From 8c2666dbfb390925af1867ce7ecf8538f1c8cd4d Mon Sep 17 00:00:00 2001 From: shylock <33566796+Shylock-Hg@users.noreply.github.com> Date: Sun, 29 Jan 2023 14:19:51 +0800 Subject: [PATCH] Test/user (#5139) * Add some tests about user management. * Add tests about user roles. * Format. * Fix tck fixture name. * Fix step name. * Change step name. --------- Co-authored-by: Sophie <84560950+Sophie-Xie@users.noreply.github.com> --- tests/tck/conftest.py | 16 ++ tests/tck/features/user/User.feature | 410 ++++++++++++++++++++++++++- 2 files changed, 424 insertions(+), 2 deletions(-) diff --git a/tests/tck/conftest.py b/tests/tck/conftest.py index 03f159ad36f..322f687414c 100644 --- a/tests/tck/conftest.py +++ b/tests/tck/conftest.py @@ -980,3 +980,19 @@ def switch_to_new_session(conn_pool, user, password, class_fixture_variables, ex sess = conn_pool.get_session(user, password) class_fixture_variables["sessions"].append(sess) exec_ctx["current_session"] = sess + +@when(parse('verify login with user "{user}"')) +def login_without_password(conn_pool, user): + sess = None + try: + sess = conn_pool.get_session(user, '') + except Exception as e: + assert e + +@when(parse('verify login with user "{user}" and password "{password}"')) +def login_with_password(conn_pool, user, password): + sess = None + try: + sess = conn_pool.get_session(user, password) + except Exception as e: + assert e diff --git a/tests/tck/features/user/User.feature b/tests/tck/features/user/User.feature index 4703fb05a6c..9c1a6d1f4d5 100644 --- a/tests/tck/features/user/User.feature +++ b/tests/tck/features/user/User.feature @@ -9,11 +9,24 @@ Feature: User & privilege Test DROP USER IF EXISTS user1 """ Then the execution should be successful + When executing query: + """ + DROP USER user1 + """ + Then a ExecutionError should be raised at runtime: User not existed! When executing query: """ CREATE USER user1 WITH PASSWORD "pwd1" """ Then the execution should be successful + When executing query: + """ + DESC USER user1; + """ + Then the result should be, in any order: + | role | space | + And wait 6 seconds + When verify login with user "user2" and password "pwd1" When executing query: """ DROP USER IF EXISTS user2 @@ -21,9 +34,21 @@ Feature: User & privilege Test Then the execution should be successful When executing query: """ - CREATE USER user2 + CREATE USER IF NOT EXISTS user2 + """ + Then the execution should be successful + When executing query: + """ + CREATE USER IF NOT EXISTS user2 """ Then the execution should be successful + When executing query: + """ + CREATE USER user2 + """ + Then a ExecutionError should be raised at runtime: + And wait 6 seconds + When verify login with user "user2" When executing query: """ CREATE USER user1 WITH PASSWORD "pwd1" @@ -43,6 +68,311 @@ Feature: User & privilege Test | "root" | | "user1" | | "user2" | + When executing query: + """ + CREATE USER u + """ + Then the execution should be successful + When executing query: + """ + CREATE USER u123456789ABCDEF + """ + Then the execution should be successful + When executing query: + """ + CREATE USER u123456789ABCDEFG + """ + Then a SemanticError should be raised at runtime: Username exceed maximum length 16 characters. + When executing query: + """ + CREATE USER 123456 + """ + Then a SyntaxError should be raised at runtime: syntax error near `123456' + When executing query: + """ + CREATE USER u&b + """ + Then a SyntaxError should be raised at runtime: syntax error near `&b' + When executing query: + """ + CREATE USER `用户A` + """ + Then the execution should be successful + And wait 6 seconds + When verify login with user "用户A" + When executing query: + """ + CREATE USER A1; + CREATE USER a1; + """ + Then the execution should be successful + And wait 6 seconds + When verify login with user "A1" + When verify login with user "a1" + When executing query: + """ + CREATE USER `CREATE`; + CREATE USER `ROLE`; + """ + Then the execution should be successful + When verify login with user "CREATE" + When verify login with user "ROLE" + When executing query: + """ + CREATE USER u3 WITH PASSWORD "012345678910111213141516"; + CREATE USER u4 WITH PASSWORD "0"; + """ + Then the execution should be successful + And wait 6 seconds + When verify login with user "u3" and password "012345678910111213141516" + When verify login with user "u4" and password "0" + When executing query: + """ + CREATE USER u5 WITH PASSWORD "0123456789101112131415161"; + """ + Then a SemanticError should be raised at runtime: Password exceed maximum length 24 characters. + When executing query: + """ + CREATE USER u6 WITH PASSWORD "中文密码^*()12"; + """ + Then the execution should be successful + And wait 6 seconds + When verify login with user "u6" and password "中文密码^*()12" + When executing query: + """ + DROP USER IF EXISTS u6; + """ + Then the execution should be successful + # TODO(shylock) fix it + # When executing query: + # """ + # DESC USER u6; + # """ + # Then a ExecutionError should be raised at runtime: User not existed! + When executing query: + """ + DROP USER IF EXISTS u6; + """ + Then the execution should be successful + When executing query: + """ + DROP USER u6; + """ + Then a ExecutionError should be raised at runtime: User not existed! + When executing query: + """ + DROP USER root; + """ + Then a SemanticError should be raised at runtime: Can't drop root user. + + Scenario: User roles + When executing query: + """ + CREATE USER user_mlt_roles; + GRANT ROLE USER ON nba TO user_mlt_roles; + GRANT ROLE GUEST ON student TO user_mlt_roles; + """ + Then the execution should be successful + When executing query: + """ + DESC USER user_mlt_roles; + """ + Then the result should be, in any order: + | role | space | + | "USER" | "nba" | + | "GUEST" | "student" | + When executing query: + """ + DROP USER user_mlt_roles; + """ + Then the execution should be successful + # TODO(shylock) fix me + # When executing query: + # """ + # DESC USER user_mlt_roles + # """ + # Then a ExecutionError should be raised at runtime: User not existed! + When executing query: + """ + CREATE USER user_mlt_roles; + """ + Then the execution should be successful + When executing query: + """ + GRANT ROLE ADMIN ON nba TO user_mlt_roles; + GRANT ROLE ADMIN ON student TO user_mlt_roles; + GRANT ROLE GUEST ON nba_int_vid TO user_mlt_roles; + """ + Then the execution should be successful + When executing query: + """ + GRANT ROLE DBA ON nba TO user_mlt_roles; + """ + Then the execution should be successful + When executing query: + """ + DESC USER user_mlt_roles; + """ + Then the result should be, in any order: + | role | space | + | "DBA" | "nba" | + | "ADMIN" | "student" | + | "GUEST" | "nba_int_vid" | + When executing query: + """ + GRANT ROLE ADMIN ON nba TO user_mlt_roles; + GRANT ROLE GUEST ON nba TO user_mlt_roles; + GRANT ROLE USER ON nba TO user_mlt_roles; + """ + Then the execution should be successful + When executing query: + """ + SHOW ROLES IN nba + """ + Then the result should be, in any order: + | Account | Role Type | + | "test_permission" | "USER" | + | "user_mlt_roles" | "USER" | + When executing query: + """ + DESC USER user_mlt_roles; + """ + Then the result should be, in any order: + | role | space | + | "USER" | "nba" | + | "ADMIN" | "student" | + | "GUEST" | "nba_int_vid" | + When executing query: + """ + GRANT ROLE ADMIN ON not_exists TO user_mlt_roles; + """ + Then a ExecutionError should be raised at runtime: SpaceNotFound: SpaceName `not_exists` + When executing query: + """ + GRANT ROLE ADMIN ON nba TO not_exists; + """ + Then a ExecutionError should be raised at runtime: User not existed! + When executing query: + """ + GRANT not_exists ADMIN ON nba TO user_mlt_roles; + """ + Then a SyntaxError should be raised at runtime: syntax error near `not_exists' + When executing query: + """ + GRANT GOD ON nba TO user_mlt_roles; + """ + Then a PermissionError should be raised at runtime: No permission to grant/revoke god user. + When executing query: + """ + REVOKE ROLE USER ON nba FROM user_mlt_roles; + """ + Then the execution should be successful + When executing query: + """ + DESC USER user_mlt_roles; + """ + Then the result should be, in any order: + | role | space | + | "ADMIN" | "student" | + | "GUEST" | "nba_int_vid" | + When executing query: + """ + REVOKE ROLE GUEST ON student FROM user_mlt_roles; + """ + Then a ExecutionError should be raised at runtime: Improper role! + When executing query: + """ + REVOKE ROLE ADMIN ON nba FROM user_mlt_roles; + """ + Then a ExecutionError should be raised at runtime: Role not existed! + When executing query: + """ + REVOKE ROLE not_exists ON nba FROM user_mlt_roles; + """ + Then a SyntaxError should be raised at runtime: syntax error near `not_exists' + When executing query: + """ + REVOKE ROLE GOD ON nba FROM root; + """ + Then a PermissionError should be raised at runtime: Permission denied + When executing query: + """ + REVOKE ROLE USER ON not_exists FROM user_mlt_roles; + """ + Then a ExecutionError should be raised at runtime: SpaceNotFound: SpaceName `not_exists` + When executing query: + """ + REVOKE ROLE USER ON nba FROM not_exists; + """ + Then a ExecutionError should be raised at runtime: User not existed! + When executing query: + """ + DROP USER user_mlt_roles + """ + Then the execution should be successful + When executing query: + """ + SHOW ROLES IN nba + """ + Then the result should be, in any order: + | Account | Role Type | + | "test_permission" | "USER" | + When executing query: + """ + GRANT ROLE ADMIN ON nba TO user_mlt_roles; + """ + Then a ExecutionError should be raised at runtime: User not existed! + When executing query: + """ + REVOKE ROLE ADMIN ON nba FROM user_mlt_roles; + """ + Then a ExecutionError should be raised at runtime: User not existed! + When executing query: + """ + GRANT GUEST ON nba TO root; + """ + Then a SemanticError should be raised at runtime: User 'root' is GOD, cannot be granted. + When executing query: + """ + SHOW ROLES IN not_exists + """ + Then a ExecutionError should be raised at runtime: SpaceNotFound: SpaceName `not_exists` + + Scenario: Recreate space roles + When executing query: + """ + CREATE SPACE test_roles(partition_num=1, replica_factor=1, vid_type=int64); + CREATE USER IF NOT EXISTS user_roles WITH PASSWORD "pwd"; + """ + Then the execution should be successful + And wait 6 seconds + When executing query: + """ + GRANT ROLE ADMIN ON test_roles TO user_roles; + """ + Then the execution should be successful + When executing query: + """ + DROP SPACE test_roles; + """ + Then the execution should be successful + When executing query: + """ + CREATE SPACE test_roles(partition_num=1, replica_factor=1, vid_type=int64); + """ + Then the execution should be successful + And wait 6 seconds + When executing query: + """ + SHOW ROLES IN test_roles + """ + Then the result should be, in any order: + | Account | Role Type | + When executing query: + """ + DROP SPACE test_roles + """ + Then the execution should be successful Scenario: Alter user When executing query: @@ -65,16 +395,75 @@ Feature: User & privilege Test ALTER USER user2 WITH PASSWORD "pwd1" """ Then the execution should be successful + And wait 6 seconds + When verify login with user "user2" and password "pwd1" When executing query: """ CHANGE PASSWORD user2 FROM "pwd2" TO "pwd1" """ Then a ExecutionError should be raised at runtime: Invalid password! + When executing query: + """ + CHANGE PASSWORD user2 FROM "pwd1" TO "01234567890111213141516171" + """ + Then a SemanticError should be raised at runtime: New password exceed maximum length 24 characters. When executing query: """ CHANGE PASSWORD user2 FROM "pwd1" TO "pwd2" """ Then the execution should be successful + When executing query: + """ + CREATE USER IF NOT EXISTS u7 + """ + Then the execution should be successful + When executing query: + """ + ALTER USER u7 WITH PASSWORD "pwd1" + """ + Then the execution should be successful + And wait 6 seconds + When verify login with user "u7" and password "pwd1" + When executing query: + """ + ALTER USER u7 WITH PASSWORD "0123456789011121314151617" + """ + Then a SemanticError should be raised at runtime: Password exceed maximum length 24 characters. + When executing query: + """ + DROP USER IF EXISTS u7 + """ + Then the execution should be successful + When executing query: + """ + CHANGE PASSWORD u7 FROM "pwd1" TO "nebula" + """ + Then a ExecutionError should be raised at runtime: User not existed! + When executing query: + """ + ALTER USER not_exists WITH PASSWORD "pwd1" + """ + Then a ExecutionError should be raised at runtime: User not existed! + When executing query: + """ + CHANGE PASSWORD root FROM "nebula" TO "root" + """ + Then the execution should be successful + When executing query: + """ + CHANGE PASSWORD root FROM "root" TO "nebula" + """ + Then the execution should be successful + When executing query: + """ + CREATE USER IF NOT EXISTS u8 + """ + Then the execution should be successful + When executing query: + """ + CHANGE PASSWORD u8 FROM "" TO "pwd2" + """ + Then the execution should be successful Scenario: Drop user When executing query: @@ -281,7 +670,6 @@ Feature: User & privilege Test """ Then the execution should be successful - @skip Scenario: Describe User When executing query: """ @@ -352,6 +740,17 @@ Feature: User & privilege Test Then the result should be, in any order, with relax comparison: | role | space | | "ADMIN" | "user_tmp_space_4" | + When executing query: + """ + REVOKE ROLE ADMIN ON user_tmp_space_4 FROM user1 + """ + Then the execution should be successful + When executing query: + """ + DESC USER user1 + """ + Then the result should be, in any order: + | role | space | When executing query with user user1 with password pwd1: """ DESC USER user2 @@ -367,3 +766,10 @@ Feature: User & privilege Test DESC USER root """ Then a PermissionError should be raised at runtime: + +# TODO(shylock) fix it +# When executing query: +# """ +# DESCRIBE USER not_exists +# """ +# Then a ExecutionError should be raised at runtime: User not existed!