mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-29 11:02:08 +00:00
fix test
This commit is contained in:
parent
c5dc35e5c4
commit
1676cf6dd3
@ -1036,6 +1036,7 @@ def test_required_privileges():
|
|||||||
)
|
)
|
||||||
|
|
||||||
instance.query("GRANT INSERT, CREATE ON test.table2 TO u1")
|
instance.query("GRANT INSERT, CREATE ON test.table2 TO u1")
|
||||||
|
instance.query("GRANT TABLE ENGINE ON MergeTree TO u1")
|
||||||
instance.query(
|
instance.query(
|
||||||
f"RESTORE TABLE test.table AS test.table2 FROM {backup_name}", user="u1"
|
f"RESTORE TABLE test.table AS test.table2 FROM {backup_name}", user="u1"
|
||||||
)
|
)
|
||||||
|
@ -4,6 +4,7 @@
|
|||||||
<allow_databases>
|
<allow_databases>
|
||||||
<database>default</database>
|
<database>default</database>
|
||||||
<database>test</database>
|
<database>test</database>
|
||||||
|
<database>Log</database>
|
||||||
</allow_databases>
|
</allow_databases>
|
||||||
</default>
|
</default>
|
||||||
</users>
|
</users>
|
||||||
|
@ -291,20 +291,32 @@ def test_allowed_databases(test_cluster):
|
|||||||
instance.query("CREATE DATABASE IF NOT EXISTS db2 ON CLUSTER cluster")
|
instance.query("CREATE DATABASE IF NOT EXISTS db2 ON CLUSTER cluster")
|
||||||
|
|
||||||
instance.query(
|
instance.query(
|
||||||
"CREATE TABLE db1.t1 ON CLUSTER cluster (i Int8) ENGINE = Memory",
|
"CREATE TABLE IF NOT EXISTS db1.t1 ON CLUSTER cluster (i Int8) ENGINE = Memory"
|
||||||
|
)
|
||||||
|
instance.query(
|
||||||
|
"CREATE TABLE IF NOT EXISTS db2.t2 ON CLUSTER cluster (i Int8) ENGINE = Memory"
|
||||||
|
)
|
||||||
|
instance.query(
|
||||||
|
"CREATE TABLE IF NOT EXISTS t3 ON CLUSTER cluster (i Int8) ENGINE = Memory"
|
||||||
|
)
|
||||||
|
|
||||||
|
instance.query(
|
||||||
|
"SELECT * FROM db1.t1",
|
||||||
settings={"user": "restricted_user"},
|
settings={"user": "restricted_user"},
|
||||||
)
|
)
|
||||||
|
|
||||||
with pytest.raises(Exception):
|
with pytest.raises(Exception):
|
||||||
instance.query(
|
instance.query(
|
||||||
"CREATE TABLE db2.t2 ON CLUSTER cluster (i Int8) ENGINE = Memory",
|
"SELECT * FROM db2.t2",
|
||||||
settings={"user": "restricted_user"},
|
settings={"user": "restricted_user"},
|
||||||
)
|
)
|
||||||
|
|
||||||
with pytest.raises(Exception):
|
with pytest.raises(Exception):
|
||||||
instance.query(
|
instance.query(
|
||||||
"CREATE TABLE t3 ON CLUSTER cluster (i Int8) ENGINE = Memory",
|
"SELECT * FROM t3",
|
||||||
settings={"user": "restricted_user"},
|
settings={"user": "restricted_user"},
|
||||||
)
|
)
|
||||||
|
|
||||||
with pytest.raises(Exception):
|
with pytest.raises(Exception):
|
||||||
instance.query(
|
instance.query(
|
||||||
"DROP DATABASE db2 ON CLUSTER cluster", settings={"user": "restricted_user"}
|
"DROP DATABASE db2 ON CLUSTER cluster", settings={"user": "restricted_user"}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
<clickhouse>
|
<clickhouse>
|
||||||
<access_control_improvements>
|
<access_control_improvements>
|
||||||
<table_engines_require_grant>true</table_engines_require_grant>
|
<table_engines_require_grant>true</table_engines_require_grant>
|
||||||
</access_control_improvements>
|
</access_control_improvements>
|
||||||
</clickhouse>
|
</clickhouse>
|
||||||
|
@ -621,6 +621,7 @@ def test_allow_ddl():
|
|||||||
)
|
)
|
||||||
|
|
||||||
instance.query("GRANT CREATE ON tbl TO robin")
|
instance.query("GRANT CREATE ON tbl TO robin")
|
||||||
|
instance.query("GRANT TABLE ENGINE ON Log TO robin")
|
||||||
instance.query("CREATE TABLE tbl(a Int32) ENGINE=Log", user="robin")
|
instance.query("CREATE TABLE tbl(a Int32) ENGINE=Log", user="robin")
|
||||||
instance.query("DROP TABLE tbl")
|
instance.query("DROP TABLE tbl")
|
||||||
|
|
||||||
|
@ -989,6 +989,7 @@ def test_predefined_connection_configuration(started_cluster):
|
|||||||
instance.query("GRANT CREATE ON *.* TO user")
|
instance.query("GRANT CREATE ON *.* TO user")
|
||||||
instance.query("GRANT SOURCES ON *.* TO user")
|
instance.query("GRANT SOURCES ON *.* TO user")
|
||||||
instance.query("GRANT SELECT ON *.* TO user")
|
instance.query("GRANT SELECT ON *.* TO user")
|
||||||
|
instance.query("GRANT TABLE ENGINE ON S3 TO user")
|
||||||
|
|
||||||
instance.query(f"drop table if exists {name}", user="user")
|
instance.query(f"drop table if exists {name}", user="user")
|
||||||
error = instance.query_and_get_error(
|
error = instance.query_and_get_error(
|
||||||
|
@ -16,7 +16,7 @@ $CLICKHOUSE_CLIENT --query "CREATE TABLE url ENGINE=URL('https://clickhouse.com'
|
|||||||
|
|
||||||
$CLICKHOUSE_CLIENT --user=user_test_02184 --password=user_test_02184 --query "CREATE TABLE t AS url" 2>&1| grep -Fo "ACCESS_DENIED" | uniq
|
$CLICKHOUSE_CLIENT --user=user_test_02184 --password=user_test_02184 --query "CREATE TABLE t AS url" 2>&1| grep -Fo "ACCESS_DENIED" | uniq
|
||||||
|
|
||||||
$CLICKHOUSE_CLIENT --query "GRANT URL ON *.* TO user_test_02184;"
|
$CLICKHOUSE_CLIENT --query "GRANT TABLE ENGINE ON URL TO user_test_02184;"
|
||||||
$CLICKHOUSE_CLIENT --user=user_test_02184 --password=user_test_02184 --query "CREATE TABLE t AS url"
|
$CLICKHOUSE_CLIENT --user=user_test_02184 --password=user_test_02184 --query "CREATE TABLE t AS url"
|
||||||
$CLICKHOUSE_CLIENT --query "SHOW CREATE TABLE t"
|
$CLICKHOUSE_CLIENT --query "SHOW CREATE TABLE t"
|
||||||
$CLICKHOUSE_CLIENT --query "DROP TABLE t"
|
$CLICKHOUSE_CLIENT --query "DROP TABLE t"
|
||||||
|
@ -9,6 +9,9 @@ ${CLICKHOUSE_CLIENT} -q "create table mute_stylecheck (x UInt32) engine = Replic
|
|||||||
|
|
||||||
${CLICKHOUSE_CLIENT} -q "CREATE USER user_${CLICKHOUSE_DATABASE} settings database_replicated_allow_only_replicated_engine=1"
|
${CLICKHOUSE_CLIENT} -q "CREATE USER user_${CLICKHOUSE_DATABASE} settings database_replicated_allow_only_replicated_engine=1"
|
||||||
${CLICKHOUSE_CLIENT} -q "GRANT CREATE TABLE ON ${CLICKHOUSE_DATABASE}_db.* TO user_${CLICKHOUSE_DATABASE}"
|
${CLICKHOUSE_CLIENT} -q "GRANT CREATE TABLE ON ${CLICKHOUSE_DATABASE}_db.* TO user_${CLICKHOUSE_DATABASE}"
|
||||||
|
${CLICKHOUSE_CLIENT} -q "GRANT TABLE ENGINE ON Memory TO user_${CLICKHOUSE_DATABASE}"
|
||||||
|
${CLICKHOUSE_CLIENT} -q "GRANT TABLE ENGINE ON MergeTree TO user_${CLICKHOUSE_DATABASE}"
|
||||||
|
${CLICKHOUSE_CLIENT} -q "GRANT TABLE ENGINE ON ReplicatedMergeTree TO user_${CLICKHOUSE_DATABASE}"
|
||||||
${CLICKHOUSE_CLIENT} --allow_experimental_database_replicated=1 --query "CREATE DATABASE ${CLICKHOUSE_DATABASE}_db engine = Replicated('/clickhouse/databases/${CLICKHOUSE_TEST_ZOOKEEPER_PREFIX}/${CLICKHOUSE_DATABASE}_db', '{shard}', '{replica}')"
|
${CLICKHOUSE_CLIENT} --allow_experimental_database_replicated=1 --query "CREATE DATABASE ${CLICKHOUSE_DATABASE}_db engine = Replicated('/clickhouse/databases/${CLICKHOUSE_TEST_ZOOKEEPER_PREFIX}/${CLICKHOUSE_DATABASE}_db', '{shard}', '{replica}')"
|
||||||
${CLICKHOUSE_CLIENT} --distributed_ddl_output_mode=none --user "user_${CLICKHOUSE_DATABASE}" --query "CREATE TABLE ${CLICKHOUSE_DATABASE}_db.tab_memory (x UInt32) engine = Memory;"
|
${CLICKHOUSE_CLIENT} --distributed_ddl_output_mode=none --user "user_${CLICKHOUSE_DATABASE}" --query "CREATE TABLE ${CLICKHOUSE_DATABASE}_db.tab_memory (x UInt32) engine = Memory;"
|
||||||
${CLICKHOUSE_CLIENT} --distributed_ddl_output_mode=none --user "user_${CLICKHOUSE_DATABASE}" -n --query "CREATE TABLE ${CLICKHOUSE_DATABASE}_db.tab_mt (x UInt32) engine = MergeTree order by x;" 2>&1 | grep -o "Only tables with a Replicated engine"
|
${CLICKHOUSE_CLIENT} --distributed_ddl_output_mode=none --user "user_${CLICKHOUSE_DATABASE}" -n --query "CREATE TABLE ${CLICKHOUSE_DATABASE}_db.tab_mt (x UInt32) engine = MergeTree order by x;" 2>&1 | grep -o "Only tables with a Replicated engine"
|
||||||
|
@ -12,6 +12,7 @@ ${CLICKHOUSE_CLIENT} -q "create table mute_stylecheck (x UInt32) engine = Replic
|
|||||||
|
|
||||||
${CLICKHOUSE_CLIENT} -q "CREATE USER user_${CLICKHOUSE_DATABASE} settings database_replicated_allow_replicated_engine_arguments=0"
|
${CLICKHOUSE_CLIENT} -q "CREATE USER user_${CLICKHOUSE_DATABASE} settings database_replicated_allow_replicated_engine_arguments=0"
|
||||||
${CLICKHOUSE_CLIENT} -q "GRANT CREATE TABLE ON ${CLICKHOUSE_DATABASE}_db.* TO user_${CLICKHOUSE_DATABASE}"
|
${CLICKHOUSE_CLIENT} -q "GRANT CREATE TABLE ON ${CLICKHOUSE_DATABASE}_db.* TO user_${CLICKHOUSE_DATABASE}"
|
||||||
|
${CLICKHOUSE_CLIENT} -q "GRANT TABLE ENGINE ON ReplicatedMergeTree TO user_${CLICKHOUSE_DATABASE}"
|
||||||
${CLICKHOUSE_CLIENT} --allow_experimental_database_replicated=1 --query "CREATE DATABASE ${CLICKHOUSE_DATABASE}_db engine = Replicated('/clickhouse/databases/${CLICKHOUSE_TEST_ZOOKEEPER_PREFIX}/${CLICKHOUSE_DATABASE}_db', '{shard}', '{replica}')"
|
${CLICKHOUSE_CLIENT} --allow_experimental_database_replicated=1 --query "CREATE DATABASE ${CLICKHOUSE_DATABASE}_db engine = Replicated('/clickhouse/databases/${CLICKHOUSE_TEST_ZOOKEEPER_PREFIX}/${CLICKHOUSE_DATABASE}_db', '{shard}', '{replica}')"
|
||||||
${CLICKHOUSE_CLIENT} --distributed_ddl_output_mode=none --user "user_${CLICKHOUSE_DATABASE}" -n --query "CREATE TABLE ${CLICKHOUSE_DATABASE}_db.tab_rmt_ok (x UInt32) engine = ReplicatedMergeTree order by x;"
|
${CLICKHOUSE_CLIENT} --distributed_ddl_output_mode=none --user "user_${CLICKHOUSE_DATABASE}" -n --query "CREATE TABLE ${CLICKHOUSE_DATABASE}_db.tab_rmt_ok (x UInt32) engine = ReplicatedMergeTree order by x;"
|
||||||
${CLICKHOUSE_CLIENT} --distributed_ddl_output_mode=none --user "user_${CLICKHOUSE_DATABASE}" -n --query "CREATE TABLE ${CLICKHOUSE_DATABASE}_db.tab_rmt_fail (x UInt32) engine = ReplicatedMergeTree('/clickhouse/tables/$CLICKHOUSE_TEST_ZOOKEEPER_PREFIX/root/{shard}', '{replica}') order by x; -- { serverError 80 }"
|
${CLICKHOUSE_CLIENT} --distributed_ddl_output_mode=none --user "user_${CLICKHOUSE_DATABASE}" -n --query "CREATE TABLE ${CLICKHOUSE_DATABASE}_db.tab_rmt_fail (x UInt32) engine = ReplicatedMergeTree('/clickhouse/tables/$CLICKHOUSE_TEST_ZOOKEEPER_PREFIX/root/{shard}', '{replica}') order by x; -- { serverError 80 }"
|
||||||
|
@ -13,23 +13,26 @@ $CLICKHOUSE_CLIENT --query "CREATE USER $user IDENTIFIED WITH PLAINTEXT_PASSWORD
|
|||||||
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_memory_02561(name String)" 2>&1 | grep -F "Not enough privileges. To execute this query, it's necessary to have the grant CREATE TEMPORARY TABLE" > /dev/null && echo "OK"
|
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_memory_02561(name String)" 2>&1 | grep -F "Not enough privileges. To execute this query, it's necessary to have the grant CREATE TEMPORARY TABLE" > /dev/null && echo "OK"
|
||||||
|
|
||||||
$CLICKHOUSE_CLIENT --query "GRANT CREATE TEMPORARY TABLE ON *.* TO $user"
|
$CLICKHOUSE_CLIENT --query "GRANT CREATE TEMPORARY TABLE ON *.* TO $user"
|
||||||
|
$CLICKHOUSE_CLIENT --query "GRANT TABLE ENGINE ON Memory TO $user"
|
||||||
|
|
||||||
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_memory_02561(name String)"
|
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_memory_02561(name String)"
|
||||||
|
|
||||||
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_merge_tree_02561(name String) ENGINE = MergeTree() ORDER BY name" 2>&1 | grep -F "Not enough privileges. To execute this query, it's necessary to have the grant CREATE ARBITRARY TEMPORARY TABLE" > /dev/null && echo "OK"
|
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_merge_tree_02561(name String) ENGINE = MergeTree() ORDER BY name" 2>&1 | grep -F "Not enough privileges. To execute this query, it's necessary to have the grant CREATE ARBITRARY TEMPORARY TABLE" > /dev/null && echo "OK"
|
||||||
|
|
||||||
$CLICKHOUSE_CLIENT --query "GRANT CREATE ARBITRARY TEMPORARY TABLE ON *.* TO $user"
|
$CLICKHOUSE_CLIENT --query "GRANT CREATE ARBITRARY TEMPORARY TABLE ON *.* TO $user"
|
||||||
|
$CLICKHOUSE_CLIENT --query "GRANT TABLE ENGINE ON MergeTree TO $user"
|
||||||
|
|
||||||
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_merge_tree_02561(name String) ENGINE = MergeTree() ORDER BY name"
|
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_merge_tree_02561(name String) ENGINE = MergeTree() ORDER BY name"
|
||||||
|
|
||||||
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_file_02561(name String) ENGINE = File(TabSeparated)" 2>&1 | grep -F "Not enough privileges. To execute this query, it's necessary to have the grant FILE" > /dev/null && echo "OK"
|
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_file_02561(name String) ENGINE = File(TabSeparated)" 2>&1 | grep -F "Not enough privileges. To execute this query, it's necessary to have the grant TABLE ENGINE ON File" > /dev/null && echo "OK"
|
||||||
|
|
||||||
$CLICKHOUSE_CLIENT --query "GRANT FILE ON *.* TO $user"
|
$CLICKHOUSE_CLIENT --query "GRANT TABLE ENGINE ON File TO $user"
|
||||||
|
|
||||||
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_file_02561(name String) ENGINE = File(TabSeparated)"
|
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_file_02561(name String) ENGINE = File(TabSeparated)"
|
||||||
|
|
||||||
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_url_02561(name String) ENGINE = URL('http://127.0.0.1:8123?query=select+12', 'RawBLOB')" 2>&1 | grep -F "Not enough privileges. To execute this query, it's necessary to have the grant URL" > /dev/null && echo "OK"
|
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_url_02561(name String) ENGINE = URL('http://127.0.0.1:8123?query=select+12', 'RawBLOB')" 2>&1 | grep -F "Not enough privileges. To execute this query, it's necessary to have the grant TABLE ENGINE ON URL" > /dev/null && echo "OK"
|
||||||
|
|
||||||
$CLICKHOUSE_CLIENT --query "GRANT URL ON *.* TO $user"
|
$CLICKHOUSE_CLIENT --query "GRANT TABLE ENGINE ON URL TO $user"
|
||||||
|
|
||||||
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_url_02561(name String) ENGINE = URL('http://127.0.0.1:8123?query=select+12', 'RawBLOB')"
|
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_url_02561(name String) ENGINE = URL('http://127.0.0.1:8123?query=select+12', 'RawBLOB')"
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user