ClickHouse/tests/integration/test_access_for_functions/test.py

58 lines
1.9 KiB
Python
Raw Normal View History

2021-07-19 23:34:04 +00:00
import pytest
import uuid
2021-07-19 23:34:04 +00:00
from helpers.cluster import ClickHouseCluster
cluster = ClickHouseCluster(__file__)
instance = cluster.add_instance('instance', stay_alive=True)
2021-07-19 23:34:04 +00:00
@pytest.fixture(scope="module", autouse=True)
def started_cluster():
try:
cluster.start()
yield cluster
finally:
cluster.shutdown()
def test_access_rights_for_function():
2021-07-19 23:34:04 +00:00
create_function_query = "CREATE FUNCTION MySum AS (a, b) -> a + b"
instance.query("CREATE USER A")
instance.query("CREATE USER B")
assert "it's necessary to have grant CREATE FUNCTION ON *.*" in instance.query_and_get_error(create_function_query, user = 'A')
instance.query("GRANT CREATE FUNCTION on *.* TO A")
2021-08-23 14:31:58 +00:00
instance.query(create_function_query, user = 'A')
2021-07-21 07:29:26 +00:00
assert instance.query("SELECT MySum(1, 2)") == "3\n"
2021-07-19 23:34:04 +00:00
2021-07-21 09:41:17 +00:00
assert "it's necessary to have grant DROP FUNCTION ON *.*" in instance.query_and_get_error("DROP FUNCTION MySum", user = 'B')
2021-07-19 23:34:04 +00:00
instance.query("GRANT DROP FUNCTION ON *.* TO B")
instance.query("DROP FUNCTION MySum", user = 'B')
2021-07-21 11:10:37 +00:00
assert "Unknown function MySum" in instance.query_and_get_error("SELECT MySum(1, 2)")
2021-07-19 23:34:04 +00:00
2021-07-21 13:04:52 +00:00
instance.query("REVOKE CREATE FUNCTION ON *.* FROM A")
2021-07-19 23:34:04 +00:00
assert "it's necessary to have grant CREATE FUNCTION ON *.*" in instance.query_and_get_error(create_function_query, user = 'A')
2021-08-23 14:31:58 +00:00
instance.query("DROP USER IF EXISTS A")
instance.query("DROP USER IF EXISTS B")
def test_ignore_obsolete_grant_on_database():
instance.stop_clickhouse()
user_id = uuid.uuid4()
instance.exec_in_container(["bash", "-c" , f"""
cat > /var/lib/clickhouse/access/{user_id}.sql << EOF
ATTACH USER X;
ATTACH GRANT CREATE FUNCTION, SELECT ON mydb.* TO X;
EOF"""])
instance.exec_in_container(["bash", "-c" , "touch /var/lib/clickhouse/access/need_rebuild_lists.mark"])
instance.start_clickhouse()
assert instance.query("SHOW GRANTS FOR X") == "GRANT SELECT ON mydb.* TO X\n"