예제 #1
0
func TestAllocateIDs(t *testing.T) {
	defer leaktest.AfterTest(t)

	desc := sql.TableDescriptor{
		ID:       keys.MaxReservedDescID + 2,
		ParentID: keys.MaxReservedDescID + 1,
		Name:     "foo",
		Columns: []sql.ColumnDescriptor{
			{Name: "a"},
			{Name: "b"},
			{Name: "c"},
		},
		PrimaryIndex: sql.IndexDescriptor{Name: "c", ColumnNames: []string{"a", "b"}},
		Indexes: []sql.IndexDescriptor{
			{Name: "d", ColumnNames: []string{"b", "a"}},
			{Name: "e", ColumnNames: []string{"b"}},
		},
		Privileges: sql.NewDefaultPrivilegeDescriptor(),
	}
	if err := desc.AllocateIDs(); err != nil {
		t.Fatal(err)
	}

	expected := sql.TableDescriptor{
		ID:       keys.MaxReservedDescID + 2,
		ParentID: keys.MaxReservedDescID + 1,
		Version:  1,
		Name:     "foo",
		Columns: []sql.ColumnDescriptor{
			{ID: 1, Name: "a"},
			{ID: 2, Name: "b"},
			{ID: 3, Name: "c"},
		},
		PrimaryIndex: sql.IndexDescriptor{
			ID: 1, Name: "c", ColumnIDs: []sql.ColumnID{1, 2}, ColumnNames: []string{"a", "b"}},
		Indexes: []sql.IndexDescriptor{
			{ID: 2, Name: "d", ColumnIDs: []sql.ColumnID{2, 1}, ColumnNames: []string{"b", "a"}},
			{ID: 3, Name: "e", ColumnIDs: []sql.ColumnID{2}, ColumnNames: []string{"b"},
				ImplicitColumnIDs: []sql.ColumnID{1}},
		},
		Privileges:   sql.NewDefaultPrivilegeDescriptor(),
		NextColumnID: 4,
		NextIndexID:  4,
	}
	if !reflect.DeepEqual(expected, desc) {
		a, _ := json.MarshalIndent(expected, "", "  ")
		b, _ := json.MarshalIndent(desc, "", "  ")
		t.Fatalf("expected %s, but found %s", a, b)
	}

	if err := desc.AllocateIDs(); err != nil {
		t.Fatal(err)
	}
	if !reflect.DeepEqual(expected, desc) {
		a, _ := json.MarshalIndent(expected, "", "  ")
		b, _ := json.MarshalIndent(desc, "", "  ")
		t.Fatalf("expected %s, but found %s", a, b)
	}
}
예제 #2
0
// TestPrivilegeValidate exercises validation for non-system descriptors.
func TestPrivilegeValidate(t *testing.T) {
	defer leaktest.AfterTest(t)
	id := sql.ID(keys.MaxReservedDescID + 1)
	descriptor := sql.NewDefaultPrivilegeDescriptor()
	if err := descriptor.Validate(id); err != nil {
		t.Fatal(err)
	}
	descriptor.Grant("foo", privilege.List{privilege.ALL})
	if err := descriptor.Validate(id); err != nil {
		t.Fatal(err)
	}
	descriptor.Grant(security.RootUser, privilege.List{privilege.SELECT})
	if err := descriptor.Validate(id); err != nil {
		t.Fatal(err)
	}
	descriptor.Revoke(security.RootUser, privilege.List{privilege.SELECT})
	if err := descriptor.Validate(id); err == nil {
		t.Fatal("unexpected success")
	}
	// TODO(marc): validate fails here because we do not aggregate
	// privileges into ALL when all are set.
	descriptor.Grant(security.RootUser, privilege.List{privilege.SELECT})
	if err := descriptor.Validate(id); err == nil {
		t.Fatal("unexpected success")
	}
	descriptor.Revoke(security.RootUser, privilege.List{privilege.ALL})
	if err := descriptor.Validate(id); err == nil {
		t.Fatal("unexpected success")
	}
}
예제 #3
0
func TestPrivilege(t *testing.T) {
	defer leaktest.AfterTest(t)
	descriptor := sql.NewDefaultPrivilegeDescriptor()

	testCases := []struct {
		grantee       string // User to grant/revoke privileges on.
		grant, revoke privilege.List
		show          []sql.UserPrivilegeString
	}{
		{"", nil, nil,
			[]sql.UserPrivilegeString{{security.RootUser, "ALL"}},
		},
		{security.RootUser, privilege.List{privilege.ALL}, nil,
			[]sql.UserPrivilegeString{{security.RootUser, "ALL"}},
		},
		{security.RootUser, privilege.List{privilege.INSERT, privilege.DROP}, nil,
			[]sql.UserPrivilegeString{{security.RootUser, "ALL"}},
		},
		{"foo", privilege.List{privilege.INSERT, privilege.DROP}, nil,
			[]sql.UserPrivilegeString{{"foo", "DROP,INSERT"}, {security.RootUser, "ALL"}},
		},
		{"bar", nil, privilege.List{privilege.INSERT, privilege.ALL},
			[]sql.UserPrivilegeString{{"foo", "DROP,INSERT"}, {security.RootUser, "ALL"}},
		},
		{"foo", privilege.List{privilege.ALL}, nil,
			[]sql.UserPrivilegeString{{"foo", "ALL"}, {security.RootUser, "ALL"}},
		},
		{"foo", nil, privilege.List{privilege.SELECT, privilege.INSERT},
			[]sql.UserPrivilegeString{{"foo", "CREATE,DELETE,DROP,GRANT,UPDATE"}, {security.RootUser, "ALL"}},
		},
		{"foo", nil, privilege.List{privilege.ALL},
			[]sql.UserPrivilegeString{{security.RootUser, "ALL"}},
		},
		// Validate checks that root still has ALL privileges, but we do not call it here.
		{security.RootUser, nil, privilege.List{privilege.ALL},
			[]sql.UserPrivilegeString{},
		},
	}

	for tcNum, tc := range testCases {
		if tc.grantee != "" {
			if tc.grant != nil {
				descriptor.Grant(tc.grantee, tc.grant)
			}
			if tc.revoke != nil {
				descriptor.Revoke(tc.grantee, tc.revoke)
			}
		}
		show, err := descriptor.Show()
		if err != nil {
			t.Fatal(err)
		}
		if len(show) != len(tc.show) {
			t.Fatalf("#%d: show output for descriptor %+v differs, got: %+v, expected %+v",
				tcNum, descriptor, show, tc.show)
		}
		for i := 0; i < len(show); i++ {
			if show[i].User != tc.show[i].User || show[i].Privileges != tc.show[i].Privileges {
				t.Fatalf("#%d: show output for descriptor %+v differs, got: %+v, expected %+v",
					tcNum, descriptor, show, tc.show)
			}
		}
	}
}