Ignore function grants to db owner

djrobstep · Feb 13, 2021 · 16b0d84 · 16b0d84
1 parent 68ef5d4
commit 16b0d84
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 13 deletions.
diff --git a/schemainspect/pg/sql/privileges.sql b/schemainspect/pg/sql/privileges.sql
@@ -21,7 +21,11 @@ select
   grantee as user,
   privilege_type as privilege
 from information_schema.role_routine_grants
-where true
+where grantee != (
+    select datdba::regrole::text
+    from pg_database
+    where datname = current_database()
+)
 -- SKIP_INTERNAL and routine_schema not in ('pg_internal', 'pg_catalog', 'information_schema', 'pg_toast')
 -- SKIP_INTERNAL and routine_schema not like 'pg_temp_%' and routine_schema not like 'pg_toast_temp_%'
 order by schema, name, "user";
diff --git a/tests/test_all.py b/tests/test_all.py
@@ -234,6 +234,14 @@ def setup_pg_schema(s):
     s.execute("comment on table emptytable is 'emptytable comment'")
     s.execute("create extension pg_trgm")
     s.execute("create schema otherschema")
+    s.execute(
+        """DO $$
+BEGIN
+CREATE ROLE testuser;
+EXCEPTION WHEN duplicate_object THEN RAISE NOTICE '%, skipping', SQLERRM USING ERRCODE = SQLSTATE;
+END
+$$;"""
+    )
     s.execute(
         """
         CREATE TABLE films (
@@ -267,7 +275,7 @@ def setup_pg_schema(s):
             )
             as $$select 'a'::varchar, '2014-01-01'::date$$
             language sql;
-            grant execute on function films_f(date, text, date) to postgres;
+            grant execute on function films_f(date, text, date) to testuser;
         """
     )
     s.execute("comment on function films_f(date, text, date) is 'films_f comment'")
@@ -447,21 +455,13 @@ def asserts_pg(i, has_timescale=False):
     assert n("films_title_idx") in t.indexes
 
     # privileges
-    g = InspectedPrivilege("table", "public", "films", "select", "postgres")
-    g = i.privileges[g.key]
-    assert g.create_statement == 'grant select on table {} to "postgres";'.format(
-        t_films
-    )
-    assert g.drop_statement == 'revoke select on table {} from "postgres";'.format(
-        t_films
-    )
     f_films_f = n("films_f")
-    g = InspectedPrivilege("function", "public", "films_f", "execute", "postgres")
+    g = InspectedPrivilege("function", "public", "films_f", "execute", "testuser")
     g = i.privileges[g.key]
-    assert g.create_statement == 'grant execute on function {} to "postgres";'.format(
+    assert g.create_statement == 'grant execute on function {} to "testuser";'.format(
         f_films_f
     )
-    assert g.drop_statement == 'revoke execute on function {} from "postgres";'.format(
+    assert g.drop_statement == 'revoke execute on function {} from "testuser";'.format(
         f_films_f
     )