mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-24 00:22:29 +00:00
row policy template - tests renumbered to keep monotony
This commit is contained in:
Ilya Golshtein
parent
28c6d4fb63
commit
2ed8e318cf
@ -0,0 +1,88 @@
|
||||
-- Tags: no-parallel
|
||||
|
||||
DROP DATABASE IF EXISTS 02703_db;
|
||||
CREATE DATABASE 02703_db;
|
||||
DROP TABLE IF EXISTS 02703_db.02703_rptable;
|
||||
DROP TABLE IF EXISTS 02703_db.02703_rptable_another;
|
||||
CREATE TABLE 02703_db.02703_rptable (x UInt8, y UInt8) ENGINE = MergeTree ORDER BY x;
|
||||
|
||||
INSERT INTO 02703_db.02703_rptable VALUES (1, 10), (2, 20), (3, 30), (4, 40);
|
||||
|
||||
CREATE TABLE 02703_db.02703_rptable_another ENGINE = MergeTree ORDER BY x AS SELECT * FROM 02703_db.02703_rptable;
|
||||
|
||||
|
||||
DROP ROW POLICY IF EXISTS 02703_filter_1 ON 02703_db.02703_rptable;
|
||||
DROP ROW POLICY IF EXISTS 02703_filter_2 ON 02703_db.*;
|
||||
DROP ROW POLICY IF EXISTS 02703_filter_3 ON 02703_db.02703_rptable;
|
||||
DROP ROW POLICY IF EXISTS 02703_filter_4 ON 02703_db.02703_rptable;
|
||||
DROP ROW POLICY IF EXISTS 02703_filter_5 ON 02703_db.*;
|
||||
|
||||
-- the test assumes users_without_row_policies_can_read_rows is true
|
||||
|
||||
SELECT 'None';
|
||||
SELECT * FROM 02703_db.02703_rptable;
|
||||
|
||||
CREATE ROW POLICY 02703_filter_1 ON 02703_db.02703_rptable USING x=1 AS permissive TO ALL;
|
||||
SELECT 'R1: x == 1';
|
||||
SELECT * FROM 02703_db.02703_rptable;
|
||||
|
||||
CREATE ROW POLICY 02703_filter_2 ON 02703_db.* USING x=2 AS permissive TO ALL;
|
||||
SELECT 'R1, R2: (x == 1) OR (x == 2)';
|
||||
SELECT * FROM 02703_db.02703_rptable;
|
||||
|
||||
SELECT 'R1, R2: (x == 2) FROM ANOTHER';
|
||||
SELECT * FROM 02703_db.02703_rptable_another;
|
||||
|
||||
CREATE ROW POLICY 02703_filter_3 ON 02703_db.02703_rptable USING x=3 AS permissive TO ALL;
|
||||
SELECT 'R1, R2, R3: (x == 1) OR (x == 2) OR (x == 3)';
|
||||
SELECT * FROM 02703_db.02703_rptable;
|
||||
|
||||
CREATE ROW POLICY 02703_filter_4 ON 02703_db.02703_rptable USING x<=2 AS restrictive TO ALL;
|
||||
SELECT 'R1, R2, R3, R4: ((x == 1) OR (x == 2) OR (x == 3)) AND (x <= 2)';
|
||||
SELECT * FROM 02703_db.02703_rptable;
|
||||
|
||||
CREATE ROW POLICY 02703_filter_5 ON 02703_db.* USING y>=20 AS restrictive TO ALL;
|
||||
SELECT 'R1, R2, R3, R4, R5: ((x == 1) OR (x == 2) OR (x == 3)) AND (x <= 2) AND (y >= 20)';
|
||||
SELECT * FROM 02703_db.02703_rptable;
|
||||
|
||||
CREATE TABLE 02703_db.02703_after_rp ENGINE = MergeTree ORDER BY x AS SELECT * FROM 02703_db.02703_rptable;
|
||||
SELECT * FROM 02703_db.02703_after_rp;
|
||||
|
||||
-- does not matter if policies or table are created first
|
||||
SELECT 'R1, R2, R3, R4, R5: (x == 2) AND (y >= 20) FROM AFTER_RP';
|
||||
SELECT * FROM 02703_db.02703_after_rp;
|
||||
|
||||
SELECT 'R1, R2, R3, R4, R5: (x == 2) AND (y >= 20) FROM ANOTHER';
|
||||
SELECT * FROM 02703_db.02703_rptable_another;
|
||||
|
||||
DROP ROW POLICY 02703_filter_1 ON 02703_db.02703_rptable;
|
||||
SELECT 'R2, R3, R4, R5: ((x == 2) OR (x == 3)) AND (x <= 2) AND (y >= 20)';
|
||||
SELECT * FROM 02703_db.02703_rptable;
|
||||
|
||||
DROP ROW POLICY 02703_filter_2 ON 02703_db.*;
|
||||
SELECT 'R3, R4, R5: (x == 3) AND (x <= 2) AND (y >= 20)';
|
||||
SELECT * FROM 02703_db.02703_rptable;
|
||||
|
||||
DROP ROW POLICY 02703_filter_3 ON 02703_db.02703_rptable;
|
||||
SELECT 'R4, R5: (x <= 2) AND (y >= 20)';
|
||||
SELECT * FROM 02703_db.02703_rptable;
|
||||
|
||||
DROP ROW POLICY 02703_filter_4 ON 02703_db.02703_rptable;
|
||||
SELECT 'R5: (x >= 2)';
|
||||
SELECT * FROM 02703_db.02703_rptable;
|
||||
|
||||
CREATE TABLE 02703_db.02703_unexpected_columns (xx UInt8, yy UInt8) ENGINE = MergeTree ORDER BY xx;
|
||||
SELECT 'Policy not applicable';
|
||||
SELECT * FROM 02703_db.02703_unexpected_columns; -- { serverError 47 } -- Missing columns: 'x' while processing query
|
||||
|
||||
DROP ROW POLICY 02703_filter_5 ON 02703_db.*;
|
||||
SELECT 'None';
|
||||
SELECT * FROM 02703_db.02703_rptable;
|
||||
|
||||
SELECT 'No problematic policy, select works';
|
||||
SELECT 'Ok' FROM 02703_db.02703_unexpected_columns;
|
||||
|
||||
DROP TABLE 02703_db.02703_rptable;
|
||||
DROP TABLE 02703_db.02703_rptable_another;
|
||||
DROP TABLE 02703_db.02703_unexpected_columns;
|
||||
DROP DATABASE 02703_db;
|
||||
@ -0,0 +1,21 @@
|
||||
-- database level policies
|
||||
-- SHOW CREATE POLICY db1_02703 ON db1_02703.*
|
||||
CREATE ROW POLICY db1_02703 ON db1_02703.`*` FOR SELECT USING 1 TO ALL
|
||||
-- SHOW CREATE POLICY ON db1_02703.*
|
||||
CREATE ROW POLICY db1_02703 ON db1_02703.`*` FOR SELECT USING 1 TO ALL
|
||||
CREATE ROW POLICY tbl1_02703 ON db1_02703.table FOR SELECT USING 1 TO ALL
|
||||
-- SHOW CREATE POLICY ON db1_02703.`*`
|
||||
CREATE ROW POLICY db1_02703 ON db1_02703.`*` FOR SELECT USING 1 TO ALL
|
||||
R1, R2: (x == 1) OR (x == 2)
|
||||
1
|
||||
2
|
||||
Check system.query_log
|
||||
SELECT \'-- database level policies\'; []
|
||||
SELECT \' -- SHOW CREATE POLICY db1_02703 ON db1_02703.*\'; []
|
||||
SELECT \' -- SHOW CREATE POLICY ON db1_02703.*\'; []
|
||||
SELECT \' -- SHOW CREATE POLICY ON db1_02703.`*`\'; []
|
||||
SELECT \'R1, R2: (x == 1) OR (x == 2)\'; []
|
||||
SELECT * FROM 02703_rqtable_default; ['`02703_filter_11_db` ON default.`*`','`02703_filter_11` ON default.`02703_rqtable_default`']
|
||||
SELECT \'Check system.query_log\'; []
|
||||
-- CREATE DATABSE-LEVEL POLICY ON IN CURRENT DATABASE
|
||||
CREATE ROW POLICY db2_02703 ON db1_02703.`*` TO u1_02703
|
||||
53
tests/queries/0_stateless/02703_row_policy_database.sql
Normal file
53
tests/queries/0_stateless/02703_row_policy_database.sql
Normal file
@ -0,0 +1,53 @@
|
||||
-- Tags: no-parallel
|
||||
|
||||
DROP DATABASE IF EXISTS db1_02703;
|
||||
DROP USER IF EXISTS u1_02703;
|
||||
CREATE USER u1_02703;
|
||||
|
||||
CREATE DATABASE db1_02703;
|
||||
|
||||
CREATE TABLE db1_02703.02703_rqtable (x UInt8) ENGINE = MergeTree ORDER BY x;
|
||||
INSERT INTO db1_02703.02703_rqtable VALUES (1), (2), (3), (4);
|
||||
|
||||
|
||||
SELECT '-- database level policies';
|
||||
CREATE ROW POLICY db1_02703 ON db1_02703.* USING 1 AS PERMISSIVE TO ALL;
|
||||
CREATE ROW POLICY tbl1_02703 ON db1_02703.table USING 1 AS PERMISSIVE TO ALL;
|
||||
SELECT ' -- SHOW CREATE POLICY db1_02703 ON db1_02703.*';
|
||||
SHOW CREATE POLICY db1_02703 ON db1_02703.*;
|
||||
SELECT ' -- SHOW CREATE POLICY ON db1_02703.*';
|
||||
SHOW CREATE POLICY ON db1_02703.*;
|
||||
SELECT ' -- SHOW CREATE POLICY ON db1_02703.`*`';
|
||||
SHOW CREATE POLICY ON db1_02703.`*`;
|
||||
DROP POLICY db1_02703 ON db1_02703.*;
|
||||
DROP POLICY tbl1_02703 ON db1_02703.table;
|
||||
|
||||
CREATE ROW POLICY any_02703 ON *.some_table USING 1 AS PERMISSIVE TO ALL; -- { clientError 62 }
|
||||
|
||||
CREATE TABLE 02703_rqtable_default (x UInt8) ENGINE = MergeTree ORDER BY x;
|
||||
|
||||
CREATE ROW POLICY 02703_filter_11_db ON * USING x=1 AS permissive TO ALL;
|
||||
CREATE ROW POLICY 02703_filter_11 ON 02703_rqtable_default USING x=2 AS permissive TO ALL;
|
||||
|
||||
INSERT INTO 02703_rqtable_default VALUES (1), (2), (3), (4);
|
||||
|
||||
SELECT 'R1, R2: (x == 1) OR (x == 2)';
|
||||
SELECT * FROM 02703_rqtable_default;
|
||||
|
||||
DROP TABLE 02703_rqtable_default;
|
||||
|
||||
SELECT 'Check system.query_log';
|
||||
SYSTEM FLUSH LOGS;
|
||||
SELECT query, used_row_policies FROM system.query_log WHERE current_database == currentDatabase() AND type == 'QueryStart' AND query_kind == 'Select' ORDER BY event_time_microseconds;
|
||||
|
||||
DROP ROW POLICY 02703_filter_11_db ON *;
|
||||
DROP ROW POLICY 02703_filter_11 ON 02703_rqtable_default;
|
||||
|
||||
USE db1_02703;
|
||||
SELECT ' -- CREATE DATABSE-LEVEL POLICY ON IN CURRENT DATABASE';
|
||||
CREATE ROW POLICY db2_02703 ON * TO u1_02703;
|
||||
SHOW CREATE POLICY db2_02703 ON *;
|
||||
|
||||
DROP ROW POLICY db2_02703 ON *;
|
||||
|
||||
DROP USER u1_02703;
|
||||
@ -1,88 +0,0 @@
|
||||
-- Tags: no-parallel
|
||||
|
||||
DROP DATABASE IF EXISTS 25341_db;
|
||||
CREATE DATABASE 25341_db;
|
||||
DROP TABLE IF EXISTS 25341_db.25341_rptable;
|
||||
DROP TABLE IF EXISTS 25341_db.25341_rptable_another;
|
||||
CREATE TABLE 25341_db.25341_rptable (x UInt8, y UInt8) ENGINE = MergeTree ORDER BY x;
|
||||
|
||||
INSERT INTO 25341_db.25341_rptable VALUES (1, 10), (2, 20), (3, 30), (4, 40);
|
||||
|
||||
CREATE TABLE 25341_db.25341_rptable_another ENGINE = MergeTree ORDER BY x AS SELECT * FROM 25341_db.25341_rptable;
|
||||
|
||||
|
||||
DROP ROW POLICY IF EXISTS 25341_filter_1 ON 25341_db.25341_rptable;
|
||||
DROP ROW POLICY IF EXISTS 25341_filter_2 ON 25341_db.*;
|
||||
DROP ROW POLICY IF EXISTS 25341_filter_3 ON 25341_db.25341_rptable;
|
||||
DROP ROW POLICY IF EXISTS 25341_filter_4 ON 25341_db.25341_rptable;
|
||||
DROP ROW POLICY IF EXISTS 25341_filter_5 ON 25341_db.*;
|
||||
|
||||
-- the test assumes users_without_row_policies_can_read_rows is true
|
||||
|
||||
SELECT 'None';
|
||||
SELECT * FROM 25341_db.25341_rptable;
|
||||
|
||||
CREATE ROW POLICY 25341_filter_1 ON 25341_db.25341_rptable USING x=1 AS permissive TO ALL;
|
||||
SELECT 'R1: x == 1';
|
||||
SELECT * FROM 25341_db.25341_rptable;
|
||||
|
||||
CREATE ROW POLICY 25341_filter_2 ON 25341_db.* USING x=2 AS permissive TO ALL;
|
||||
SELECT 'R1, R2: (x == 1) OR (x == 2)';
|
||||
SELECT * FROM 25341_db.25341_rptable;
|
||||
|
||||
SELECT 'R1, R2: (x == 2) FROM ANOTHER';
|
||||
SELECT * FROM 25341_db.25341_rptable_another;
|
||||
|
||||
CREATE ROW POLICY 25341_filter_3 ON 25341_db.25341_rptable USING x=3 AS permissive TO ALL;
|
||||
SELECT 'R1, R2, R3: (x == 1) OR (x == 2) OR (x == 3)';
|
||||
SELECT * FROM 25341_db.25341_rptable;
|
||||
|
||||
CREATE ROW POLICY 25341_filter_4 ON 25341_db.25341_rptable USING x<=2 AS restrictive TO ALL;
|
||||
SELECT 'R1, R2, R3, R4: ((x == 1) OR (x == 2) OR (x == 3)) AND (x <= 2)';
|
||||
SELECT * FROM 25341_db.25341_rptable;
|
||||
|
||||
CREATE ROW POLICY 25341_filter_5 ON 25341_db.* USING y>=20 AS restrictive TO ALL;
|
||||
SELECT 'R1, R2, R3, R4, R5: ((x == 1) OR (x == 2) OR (x == 3)) AND (x <= 2) AND (y >= 20)';
|
||||
SELECT * FROM 25341_db.25341_rptable;
|
||||
|
||||
CREATE TABLE 25341_db.25341_after_rp ENGINE = MergeTree ORDER BY x AS SELECT * FROM 25341_db.25341_rptable;
|
||||
SELECT * FROM 25341_db.25341_after_rp;
|
||||
|
||||
-- does not matter if policies or table are created first
|
||||
SELECT 'R1, R2, R3, R4, R5: (x == 2) AND (y >= 20) FROM AFTER_RP';
|
||||
SELECT * FROM 25341_db.25341_after_rp;
|
||||
|
||||
SELECT 'R1, R2, R3, R4, R5: (x == 2) AND (y >= 20) FROM ANOTHER';
|
||||
SELECT * FROM 25341_db.25341_rptable_another;
|
||||
|
||||
DROP ROW POLICY 25341_filter_1 ON 25341_db.25341_rptable;
|
||||
SELECT 'R2, R3, R4, R5: ((x == 2) OR (x == 3)) AND (x <= 2) AND (y >= 20)';
|
||||
SELECT * FROM 25341_db.25341_rptable;
|
||||
|
||||
DROP ROW POLICY 25341_filter_2 ON 25341_db.*;
|
||||
SELECT 'R3, R4, R5: (x == 3) AND (x <= 2) AND (y >= 20)';
|
||||
SELECT * FROM 25341_db.25341_rptable;
|
||||
|
||||
DROP ROW POLICY 25341_filter_3 ON 25341_db.25341_rptable;
|
||||
SELECT 'R4, R5: (x <= 2) AND (y >= 20)';
|
||||
SELECT * FROM 25341_db.25341_rptable;
|
||||
|
||||
DROP ROW POLICY 25341_filter_4 ON 25341_db.25341_rptable;
|
||||
SELECT 'R5: (x >= 2)';
|
||||
SELECT * FROM 25341_db.25341_rptable;
|
||||
|
||||
CREATE TABLE 25341_db.25341_unexpected_columns (xx UInt8, yy UInt8) ENGINE = MergeTree ORDER BY xx;
|
||||
SELECT 'Policy not applicable';
|
||||
SELECT * FROM 25341_db.25341_unexpected_columns; -- { serverError 47 } -- Missing columns: 'x' while processing query
|
||||
|
||||
DROP ROW POLICY 25341_filter_5 ON 25341_db.*;
|
||||
SELECT 'None';
|
||||
SELECT * FROM 25341_db.25341_rptable;
|
||||
|
||||
SELECT 'No problematic policy, select works';
|
||||
SELECT 'Ok' FROM 25341_db.25341_unexpected_columns;
|
||||
|
||||
DROP TABLE 25341_db.25341_rptable;
|
||||
DROP TABLE 25341_db.25341_rptable_another;
|
||||
DROP TABLE 25341_db.25341_unexpected_columns;
|
||||
DROP DATABASE 25341_db;
|
||||
@ -1,22 +0,0 @@
|
||||
-- database level policies
|
||||
-- SHOW CREATE POLICY db1_25341 ON db1_25341.*
|
||||
CREATE ROW POLICY db1_25341 ON db1_25341.`*` FOR SELECT USING 1 TO ALL
|
||||
-- SHOW CREATE POLICY ON db1_25341.*
|
||||
CREATE ROW POLICY `25341_filter_11` ON db1_25341.`25341_rqtable` FOR SELECT USING x = 2 TO ALL
|
||||
CREATE ROW POLICY db1_25341 ON db1_25341.`*` FOR SELECT USING 1 TO ALL
|
||||
CREATE ROW POLICY tbl1_25341 ON db1_25341.table FOR SELECT USING 1 TO ALL
|
||||
-- SHOW CREATE POLICY ON db1_25341.`*`
|
||||
CREATE ROW POLICY db1_25341 ON db1_25341.`*` FOR SELECT USING 1 TO ALL
|
||||
R1, R2: (x == 1) OR (x == 2)
|
||||
1
|
||||
2
|
||||
Check system.query_log
|
||||
SELECT \'-- database level policies\'; []
|
||||
SELECT \' -- SHOW CREATE POLICY db1_25341 ON db1_25341.*\'; []
|
||||
SELECT \' -- SHOW CREATE POLICY ON db1_25341.*\'; []
|
||||
SELECT \' -- SHOW CREATE POLICY ON db1_25341.`*`\'; []
|
||||
SELECT \'R1, R2: (x == 1) OR (x == 2)\'; []
|
||||
SELECT * FROM 25341_rqtable_default; ['`25341_filter_11_db` ON default.`*`','`25341_filter_11` ON default.`25341_rqtable_default`']
|
||||
SELECT \'Check system.query_log\'; []
|
||||
-- CREATE DATABSE-LEVEL POLICY ON IN CURRENT DATABASE
|
||||
CREATE ROW POLICY db2_25341 ON db1_25341.`*` TO u1_25341
|
||||
@ -1,53 +0,0 @@
|
||||
-- Tags: no-parallel
|
||||
|
||||
DROP DATABASE IF EXISTS db1_25341;
|
||||
DROP USER IF EXISTS u1_25341;
|
||||
CREATE USER u1_25341;
|
||||
|
||||
CREATE DATABASE db1_25341;
|
||||
|
||||
CREATE TABLE db1_25341.25341_rqtable (x UInt8) ENGINE = MergeTree ORDER BY x;
|
||||
INSERT INTO db1_25341.25341_rqtable VALUES (1), (2), (3), (4);
|
||||
|
||||
|
||||
SELECT '-- database level policies';
|
||||
CREATE ROW POLICY db1_25341 ON db1_25341.* USING 1 AS PERMISSIVE TO ALL;
|
||||
CREATE ROW POLICY tbl1_25341 ON db1_25341.table USING 1 AS PERMISSIVE TO ALL;
|
||||
SELECT ' -- SHOW CREATE POLICY db1_25341 ON db1_25341.*';
|
||||
SHOW CREATE POLICY db1_25341 ON db1_25341.*;
|
||||
SELECT ' -- SHOW CREATE POLICY ON db1_25341.*';
|
||||
SHOW CREATE POLICY ON db1_25341.*;
|
||||
SELECT ' -- SHOW CREATE POLICY ON db1_25341.`*`';
|
||||
SHOW CREATE POLICY ON db1_25341.`*`;
|
||||
DROP POLICY db1_25341 ON db1_25341.*;
|
||||
DROP POLICY tbl1_25341 ON db1_25341.table;
|
||||
|
||||
CREATE ROW POLICY any_25341 ON *.some_table USING 1 AS PERMISSIVE TO ALL; -- { clientError 62 }
|
||||
|
||||
CREATE TABLE 25341_rqtable_default (x UInt8) ENGINE = MergeTree ORDER BY x;
|
||||
|
||||
CREATE ROW POLICY 25341_filter_11_db ON * USING x=1 AS permissive TO ALL;
|
||||
CREATE ROW POLICY 25341_filter_11 ON 25341_rqtable_default USING x=2 AS permissive TO ALL;
|
||||
|
||||
INSERT INTO 25341_rqtable_default VALUES (1), (2), (3), (4);
|
||||
|
||||
SELECT 'R1, R2: (x == 1) OR (x == 2)';
|
||||
SELECT * FROM 25341_rqtable_default;
|
||||
|
||||
DROP TABLE 25341_rqtable_default;
|
||||
|
||||
SELECT 'Check system.query_log';
|
||||
SYSTEM FLUSH LOGS;
|
||||
SELECT query, used_row_policies FROM system.query_log WHERE current_database == currentDatabase() AND type == 'QueryStart' AND query_kind == 'Select' ORDER BY event_time_microseconds;
|
||||
|
||||
DROP ROW POLICY 25341_filter_11_db ON *;
|
||||
DROP ROW POLICY 25341_filter_11 ON 25341_rqtable_default;
|
||||
|
||||
USE db1_25341;
|
||||
SELECT ' -- CREATE DATABSE-LEVEL POLICY ON IN CURRENT DATABASE';
|
||||
CREATE ROW POLICY db2_25341 ON * TO u1_25341;
|
||||
SHOW CREATE POLICY db2_25341 ON *;
|
||||
|
||||
DROP ROW POLICY db2_25341 ON *;
|
||||
|
||||
DROP USER u1_25341;
|
||||
Loading…
Reference in New Issue
Block a user