add test

2024-09-20 00:30:49 +00:00 · 2024-02-21 03:51:38 +00:00 · 2024-02-21 03:51:38 +00:00 · fa6bf25800
commit fa6bf25800
parent afa7a95c8c
3 changed files with 42 additions and 5 deletions
--- a/src/Access/tests/gtest_access_rights_ops.cpp
+++ b/src/Access/tests/gtest_access_rights_ops.cpp
@ -50,10 +50,10 @@ TEST(AccessRights, Union)
              "GRANT SHOW, SELECT, ALTER, CREATE DATABASE, CREATE TABLE, CREATE VIEW, "
              "CREATE DICTIONARY, DROP DATABASE, DROP TABLE, DROP VIEW, DROP DICTIONARY, UNDROP TABLE, "
              "TRUNCATE, OPTIMIZE, BACKUP, CREATE ROW POLICY, ALTER ROW POLICY, DROP ROW POLICY, "
-              "SHOW ROW POLICIES, TABLE ENGINE, SYSTEM MERGES, SYSTEM TTL MERGES, SYSTEM FETCHES, "
+              "SHOW ROW POLICIES, SYSTEM MERGES, SYSTEM TTL MERGES, SYSTEM FETCHES, "
              "SYSTEM MOVES, SYSTEM PULLING REPLICATION LOG, SYSTEM CLEANUP, SYSTEM VIEWS, SYSTEM SENDS, SYSTEM REPLICATION QUEUES, "
              "SYSTEM DROP REPLICA, SYSTEM SYNC REPLICA, SYSTEM RESTART REPLICA, "
-              "SYSTEM RESTORE REPLICA, SYSTEM WAIT LOADING PARTS, SYSTEM SYNC DATABASE REPLICA, SYSTEM FLUSH DISTRIBUTED, dictGet ON db1.*, GRANT NAMED COLLECTION ADMIN ON db1");
+              "SYSTEM RESTORE REPLICA, SYSTEM WAIT LOADING PARTS, SYSTEM SYNC DATABASE REPLICA, SYSTEM FLUSH DISTRIBUTED, dictGet ON db1.*, GRANT NAMED COLLECTION ADMIN ON db1, GRANT TABLE ENGINE ON db1");
 }


--- a/tests/integration/test_grant_and_revoke/configs/config.xml
+++ b/tests/integration/test_grant_and_revoke/configs/config.xml
@ -0,0 +1,5 @@
+<clickhouse>
+     <access_control_improvements>
+        <table_engines_require_grant>true</table_engines_require_grant>
+    </access_control_improvements>
+</clickhouse>
--- a/tests/integration/test_grant_and_revoke/test.py
+++ b/tests/integration/test_grant_and_revoke/test.py
@ -5,9 +5,8 @@ from helpers.test_tools import TSV
 cluster = ClickHouseCluster(__file__)
 instance = cluster.add_instance(
    "instance",
-    user_configs=[
-        "configs/users.d/users.xml",
-    ],
+    main_configs=["configs/config.xml"],
+    user_configs=["configs/users.d/users.xml"],
 )


@ -719,3 +718,36 @@ def test_current_grants_override():
            "REVOKE SELECT ON test.* FROM B",
        ]
    )
+
+
+def test_table_engine_grant_and_revoke():
+    instance.query("DROP USER IF EXISTS A")
+    instance.query("CREATE USER A")
+    instance.query("GRANT CREATE TABLE ON test.table1 TO A")
+    assert "Not enough privileges" in instance.query_and_get_error(
+        "CREATE TABLE test.table1(a Integer) engine=TinyLog", user="A"
+    )
+
+    instance.query("GRANT TABLE ENGINE ON TinyLog TO A")
+
+    assert "Not enough privileges" not in instance.query(
+        "CREATE TABLE test.table1(a Integer) engine=TinyLog", user="A"
+    )
+
+    assert instance.query("SHOW GRANTS FOR A") == TSV(
+        [
+            "GRANT TABLE ENGINE ON TinyLog TO A",
+            "GRANT CREATE TABLE ON test.table1 TO A",
+        ]
+    )
+
+    instance.query("REVOKE TABLE ENGINE ON TinyLog FROM A")
+
+    assert "Not enough privileges" in instance.query_and_get_error(
+        "CREATE TABLE test.table1(a Integer) engine=TinyLog", user="A"
+    )
+
+    instance.query("REVOKE CREATE TABLE ON test.table1 FROM A")
+    instance.query("DROP TABLE test.table1")
+
+    assert instance.query("SHOW GRANTS FOR A") == TSV([])