func TestAllocateIDs(t *testing.T) {
defer leaktest.AfterTest(t)
desc := sql.TableDescriptor{
ID: keys.MaxReservedDescID + 2,
ParentID: keys.MaxReservedDescID + 1,
Name: "foo",
Columns: []sql.ColumnDescriptor{
{Name: "a"},
{Name: "b"},
{Name: "c"},
},
PrimaryIndex: sql.IndexDescriptor{Name: "c", ColumnNames: []string{"a", "b"}},
Indexes: []sql.IndexDescriptor{
{Name: "d", ColumnNames: []string{"b", "a"}},
{Name: "e", ColumnNames: []string{"b"}},
},
Privileges: sql.NewDefaultPrivilegeDescriptor(),
}
if err := desc.AllocateIDs(); err != nil {
t.Fatal(err)
}
expected := sql.TableDescriptor{
ID: keys.MaxReservedDescID + 2,
ParentID: keys.MaxReservedDescID + 1,
Version: 1,
Name: "foo",
Columns: []sql.ColumnDescriptor{
{ID: 1, Name: "a"},
{ID: 2, Name: "b"},
{ID: 3, Name: "c"},
},
PrimaryIndex: sql.IndexDescriptor{
ID: 1, Name: "c", ColumnIDs: []sql.ColumnID{1, 2}, ColumnNames: []string{"a", "b"}},
Indexes: []sql.IndexDescriptor{
{ID: 2, Name: "d", ColumnIDs: []sql.ColumnID{2, 1}, ColumnNames: []string{"b", "a"}},
{ID: 3, Name: "e", ColumnIDs: []sql.ColumnID{2}, ColumnNames: []string{"b"},
ImplicitColumnIDs: []sql.ColumnID{1}},
},
Privileges: sql.NewDefaultPrivilegeDescriptor(),
NextColumnID: 4,
NextIndexID: 4,
}
if !reflect.DeepEqual(expected, desc) {
a, _ := json.MarshalIndent(expected, "", " ")
b, _ := json.MarshalIndent(desc, "", " ")
t.Fatalf("expected %s, but found %s", a, b)
}
if err := desc.AllocateIDs(); err != nil {
t.Fatal(err)
}
if !reflect.DeepEqual(expected, desc) {
a, _ := json.MarshalIndent(expected, "", " ")
b, _ := json.MarshalIndent(desc, "", " ")
t.Fatalf("expected %s, but found %s", a, b)
}
}
// TestPrivilegeValidate exercises validation for non-system descriptors.
func TestPrivilegeValidate(t *testing.T) {
defer leaktest.AfterTest(t)
id := sql.ID(keys.MaxReservedDescID + 1)
descriptor := sql.NewDefaultPrivilegeDescriptor()
if err := descriptor.Validate(id); err != nil {
t.Fatal(err)
}
descriptor.Grant("foo", privilege.List{privilege.ALL})
if err := descriptor.Validate(id); err != nil {
t.Fatal(err)
}
descriptor.Grant(security.RootUser, privilege.List{privilege.SELECT})
if err := descriptor.Validate(id); err != nil {
t.Fatal(err)
}
descriptor.Revoke(security.RootUser, privilege.List{privilege.SELECT})
if err := descriptor.Validate(id); err == nil {
t.Fatal("unexpected success")
}
// TODO(marc): validate fails here because we do not aggregate
// privileges into ALL when all are set.
descriptor.Grant(security.RootUser, privilege.List{privilege.SELECT})
if err := descriptor.Validate(id); err == nil {
t.Fatal("unexpected success")
}
descriptor.Revoke(security.RootUser, privilege.List{privilege.ALL})
if err := descriptor.Validate(id); err == nil {
t.Fatal("unexpected success")
}
}
func TestPrivilege(t *testing.T) {
defer leaktest.AfterTest(t)
descriptor := sql.NewDefaultPrivilegeDescriptor()
testCases := []struct {
grantee string // User to grant/revoke privileges on.
grant, revoke privilege.List
show []sql.UserPrivilegeString
}{
{"", nil, nil,
[]sql.UserPrivilegeString{{security.RootUser, "ALL"}},
},
{security.RootUser, privilege.List{privilege.ALL}, nil,
[]sql.UserPrivilegeString{{security.RootUser, "ALL"}},
},
{security.RootUser, privilege.List{privilege.INSERT, privilege.DROP}, nil,
[]sql.UserPrivilegeString{{security.RootUser, "ALL"}},
},
{"foo", privilege.List{privilege.INSERT, privilege.DROP}, nil,
[]sql.UserPrivilegeString{{"foo", "DROP,INSERT"}, {security.RootUser, "ALL"}},
},
{"bar", nil, privilege.List{privilege.INSERT, privilege.ALL},
[]sql.UserPrivilegeString{{"foo", "DROP,INSERT"}, {security.RootUser, "ALL"}},
},
{"foo", privilege.List{privilege.ALL}, nil,
[]sql.UserPrivilegeString{{"foo", "ALL"}, {security.RootUser, "ALL"}},
},
{"foo", nil, privilege.List{privilege.SELECT, privilege.INSERT},
[]sql.UserPrivilegeString{{"foo", "CREATE,DELETE,DROP,GRANT,UPDATE"}, {security.RootUser, "ALL"}},
},
{"foo", nil, privilege.List{privilege.ALL},
[]sql.UserPrivilegeString{{security.RootUser, "ALL"}},
},
// Validate checks that root still has ALL privileges, but we do not call it here.
{security.RootUser, nil, privilege.List{privilege.ALL},
[]sql.UserPrivilegeString{},
},
}
for tcNum, tc := range testCases {
if tc.grantee != "" {
if tc.grant != nil {
descriptor.Grant(tc.grantee, tc.grant)
}
if tc.revoke != nil {
descriptor.Revoke(tc.grantee, tc.revoke)
}
}
show, err := descriptor.Show()
if err != nil {
t.Fatal(err)
}
if len(show) != len(tc.show) {
t.Fatalf("#%d: show output for descriptor %+v differs, got: %+v, expected %+v",
tcNum, descriptor, show, tc.show)
}
for i := 0; i < len(show); i++ {
if show[i].User != tc.show[i].User || show[i].Privileges != tc.show[i].Privileges {
t.Fatalf("#%d: show output for descriptor %+v differs, got: %+v, expected %+v",
tcNum, descriptor, show, tc.show)
}
}
}
}
