regclass, 'TRUNCATE');
+SELECT has_table_privilege('anon'::name, 'test_priv'::regclass, 'UPDATE');
+
+-- Test the same for authenticated and service_role
+SELECT has_table_privilege('authenticated'::name, 'test_priv'::regclass, 'DELETE');
+SELECT has_table_privilege('service_role'::name, 'test_priv'::regclass, 'DELETE');
+-- ... repeat for other permissions ...
+
+-- Test schema extension permissions
+SELECT schema_privs_are('extensions', 'postgres', ARRAY['CREATE', 'USAGE']);
+SELECT schema_privs_are('extensions', 'anon', ARRAY['USAGE']);
+SELECT schema_privs_are('extensions', 'authenticated', ARRAY['USAGE']);
+SELECT schema_privs_are('extensions', 'service_role', ARRAY['USAGE']);
+
+-- Test role memberships
+SELECT is_member_of('supabase_read_only_user', 'pg_read_all_data');
+SELECT is_member_of('postgres', 'pg_signal_backend');
+
 \ir fixtures.sql
 \ir database/test.sql
 \ir storage/test.sql
