diff --git a/src/java/org/apache/cassandra/cql3/statements/schema/AlterSchemaStatement.java b/src/java/org/apache/cassandra/cql3/statements/schema/AlterSchemaStatement.java index 47b85af03b04..fdc49216c892 100644 --- a/src/java/org/apache/cassandra/cql3/statements/schema/AlterSchemaStatement.java +++ b/src/java/org/apache/cassandra/cql3/statements/schema/AlterSchemaStatement.java @@ -26,7 +26,6 @@ import org.apache.cassandra.config.DatabaseDescriptor; import org.apache.cassandra.cql3.CQLStatement; import org.apache.cassandra.cql3.QueryOptions; -import org.apache.cassandra.db.guardrails.Guardrails; import org.apache.cassandra.exceptions.InvalidRequestException; import org.apache.cassandra.schema.*; import org.apache.cassandra.schema.Keyspaces.KeyspacesDiff; diff --git a/src/java/org/apache/cassandra/db/guardrails/Guardrails.java b/src/java/org/apache/cassandra/db/guardrails/Guardrails.java index 30e14d3efa70..9389fa9cd724 100644 --- a/src/java/org/apache/cassandra/db/guardrails/Guardrails.java +++ b/src/java/org/apache/cassandra/db/guardrails/Guardrails.java @@ -18,7 +18,6 @@ package org.apache.cassandra.db.guardrails; -import java.lang.reflect.Field; import java.util.Collections; import java.util.Set; import java.util.function.Function; diff --git a/test/unit/org/apache/cassandra/db/guardrails/GuardrailDCLEnabledTest.java b/test/unit/org/apache/cassandra/db/guardrails/GuardrailDCLEnabledTest.java index a25801ecf6b7..e0f0dc6dc523 100644 --- a/test/unit/org/apache/cassandra/db/guardrails/GuardrailDCLEnabledTest.java +++ b/test/unit/org/apache/cassandra/db/guardrails/GuardrailDCLEnabledTest.java @@ -39,6 +39,7 @@ public class GuardrailDCLEnabledTest extends GuardrailTester private static final String TEST_TABLE = "dcltbl"; private static final String DCL_ERROR_MSG = "DCL statement is not allowed"; private ClientState loginUserClientState; + private void setGuardrail(boolean enabled) { Guardrails.instance.setDCLEnabled(enabled); @@ -74,7 +75,7 @@ public void testCannotCreateRoleWhileFeatureDisabled() throws Throwable setGuardrail(false); assertFails(() -> execute(loginUserClientState, getCreateRoleCQL(TEST_USER1, true, false, TEST_PW1)), - DCL_ERROR_MSG); + DCL_ERROR_MSG); // no role is created assertEmpty(execute(String.format("SELECT * FROM system_auth.roles WHERE role='%s'", TEST_USER1))); } @@ -85,7 +86,7 @@ public void testCannotGrantPermissionWhileFeatureDisabled() throws Throwable setGuardrail(false); assertFails(() -> execute(loginUserClientState, getGrantPermissionCQL(TEST_USER, TEST_KS, TEST_TABLE)), - DCL_ERROR_MSG); + DCL_ERROR_MSG); // TEST_USER don't get permission on TEST_KS.TEST_TABLE assertEmpty(execute(String.format("SELECT * FROM system_auth.role_permissions WHERE role='%s' AND resource='data/%s/%s'", TEST_USER, TEST_KS, TEST_TABLE))); @@ -97,7 +98,7 @@ public void testCannotRevokePermissionWhileFeatureDisabled() throws Throwable setGuardrail(false); assertFails(() -> execute(loginUserClientState, String.format("REVOKE ALL ON KEYSPACE %s FROM %s", KEYSPACE, TEST_USER)), - DCL_ERROR_MSG); + DCL_ERROR_MSG); // TEST_USER permission wasn't revoked on KEYSPACE assertRowCount(execute(String.format("SELECT * FROM system_auth.role_permissions WHERE role='%s' AND resource='data/%s'", TEST_USER, KEYSPACE)), 1); @@ -109,7 +110,8 @@ private static String getCreateRoleCQL(String role, boolean login, boolean super role, login, superUser, password); } - private static String getGrantPermissionCQL(String role, String ks, String tbl) { + private static String getGrantPermissionCQL(String role, String ks, String tbl) + { return String.format("GRANT ALL PERMISSIONS ON %s.%s TO %s;", ks, tbl, role); } } diff --git a/test/unit/org/apache/cassandra/db/guardrails/GuardrailDDLEnabledTest.java b/test/unit/org/apache/cassandra/db/guardrails/GuardrailDDLEnabledTest.java index 2b8cc40dbc61..40f22d3d52dc 100644 --- a/test/unit/org/apache/cassandra/db/guardrails/GuardrailDDLEnabledTest.java +++ b/test/unit/org/apache/cassandra/db/guardrails/GuardrailDDLEnabledTest.java @@ -38,6 +38,7 @@ public class GuardrailDDLEnabledTest extends GuardrailTester private static final String TEST_TABLE_NEW = "ddltbl2"; private static final String TEST_VIEW_NEW = "ddlview2"; private static final String DDL_ERROR_MSG = "DDL statement is not allowed"; + private void setGuardrail(boolean enabled) { Guardrails.instance.setDDLEnabled(enabled); @@ -72,14 +73,19 @@ public void testCannotCreateKeyspaceWhileFeatureDisabled() throws Throwable // CREATE will fail with guardrail exception if user tries to create a keyspace assertFails(() -> execute(userClientState, getCreateKeyspaceCQL(TEST_KS_NEW, false)), - DDL_ERROR_MSG); + DDL_ERROR_MSG); // CREATE will also fail if user doesn't specify IF NOT EXISTS but create an already existing keyspace - try { + try + { execute(userClientState, getCreateKeyspaceCQL(TEST_KS, false)); - } catch (AlreadyExistsException e) { + } + catch (AlreadyExistsException e) + { // expected - } catch (Exception e) { + } + catch (Exception e) + { fail(String.format("failed with unexpected error: %s", e.getMessage())); } @@ -97,14 +103,19 @@ public void testCannotCreateTableWhileFeatureDisabled() throws Throwable // CREATE will fail with guardrail exception if user tries to create a table assertFails(() -> execute(userClientState, getCreateTableCQL(TEST_KS, TEST_TABLE_NEW, false)), - DDL_ERROR_MSG); + DDL_ERROR_MSG); // CREATE will also fail if user doesn't specify IF NOT EXISTS but create an already existing table - try { + try + { execute(userClientState, getCreateTableCQL(TEST_KS, TEST_TABLE, false)); - } catch (AlreadyExistsException e) { + } + catch (AlreadyExistsException e) + { // expected - } catch (Exception e) { + } + catch (Exception e) + { fail(String.format("failed with unexpected error: %s", e.getMessage())); } @@ -122,14 +133,19 @@ public void testCannotCreateViewWhileFeatureDisabled() throws Throwable // CREATE will fail with guardrail exception if user tries to create a view assertFails(() -> execute(userClientState, getCreateViewCQL(TEST_KS, TEST_VIEW_NEW, false)), - DDL_ERROR_MSG); + DDL_ERROR_MSG); // CREATE will also fail if user doesn't specify IF NOT EXISTS but create an already existing view. - try { + try + { execute(userClientState, getCreateViewCQL(TEST_KS, TEST_VIEW, false)); - } catch (AlreadyExistsException e) { + } + catch (AlreadyExistsException e) + { // expected - } catch (Exception e) { + } + catch (Exception e) + { fail(String.format("failed with unexpected error: %s", e.getMessage())); } @@ -147,14 +163,19 @@ public void testCannotDropKeyspaceWhileFeatureDisabled() throws Throwable // DROP will fail with guardrail exception if user tries to drop an existing keyspace assertFails(() -> execute(userClientState, getDropKeyspaceCQL(TEST_KS, false)), - DDL_ERROR_MSG); + DDL_ERROR_MSG); // DROP will also fail if user doesn't specify IF EXISTS but keyspace doesn't exist - try { + try + { execute(userClientState, getDropKeyspaceCQL(TEST_KS_NEW, false)); - } catch (InvalidRequestException e) { + } + catch (InvalidRequestException e) + { // expected - } catch (Exception e) { + } + catch (Exception e) + { fail(String.format("failed with unexpected error: %s", e.getMessage())); } @@ -172,14 +193,19 @@ public void testCannotDropTableWhileFeatureDisabled() throws Throwable // DROP will fail with guardrail exception if user tries to drop an existing table assertFails(() -> execute(userClientState, getDropTableCQL(TEST_KS, TEST_TABLE, false)), - DDL_ERROR_MSG); + DDL_ERROR_MSG); // DROP will also fail if user doesn't specify IF EXISTS but table doesn't exist - try { + try + { execute(userClientState, getDropTableCQL(TEST_KS, TEST_TABLE_NEW, false)); - } catch (InvalidRequestException e) { + } + catch (InvalidRequestException e) + { // expected - } catch (Exception e) { + } + catch (Exception e) + { fail(String.format("failed with unexpected error: %s", e.getMessage())); } @@ -197,14 +223,19 @@ public void testCannotDropViewWhileFeatureDisabled() throws Throwable // DROP will fail with guardrail exception if user tries to drop an existing view assertFails(() -> execute(userClientState, getDropViewCQL(TEST_KS, TEST_VIEW, false)), - DDL_ERROR_MSG); + DDL_ERROR_MSG); // DROP will also fail if user doesn't specify IF EXISTS but view doesn't exist - try { + try + { execute(userClientState, getDropViewCQL(TEST_KS, TEST_VIEW_NEW, false)); - } catch (InvalidRequestException e) { + } + catch (InvalidRequestException e) + { // expected - } catch (Exception e) { + } + catch (Exception e) + { fail(String.format("failed with unexpected error: %s", e.getMessage())); } @@ -228,7 +259,7 @@ public void testCannotDropColumnWhileFeatureDisabled() throws Throwable // ALTER TABLE will fail with guardrail excepetion if user tries to add new column to this table assertFails(() -> execute(userClientState, String.format("ALTER TABLE %s.%s DROP col1", TEST_KS, TEST_TABLE)), - DDL_ERROR_MSG); + DDL_ERROR_MSG); // column col1 should not be dropped assertRowCount(execute(String.format("SELECT * FROM %s.%s WHERE keyspace_name='%s' AND table_name='%s' AND column_name='col1'", @@ -252,7 +283,7 @@ public void testCannotAlterKeyspaceWhileFeatureDisabled() throws Throwable // ALTER TABLE will fail with guardrail excepetion if user tries to alter anything related to this table assertFails(() -> execute(userClientState, String.format("ALTER KEYSPACE %s WITH durable_writes=false", TEST_KS)), - DDL_ERROR_MSG); + DDL_ERROR_MSG); // keyspace should still have durable_write=true assertEmpty(execute(String.format("SELECT * FROM %s.%s WHERE keyspace_name='%s' AND durable_writes=false ALLOW FILTERING", @@ -275,7 +306,7 @@ public void testCannotAlterTableWhileFeatureDisabled() throws Throwable // ALTER TABLE will fail with guardrail excepetion if user tries to alter anything related to this table assertFails(() -> execute(userClientState, String.format("ALTER TABLE %s.%s WITH comment='test'", TEST_KS, TEST_TABLE)), - DDL_ERROR_MSG); + DDL_ERROR_MSG); // table should not have comment assertEmpty(execute(String.format("SELECT * FROM %s.%s WHERE keyspace_name='%s' AND table_name='%s' AND comment='test' ALLOW FILTERING", @@ -298,7 +329,7 @@ public void testCannotAddColumnWhileFeatureDisabled() throws Throwable // ALTER TABLE will fail with guardrail excepetion if user tries to add new column to this table assertFails(() -> execute(userClientState, String.format("ALTER TABLE %s.%s ADD col3 text", TEST_KS, TEST_TABLE)), - DDL_ERROR_MSG); + DDL_ERROR_MSG); // table should not have new column col3 assertEmpty(execute(String.format("SELECT * FROM %s.%s WHERE keyspace_name='%s' AND table_name='%s' AND column_name='col3'", @@ -307,36 +338,46 @@ public void testCannotAddColumnWhileFeatureDisabled() throws Throwable TEST_KS, TEST_TABLE))); } - private String getCreateKeyspaceCQL(String ks, boolean ifNotExists) { - if (ifNotExists) { + private String getCreateKeyspaceCQL(String ks, boolean ifNotExists) + { + if (ifNotExists) + { return String.format("CREATE KEYSPACE IF NOT EXISTS %s WITH replication = {'class': 'SimpleStrategy', 'replication_factor': '1'}", ks); } return String.format("CREATE KEYSPACE %s WITH replication = {'class': 'SimpleStrategy', 'replication_factor': '1'}", ks); } - private String getDropKeyspaceCQL(String ks, boolean ifExists) { - if (ifExists) { + private String getDropKeyspaceCQL(String ks, boolean ifExists) + { + if (ifExists) + { return String.format("DROP KEYSPACE IF EXISTS %s", ks); } return String.format("DROP KEYSPACE %s", ks); } - private String getCreateTableCQL(String ks, String table, boolean ifNotExists) { - if (ifNotExists) { + private String getCreateTableCQL(String ks, String table, boolean ifNotExists) + { + if (ifNotExists) + { return String.format("CREATE TABLE IF NOT EXISTS %s.%s (key text PRIMARY KEY, col1 text, col2 text)", ks, table); } return String.format("CREATE TABLE %s.%s (key text PRIMARY KEY, col1 text, col2 text)", ks, table); } - private String getDropTableCQL(String ks, String table, boolean ifExists) { - if (ifExists) { + private String getDropTableCQL(String ks, String table, boolean ifExists) + { + if (ifExists) + { return String.format("DROP TABLE IF EXISTS %s.%s", ks, table); } return String.format("DROP TABLE %s.%s", ks, table); } - private String getCreateViewCQL(String ks, String table, boolean ifNotExists) { - if (ifNotExists) { + private String getCreateViewCQL(String ks, String table, boolean ifNotExists) + { + if (ifNotExists) + { return String.format("CREATE MATERIALIZED VIEW IF NOT EXISTS %s.%s AS SELECT key FROM %s.%s WHERE key IS NOT NULL PRIMARY KEY (key)", ks, table, TEST_KS, TEST_TABLE); } @@ -344,8 +385,10 @@ private String getCreateViewCQL(String ks, String table, boolean ifNotExists) { ks, table, TEST_KS, TEST_TABLE); } - private String getDropViewCQL(String ks, String view, boolean ifExists) { - if (ifExists) { + private String getDropViewCQL(String ks, String view, boolean ifExists) + { + if (ifExists) + { return String.format("DROP MATERIALIZED VIEW IF EXISTS %s.%s", ks, view); } return String.format("DROP MATERIALIZED VIEW %s.%s", ks, view);