2021-07-19 23:34:04 +00:00
|
|
|
import pytest
|
2022-02-23 21:41:16 +00:00
|
|
|
import uuid
|
2021-07-19 23:34:04 +00:00
|
|
|
from helpers.cluster import ClickHouseCluster
|
|
|
|
|
|
|
|
cluster = ClickHouseCluster(__file__)
|
2022-02-23 21:41:16 +00:00
|
|
|
instance = cluster.add_instance("instance", stay_alive=True)
|
2021-07-19 23:34:04 +00:00
|
|
|
|
|
|
|
|
|
|
|
@pytest.fixture(scope="module", autouse=True)
|
|
|
|
def started_cluster():
|
|
|
|
try:
|
|
|
|
cluster.start()
|
|
|
|
yield cluster
|
|
|
|
|
|
|
|
finally:
|
|
|
|
cluster.shutdown()
|
|
|
|
|
2022-02-23 21:41:16 +00:00
|
|
|
|
|
|
|
def test_access_rights_for_function():
|
2021-07-19 23:34:04 +00:00
|
|
|
create_function_query = "CREATE FUNCTION MySum AS (a, b) -> a + b"
|
|
|
|
|
|
|
|
instance.query("CREATE USER A")
|
|
|
|
instance.query("CREATE USER B")
|
|
|
|
assert (
|
2023-08-06 12:48:20 +00:00
|
|
|
"it's necessary to have the grant CREATE FUNCTION ON *.*"
|
2021-07-19 23:34:04 +00:00
|
|
|
in instance.query_and_get_error(create_function_query, user="A")
|
2022-03-22 16:39:58 +00:00
|
|
|
)
|
2021-07-19 23:34:04 +00:00
|
|
|
|
|
|
|
instance.query("GRANT CREATE FUNCTION on *.* TO A")
|
2021-08-23 14:31:58 +00:00
|
|
|
|
2021-07-20 20:42:48 +00:00
|
|
|
instance.query(create_function_query, user="A")
|
2021-07-21 07:29:26 +00:00
|
|
|
assert instance.query("SELECT MySum(1, 2)") == "3\n"
|
2021-07-19 23:34:04 +00:00
|
|
|
|
2021-07-21 09:41:17 +00:00
|
|
|
assert (
|
2023-08-06 12:48:20 +00:00
|
|
|
"it's necessary to have the grant DROP FUNCTION ON *.*"
|
2021-07-21 09:41:17 +00:00
|
|
|
in instance.query_and_get_error("DROP FUNCTION MySum", user="B")
|
2022-03-22 16:39:58 +00:00
|
|
|
)
|
2021-07-19 23:34:04 +00:00
|
|
|
|
|
|
|
instance.query("GRANT DROP FUNCTION ON *.* TO B")
|
|
|
|
instance.query("DROP FUNCTION MySum", user="B")
|
2024-02-09 12:41:49 +00:00
|
|
|
|
|
|
|
function_resolution_error = instance.query_and_get_error("SELECT MySum(1, 2)")
|
|
|
|
assert (
|
|
|
|
"Unknown function MySum" in function_resolution_error
|
2024-05-17 08:23:32 +00:00
|
|
|
or "Function with name 'MySum' does not exist." in function_resolution_error
|
2021-07-21 11:10:37 +00:00
|
|
|
)
|
2021-07-19 23:34:04 +00:00
|
|
|
|
2021-07-21 13:04:52 +00:00
|
|
|
instance.query("REVOKE CREATE FUNCTION ON *.* FROM A")
|
2021-07-19 23:34:04 +00:00
|
|
|
assert (
|
2023-08-06 12:48:20 +00:00
|
|
|
"it's necessary to have the grant CREATE FUNCTION ON *.*"
|
2021-07-19 23:34:04 +00:00
|
|
|
in instance.query_and_get_error(create_function_query, user="A")
|
2022-03-22 16:39:58 +00:00
|
|
|
)
|
2021-08-23 14:31:58 +00:00
|
|
|
|
|
|
|
instance.query("DROP USER IF EXISTS A")
|
|
|
|
instance.query("DROP USER IF EXISTS B")
|
2022-02-23 21:41:16 +00:00
|
|
|
|
|
|
|
|
|
|
|
def test_ignore_obsolete_grant_on_database():
|
|
|
|
instance.stop_clickhouse()
|
|
|
|
|
|
|
|
user_id = uuid.uuid4()
|
|
|
|
instance.exec_in_container(
|
2022-03-22 16:39:58 +00:00
|
|
|
[
|
2022-02-23 21:41:16 +00:00
|
|
|
"bash",
|
|
|
|
"-c",
|
|
|
|
f"""
|
|
|
|
cat > /var/lib/clickhouse/access/{user_id}.sql << EOF
|
2024-08-05 14:43:28 +00:00
|
|
|
ATTACH USER \`{user_id}\`;
|
|
|
|
ATTACH GRANT CREATE FUNCTION, SELECT ON mydb.* TO \`{user_id}\`;
|
2022-02-23 21:41:16 +00:00
|
|
|
EOF""",
|
2022-03-22 16:39:58 +00:00
|
|
|
]
|
2022-02-23 21:41:16 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
instance.exec_in_container(
|
|
|
|
["bash", "-c", "touch /var/lib/clickhouse/access/need_rebuild_lists.mark"]
|
|
|
|
)
|
|
|
|
instance.start_clickhouse()
|
|
|
|
|
2024-08-05 14:43:28 +00:00
|
|
|
assert (
|
|
|
|
instance.query(f"SHOW GRANTS FOR `{user_id}`")
|
|
|
|
== f"GRANT SELECT ON mydb.* TO `{user_id}`\n"
|
|
|
|
)
|