func TestAllocateIDs(t *testing.T) { defer leaktest.AfterTest(t) desc := sql.TableDescriptor{ ID: keys.MaxReservedDescID + 2, ParentID: keys.MaxReservedDescID + 1, Name: "foo", Columns: []sql.ColumnDescriptor{ {Name: "a"}, {Name: "b"}, {Name: "c"}, }, PrimaryIndex: sql.IndexDescriptor{Name: "c", ColumnNames: []string{"a", "b"}}, Indexes: []sql.IndexDescriptor{ {Name: "d", ColumnNames: []string{"b", "a"}}, {Name: "e", ColumnNames: []string{"b"}}, }, Privileges: sql.NewDefaultPrivilegeDescriptor(), } if err := desc.AllocateIDs(); err != nil { t.Fatal(err) } expected := sql.TableDescriptor{ ID: keys.MaxReservedDescID + 2, ParentID: keys.MaxReservedDescID + 1, Version: 1, Name: "foo", Columns: []sql.ColumnDescriptor{ {ID: 1, Name: "a"}, {ID: 2, Name: "b"}, {ID: 3, Name: "c"}, }, PrimaryIndex: sql.IndexDescriptor{ ID: 1, Name: "c", ColumnIDs: []sql.ColumnID{1, 2}, ColumnNames: []string{"a", "b"}}, Indexes: []sql.IndexDescriptor{ {ID: 2, Name: "d", ColumnIDs: []sql.ColumnID{2, 1}, ColumnNames: []string{"b", "a"}}, {ID: 3, Name: "e", ColumnIDs: []sql.ColumnID{2}, ColumnNames: []string{"b"}, ImplicitColumnIDs: []sql.ColumnID{1}}, }, Privileges: sql.NewDefaultPrivilegeDescriptor(), NextColumnID: 4, NextIndexID: 4, } if !reflect.DeepEqual(expected, desc) { a, _ := json.MarshalIndent(expected, "", " ") b, _ := json.MarshalIndent(desc, "", " ") t.Fatalf("expected %s, but found %s", a, b) } if err := desc.AllocateIDs(); err != nil { t.Fatal(err) } if !reflect.DeepEqual(expected, desc) { a, _ := json.MarshalIndent(expected, "", " ") b, _ := json.MarshalIndent(desc, "", " ") t.Fatalf("expected %s, but found %s", a, b) } }
// TestPrivilegeValidate exercises validation for non-system descriptors. func TestPrivilegeValidate(t *testing.T) { defer leaktest.AfterTest(t) id := sql.ID(keys.MaxReservedDescID + 1) descriptor := sql.NewDefaultPrivilegeDescriptor() if err := descriptor.Validate(id); err != nil { t.Fatal(err) } descriptor.Grant("foo", privilege.List{privilege.ALL}) if err := descriptor.Validate(id); err != nil { t.Fatal(err) } descriptor.Grant(security.RootUser, privilege.List{privilege.SELECT}) if err := descriptor.Validate(id); err != nil { t.Fatal(err) } descriptor.Revoke(security.RootUser, privilege.List{privilege.SELECT}) if err := descriptor.Validate(id); err == nil { t.Fatal("unexpected success") } // TODO(marc): validate fails here because we do not aggregate // privileges into ALL when all are set. descriptor.Grant(security.RootUser, privilege.List{privilege.SELECT}) if err := descriptor.Validate(id); err == nil { t.Fatal("unexpected success") } descriptor.Revoke(security.RootUser, privilege.List{privilege.ALL}) if err := descriptor.Validate(id); err == nil { t.Fatal("unexpected success") } }
func TestPrivilege(t *testing.T) { defer leaktest.AfterTest(t) descriptor := sql.NewDefaultPrivilegeDescriptor() testCases := []struct { grantee string // User to grant/revoke privileges on. grant, revoke privilege.List show []sql.UserPrivilegeString }{ {"", nil, nil, []sql.UserPrivilegeString{{security.RootUser, "ALL"}}, }, {security.RootUser, privilege.List{privilege.ALL}, nil, []sql.UserPrivilegeString{{security.RootUser, "ALL"}}, }, {security.RootUser, privilege.List{privilege.INSERT, privilege.DROP}, nil, []sql.UserPrivilegeString{{security.RootUser, "ALL"}}, }, {"foo", privilege.List{privilege.INSERT, privilege.DROP}, nil, []sql.UserPrivilegeString{{"foo", "DROP,INSERT"}, {security.RootUser, "ALL"}}, }, {"bar", nil, privilege.List{privilege.INSERT, privilege.ALL}, []sql.UserPrivilegeString{{"foo", "DROP,INSERT"}, {security.RootUser, "ALL"}}, }, {"foo", privilege.List{privilege.ALL}, nil, []sql.UserPrivilegeString{{"foo", "ALL"}, {security.RootUser, "ALL"}}, }, {"foo", nil, privilege.List{privilege.SELECT, privilege.INSERT}, []sql.UserPrivilegeString{{"foo", "CREATE,DELETE,DROP,GRANT,UPDATE"}, {security.RootUser, "ALL"}}, }, {"foo", nil, privilege.List{privilege.ALL}, []sql.UserPrivilegeString{{security.RootUser, "ALL"}}, }, // Validate checks that root still has ALL privileges, but we do not call it here. {security.RootUser, nil, privilege.List{privilege.ALL}, []sql.UserPrivilegeString{}, }, } for tcNum, tc := range testCases { if tc.grantee != "" { if tc.grant != nil { descriptor.Grant(tc.grantee, tc.grant) } if tc.revoke != nil { descriptor.Revoke(tc.grantee, tc.revoke) } } show, err := descriptor.Show() if err != nil { t.Fatal(err) } if len(show) != len(tc.show) { t.Fatalf("#%d: show output for descriptor %+v differs, got: %+v, expected %+v", tcNum, descriptor, show, tc.show) } for i := 0; i < len(show); i++ { if show[i].User != tc.show[i].User || show[i].Privileges != tc.show[i].Privileges { t.Fatalf("#%d: show output for descriptor %+v differs, got: %+v, expected %+v", tcNum, descriptor, show, tc.show) } } } }