2020-02-27 20:56:43 +00:00
|
|
|
import pytest
|
|
|
|
from helpers.cluster import ClickHouseCluster
|
|
|
|
|
|
|
|
cluster = ClickHouseCluster(__file__)
|
2022-03-22 16:39:58 +00:00
|
|
|
instance = cluster.add_instance("instance", stay_alive=True)
|
2020-02-27 20:56:43 +00:00
|
|
|
|
|
|
|
|
|
|
|
@pytest.fixture(scope="module", autouse=True)
|
|
|
|
def started_cluster():
|
|
|
|
try:
|
|
|
|
cluster.start()
|
|
|
|
yield cluster
|
|
|
|
|
|
|
|
finally:
|
|
|
|
cluster.shutdown()
|
|
|
|
|
|
|
|
|
|
|
|
def create_entities():
|
2022-03-22 16:39:58 +00:00
|
|
|
instance.query(
|
|
|
|
"CREATE SETTINGS PROFILE s1 SETTINGS max_memory_usage = 123456789 MIN 100000000 MAX 200000000"
|
|
|
|
)
|
2020-03-18 14:12:09 +00:00
|
|
|
instance.query("CREATE USER u1 SETTINGS PROFILE s1")
|
|
|
|
instance.query("CREATE ROLE rx SETTINGS PROFILE s1")
|
2020-02-27 20:56:43 +00:00
|
|
|
instance.query("CREATE USER u2 IDENTIFIED BY 'qwerty' HOST LOCAL DEFAULT ROLE rx")
|
2020-03-18 14:12:09 +00:00
|
|
|
instance.query("CREATE SETTINGS PROFILE s2 SETTINGS PROFILE s1 TO u2")
|
2022-03-22 16:39:58 +00:00
|
|
|
instance.query(
|
|
|
|
"CREATE ROW POLICY p ON mydb.mytable FOR SELECT USING a<1000 TO u1, u2"
|
|
|
|
)
|
|
|
|
instance.query(
|
|
|
|
"CREATE QUOTA q FOR INTERVAL 1 HOUR MAX QUERIES 100 TO ALL EXCEPT rx"
|
|
|
|
)
|
2020-02-27 20:56:43 +00:00
|
|
|
|
|
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
|
|
def drop_entities():
|
2020-09-16 04:26:10 +00:00
|
|
|
instance.query("DROP USER IF EXISTS u1, u2")
|
|
|
|
instance.query("DROP ROLE IF EXISTS rx, ry")
|
2020-02-27 20:56:43 +00:00
|
|
|
instance.query("DROP ROW POLICY IF EXISTS p ON mydb.mytable")
|
|
|
|
instance.query("DROP QUOTA IF EXISTS q")
|
2020-03-18 14:12:09 +00:00
|
|
|
instance.query("DROP SETTINGS PROFILE IF EXISTS s1, s2")
|
2020-09-16 04:26:10 +00:00
|
|
|
|
2020-02-27 20:56:43 +00:00
|
|
|
|
|
|
|
def test_create():
|
|
|
|
create_entities()
|
|
|
|
|
|
|
|
def check():
|
2022-03-22 16:39:58 +00:00
|
|
|
assert (
|
|
|
|
instance.query("SHOW CREATE USER u1")
|
2024-02-26 23:54:20 +00:00
|
|
|
== "CREATE USER u1 SETTINGS PROFILE `s1`\n"
|
2022-03-22 16:39:58 +00:00
|
|
|
)
|
|
|
|
assert (
|
|
|
|
instance.query("SHOW CREATE USER u2")
|
|
|
|
== "CREATE USER u2 IDENTIFIED WITH sha256_password HOST LOCAL DEFAULT ROLE rx\n"
|
|
|
|
)
|
|
|
|
assert (
|
|
|
|
instance.query("SHOW CREATE ROW POLICY p ON mydb.mytable")
|
|
|
|
== "CREATE ROW POLICY p ON mydb.mytable FOR SELECT USING a < 1000 TO u1, u2\n"
|
|
|
|
)
|
|
|
|
assert (
|
|
|
|
instance.query("SHOW CREATE QUOTA q")
|
|
|
|
== "CREATE QUOTA q FOR INTERVAL 1 hour MAX queries = 100 TO ALL EXCEPT rx\n"
|
|
|
|
)
|
2020-02-27 20:56:43 +00:00
|
|
|
assert instance.query("SHOW GRANTS FOR u1") == ""
|
|
|
|
assert instance.query("SHOW GRANTS FOR u2") == "GRANT rx TO u2\n"
|
2022-03-22 16:39:58 +00:00
|
|
|
assert (
|
|
|
|
instance.query("SHOW CREATE ROLE rx")
|
2024-02-26 23:54:20 +00:00
|
|
|
== "CREATE ROLE rx SETTINGS PROFILE `s1`\n"
|
2022-03-22 16:39:58 +00:00
|
|
|
)
|
2020-02-27 20:56:43 +00:00
|
|
|
assert instance.query("SHOW GRANTS FOR rx") == ""
|
2022-03-22 16:39:58 +00:00
|
|
|
assert (
|
|
|
|
instance.query("SHOW CREATE SETTINGS PROFILE s1")
|
2024-02-26 23:54:20 +00:00
|
|
|
== "CREATE SETTINGS PROFILE `s1` SETTINGS max_memory_usage = 123456789 MIN 100000000 MAX 200000000\n"
|
2022-03-22 16:39:58 +00:00
|
|
|
)
|
|
|
|
assert (
|
|
|
|
instance.query("SHOW CREATE SETTINGS PROFILE s2")
|
2024-02-27 16:41:30 +00:00
|
|
|
== "CREATE SETTINGS PROFILE `s2` SETTINGS INHERIT `s1` TO u2\n"
|
2022-03-22 16:39:58 +00:00
|
|
|
)
|
2020-02-27 20:56:43 +00:00
|
|
|
|
|
|
|
check()
|
|
|
|
instance.restart_clickhouse() # Check persistency
|
|
|
|
check()
|
|
|
|
|
|
|
|
|
|
|
|
def test_alter():
|
|
|
|
create_entities()
|
|
|
|
instance.restart_clickhouse()
|
|
|
|
|
|
|
|
instance.query("CREATE ROLE ry")
|
|
|
|
instance.query("GRANT ry TO u2")
|
|
|
|
instance.query("ALTER USER u2 DEFAULT ROLE ry")
|
|
|
|
instance.query("GRANT rx TO ry WITH ADMIN OPTION")
|
2020-03-18 14:12:09 +00:00
|
|
|
instance.query("ALTER ROLE rx SETTINGS PROFILE s2")
|
2020-02-27 20:56:43 +00:00
|
|
|
instance.query("GRANT SELECT ON mydb.mytable TO u1")
|
|
|
|
instance.query("GRANT SELECT ON mydb.* TO rx WITH GRANT OPTION")
|
2022-03-22 16:39:58 +00:00
|
|
|
instance.query(
|
2022-09-12 22:12:40 +00:00
|
|
|
"ALTER SETTINGS PROFILE s1 SETTINGS max_memory_usage = 987654321 CONST"
|
2022-03-22 16:39:58 +00:00
|
|
|
)
|
2020-02-27 20:56:43 +00:00
|
|
|
|
|
|
|
def check():
|
2022-03-22 16:39:58 +00:00
|
|
|
assert (
|
|
|
|
instance.query("SHOW CREATE USER u1")
|
2024-02-26 23:54:20 +00:00
|
|
|
== "CREATE USER u1 SETTINGS PROFILE `s1`\n"
|
2022-03-22 16:39:58 +00:00
|
|
|
)
|
|
|
|
assert (
|
|
|
|
instance.query("SHOW CREATE USER u2")
|
|
|
|
== "CREATE USER u2 IDENTIFIED WITH sha256_password HOST LOCAL DEFAULT ROLE ry\n"
|
|
|
|
)
|
|
|
|
assert (
|
|
|
|
instance.query("SHOW GRANTS FOR u1")
|
|
|
|
== "GRANT SELECT ON mydb.mytable TO u1\n"
|
|
|
|
)
|
2020-02-27 20:56:43 +00:00
|
|
|
assert instance.query("SHOW GRANTS FOR u2") == "GRANT rx, ry TO u2\n"
|
2022-03-22 16:39:58 +00:00
|
|
|
assert (
|
|
|
|
instance.query("SHOW CREATE ROLE rx")
|
2024-02-27 16:41:30 +00:00
|
|
|
== "CREATE ROLE rx SETTINGS PROFILE `s2`\n"
|
2022-03-22 16:39:58 +00:00
|
|
|
)
|
2020-03-18 14:12:09 +00:00
|
|
|
assert instance.query("SHOW CREATE ROLE ry") == "CREATE ROLE ry\n"
|
2022-03-22 16:39:58 +00:00
|
|
|
assert (
|
|
|
|
instance.query("SHOW GRANTS FOR rx")
|
|
|
|
== "GRANT SELECT ON mydb.* TO rx WITH GRANT OPTION\n"
|
|
|
|
)
|
|
|
|
assert (
|
|
|
|
instance.query("SHOW GRANTS FOR ry") == "GRANT rx TO ry WITH ADMIN OPTION\n"
|
|
|
|
)
|
|
|
|
assert (
|
|
|
|
instance.query("SHOW CREATE SETTINGS PROFILE s1")
|
2024-02-26 23:54:20 +00:00
|
|
|
== "CREATE SETTINGS PROFILE `s1` SETTINGS max_memory_usage = 987654321 CONST\n"
|
2022-03-22 16:39:58 +00:00
|
|
|
)
|
|
|
|
assert (
|
|
|
|
instance.query("SHOW CREATE SETTINGS PROFILE s2")
|
2024-02-27 16:41:30 +00:00
|
|
|
== "CREATE SETTINGS PROFILE `s2` SETTINGS INHERIT `s1` TO u2\n"
|
2022-03-22 16:39:58 +00:00
|
|
|
)
|
2020-02-27 20:56:43 +00:00
|
|
|
|
|
|
|
check()
|
|
|
|
instance.restart_clickhouse() # Check persistency
|
|
|
|
check()
|
|
|
|
|
|
|
|
|
|
|
|
def test_drop():
|
|
|
|
create_entities()
|
|
|
|
instance.restart_clickhouse()
|
|
|
|
|
|
|
|
instance.query("DROP USER u2")
|
|
|
|
instance.query("DROP ROLE rx")
|
|
|
|
instance.query("DROP ROW POLICY p ON mydb.mytable")
|
|
|
|
instance.query("DROP QUOTA q")
|
2020-03-18 14:12:09 +00:00
|
|
|
instance.query("DROP SETTINGS PROFILE s1")
|
2020-02-27 20:56:43 +00:00
|
|
|
|
|
|
|
def check():
|
|
|
|
assert instance.query("SHOW CREATE USER u1") == "CREATE USER u1\n"
|
2022-03-22 16:39:58 +00:00
|
|
|
assert (
|
|
|
|
instance.query("SHOW CREATE SETTINGS PROFILE s2")
|
2024-02-26 23:54:20 +00:00
|
|
|
== "CREATE SETTINGS PROFILE `s2`\n"
|
2022-03-22 16:39:58 +00:00
|
|
|
)
|
|
|
|
assert "There is no user `u2`" in instance.query_and_get_error(
|
|
|
|
"SHOW CREATE USER u2"
|
|
|
|
)
|
|
|
|
assert (
|
|
|
|
"There is no row policy `p ON mydb.mytable`"
|
|
|
|
in instance.query_and_get_error("SHOW CREATE ROW POLICY p ON mydb.mytable")
|
|
|
|
)
|
|
|
|
assert "There is no quota `q`" in instance.query_and_get_error(
|
|
|
|
"SHOW CREATE QUOTA q"
|
|
|
|
)
|
2020-02-27 20:56:43 +00:00
|
|
|
|
|
|
|
check()
|
|
|
|
instance.restart_clickhouse() # Check persistency
|
|
|
|
check()
|