user_control.py 28.1 KB
Newer Older
C
cpwu 已提交
1
from tabnanny import check
C
cpwu 已提交
2
import taos
C
cpwu 已提交
3
import time
C
cpwu 已提交
4
import inspect
C
cpwu 已提交
5
import traceback
C
cpwu 已提交
6
from dataclasses  import dataclass
C
cpwu 已提交
7 8 9 10

from util.log import *
from util.sql import *
from util.cases import *
C
cpwu 已提交
11
from util.dnodes import *
C
cpwu 已提交
12 13 14 15 16

PRIVILEGES_ALL      = "ALL"
PRIVILEGES_READ     = "READ"
PRIVILEGES_WRITE    = "WRITE"

C
cpwu 已提交
17 18 19 20
WEIGHT_ALL      = 5
WEIGHT_READ     = 2
WEIGHT_WRITE    = 3

C
cpwu 已提交
21 22 23 24 25 26 27 28 29 30 31 32 33 34
PRIMARY_COL = "ts"

INT_COL     = "c1"
BINT_COL    = "c2"
SINT_COL    = "c3"
TINT_COL    = "c4"
FLOAT_COL   = "c5"
DOUBLE_COL  = "c6"
BOOL_COL    = "c7"

BINARY_COL  = "c8"
NCHAR_COL   = "c9"
TS_COL      = "c10"

C
cpwu 已提交
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62
class TDconnect:
    def __init__(self,
                 host       = None,
                 port       = None,
                 user       = None,
                 password   = None,
                 database   = None,
                 config     = None,
        ) -> None:
        self._conn      = None
        self._host      = host
        self._user      = user
        self._password  = password
        self._database  = database
        self._port      = port
        self._config    = config

    def __enter__(self):
        self._conn = taos.connect(
            host    =self._host,
            port    =self._port,
            user    =self._user,
            password=self._password,
            database=self._database,
            config  =self._config
        )

        self.cursor = self._conn.cursor()
C
cpwu 已提交
63
        return self
C
cpwu 已提交
64

C
cpwu 已提交
65 66 67 68 69 70
    def error(self, sql):
        expectErrNotOccured = True
        try:
            self.cursor.execute(sql)
        except BaseException:
            expectErrNotOccured = False
C
cpwu 已提交
71

C
cpwu 已提交
72 73
        if expectErrNotOccured:
            caller = inspect.getframeinfo(inspect.stack()[1][0])
C
cpwu 已提交
74
            tdLog.exit(f"{caller.filename}({caller.lineno}) failed: sql:{sql}, expect error not occured" )
C
cpwu 已提交
75 76 77 78 79
        else:
            self.queryRows = 0
            self.queryCols = 0
            self.queryResult = None
            tdLog.info(f"sql:{sql}, expect error occured")
C
cpwu 已提交
80

C
cpwu 已提交
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97
    def query(self, sql, row_tag=None):
        # sourcery skip: raise-from-previous-error, raise-specific-error
        self.sql = sql
        try:
            self.cursor.execute(sql)
            self.queryResult = self.cursor.fetchall()
            self.queryRows = len(self.queryResult)
            self.queryCols = len(self.cursor.description)
        except Exception as e:
            caller = inspect.getframeinfo(inspect.stack()[1][0])
            tdLog.notice(f"{caller.filename}({caller.lineno}) failed: sql:{sql}, {repr(e)}")
            traceback.print_exc()
            raise Exception(repr(e))
        if row_tag:
            return self.queryResult
        return self.queryRows

C
cpwu 已提交
98 99 100 101 102
    def __exit__(self, types, values, trace):
        if self._conn:
            self.cursor.close()
            self._conn.close()

C
cpwu 已提交
103

C
cpwu 已提交
104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120
def taos_connect(
    host    = "127.0.0.1",
    port    = 6030,
    user    = "root",
    passwd  = "taosdata",
    database= None,
    config  = None
):
    return TDconnect(
        host = host,
        port=port,
        user=user,
        password=passwd,
        database=database,
        config=config
    )

C
cpwu 已提交
121 122 123 124 125

@dataclass
class User:
    name        : str   = None
    passwd      : str   = None
C
cpwu 已提交
126
    db_set      : set   = None
C
cpwu 已提交
127 128 129
    priv        : str   = None
    priv_weight : int   = 0

C
cpwu 已提交
130 131 132 133 134 135
class TDTestCase:

    def init(self, conn, logSql):
        tdLog.debug(f"start to excute {__file__}")
        tdSql.init(conn.cursor())

C
cpwu 已提交
136 137 138 139
    @property
    def __user_list(self):
        return  [f"user_test{i}" for i in range(self.users_count) ]

C
cpwu 已提交
140 141 142 143
    def __users(self):
        self.users = []
        self.root_user = User()
        self.root_user.name = "root"
C
cpwu 已提交
144
        self.root_user.passwd = "taosdata"
C
cpwu 已提交
145
        self.root_user.db_set = set("*")
C
cpwu 已提交
146 147 148 149 150 151
        self.root_user.priv = PRIVILEGES_ALL
        self.root_user.priv_weight = WEIGHT_ALL
        for i in range(self.users_count):
            user = User()
            user.name = f"user_test{i}"
            user.passwd = f"taosdata{i}"
C
cpwu 已提交
152
            user.db_set = set()
C
cpwu 已提交
153 154 155
            self.users.append(user)
        return self.users

C
cpwu 已提交
156 157 158 159 160 161 162 163 164 165 166 167
    @property
    def __passwd_list(self):
        return  [f"taosdata{i}" for i in range(self.users_count) ]

    @property
    def __privilege(self):
        return [ PRIVILEGES_ALL, PRIVILEGES_READ, PRIVILEGES_WRITE ]

    def __priv_level(self, dbname=None):
        return f"{dbname}.*" if dbname else "*.*"


C
cpwu 已提交
168
    def create_user_current(self):
C
cpwu 已提交
169 170
        users  = self.__user_list
        passwds = self.__passwd_list
C
cpwu 已提交
171
        for i in range(self.users_count):
C
cpwu 已提交
172
            tdSql.execute(f"create user {users[i]} pass '{passwds[i]}' ")
C
cpwu 已提交
173

C
cpwu 已提交
174 175
        tdSql.query("show users")
        tdSql.checkRows(self.users_count + 1)
C
cpwu 已提交
176

C
cpwu 已提交
177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193
    def create_user_err(self):
        sqls = [
            "create users u1 pass 'u1passwd' ",
            "create user '' pass 'u1passwd' ",
            "create user  pass 'u1passwd' ",
            "create user u1 pass u1passwd ",
            "create user u1 password 'u1passwd' ",
            "create user u1 pass u1passwd ",
            "create user u1 pass '' ",
            "create user u1 pass '   ' ",
            "create user u1 pass  ",
            "create user u1 u2 pass 'u1passwd' 'u2passwd' ",
            "create user u1 u2 pass 'u1passwd', 'u2passwd' ",
            "create user u1, u2 pass 'u1passwd', 'u2passwd' ",
            "create user u1, u2 pass 'u1passwd'  'u2passwd' ",
            # length of user_name must <= 23
            "create user u12345678901234567890123 pass 'u1passwd' " ,
C
cpwu 已提交
194 195
            # length of passwd must <= 128
            "create user u1 pass 'u12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678' " ,
C
cpwu 已提交
196 197 198 199 200 201 202 203 204 205 206 207 208 209
            # password must have not " ' ~ ` \
            "create user u1 pass 'u1passwd\\' " ,
            "create user u1 pass 'u1passwd~' " ,
            "create user u1 pass 'u1passwd\"' " ,
            "create user u1 pass 'u1passwd\'' " ,
            "create user u1 pass 'u1passwd`' " ,
            # must after create a user named u1
            "create user u1 pass 'u1passwd' " ,
        ]

        tdSql.execute("create user u1 pass 'u1passwd' ")
        for sql in sqls:
            tdSql.error(sql)

C
cpwu 已提交
210 211
        tdSql.execute("DROP USER u1")

C
cpwu 已提交
212 213
    def __alter_pass_sql(self, user, passwd):
        return f'''ALTER USER {user} PASS '{passwd}' '''
C
cpwu 已提交
214 215 216

    def alter_pass_current(self):
        self.__init_pass = True
C
cpwu 已提交
217
        for count, i in enumerate(range(self.users_count)):
C
cpwu 已提交
218 219
            if self.__init_pass:
                tdSql.query(self.__alter_pass_sql(self.__user_list[i], f"new{self.__passwd_list[i]}"))
C
cpwu 已提交
220
                self.__init_pass = count != self.users_count - 1
C
cpwu 已提交
221 222
            else:
                tdSql.query(self.__alter_pass_sql(self.__user_list[i], self.__passwd_list[i] ) )
C
cpwu 已提交
223
                self.__init_pass = count == self.users_count - 1
C
cpwu 已提交
224

C
cpwu 已提交
225
    def alter_pass_err(self):  # sourcery skip: remove-redundant-fstring
C
cpwu 已提交
226
        sqls = [
C
cpwu 已提交
227 228 229 230 231 232
            f"alter users {self.__user_list[0]} pass 'newpass' " ,
            f"alter user {self.__user_list[0]} pass '' " ,
            f"alter user {self.__user_list[0]} pass '  ' " ,
            f"alter user anyuser pass 'newpass' " ,
            f"alter user {self.__user_list[0]} pass  " ,
            f"alter user {self.__user_list[0]} password 'newpass'  " ,
C
cpwu 已提交
233 234 235 236
        ]
        for sql in sqls:
            tdSql.error(sql)

C
cpwu 已提交
237
    def __grant_user_privileges(self, privilege,  dbname=None, user_name="root"):
C
cpwu 已提交
238 239
        return f"GRANT {privilege} ON {self.__priv_level(dbname)} TO {user_name} "

C
cpwu 已提交
240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295
    def __revoke_user_privileges(self, privilege,  dbname=None, user_name="root"):
        return f"REVOKE {privilege} ON {self.__priv_level(dbname)} FROM {user_name} "

    def __user_check(self, user:User=None, check_priv=PRIVILEGES_ALL):
        if user is None:
            user = self.root_user
        with taos_connect(user=user.name, passwd=user.passwd) as use:
            use.query("use db")
            use.query("show tables")
            if check_priv == PRIVILEGES_ALL:
                use.query("select * from ct1")
                use.query("insert into t1 (ts) values (now())")
            elif check_priv == PRIVILEGES_READ:
                use.query("select * from ct1")
                use.error("insert into t1 (ts) values (now())")
            elif check_priv == PRIVILEGES_WRITE:
                use.error("select * from ct1")
                use.query("insert into t1 (ts) values (now())")
            elif check_priv is None:
                use.error("select * from ct1")
                use.error("insert into t1 (ts) values (now())")

    def __change_user_priv(self, user: User, pre_priv, invoke=False):
        if user.priv == pre_priv and invoke :
            return
        if pre_priv.upper() == PRIVILEGES_ALL:
            pre_weight = -5 if invoke else 5
        elif pre_priv.upper() == PRIVILEGES_READ:
            pre_weight = -2 if invoke else 2
        elif pre_priv.upper() == PRIVILEGES_WRITE:
            pre_weight = -3 if invoke else 3
        else:
            return
        pre_weight += user.priv_weight

        if pre_weight >= 5:
            user.priv = PRIVILEGES_ALL
            user.priv_weight = 5
        elif pre_weight == 3:
            user.priv = PRIVILEGES_WRITE
            user.priv_weight = pre_weight
        elif pre_weight == 2:
            user.priv_weight = pre_weight
            user.priv = PRIVILEGES_READ
        elif pre_weight in [1, -1]:
            return
        elif pre_weight <= 0:
            user.priv_weight = 0
            user.priv = ""

        return user

    def grant_user(self, user: User = None, priv=PRIVILEGES_ALL, dbname=None):
        if not user:
            user = self.root_user
        sql = self.__grant_user_privileges(privilege=priv, dbname=dbname, user_name=user.name)
C
cpwu 已提交
296
        tdLog.info(sql)
C
cpwu 已提交
297
        if (user not in self.users and user.name != "root") or priv not in (PRIVILEGES_ALL, PRIVILEGES_READ, PRIVILEGES_WRITE):
C
cpwu 已提交
298
            tdSql.error(sql)
C
cpwu 已提交
299
        tdSql.query(sql)
C
cpwu 已提交
300
        self.__change_user_priv(user=user, pre_priv=priv)
C
cpwu 已提交
301
        user.db_set.add(dbname)
C
cpwu 已提交
302
        time.sleep(2)
C
cpwu 已提交
303

C
cpwu 已提交
304 305
    def revoke_user(self, user: User = None, priv=PRIVILEGES_ALL, dbname=None):
        sql = self.__revoke_user_privileges(privilege=priv, dbname=dbname, user_name=user.name)
C
cpwu 已提交
306
        tdLog.info(sql)
C
cpwu 已提交
307
        if user is None or priv not in (PRIVILEGES_ALL, PRIVILEGES_READ, PRIVILEGES_WRITE):
C
cpwu 已提交
308
            tdSql.error(sql)
C
cpwu 已提交
309
        tdSql.query(sql)
C
cpwu 已提交
310 311 312 313 314 315 316 317
        if user.name == "root":
            return
        self.__change_user_priv(user=user, pre_priv=priv, invoke=True)
        user.db_set.remove(dbname)
        time.sleep(2)

    def test_priv_change_current(self):
        tdLog.printNoPrefix("==========step 1.0: if do not grant, can not read/write")
C
cpwu 已提交
318
        self.__user_check(user=self.root_user)
C
cpwu 已提交
319 320 321 322 323 324 325 326 327
        self.__user_check(user=self.users[0], check_priv=None)

        tdLog.printNoPrefix("==========step 1.1: grant read, can read, can not write")
        self.grant_user(user=self.users[0], priv=PRIVILEGES_READ)
        self.__user_check(user=self.users[0], check_priv=PRIVILEGES_READ)

        tdLog.printNoPrefix("==========step 1.2: grant write, can write")
        self.grant_user(user=self.users[1], priv=PRIVILEGES_WRITE)
        self.__user_check(user=self.users[1], check_priv=PRIVILEGES_WRITE)
C
cpwu 已提交
328 329

        tdLog.printNoPrefix("==========step 1.3: grant all, can write and read")
C
cpwu 已提交
330 331
        self.grant_user(user=self.users[2])
        self.__user_check(user=self.users[2], check_priv=PRIVILEGES_ALL)
C
cpwu 已提交
332

C
cpwu 已提交
333 334 335
        tdLog.printNoPrefix("==========step 1.4:  grant read to write = all ")
        self.grant_user(user=self.users[0], priv=PRIVILEGES_WRITE)
        self.__user_check(user=self.users[0], check_priv=PRIVILEGES_ALL)
C
cpwu 已提交
336

C
cpwu 已提交
337
        tdLog.printNoPrefix("==========step 1.5:  revoke write from all = read ")
C
cpwu 已提交
338 339
        self.revoke_user(user=self.users[0], priv=PRIVILEGES_WRITE)
        self.__user_check(user=self.users[0], check_priv=PRIVILEGES_READ)
C
cpwu 已提交
340

C
cpwu 已提交
341
        tdLog.printNoPrefix("==========step 1.6: grant write to read = all")
C
cpwu 已提交
342 343
        self.grant_user(user=self.users[1], priv=PRIVILEGES_READ)
        self.__user_check(user=self.users[1], check_priv=PRIVILEGES_ALL)
C
cpwu 已提交
344

C
cpwu 已提交
345
        tdLog.printNoPrefix("==========step 1.7:  revoke read from all = write ")
C
cpwu 已提交
346 347
        self.revoke_user(user=self.users[1], priv=PRIVILEGES_READ)
        self.__user_check(user=self.users[1], check_priv=PRIVILEGES_WRITE)
C
cpwu 已提交
348

C
cpwu 已提交
349
        tdLog.printNoPrefix("==========step 1.8: grant read to all = all")
C
cpwu 已提交
350 351
        self.grant_user(user=self.users[0], priv=PRIVILEGES_ALL)
        self.__user_check(user=self.users[0], check_priv=PRIVILEGES_ALL)
C
cpwu 已提交
352

C
cpwu 已提交
353
        tdLog.printNoPrefix("==========step 1.9: grant write to all = all")
C
cpwu 已提交
354 355 356
        self.grant_user(user=self.users[1], priv=PRIVILEGES_ALL)
        self.__user_check(user=self.users[1], check_priv=PRIVILEGES_ALL)

C
cpwu 已提交
357
        tdLog.printNoPrefix("==========step 1.10: grant all to read = all")
C
cpwu 已提交
358 359 360
        self.grant_user(user=self.users[0], priv=PRIVILEGES_READ)
        self.__user_check(user=self.users[0], check_priv=PRIVILEGES_ALL)

C
cpwu 已提交
361
        tdLog.printNoPrefix("==========step 1.11: grant all to write = all")
C
cpwu 已提交
362 363 364 365 366 367 368
        self.grant_user(user=self.users[1], priv=PRIVILEGES_WRITE)
        self.__user_check(user=self.users[1], check_priv=PRIVILEGES_ALL)

        ### init user
        self.revoke_user(user=self.users[0], priv=PRIVILEGES_WRITE)
        self.revoke_user(user=self.users[1], priv=PRIVILEGES_READ)

C
cpwu 已提交
369
        tdLog.printNoPrefix("==========step 1.12: revoke read from write = no change")
C
cpwu 已提交
370 371 372
        self.revoke_user(user=self.users[1], priv=PRIVILEGES_READ)
        self.__user_check(user=self.users[1], check_priv=PRIVILEGES_WRITE)

C
cpwu 已提交
373
        tdLog.printNoPrefix("==========step 1.13: revoke write from read = no change")
C
cpwu 已提交
374 375 376
        self.revoke_user(user=self.users[0], priv=PRIVILEGES_WRITE)
        self.__user_check(user=self.users[0], check_priv=PRIVILEGES_READ)

C
cpwu 已提交
377
        tdLog.printNoPrefix("==========step 1.14: revoke read from read = nothing")
C
cpwu 已提交
378 379 380
        self.revoke_user(user=self.users[0], priv=PRIVILEGES_READ)
        self.__user_check(user=self.users[0], check_priv=None)

C
cpwu 已提交
381
        tdLog.printNoPrefix("==========step 1.15: revoke write from write = nothing")
C
cpwu 已提交
382 383 384 385 386 387 388
        self.revoke_user(user=self.users[1], priv=PRIVILEGES_WRITE)
        self.__user_check(user=self.users[1], check_priv=None)

        ### init user
        self.grant_user(user=self.users[0], priv=PRIVILEGES_READ)
        self.revoke_user(user=self.users[1], priv=PRIVILEGES_WRITE)

C
cpwu 已提交
389
        tdLog.printNoPrefix("==========step 1.16: revoke all from write = nothing")
C
cpwu 已提交
390 391 392
        self.revoke_user(user=self.users[1], priv=PRIVILEGES_ALL)
        self.__user_check(user=self.users[1], check_priv=None)

C
cpwu 已提交
393
        tdLog.printNoPrefix("==========step 1.17: revoke all from read = nothing")
C
cpwu 已提交
394 395 396
        self.revoke_user(user=self.users[0], priv=PRIVILEGES_ALL)
        self.__user_check(user=self.users[0], check_priv=None)

C
cpwu 已提交
397
        tdLog.printNoPrefix("==========step 1.18: revoke all from all = nothing")
C
cpwu 已提交
398 399
        self.revoke_user(user=self.users[2], priv=PRIVILEGES_ALL)
        self.__user_check(user=self.users[2], check_priv=None)
C
cpwu 已提交
400 401 402 403 404 405 406 407 408 409 410 411 412

    def __grant_err(self):
        return [
            self.__grant_user_privileges(privilege=self.__privilege[0], user_name="") ,
            self.__grant_user_privileges(privilege=self.__privilege[0], user_name="*") ,
            self.__grant_user_privileges(privilege=self.__privilege[1], dbname="not_exist_db", user_name=self.__user_list[0]),
            self.__grant_user_privileges(privilege="any_priv", user_name=self.__user_list[0]),
            self.__grant_user_privileges(privilege="", dbname="db", user_name=self.__user_list[0]) ,
            self.__grant_user_privileges(privilege=" ".join(self.__privilege), user_name=self.__user_list[0]) ,
            f"GRANT {self.__privilege[0]} ON * TO {self.__user_list[0]}" ,
            f"GRANT {self.__privilege[0]} ON db.t1 TO {self.__user_list[0]}" ,
        ]

C
cpwu 已提交
413 414 415 416 417 418 419 420 421 422 423 424
    def __revoke_err(self):
        return [
            self.__revoke_user_privileges(privilege=self.__privilege[0], user_name="") ,
            self.__revoke_user_privileges(privilege=self.__privilege[0], user_name="*") ,
            self.__revoke_user_privileges(privilege=self.__privilege[1], dbname="not_exist_db", user_name=self.__user_list[0]),
            self.__revoke_user_privileges(privilege="any_priv", user_name=self.__user_list[0]),
            self.__revoke_user_privileges(privilege="", dbname="db", user_name=self.__user_list[0]) ,
            self.__revoke_user_privileges(privilege=" ".join(self.__privilege), user_name=self.__user_list[0]) ,
            f"REVOKE {self.__privilege[0]} ON * FROM {self.__user_list[0]}" ,
            f"REVOKE {self.__privilege[0]} ON db.t1 FROM {self.__user_list[0]}" ,
        ]

C
cpwu 已提交
425 426 427 428
    def test_grant_err(self):
        for sql in self.__grant_err():
            tdSql.error(sql)

C
cpwu 已提交
429 430 431 432 433
    def test_revoke_err(self):
        for sql in self.__revoke_err():
            tdSql.error(sql)

    def test_change_priv(self):
C
cpwu 已提交
434
        self.test_grant_err()
C
cpwu 已提交
435 436
        self.test_revoke_err()
        self.test_priv_change_current()
C
cpwu 已提交
437

C
cpwu 已提交
438 439 440
    def test_user_create(self):
        self.create_user_current()
        self.create_user_err()
C
cpwu 已提交
441

C
cpwu 已提交
442 443 444 445 446 447 448
    def test_alter_pass(self):
        self.alter_pass_current()
        self.alter_pass_err()

    def user_login(self, user, passwd):
        login_except = False
        try:
C
cpwu 已提交
449
            with taos_connect(user=user, passwd=passwd) as conn:
C
cpwu 已提交
450
                cursor = conn.cursor
C
cpwu 已提交
451 452 453 454 455 456 457 458
        except BaseException:
            login_except = True
            cursor = None
        return login_except, cursor

    def login_currrent(self, user, passwd):
        login_except, _ = self.user_login(user, passwd)
        if login_except:
C
cpwu 已提交
459
            tdLog.exit(f"connect failed, user: {user} and pass: {passwd} do not match!")
C
cpwu 已提交
460 461 462
        else:
            tdLog.info("connect successfully, user and pass matched!")

C
cpwu 已提交
463 464 465 466
    def login_err(self, user, passwd):
        login_except, _ = self.user_login(user, passwd)
        if login_except:
            tdLog.info("connect failed, except error occured!")
C
cpwu 已提交
467 468
        else:
            tdLog.exit("connect successfully, except error not occrued!")
C
cpwu 已提交
469

C
cpwu 已提交
470 471 472 473 474 475 476 477 478 479 480 481 482 483
    def __drop_user(self, user):
        return f"DROP USER {user}"

    def drop_user_current(self):
        for user in self.__user_list:
            tdSql.query(self.__drop_user(user))

    def drop_user_error(self):
        sqls = [
            f"DROP {self.__user_list[0]}",
            f"DROP user {self.__user_list[0]}  {self.__user_list[1]}",
            f"DROP user {self.__user_list[0]} , {self.__user_list[1]}",
            f"DROP users {self.__user_list[0]}  {self.__user_list[1]}",
            f"DROP users {self.__user_list[0]} , {self.__user_list[1]}",
C
cpwu 已提交
484
            # "DROP user root",
C
cpwu 已提交
485 486 487 488 489 490
            "DROP user abcde",
            "DROP user ALL",
        ]

        for sql in sqls:
            tdSql.error(sql)
C
cpwu 已提交
491

C
cpwu 已提交
492 493 494 495
    def test_drop_user(self):
        # must drop err first
        self.drop_user_error()
        self.drop_user_current()
C
cpwu 已提交
496

C
cpwu 已提交
497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592
    def __create_tb(self):

        tdLog.printNoPrefix("==========step1:create table")
        create_stb_sql  =  f'''create table stb1(
                ts timestamp, {INT_COL} int, {BINT_COL} bigint, {SINT_COL} smallint, {TINT_COL} tinyint,
                 {FLOAT_COL} float, {DOUBLE_COL} double, {BOOL_COL} bool,
                 {BINARY_COL} binary(16), {NCHAR_COL} nchar(32), {TS_COL} timestamp
            ) tags (t1 int)
            '''
        create_ntb_sql = f'''create table t1(
                ts timestamp, {INT_COL} int, {BINT_COL} bigint, {SINT_COL} smallint, {TINT_COL} tinyint,
                 {FLOAT_COL} float, {DOUBLE_COL} double, {BOOL_COL} bool,
                 {BINARY_COL} binary(16), {NCHAR_COL} nchar(32), {TS_COL} timestamp
            )
            '''
        tdSql.execute(create_stb_sql)
        tdSql.execute(create_ntb_sql)

        for i in range(4):
            tdSql.execute(f'create table ct{i+1} using stb1 tags ( {i+1} )')
            { i % 32767 }, { i % 127}, { i * 1.11111 }, { i * 1000.1111 }, { i % 2}

    def __insert_data(self, rows):
        now_time = int(datetime.datetime.timestamp(datetime.datetime.now()) * 1000)
        for i in range(rows):
            tdSql.execute(
                f"insert into ct1 values ( { now_time - i * 1000 }, {i}, {11111 * i}, {111 * i % 32767 }, {11 * i % 127}, {1.11*i}, {1100.0011*i}, {i%2}, 'binary{i}', 'nchar_测试_{i}', { now_time + 1 * i } )"
            )
            tdSql.execute(
                f"insert into ct4 values ( { now_time - i * 7776000000 }, {i}, {11111 * i}, {111 * i % 32767 }, {11 * i % 127}, {1.11*i}, {1100.0011*i}, {i%2}, 'binary{i}', 'nchar_测试_{i}', { now_time + 1 * i } )"
            )
            tdSql.execute(
                f"insert into ct2 values ( { now_time - i * 7776000000 }, {-i},  {-11111 * i}, {-111 * i % 32767 }, {-11 * i % 127}, {-1.11*i}, {-1100.0011*i}, {i%2}, 'binary{i}', 'nchar_测试_{i}', { now_time + 1 * i } )"
            )
        tdSql.execute(
            f'''insert into ct1 values
            ( { now_time - rows * 5 }, 0, 0, 0, 0, 0, 0, 0, 'binary0', 'nchar_测试_0', { now_time + 8 } )
            ( { now_time + 10000 }, { rows }, -99999, -999, -99, -9.99, -99.99, 1, 'binary9', 'nchar_测试_9', { now_time + 9 } )
            '''
        )

        tdSql.execute(
            f'''insert into ct4 values
            ( { now_time - rows * 7776000000 }, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL )
            ( { now_time - rows * 3888000000 + 10800000 }, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL )
            ( { now_time +  7776000000 }, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL )
            (
                { now_time + 5184000000}, {pow(2,31)-pow(2,15)}, {pow(2,63)-pow(2,30)}, 32767, 127,
                { 3.3 * pow(10,38) }, { 1.3 * pow(10,308) }, { rows % 2 }, "binary_limit-1", "nchar_测试_limit-1", { now_time - 86400000}
                )
            (
                { now_time + 2592000000 }, {pow(2,31)-pow(2,16)}, {pow(2,63)-pow(2,31)}, 32766, 126,
                { 3.2 * pow(10,38) }, { 1.2 * pow(10,308) }, { (rows-1) % 2 }, "binary_limit-2", "nchar_测试_limit-2", { now_time - 172800000}
                )
            '''
        )

        tdSql.execute(
            f'''insert into ct2 values
            ( { now_time - rows * 7776000000 }, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL )
            ( { now_time - rows * 3888000000 + 10800000 }, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL )
            ( { now_time + 7776000000 }, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL )
            (
                { now_time + 5184000000 }, { -1 * pow(2,31) + pow(2,15) }, { -1 * pow(2,63) + pow(2,30) }, -32766, -126,
                { -1 * 3.2 * pow(10,38) }, { -1.2 * pow(10,308) }, { rows % 2 }, "binary_limit-1", "nchar_测试_limit-1", { now_time - 86400000 }
                )
            (
                { now_time + 2592000000 }, { -1 * pow(2,31) + pow(2,16) }, { -1 * pow(2,63) + pow(2,31) }, -32767, -127,
                { - 3.3 * pow(10,38) }, { -1.3 * pow(10,308) }, { (rows-1) % 2 }, "binary_limit-2", "nchar_测试_limit-2", { now_time - 172800000 }
                )
            '''
        )

        for i in range(rows):
            insert_data = f'''insert into t1 values
                ( { now_time - i * 3600000 }, {i}, {i * 11111}, { i % 32767 }, { i % 127}, { i * 1.11111 }, { i * 1000.1111 }, { i % 2},
                "binary_{i}", "nchar_测试_{i}", { now_time - 1000 * i } )
                '''
            tdSql.execute(insert_data)
        tdSql.execute(
            f'''insert into t1 values
            ( { now_time + 10800000 }, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL )
            ( { now_time - (( rows // 2 ) * 60 + 30) * 60000 }, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL )
            ( { now_time - rows * 3600000 }, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL )
            ( { now_time + 7200000 }, { pow(2,31) - pow(2,15) }, { pow(2,63) - pow(2,30) }, 32767, 127,
                { 3.3 * pow(10,38) }, { 1.3 * pow(10,308) }, { rows % 2 },
                "binary_limit-1", "nchar_测试_limit-1", { now_time - 86400000 }
                )
            (
                { now_time + 3600000 } , { pow(2,31) - pow(2,16) }, { pow(2,63) - pow(2,31) }, 32766, 126,
                { 3.2 * pow(10,38) }, { 1.2 * pow(10,308) }, { (rows-1) % 2 },
                "binary_limit-2", "nchar_测试_limit-2", { now_time - 172800000 }
                )
            '''
        )

C
cpwu 已提交
593
    def run(self):
C
cpwu 已提交
594 595 596
        tdSql.prepare()
        self.__create_tb()
        self.rows = 10
C
cpwu 已提交
597
        self.users_count = 5
C
cpwu 已提交
598
        self.__insert_data(self.rows)
C
cpwu 已提交
599
        self.users = self.__users()
C
cpwu 已提交
600 601 602

        tdDnodes.stop(1)
        tdDnodes.start(1)
C
cpwu 已提交
603 604 605 606 607 608 609 610 611 612 613 614 615 616 617

        # 默认只有 root 用户
        tdLog.printNoPrefix("==========step0: init, user list only has root account")
        tdSql.query("show users")
        tdSql.checkData(0, 0, "root")
        tdSql.checkData(0, 1, "super")

        # root用户权限
        # 创建用户测试
        tdLog.printNoPrefix("==========step1: create user test")
        self.test_user_create()

        # 查看用户
        tdLog.printNoPrefix("==========step2: show user test")
        tdSql.query("show users")
C
cpwu 已提交
618
        tdSql.checkRows(self.users_count + 1)
C
cpwu 已提交
619

C
cpwu 已提交
620 621 622 623
        # 密码登录认证
        self.login_currrent(self.__user_list[0], self.__passwd_list[0])
        self.login_err(self.__user_list[0], f"new{self.__passwd_list[0]}")

C
cpwu 已提交
624
        # 用户权限设置
C
cpwu 已提交
625
        self.test_change_priv()
C
cpwu 已提交
626

C
cpwu 已提交
627
        # 修改密码
C
cpwu 已提交
628 629 630
        tdLog.printNoPrefix("==========step3: alter user pass test")
        self.test_alter_pass()

C
cpwu 已提交
631
        # 密码修改后的登录认证
C
cpwu 已提交
632
        tdLog.printNoPrefix("==========step4: check login test")
C
cpwu 已提交
633
        self.login_err(self.__user_list[0], self.__passwd_list[0])
C
cpwu 已提交
634
        self.login_currrent(self.__user_list[0], f"new{self.__passwd_list[0]}")
C
cpwu 已提交
635

C
cpwu 已提交
636 637 638
        tdDnodes.stop(1)
        tdDnodes.start(1)

C
cpwu 已提交
639
        tdSql.query("show users")
C
cpwu 已提交
640
        tdSql.checkRows(self.users_count + 1)
C
cpwu 已提交
641

C
cpwu 已提交
642
        # 普通用户权限
C
cpwu 已提交
643
        # 密码登录
C
cpwu 已提交
644
        # _, user = self.user_login(self.__user_list[0], f"new{self.__passwd_list[0]}")
C
cpwu 已提交
645 646 647 648 649 650 651 652
        with taos_connect(user=self.__user_list[0], passwd=f"new{self.__passwd_list[0]}") as user:
            # user = conn
            # 不能创建用户
            tdLog.printNoPrefix("==========step5: normal user can not create user")
            user.error("create use utest1 pass 'utest1pass'")
            # 可以查看用户
            tdLog.printNoPrefix("==========step6: normal user can show user")
            user.query("show users")
C
cpwu 已提交
653
            assert user.queryRows == self.users_count + 1
C
cpwu 已提交
654 655 656
            # 不可以修改其他用户的密码
            tdLog.printNoPrefix("==========step7: normal user can not alter other user pass")
            user.error(self.__alter_pass_sql(self.__user_list[1], self.__passwd_list[1] ))
C
cpwu 已提交
657
            user.error(self.__alter_pass_sql("root", "taosdata_root" ))
C
cpwu 已提交
658 659 660 661 662 663 664 665
            # 可以修改自己的密码
            tdLog.printNoPrefix("==========step8: normal user can alter owner pass")
            user.query(self.__alter_pass_sql(self.__user_list[0], self.__passwd_list[0]))
            # 不可以删除用户,包括自己
            tdLog.printNoPrefix("==========step9: normal user can not drop any user ")
            user.error(f"drop user {self.__user_list[0]}")
            user.error(f"drop user {self.__user_list[1]}")
            user.error("drop user root")
C
cpwu 已提交
666 667 668 669

        # root删除用户测试
        tdLog.printNoPrefix("==========step10: super user drop normal user")
        self.test_drop_user()
C
cpwu 已提交
670

C
cpwu 已提交
671 672 673 674
        tdSql.query("show users")
        tdSql.checkRows(1)
        tdSql.checkData(0, 0, "root")
        tdSql.checkData(0, 1, "super")
C
cpwu 已提交
675

C
cpwu 已提交
676 677 678 679 680
        tdDnodes.stop(1)
        tdDnodes.start(1)

        # 删除后无法登录
        self.login_err(self.__user_list[0], self.__passwd_list[0])
C
cpwu 已提交
681
        self.login_err(self.__user_list[0], f"new{self.__passwd_list[0]}")
C
cpwu 已提交
682
        self.login_err(self.__user_list[1], self.__passwd_list[1])
C
cpwu 已提交
683
        self.login_err(self.__user_list[1], f"new{self.__passwd_list[1]}")
C
cpwu 已提交
684 685 686 687 688 689

        tdSql.query("show users")
        tdSql.checkRows(1)
        tdSql.checkData(0, 0, "root")
        tdSql.checkData(0, 1, "super")

C
cpwu 已提交
690 691 692 693 694 695 696

    def stop(self):
        tdSql.close()
        tdLog.success(f"{__file__} successfully executed")

tdCases.addLinux(__file__, TDTestCase())
tdCases.addWindows(__file__, TDTestCase())