hey i wonder what everyone use for testing that rls policies work as intended. I am now writing what seems to be close integration tests in typescript. In each test - i truncate everything - create user using supabase-js - populate db using dummy data directly via pg connection - use supabase-js to authenticate user - test queries It gets the job done, but is a bit tedious and fairly slow (about 1s/test on localhost). Am i missing something more obvious?

I compose most of my RLS rules using functions, this way I can just test that the function is working as expected without going through the RLS setup, but I like your solution as it gives you real integration tests.

you mean functions as in https://github.com/supabase/supabase/tree/master/examples/nextjs-slack-clone

create function public.authorize(
  requested_permission app_permission,
  user_id uuid
)
returns boolean as $$
declare
  bind_permissions int;
begin
  select count(*)
  from public.role_permissions
  inner join public.user_roles on role_permissions.role = user_roles.role
  where role_permissions.permission = authorize.requested_permission
    and user_roles.user_id = authorize.user_id
  into bind_permissions;

  return bind_permissions > 0;
end;
$$ language plpgsql security definer;

?

Yes Postgres functions

and what tools do you use to test those?

I test them directly inside the Supabase UI

ah right so no automated test suite, cool! thx

You can but you will need to make sure you are using the same hashing mechanism as Supabase is using for the password.