Thread
-
Re: Docs and tests for RLS policies applied by command type
Dean Rasheed <dean.a.rasheed@gmail.com> — 2025-10-23T15:14:56Z
On Thu, 23 Oct 2025 at 09:23, jian he <jian.universality@gmail.com> wrote: > > On Tue, Oct 21, 2025 at 12:01 AM Viktor Holmberg <v@viktorh.net> wrote: > > > > So patch 0001, attached, adds a new set of regression tests, near the > > start of rowsecurity.sql, which specifically tests which policies are > > applied for each command variant. > > > hi. > I only applied the 0001. > > it would be better to add some comments to the regress tests, IMHO. > for example, for below: > +SELECT * FROM rls_test_src FOR UPDATE; > +SELECT * FROM rls_test_src FOR NO KEY UPDATE; > +SELECT * FROM rls_test_src FOR SHARE; > +SELECT * FROM rls_test_src FOR KEY SHARE; > > we could add a comment such as: > "Expect both UPDATE and the SELECT command policies to be invoked for > these four below query". Thank you both for the reviews. Attached is a new version with more comments in the tests, focusing on what is expected from each test. > The 0001 regess tests define several functions: sel_using_fn, > ins_check_fn, upd_using_fn, > upd_check_fn, and del_using_fn. > IMHO, these could be simplified (we probably only need two functions). Good point. Actually it can be done with just one function, further reducing the amount of test code. A recent commit reminded me that COPY ... TO also applies RLS SELECT policies (and so does TABLE, though I doubt many people use that), so I think it's worth testing and documenting those too. Updated patches attached. Regards, Dean