Add tests.

This commit is contained in:
Vitaly Baranov 2022-07-11 18:22:21 +02:00
parent c7cef91d4d
commit 5691a859d6
5 changed files with 375 additions and 0 deletions

View File

@ -1,5 +1,7 @@
<clickhouse> <clickhouse>
<access_control_improvements> <access_control_improvements>
<users_without_row_policies_can_read_rows remove="remove"/> <users_without_row_policies_can_read_rows remove="remove"/>
<select_from_system_db_requires_grant remove="remove"/>
<select_from_information_schema_requires_grant remove="remove"/>
</access_control_improvements> </access_control_improvements>
</clickhouse> </clickhouse>

View File

@ -13,6 +13,9 @@
</networks> </networks>
<profile>default</profile> <profile>default</profile>
<quota>default</quota> <quota>default</quota>
<allow_databases>
<database>mydb</database>
</allow_databases>
</another> </another>
</users> </users>
</clickhouse> </clickhouse>

View File

@ -0,0 +1,162 @@
import os
import pytest
from helpers.cluster import ClickHouseCluster
from helpers.test_tools import TSV
cluster = ClickHouseCluster(__file__)
node = cluster.add_instance(
"node",
main_configs=["configs/config.d/disable_access_control_improvements.xml"],
user_configs=[
"configs/users.d/another_user.xml",
],
)
@pytest.fixture(scope="module", autouse=True)
def started_cluster():
try:
cluster.start()
node.query("CREATE DATABASE mydb")
node.query("CREATE TABLE mydb.table1(x UInt32) ENGINE=Log")
node.query("CREATE TABLE table2(x UInt32) ENGINE=Log")
yield cluster
finally:
cluster.shutdown()
@pytest.fixture(autouse=True)
def reset_after_test():
try:
node.query("CREATE USER OR REPLACE sqluser")
yield
finally:
pass
def test_system_db():
assert node.query("SELECT count()>0 FROM system.settings") == "1\n"
assert node.query("SELECT count()>0 FROM system.users") == "1\n"
assert node.query("SELECT count()>0 FROM system.clusters") == "1\n"
assert node.query("SELECT count() FROM system.tables WHERE name='table1'") == "1\n"
assert node.query("SELECT count() FROM system.tables WHERE name='table2'") == "1\n"
assert node.query("SELECT count()>0 FROM system.settings", user="another") == "1\n"
expected_error = "necessary to have grant SHOW USERS ON *.*"
assert expected_error in node.query_and_get_error(
"SELECT count()>0 FROM system.users", user="another"
)
assert node.query("SELECT count()>0 FROM system.clusters", user="another") == "1\n"
assert (
node.query(
"SELECT count() FROM system.tables WHERE name='table1'", user="another"
)
== "1\n"
)
assert (
node.query(
"SELECT count() FROM system.tables WHERE name='table2'", user="another"
)
== "0\n"
)
assert node.query("SELECT count()>0 FROM system.settings", user="sqluser") == "1\n"
expected_error = "necessary to have grant SHOW USERS ON *.*"
assert expected_error in node.query_and_get_error(
"SELECT count()>0 FROM system.users", user="sqluser"
)
assert node.query("SELECT count()>0 FROM system.clusters", user="sqluser") == "1\n"
assert (
node.query(
"SELECT count() FROM system.tables WHERE name='table1'", user="sqluser"
)
== "0\n"
)
assert (
node.query(
"SELECT count() FROM system.tables WHERE name='table2'", user="sqluser"
)
== "0\n"
)
node.query("GRANT SHOW USERS ON *.* TO sqluser")
node.query("GRANT SHOW ON mydb.table1 TO sqluser")
node.query("GRANT SHOW ON table2 TO sqluser")
assert node.query("SELECT count()>0 FROM system.settings", user="sqluser") == "1\n"
assert node.query("SELECT count()>0 FROM system.users", user="sqluser") == "1\n"
assert node.query("SELECT count()>0 FROM system.clusters", user="sqluser") == "1\n"
assert (
node.query(
"SELECT count() FROM system.tables WHERE name='table1'", user="sqluser"
)
== "1\n"
)
assert (
node.query(
"SELECT count() FROM system.tables WHERE name='table2'", user="sqluser"
)
== "1\n"
)
def test_information_schema():
assert (
node.query(
"SELECT count() FROM information_schema.tables WHERE table_name='table1'"
)
== "1\n"
)
assert (
node.query(
"SELECT count() FROM information_schema.tables WHERE table_name='table2'"
)
== "1\n"
)
assert (
node.query(
"SELECT count() FROM information_schema.tables WHERE table_name='table1'",
user="another",
)
== "1\n"
)
assert (
node.query(
"SELECT count() FROM information_schema.tables WHERE table_name='table2'",
user="another",
)
== "0\n"
)
assert (
node.query(
"SELECT count() FROM information_schema.tables WHERE table_name='table1'",
user="sqluser",
)
== "0\n"
)
assert (
node.query(
"SELECT count() FROM information_schema.tables WHERE table_name='table2'",
user="sqluser",
)
== "0\n"
)
node.query("GRANT SHOW ON mydb.table1 TO sqluser")
node.query("GRANT SHOW ON table2 TO sqluser")
assert (
node.query(
"SELECT count() FROM information_schema.tables WHERE table_name='table1'",
user="sqluser",
)
== "1\n"
)
assert (
node.query(
"SELECT count() FROM information_schema.tables WHERE table_name='table2'",
user="sqluser",
)
== "1\n"
)

View File

@ -0,0 +1,16 @@
<?xml version="1.0"?>
<clickhouse>
<users>
<another>
<password/>
<networks>
<ip>::/0</ip>
</networks>
<profile>default</profile>
<quota>default</quota>
<allow_databases>
<database>mydb</database>
</allow_databases>
</another>
</users>
</clickhouse>

View File

@ -0,0 +1,192 @@
import os
import pytest
from helpers.cluster import ClickHouseCluster
from helpers.test_tools import TSV
cluster = ClickHouseCluster(__file__)
node = cluster.add_instance(
"node",
user_configs=[
"configs/another_user.xml",
],
)
@pytest.fixture(scope="module", autouse=True)
def started_cluster():
try:
cluster.start()
node.query("CREATE DATABASE mydb")
node.query("CREATE TABLE mydb.table1(x UInt32) ENGINE=Log")
node.query("CREATE TABLE table2(x UInt32) ENGINE=Log")
yield cluster
finally:
cluster.shutdown()
@pytest.fixture(autouse=True)
def reset_after_test():
try:
node.query("CREATE USER OR REPLACE sqluser")
yield
finally:
pass
def test_system_db():
assert node.query("SELECT count()>0 FROM system.settings") == "1\n"
assert node.query("SELECT count()>0 FROM system.users") == "1\n"
assert node.query("SELECT count()>0 FROM system.clusters") == "1\n"
assert node.query("SELECT count() FROM system.tables WHERE name='table1'") == "1\n"
assert node.query("SELECT count() FROM system.tables WHERE name='table2'") == "1\n"
assert node.query("SELECT count()>0 FROM system.settings", user="another") == "1\n"
expected_error = (
"necessary to have grant SELECT for at least one column on system.users"
)
assert expected_error in node.query_and_get_error(
"SELECT count()>0 FROM system.users", user="another"
)
expected_error = (
"necessary to have grant SELECT for at least one column on system.clusters"
)
assert expected_error in node.query_and_get_error(
"SELECT count()>0 FROM system.clusters", user="another"
)
assert (
node.query(
"SELECT count() FROM system.tables WHERE name='table1'", user="another"
)
== "1\n"
)
assert (
node.query(
"SELECT count() FROM system.tables WHERE name='table2'", user="another"
)
== "0\n"
)
assert node.query("SELECT count()>0 FROM system.settings", user="sqluser") == "1\n"
expected_error = (
"necessary to have grant SELECT for at least one column on system.users"
)
assert expected_error in node.query_and_get_error(
"SELECT count()>0 FROM system.users", user="sqluser"
)
expected_error = (
"necessary to have grant SELECT for at least one column on system.clusters"
)
assert node.query_and_get_error(
"SELECT count()>0 FROM system.clusters", user="sqluser"
)
assert (
node.query(
"SELECT count() FROM system.tables WHERE name='table1'", user="sqluser"
)
== "0\n"
)
assert (
node.query(
"SELECT count() FROM system.tables WHERE name='table2'", user="sqluser"
)
== "0\n"
)
node.query("GRANT SELECT ON system.users TO sqluser")
node.query("GRANT SELECT ON system.clusters TO sqluser")
node.query("GRANT SHOW ON mydb.table1 TO sqluser")
node.query("GRANT SHOW ON table2 TO sqluser")
assert node.query("SELECT count()>0 FROM system.settings", user="sqluser") == "1\n"
assert node.query("SELECT count()>0 FROM system.users", user="sqluser") == "1\n"
assert node.query("SELECT count()>0 FROM system.clusters", user="sqluser") == "1\n"
assert (
node.query(
"SELECT count() FROM system.tables WHERE name='table1'", user="sqluser"
)
== "1\n"
)
assert (
node.query(
"SELECT count() FROM system.tables WHERE name='table2'", user="sqluser"
)
== "1\n"
)
node.query("REVOKE ALL ON *.* FROM sqluser")
node.query("GRANT SHOW USERS ON *.* TO sqluser")
assert node.query("SELECT count()>0 FROM system.users", user="sqluser") == "1\n"
def test_information_schema():
assert (
node.query(
"SELECT count() FROM information_schema.tables WHERE table_name='table1'"
)
== "1\n"
)
assert (
node.query(
"SELECT count() FROM information_schema.tables WHERE table_name='table2'"
)
== "1\n"
)
expected_error = (
"necessary to have grant SELECT(table_name) ON information_schema.tables"
)
assert expected_error in node.query_and_get_error(
"SELECT count() FROM information_schema.tables WHERE table_name='table1'",
user="another",
)
assert expected_error in node.query_and_get_error(
"SELECT count() FROM information_schema.tables WHERE table_name='table2'",
user="another",
)
assert expected_error in node.query_and_get_error(
"SELECT count() FROM information_schema.tables WHERE table_name='table1'",
user="sqluser",
)
assert expected_error in node.query_and_get_error(
"SELECT count() FROM information_schema.tables WHERE table_name='table2'",
user="sqluser",
)
node.query("GRANT SELECT ON information_schema.* TO sqluser")
assert (
node.query(
"SELECT count() FROM information_schema.tables WHERE table_name='table1'",
user="sqluser",
)
== "0\n"
)
assert (
node.query(
"SELECT count() FROM information_schema.tables WHERE table_name='table2'",
user="sqluser",
)
== "0\n"
)
node.query("GRANT SHOW ON mydb.table1 TO sqluser")
node.query("GRANT SHOW ON table2 TO sqluser")
assert (
node.query(
"SELECT count() FROM information_schema.tables WHERE table_name='table1'",
user="sqluser",
)
== "1\n"
)
assert (
node.query(
"SELECT count() FROM information_schema.tables WHERE table_name='table2'",
user="sqluser",
)
== "1\n"
)