mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-09-19 16:20:50 +00:00
add on cluster tests
This commit is contained in:
parent
1980959c8b
commit
f0223aedde
@ -55,3 +55,78 @@ RESET AUTHENTICATION METHODS TO NEW can only be used on alter statement
|
||||
BAD_ARGUMENTS
|
||||
ADD NOT IDENTIFIED should result in syntax error
|
||||
SYNTAX_ERROR
|
||||
localhost 9000 0 0 0
|
||||
localhost 9000 0 0 0
|
||||
Basic authentication after user creation
|
||||
1
|
||||
localhost 9000 0 0 0
|
||||
Changed password, old password should not work
|
||||
AUTHENTICATION_FAILED
|
||||
New password should work
|
||||
1
|
||||
localhost 9000 0 0 0
|
||||
Two new passwords were added, should both work
|
||||
1
|
||||
1
|
||||
localhost 9000 0 0 0
|
||||
Authenticating with ssh key
|
||||
1
|
||||
Altering credentials and keeping only bcrypt_password
|
||||
localhost 9000 0 0 0
|
||||
Asserting SSH does not work anymore
|
||||
AUTHENTICATION_FAILED
|
||||
Asserting bcrypt_password works
|
||||
1
|
||||
Adding new bcrypt_password
|
||||
localhost 9000 0 0 0
|
||||
Both current authentication methods should work
|
||||
1
|
||||
1
|
||||
Reset authentication methods to new
|
||||
localhost 9000 0 0 0
|
||||
Only the latest should work, below should fail
|
||||
AUTHENTICATION_FAILED
|
||||
Should work
|
||||
1
|
||||
Multiple identified with, not allowed
|
||||
Syntax error
|
||||
localhost 9000 0 0 0
|
||||
CREATE Multiple identified with, not allowed
|
||||
Syntax error
|
||||
localhost 9000 0 0 0
|
||||
Create user with no identification
|
||||
localhost 9000 0 0 0
|
||||
Add identified with
|
||||
localhost 9000 0 0 0
|
||||
CREATE USER u01_03174 IDENTIFIED WITH plaintext_password
|
||||
Try to provide no_password mixed with other authentication methods, should not be allowed
|
||||
BAD_ARGUMENTS
|
||||
Adding no_password, should fail
|
||||
BAD_ARGUMENTS
|
||||
CREATE USER u01_03174 IDENTIFIED WITH plaintext_password
|
||||
Replacing existing authentication methods in favor of no_password, should succeed
|
||||
localhost 9000 0 0 0
|
||||
CREATE USER u01_03174 IDENTIFIED WITH no_password
|
||||
Trying to auth with no pwd, should succeed
|
||||
1
|
||||
localhost 9000 0 0 0
|
||||
Create user with mix both implicit and explicit auth type, starting with with
|
||||
localhost 9000 0 0 0
|
||||
CREATE USER u01_03174 IDENTIFIED WITH plaintext_password, sha256_password, bcrypt_password, sha256_password
|
||||
localhost 9000 0 0 0
|
||||
Create user with mix both implicit and explicit auth type, starting with by
|
||||
localhost 9000 0 0 0
|
||||
CREATE USER u01_03174 IDENTIFIED WITH sha256_password, plaintext_password, bcrypt_password, sha256_password
|
||||
localhost 9000 0 0 0
|
||||
Use WITH without providing authentication type, should fail
|
||||
Syntax error
|
||||
Create user with ADD identification, should fail, add is not allowed for create query
|
||||
BAD_ARGUMENTS
|
||||
Trailing comma should result in syntax error
|
||||
SYNTAX_ERROR
|
||||
First auth method can't specify type if WITH keyword is not present
|
||||
SYNTAX_ERROR
|
||||
RESET AUTHENTICATION METHODS TO NEW can only be used on alter statement
|
||||
BAD_ARGUMENTS
|
||||
ADD NOT IDENTIFIED should result in syntax error
|
||||
SYNTAX_ERROR
|
||||
|
@ -28,126 +28,134 @@ function test_login_pwd_expect_error
|
||||
test_login_pwd "$1" "$2" 2>&1 | grep -m1 -o 'AUTHENTICATION_FAILED'
|
||||
}
|
||||
|
||||
user="u01_03174"
|
||||
function test
|
||||
{
|
||||
user="u01_03174"
|
||||
|
||||
${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user}"
|
||||
${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user} $1"
|
||||
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} IDENTIFIED WITH plaintext_password BY '1'"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} $1 IDENTIFIED WITH plaintext_password BY '1'"
|
||||
|
||||
echo "Basic authentication after user creation"
|
||||
test_login_pwd ${user} '1'
|
||||
echo "Basic authentication after user creation"
|
||||
test_login_pwd ${user} '1'
|
||||
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} IDENTIFIED WITH plaintext_password BY '2'"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 IDENTIFIED WITH plaintext_password BY '2'"
|
||||
|
||||
echo "Changed password, old password should not work"
|
||||
test_login_pwd_expect_error ${user} '1'
|
||||
echo "Changed password, old password should not work"
|
||||
test_login_pwd_expect_error ${user} '1'
|
||||
|
||||
echo "New password should work"
|
||||
test_login_pwd ${user} '2'
|
||||
echo "New password should work"
|
||||
test_login_pwd ${user} '2'
|
||||
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH plaintext_password BY '3', plaintext_password BY '4'"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 ADD IDENTIFIED WITH plaintext_password BY '3', plaintext_password BY '4'"
|
||||
|
||||
echo "Two new passwords were added, should both work"
|
||||
test_login_pwd ${user} '3'
|
||||
echo "Two new passwords were added, should both work"
|
||||
test_login_pwd ${user} '3'
|
||||
|
||||
test_login_pwd ${user} '4'
|
||||
test_login_pwd ${user} '4'
|
||||
|
||||
ssh_pub_key="AAAAC3NzaC1lZDI1NTE5AAAAIBzqa3duS0ce6QYkzUgko9W0Ux7i7d3xPoseFrwnhY4Y"
|
||||
ssh_pub_key="AAAAC3NzaC1lZDI1NTE5AAAAIBzqa3duS0ce6QYkzUgko9W0Ux7i7d3xPoseFrwnhY4Y"
|
||||
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH ssh_key BY KEY '${ssh_pub_key}' TYPE 'ssh-ed25519'"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 ADD IDENTIFIED WITH ssh_key BY KEY '${ssh_pub_key}' TYPE 'ssh-ed25519'"
|
||||
|
||||
echo ${ssh_key} > ssh_key
|
||||
echo ${ssh_key} > ssh_key
|
||||
|
||||
echo "Authenticating with ssh key"
|
||||
${CLICKHOUSE_CLIENT} --user ${user} --ssh-key-file 'ssh_key' --ssh-key-passphrase "" --query "SELECT 1"
|
||||
echo "Authenticating with ssh key"
|
||||
${CLICKHOUSE_CLIENT} --user ${user} --ssh-key-file 'ssh_key' --ssh-key-passphrase "" --query "SELECT 1"
|
||||
|
||||
echo "Altering credentials and keeping only bcrypt_password"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} IDENTIFIED WITH bcrypt_password BY '5'"
|
||||
echo "Altering credentials and keeping only bcrypt_password"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 IDENTIFIED WITH bcrypt_password BY '5'"
|
||||
|
||||
echo "Asserting SSH does not work anymore"
|
||||
${CLICKHOUSE_CLIENT} --user ${user} --ssh-key-file 'ssh_key' --ssh-key-passphrase "" --query "SELECT 1" 2>&1 | grep -m1 -o 'AUTHENTICATION_FAILED'
|
||||
echo "Asserting SSH does not work anymore"
|
||||
${CLICKHOUSE_CLIENT} --user ${user} --ssh-key-file 'ssh_key' --ssh-key-passphrase "" --query "SELECT 1" 2>&1 | grep -m1 -o 'AUTHENTICATION_FAILED'
|
||||
|
||||
echo "Asserting bcrypt_password works"
|
||||
test_login_pwd ${user} '5'
|
||||
echo "Asserting bcrypt_password works"
|
||||
test_login_pwd ${user} '5'
|
||||
|
||||
echo "Adding new bcrypt_password"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH bcrypt_password BY '6'"
|
||||
echo "Adding new bcrypt_password"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 ADD IDENTIFIED WITH bcrypt_password BY '6'"
|
||||
|
||||
echo "Both current authentication methods should work"
|
||||
test_login_pwd ${user} '5'
|
||||
test_login_pwd ${user} '6'
|
||||
echo "Both current authentication methods should work"
|
||||
test_login_pwd ${user} '5'
|
||||
test_login_pwd ${user} '6'
|
||||
|
||||
echo "Reset authentication methods to new"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} RESET AUTHENTICATION METHODS TO NEW"
|
||||
echo "Reset authentication methods to new"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 RESET AUTHENTICATION METHODS TO NEW"
|
||||
|
||||
echo "Only the latest should work, below should fail"
|
||||
test_login_pwd_expect_error ${user} '5'
|
||||
echo "Only the latest should work, below should fail"
|
||||
test_login_pwd_expect_error ${user} '5'
|
||||
|
||||
echo "Should work"
|
||||
test_login_pwd ${user} '6'
|
||||
echo "Should work"
|
||||
test_login_pwd ${user} '6'
|
||||
|
||||
echo "Multiple identified with, not allowed"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} IDENTIFIED WITH plaintext_password by '7', IDENTIFIED plaintext_password by '8'" 2>&1 | grep -m1 -o "Syntax error"
|
||||
echo "Multiple identified with, not allowed"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 IDENTIFIED WITH plaintext_password by '7', IDENTIFIED plaintext_password by '8'" 2>&1 | grep -m1 -o "Syntax error"
|
||||
|
||||
${CLICKHOUSE_CLIENT} --query "DROP USER ${user}"
|
||||
${CLICKHOUSE_CLIENT} --query "DROP USER ${user} $1"
|
||||
|
||||
echo "CREATE Multiple identified with, not allowed"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} IDENTIFIED WITH plaintext_password by '7', IDENTIFIED WITH plaintext_password by '8'" 2>&1 | grep -m1 -o "Syntax error"
|
||||
echo "CREATE Multiple identified with, not allowed"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} $1 IDENTIFIED WITH plaintext_password by '7', IDENTIFIED WITH plaintext_password by '8'" 2>&1 | grep -m1 -o "Syntax error"
|
||||
|
||||
${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user}"
|
||||
${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user} $1"
|
||||
|
||||
echo "Create user with no identification"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user}"
|
||||
echo "Create user with no identification"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} $1"
|
||||
|
||||
echo "Add identified with"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH plaintext_password by '7'"
|
||||
echo "Add identified with"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 ADD IDENTIFIED WITH plaintext_password by '7'"
|
||||
|
||||
${CLICKHOUSE_CLIENT} --query "SHOW CREATE USER ${user}"
|
||||
${CLICKHOUSE_CLIENT} --query "SHOW CREATE USER ${user}"
|
||||
|
||||
echo "Try to provide no_password mixed with other authentication methods, should not be allowed"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH plaintext_password by '8', no_password" 2>&1 | grep -m1 -o "BAD_ARGUMENTS"
|
||||
echo "Try to provide no_password mixed with other authentication methods, should not be allowed"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 ADD IDENTIFIED WITH plaintext_password by '8', no_password" 2>&1 | grep -m1 -o "BAD_ARGUMENTS"
|
||||
|
||||
echo "Adding no_password, should fail"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH no_password" 2>&1 | grep -m1 -o "BAD_ARGUMENTS"
|
||||
${CLICKHOUSE_CLIENT} --query "SHOW CREATE USER ${user}"
|
||||
echo "Adding no_password, should fail"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 ADD IDENTIFIED WITH no_password" 2>&1 | grep -m1 -o "BAD_ARGUMENTS"
|
||||
${CLICKHOUSE_CLIENT} --query "SHOW CREATE USER ${user}"
|
||||
|
||||
echo "Replacing existing authentication methods in favor of no_password, should succeed"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} IDENTIFIED WITH no_password"
|
||||
${CLICKHOUSE_CLIENT} --query "SHOW CREATE USER ${user}"
|
||||
echo "Replacing existing authentication methods in favor of no_password, should succeed"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 IDENTIFIED WITH no_password"
|
||||
${CLICKHOUSE_CLIENT} --query "SHOW CREATE USER ${user}"
|
||||
|
||||
echo "Trying to auth with no pwd, should succeed"
|
||||
test_login_no_pwd ${user}
|
||||
echo "Trying to auth with no pwd, should succeed"
|
||||
test_login_no_pwd ${user}
|
||||
|
||||
${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user}"
|
||||
${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user} $1"
|
||||
|
||||
echo "Create user with mix both implicit and explicit auth type, starting with with"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} IDENTIFIED WITH plaintext_password by '1', by '2', bcrypt_password by '3', by '4';"
|
||||
${CLICKHOUSE_CLIENT} --query "SHOW CREATE USER ${user}"
|
||||
echo "Create user with mix both implicit and explicit auth type, starting with with"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} $1 IDENTIFIED WITH plaintext_password by '1', by '2', bcrypt_password by '3', by '4';"
|
||||
${CLICKHOUSE_CLIENT} --query "SHOW CREATE USER ${user}"
|
||||
|
||||
${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user}"
|
||||
${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user} $1"
|
||||
|
||||
echo "Create user with mix both implicit and explicit auth type, starting with by"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} IDENTIFIED by '1', plaintext_password by '2', bcrypt_password by '3', by '4';"
|
||||
${CLICKHOUSE_CLIENT} --query "SHOW CREATE USER ${user}"
|
||||
echo "Create user with mix both implicit and explicit auth type, starting with by"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} $1 IDENTIFIED by '1', plaintext_password by '2', bcrypt_password by '3', by '4';"
|
||||
${CLICKHOUSE_CLIENT} --query "SHOW CREATE USER ${user}"
|
||||
|
||||
${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user}"
|
||||
${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user} $1"
|
||||
|
||||
echo "Use WITH without providing authentication type, should fail"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} IDENTIFIED WITH BY '1';" 2>&1 | grep -m1 -o "Syntax error"
|
||||
echo "Use WITH without providing authentication type, should fail"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} $1 IDENTIFIED WITH BY '1';" 2>&1 | grep -m1 -o "Syntax error"
|
||||
|
||||
echo "Create user with ADD identification, should fail, add is not allowed for create query"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} ADD IDENTIFIED WITH plaintext_password by '1'" 2>&1 | grep -m1 -o "BAD_ARGUMENTS"
|
||||
echo "Create user with ADD identification, should fail, add is not allowed for create query"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} $1 ADD IDENTIFIED WITH plaintext_password by '1'" 2>&1 | grep -m1 -o "BAD_ARGUMENTS"
|
||||
|
||||
echo "Trailing comma should result in syntax error"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH plaintext_password by '1'," 2>&1 | grep -m1 -o "SYNTAX_ERROR"
|
||||
echo "Trailing comma should result in syntax error"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 ADD IDENTIFIED WITH plaintext_password by '1'," 2>&1 | grep -m1 -o "SYNTAX_ERROR"
|
||||
|
||||
echo "First auth method can't specify type if WITH keyword is not present"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} IDENTIFIED plaintext_password by '1'" 2>&1 | grep -m1 -o "SYNTAX_ERROR"
|
||||
echo "First auth method can't specify type if WITH keyword is not present"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} $1 IDENTIFIED plaintext_password by '1'" 2>&1 | grep -m1 -o "SYNTAX_ERROR"
|
||||
|
||||
echo "RESET AUTHENTICATION METHODS TO NEW can only be used on alter statement"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} RESET AUTHENTICATION METHODS TO NEW" 2>&1 | grep -m1 -o "BAD_ARGUMENTS"
|
||||
echo "RESET AUTHENTICATION METHODS TO NEW can only be used on alter statement"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} $1 RESET AUTHENTICATION METHODS TO NEW" 2>&1 | grep -m1 -o "BAD_ARGUMENTS"
|
||||
|
||||
echo "ADD NOT IDENTIFIED should result in syntax error"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD NOT IDENTIFIED" 2>&1 | grep -m1 -o "SYNTAX_ERROR"
|
||||
echo "ADD NOT IDENTIFIED should result in syntax error"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 ADD NOT IDENTIFIED" 2>&1 | grep -m1 -o "SYNTAX_ERROR"
|
||||
|
||||
${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user}"
|
||||
${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user}"
|
||||
|
||||
}
|
||||
|
||||
test ""
|
||||
|
||||
test "ON CLUSTER test_shard_localhost"
|
||||
|
Loading…
Reference in New Issue
Block a user