From edc513c8e1a4b185c95c63955f4c75f530b5cf44 Mon Sep 17 00:00:00 2001
From: Laurence Isla <lau.isla.c@gmail.com>
Date: Fri, 22 Mar 2024 20:05:06 -0500
Subject: [PATCH] test: fix some in-db config values

To correctly test in-db override of config file values, the former must be different from the latter.
---
 ...efaults-with-db-other-authenticator.config |  4 +-
 .../expected/no-defaults-with-db.config       |  6 +-
 test/io/db_config.sql                         | 82 ++++++++++---------
 3 files changed, 50 insertions(+), 42 deletions(-)

diff --git a/test/io/configs/expected/no-defaults-with-db-other-authenticator.config b/test/io/configs/expected/no-defaults-with-db-other-authenticator.config
index db18fa99f0c..ffa9fd5280c 100644
--- a/test/io/configs/expected/no-defaults-with-db-other-authenticator.config
+++ b/test/io/configs/expected/no-defaults-with-db-other-authenticator.config
@@ -15,13 +15,13 @@ db-prepared-statements = false
 db-root-spec = "other_root"
 db-schemas = "test,other_tenant1,other_tenant2"
 db-config = true
-db-pre-config = "postgrest.pre_config"
+db-pre-config = "postgrest.other_preconf"
 db-tx-end = "rollback-allow-override"
 db-uri = "postgresql://"
 jwt-aud = "https://otherexample.org"
 jwt-role-claim-key = ".\"other\".\"pre_config_role\""
 jwt-secret = "ODERREALLYREALLYREALLYREALLYVERYSAFE"
-jwt-secret-is-base64 = true
+jwt-secret-is-base64 = false
 jwt-cache-max-lifetime = 7200
 log-level = "info"
 openapi-mode = "disabled"
diff --git a/test/io/configs/expected/no-defaults-with-db.config b/test/io/configs/expected/no-defaults-with-db.config
index 739f3a48f5d..a78347593c6 100644
--- a/test/io/configs/expected/no-defaults-with-db.config
+++ b/test/io/configs/expected/no-defaults-with-db.config
@@ -3,8 +3,8 @@ db-anon-role = "anonymous"
 db-channel = "postgrest"
 db-channel-enabled = false
 db-extra-search-path = "public,extensions,private"
-db-max-rows = 1000
-db-plan-enabled = true
+db-max-rows = 500
+db-plan-enabled = false
 db-pool = 1
 db-pool-acquisition-timeout = 30
 db-pool-max-lifetime = 3600
@@ -31,7 +31,7 @@ server-cors-allowed-origins = "http://origin.com"
 server-host = "0.0.0.0"
 server-port = 80
 server-trace-header = "CF-Ray"
-server-timing-enabled = true
+server-timing-enabled = false
 server-unix-socket = "/tmp/pgrst_io_test.sock"
 server-unix-socket-mode = "777"
 admin-server-port = 3001
diff --git a/test/io/db_config.sql b/test/io/db_config.sql
index 84be9097a88..1703fdf9eb2 100644
--- a/test/io/db_config.sql
+++ b/test/io/db_config.sql
@@ -1,31 +1,32 @@
 CREATE ROLE db_config_authenticator LOGIN NOINHERIT;
 
 -- reloadable config options
-ALTER ROLE db_config_authenticator SET pgrst.jwt_aud = 'https://example.org';
-ALTER ROLE db_config_authenticator SET pgrst.openapi_server_proxy_uri = 'https://example.org/api';
-ALTER ROLE db_config_authenticator SET pgrst.jwt_secret = 'REALLY=REALLY=REALLY=REALLY=VERY=SAFE';
-ALTER ROLE db_config_authenticator SET pgrst.jwt_secret_is_base64 = 'false';
-ALTER ROLE db_config_authenticator SET pgrst.jwt_role_claim_key = '."a"."role"';
-ALTER ROLE db_config_authenticator SET pgrst.jwt_cache_max_lifetime = '3600';
+-- these settings will override the values in configs/no-defaults.config, so they must be different
 ALTER ROLE db_config_authenticator SET pgrst.db_aggregates_enabled = 'false';
 ALTER ROLE db_config_authenticator SET pgrst.db_anon_role = 'anonymous';
-ALTER ROLE db_config_authenticator SET pgrst.db_tx_end = 'commit-allow-override';
+ALTER ROLE db_config_authenticator SET pgrst.db_extra_search_path = 'public, extensions';
+ALTER ROLE db_config_authenticator SET pgrst.db_max_rows = '500';
+ALTER ROLE db_config_authenticator SET pgrst.db_plan_enabled = 'false';
 ALTER ROLE db_config_authenticator SET pgrst.db_pre_config = 'postgrest.preconf';
-ALTER ROLE db_config_authenticator SET pgrst.db_schemas = 'test, tenant1, tenant2';
-ALTER ROLE db_config_authenticator SET pgrst.db_root_spec = 'root';
-ALTER ROLE db_config_authenticator SET pgrst.db_plan_enabled = 'true';
-ALTER ROLE db_config_authenticator SET pgrst.db_prepared_statements = 'false';
 ALTER ROLE db_config_authenticator SET pgrst.db_pre_request = 'test.custom_headers';
-ALTER ROLE db_config_authenticator SET pgrst.db_max_rows = '1000';
-ALTER ROLE db_config_authenticator SET pgrst.db_extra_search_path = 'public, extensions';
+ALTER ROLE db_config_authenticator SET pgrst.db_prepared_statements = 'false';
+ALTER ROLE db_config_authenticator SET pgrst.db_root_spec = 'root';
+ALTER ROLE db_config_authenticator SET pgrst.db_schemas = 'test, tenant1, tenant2';
+ALTER ROLE db_config_authenticator SET pgrst.db_tx_end = 'commit-allow-override';
+ALTER ROLE db_config_authenticator SET pgrst.jwt_aud = 'https://example.org';
+ALTER ROLE db_config_authenticator SET pgrst.jwt_cache_max_lifetime = '3600';
+ALTER ROLE db_config_authenticator SET pgrst.jwt_role_claim_key = '."a"."role"';
+ALTER ROLE db_config_authenticator SET pgrst.jwt_secret = 'REALLY=REALLY=REALLY=REALLY=VERY=SAFE';
+ALTER ROLE db_config_authenticator SET pgrst.jwt_secret_is_base64 = 'false';
 ALTER ROLE db_config_authenticator SET pgrst.not_existing = 'should be ignored';
+ALTER ROLE db_config_authenticator SET pgrst.openapi_server_proxy_uri = 'https://example.org/api';
 ALTER ROLE db_config_authenticator SET pgrst.server_cors_allowed_origins = 'http://origin.com';
+ALTER ROLE db_config_authenticator SET pgrst.server_timing_enabled = 'false';
 ALTER ROLE db_config_authenticator SET pgrst.server_trace_header = 'CF-Ray';
-ALTER ROLE db_config_authenticator SET pgrst.server_timing_enabled = 'true';
 
 -- override with database specific setting
-ALTER ROLE db_config_authenticator IN DATABASE :DBNAME SET pgrst.jwt_secret = 'OVERRIDE=REALLY=REALLY=REALLY=REALLY=VERY=SAFE';
 ALTER ROLE db_config_authenticator IN DATABASE :DBNAME SET pgrst.db_extra_search_path = 'public, extensions, private';
+ALTER ROLE db_config_authenticator IN DATABASE :DBNAME SET pgrst.jwt_secret = 'OVERRIDE=REALLY=REALLY=REALLY=REALLY=VERY=SAFE';
 ALTER ROLE db_config_authenticator IN DATABASE :DBNAME SET pgrst.not_existing = 'should be ignored';
 
 -- other database settings that should be ignored
@@ -33,43 +34,44 @@ CREATE DATABASE other;
 ALTER ROLE db_config_authenticator IN DATABASE other SET pgrst.db_max_rows = '1111';
 
 -- non-reloadable configs
-ALTER ROLE db_config_authenticator SET pgrst.server_host = 'ignored';
-ALTER ROLE db_config_authenticator SET pgrst.server_port = 'ignored';
-ALTER ROLE db_config_authenticator SET pgrst.server_unix_socket = 'ignored';
-ALTER ROLE db_config_authenticator SET pgrst.server_unix_socket_mode = 'ignored';
 ALTER ROLE db_config_authenticator SET pgrst.admin_server_port = 'ignored';
-ALTER ROLE db_config_authenticator SET pgrst.log_level = 'ignored';
-ALTER ROLE db_config_authenticator SET pgrst.db_uri = 'postgresql://ignored';
-ALTER ROLE db_config_authenticator SET pgrst.db_channel_enabled = 'ignored';
 ALTER ROLE db_config_authenticator SET pgrst.db_channel = 'ignored';
+ALTER ROLE db_config_authenticator SET pgrst.db_channel_enabled = 'ignored';
+ALTER ROLE db_config_authenticator SET pgrst.db_config = 'true';
 ALTER ROLE db_config_authenticator SET pgrst.db_pool = 'ignored';
-ALTER ROLE db_config_authenticator SET pgrst.db_pool_timeout = 'ignored';
 ALTER ROLE db_config_authenticator SET pgrst.db_pool_acquisition_timeout = 'ignored';
-ALTER ROLE db_config_authenticator SET pgrst.db_pool_max_lifetime = 'ignored';
+ALTER ROLE db_config_authenticator SET pgrst.db_pool_timeout = 'ignored';
 ALTER ROLE db_config_authenticator SET pgrst.db_pool_max_idletime = 'ignored';
-ALTER ROLE db_config_authenticator SET pgrst.db_config = 'true';
+ALTER ROLE db_config_authenticator SET pgrst.db_pool_max_lifetime = 'ignored';
+ALTER ROLE db_config_authenticator SET pgrst.db_uri = 'postgresql://ignored';
+ALTER ROLE db_config_authenticator SET pgrst.log_level = 'ignored';
+ALTER ROLE db_config_authenticator SET pgrst.server_host = 'ignored';
+ALTER ROLE db_config_authenticator SET pgrst.server_port = 'ignored';
+ALTER ROLE db_config_authenticator SET pgrst.server_unix_socket = 'ignored';
+ALTER ROLE db_config_authenticator SET pgrst.server_unix_socket_mode = 'ignored';
 
 -- other authenticator reloadable config options
+-- these settings will override the values in configs/no-defaults.config, so they must be different
 CREATE ROLE other_authenticator LOGIN NOINHERIT;
-ALTER ROLE other_authenticator SET pgrst.jwt_aud = 'https://otherexample.org';
-ALTER ROLE other_authenticator SET pgrst.openapi_server_proxy_uri = 'https://otherexample.org/api';
-ALTER ROLE other_authenticator SET pgrst.jwt_secret = 'ODERREALLYREALLYREALLYREALLYVERYSAFE';
-ALTER ROLE other_authenticator SET pgrst.jwt_secret_is_base64 = 'true';
-ALTER ROLE other_authenticator SET pgrst.jwt_cache_max_lifetime = '7200';
 ALTER ROLE other_authenticator SET pgrst.db_aggregates_enabled = 'false';
-ALTER ROLE other_authenticator SET pgrst.db_schemas = 'test, other_tenant1, other_tenant2';
-ALTER ROLE other_authenticator SET pgrst.db_root_spec = 'other_root';
+ALTER ROLE other_authenticator SET pgrst.db_extra_search_path = 'public, extensions, other';
+ALTER ROLE other_authenticator SET pgrst.db_max_rows = '100';
 ALTER ROLE other_authenticator SET pgrst.db_plan_enabled = 'true';
-ALTER ROLE other_authenticator SET pgrst.db_prepared_statements = 'false';
+ALTER ROLE other_authenticator SET pgrst.db_pre_config = 'postgrest.other_preconf';
 ALTER ROLE other_authenticator SET pgrst.db_pre_request = 'test.other_custom_headers';
-ALTER ROLE other_authenticator SET pgrst.db_max_rows = '100';
-ALTER ROLE other_authenticator SET pgrst.db_extra_search_path = 'public, extensions, other';
+ALTER ROLE other_authenticator SET pgrst.db_prepared_statements = 'false';
+ALTER ROLE other_authenticator SET pgrst.db_root_spec = 'other_root';
+ALTER ROLE other_authenticator SET pgrst.db_schemas = 'test, other_tenant1, other_tenant2';
+ALTER ROLE other_authenticator SET pgrst.jwt_aud = 'https://otherexample.org';
+ALTER ROLE other_authenticator SET pgrst.jwt_secret = 'ODERREALLYREALLYREALLYREALLYVERYSAFE';
+ALTER ROLE other_authenticator SET pgrst.jwt_secret_is_base64 = 'false';
+ALTER ROLE other_authenticator SET pgrst.jwt_cache_max_lifetime = '7200';
 ALTER ROLE other_authenticator SET pgrst.openapi_mode = 'disabled';
 ALTER ROLE other_authenticator SET pgrst.openapi_security_active = 'false';
+ALTER ROLE other_authenticator SET pgrst.openapi_server_proxy_uri = 'https://otherexample.org/api';
 ALTER ROLE other_authenticator SET pgrst.server_cors_allowed_origins = 'http://otherorigin.com';
-ALTER ROLE other_authenticator SET pgrst.server_trace_header = 'traceparent';
-ALTER ROLE other_authenticator SET pgrst.db_pre_config = 'postgrest.pre_config';
 ALTER ROLE other_authenticator SET pgrst.server_timing_enabled = 'true';
+ALTER ROLE other_authenticator SET pgrst.server_trace_header = 'traceparent';
 
 create schema postgrest;
 grant usage on schema postgrest to db_config_authenticator;
@@ -96,6 +98,12 @@ begin
   null;
 end $$ language plpgsql;
 
+create or replace function postgrest.other_preconf()
+returns void as $$
+begin
+  perform postgrest.pre_config();
+end $$ language plpgsql;
+
 -- authenticator used for tests that manipulate statement timeout
 CREATE ROLE timeout_authenticator LOGIN NOINHERIT;