hailin
/
chatdesk-ui
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
chatdesk-ui/storage_v1.19.1/src/test/rls_tests.yaml

478 lines
12 KiB
YAML
Raw Blame History

policies:
- name: read_only_all_buckets
tables: ['storage.buckets']
roles: ['authenticated']
permissions: ['select']
content: "USING(owner = '{{uid}}')"
- name: read_only_all_objects
tables: ['storage.objects']
roles: ['authenticated']
permissions: ['select']
content: "USING(owner = '{{uid}}')"
- name: insert_only_all_objects
tables: ['storage.objects']
roles: ['authenticated']
permissions: ['insert']
content: "WITH CHECK(auth.uid() = '{{uid}}')"
- name: insert_only_all_buckets
tables: ['storage.buckets']
roles: ['authenticated']
permissions: ['insert']
content: "WITH CHECK(auth.uid() = '{{uid}}')"
- name: update_only_all_objects
tables: ['storage.objects']
roles: ['authenticated']
permissions: ['update']
content: "USING(owner = '{{uid}}')"
- name: update_only_all_buckets
tables: ['storage.buckets']
roles: ['authenticated']
permissions: ['update']
content: "USING(owner = '{{uid}}')"
- name: delete_only_all_buckets
tables: ['storage.buckets']
roles: ['authenticated']
permissions: ['delete']
content: "USING(owner = '{{uid}}')"
- name: delete_only_all_objects
tables: ['storage.objects']
roles: ['authenticated']
permissions: ['delete']
content: "USING(owner = '{{uid}}')"
tests:
- description: 'Will only able to read objects'
policies:
- read_only_all_objects
asserts:
- operation: upload
status: 400
error: 'new row violates row-level security policy'
- operation: upload.upsert
status: 400
message: 'new row violates row-level security policy'
- operation: bucket.create
status: 400
error: 'new row violates row-level security policy'
- operation: bucket.delete
status: 400
error: 'Bucket not found'
- operation: bucket.update
status: 400
error: 'Bucket not found'
- operation: bucket.get
status: 400
error: 'Bucket not found'
- operation: upload
status: 200
policies:
- insert_only_all_objects
- operation: object.get
role: authenticated
status: 200
- operation: object.delete
role: authenticated
status: 400
message: 'Object not found'
- operation: upload
bucketName: 'bucket_{{runId}}'
objectName: 'object_{{runId}}.txt'
policies:
- insert_only_all_objects
status: 200
- operation: object.copy
useExistingBucketName: 'bucket_{{runId}}'
objectName: 'object_{{runId}}.txt'
status: 400
- operation: object.move
useExistingBucketName: 'bucket_{{runId}}'
objectName: 'object_{{runId}}.txt'
status: 400
- description: 'Will only able to read buckets'
policies:
- read_only_all_buckets
asserts:
- operation: upload
status: 400
error: 'new row violates row-level security policy'
- operation: upload.upsert
status: 400
message: 'new row violates row-level security policy'
- operation: bucket.create
status: 400
error: 'new row violates row-level security policy'
- operation: bucket.delete
status: 400
error: 'Bucket not found'
- operation: bucket.update
status: 400
error: 'Bucket not found'
- operation: bucket.get
status: 200
- operation: bucket.list
status: 200
- operation: upload
policies:
- insert_only_all_objects
status: 200
- operation: object.get
role: authenticated
status: 400
message: 'Object not found'
- operation: object.delete
role: authenticated
status: 400
message: 'Object not found'
- description: 'Will only able to insert objects when authenticated'
policies:
- insert_only_all_objects
asserts:
- operation: bucket.create
status: 400
- operation: bucket.delete
status: 400
error: 'Bucket not found'
- operation: bucket.update
status: 400
error: 'Bucket not found'
- operation: upload
status: 200
- operation: upload.upsert
status: 400
message: 'Object not found'
- operation: object.get
status: 400
- operation: object.delete
status: 400
- description: 'Will only able to create buckets when authenticated'
policies:
- insert_only_all_buckets
setup:
create_bucket: false
asserts:
- operation: bucket.create
status: 200
- operation: bucket.delete
status: 400
error: 'Bucket not found'
- operation: bucket.update
status: 400
error: 'Bucket not found'
- operation: upload
status: 400
error: 'new row violates row-level security policy'
- operation: upload.upsert
status: 400
message: 'new row violates row-level security policy'
- operation: upload
policies:
- insert_only_all_objects
status: 200
- operation: object.get
status: 400
- operation: object.delete
status: 400
- operation: upload
bucketName: 'bucket_{{runId}}'
objectName: 'object_{{runId}}.txt'
policies:
- insert_only_all_objects
status: 200
- operation: object.copy
useExistingBucketName: 'bucket_{{runId}}'
objectName: 'object_{{runId}}.txt'
status: 400
- operation: object.move
useExistingBucketName: 'bucket_{{runId}}'
objectName: 'object_{{runId}}.txt'
status: 400
- description: 'Will only able to update buckets when authenticated'
policies:
- update_only_all_buckets
- read_only_all_buckets
asserts:
- operation: bucket.create
status: 400
error: 'new row violates row-level security policy'
- operation: bucket.delete
status: 400
error: 'Bucket not found'
- operation: upload
status: 400
error: 'new row violates row-level security policy'
- operation: upload.upsert
status: 400
message: 'new row violates row-level security policy'
- operation: upload
policies:
- insert_only_all_objects
status: 200
- operation: object.get
status: 400
error: 'Object not found'
- operation: object.delete
status: 400
error: 'Object not found'
- operation: bucket.update
status: 200
- operation: bucket.get
status: 200
- description: 'Will only able to update objects when authenticated'
policies:
- insert_only_all_objects
- update_only_all_objects
- read_only_all_objects
asserts:
- operation: bucket.create
status: 400
error: 'new row violates row-level security policy'
- operation: bucket.delete
status: 400
error: 'Bucket not found'
- operation: upload
bucketName: 'bucket_{{runId}}'
objectName: 'to_upsert.txt'
status: 200
- operation: upload.upsert
existingBucketName: 'bucket_{{runId}}'
objectName: 'to_upsert.txt'
status: 200
- operation: object.get
status: 200
- operation: object.delete
status: 400
error: 'Object not found'
- operation: bucket.update
status: 400
message: 'Bucket not found'
- operation: bucket.get
status: 400
message: 'Bucket not found'
- description: 'Will only able to delete buckets when authenticated'
policies:
- delete_only_all_buckets
- read_only_all_buckets
asserts:
- operation: bucket.get
status: 200
- operation: bucket.create
status: 400
error: 'new row violates row-level security policy'
- operation: upload
status: 400
error: 'new row violates row-level security policy'
- operation: upload.upsert
status: 400
message: 'new row violates row-level security policy'
- operation: upload
policies:
- insert_only_all_objects
status: 200
- operation: object.get
status: 400
error: 'Object not found'
- operation: object.delete
status: 400
error: 'Object not found'
- operation: object.delete
role: service
status: 200
- operation: bucket.delete
status: 200
#
- description: 'Will only able to delete objects when authenticated'
policies:
- delete_only_all_objects
- read_only_all_objects
asserts:
- operation: bucket.get
status: 400
error: 'Bucket not found'
- operation: bucket.create
status: 400
error: 'new row violates row-level security policy'
- operation: upload
status: 400
error: 'new row violates row-level security policy'
- operation: upload.upsert
status: 400
message: 'new row violates row-level security policy'
- operation: upload
bucketName: 'bucket_delete_test_{{runId}}'
objectName: 'object_{{runId}}'
policies:
- insert_only_all_objects
status: 200
- operation: object.delete
useExistingBucketName: 'bucket_delete_test_{{runId}}'
objectName: 'object_{{runId}}'
status: 200
- operation: object.get
useExistingBucketName: 'bucket_delete_test_{{runId}}'
objectName: 'object_{{runId}}'
status: 400
error: 'Object not found'
- operation: bucket.delete
status: 400
error: 'Bucket not found'
- description: 'Will only able to move objects when authenticated'
policies:
- read_only_all_objects
- update_only_all_objects
asserts:
- operation: bucket.get
status: 400
error: 'Bucket not found'
- operation: bucket.create
status: 400
error: 'new row violates row-level security policy'
- operation: upload
status: 400
error: 'new row violates row-level security policy'
- operation: upload.upsert
status: 400
message: 'new row violates row-level security policy'
- operation: upload
bucketName: 'bucket_to_move_{{runId}}'
objectName: 'object_to_move_{{runId}}.txt'
policies:
- insert_only_all_objects
status: 200
- operation: object.move
useExistingBucketName: 'bucket_to_move_{{runId}}'
objectName: 'object_to_move_{{runId}}.txt'
status: 200
- operation: object.delete
status: 400
- operation: bucket.delete
status: 400
error: 'Bucket not found'
- description: 'Will only able to copy owned objects when authenticated'
policies:
- read_only_all_objects
- insert_only_all_objects
asserts:
- operation: bucket.get
status: 400
error: 'Bucket not found'
- operation: bucket.create
status: 400
error: 'new row violates row-level security policy'
- operation: upload
bucketName: 'bucket_{{runId}}'
objectName: 'object_{{runId}}.txt'
status: 200
- operation: upload.upsert
useExistingBucketName: 'bucket_{{runId}}'
objectName: 'object_{{runId}}.txt'
status: 400
message: 'new row violates row-level security policy'
- operation: upload
bucketName: 'bucket_to_copy_{{runId}}'
objectName: 'object_to_copy_{{runId}}.txt'
status: 200
- operation: object.copy
useExistingBucketName: 'bucket_to_copy_{{runId}}'
objectName: 'object_to_copy_{{runId}}.txt'
status: 200
- operation: object.delete
status: 400
- operation: bucket.delete
status: 400
error: 'Bucket not found'
Reference in New Issue View Git Blame Copy Permalink