Hi all, I was looking again at the thread that reported a problem when using ALTER DEFAULT PRIVILEGES with duplicated object names: https://www.postgresql.org/message-id/ae2a7dc1-9d71-8cba-3bb9-e4cb7eb1f...@hot.ee
And while reviewing the thing, I have spotted that there is a specific path for pg_default_acl in RemoveRoleFromObjectACL() that has zero coverage. This can be triggered with DROP OWNED BY, and it is actually safe to run as long as this is done in a separate transaction to avoid any interactions with parallel regression sessions. privileges.sql already has similar tests, so I'd like to add some coverage as per the attached (the duplicated role name is wanted). Thoughts? -- Michael
diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out
index 7754c20db4..873df85e84 100644
--- a/src/test/regress/expected/privileges.out
+++ b/src/test/regress/expected/privileges.out
@@ -1759,6 +1759,35 @@ SELECT has_schema_privilege('regress_priv_user2', 'testns4', 'CREATE'); -- yes
ALTER DEFAULT PRIVILEGES REVOKE ALL ON SCHEMAS FROM regress_priv_user2;
COMMIT;
+-- Test for DROP OWNED BY with shared dependencies. This is done in a
+-- separate, rollbacked, transaction to avoid any trouble with other
+-- regression sessions.
+BEGIN;
+ALTER DEFAULT PRIVILEGES GRANT ALL ON FUNCTIONS TO regress_priv_user2;
+ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO regress_priv_user2;
+ALTER DEFAULT PRIVILEGES GRANT ALL ON SEQUENCES TO regress_priv_user2;
+ALTER DEFAULT PRIVILEGES GRANT ALL ON TABLES TO regress_priv_user2;
+ALTER DEFAULT PRIVILEGES GRANT ALL ON TYPES TO regress_priv_user2;
+SELECT count(*) FROM pg_shdepend
+ WHERE deptype = 'a' AND
+ refobjid = 'regress_priv_user2'::regrole AND
+ classid = 'pg_default_acl'::regclass;
+ count
+-------
+ 5
+(1 row)
+
+DROP OWNED BY regress_priv_user2, regress_priv_user2;
+SELECT count(*) FROM pg_shdepend
+ WHERE deptype = 'a' AND
+ refobjid = 'regress_priv_user2'::regrole AND
+ classid = 'pg_default_acl'::regclass;
+ count
+-------
+ 0
+(1 row)
+
+ROLLBACK;
CREATE SCHEMA testns5;
SELECT has_schema_privilege('regress_priv_user2', 'testns5', 'USAGE'); -- no
has_schema_privilege
diff --git a/src/test/regress/sql/privileges.sql b/src/test/regress/sql/privileges.sql
index 4911ad4add..3a20e93ada 100644
--- a/src/test/regress/sql/privileges.sql
+++ b/src/test/regress/sql/privileges.sql
@@ -1048,6 +1048,26 @@ ALTER DEFAULT PRIVILEGES REVOKE ALL ON SCHEMAS FROM regress_priv_user2;
COMMIT;
+-- Test for DROP OWNED BY with shared dependencies. This is done in a
+-- separate, rollbacked, transaction to avoid any trouble with other
+-- regression sessions.
+BEGIN;
+ALTER DEFAULT PRIVILEGES GRANT ALL ON FUNCTIONS TO regress_priv_user2;
+ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO regress_priv_user2;
+ALTER DEFAULT PRIVILEGES GRANT ALL ON SEQUENCES TO regress_priv_user2;
+ALTER DEFAULT PRIVILEGES GRANT ALL ON TABLES TO regress_priv_user2;
+ALTER DEFAULT PRIVILEGES GRANT ALL ON TYPES TO regress_priv_user2;
+SELECT count(*) FROM pg_shdepend
+ WHERE deptype = 'a' AND
+ refobjid = 'regress_priv_user2'::regrole AND
+ classid = 'pg_default_acl'::regclass;
+DROP OWNED BY regress_priv_user2, regress_priv_user2;
+SELECT count(*) FROM pg_shdepend
+ WHERE deptype = 'a' AND
+ refobjid = 'regress_priv_user2'::regrole AND
+ classid = 'pg_default_acl'::regclass;
+ROLLBACK;
+
CREATE SCHEMA testns5;
SELECT has_schema_privilege('regress_priv_user2', 'testns5', 'USAGE'); -- no
signature.asc
Description: PGP signature
