This is an automated email from the ASF dual-hosted git repository.
yiguolei pushed a commit to branch branch-2.1
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-2.1 by this push:
new 0b41c927e3c branch-2.1: [case](auth)Add case for auth #45478 (#45819)
0b41c927e3c is described below
commit 0b41c927e3ca376f1195efa9ed54288bf2a35f12
Author: github-actions[bot]
<41898282+github-actions[bot]@users.noreply.github.com>
AuthorDate: Tue Dec 24 21:41:48 2024 +0800
branch-2.1: [case](auth)Add case for auth #45478 (#45819)
Cherry-picked from #45478
Co-authored-by: zhangdong <[email protected]>
---
...st_system_user.groovy => test_system_db.groovy} | 45 ++++++----
..._system_user.groovy => test_system_role.groovy} | 36 ++++++--
.../suites/account_p0/test_system_user.groovy | 28 +++++-
.../suites/auth_p0/test_catalogs_auth.groovy | 68 ++++++++++++++
.../suites/auth_p0/test_mtmv_auth.groovy | 100 +++++++++++++++++++++
.../auth_p0/test_partition_values_tvf_auth.groovy | 69 ++++++++++++++
.../suites/auth_p0/test_partitions_auth.groovy | 84 +++++++++++++++++
.../suites/auth_p0/test_query_tvf_auth.groovy | 74 +++++++++++++++
.../suites/auth_p0/test_select_count_auth.groovy | 93 +++++++++++++++++++
.../external_table_p2/tvf/test_iceberg_meta.groovy | 34 ++++++-
10 files changed, 603 insertions(+), 28 deletions(-)
diff --git a/regression-test/suites/account_p0/test_system_user.groovy
b/regression-test/suites/account_p0/test_system_db.groovy
similarity index 52%
copy from regression-test/suites/account_p0/test_system_user.groovy
copy to regression-test/suites/account_p0/test_system_db.groovy
index 1805f1669ea..11b9d6d492b 100644
--- a/regression-test/suites/account_p0/test_system_user.groovy
+++ b/regression-test/suites/account_p0/test_system_db.groovy
@@ -17,23 +17,30 @@
import org.junit.Assert;
-suite("test_system_user") {
- test {
- sql """
- create user `root`;
- """
- exception "root"
- }
- test {
- sql """
- drop user `root`;
- """
- exception "system"
- }
- test {
- sql """
- drop user `admin`;
- """
- exception "system"
- }
+suite("test_system_db","p0,auth") {
+ String suiteName = "test_system_db"
+ String user = "${suiteName}_user"
+ String pwd = 'C123_567p'
+ try_sql("DROP USER ${user}")
+ sql """CREATE USER '${user}' IDENTIFIED BY '${pwd}'"""
+
+ sql """
+ grant select_priv on __internal_schema.* to `${user}`;
+ """
+ sql """
+ grant select_priv on information_schema.* to `${user}`;
+ """
+ sql """
+ grant select_priv on mysql.* to `${user}`;
+ """
+ sql """
+ revoke select_priv on __internal_schema.* from `${user}`;
+ """
+ sql """
+ revoke select_priv on information_schema.* from `${user}`;
+ """
+ sql """
+ revoke select_priv on mysql.* from `${user}`;
+ """
+ try_sql("DROP USER ${user}")
}
diff --git a/regression-test/suites/account_p0/test_system_user.groovy
b/regression-test/suites/account_p0/test_system_role.groovy
similarity index 57%
copy from regression-test/suites/account_p0/test_system_user.groovy
copy to regression-test/suites/account_p0/test_system_role.groovy
index 1805f1669ea..64c0f122fa2 100644
--- a/regression-test/suites/account_p0/test_system_user.groovy
+++ b/regression-test/suites/account_p0/test_system_role.groovy
@@ -17,23 +17,45 @@
import org.junit.Assert;
-suite("test_system_user") {
+suite("test_system_role","p0,auth") {
test {
sql """
- create user `root`;
+ drop role operator;
"""
- exception "root"
+ exception "Can not drop role"
+ }
+
+ test {
+ sql """
+ drop role `admin`;
+ """
+ exception "Can not drop role"
+ }
+
+ test {
+ sql """
+ grant select_priv on *.*.* to role "operator";
+ """
+ exception "Can not grant"
+ }
+ test {
+ sql """
+ grant select_priv on *.*.* to role "admin";
+ """
+ exception "Can not grant"
}
test {
sql """
- drop user `root`;
+ revoke Node_priv on *.*.* from role 'operator';
"""
- exception "system"
+ exception "Can not revoke"
}
+
test {
sql """
- drop user `admin`;
+ revoke Admin_priv on *.*.* from role 'admin';
"""
- exception "system"
+ exception "Can not revoke"
}
+
}
diff --git a/regression-test/suites/account_p0/test_system_user.groovy
b/regression-test/suites/account_p0/test_system_user.groovy
index 1805f1669ea..5993e1d238b 100644
--- a/regression-test/suites/account_p0/test_system_user.groovy
+++ b/regression-test/suites/account_p0/test_system_user.groovy
@@ -17,7 +17,7 @@
import org.junit.Assert;
-suite("test_system_user") {
+suite("test_system_user","p0,auth") {
test {
sql """
create user `root`;
@@ -36,4 +36,30 @@ suite("test_system_user") {
"""
exception "system"
}
+ test {
+ sql """
+ revoke "operator" from root;
+ """
+ exception "Can not revoke role"
+ }
+ test {
+ sql """
+ revoke 'admin' from `admin`;
+ """
+ exception "Unsupported operation"
+ }
+
+ sql """
+ grant select_priv on *.*.* to `root`;
+ """
+ sql """
+ revoke select_priv on *.*.* from `root`;
+ """
+ sql """
+ grant select_priv on *.*.* to `admin`;
+ """
+ sql """
+ revoke select_priv on *.*.* from `admin`;
+ """
+
}
diff --git a/regression-test/suites/auth_p0/test_catalogs_auth.groovy
b/regression-test/suites/auth_p0/test_catalogs_auth.groovy
new file mode 100644
index 00000000000..96ebcef7cf8
--- /dev/null
+++ b/regression-test/suites/auth_p0/test_catalogs_auth.groovy
@@ -0,0 +1,68 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+import org.junit.Assert;
+
+suite("test_catalogs_auth","p0,auth") {
+ String suiteName = "test_catalogs_auth"
+ String catalogName = "${suiteName}_catalog"
+ String user = "${suiteName}_user"
+ String pwd = 'C123_567p'
+ try_sql("DROP USER ${user}")
+ sql """CREATE USER '${user}' IDENTIFIED BY '${pwd}'"""
+
+ sql """drop catalog if exists ${catalogName}"""
+ sql """CREATE CATALOG ${catalogName} PROPERTIES (
+ "type"="es",
+ "hosts"="http://8.8.8.8:9200";
+ );"""
+
+ //cloud-mode
+ if (isCloudMode()) {
+ def clusters = sql " SHOW CLUSTERS; "
+ assertTrue(!clusters.isEmpty())
+ def validCluster = clusters[0][0]
+ sql """GRANT USAGE_PRIV ON CLUSTER ${validCluster} TO ${user}""";
+ }
+
+ sql """grant select_priv on regression_test to ${user}"""
+
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ def showRes = sql """show catalogs;"""
+ logger.info("showRes: " + showRes.toString())
+ assertFalse(showRes.toString().contains("${catalogName}"))
+
+ def tvfRes = sql """select * from catalogs();"""
+ logger.info("tvfRes: " + tvfRes.toString())
+ assertFalse(tvfRes.toString().contains("${catalogName}"))
+ }
+
+ sql """grant select_priv on ${catalogName}.*.* to ${user}"""
+
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ def showRes = sql """show catalogs;"""
+ logger.info("showRes: " + showRes.toString())
+ assertTrue(showRes.toString().contains("${catalogName}"))
+
+ def tvfRes = sql """select * from catalogs();"""
+ logger.info("tvfRes: " + tvfRes.toString())
+ assertTrue(tvfRes.toString().contains("${catalogName}"))
+ }
+
+ try_sql("DROP USER ${user}")
+ sql """drop catalog if exists ${catalogName}"""
+}
diff --git a/regression-test/suites/auth_p0/test_mtmv_auth.groovy
b/regression-test/suites/auth_p0/test_mtmv_auth.groovy
new file mode 100644
index 00000000000..52ecbebb70b
--- /dev/null
+++ b/regression-test/suites/auth_p0/test_mtmv_auth.groovy
@@ -0,0 +1,100 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+import org.junit.Assert;
+
+suite("test_mtmv_auth","p0,auth") {
+ String suiteName = "test_mtmv_auth"
+ String dbName = context.config.getDbNameByFile(context.file)
+ String tableName = "${suiteName}_table"
+ String mvName = "${suiteName}_mv"
+ String user = "${suiteName}_user"
+ String pwd = 'C123_567p'
+ try_sql("DROP USER ${user}")
+ sql """CREATE USER '${user}' IDENTIFIED BY '${pwd}'"""
+
+ sql """DROP MATERIALIZED VIEW IF EXISTS ${mvName};"""
+ sql """drop table if exists `${tableName}`"""
+ sql """
+ CREATE TABLE `${tableName}` (
+ `user_id` LARGEINT NOT NULL COMMENT '\"用户id\"',
+ `date` DATE NOT NULL COMMENT '\"数据灌入日期时间\"',
+ `num` SMALLINT NOT NULL COMMENT '\"数量\"'
+ ) ENGINE=OLAP
+ DUPLICATE KEY(`user_id`, `date`, `num`)
+ COMMENT 'OLAP'
+ DISTRIBUTED BY HASH(`user_id`) BUCKETS 2
+ PROPERTIES ('replication_num' = '1') ;
+ """
+
+ sql """
+ CREATE MATERIALIZED VIEW ${mvName}
+ BUILD DEFERRED REFRESH AUTO ON MANUAL
+ DISTRIBUTED BY RANDOM BUCKETS 2
+ PROPERTIES ('replication_num' = '1')
+ AS
+ select * from ${tableName};
+ """
+
+ sql """refresh MATERIALIZED VIEW ${mvName} auto"""
+ waitingMTMVTaskFinishedByMvName(mvName)
+
+ //cloud-mode
+ if (isCloudMode()) {
+ def clusters = sql " SHOW CLUSTERS; "
+ assertTrue(!clusters.isEmpty())
+ def validCluster = clusters[0][0]
+ sql """GRANT USAGE_PRIV ON CLUSTER ${validCluster} TO ${user}""";
+ }
+
+ sql """grant select_priv on regression_test to ${user}"""
+
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ def mvsRes = sql """select * from mv_infos("database"="${dbName}");"""
+ logger.info("mvsRes: " + mvsRes.toString())
+ assertFalse(mvsRes.toString().contains("${mvName}"))
+
+ def jobsRes = sql """select * from jobs("type"="mv");"""
+ logger.info("jobsRes: " + jobsRes.toString())
+ assertFalse(jobsRes.toString().contains("${mvName}"))
+
+ def tasksRes = sql """select * from tasks("type"="mv");"""
+ logger.info("tasksRes: " + tasksRes.toString())
+ assertFalse(tasksRes.toString().contains("${mvName}"))
+
+ }
+
+ sql """grant select_priv on ${dbName}.${mvName} to ${user}"""
+
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ def mvsRes = sql """select * from mv_infos("database"="${dbName}");"""
+ logger.info("mvsRes: " + mvsRes.toString())
+ assertTrue(mvsRes.toString().contains("${mvName}"))
+
+ def jobsRes = sql """select * from jobs("type"="mv");"""
+ logger.info("jobsRes: " + jobsRes.toString())
+ assertTrue(jobsRes.toString().contains("${mvName}"))
+
+ def tasksRes = sql """select * from tasks("type"="mv");"""
+ logger.info("tasksRes: " + tasksRes.toString())
+ assertTrue(tasksRes.toString().contains("${mvName}"))
+ }
+
+ try_sql("DROP USER ${user}")
+ sql """DROP MATERIALIZED VIEW IF EXISTS ${mvName};"""
+ sql """drop table if exists `${tableName}`"""
+}
diff --git
a/regression-test/suites/auth_p0/test_partition_values_tvf_auth.groovy
b/regression-test/suites/auth_p0/test_partition_values_tvf_auth.groovy
new file mode 100644
index 00000000000..3f0ae7ea8d5
--- /dev/null
+++ b/regression-test/suites/auth_p0/test_partition_values_tvf_auth.groovy
@@ -0,0 +1,69 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+suite("test_partition_values_tvf_auth","p0,auth") {
+ String suiteName = "test_partition_values_tvf_auth"
+ String enabled = context.config.otherConfigs.get("enableHiveTest")
+ if (enabled == null || !enabled.equalsIgnoreCase("true")) {
+ logger.info("disable Hive test.")
+ return;
+ }
+
+ for (String hivePrefix : ["hive3"]) {
+ String extHiveHmsHost =
context.config.otherConfigs.get("externalEnvIp")
+ String extHiveHmsPort =
context.config.otherConfigs.get(hivePrefix + "HmsPort")
+ String catalog_name =
"${hivePrefix}_test_external_catalog_hive_partition"
+
+ sql """drop catalog if exists ${catalog_name};"""
+ sql """
+ create catalog if not exists ${catalog_name} properties (
+ 'type'='hms',
+ 'hive.metastore.uris' =
'thrift://${extHiveHmsHost}:${extHiveHmsPort}'
+ );
+ """
+ String user = "${suiteName}_user"
+ String pwd = 'C123_567p'
+ try_sql("DROP USER ${user}")
+ sql """CREATE USER '${user}' IDENTIFIED BY '${pwd}'"""
+ //cloud-mode
+ if (isCloudMode()) {
+ def clusters = sql " SHOW CLUSTERS; "
+ assertTrue(!clusters.isEmpty())
+ def validCluster = clusters[0][0]
+ sql """GRANT USAGE_PRIV ON CLUSTER ${validCluster} TO
${user}""";
+ }
+
+ sql """grant select_priv on regression_test to ${user}"""
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl)
{
+ test {
+ sql """
+ select * from partition_values("catalog" =
"${catalog_name}", "database" = "multi_catalog", "table" =
"orc_partitioned_columns") order by t_int, t_float;
+ """
+ exception "denied"
+ }
+ }
+ sql """grant select_priv on
${catalog_name}.multi_catalog.orc_partitioned_columns to ${user}"""
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ sql """
+ select * from partition_values("catalog" =
"${catalog_name}", "database" = "multi_catalog", "table" =
"orc_partitioned_columns") order by t_int, t_float;
+ """
+ }
+ try_sql("DROP USER ${user}")
+ sql """drop catalog if exists ${catalog_name}"""
+ }
+}
+
diff --git a/regression-test/suites/auth_p0/test_partitions_auth.groovy
b/regression-test/suites/auth_p0/test_partitions_auth.groovy
new file mode 100644
index 00000000000..0b769f11567
--- /dev/null
+++ b/regression-test/suites/auth_p0/test_partitions_auth.groovy
@@ -0,0 +1,84 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+import org.junit.Assert;
+
+suite("test_partitions_auth","p0,auth") {
+ String suiteName = "test_partitions_auth"
+ String dbName = context.config.getDbNameByFile(context.file)
+ String tableName = "${suiteName}_table"
+ String user = "${suiteName}_user"
+ String pwd = 'C123_567p'
+ try_sql("DROP USER ${user}")
+ sql """CREATE USER '${user}' IDENTIFIED BY '${pwd}'"""
+
+ sql """drop table if exists `${tableName}`"""
+ sql """
+ CREATE TABLE `${tableName}` (
+ `user_id` LARGEINT NOT NULL COMMENT '\"用户id\"',
+ `date` DATE NOT NULL COMMENT '\"数据灌入日期时间\"',
+ `num` SMALLINT NOT NULL COMMENT '\"数量\"'
+ ) ENGINE=OLAP
+ DUPLICATE KEY(`user_id`, `date`, `num`)
+ COMMENT 'OLAP'
+ PARTITION BY RANGE(`date`)
+ (PARTITION p201701_1000 VALUES [('0000-01-01'), ('2017-02-01')),
+ PARTITION p201702_2000 VALUES [('2017-02-01'), ('2017-03-01')),
+ PARTITION p201703_all VALUES [('2017-03-01'), ('2017-04-01')))
+ DISTRIBUTED BY HASH(`user_id`) BUCKETS 2
+ PROPERTIES ('replication_num' = '1') ;
+ """
+
+ //cloud-mode
+ if (isCloudMode()) {
+ def clusters = sql " SHOW CLUSTERS; "
+ assertTrue(!clusters.isEmpty())
+ def validCluster = clusters[0][0]
+ sql """GRANT USAGE_PRIV ON CLUSTER ${validCluster} TO ${user}""";
+ }
+
+ sql """grant select_priv on regression_test to ${user}"""
+
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ test {
+ sql """
+ show partitions from ${dbName}.${tableName};
+ """
+ exception "denied"
+ }
+ test {
+ sql """
+ select * from
partitions('catalog'='internal',"database"="${dbName}","table"="${tableName}");
+ """
+ exception "denied"
+ }
+ }
+
+ sql """grant select_priv on ${dbName}.${tableName} to ${user}"""
+
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ sql """
+ show partitions from ${dbName}.${tableName};
+ """
+ sql """
+ select * from
partitions('catalog'='internal',"database"="${dbName}","table"="${tableName}");
+ """
+ }
+
+ try_sql("DROP USER ${user}")
+ sql """drop table if exists `${tableName}`"""
+}
diff --git a/regression-test/suites/auth_p0/test_query_tvf_auth.groovy
b/regression-test/suites/auth_p0/test_query_tvf_auth.groovy
new file mode 100644
index 00000000000..05c274077d9
--- /dev/null
+++ b/regression-test/suites/auth_p0/test_query_tvf_auth.groovy
@@ -0,0 +1,74 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+suite("test_jdbc_query_tvf","p0,auth") {
+ String suiteName = "test_jdbc_query_tvf"
+ String enabled = context.config.otherConfigs.get("enableJdbcTest")
+ String externalEnvIp = context.config.otherConfigs.get("externalEnvIp")
+ String s3_endpoint = getS3Endpoint()
+ String bucket = getS3BucketName()
+ String driver_url =
"https://${bucket}.${s3_endpoint}/regression/jdbc_driver/mysql-connector-java-8.0.25.jar";
+ if (enabled != null && enabled.equalsIgnoreCase("true")) {
+ String user = "test_jdbc_user";
+ String pwd = '123456';
+ String catalog_name = "${suiteName}_catalog"
+ String mysql_port = context.config.otherConfigs.get("mysql_57_port");
+
+ sql """drop catalog if exists ${catalog_name} """
+
+ sql """create catalog if not exists ${catalog_name} properties(
+ "type"="jdbc",
+ "user"="root",
+ "password"="123456",
+ "jdbc_url" =
"jdbc:mysql://${externalEnvIp}:${mysql_port}/doris_test",
+ "driver_url" = "${driver_url}",
+ "driver_class" = "com.mysql.cj.jdbc.Driver"
+ );"""
+
+ String dorisuser = "${suiteName}_user"
+ String dorispwd = 'C123_567p'
+ try_sql("DROP USER ${dorisuser}")
+ sql """CREATE USER '${dorisuser}' IDENTIFIED BY '${dorispwd}'"""
+ //cloud-mode
+ if (isCloudMode()) {
+ def clusters = sql " SHOW CLUSTERS; "
+ assertTrue(!clusters.isEmpty())
+ def validCluster = clusters[0][0]
+ sql """GRANT USAGE_PRIV ON CLUSTER ${validCluster} TO
${dorisuser}""";
+ }
+
+ sql """grant select_priv on regression_test to ${dorisuser}"""
+
+ connect(user=dorisuser, password="${dorispwd}",
url=context.config.jdbcUrl) {
+ test {
+ sql """
+ select * from query('catalog' = '${catalog_name}',
'query' = 'select * from doris_test.all_types');
+ """
+ exception "denied"
+ }
+ }
+ sql """grant select_priv on ${catalog_name}.*.* to ${dorisuser}"""
+ connect(user=dorisuser, password="${dorispwd}",
url=context.config.jdbcUrl) {
+ sql """
+ select * from query('catalog' = '${catalog_name}', 'query' =
'select * from doris_test.all_types');
+ """
+ }
+ try_sql("DROP USER ${dorisuser}")
+ sql """drop catalog if exists ${catalog_name} """
+ }
+}
+
diff --git a/regression-test/suites/auth_p0/test_select_count_auth.groovy
b/regression-test/suites/auth_p0/test_select_count_auth.groovy
new file mode 100644
index 00000000000..ccea1a4a580
--- /dev/null
+++ b/regression-test/suites/auth_p0/test_select_count_auth.groovy
@@ -0,0 +1,93 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+import org.junit.Assert;
+
+suite("test_select_count_auth","p0,auth") {
+ String suiteName = "test_select_count_auth"
+ String user = "${suiteName}_user"
+ String pwd = 'C123_567p'
+ try_sql("DROP USER ${user}")
+ sql """CREATE USER '${user}' IDENTIFIED BY '${pwd}'"""
+
+ //cloud-mode
+ if (isCloudMode()) {
+ def clusters = sql " SHOW CLUSTERS; "
+ assertTrue(!clusters.isEmpty())
+ def validCluster = clusters[0][0]
+ sql """GRANT USAGE_PRIV ON CLUSTER ${validCluster} TO ${user}""";
+ }
+
+ sql """grant select_priv on regression_test to ${user}"""
+
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ test {
+ sql """
+ select count(*) from __internal_schema.audit_log;
+ """
+ exception "denied"
+ }
+ test {
+ sql """
+ select count(1) from __internal_schema.audit_log;
+ """
+ exception "denied"
+ }
+ test {
+ sql """
+ select count(query_id) from __internal_schema.audit_log;
+ """
+ exception "denied"
+ }
+ }
+
+ sql """grant select_priv(query_id) on __internal_schema.audit_log to
${user}"""
+
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ test {
+ sql """
+ select count(*) from __internal_schema.audit_log;
+ """
+ exception "denied"
+ }
+ test {
+ sql """
+ select count(1) from __internal_schema.audit_log;
+ """
+ exception "denied"
+ }
+ sql """
+ select count(query_id) from __internal_schema.audit_log;
+ """
+ }
+
+ sql """grant select_priv on __internal_schema.audit_log to ${user}"""
+
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ sql """
+ select count(*) from __internal_schema.audit_log;
+ """
+ sql """
+ select count(1) from __internal_schema.audit_log;
+ """
+ sql """
+ select count(query_id) from __internal_schema.audit_log;
+ """
+ }
+
+ try_sql("DROP USER ${user}")
+}
diff --git
a/regression-test/suites/external_table_p2/tvf/test_iceberg_meta.groovy
b/regression-test/suites/external_table_p2/tvf/test_iceberg_meta.groovy
index 047b4a36fe2..557eaf5b061 100644
--- a/regression-test/suites/external_table_p2/tvf/test_iceberg_meta.groovy
+++ b/regression-test/suites/external_table_p2/tvf/test_iceberg_meta.groovy
@@ -16,7 +16,7 @@
// under the License.
suite("test_iceberg_meta",
"p2,external,iceberg,external_remote,external_remote_iceberg") {
-
+ String suiteName = "test_iceberg_meta"
Boolean ignoreP2 = true;
if (ignoreP2) {
logger.info("disable p2 test");
@@ -54,5 +54,37 @@ suite("test_iceberg_meta",
"p2,external,iceberg,external_remote,external_remote_
"query_type" = "snapshots")
where snapshot_id = 7235593032487457798;
"""
+ String user = "${suiteName}_user"
+ String pwd = 'C123_567p'
+ try_sql("DROP USER ${user}")
+ sql """CREATE USER '${user}' IDENTIFIED BY '${pwd}'"""
+ //cloud-mode
+ if (isCloudMode()) {
+ def clusters = sql " SHOW CLUSTERS; "
+ assertTrue(!clusters.isEmpty())
+ def validCluster = clusters[0][0]
+ sql """GRANT USAGE_PRIV ON CLUSTER ${validCluster} TO ${user}""";
+ }
+
+ sql """grant select_priv on regression_test to ${user}"""
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ test {
+ sql """
+ select committed_at, snapshot_id, parent_id, operation
from iceberg_meta(
+ "table" =
"${iceberg_catalog_name}.${db}.multi_partition",
+ "query_type" = "snapshots");
+ """
+ exception "denied"
+ }
+ }
+ sql """grant select_priv on
${iceberg_catalog_name}.${db}.multi_partition to ${user}"""
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ sql """
+ select committed_at, snapshot_id, parent_id, operation from
iceberg_meta(
+ "table" =
"${iceberg_catalog_name}.${db}.multi_partition",
+ "query_type" = "snapshots");
+ """
+ }
+ try_sql("DROP USER ${user}")
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
