2024-08-15 15:03:30 +00:00
|
|
|
import pytest
|
|
|
|
from helpers.cluster import ClickHouseCluster
|
|
|
|
from helpers.client import QueryRuntimeException
|
|
|
|
|
|
|
|
cluster = ClickHouseCluster(__file__)
|
|
|
|
|
|
|
|
limited_node = cluster.add_instance(
|
|
|
|
"limited_node",
|
|
|
|
main_configs=["configs/max_auth_limited.xml"],
|
|
|
|
)
|
|
|
|
|
|
|
|
default_node = cluster.add_instance(
|
|
|
|
"default_node",
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.fixture(scope="module")
|
|
|
|
def started_cluster():
|
|
|
|
try:
|
|
|
|
cluster.start()
|
|
|
|
yield cluster
|
|
|
|
|
|
|
|
finally:
|
|
|
|
cluster.shutdown()
|
|
|
|
|
2024-08-15 15:21:06 +00:00
|
|
|
|
2024-08-15 15:18:09 +00:00
|
|
|
expected_error = "User can not be created/updated because it exceeds the allowed quantity of authentication methods per user"
|
2024-08-15 15:03:30 +00:00
|
|
|
|
2024-08-15 15:21:06 +00:00
|
|
|
|
2024-08-15 15:03:30 +00:00
|
|
|
def test_create(started_cluster):
|
|
|
|
|
2024-08-15 15:19:36 +00:00
|
|
|
assert expected_error in limited_node.query_and_get_error(
|
|
|
|
"CREATE USER u_max_authentication_methods IDENTIFIED BY '1', BY '2', BY '3'"
|
|
|
|
)
|
2024-08-15 15:03:30 +00:00
|
|
|
|
2024-08-15 15:19:36 +00:00
|
|
|
assert expected_error not in limited_node.query_and_get_answer_with_error(
|
|
|
|
"CREATE USER u_max_authentication_methods IDENTIFIED BY '1', BY '2'"
|
|
|
|
)
|
2024-08-15 15:03:30 +00:00
|
|
|
|
|
|
|
limited_node.query("DROP USER u_max_authentication_methods")
|
|
|
|
|
2024-08-15 15:21:06 +00:00
|
|
|
|
2024-08-15 15:03:30 +00:00
|
|
|
def test_alter(started_cluster):
|
|
|
|
limited_node.query("CREATE USER u_max_authentication_methods IDENTIFIED BY '1'")
|
|
|
|
|
2024-08-15 15:19:36 +00:00
|
|
|
assert expected_error in limited_node.query_and_get_error(
|
|
|
|
"ALTER USER u_max_authentication_methods ADD IDENTIFIED BY '2', BY '3'"
|
|
|
|
)
|
2024-08-15 15:03:30 +00:00
|
|
|
|
2024-08-15 15:19:36 +00:00
|
|
|
assert expected_error in limited_node.query_and_get_error(
|
|
|
|
"ALTER USER u_max_authentication_methods IDENTIFIED BY '3', BY '4', BY '5'"
|
|
|
|
)
|
2024-08-15 15:03:30 +00:00
|
|
|
|
2024-08-15 15:19:36 +00:00
|
|
|
assert expected_error not in limited_node.query_and_get_answer_with_error(
|
|
|
|
"ALTER USER u_max_authentication_methods ADD IDENTIFIED BY '2'"
|
|
|
|
)
|
2024-08-15 15:03:30 +00:00
|
|
|
|
2024-08-15 15:19:36 +00:00
|
|
|
assert expected_error not in limited_node.query_and_get_answer_with_error(
|
|
|
|
"ALTER USER u_max_authentication_methods IDENTIFIED BY '2', BY '3'"
|
|
|
|
)
|
2024-08-15 15:03:30 +00:00
|
|
|
|
|
|
|
limited_node.query("DROP USER u_max_authentication_methods")
|
2024-08-15 15:18:09 +00:00
|
|
|
|
|
|
|
|
2024-08-15 15:21:06 +00:00
|
|
|
def get_query_with_multiple_identified_with(
|
|
|
|
operation, username, identified_with_count, add_operation=""
|
|
|
|
):
|
2024-08-15 15:18:09 +00:00
|
|
|
identified_clauses = ", ".join([f"BY '1'" for _ in range(identified_with_count)])
|
2024-08-15 15:21:06 +00:00
|
|
|
query = (
|
|
|
|
f"{operation} USER {username} {add_operation} IDENTIFIED {identified_clauses}"
|
|
|
|
)
|
2024-08-15 15:18:09 +00:00
|
|
|
return query
|
|
|
|
|
|
|
|
|
|
|
|
def test_create_default_setting(started_cluster):
|
|
|
|
expected_error = "User can not be created/updated because it exceeds the allowed quantity of authentication methods per user"
|
|
|
|
|
2024-08-15 15:21:06 +00:00
|
|
|
query_exceeds = get_query_with_multiple_identified_with(
|
2024-08-16 11:57:11 +00:00
|
|
|
"CREATE", "u_max_authentication_methods", 101
|
2024-08-15 15:21:06 +00:00
|
|
|
)
|
2024-08-15 15:18:09 +00:00
|
|
|
|
|
|
|
assert expected_error in default_node.query_and_get_error(query_exceeds)
|
|
|
|
|
2024-08-15 15:21:06 +00:00
|
|
|
query_not_exceeds = get_query_with_multiple_identified_with(
|
2024-08-16 11:57:11 +00:00
|
|
|
"CREATE", "u_max_authentication_methods", 100
|
2024-08-15 15:21:06 +00:00
|
|
|
)
|
2024-08-15 15:18:09 +00:00
|
|
|
|
2024-08-15 15:21:06 +00:00
|
|
|
assert expected_error not in default_node.query_and_get_answer_with_error(
|
|
|
|
query_not_exceeds
|
|
|
|
)
|
2024-08-15 15:18:09 +00:00
|
|
|
|
|
|
|
default_node.query("DROP USER u_max_authentication_methods")
|
|
|
|
|
2024-08-15 15:21:06 +00:00
|
|
|
|
2024-08-15 15:18:09 +00:00
|
|
|
def test_alter_default_setting(started_cluster):
|
|
|
|
default_node.query("CREATE USER u_max_authentication_methods IDENTIFIED BY '1'")
|
|
|
|
|
2024-08-15 15:21:06 +00:00
|
|
|
query_add_exceeds = get_query_with_multiple_identified_with(
|
2024-08-16 11:57:11 +00:00
|
|
|
"ALTER", "u_max_authentication_methods", 100, "ADD"
|
2024-08-15 15:21:06 +00:00
|
|
|
)
|
2024-08-15 15:18:09 +00:00
|
|
|
|
|
|
|
assert expected_error in default_node.query_and_get_error(query_add_exceeds)
|
|
|
|
|
2024-08-15 15:21:06 +00:00
|
|
|
query_replace_exceeds = get_query_with_multiple_identified_with(
|
2024-08-16 11:57:11 +00:00
|
|
|
"ALTER", "u_max_authentication_methods", 101
|
2024-08-15 15:21:06 +00:00
|
|
|
)
|
2024-08-15 15:18:09 +00:00
|
|
|
|
|
|
|
assert expected_error in default_node.query_and_get_error(query_replace_exceeds)
|
|
|
|
|
2024-08-15 15:21:06 +00:00
|
|
|
query_add_not_exceeds = get_query_with_multiple_identified_with(
|
2024-08-16 11:57:11 +00:00
|
|
|
"ALTER", "u_max_authentication_methods", 99, "ADD"
|
2024-08-15 15:21:06 +00:00
|
|
|
)
|
2024-08-15 15:18:09 +00:00
|
|
|
|
2024-08-15 15:21:06 +00:00
|
|
|
assert expected_error not in default_node.query_and_get_answer_with_error(
|
|
|
|
query_add_not_exceeds
|
|
|
|
)
|
2024-08-15 15:18:09 +00:00
|
|
|
|
2024-08-15 15:21:06 +00:00
|
|
|
query_replace_not_exceeds = get_query_with_multiple_identified_with(
|
2024-08-16 11:57:11 +00:00
|
|
|
"ALTER", "u_max_authentication_methods", 100
|
2024-08-15 15:21:06 +00:00
|
|
|
)
|
2024-08-15 15:18:09 +00:00
|
|
|
|
2024-08-15 15:21:06 +00:00
|
|
|
assert expected_error not in default_node.query_and_get_answer_with_error(
|
|
|
|
query_replace_not_exceeds
|
|
|
|
)
|
2024-08-15 15:18:09 +00:00
|
|
|
|
|
|
|
default_node.query("DROP USER u_max_authentication_methods")
|