2019-11-21 19:44:44 +00:00
import os
import re
import time
2020-09-16 04:26:10 +00:00
import pytest
from helpers . cluster import ClickHouseCluster
from helpers . test_tools import assert_eq_with_retry , TSV
2019-11-21 19:44:44 +00:00
cluster = ClickHouseCluster ( __file__ )
2022-03-22 16:39:58 +00:00
node = cluster . add_instance (
" node " ,
main_configs = [ " configs/config.d/remote_servers.xml " ] ,
user_configs = [
" configs/users.d/row_policy.xml " ,
" configs/users.d/another_user.xml " ,
" configs/users.d/any_join_distinct_right_table_keys.xml " ,
] ,
with_zookeeper = True ,
)
node2 = cluster . add_instance (
" node2 " ,
main_configs = [ " configs/config.d/remote_servers.xml " ] ,
user_configs = [
" configs/users.d/row_policy.xml " ,
" configs/users.d/another_user.xml " ,
" configs/users.d/any_join_distinct_right_table_keys.xml " ,
] ,
with_zookeeper = True ,
)
2020-05-07 02:45:27 +00:00
nodes = [ node , node2 ]
2019-11-21 19:44:44 +00:00
2020-09-16 04:26:10 +00:00
def copy_policy_xml ( local_file_name , reload_immediately = True ) :
2019-11-21 19:44:44 +00:00
script_dir = os . path . dirname ( os . path . realpath ( __file__ ) )
2020-05-07 02:45:27 +00:00
for current_node in nodes :
2022-03-22 16:39:58 +00:00
current_node . copy_file_to_container (
os . path . join ( script_dir , local_file_name ) ,
" /etc/clickhouse-server/users.d/row_policy.xml " ,
)
2020-05-07 02:45:27 +00:00
if reload_immediately :
current_node . query ( " SYSTEM RELOAD CONFIG " )
2019-11-21 19:44:44 +00:00
@pytest.fixture ( scope = " module " , autouse = True )
def started_cluster ( ) :
try :
cluster . start ( )
2020-05-07 02:45:27 +00:00
for current_node in nodes :
2022-03-22 16:39:58 +00:00
current_node . query (
"""
2020-09-21 21:09:50 +00:00
CREATE DATABASE mydb ;
2019-11-21 19:44:44 +00:00
2020-05-07 02:45:27 +00:00
CREATE TABLE mydb . filtered_table1 ( a UInt8 , b UInt8 ) ENGINE MergeTree ORDER BY a ;
INSERT INTO mydb . filtered_table1 values ( 0 , 0 ) , ( 0 , 1 ) , ( 1 , 0 ) , ( 1 , 1 ) ;
2019-11-21 19:44:44 +00:00
2020-05-07 02:45:27 +00:00
CREATE TABLE mydb . table ( a UInt8 , b UInt8 ) ENGINE MergeTree ORDER BY a ;
INSERT INTO mydb . table values ( 0 , 0 ) , ( 0 , 1 ) , ( 1 , 0 ) , ( 1 , 1 ) ;
2020-01-10 16:53:47 +00:00
2020-05-07 02:45:27 +00:00
CREATE TABLE mydb . filtered_table2 ( a UInt8 , b UInt8 , c UInt8 , d UInt8 ) ENGINE MergeTree ORDER BY a ;
INSERT INTO mydb . filtered_table2 values ( 0 , 0 , 0 , 0 ) , ( 1 , 2 , 3 , 4 ) , ( 4 , 3 , 2 , 1 ) , ( 0 , 0 , 6 , 0 ) ;
2019-11-21 19:44:44 +00:00
2020-05-07 02:45:27 +00:00
CREATE TABLE mydb . filtered_table3 ( a UInt8 , b UInt8 , c UInt16 ALIAS a + b ) ENGINE MergeTree ORDER BY a ;
INSERT INTO mydb . filtered_table3 values ( 0 , 0 ) , ( 0 , 1 ) , ( 1 , 0 ) , ( 1 , 1 ) ;
2020-01-10 16:53:47 +00:00
2020-05-07 02:45:27 +00:00
CREATE TABLE mydb . ` . filtered_table4 ` ( a UInt8 , b UInt8 , c UInt16 ALIAS a + b ) ENGINE MergeTree ORDER BY a ;
INSERT INTO mydb . ` . filtered_table4 ` values ( 0 , 0 ) , ( 0 , 1 ) , ( 1 , 0 ) , ( 1 , 1 ) ;
2020-08-12 08:55:04 +00:00
2020-05-27 13:27:51 +00:00
CREATE TABLE mydb . local ( a UInt8 , b UInt8 ) ENGINE MergeTree ORDER BY a ;
2022-03-22 16:39:58 +00:00
"""
)
2020-01-10 09:24:05 +00:00
2020-05-27 13:27:51 +00:00
node . query ( " INSERT INTO mydb.local values (2, 0), (2, 1), (1, 0), (1, 1) " )
node2 . query ( " INSERT INTO mydb.local values (3, 0), (3, 1), (1, 0), (1, 1) " )
2019-11-21 19:44:44 +00:00
yield cluster
finally :
cluster . shutdown ( )
@pytest.fixture ( autouse = True )
def reset_policies ( ) :
try :
yield
finally :
2022-03-22 16:39:58 +00:00
copy_policy_xml ( " normal_filters.xml " )
2020-05-07 02:45:27 +00:00
for current_node in nodes :
current_node . query ( " DROP POLICY IF EXISTS pA, pB ON mydb.filtered_table1 " )
2022-05-30 16:24:06 +00:00
current_node . query ( " DROP POLICY IF EXISTS pC ON mydb.other_table " )
current_node . query ( " DROP POLICY IF EXISTS all_data ON dist_tbl, local_tbl " )
current_node . query (
" DROP POLICY IF EXISTS role1_data ON dist_tbl, local_tbl "
)
2019-11-21 19:44:44 +00:00
def test_smoke ( ) :
2020-09-16 04:26:10 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table1 " ) == TSV ( [ [ 1 , 0 ] , [ 1 , 1 ] ] )
2022-03-22 16:39:58 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table2 " ) == TSV (
[ [ 0 , 0 , 0 , 0 ] , [ 0 , 0 , 6 , 0 ] ]
)
2020-05-07 02:45:27 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table3 " ) == TSV ( [ [ 0 , 1 ] , [ 1 , 0 ] ] )
2019-11-21 19:44:44 +00:00
2020-05-07 02:45:27 +00:00
assert node . query ( " SELECT a FROM mydb.filtered_table1 " ) == TSV ( [ [ 1 ] , [ 1 ] ] )
assert node . query ( " SELECT b FROM mydb.filtered_table1 " ) == TSV ( [ [ 0 ] , [ 1 ] ] )
2022-03-22 16:39:58 +00:00
assert node . query ( " SELECT a FROM mydb.filtered_table1 WHERE a = 1 " ) == TSV (
[ [ 1 ] , [ 1 ] ]
)
assert node . query ( " SELECT a FROM mydb.filtered_table1 WHERE a IN (1) " ) == TSV (
[ [ 1 ] , [ 1 ] ]
)
2020-05-07 02:45:27 +00:00
assert node . query ( " SELECT a = 1 FROM mydb.filtered_table1 " ) == TSV ( [ [ 1 ] , [ 1 ] ] )
2019-11-21 19:44:44 +00:00
2020-05-07 02:45:27 +00:00
assert node . query ( " SELECT a FROM mydb.filtered_table3 " ) == TSV ( [ [ 0 ] , [ 1 ] ] )
assert node . query ( " SELECT b FROM mydb.filtered_table3 " ) == TSV ( [ [ 1 ] , [ 0 ] ] )
assert node . query ( " SELECT c FROM mydb.filtered_table3 " ) == TSV ( [ [ 1 ] , [ 1 ] ] )
assert node . query ( " SELECT a + b FROM mydb.filtered_table3 " ) == TSV ( [ [ 1 ] , [ 1 ] ] )
2022-03-22 16:39:58 +00:00
assert node . query ( " SELECT a FROM mydb.filtered_table3 WHERE c = 1 " ) == TSV (
[ [ 0 ] , [ 1 ] ]
)
2020-05-07 02:45:27 +00:00
assert node . query ( " SELECT c = 1 FROM mydb.filtered_table3 " ) == TSV ( [ [ 1 ] , [ 1 ] ] )
assert node . query ( " SELECT a + b = 1 FROM mydb.filtered_table3 " ) == TSV ( [ [ 1 ] , [ 1 ] ] )
2019-11-21 19:44:44 +00:00
def test_join ( ) :
2020-09-16 04:26:10 +00:00
assert node . query (
2022-03-22 16:39:58 +00:00
" SELECT * FROM mydb.filtered_table1 as t1 ANY LEFT JOIN mydb.filtered_table1 as t2 ON t1.a = t2.b "
) == TSV ( [ [ 1 , 0 , 1 , 1 ] , [ 1 , 1 , 1 , 1 ] ] )
2020-09-16 04:26:10 +00:00
assert node . query (
2022-03-22 16:39:58 +00:00
" SELECT * FROM mydb.filtered_table1 as t2 ANY RIGHT JOIN mydb.filtered_table1 as t1 ON t2.b = t1.a "
) == TSV ( [ [ 1 , 1 , 1 , 0 ] ] )
2019-11-21 19:44:44 +00:00
def test_cannot_trick_row_policy_with_keyword_with ( ) :
2022-03-22 16:39:58 +00:00
assert node . query ( " WITH 0 AS a SELECT a FROM mydb.filtered_table1 " ) == TSV (
[ [ 0 ] , [ 0 ] ]
)
assert node . query ( " WITH 0 AS a SELECT b FROM mydb.filtered_table1 " ) == TSV (
[ [ 0 ] , [ 1 ] ]
)
assert node . query ( " WITH 0 AS a SELECT * FROM mydb.filtered_table1 " ) == TSV (
[ [ 1 , 0 ] , [ 1 , 1 ] ]
)
assert node . query (
" WITH 0 AS a SELECT * FROM mydb.filtered_table1 WHERE a >= 0 AND b >= 0 SETTINGS optimize_move_to_prewhere = 0 "
) == TSV ( [ [ 1 , 0 ] , [ 1 , 1 ] ] )
assert node . query (
" WITH 0 AS a SELECT * FROM mydb.filtered_table1 PREWHERE a >= 0 AND b >= 0 "
) == TSV ( [ [ 1 , 0 ] , [ 1 , 1 ] ] )
assert node . query (
" WITH 0 AS a SELECT * FROM mydb.filtered_table1 PREWHERE a >= 0 WHERE b >= 0 "
) == TSV ( [ [ 1 , 0 ] , [ 1 , 1 ] ] )
assert node . query (
" WITH 0 AS a SELECT * FROM mydb.filtered_table1 PREWHERE b >= 0 WHERE a >= 0 "
) == TSV ( [ [ 1 , 0 ] , [ 1 , 1 ] ] )
assert node . query ( " WITH 0 AS a SELECT a, b FROM mydb.filtered_table1 " ) == TSV (
[ [ 0 , 0 ] , [ 0 , 1 ] ]
)
assert node . query (
" WITH 0 AS a SELECT a, b FROM mydb.filtered_table1 WHERE a >= 0 AND b >= 0 SETTINGS optimize_move_to_prewhere = 0 "
) == TSV ( [ [ 0 , 0 ] , [ 0 , 1 ] ] )
assert node . query (
" WITH 0 AS a SELECT a, b FROM mydb.filtered_table1 PREWHERE a >= 0 AND b >= 0 "
) == TSV ( [ [ 0 , 0 ] , [ 0 , 1 ] ] )
assert node . query (
" WITH 0 AS a SELECT a, b FROM mydb.filtered_table1 PREWHERE a >= 0 WHERE b >= 0 "
) == TSV ( [ [ 0 , 0 ] , [ 0 , 1 ] ] )
assert node . query (
" WITH 0 AS a SELECT a, b FROM mydb.filtered_table1 PREWHERE b >= 0 WHERE a >= 0 "
) == TSV ( [ [ 0 , 0 ] , [ 0 , 1 ] ] )
assert node . query ( " WITH 0 AS c SELECT * FROM mydb.filtered_table3 " ) == TSV (
[ [ 0 , 1 ] , [ 1 , 0 ] ]
)
assert node . query (
" WITH 0 AS c SELECT * FROM mydb.filtered_table3 WHERE c >= 0 AND a >= 0 SETTINGS optimize_move_to_prewhere = 0 "
) == TSV ( [ [ 0 , 1 ] , [ 1 , 0 ] ] )
assert node . query (
" WITH 0 AS c SELECT * FROM mydb.filtered_table3 PREWHERE c >= 0 AND a >= 0 "
) == TSV ( [ [ 0 , 1 ] , [ 1 , 0 ] ] )
assert node . query (
" WITH 0 AS c SELECT * FROM mydb.filtered_table3 PREWHERE c >= 0 WHERE a >= 0 "
) == TSV ( [ [ 0 , 1 ] , [ 1 , 0 ] ] )
assert node . query (
" WITH 0 AS c SELECT * FROM mydb.filtered_table3 PREWHERE a >= 0 WHERE c >= 0 "
) == TSV ( [ [ 0 , 1 ] , [ 1 , 0 ] ] )
assert node . query ( " WITH 0 AS c SELECT a, b, c FROM mydb.filtered_table3 " ) == TSV (
[ [ 0 , 1 , 0 ] , [ 1 , 0 , 0 ] ]
)
assert node . query (
" WITH 0 AS c SELECT a, b, c FROM mydb.filtered_table3 WHERE c >= 0 AND a >= 0 SETTINGS optimize_move_to_prewhere = 0 "
) == TSV ( [ [ 0 , 1 , 0 ] , [ 1 , 0 , 0 ] ] )
assert node . query (
" WITH 0 AS c SELECT a, b, c FROM mydb.filtered_table3 PREWHERE c >= 0 AND a >= 0 "
) == TSV ( [ [ 0 , 1 , 0 ] , [ 1 , 0 , 0 ] ] )
assert node . query (
" WITH 0 AS c SELECT a, b, c FROM mydb.filtered_table3 PREWHERE c >= 0 WHERE a >= 0 "
) == TSV ( [ [ 0 , 1 , 0 ] , [ 1 , 0 , 0 ] ] )
assert node . query (
" WITH 0 AS c SELECT a, b, c FROM mydb.filtered_table3 PREWHERE a >= 0 WHERE c >= 0 "
) == TSV ( [ [ 0 , 1 , 0 ] , [ 1 , 0 , 0 ] ] )
2019-11-21 19:44:44 +00:00
2020-05-27 13:27:51 +00:00
def test_policy_from_users_xml_affects_only_user_assigned ( ) :
2020-09-16 04:26:10 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table1 " ) == TSV ( [ [ 1 , 0 ] , [ 1 , 1 ] ] )
2022-03-22 16:39:58 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table1 " , user = " another " ) == TSV (
[ [ 0 , 0 ] , [ 0 , 1 ] , [ 1 , 0 ] , [ 1 , 1 ] ]
)
2020-05-27 13:27:51 +00:00
2022-03-22 16:39:58 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table2 " ) == TSV (
[ [ 0 , 0 , 0 , 0 ] , [ 0 , 0 , 6 , 0 ] ]
)
2020-09-16 04:26:10 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table2 " , user = " another " ) == TSV (
2022-03-22 16:39:58 +00:00
[ [ 0 , 0 , 0 , 0 ] , [ 0 , 0 , 6 , 0 ] , [ 1 , 2 , 3 , 4 ] , [ 4 , 3 , 2 , 1 ] ]
)
2020-05-27 13:27:51 +00:00
2022-03-22 16:39:58 +00:00
assert node . query ( " SELECT * FROM mydb.local " ) == TSV (
[ [ 1 , 0 ] , [ 1 , 1 ] , [ 2 , 0 ] , [ 2 , 1 ] ]
)
assert node . query ( " SELECT * FROM mydb.local " , user = " another " ) == TSV (
[ [ 1 , 0 ] , [ 1 , 1 ] ]
)
2020-05-27 13:27:51 +00:00
2021-02-18 22:47:28 +00:00
def test_with_prewhere ( ) :
2022-03-22 16:39:58 +00:00
copy_policy_xml ( " normal_filter2_table2.xml " )
assert node . query (
" SELECT * FROM mydb.filtered_table2 WHERE a > 1 SETTINGS optimize_move_to_prewhere = 0 "
) == TSV ( [ [ 4 , 3 , 2 , 1 ] ] )
assert node . query (
" SELECT a FROM mydb.filtered_table2 WHERE a > 1 SETTINGS optimize_move_to_prewhere = 0 "
) == TSV ( [ [ 4 ] ] )
assert node . query (
" SELECT a, b FROM mydb.filtered_table2 WHERE a > 1 SETTINGS optimize_move_to_prewhere = 0 "
) == TSV ( [ [ 4 , 3 ] ] )
assert node . query (
" SELECT b, c FROM mydb.filtered_table2 WHERE a > 1 SETTINGS optimize_move_to_prewhere = 0 "
) == TSV ( [ [ 3 , 2 ] ] )
assert node . query (
" SELECT d FROM mydb.filtered_table2 WHERE a > 1 SETTINGS optimize_move_to_prewhere = 0 "
) == TSV ( [ [ 1 ] ] )
assert node . query ( " SELECT * FROM mydb.filtered_table2 PREWHERE a > 1 " ) == TSV (
[ [ 4 , 3 , 2 , 1 ] ]
)
assert node . query ( " SELECT a FROM mydb.filtered_table2 PREWHERE a > 1 " ) == TSV ( [ [ 4 ] ] )
assert node . query ( " SELECT a, b FROM mydb.filtered_table2 PREWHERE a > 1 " ) == TSV (
[ [ 4 , 3 ] ]
)
assert node . query ( " SELECT b, c FROM mydb.filtered_table2 PREWHERE a > 1 " ) == TSV (
[ [ 3 , 2 ] ]
)
assert node . query ( " SELECT d FROM mydb.filtered_table2 PREWHERE a > 1 " ) == TSV ( [ [ 1 ] ] )
assert node . query (
" SELECT * FROM mydb.filtered_table2 PREWHERE a < 4 WHERE b < 10 "
) == TSV ( [ [ 1 , 2 , 3 , 4 ] ] )
assert node . query (
" SELECT a FROM mydb.filtered_table2 PREWHERE a < 4 WHERE b < 10 "
) == TSV ( [ [ 1 ] ] )
assert node . query (
" SELECT b FROM mydb.filtered_table2 PREWHERE a < 4 WHERE b < 10 "
) == TSV ( [ [ 2 ] ] )
assert node . query (
" SELECT a, b FROM mydb.filtered_table2 PREWHERE a < 4 WHERE b < 10 "
) == TSV ( [ [ 1 , 2 ] ] )
assert node . query (
" SELECT a, c FROM mydb.filtered_table2 PREWHERE a < 4 WHERE b < 10 "
) == TSV ( [ [ 1 , 3 ] ] )
assert node . query (
" SELECT b, d FROM mydb.filtered_table2 PREWHERE a < 4 WHERE b < 10 "
) == TSV ( [ [ 2 , 4 ] ] )
assert node . query (
" SELECT c, d FROM mydb.filtered_table2 PREWHERE a < 4 WHERE b < 10 "
) == TSV ( [ [ 3 , 4 ] ] )
2021-02-18 22:47:28 +00:00
2021-02-20 06:47:29 +00:00
def test_throwif_error_in_where_with_same_condition_as_filter ( ) :
2022-03-22 16:39:58 +00:00
copy_policy_xml ( " normal_filter2_table2.xml " )
assert " expected " in node . query_and_get_error (
" SELECT * FROM mydb.filtered_table2 WHERE throwIf(a > 0, ' expected ' ) = 0 SETTINGS optimize_move_to_prewhere = 0 "
)
2021-02-20 06:47:29 +00:00
def test_throwif_error_in_prewhere_with_same_condition_as_filter ( ) :
2022-03-22 16:39:58 +00:00
copy_policy_xml ( " normal_filter2_table2.xml " )
assert " expected " in node . query_and_get_error (
" SELECT * FROM mydb.filtered_table2 PREWHERE throwIf(a > 0, ' expected ' ) = 0 "
)
2021-02-20 06:47:29 +00:00
def test_throwif_in_where_doesnt_expose_restricted_data ( ) :
2022-03-22 16:39:58 +00:00
copy_policy_xml ( " no_filters.xml " )
assert " expected " in node . query_and_get_error (
" SELECT * FROM mydb.filtered_table2 WHERE throwIf(a = 0, ' expected ' ) = 0 SETTINGS optimize_move_to_prewhere = 0 "
)
2021-02-19 15:32:35 +00:00
2022-03-22 16:39:58 +00:00
copy_policy_xml ( " normal_filter2_table2.xml " )
assert node . query (
" SELECT * FROM mydb.filtered_table2 WHERE throwIf(a = 0, ' pwned ' ) = 0 SETTINGS optimize_move_to_prewhere = 0 "
) == TSV ( [ [ 1 , 2 , 3 , 4 ] , [ 4 , 3 , 2 , 1 ] ] )
2021-02-19 15:32:35 +00:00
2021-02-20 06:47:29 +00:00
def test_throwif_in_prewhere_doesnt_expose_restricted_data ( ) :
2022-03-22 16:39:58 +00:00
copy_policy_xml ( " no_filters.xml " )
assert " expected " in node . query_and_get_error (
" SELECT * FROM mydb.filtered_table2 PREWHERE throwIf(a = 0, ' expected ' ) = 0 "
)
2021-02-18 22:47:28 +00:00
2022-03-22 16:39:58 +00:00
copy_policy_xml ( " normal_filter2_table2.xml " )
assert node . query (
" SELECT * FROM mydb.filtered_table2 PREWHERE throwIf(a = 0, ' pwned ' ) = 0 "
) == TSV ( [ [ 1 , 2 , 3 , 4 ] , [ 4 , 3 , 2 , 1 ] ] )
2021-02-18 22:47:28 +00:00
2019-11-21 19:44:44 +00:00
def test_change_of_users_xml_changes_row_policies ( ) :
2022-03-22 16:39:58 +00:00
copy_policy_xml ( " normal_filters.xml " )
2020-05-07 02:45:27 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table1 " ) == TSV ( [ [ 1 , 0 ] , [ 1 , 1 ] ] )
2022-03-22 16:39:58 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table2 " ) == TSV (
[ [ 0 , 0 , 0 , 0 ] , [ 0 , 0 , 6 , 0 ] ]
)
2020-05-07 02:45:27 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table3 " ) == TSV ( [ [ 0 , 1 ] , [ 1 , 0 ] ] )
2019-11-21 19:44:44 +00:00
2022-03-22 16:39:58 +00:00
copy_policy_xml ( " all_rows.xml " )
assert node . query ( " SELECT * FROM mydb.filtered_table1 " ) == TSV (
[ [ 0 , 0 ] , [ 0 , 1 ] , [ 1 , 0 ] , [ 1 , 1 ] ]
)
2020-09-16 04:26:10 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table2 " ) == TSV (
2022-03-22 16:39:58 +00:00
[ [ 0 , 0 , 0 , 0 ] , [ 0 , 0 , 6 , 0 ] , [ 1 , 2 , 3 , 4 ] , [ 4 , 3 , 2 , 1 ] ]
)
assert node . query ( " SELECT * FROM mydb.filtered_table3 " ) == TSV (
[ [ 0 , 0 ] , [ 0 , 1 ] , [ 1 , 0 ] , [ 1 , 1 ] ]
)
2019-11-21 19:44:44 +00:00
2022-03-22 16:39:58 +00:00
copy_policy_xml ( " no_rows.xml " )
2020-05-07 02:45:27 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table1 " ) == " "
assert node . query ( " SELECT * FROM mydb.filtered_table2 " ) == " "
assert node . query ( " SELECT * FROM mydb.filtered_table3 " ) == " "
2019-11-21 19:44:44 +00:00
2022-03-22 16:39:58 +00:00
copy_policy_xml ( " normal_filters.xml " )
2020-05-07 02:45:27 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table1 " ) == TSV ( [ [ 1 , 0 ] , [ 1 , 1 ] ] )
2022-03-22 16:39:58 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table2 " ) == TSV (
[ [ 0 , 0 , 0 , 0 ] , [ 0 , 0 , 6 , 0 ] ]
)
2020-05-07 02:45:27 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table3 " ) == TSV ( [ [ 0 , 1 ] , [ 1 , 0 ] ] )
2019-11-21 19:44:44 +00:00
2022-03-22 16:39:58 +00:00
copy_policy_xml ( " normal_filter2_table2.xml " )
assert node . query ( " SELECT * FROM mydb.filtered_table1 " ) == TSV (
[ [ 0 , 0 ] , [ 0 , 1 ] , [ 1 , 0 ] , [ 1 , 1 ] ]
)
assert node . query ( " SELECT * FROM mydb.filtered_table2 " ) == TSV (
[ [ 1 , 2 , 3 , 4 ] , [ 4 , 3 , 2 , 1 ] ]
)
assert node . query ( " SELECT * FROM mydb.filtered_table3 " ) == TSV (
[ [ 0 , 0 ] , [ 0 , 1 ] , [ 1 , 0 ] , [ 1 , 1 ] ]
)
copy_policy_xml ( " no_filters.xml " )
assert node . query ( " SELECT * FROM mydb.filtered_table1 " ) == TSV (
[ [ 0 , 0 ] , [ 0 , 1 ] , [ 1 , 0 ] , [ 1 , 1 ] ]
)
2020-09-16 04:26:10 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table2 " ) == TSV (
2022-03-22 16:39:58 +00:00
[ [ 0 , 0 , 0 , 0 ] , [ 0 , 0 , 6 , 0 ] , [ 1 , 2 , 3 , 4 ] , [ 4 , 3 , 2 , 1 ] ]
)
assert node . query ( " SELECT * FROM mydb.filtered_table3 " ) == TSV (
[ [ 0 , 0 ] , [ 0 , 1 ] , [ 1 , 0 ] , [ 1 , 1 ] ]
)
2019-11-21 19:44:44 +00:00
2022-03-22 16:39:58 +00:00
copy_policy_xml ( " normal_filters.xml " )
2020-05-07 02:45:27 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table1 " ) == TSV ( [ [ 1 , 0 ] , [ 1 , 1 ] ] )
2022-03-22 16:39:58 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table2 " ) == TSV (
[ [ 0 , 0 , 0 , 0 ] , [ 0 , 0 , 6 , 0 ] ]
)
2020-05-07 02:45:27 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table3 " ) == TSV ( [ [ 0 , 1 ] , [ 1 , 0 ] ] )
2019-11-21 19:44:44 +00:00
def test_reload_users_xml_by_timer ( ) :
2022-03-22 16:39:58 +00:00
copy_policy_xml ( " normal_filters.xml " )
2020-05-07 02:45:27 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table1 " ) == TSV ( [ [ 1 , 0 ] , [ 1 , 1 ] ] )
2022-03-22 16:39:58 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table2 " ) == TSV (
[ [ 0 , 0 , 0 , 0 ] , [ 0 , 0 , 6 , 0 ] ]
)
2020-05-07 02:45:27 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table3 " ) == TSV ( [ [ 0 , 1 ] , [ 1 , 0 ] ] )
2019-11-21 19:44:44 +00:00
2022-03-22 16:39:58 +00:00
time . sleep (
1
) # The modification time of the 'row_policy.xml' file should be different.
copy_policy_xml ( " all_rows.xml " , False )
assert_eq_with_retry (
node , " SELECT * FROM mydb.filtered_table1 " , [ [ 0 , 0 ] , [ 0 , 1 ] , [ 1 , 0 ] , [ 1 , 1 ] ]
)
assert_eq_with_retry (
node ,
" SELECT * FROM mydb.filtered_table2 " ,
[ [ 0 , 0 , 0 , 0 ] , [ 0 , 0 , 6 , 0 ] , [ 1 , 2 , 3 , 4 ] , [ 4 , 3 , 2 , 1 ] ] ,
)
assert_eq_with_retry (
node , " SELECT * FROM mydb.filtered_table3 " , [ [ 0 , 0 ] , [ 0 , 1 ] , [ 1 , 0 ] , [ 1 , 1 ] ]
)
time . sleep (
1
) # The modification time of the 'row_policy.xml' file should be different.
copy_policy_xml ( " normal_filters.xml " , False )
2020-05-07 02:45:27 +00:00
assert_eq_with_retry ( node , " SELECT * FROM mydb.filtered_table1 " , [ [ 1 , 0 ] , [ 1 , 1 ] ] )
2022-03-22 16:39:58 +00:00
assert_eq_with_retry (
node , " SELECT * FROM mydb.filtered_table2 " , [ [ 0 , 0 , 0 , 0 ] , [ 0 , 0 , 6 , 0 ] ]
)
2020-05-07 02:45:27 +00:00
assert_eq_with_retry ( node , " SELECT * FROM mydb.filtered_table3 " , [ [ 0 , 1 ] , [ 1 , 0 ] ] )
2019-12-03 18:19:11 +00:00
def test_introspection ( ) :
2020-05-07 02:45:27 +00:00
policies = [
2022-03-22 16:39:58 +00:00
[
" another ON mydb.local " ,
" another " ,
" mydb " ,
" local " ,
" 5b23c389-7e18-06bf-a6bc-dd1afbbc0a97 " ,
" users.xml " ,
" a = 1 " ,
0 ,
0 ,
" [ ' another ' ] " ,
" [] " ,
] ,
[
" default ON mydb.filtered_table1 " ,
" default " ,
" mydb " ,
" filtered_table1 " ,
" 9e8a8f62-4965-2b5e-8599-57c7b99b3549 " ,
" users.xml " ,
" a = 1 " ,
0 ,
0 ,
" [ ' default ' ] " ,
" [] " ,
] ,
[
" default ON mydb.filtered_table2 " ,
" default " ,
" mydb " ,
" filtered_table2 " ,
" cffae79d-b9bf-a2ef-b798-019c18470b25 " ,
" users.xml " ,
" a + b < 1 or c - d > 5 " ,
0 ,
0 ,
" [ ' default ' ] " ,
" [] " ,
] ,
[
" default ON mydb.filtered_table3 " ,
" default " ,
" mydb " ,
" filtered_table3 " ,
" 12fc5cef-e3da-3940-ec79-d8be3911f42b " ,
" users.xml " ,
" c = 1 " ,
0 ,
0 ,
" [ ' default ' ] " ,
" [] " ,
] ,
2020-05-07 02:45:27 +00:00
]
2022-03-22 16:39:58 +00:00
assert node . query (
" SELECT * from system.row_policies ORDER BY short_name, database, table "
) == TSV ( policies )
2019-11-29 17:22:56 +00:00
def test_dcl_introspection ( ) :
2020-09-16 04:26:10 +00:00
assert node . query ( " SHOW POLICIES " ) == TSV (
2022-03-22 16:39:58 +00:00
[
" another ON mydb.local " ,
" default ON mydb.filtered_table1 " ,
" default ON mydb.filtered_table2 " ,
" default ON mydb.filtered_table3 " ,
]
)
2022-05-06 23:37:23 +00:00
assert node . query ( " SHOW POLICIES ON mydb.filtered_table1 " ) == TSV ( [ " default " ] )
assert node . query ( " SHOW POLICIES ON mydb.local " ) == TSV ( [ " another " ] )
2020-09-16 04:26:10 +00:00
assert node . query ( " SHOW POLICIES ON mydb.* " ) == TSV (
2022-03-22 16:39:58 +00:00
[
" another ON mydb.local " ,
" default ON mydb.filtered_table1 " ,
" default ON mydb.filtered_table2 " ,
" default ON mydb.filtered_table3 " ,
]
)
2020-09-16 04:26:10 +00:00
assert node . query ( " SHOW POLICIES default " ) == TSV (
2022-03-22 16:39:58 +00:00
[
" default ON mydb.filtered_table1 " ,
" default ON mydb.filtered_table2 " ,
" default ON mydb.filtered_table3 " ,
]
)
assert (
node . query ( " SHOW CREATE POLICY default ON mydb.filtered_table1 " )
== " CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING a = 1 TO default \n "
)
assert (
node . query ( " SHOW CREATE POLICY default ON mydb.filtered_table2 " )
== " CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING ((a + b) < 1) OR ((c - d) > 5) TO default \n "
)
assert (
node . query ( " SHOW CREATE POLICY default ON mydb.filtered_table3 " )
== " CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING c = 1 TO default \n "
)
2022-05-06 23:37:23 +00:00
assert " no row policy " in node . query_and_get_error (
" SHOW CREATE POLICY default ON mydb.local "
2022-03-22 16:39:58 +00:00
)
2020-09-16 04:26:10 +00:00
assert node . query ( " SHOW CREATE POLICY default " ) == TSV (
2022-03-22 16:39:58 +00:00
[
" CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING a = 1 TO default " ,
" CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING ((a + b) < 1) OR ((c - d) > 5) TO default " ,
" CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING c = 1 TO default " ,
]
)
2020-09-16 04:26:10 +00:00
assert node . query ( " SHOW CREATE POLICIES ON mydb.filtered_table1 " ) == TSV (
2022-03-22 16:39:58 +00:00
[
" CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING a = 1 TO default " ,
]
)
2020-09-16 04:26:10 +00:00
assert node . query ( " SHOW CREATE POLICIES ON mydb.* " ) == TSV (
2022-03-22 16:39:58 +00:00
[
" CREATE ROW POLICY another ON mydb.local FOR SELECT USING a = 1 TO another " ,
" CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING a = 1 TO default " ,
" CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING ((a + b) < 1) OR ((c - d) > 5) TO default " ,
" CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING c = 1 TO default " ,
]
)
2020-09-16 04:26:10 +00:00
assert node . query ( " SHOW CREATE POLICIES " ) == TSV (
2022-03-22 16:39:58 +00:00
[
" CREATE ROW POLICY another ON mydb.local FOR SELECT USING a = 1 TO another " ,
" CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING a = 1 TO default " ,
" CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING ((a + b) < 1) OR ((c - d) > 5) TO default " ,
" CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING c = 1 TO default " ,
]
)
expected_access = (
" CREATE ROW POLICY another ON mydb.local FOR SELECT USING a = 1 TO another \n "
" CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING a = 1 TO default \n "
" CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING ((a + b) < 1) OR ((c - d) > 5) TO default \n "
" CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING c = 1 TO default \n "
)
2020-06-10 23:08:37 +00:00
assert expected_access in node . query ( " SHOW ACCESS " )
2022-03-22 16:39:58 +00:00
copy_policy_xml ( " all_rows.xml " )
2020-09-16 04:26:10 +00:00
assert node . query ( " SHOW POLICIES " ) == TSV (
2022-03-22 16:39:58 +00:00
[
" default ON mydb.filtered_table1 " ,
" default ON mydb.filtered_table2 " ,
" default ON mydb.filtered_table3 " ,
]
)
assert (
node . query ( " SHOW CREATE POLICY default ON mydb.filtered_table1 " )
== " CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING 1 TO default \n "
)
assert (
node . query ( " SHOW CREATE POLICY default ON mydb.filtered_table2 " )
== " CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING 1 TO default \n "
)
assert (
node . query ( " SHOW CREATE POLICY default ON mydb.filtered_table3 " )
== " CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING 1 TO default \n "
)
copy_policy_xml ( " no_rows.xml " )
2020-09-16 04:26:10 +00:00
assert node . query ( " SHOW POLICIES " ) == TSV (
2022-03-22 16:39:58 +00:00
[
" default ON mydb.filtered_table1 " ,
" default ON mydb.filtered_table2 " ,
" default ON mydb.filtered_table3 " ,
]
)
assert (
node . query ( " SHOW CREATE POLICY default ON mydb.filtered_table1 " )
== " CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING NULL TO default \n "
)
assert (
node . query ( " SHOW CREATE POLICY default ON mydb.filtered_table2 " )
== " CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING NULL TO default \n "
)
assert (
node . query ( " SHOW CREATE POLICY default ON mydb.filtered_table3 " )
== " CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING NULL TO default \n "
)
copy_policy_xml ( " no_filters.xml " )
2020-05-07 02:45:27 +00:00
assert node . query ( " SHOW POLICIES " ) == " "
2019-11-29 17:22:56 +00:00
def test_dcl_management ( ) :
2022-03-22 16:39:58 +00:00
copy_policy_xml ( " no_filters.xml " )
2020-05-07 02:45:27 +00:00
assert node . query ( " SHOW POLICIES " ) == " "
2019-11-29 17:22:56 +00:00
2020-05-07 02:45:27 +00:00
node . query ( " CREATE POLICY pA ON mydb.filtered_table1 FOR SELECT USING a<b " )
2022-05-06 23:37:23 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table1 " ) == TSV (
[ [ 0 , 0 ] , [ 0 , 1 ] , [ 1 , 0 ] , [ 1 , 1 ] ]
)
2020-05-07 02:45:27 +00:00
assert node . query ( " SHOW POLICIES ON mydb.filtered_table1 " ) == " pA \n "
2019-11-29 17:22:56 +00:00
2020-05-07 02:45:27 +00:00
node . query ( " ALTER POLICY pA ON mydb.filtered_table1 TO default " )
assert node . query ( " SELECT * FROM mydb.filtered_table1 " ) == TSV ( [ [ 0 , 1 ] ] )
assert node . query ( " SHOW POLICIES ON mydb.filtered_table1 " ) == " pA \n "
2019-11-29 17:22:56 +00:00
2020-05-07 02:45:27 +00:00
node . query ( " ALTER POLICY pA ON mydb.filtered_table1 FOR SELECT USING a>b " )
assert node . query ( " SELECT * FROM mydb.filtered_table1 " ) == TSV ( [ [ 1 , 0 ] ] )
2019-11-29 17:22:56 +00:00
2020-05-07 02:45:27 +00:00
node . query ( " ALTER POLICY pA ON mydb.filtered_table1 RENAME TO pB " )
assert node . query ( " SELECT * FROM mydb.filtered_table1 " ) == TSV ( [ [ 1 , 0 ] ] )
assert node . query ( " SHOW POLICIES ON mydb.filtered_table1 " ) == " pB \n "
2022-03-22 16:39:58 +00:00
assert (
node . query ( " SHOW CREATE POLICY pB ON mydb.filtered_table1 " )
== " CREATE ROW POLICY pB ON mydb.filtered_table1 FOR SELECT USING a > b TO default \n "
)
2019-11-29 17:22:56 +00:00
2020-05-07 02:45:27 +00:00
node . query ( " DROP POLICY pB ON mydb.filtered_table1 " )
2022-03-22 16:39:58 +00:00
assert node . query ( " SELECT * FROM mydb.filtered_table1 " ) == TSV (
[ [ 0 , 0 ] , [ 0 , 1 ] , [ 1 , 0 ] , [ 1 , 1 ] ]
)
2020-05-07 02:45:27 +00:00
assert node . query ( " SHOW POLICIES " ) == " "
2019-11-29 17:22:56 +00:00
2022-02-10 09:39:33 +00:00
def test_grant_create_row_policy ( ) :
2022-03-22 16:39:58 +00:00
copy_policy_xml ( " no_filters.xml " )
2022-02-10 09:39:33 +00:00
assert node . query ( " SHOW POLICIES " ) == " "
node . query ( " CREATE USER X " )
expected_error = " necessary to have grant CREATE ROW POLICY ON mydb.filtered_table1 "
2022-03-22 16:39:58 +00:00
assert expected_error in node . query_and_get_error (
" CREATE POLICY pA ON mydb.filtered_table1 FOR SELECT USING a<b " , user = " X "
)
2022-02-10 09:39:33 +00:00
node . query ( " GRANT CREATE POLICY ON mydb.filtered_table1 TO X " )
2022-03-22 16:39:58 +00:00
node . query (
" CREATE POLICY pA ON mydb.filtered_table1 FOR SELECT USING a<b " , user = " X "
)
2022-02-10 09:39:33 +00:00
expected_error = " necessary to have grant CREATE ROW POLICY ON mydb.filtered_table2 "
2022-03-22 16:39:58 +00:00
assert expected_error in node . query_and_get_error (
" CREATE POLICY pA ON mydb.filtered_table2 FOR SELECT USING a<b " , user = " X "
)
2022-02-10 09:39:33 +00:00
expected_error = " necessary to have grant ALTER ROW POLICY ON mydb.filtered_table1 "
2022-03-22 16:39:58 +00:00
assert expected_error in node . query_and_get_error (
" ALTER POLICY pA ON mydb.filtered_table1 FOR SELECT USING a==b " , user = " X "
)
2022-02-10 09:39:33 +00:00
node . query ( " GRANT ALTER POLICY ON mydb.filtered_table1 TO X " )
2022-03-22 16:39:58 +00:00
node . query (
" ALTER POLICY pA ON mydb.filtered_table1 FOR SELECT USING a==b " , user = " X "
)
2022-02-10 09:39:33 +00:00
expected_error = " necessary to have grant ALTER ROW POLICY ON mydb.filtered_table2 "
2022-03-22 16:39:58 +00:00
assert expected_error in node . query_and_get_error (
" ALTER POLICY pA ON mydb.filtered_table2 FOR SELECT USING a==b " , user = " X "
)
2022-02-10 09:39:33 +00:00
expected_error = " necessary to have grant DROP ROW POLICY ON mydb.filtered_table1 "
2022-03-22 16:39:58 +00:00
assert expected_error in node . query_and_get_error (
" DROP POLICY pA ON mydb.filtered_table1 " , user = " X "
)
2022-02-10 09:39:33 +00:00
node . query ( " GRANT DROP POLICY ON mydb.filtered_table1 TO X " )
2022-03-22 16:39:58 +00:00
node . query ( " DROP POLICY pA ON mydb.filtered_table1 " , user = " X " )
2022-02-10 09:39:33 +00:00
expected_error = " necessary to have grant DROP ROW POLICY ON mydb.filtered_table2 "
2022-03-22 16:39:58 +00:00
assert expected_error in node . query_and_get_error (
" DROP POLICY pA ON mydb.filtered_table2 " , user = " X "
)
2022-02-10 09:39:33 +00:00
node . query ( " REVOKE ALL ON *.* FROM X " )
expected_error = " necessary to have grant CREATE ROW POLICY ON mydb.filtered_table1 "
2022-03-22 16:39:58 +00:00
assert expected_error in node . query_and_get_error (
" CREATE POLICY pA ON mydb.filtered_table1 FOR SELECT USING a<b " , user = " X "
)
2022-02-10 09:39:33 +00:00
node . query ( " GRANT CREATE POLICY ON *.* TO X " )
2022-03-22 16:39:58 +00:00
node . query (
" CREATE POLICY pA ON mydb.filtered_table1 FOR SELECT USING a<b " , user = " X "
)
2022-02-10 09:39:33 +00:00
expected_error = " necessary to have grant ALTER ROW POLICY ON mydb.filtered_table1 "
2022-03-22 16:39:58 +00:00
assert expected_error in node . query_and_get_error (
" ALTER POLICY pA ON mydb.filtered_table1 FOR SELECT USING a==b " , user = " X "
)
2022-02-10 09:39:33 +00:00
node . query ( " GRANT ALTER POLICY ON *.* TO X " )
2022-03-22 16:39:58 +00:00
node . query (
" ALTER POLICY pA ON mydb.filtered_table1 FOR SELECT USING a==b " , user = " X "
)
2022-02-10 09:39:33 +00:00
expected_error = " necessary to have grant DROP ROW POLICY ON mydb.filtered_table1 "
2022-03-22 16:39:58 +00:00
assert expected_error in node . query_and_get_error (
" DROP POLICY pA ON mydb.filtered_table1 " , user = " X "
)
2022-02-10 09:39:33 +00:00
node . query ( " GRANT DROP POLICY ON *.* TO X " )
2022-03-22 16:39:58 +00:00
node . query ( " DROP POLICY pA ON mydb.filtered_table1 " , user = " X " )
2022-02-10 09:39:33 +00:00
node . query ( " DROP USER X " )
2022-02-11 19:30:38 +00:00
2019-11-29 17:22:56 +00:00
def test_users_xml_is_readonly ( ) :
2022-03-22 16:39:58 +00:00
assert re . search (
" storage is readonly " ,
node . query_and_get_error ( " DROP POLICY default ON mydb.filtered_table1 " ) ,
)
2020-02-07 19:31:09 +00:00
2022-05-06 23:37:23 +00:00
def test_dcl_users_with_policies_from_users_xml ( ) :
node . query ( " CREATE USER X " )
node . query ( " GRANT SELECT ON mydb.filtered_table1 TO X " )
assert node . query ( " SELECT * FROM mydb.filtered_table1 " ) == TSV ( [ [ 1 , 0 ] , [ 1 , 1 ] ] )
assert node . query ( " SELECT * FROM mydb.filtered_table1 " , user = " X " ) == TSV (
[ [ 0 , 0 ] , [ 0 , 1 ] , [ 1 , 0 ] , [ 1 , 1 ] ]
)
node . query ( " DROP USER X " )
def test_some_users_without_policies ( ) :
copy_policy_xml ( " no_filters.xml " )
assert node . query ( " SHOW POLICIES " ) == " "
node . query ( " CREATE USER X, Y " )
node . query ( " GRANT SELECT ON mydb.filtered_table1 TO X, Y " )
# permissive a >= b for X, none for Y
node . query (
" CREATE POLICY pA ON mydb.filtered_table1 FOR SELECT USING a >= b AS permissive TO X "
)
assert node . query ( " SELECT * FROM mydb.filtered_table1 " , user = " X " ) == TSV (
[ [ 0 , 0 ] , [ 1 , 0 ] , [ 1 , 1 ] ]
)
assert node . query ( " SELECT * FROM mydb.filtered_table1 " , user = " Y " ) == TSV (
[ [ 0 , 0 ] , [ 0 , 1 ] , [ 1 , 0 ] , [ 1 , 1 ] ]
)
# restrictive a >=b for X, none for Y
node . query ( " ALTER POLICY pA ON mydb.filtered_table1 AS restrictive " )
assert node . query ( " SELECT * FROM mydb.filtered_table1 " , user = " X " ) == TSV (
[ [ 0 , 0 ] , [ 1 , 0 ] , [ 1 , 1 ] ]
)
assert node . query ( " SELECT * FROM mydb.filtered_table1 " , user = " Y " ) == TSV (
[ [ 0 , 0 ] , [ 0 , 1 ] , [ 1 , 0 ] , [ 1 , 1 ] ]
)
# permissive a >= b for X, restrictive a <= b for X, none for Y
node . query ( " ALTER POLICY pA ON mydb.filtered_table1 AS permissive " )
node . query (
" CREATE POLICY pB ON mydb.filtered_table1 FOR SELECT USING a <= b AS restrictive TO X "
)
assert node . query ( " SELECT * FROM mydb.filtered_table1 " , user = " X " ) == TSV (
[ [ 0 , 0 ] , [ 1 , 1 ] ]
)
assert node . query ( " SELECT * FROM mydb.filtered_table1 " , user = " Y " ) == TSV (
[ [ 0 , 0 ] , [ 0 , 1 ] , [ 1 , 0 ] , [ 1 , 1 ] ]
)
# permissive a >= b for X, restrictive a <= b for Y
node . query ( " ALTER POLICY pB ON mydb.filtered_table1 TO Y " )
assert node . query ( " SELECT * FROM mydb.filtered_table1 " , user = " X " ) == TSV (
[ [ 0 , 0 ] , [ 1 , 0 ] , [ 1 , 1 ] ]
)
assert node . query ( " SELECT * FROM mydb.filtered_table1 " , user = " Y " ) == TSV (
[ [ 0 , 0 ] , [ 0 , 1 ] , [ 1 , 1 ] ]
)
node . query ( " DROP POLICY pA, pB ON mydb.filtered_table1 " )
node . query ( " DROP USER X, Y " )
2020-08-04 17:50:29 +00:00
def test_tags_with_db_and_table_names ( ) :
2022-03-22 16:39:58 +00:00
copy_policy_xml ( " tags_with_db_and_table_names.xml " )
2020-09-16 04:26:10 +00:00
2020-08-04 17:50:29 +00:00
assert node . query ( " SELECT * FROM mydb.table " ) == TSV ( [ [ 0 , 0 ] , [ 0 , 1 ] ] )
assert node . query ( " SELECT * FROM mydb.filtered_table2 " ) == TSV ( [ [ 0 , 0 , 6 , 0 ] ] )
assert node . query ( " SELECT * FROM mydb.filtered_table3 " ) == TSV ( [ [ 0 , 0 ] ] )
assert node . query ( " SELECT * FROM mydb.`.filtered_table4` " ) == TSV ( [ [ 1 , 1 ] ] )
2020-09-16 04:26:10 +00:00
assert node . query ( " SHOW CREATE POLICIES default " ) == TSV (
2022-03-22 16:39:58 +00:00
[
" CREATE ROW POLICY default ON mydb.`.filtered_table4` FOR SELECT USING c = 2 TO default " ,
" CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING c > (d + 5) TO default " ,
" CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING c = 0 TO default " ,
" CREATE ROW POLICY default ON mydb.table FOR SELECT USING a = 0 TO default " ,
]
)
2020-08-04 17:50:29 +00:00
2020-02-07 19:31:09 +00:00
def test_miscellaneous_engines ( ) :
2022-03-22 16:39:58 +00:00
node . query (
" CREATE ROW POLICY OR REPLACE pC ON mydb.other_table FOR SELECT USING a = 1 TO default "
)
2021-03-30 15:13:25 +00:00
assert node . query ( " SHOW ROW POLICIES ON mydb.other_table " ) == " pC \n "
2020-02-07 19:31:09 +00:00
# ReplicatedMergeTree
2021-03-30 15:13:25 +00:00
node . query ( " DROP TABLE IF EXISTS mydb.other_table " )
2022-03-22 16:39:58 +00:00
node . query (
" CREATE TABLE mydb.other_table (a UInt8, b UInt8) ENGINE ReplicatedMergeTree( ' /clickhouse/tables/00-00/filtered_table1 ' , ' replica1 ' ) ORDER BY a "
)
2021-03-30 15:13:25 +00:00
node . query ( " INSERT INTO mydb.other_table values (0, 0), (0, 1), (1, 0), (1, 1) " )
assert node . query ( " SELECT * FROM mydb.other_table " ) == TSV ( [ [ 1 , 0 ] , [ 1 , 1 ] ] )
2020-02-07 19:31:09 +00:00
# CollapsingMergeTree
2021-03-30 15:13:25 +00:00
node . query ( " DROP TABLE mydb.other_table " )
2022-03-22 16:39:58 +00:00
node . query (
" CREATE TABLE mydb.other_table (a UInt8, b Int8) ENGINE CollapsingMergeTree(b) ORDER BY a "
)
2021-03-30 15:13:25 +00:00
node . query ( " INSERT INTO mydb.other_table values (0, 1), (0, 1), (1, 1), (1, 1) " )
assert node . query ( " SELECT * FROM mydb.other_table " ) == TSV ( [ [ 1 , 1 ] , [ 1 , 1 ] ] )
2020-02-07 19:31:09 +00:00
# ReplicatedCollapsingMergeTree
2021-03-30 15:13:25 +00:00
node . query ( " DROP TABLE mydb.other_table " )
2022-03-22 16:39:58 +00:00
node . query (
" CREATE TABLE mydb.other_table (a UInt8, b Int8) ENGINE ReplicatedCollapsingMergeTree( ' /clickhouse/tables/00-01/filtered_table1 ' , ' replica1 ' , b) ORDER BY a "
)
2021-03-30 15:13:25 +00:00
node . query ( " INSERT INTO mydb.other_table values (0, 1), (0, 1), (1, 1), (1, 1) " )
assert node . query ( " SELECT * FROM mydb.other_table " ) == TSV ( [ [ 1 , 1 ] , [ 1 , 1 ] ] )
node . query ( " DROP ROW POLICY pC ON mydb.other_table " )
2020-02-07 19:31:09 +00:00
# DistributedMergeTree
2021-03-30 15:13:25 +00:00
node . query ( " DROP TABLE IF EXISTS mydb.other_table " )
2022-03-22 16:39:58 +00:00
node . query (
" CREATE TABLE mydb.other_table (a UInt8, b UInt8) ENGINE Distributed( ' test_local_cluster ' , mydb, local) "
)
assert node . query ( " SELECT * FROM mydb.other_table " , user = " another " ) == TSV (
[ [ 1 , 0 ] , [ 1 , 1 ] , [ 1 , 0 ] , [ 1 , 1 ] ]
)
assert node . query (
" SELECT sum(a), b FROM mydb.other_table GROUP BY b ORDER BY b " , user = " another "
) == TSV ( [ [ 2 , 0 ] , [ 2 , 1 ] ] )
2021-11-10 19:07:02 +00:00
def test_policy_on_distributed_table_via_role ( ) :
node . query ( " DROP TABLE IF EXISTS local_tbl " )
node . query ( " DROP TABLE IF EXISTS dist_tbl " )
2022-03-22 16:39:58 +00:00
node . query (
" CREATE TABLE local_tbl engine=MergeTree ORDER BY tuple() as select * FROM numbers(10) "
)
node . query (
" CREATE TABLE dist_tbl ENGINE=Distributed( ' test_cluster_two_shards_localhost ' , default, local_tbl) AS local_tbl "
)
2021-11-10 19:07:02 +00:00
node . query ( " CREATE ROLE OR REPLACE ' role1 ' " )
node . query ( " CREATE USER OR REPLACE ' user1 ' DEFAULT ROLE ' role1 ' " )
node . query ( " GRANT SELECT ON dist_tbl TO ' role1 ' " )
node . query ( " GRANT SELECT ON local_tbl TO ' role1 ' " )
2022-03-22 16:39:58 +00:00
node . query (
" CREATE ROW POLICY OR REPLACE ' all_data ' ON dist_tbl, local_tbl USING 1 TO ALL EXCEPT ' role1 ' "
)
node . query (
" CREATE ROW POLICY OR REPLACE ' role1_data ' ON dist_tbl, local_tbl USING number % 2 = 0 TO ' role1 ' "
)
2021-11-10 19:07:02 +00:00
2022-03-22 16:39:58 +00:00
assert node . query (
" SELECT * FROM local_tbl SETTINGS prefer_localhost_replica=0 " , user = " user1 "
) == TSV ( [ [ 0 ] , [ 2 ] , [ 4 ] , [ 6 ] , [ 8 ] ] )
assert node . query (
" SELECT * FROM dist_tbl SETTINGS prefer_localhost_replica=0 " , user = " user1 "
) == TSV ( [ [ 0 ] , [ 2 ] , [ 4 ] , [ 6 ] , [ 8 ] , [ 0 ] , [ 2 ] , [ 4 ] , [ 6 ] , [ 8 ] ] )
2022-10-21 12:53:23 +00:00
def test_row_policy_filter_with_subquery ( ) :
copy_policy_xml ( " no_filters.xml " )
assert node . query ( " SHOW POLICIES " ) == " "
node . query ( " DROP ROW POLICY IF EXISTS filter_1 ON table1 " )
node . query ( " DROP TABLE IF EXISTS table_1 " )
node . query ( " DROP TABLE IF EXISTS table_2 " )
node . query (
" CREATE TABLE table_1 (x int, y int) ENGINE = MergeTree ORDER BY tuple() "
)
node . query ( " INSERT INTO table_1 SELECT number, number * number FROM numbers(10) " )
node . query ( " CREATE TABLE table_2 (a int) ENGINE=MergeTree ORDER BY tuple() " )
node . query ( " INSERT INTO table_2 VALUES (3), (5) " )
node . query (
" CREATE ROW POLICY filter_1 ON table_1 USING x IN (SELECT a FROM table_2) TO ALL "
)
assert node . query ( " SELECT * FROM table_1 " ) == TSV ( [ [ 3 , 9 ] , [ 5 , 25 ] ] )
node . query ( " DROP ROW POLICY filter_1 ON table_1 " )
node . query ( " DROP TABLE table_1 " )
node . query ( " DROP TABLE table_2 " )
