mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-09-19 16:20:50 +00:00
initial tests
This commit is contained in:
parent
9d19001945
commit
fe0d3b3e27
@ -0,0 +1,38 @@
|
||||
Basic authentication after user creation
|
||||
1
|
||||
Changed password, old password should not work
|
||||
AUTHENTICATION_FAILED
|
||||
New password should work
|
||||
1
|
||||
Two new passwords were added, should both work
|
||||
1
|
||||
1
|
||||
Gen ssh key
|
||||
Authenticating with ssh key
|
||||
1
|
||||
Altering credentials and keeping only bcrypt_password
|
||||
Asserting SSH does not work anymore
|
||||
AUTHENTICATION_FAILED
|
||||
Asserting bcrypt_password works
|
||||
1
|
||||
Adding new bcrypt_password
|
||||
Both current authentication methods should work
|
||||
1
|
||||
1
|
||||
Reset authentication methods to new
|
||||
Only the latest should work, below should fail
|
||||
AUTHENTICATION_FAILED
|
||||
Should work
|
||||
1
|
||||
Multiple identified with, not allowed
|
||||
SYNTAX_ERROR
|
||||
Multiple identified with, not allowed, even if mixed
|
||||
SYNTAX_ERROR
|
||||
Identified with must precede all add identified with, not allowed
|
||||
SYNTAX_ERROR
|
||||
CREATE Multiple identified with, not allowed
|
||||
SYNTAX_ERROR
|
||||
CREATE Multiple identified with, not allowed, even if mixed
|
||||
SYNTAX_ERROR
|
||||
CREATE Identified with must precede all add identified with, not allowed
|
||||
SYNTAX_ERROR
|
92
tests/queries/0_stateless/03174_add_identified_with.sh
Executable file
92
tests/queries/0_stateless/03174_add_identified_with.sh
Executable file
@ -0,0 +1,92 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
|
||||
# shellcheck source=../shell_config.sh
|
||||
. "$CURDIR"/../shell_config.sh
|
||||
|
||||
function test_login_pwd
|
||||
{
|
||||
${CLICKHOUSE_CLIENT} --user $1 --password $2 --query "select 1"
|
||||
}
|
||||
|
||||
function test_login_pwd_expect_error
|
||||
{
|
||||
test_login_pwd "$1" "$2" 2>&1 | grep -m1 -o 'AUTHENTICATION_FAILED'
|
||||
}
|
||||
|
||||
user="u01_03174"
|
||||
|
||||
${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user}"
|
||||
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} IDENTIFIED WITH plaintext_password BY '1'"
|
||||
|
||||
echo "Basic authentication after user creation"
|
||||
test_login_pwd ${user} '1'
|
||||
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} IDENTIFIED WITH plaintext_password BY '2'"
|
||||
|
||||
echo "Changed password, old password should not work"
|
||||
test_login_pwd_expect_error ${user} '1'
|
||||
|
||||
echo "New password should work"
|
||||
test_login_pwd ${user} '2'
|
||||
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH sha256_password BY '3' ADD IDENTIFIED WITH plaintext_password BY '4'"
|
||||
|
||||
echo "Two new passwords were added, should both work"
|
||||
test_login_pwd ${user} '3'
|
||||
|
||||
test_login_pwd ${user} '4'
|
||||
|
||||
echo "Gen ssh key"
|
||||
yes 'yes' | ssh-keygen -t ed25519 -N '' -f 'ssh_key' > /dev/null
|
||||
|
||||
pub_key=$(awk '{print $2}' ssh_key.pub)
|
||||
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH ssh_key BY KEY '${pub_key}' TYPE 'ssh-ed25519'"
|
||||
|
||||
echo "Authenticating with ssh key"
|
||||
${CLICKHOUSE_CLIENT} --user ${user} --ssh-key-file 'ssh_key' --ssh-key-passphrase "" --query "SELECT 1"
|
||||
|
||||
echo "Altering credentials and keeping only bcrypt_password"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} IDENTIFIED WITH bcrypt_password BY '5'"
|
||||
|
||||
echo "Asserting SSH does not work anymore"
|
||||
${CLICKHOUSE_CLIENT} --user ${user} --ssh-key-file 'ssh_key' --ssh-key-passphrase "" --query "SELECT 1" 2>&1 | grep -m1 -o 'AUTHENTICATION_FAILED'
|
||||
|
||||
echo "Asserting bcrypt_password works"
|
||||
test_login_pwd ${user} '5'
|
||||
|
||||
echo "Adding new bcrypt_password"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH bcrypt_password BY '6'"
|
||||
|
||||
echo "Both current authentication methods should work"
|
||||
test_login_pwd ${user} '5'
|
||||
test_login_pwd ${user} '6'
|
||||
|
||||
echo "Reset authentication methods to new"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} RESET AUTHENTICATION METHODS TO NEW"
|
||||
|
||||
echo "Only the latest should work, below should fail"
|
||||
test_login_pwd_expect_error ${user} '5'
|
||||
|
||||
echo "Should work"
|
||||
test_login_pwd ${user} '6'
|
||||
|
||||
echo "Multiple identified with, not allowed"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} IDENTIFIED WITH plaintext_password '7' IDENTIFIED WITH plaintext_password '8'" 2>&1 | grep -m1 -o "SYNTAX_ERROR"
|
||||
echo "Multiple identified with, not allowed, even if mixed"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} IDENTIFIED WITH plaintext_password '7' ADD IDENTIFIED WITH plaintext_password '8' IDENTIFIED WITH plaintext_password '9'" 2>&1 | grep -m1 -o "SYNTAX_ERROR"
|
||||
echo "Identified with must precede all add identified with, not allowed"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH plaintext_password '7' IDENTIFIED WITH plaintext_password '8'" 2>&1 | grep -m1 -o "SYNTAX_ERROR"
|
||||
|
||||
${CLICKHOUSE_CLIENT} --query "DROP USER ${user}"
|
||||
|
||||
echo "CREATE Multiple identified with, not allowed"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} IDENTIFIED WITH plaintext_password '7' IDENTIFIED WITH plaintext_password '8'" 2>&1 | grep -m1 -o "SYNTAX_ERROR"
|
||||
echo "CREATE Multiple identified with, not allowed, even if mixed"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} IDENTIFIED WITH plaintext_password '7' ADD IDENTIFIED WITH plaintext_password '8' IDENTIFIED WITH plaintext_password '9'" 2>&1 | grep -m1 -o "SYNTAX_ERROR"
|
||||
echo "CREATE Identified with must precede all add identified with, not allowed"
|
||||
${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} ADD IDENTIFIED WITH plaintext_password '7' IDENTIFIED WITH plaintext_password '8'" 2>&1 | grep -m1 -o "SYNTAX_ERROR"
|
||||
|
||||
${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user}"
|
Loading…
Reference in New Issue
Block a user