mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-12-17 20:02:05 +00:00
Rename storages users.xml=>users_xml, disk=>local_directory.
This commit is contained in:
parent
a77b262444
commit
ad03ff3887
@ -114,7 +114,7 @@ private:
|
||||
|
||||
|
||||
AccessControlManager::AccessControlManager()
|
||||
: MultipleAccessStorage(createStorages()),
|
||||
: MultipleAccessStorage("user directories", createStorages()),
|
||||
context_access_cache(std::make_unique<ContextAccessCache>(*this)),
|
||||
role_cache(std::make_unique<RoleCache>(*this)),
|
||||
row_policy_cache(std::make_unique<RowPolicyCache>(*this)),
|
||||
|
@ -296,7 +296,7 @@ namespace
|
||||
|
||||
|
||||
DiskAccessStorage::DiskAccessStorage()
|
||||
: IAccessStorage("disk")
|
||||
: IAccessStorage("local directory")
|
||||
{
|
||||
}
|
||||
|
||||
|
@ -432,14 +432,14 @@ Poco::Logger * IAccessStorage::getLogger() const
|
||||
|
||||
void IAccessStorage::throwNotFound(const UUID & id) const
|
||||
{
|
||||
throw Exception(outputID(id) + " not found in [" + getStorageName() + "]", ErrorCodes::ACCESS_ENTITY_NOT_FOUND);
|
||||
throw Exception(outputID(id) + " not found in " + getStorageName(), ErrorCodes::ACCESS_ENTITY_NOT_FOUND);
|
||||
}
|
||||
|
||||
|
||||
void IAccessStorage::throwNotFound(EntityType type, const String & name) const
|
||||
{
|
||||
int error_code = EntityTypeInfo::get(type).not_found_error_code;
|
||||
throw Exception("There is no " + outputEntityTypeAndName(type, name) + " in [" + getStorageName() + "]", error_code);
|
||||
throw Exception("There is no " + outputEntityTypeAndName(type, name) + " in " + getStorageName(), error_code);
|
||||
}
|
||||
|
||||
|
||||
@ -455,7 +455,7 @@ void IAccessStorage::throwIDCollisionCannotInsert(const UUID & id, EntityType ty
|
||||
{
|
||||
throw Exception(
|
||||
outputEntityTypeAndName(type, name) + ": cannot insert because the " + outputID(id) + " is already used by "
|
||||
+ outputEntityTypeAndName(existing_type, existing_name) + " in [" + getStorageName() + "]",
|
||||
+ outputEntityTypeAndName(existing_type, existing_name) + " in " + getStorageName(),
|
||||
ErrorCodes::ACCESS_ENTITY_ALREADY_EXISTS);
|
||||
}
|
||||
|
||||
@ -463,8 +463,8 @@ void IAccessStorage::throwIDCollisionCannotInsert(const UUID & id, EntityType ty
|
||||
void IAccessStorage::throwNameCollisionCannotInsert(EntityType type, const String & name) const
|
||||
{
|
||||
throw Exception(
|
||||
outputEntityTypeAndName(type, name) + ": cannot insert because " + outputEntityTypeAndName(type, name) + " already exists in ["
|
||||
+ getStorageName() + "]",
|
||||
outputEntityTypeAndName(type, name) + ": cannot insert because " + outputEntityTypeAndName(type, name) + " already exists in "
|
||||
+ getStorageName(),
|
||||
ErrorCodes::ACCESS_ENTITY_ALREADY_EXISTS);
|
||||
}
|
||||
|
||||
@ -473,7 +473,7 @@ void IAccessStorage::throwNameCollisionCannotRename(EntityType type, const Strin
|
||||
{
|
||||
throw Exception(
|
||||
outputEntityTypeAndName(type, old_name) + ": cannot rename to " + backQuote(new_name) + " because "
|
||||
+ outputEntityTypeAndName(type, new_name) + " already exists in [" + getStorageName() + "]",
|
||||
+ outputEntityTypeAndName(type, new_name) + " already exists in " + getStorageName(),
|
||||
ErrorCodes::ACCESS_ENTITY_ALREADY_EXISTS);
|
||||
}
|
||||
|
||||
@ -481,7 +481,7 @@ void IAccessStorage::throwNameCollisionCannotRename(EntityType type, const Strin
|
||||
void IAccessStorage::throwReadonlyCannotInsert(EntityType type, const String & name) const
|
||||
{
|
||||
throw Exception(
|
||||
"Cannot insert " + outputEntityTypeAndName(type, name) + " to [" + getStorageName() + "] because this storage is readonly",
|
||||
"Cannot insert " + outputEntityTypeAndName(type, name) + " to " + getStorageName() + " because this storage is readonly",
|
||||
ErrorCodes::ACCESS_STORAGE_READONLY);
|
||||
}
|
||||
|
||||
@ -489,7 +489,7 @@ void IAccessStorage::throwReadonlyCannotInsert(EntityType type, const String & n
|
||||
void IAccessStorage::throwReadonlyCannotUpdate(EntityType type, const String & name) const
|
||||
{
|
||||
throw Exception(
|
||||
"Cannot update " + outputEntityTypeAndName(type, name) + " in [" + getStorageName() + "] because this storage is readonly",
|
||||
"Cannot update " + outputEntityTypeAndName(type, name) + " in " + getStorageName() + " because this storage is readonly",
|
||||
ErrorCodes::ACCESS_STORAGE_READONLY);
|
||||
}
|
||||
|
||||
@ -497,7 +497,7 @@ void IAccessStorage::throwReadonlyCannotUpdate(EntityType type, const String & n
|
||||
void IAccessStorage::throwReadonlyCannotRemove(EntityType type, const String & name) const
|
||||
{
|
||||
throw Exception(
|
||||
"Cannot remove " + outputEntityTypeAndName(type, name) + " from [" + getStorageName() + "] because this storage is readonly",
|
||||
"Cannot remove " + outputEntityTypeAndName(type, name) + " from " + getStorageName() + " because this storage is readonly",
|
||||
ErrorCodes::ACCESS_STORAGE_READONLY);
|
||||
}
|
||||
}
|
||||
|
@ -12,26 +12,10 @@ namespace ErrorCodes
|
||||
}
|
||||
|
||||
|
||||
namespace
|
||||
{
|
||||
template <typename StoragePtrT>
|
||||
String joinStorageNames(const std::vector<StoragePtrT> & storages)
|
||||
{
|
||||
String result;
|
||||
for (const auto & storage : storages)
|
||||
{
|
||||
if (!result.empty())
|
||||
result += ", ";
|
||||
result += storage->getStorageName();
|
||||
}
|
||||
return result;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
MultipleAccessStorage::MultipleAccessStorage(
|
||||
const String & storage_name_,
|
||||
std::vector<std::unique_ptr<Storage>> nested_storages_)
|
||||
: IAccessStorage(joinStorageNames(nested_storages_))
|
||||
: IAccessStorage(storage_name_)
|
||||
, nested_storages(std::move(nested_storages_))
|
||||
, ids_cache(512 /* cache size */)
|
||||
{
|
||||
|
@ -13,7 +13,7 @@ class MultipleAccessStorage : public IAccessStorage
|
||||
public:
|
||||
using Storage = IAccessStorage;
|
||||
|
||||
MultipleAccessStorage(std::vector<std::unique_ptr<Storage>> nested_storages_);
|
||||
MultipleAccessStorage(const String & storage_name_, std::vector<std::unique_ptr<Storage>> nested_storages_);
|
||||
|
||||
const Storage * findStorage(const UUID & id) const;
|
||||
Storage * findStorage(const UUID & id);
|
||||
|
@ -200,8 +200,8 @@ def test_introspection():
|
||||
assert expected_access2 in instance.query("SHOW ACCESS")
|
||||
|
||||
assert instance.query("SELECT name, storage, auth_type, auth_params, host_ip, host_names, host_names_regexp, host_names_like, default_roles_all, default_roles_list, default_roles_except from system.users WHERE name IN ('A', 'B') ORDER BY name") ==\
|
||||
TSV([[ "A", "disk", "no_password", "{}", "['::/0']", "[]", "[]", "[]", 1, "[]", "[]" ],
|
||||
[ "B", "disk", "no_password", "{}", "['::/0']", "[]", "[]", "[]", 1, "[]", "[]" ]])
|
||||
TSV([[ "A", "local directory", "no_password", "{}", "['::/0']", "[]", "[]", "[]", 1, "[]", "[]" ],
|
||||
[ "B", "local directory", "no_password", "{}", "['::/0']", "[]", "[]", "[]", 1, "[]", "[]" ]])
|
||||
|
||||
assert instance.query("SELECT * from system.grants WHERE user_name IN ('A', 'B') ORDER BY user_name, access_type, grant_option") ==\
|
||||
TSV([[ "A", "\N", "SELECT", "test", "table", "\N", 0, 0 ],
|
||||
|
@ -177,8 +177,8 @@ def test_introspection():
|
||||
assert expected_access3 in instance.query("SHOW ACCESS")
|
||||
|
||||
assert instance.query("SELECT name, storage from system.roles WHERE name IN ('R1', 'R2') ORDER BY name") ==\
|
||||
TSV([[ "R1", "disk" ],
|
||||
[ "R2", "disk" ]])
|
||||
TSV([[ "R1", "local directory" ],
|
||||
[ "R2", "local directory" ]])
|
||||
|
||||
assert instance.query("SELECT * from system.grants WHERE user_name IN ('A', 'B') OR role_name IN ('R1', 'R2') ORDER BY user_name, role_name, access_type, grant_option") ==\
|
||||
TSV([[ "A", "\N", "SELECT", "test", "table", "\N", 0, 0 ],
|
||||
|
@ -50,7 +50,7 @@ def test_smoke():
|
||||
assert instance.query("SELECT value FROM system.settings WHERE name = 'max_memory_usage'", user="robin") == "100000001\n"
|
||||
assert "Setting max_memory_usage shouldn't be less than 90000000" in instance.query_and_get_error("SET max_memory_usage = 80000000", user="robin")
|
||||
assert "Setting max_memory_usage shouldn't be greater than 110000000" in instance.query_and_get_error("SET max_memory_usage = 120000000", user="robin")
|
||||
assert system_settings_profile("xyz") == [[ "xyz", "disk", 1, 0, "['robin']", "[]" ]]
|
||||
assert system_settings_profile("xyz") == [[ "xyz", "local directory", 1, 0, "['robin']", "[]" ]]
|
||||
assert system_settings_profile_elements(profile_name="xyz") == [[ "xyz", "\N", "\N", 0, "max_memory_usage", 100000001, 90000000, 110000000, "\N", "\N" ]]
|
||||
|
||||
instance.query("ALTER SETTINGS PROFILE xyz TO NONE")
|
||||
@ -58,7 +58,7 @@ def test_smoke():
|
||||
assert instance.query("SELECT value FROM system.settings WHERE name = 'max_memory_usage'", user="robin") == "10000000000\n"
|
||||
instance.query("SET max_memory_usage = 80000000", user="robin")
|
||||
instance.query("SET max_memory_usage = 120000000", user="robin")
|
||||
assert system_settings_profile("xyz") == [[ "xyz", "disk", 1, 0, "[]", "[]" ]]
|
||||
assert system_settings_profile("xyz") == [[ "xyz", "local directory", 1, 0, "[]", "[]" ]]
|
||||
assert system_settings_profile_elements(user_name="robin") == []
|
||||
|
||||
# Set settings and constraints via CREATE USER ... SETTINGS PROFILE
|
||||
@ -87,7 +87,7 @@ def test_settings_from_granted_role():
|
||||
assert instance.query("SELECT value FROM system.settings WHERE name = 'max_memory_usage'", user="robin") == "100000001\n"
|
||||
assert instance.query("SELECT value FROM system.settings WHERE name = 'max_ast_depth'", user="robin") == "2000\n"
|
||||
assert "Setting max_memory_usage shouldn't be greater than 110000000" in instance.query_and_get_error("SET max_memory_usage = 120000000", user="robin")
|
||||
assert system_settings_profile("xyz") == [[ "xyz", "disk", 2, 0, "[]", "[]" ]]
|
||||
assert system_settings_profile("xyz") == [[ "xyz", "local directory", 2, 0, "[]", "[]" ]]
|
||||
assert system_settings_profile_elements(profile_name="xyz") == [[ "xyz", "\N", "\N", 0, "max_memory_usage", 100000001, "\N", 110000000, "\N", "\N" ],
|
||||
[ "xyz", "\N", "\N", 1, "max_ast_depth", 2000, "\N", "\N", "\N", "\N" ]]
|
||||
assert system_settings_profile_elements(role_name="worker") == [[ "\N", "\N", "worker", 0, "\N", "\N", "\N", "\N", "\N", "xyz" ]]
|
||||
@ -108,13 +108,13 @@ def test_settings_from_granted_role():
|
||||
assert instance.query("SHOW CREATE SETTINGS PROFILE xyz") == "CREATE SETTINGS PROFILE xyz SETTINGS max_memory_usage = 100000001 MAX 110000000, max_ast_depth = 2000 TO worker\n"
|
||||
assert instance.query("SELECT value FROM system.settings WHERE name = 'max_memory_usage'", user="robin") == "100000001\n"
|
||||
assert "Setting max_memory_usage shouldn't be greater than 110000000" in instance.query_and_get_error("SET max_memory_usage = 120000000", user="robin")
|
||||
assert system_settings_profile("xyz") == [[ "xyz", "disk", 2, 0, "['worker']", "[]" ]]
|
||||
assert system_settings_profile("xyz") == [[ "xyz", "local directory", 2, 0, "['worker']", "[]" ]]
|
||||
|
||||
instance.query("ALTER SETTINGS PROFILE xyz TO NONE")
|
||||
assert instance.query("SHOW CREATE SETTINGS PROFILE xyz") == "CREATE SETTINGS PROFILE xyz SETTINGS max_memory_usage = 100000001 MAX 110000000, max_ast_depth = 2000\n"
|
||||
assert instance.query("SELECT value FROM system.settings WHERE name = 'max_memory_usage'", user="robin") == "10000000000\n"
|
||||
instance.query("SET max_memory_usage = 120000000", user="robin")
|
||||
assert system_settings_profile("xyz") == [[ "xyz", "disk", 2, 0, "[]", "[]" ]]
|
||||
assert system_settings_profile("xyz") == [[ "xyz", "local directory", 2, 0, "[]", "[]" ]]
|
||||
|
||||
|
||||
def test_inheritance():
|
||||
@ -125,9 +125,9 @@ def test_inheritance():
|
||||
assert instance.query("SELECT value FROM system.settings WHERE name = 'max_memory_usage'", user="robin") == "100000002\n"
|
||||
assert "Setting max_memory_usage should not be changed" in instance.query_and_get_error("SET max_memory_usage = 80000000", user="robin")
|
||||
|
||||
assert system_settings_profile("xyz") == [[ "xyz", "disk", 1, 0, "[]", "[]" ]]
|
||||
assert system_settings_profile("xyz") == [[ "xyz", "local directory", 1, 0, "[]", "[]" ]]
|
||||
assert system_settings_profile_elements(profile_name="xyz") == [[ "xyz", "\N", "\N", 0, "max_memory_usage", 100000002, "\N", "\N", 1, "\N" ]]
|
||||
assert system_settings_profile("alpha") == [[ "alpha", "disk", 1, 0, "['robin']", "[]" ]]
|
||||
assert system_settings_profile("alpha") == [[ "alpha", "local directory", 1, 0, "['robin']", "[]" ]]
|
||||
assert system_settings_profile_elements(profile_name="alpha") == [[ "alpha", "\N", "\N", 0, "\N", "\N", "\N", "\N", "\N", "xyz" ]]
|
||||
assert system_settings_profile_elements(user_name="robin") == []
|
||||
|
||||
|
@ -104,10 +104,10 @@ CREATE USER u2_01292 DEFAULT ROLE r1_01292, r2_01292 SETTINGS readonly = 1
|
||||
CREATE USER u3_01292 HOST LIKE \'%.%.myhost.com\' DEFAULT ROLE r1_01292, r2_01292
|
||||
CREATE USER u4_01292 HOST LIKE \'%.%.myhost.com\' DEFAULT ROLE r1_01292, r2_01292
|
||||
-- system.users
|
||||
u1_01292 disk plaintext_password {} [] ['localhost'] [] [] 1 [] []
|
||||
u2_01292 disk no_password {} [] [] [] ['%.%.myhost.com'] 0 [] []
|
||||
u3_01292 disk sha256_password {} ['192.169.1.1','192.168.0.0/16'] ['localhost'] [] [] 0 ['r1_01292'] []
|
||||
u4_01292 disk double_sha1_password {} ['::/0'] [] [] [] 1 [] ['r1_01292']
|
||||
u1_01292 local directory plaintext_password {} [] ['localhost'] [] [] 1 [] []
|
||||
u2_01292 local directory no_password {} [] [] [] ['%.%.myhost.com'] 0 [] []
|
||||
u3_01292 local directory sha256_password {} ['192.169.1.1','192.168.0.0/16'] ['localhost'] [] [] 0 ['r1_01292'] []
|
||||
u4_01292 local directory double_sha1_password {} ['::/0'] [] [] [] 1 [] ['r1_01292']
|
||||
-- system.settings_profile_elements
|
||||
\N u1_01292 \N 0 readonly 1 \N \N \N \N
|
||||
\N u2_01292 \N 0 \N \N \N \N \N default
|
||||
|
@ -28,7 +28,7 @@ CREATE ROLE r2_01293
|
||||
CREATE ROLE r1_01293 SETTINGS readonly = 1
|
||||
CREATE ROLE r2_01293 SETTINGS readonly = 1
|
||||
-- system.roles
|
||||
r1_01293 disk
|
||||
r1_01293 local directory
|
||||
-- system.settings_profile_elements
|
||||
\N \N r1_01293 0 readonly 1 \N \N \N \N
|
||||
\N \N r2_01293 0 \N \N \N \N \N default
|
||||
|
@ -42,11 +42,11 @@ CREATE SETTINGS PROFILE s2_01294 SETTINGS max_memory_usage = 6000000 TO r1_01294
|
||||
CREATE SETTINGS PROFILE s3_01294 SETTINGS max_memory_usage = 6000000 TO r1_01294
|
||||
CREATE SETTINGS PROFILE s4_01294 TO r1_01294
|
||||
-- system.settings_profiles
|
||||
s1_01294 disk 0 0 [] []
|
||||
s2_01294 disk 1 0 ['r1_01294'] []
|
||||
s3_01294 disk 1 0 ['r1_01294'] []
|
||||
s4_01294 disk 1 0 ['r1_01294'] []
|
||||
s5_01294 disk 3 1 [] ['r1_01294']
|
||||
s1_01294 local directory 0 0 [] []
|
||||
s2_01294 local directory 1 0 ['r1_01294'] []
|
||||
s3_01294 local directory 1 0 ['r1_01294'] []
|
||||
s4_01294 local directory 1 0 ['r1_01294'] []
|
||||
s5_01294 local directory 3 1 [] ['r1_01294']
|
||||
-- system.settings_profile_elements
|
||||
s2_01294 \N \N 0 readonly 0 \N \N \N \N
|
||||
s3_01294 \N \N 0 max_memory_usage 5000000 4000000 6000000 1 \N
|
||||
|
@ -30,6 +30,6 @@ CREATE ROW POLICY p5_01295 ON db2.table2 FOR SELECT USING a = b
|
||||
CREATE ROW POLICY p1_01295 ON db.table FOR SELECT USING 1 TO ALL
|
||||
CREATE ROW POLICY p2_01295 ON db.table FOR SELECT USING 1 TO ALL
|
||||
-- system.row_policies
|
||||
p1_01295 ON db.table p1_01295 db table disk (a < b) AND (c > d) 0 0 [] []
|
||||
p2_01295 ON db.table p2_01295 db table disk id = currentUser() 1 0 ['u1_01295'] []
|
||||
p3_01295 ON db.table p3_01295 db table disk 1 0 1 [] ['r1_01295']
|
||||
p1_01295 ON db.table p1_01295 db table local directory (a < b) AND (c > d) 0 0 [] []
|
||||
p2_01295 ON db.table p2_01295 db table local directory id = currentUser() 1 0 ['u1_01295'] []
|
||||
p3_01295 ON db.table p3_01295 db table local directory 1 0 1 [] ['r1_01295']
|
||||
|
@ -52,10 +52,10 @@ CREATE QUOTA q2_01297 FOR INTERVAL 1 day MAX errors = 5
|
||||
CREATE QUOTA q1_01297 FOR INTERVAL 1 day TRACKING ONLY TO r1_01297
|
||||
CREATE QUOTA q2_01297 FOR INTERVAL 1 day TRACKING ONLY TO r1_01297
|
||||
-- system.quotas
|
||||
q1_01297 disk ['user_name'] [] 0 ['r1_01297'] []
|
||||
q2_01297 disk [] [5259492] 0 ['r1_01297','u1_01297'] []
|
||||
q3_01297 disk ['client_key','user_name'] [5259492,15778476] 0 [] []
|
||||
q4_01297 disk [] [604800] 1 [] ['u1_01297']
|
||||
q1_01297 local directory ['user_name'] [] 0 ['r1_01297'] []
|
||||
q2_01297 local directory [] [5259492] 0 ['r1_01297','u1_01297'] []
|
||||
q3_01297 local directory ['client_key','user_name'] [5259492,15778476] 0 [] []
|
||||
q4_01297 local directory [] [604800] 1 [] ['u1_01297']
|
||||
-- system.quota_limits
|
||||
q2_01297 5259492 0 100 11 1000 10000 1001 10001 2.5
|
||||
q3_01297 5259492 0 \N \N 1002 \N \N \N \N
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
# Errors: not found
|
||||
|
||||
not_found = "Exception: There is no {type} `{name}` in [disk, users.xml]"
|
||||
not_found = "Exception: There is no {type} `{name}` in user directories"
|
||||
|
||||
def user_not_found_in_disk(name):
|
||||
return (192,not_found.format(type="user",name=name))
|
||||
@ -21,7 +21,7 @@ def row_policy_not_found_in_disk(name):
|
||||
|
||||
# Errors: cannot_rename
|
||||
|
||||
cannot_rename = "Exception: {type} `{name}`: cannot rename to `{name_new}` because {type} `{name_new}` already exists in [disk]"
|
||||
cannot_rename = "Exception: {type} `{name}`: cannot rename to `{name_new}` because {type} `{name_new}` already exists in local directory"
|
||||
cannot_rename_exitcode = 237
|
||||
|
||||
def cannot_rename_user(name,name_new):
|
||||
@ -41,7 +41,7 @@ def cannot_rename_row_policy(name,name_new):
|
||||
|
||||
# Errors: cannot insert
|
||||
|
||||
cannot_insert = "Exception: {type} `{name}`: cannot insert because {type} `{name}` already exists in [disk]"
|
||||
cannot_insert = "Exception: {type} `{name}`: cannot insert because {type} `{name}` already exists in local directory"
|
||||
cannot_insert_exitcode = 237
|
||||
|
||||
def cannot_insert_user(name):
|
||||
@ -62,10 +62,10 @@ def cannot_insert_row_policy(name):
|
||||
# Error: default is readonly
|
||||
|
||||
default_readonly_exitcode = 239
|
||||
cannot_remove_default = "Exception: Cannot remove {type} `default` from [users.xml] because this storage is readonly"
|
||||
cannot_remove_default = "Exception: Cannot remove {type} `default` from users.xml because this storage is readonly"
|
||||
|
||||
def cannot_update_default():
|
||||
return (default_readonly_exitcode, "Exception: Cannot update user `default` in [users.xml] because this storage is readonly")
|
||||
return (default_readonly_exitcode, "Exception: Cannot update user `default` in users.xml because this storage is readonly")
|
||||
|
||||
def cannot_remove_user_default():
|
||||
return (default_readonly_exitcode, cannot_remove_default.format(type="user"))
|
||||
|
Loading…
Reference in New Issue
Block a user