test: fdws and publications in evtrigs

Ensure evtrigs don't fire for all the non-superuser fdws and
publications.

Author: steve-chavez

test/expected/event_triggers.out.in

@@ -87,10 +87,8 @@ NOTICE:  Skipping event trigger function "show_current_user" for user "postgres"
 DETAIL:  "postgres" is a superuser and the function "show_current_user" is not superuser-owned, it's owned by "privileged_role"
 \echo
 
--- extensions won't execute the event trigger function (since they're executed by superuser under our implementation)
-set role rolecreator;
-\echo
-
+-- creating extensions will not fire evtrigs
+set role privileged_role;
 create extension postgres_fdw;
 NOTICE:  Skipping event trigger function "show_current_user" for user "postgres"
 DETAIL:  "postgres" is a superuser and the function "show_current_user" is not superuser-owned, it's owned by "privileged_role"
@@ -99,6 +97,24 @@ NOTICE:  Skipping event trigger function "show_current_user" for user "postgres"
 DETAIL:  "postgres" is a superuser and the function "show_current_user" is not superuser-owned, it's owned by "privileged_role"
 \echo
 
+-- creating fdws will not fire evtrigs
+create foreign data wrapper new_fdw;
+NOTICE:  Skipping event trigger function "show_current_user" for user "postgres"
+DETAIL:  "postgres" is a superuser and the function "show_current_user" is not superuser-owned, it's owned by "privileged_role"
+-- TODO: while correct, this is inconsistent as dropping the fdw does fire the evtrig for the privileged_role
+drop foreign data wrapper new_fdw;
+NOTICE:  the event trigger is executed for privileged_role
+\echo
+
+-- creating pubs will not fire evtrigs
+create publication p for all tables;
+NOTICE:  Skipping event trigger function "show_current_user" for user "postgres"
+DETAIL:  "postgres" is a superuser and the function "show_current_user" is not superuser-owned, it's owned by "privileged_role"
+-- TODO: while correct, this is inconsistent as dropping the publication does fire the evtrig for the privileged_role
+drop publication p;
+NOTICE:  the event trigger is executed for privileged_role
+\echo
+
 -- privesc shouldn't happen due to superuser tripping over a user-defined event trigger
 set role privileged_role;
 \echo

test/expected/event_triggers_super.out

@@ -56,14 +56,26 @@ NOTICE:  superuser mandated event trigger: current_user is supabase_storage_admi
 
 -- creating extensions will fire superuser evtrigs
 set role privileged_role;
-\echo
-
 create extension postgres_fdw;
 NOTICE:  superuser mandated event trigger: current_user is postgres
 drop extension postgres_fdw;
 NOTICE:  superuser mandated event trigger: current_user is postgres
 \echo
 
+-- creating fdws will fire superuser evtrigs
+create foreign data wrapper new_fdw;
+NOTICE:  superuser mandated event trigger: current_user is postgres
+drop foreign data wrapper new_fdw;
+NOTICE:  superuser mandated event trigger: current_user is privileged_role
+\echo
+
+-- creating publications will fire superuser evtrigs
+create publication p for all tables;
+NOTICE:  superuser mandated event trigger: current_user is postgres
+drop publication p;
+NOTICE:  superuser mandated event trigger: current_user is privileged_role
+\echo
+
 -- a non-privileged role cannot alter a superuser owned evtrig
 set role rolecreator;
 \echo

test/sql/event_triggers.sql

@@ -71,14 +71,24 @@ set role postgres;
 create table super_stuff();
 \echo
 
--- extensions won't execute the event trigger function (since they're executed by superuser under our implementation)
-set role rolecreator;
-\echo
-
+-- creating extensions will not fire evtrigs
+set role privileged_role;
 create extension postgres_fdw;
 drop extension postgres_fdw;
 \echo
 
+-- creating fdws will not fire evtrigs
+create foreign data wrapper new_fdw;
+-- TODO: while correct, this is inconsistent as dropping the fdw does fire the evtrig for the privileged_role
+drop foreign data wrapper new_fdw;
+\echo
+
+-- creating pubs will not fire evtrigs
+create publication p for all tables;
+-- TODO: while correct, this is inconsistent as dropping the publication does fire the evtrig for the privileged_role
+drop publication p;
+\echo
+
 -- privesc shouldn't happen due to superuser tripping over a user-defined event trigger
 set role privileged_role;
 \echo

test/sql/event_triggers_super.sql

@@ -47,12 +47,20 @@ drop table storage_stuff;
 
 -- creating extensions will fire superuser evtrigs
 set role privileged_role;
-\echo
-
 create extension postgres_fdw;
 drop extension postgres_fdw;
 \echo
 
+-- creating fdws will fire superuser evtrigs
+create foreign data wrapper new_fdw;
+drop foreign data wrapper new_fdw;
+\echo
+
+-- creating publications will fire superuser evtrigs
+create publication p for all tables;
+drop publication p;
+\echo
+
 -- a non-privileged role cannot alter a superuser owned evtrig
 set role rolecreator;
 \echo