Skip to content

Commit

Permalink
fix test
Browse files Browse the repository at this point in the history
  • Loading branch information
@jsc0218
jsc0218 committed Mar 16, 2024
1 parent c5dc35e commit eb18e6e
Show file tree
Hide file tree
Showing 8 changed files with 30 additions and 9 deletions.
18 changes: 15 additions & 3 deletions tests/integration/test_distributed_ddl/test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -291,20 +291,32 @@ def test_allowed_databases(test_cluster):
instance.query("CREATE DATABASE IF NOT EXISTS db2 ON CLUSTER cluster")

instance.query(
"CREATE TABLE db1.t1 ON CLUSTER cluster (i Int8) ENGINE = Memory",
"CREATE TABLE IF NOT EXISTS db1.t1 ON CLUSTER cluster (i Int8) ENGINE = Memory"
)
instance.query(
"CREATE TABLE IF NOT EXISTS db2.t2 ON CLUSTER cluster (i Int8) ENGINE = Memory"
)
instance.query(
"CREATE TABLE IF NOT EXISTS t3 ON CLUSTER cluster (i Int8) ENGINE = Memory"
)

instance.query(
"SELECT * FROM db1.t1",
settings={"user": "restricted_user"},
)

with pytest.raises(Exception):
instance.query(
"CREATE TABLE db2.t2 ON CLUSTER cluster (i Int8) ENGINE = Memory",
"SELECT * FROM db2.t2",
settings={"user": "restricted_user"},
)

with pytest.raises(Exception):
instance.query(
"CREATE TABLE t3 ON CLUSTER cluster (i Int8) ENGINE = Memory",
"SELECT * FROM t3",
settings={"user": "restricted_user"},
)

with pytest.raises(Exception):
instance.query(
"DROP DATABASE db2 ON CLUSTER cluster", settings={"user": "restricted_user"}
Expand Down
2 changes: 1 addition & 1 deletion tests/integration/test_grant_and_revoke/configs/config.xml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<clickhouse>
<access_control_improvements>
<access_control_improvements>
<table_engines_require_grant>true</table_engines_require_grant>
</access_control_improvements>
</clickhouse>
1 change: 1 addition & 0 deletions tests/integration/test_settings_profile/test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -621,6 +621,7 @@ def test_allow_ddl():
)

instance.query("GRANT CREATE ON tbl TO robin")
instance.query("GRANT TABLE ENGINE ON Log TO robin")
instance.query("CREATE TABLE tbl(a Int32) ENGINE=Log", user="robin")
instance.query("DROP TABLE tbl")

Expand Down
1 change: 1 addition & 0 deletions tests/integration/test_storage_s3/test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -989,6 +989,7 @@ def test_predefined_connection_configuration(started_cluster):
instance.query("GRANT CREATE ON *.* TO user")
instance.query("GRANT SOURCES ON *.* TO user")
instance.query("GRANT SELECT ON *.* TO user")
instance.query("GRANT TABLE ENGINE ON S3 TO user")

instance.query(f"drop table if exists {name}", user="user")
error = instance.query_and_get_error(
Expand Down
2 changes: 1 addition & 1 deletion tests/queries/0_stateless/02184_table_engine_access.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ $CLICKHOUSE_CLIENT --query "CREATE TABLE url ENGINE=URL('https://clickhouse.com'

$CLICKHOUSE_CLIENT --user=user_test_02184 --password=user_test_02184 --query "CREATE TABLE t AS url" 2>&1| grep -Fo "ACCESS_DENIED" | uniq

$CLICKHOUSE_CLIENT --query "GRANT URL ON *.* TO user_test_02184;"
$CLICKHOUSE_CLIENT --query "GRANT TABLE ENGINE ON URL TO user_test_02184;"
$CLICKHOUSE_CLIENT --user=user_test_02184 --password=user_test_02184 --query "CREATE TABLE t AS url"
$CLICKHOUSE_CLIENT --query "SHOW CREATE TABLE t"
$CLICKHOUSE_CLIENT --query "DROP TABLE t"
Expand Down
3 changes: 3 additions & 0 deletions tests/queries/0_stateless/02232_allow_only_replicated_engine.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ ${CLICKHOUSE_CLIENT} -q "create table mute_stylecheck (x UInt32) engine = Replic

${CLICKHOUSE_CLIENT} -q "CREATE USER user_${CLICKHOUSE_DATABASE} settings database_replicated_allow_only_replicated_engine=1"
${CLICKHOUSE_CLIENT} -q "GRANT CREATE TABLE ON ${CLICKHOUSE_DATABASE}_db.* TO user_${CLICKHOUSE_DATABASE}"
${CLICKHOUSE_CLIENT} -q "GRANT TABLE ENGINE ON Memory TO user_${CLICKHOUSE_DATABASE}"
${CLICKHOUSE_CLIENT} -q "GRANT TABLE ENGINE ON MergeTree TO user_${CLICKHOUSE_DATABASE}"
${CLICKHOUSE_CLIENT} -q "GRANT TABLE ENGINE ON ReplicatedMergeTree TO user_${CLICKHOUSE_DATABASE}"
${CLICKHOUSE_CLIENT} --allow_experimental_database_replicated=1 --query "CREATE DATABASE ${CLICKHOUSE_DATABASE}_db engine = Replicated('/clickhouse/databases/${CLICKHOUSE_TEST_ZOOKEEPER_PREFIX}/${CLICKHOUSE_DATABASE}_db', '{shard}', '{replica}')"
${CLICKHOUSE_CLIENT} --distributed_ddl_output_mode=none --user "user_${CLICKHOUSE_DATABASE}" --query "CREATE TABLE ${CLICKHOUSE_DATABASE}_db.tab_memory (x UInt32) engine = Memory;"
${CLICKHOUSE_CLIENT} --distributed_ddl_output_mode=none --user "user_${CLICKHOUSE_DATABASE}" -n --query "CREATE TABLE ${CLICKHOUSE_DATABASE}_db.tab_mt (x UInt32) engine = MergeTree order by x;" 2>&1 | grep -o "Only tables with a Replicated engine"
Expand Down
1 change: 1 addition & 0 deletions tests/queries/0_stateless/02514_database_replicated_no_arguments_for_rmt.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ ${CLICKHOUSE_CLIENT} -q "create table mute_stylecheck (x UInt32) engine = Replic

${CLICKHOUSE_CLIENT} -q "CREATE USER user_${CLICKHOUSE_DATABASE} settings database_replicated_allow_replicated_engine_arguments=0"
${CLICKHOUSE_CLIENT} -q "GRANT CREATE TABLE ON ${CLICKHOUSE_DATABASE}_db.* TO user_${CLICKHOUSE_DATABASE}"
${CLICKHOUSE_CLIENT} -q "GRANT TABLE ENGINE ON ReplicatedMergeTree TO user_${CLICKHOUSE_DATABASE}"
${CLICKHOUSE_CLIENT} --allow_experimental_database_replicated=1 --query "CREATE DATABASE ${CLICKHOUSE_DATABASE}_db engine = Replicated('/clickhouse/databases/${CLICKHOUSE_TEST_ZOOKEEPER_PREFIX}/${CLICKHOUSE_DATABASE}_db', '{shard}', '{replica}')"
${CLICKHOUSE_CLIENT} --distributed_ddl_output_mode=none --user "user_${CLICKHOUSE_DATABASE}" -n --query "CREATE TABLE ${CLICKHOUSE_DATABASE}_db.tab_rmt_ok (x UInt32) engine = ReplicatedMergeTree order by x;"
${CLICKHOUSE_CLIENT} --distributed_ddl_output_mode=none --user "user_${CLICKHOUSE_DATABASE}" -n --query "CREATE TABLE ${CLICKHOUSE_DATABASE}_db.tab_rmt_fail (x UInt32) engine = ReplicatedMergeTree('/clickhouse/tables/$CLICKHOUSE_TEST_ZOOKEEPER_PREFIX/root/{shard}', '{replica}') order by x; -- { serverError 80 }"
Expand Down
11 changes: 7 additions & 4 deletions tests/queries/0_stateless/02561_temporary_table_grants.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,23 +13,26 @@ $CLICKHOUSE_CLIENT --query "CREATE USER $user IDENTIFIED WITH PLAINTEXT_PASSWORD
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_memory_02561(name String)" 2>&1 | grep -F "Not enough privileges. To execute this query, it's necessary to have the grant CREATE TEMPORARY TABLE" > /dev/null && echo "OK"

$CLICKHOUSE_CLIENT --query "GRANT CREATE TEMPORARY TABLE ON *.* TO $user"
$CLICKHOUSE_CLIENT --query "GRANT TABLE ENGINE ON Memory TO $user"

$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_memory_02561(name String)"

$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_merge_tree_02561(name String) ENGINE = MergeTree() ORDER BY name" 2>&1 | grep -F "Not enough privileges. To execute this query, it's necessary to have the grant CREATE ARBITRARY TEMPORARY TABLE" > /dev/null && echo "OK"

$CLICKHOUSE_CLIENT --query "GRANT CREATE ARBITRARY TEMPORARY TABLE ON *.* TO $user"
$CLICKHOUSE_CLIENT --query "GRANT TABLE ENGINE ON MergeTree TO $user"

$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_merge_tree_02561(name String) ENGINE = MergeTree() ORDER BY name"

$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_file_02561(name String) ENGINE = File(TabSeparated)" 2>&1 | grep -F "Not enough privileges. To execute this query, it's necessary to have the grant FILE" > /dev/null && echo "OK"
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_file_02561(name String) ENGINE = File(TabSeparated)" 2>&1 | grep -F "Not enough privileges. To execute this query, it's necessary to have the grant TABLE ENGINE ON File" > /dev/null && echo "OK"

$CLICKHOUSE_CLIENT --query "GRANT FILE ON *.* TO $user"
$CLICKHOUSE_CLIENT --query "GRANT TABLE ENGINE ON File TO $user"

$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_file_02561(name String) ENGINE = File(TabSeparated)"

$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_url_02561(name String) ENGINE = URL('http://127.0.0.1:8123?query=select+12', 'RawBLOB')" 2>&1 | grep -F "Not enough privileges. To execute this query, it's necessary to have the grant URL" > /dev/null && echo "OK"
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_url_02561(name String) ENGINE = URL('http://127.0.0.1:8123?query=select+12', 'RawBLOB')" 2>&1 | grep -F "Not enough privileges. To execute this query, it's necessary to have the grant TABLE ENGINE ON URL" > /dev/null && echo "OK"

$CLICKHOUSE_CLIENT --query "GRANT URL ON *.* TO $user"
$CLICKHOUSE_CLIENT --query "GRANT TABLE ENGINE ON URL TO $user"

$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_url_02561(name String) ENGINE = URL('http://127.0.0.1:8123?query=select+12', 'RawBLOB')"

Expand Down

0 comments on commit eb18e6e

Please sign in to comment.