Skip to content

Commit 60d5d70

Browse files
ruggi99soedirgo
andauthored
fix: logic when returning default roles (#490)
* Bug fix returning default roles * refactor: replace DEFAULT_ROLES w/ prefix test * test: includeDefaultRoles --------- Co-authored-by: Bobbie Soedirgo <[email protected]>
1 parent 4d24652 commit 60d5d70

File tree

3 files changed

+48
-15
lines changed

3 files changed

+48
-15
lines changed

src/lib/PostgresMetaRoles.ts

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
import { ident, literal } from 'pg-format'
2-
import { DEFAULT_ROLES } from './constants.js'
32
import { rolesSql } from './sql/index.js'
43
import {
54
PostgresMetaResult,
@@ -42,8 +41,16 @@ FROM
4241
roles
4342
WHERE
4443
true`
45-
if (includeDefaultRoles) {
46-
sql += ` AND name NOT IN (${DEFAULT_ROLES.map(literal).join(',')})`
44+
if (!includeDefaultRoles) {
45+
// All default/predefined roles start with pg_: https://www.postgresql.org/docs/15/predefined-roles.html
46+
// The pg_ prefix is also reserved:
47+
//
48+
// ```
49+
// postgres=# create role pg_mytmp;
50+
// ERROR: role name "pg_mytmp" is reserved
51+
// DETAIL: Role names starting with "pg_" are reserved.
52+
// ```
53+
sql += ` AND NOT pg_catalog.starts_with(name, 'pg_')`
4754
}
4855
if (limit) {
4956
sql += ` LIMIT ${limit}`

src/lib/constants.ts

Lines changed: 0 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,3 @@
1-
export const DEFAULT_ROLES = [
2-
'pg_execute_server_program',
3-
'pg_monitor',
4-
'pg_read_all_settings',
5-
'pg_read_all_stats',
6-
'pg_read_server_files',
7-
'pg_signal_backend',
8-
'pg_stat_scan_tables',
9-
'pg_write_server_files',
10-
]
11-
121
export const DEFAULT_SYSTEM_SCHEMAS = [
132
'information_schema',
143
'pg_catalog',

test/lib/roles.ts

Lines changed: 38 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ import { pgMeta } from './utils'
33
test('list', async () => {
44
const res = await pgMeta.roles.list()
55

6-
const role: any = res.data?.find(({ name }) => name === 'postgres')
6+
let role = res.data?.find(({ name }) => name === 'postgres')
77

88
expect(role).toMatchInlineSnapshot(
99
{ active_connections: expect.any(Number), id: expect.any(Number) },
@@ -26,6 +26,43 @@ test('list', async () => {
2626
}
2727
`
2828
)
29+
30+
// pg_monitor is a predefined role. `includeDefaultRoles` defaults to false,
31+
// so it shouldn't be included in the result.
32+
role = res.data?.find(({ name }) => name === 'pg_monitor')
33+
34+
expect(role).toMatchInlineSnapshot(`undefined`)
35+
})
36+
37+
test('list w/ default roles', async () => {
38+
const res = await pgMeta.roles.list({ includeDefaultRoles: true })
39+
40+
const role = res.data?.find(({ name }) => name === 'pg_monitor')
41+
42+
expect(role).toMatchInlineSnapshot(
43+
{
44+
active_connections: expect.any(Number),
45+
id: expect.any(Number),
46+
},
47+
`
48+
{
49+
"active_connections": Any<Number>,
50+
"can_bypass_rls": false,
51+
"can_create_db": false,
52+
"can_create_role": false,
53+
"can_login": false,
54+
"config": null,
55+
"connection_limit": 100,
56+
"id": Any<Number>,
57+
"inherit_role": true,
58+
"is_replication_role": false,
59+
"is_superuser": false,
60+
"name": "pg_monitor",
61+
"password": "********",
62+
"valid_until": null,
63+
}
64+
`
65+
)
2966
})
3067

3168
test('retrieve, create, update, delete', async () => {

0 commit comments

Comments
 (0)