test: nested switch_to_superuser()

nix/withTmpDb.sh.in

@@ -15,7 +15,7 @@ options="-F -c listen_addresses=\"\" -k $PGDATA -c shared_preload_libraries=\"pg
 
 reserved_roles="supabase_storage_admin, anon, reserved_but_not_yet_created, authenticator*"
 reserved_memberships="pg_read_server_files, pg_write_server_files, pg_execute_server_program, role_with_reserved_membership"
-privileged_extensions="hstore, postgres_fdw, pg_tle, autoinc, citext"
+privileged_extensions="hstore, postgres_fdw, pg_tle, moddatetime"
 privileged_extensions_custom_scripts_path="$tmpdir/privileged_extensions_custom_scripts"
 privileged_role="privileged_role"
 privileged_role_allowed_configs="session_replication_role, pgrst.*, other.nested.*"
@@ -27,6 +27,7 @@ cexts_option='-c supautils.constrained_extensions="{\"adminpack\": { \"cpu\": 64
 
 pg_ctl start -o "$options" -o "$reserved_stuff_options" -o "$placeholder_stuff_options" -o "$cexts_option"
 
+# print notice when creating a TLE
 mkdir -p "$tmpdir/privileged_extensions_custom_scripts"
 echo "do \$\$
       begin
@@ -38,16 +39,15 @@ echo "do \$\$
         end if;
       end \$\$;" > "$tmpdir/privileged_extensions_custom_scripts/before-create.sql"
 
-mkdir -p "$tmpdir/privileged_extensions_custom_scripts/autoinc"
-echo 'create extension citext;' > "$tmpdir/privileged_extensions_custom_scripts/autoinc/after-create.sql"
-
-mkdir -p "$tmpdir/privileged_extensions_custom_scripts/citext"
-echo 'create table citext_has_been_created();' > "$tmpdir/privileged_extensions_custom_scripts/citext/after-create.sql"
-
+# assert both before-create and after-create scripts are run
 mkdir -p "$tmpdir/privileged_extensions_custom_scripts/hstore"
 echo 'create table t1();' > "$tmpdir/privileged_extensions_custom_scripts/hstore/before-create.sql"
 echo 'drop table t1; create table t2 as values (1);' > "$tmpdir/privileged_extensions_custom_scripts/hstore/after-create.sql"
 
+# force extension to be installed in a specific schema
+mkdir -p "$tmpdir/privileged_extensions_custom_scripts/moddatetime"
+echo 'drop extension moddatetime; create extension moddatetime schema pg_catalog;' > "$tmpdir/privileged_extensions_custom_scripts/moddatetime/after-create.sql"
+
 createdb contrib_regression
 
 psql -v ON_ERROR_STOP=1 -f test/fixtures.sql -d contrib_regression

test/expected/privileged_extensions.out

@@ -31,6 +31,8 @@ set role extensions_role;
 -- global extension custom scripts are run
 create extension pg_tle;
 reset role;
+-- must run this after `create extension pg_tle` since the role only exists
+-- after the ext is created
 grant pgtle_admin to extensions_role;
 set role extensions_role;
 select pgtle.install_extension('foo', '1', '', 'select 1', '{}');
@@ -63,6 +65,24 @@ set role extensions_role;
 \echo
 
 -- cannot create other extensions
-create extension moddatetime;
-ERROR:  permission denied to create extension "moddatetime"
+create extension adminpack;
+ERROR:  permission denied to create extension "adminpack"
 HINT:  Must be superuser to create this extension.
+\echo
+
+-- can force extension to be installed in a specific schema
+create extension moddatetime schema public;
+select extnamespace::regnamespace from pg_extension where extname = 'moddatetime';
+ extnamespace 
+--------------
+ pg_catalog
+(1 row)
+
+drop extension moddatetime;
+-- original role is restored
+select current_role;
+  current_role   
+-----------------
+ extensions_role
+(1 row)
+

test/sql/privileged_extensions.sql

@@ -23,6 +23,8 @@ set role extensions_role;
 -- global extension custom scripts are run
 create extension pg_tle;
 reset role;
+-- must run this after `create extension pg_tle` since the role only exists
+-- after the ext is created
 grant pgtle_admin to extensions_role;
 set role extensions_role;
 select pgtle.install_extension('foo', '1', '', 'select 1', '{}');
@@ -42,4 +44,12 @@ set role extensions_role;
 \echo
 
 -- cannot create other extensions
-create extension moddatetime;
+create extension adminpack;
+\echo
+
+-- can force extension to be installed in a specific schema
+create extension moddatetime schema public;
+select extnamespace::regnamespace from pg_extension where extname = 'moddatetime';
+drop extension moddatetime;
+-- original role is restored
+select current_role;