Merge pull request #12713 from taosdata/cpwu/3.0

Test : add privilege case

Merge pull request #12713 from taosdata/cpwu/3.0
Test : add privilege case
2288428d · Hui Li · GitHub · 944a9c6e · 9840c85d · 2288428d
隐藏空白更改
内联并排

Showing with 214 addition and 5 deletion

tests/system-test/0-others/user_control.py tests/system-test/0-others/user_control.py +212 -4

tests/system-test/fulltest.sh tests/system-test/fulltest.sh +2 -1

未找到文件。
--- a/tests/system-test/0-others/user_control.py
+++ b/tests/system-test/0-others/user_control.py
@@ -8,11 +8,24 @@ from util.sql import *
 from util.cases import *
 from util.dnodes import *

-
 PRIVILEGES_ALL      = "ALL"
 PRIVILEGES_READ     = "READ"
 PRIVILEGES_WRITE    = "WRITE"

+PRIMARY_COL = "ts"
+
+INT_COL     = "c1"
+BINT_COL    = "c2"
+SINT_COL    = "c3"
+TINT_COL    = "c4"
+FLOAT_COL   = "c5"
+DOUBLE_COL  = "c6"
+BOOL_COL    = "c7"
+
+BINARY_COL  = "c8"
+NCHAR_COL   = "c9"
+TS_COL      = "c10"
+
 class TDconnect:
    def __init__(self,
                 host       = None,
@@ -189,10 +202,100 @@ class TDTestCase:
        for sql in sqls:
            tdSql.error(sql)

-
-    def grant_user_privileges(self, privilege,  dbname=None, user_name="root"):
+    def __grant_user_privileges(self, privilege,  dbname=None, user_name="root"):
        return f"GRANT {privilege} ON {self.__priv_level(dbname)} TO {user_name} "

+    def grant_check(self, user="root", passwd="taosdata", priv=PRIVILEGES_ALL):
+        with taos_connect(user=user, passwd=passwd) as user:
+            user.query("use db")
+            user.query("show tables")
+            if priv in [PRIVILEGES_ALL, PRIVILEGES_READ]:
+                user.query("select * from ct1")
+            else:
+                user.error("select * from ct1")
+            if priv in [PRIVILEGES_ALL, PRIVILEGES_WRITE]:
+                user.query("insert into t1 (ts) values (now())")
+            else:
+                user.error("insert into t1 (ts) values (now())")
+
+    def test_grant_current(self):
+        tdLog.printNoPrefix("==========step 1.0: if do not grant, can not read/write")
+        self.grant_check(user=self.__user_list[0], passwd=self.__passwd_list[0], priv=None)
+
+        tdLog.printNoPrefix("==========step 1.1: grant read, can read, can not write")
+        sql = self.__grant_user_privileges(privilege=PRIVILEGES_READ, user_name=self.__user_list[0])
+        tdLog.info(sql)
+        tdSql.query(sql)
+        self.grant_check(user=self.__user_list[0], passwd=self.__passwd_list[0], priv=PRIVILEGES_READ)
+
+        tdLog.printNoPrefix("==========step 1.2: grant write, can write, can not read")
+        sql = self.__grant_user_privileges(privilege=PRIVILEGES_WRITE, user_name=self.__user_list[1])
+        tdLog.info(sql)
+        tdSql.query(sql)
+        self.grant_check(user=self.__user_list[1], passwd=self.__passwd_list[1], priv=PRIVILEGES_WRITE)
+
+        tdLog.printNoPrefix("==========step 1.3: grant all, can write and read")
+        sql = self.__grant_user_privileges(privilege=PRIVILEGES_ALL, user_name=self.__user_list[2])
+        tdLog.info(sql)
+        tdSql.query(sql)
+        self.grant_check(user=self.__user_list[2], passwd=self.__passwd_list[2], priv=PRIVILEGES_ALL)
+
+        tdLog.printNoPrefix("==========step 1.4: change grant read to write, can write , can not read")
+        sql = self.__grant_user_privileges(privilege=PRIVILEGES_WRITE, user_name=self.__user_list[0])
+        tdLog.info(sql)
+        tdSql.query(sql)
+        self.grant_check(user=self.__user_list[0], passwd=self.__passwd_list[0], priv=PRIVILEGES_WRITE)
+
+        tdLog.printNoPrefix("==========step 1.5: change grant write to read, can not write , can read")
+        sql = self.__grant_user_privileges(privilege=PRIVILEGES_READ, user_name=self.__user_list[0])
+        tdLog.info(sql)
+        tdSql.query(sql)
+        self.grant_check(user=self.__user_list[0], passwd=self.__passwd_list[0], priv=PRIVILEGES_READ)
+
+        tdLog.printNoPrefix("==========step 1.6: change grant read to all, can write , can read")
+        sql = self.__grant_user_privileges(privilege=PRIVILEGES_ALL, user_name=self.__user_list[0])
+        tdLog.info(sql)
+        tdSql.query(sql)
+        self.grant_check(user=self.__user_list[0], passwd=self.__passwd_list[0], priv=PRIVILEGES_ALL)
+
+        tdLog.printNoPrefix("==========step 1.7: change grant all to write, can write , can not read")
+        sql = self.__grant_user_privileges(privilege=PRIVILEGES_WRITE, user_name=self.__user_list[0])
+        tdLog.info(sql)
+        tdSql.query(sql)
+        self.grant_check(user=self.__user_list[0], passwd=self.__passwd_list[0], priv=PRIVILEGES_WRITE)
+
+        tdLog.printNoPrefix("==========step 1.8: change grant write to all, can write , can read")
+        sql = self.__grant_user_privileges(privilege=PRIVILEGES_ALL, user_name=self.__user_list[0])
+        tdLog.info(sql)
+        tdSql.query(sql)
+        self.grant_check(user=self.__user_list[0], passwd=self.__passwd_list[0], priv=PRIVILEGES_ALL)
+
+        tdLog.printNoPrefix("==========step 1.9: change grant all to read, can not write , can read")
+        sql = self.__grant_user_privileges(privilege=PRIVILEGES_READ, user_name=self.__user_list[0])
+        tdLog.info(sql)
+        tdSql.query(sql)
+        self.grant_check(user=self.__user_list[0], passwd=self.__passwd_list[0], priv=PRIVILEGES_READ)
+
+    def __grant_err(self):
+        return [
+            self.__grant_user_privileges(privilege=self.__privilege[0], user_name="") ,
+            self.__grant_user_privileges(privilege=self.__privilege[0], user_name="*") ,
+            self.__grant_user_privileges(privilege=self.__privilege[1], dbname="not_exist_db", user_name=self.__user_list[0]),
+            self.__grant_user_privileges(privilege="any_priv", user_name=self.__user_list[0]),
+            self.__grant_user_privileges(privilege="", dbname="db", user_name=self.__user_list[0]) ,
+            self.__grant_user_privileges(privilege=" ".join(self.__privilege), user_name=self.__user_list[0]) ,
+            f"GRANT {self.__privilege[0]} ON * TO {self.__user_list[0]}" ,
+            f"GRANT {self.__privilege[0]} ON db.t1 TO {self.__user_list[0]}" ,
+        ]
+
+    def test_grant_err(self):
+        for sql in self.__grant_err():
+            tdSql.error(sql)
+
+    def test_grant(self):
+        self.test_grant_err()
+        self.test_grant_current()
+
    def test_user_create(self):
        self.create_user_current()
        self.create_user_err()
@@ -218,7 +321,6 @@ class TDTestCase:
        else:
            tdLog.info("connect successfully, user and pass matched!")

-
    def login_err(self, user, passwd):
        login_except, _ = self.user_login(user, passwd)
        if login_except:
@@ -253,7 +355,110 @@ class TDTestCase:
        self.drop_user_error()
        self.drop_user_current()

+    def __create_tb(self):
+
+        tdLog.printNoPrefix("==========step1:create table")
+        create_stb_sql  =  f'''create table stb1(
+                ts timestamp, {INT_COL} int, {BINT_COL} bigint, {SINT_COL} smallint, {TINT_COL} tinyint,
+                 {FLOAT_COL} float, {DOUBLE_COL} double, {BOOL_COL} bool,
+                 {BINARY_COL} binary(16), {NCHAR_COL} nchar(32), {TS_COL} timestamp
+            ) tags (t1 int)
+            '''
+        create_ntb_sql = f'''create table t1(
+                ts timestamp, {INT_COL} int, {BINT_COL} bigint, {SINT_COL} smallint, {TINT_COL} tinyint,
+                 {FLOAT_COL} float, {DOUBLE_COL} double, {BOOL_COL} bool,
+                 {BINARY_COL} binary(16), {NCHAR_COL} nchar(32), {TS_COL} timestamp
+            )
+            '''
+        tdSql.execute(create_stb_sql)
+        tdSql.execute(create_ntb_sql)
+
+        for i in range(4):
+            tdSql.execute(f'create table ct{i+1} using stb1 tags ( {i+1} )')
+            { i % 32767 }, { i % 127}, { i * 1.11111 }, { i * 1000.1111 }, { i % 2}
+
+    def __insert_data(self, rows):
+        now_time = int(datetime.datetime.timestamp(datetime.datetime.now()) * 1000)
+        for i in range(rows):
+            tdSql.execute(
+                f"insert into ct1 values ( { now_time - i * 1000 }, {i}, {11111 * i}, {111 * i % 32767 }, {11 * i % 127}, {1.11*i}, {1100.0011*i}, {i%2}, 'binary{i}', 'nchar_测试_{i}', { now_time + 1 * i } )"
+            )
+            tdSql.execute(
+                f"insert into ct4 values ( { now_time - i * 7776000000 }, {i}, {11111 * i}, {111 * i % 32767 }, {11 * i % 127}, {1.11*i}, {1100.0011*i}, {i%2}, 'binary{i}', 'nchar_测试_{i}', { now_time + 1 * i } )"
+            )
+            tdSql.execute(
+                f"insert into ct2 values ( { now_time - i * 7776000000 }, {-i},  {-11111 * i}, {-111 * i % 32767 }, {-11 * i % 127}, {-1.11*i}, {-1100.0011*i}, {i%2}, 'binary{i}', 'nchar_测试_{i}', { now_time + 1 * i } )"
+            )
+        tdSql.execute(
+            f'''insert into ct1 values
+            ( { now_time - rows * 5 }, 0, 0, 0, 0, 0, 0, 0, 'binary0', 'nchar_测试_0', { now_time + 8 } )
+            ( { now_time + 10000 }, { rows }, -99999, -999, -99, -9.99, -99.99, 1, 'binary9', 'nchar_测试_9', { now_time + 9 } )
+            '''
+        )
+
+        tdSql.execute(
+            f'''insert into ct4 values
+            ( { now_time - rows * 7776000000 }, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL )
+            ( { now_time - rows * 3888000000 + 10800000 }, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL )
+            ( { now_time +  7776000000 }, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL )
+            (
+                { now_time + 5184000000}, {pow(2,31)-pow(2,15)}, {pow(2,63)-pow(2,30)}, 32767, 127,
+                { 3.3 * pow(10,38) }, { 1.3 * pow(10,308) }, { rows % 2 }, "binary_limit-1", "nchar_测试_limit-1", { now_time - 86400000}
+                )
+            (
+                { now_time + 2592000000 }, {pow(2,31)-pow(2,16)}, {pow(2,63)-pow(2,31)}, 32766, 126,
+                { 3.2 * pow(10,38) }, { 1.2 * pow(10,308) }, { (rows-1) % 2 }, "binary_limit-2", "nchar_测试_limit-2", { now_time - 172800000}
+                )
+            '''
+        )
+
+        tdSql.execute(
+            f'''insert into ct2 values
+            ( { now_time - rows * 7776000000 }, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL )
+            ( { now_time - rows * 3888000000 + 10800000 }, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL )
+            ( { now_time + 7776000000 }, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL )
+            (
+                { now_time + 5184000000 }, { -1 * pow(2,31) + pow(2,15) }, { -1 * pow(2,63) + pow(2,30) }, -32766, -126,
+                { -1 * 3.2 * pow(10,38) }, { -1.2 * pow(10,308) }, { rows % 2 }, "binary_limit-1", "nchar_测试_limit-1", { now_time - 86400000 }
+                )
+            (
+                { now_time + 2592000000 }, { -1 * pow(2,31) + pow(2,16) }, { -1 * pow(2,63) + pow(2,31) }, -32767, -127,
+                { - 3.3 * pow(10,38) }, { -1.3 * pow(10,308) }, { (rows-1) % 2 }, "binary_limit-2", "nchar_测试_limit-2", { now_time - 172800000 }
+                )
+            '''
+        )
+
+        for i in range(rows):
+            insert_data = f'''insert into t1 values
+                ( { now_time - i * 3600000 }, {i}, {i * 11111}, { i % 32767 }, { i % 127}, { i * 1.11111 }, { i * 1000.1111 }, { i % 2},
+                "binary_{i}", "nchar_测试_{i}", { now_time - 1000 * i } )
+                '''
+            tdSql.execute(insert_data)
+        tdSql.execute(
+            f'''insert into t1 values
+            ( { now_time + 10800000 }, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL )
+            ( { now_time - (( rows // 2 ) * 60 + 30) * 60000 }, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL )
+            ( { now_time - rows * 3600000 }, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL )
+            ( { now_time + 7200000 }, { pow(2,31) - pow(2,15) }, { pow(2,63) - pow(2,30) }, 32767, 127,
+                { 3.3 * pow(10,38) }, { 1.3 * pow(10,308) }, { rows % 2 },
+                "binary_limit-1", "nchar_测试_limit-1", { now_time - 86400000 }
+                )
+            (
+                { now_time + 3600000 } , { pow(2,31) - pow(2,16) }, { pow(2,63) - pow(2,31) }, 32766, 126,
+                { 3.2 * pow(10,38) }, { 1.2 * pow(10,308) }, { (rows-1) % 2 },
+                "binary_limit-2", "nchar_测试_limit-2", { now_time - 172800000 }
+                )
+            '''
+        )
+
    def run(self):
+        tdSql.prepare()
+        self.__create_tb()
+        self.rows = 10
+        self.__insert_data(self.rows)
+
+        tdDnodes.stop(1)
+        tdDnodes.start(1)

        # 默认只有 root 用户
        tdLog.printNoPrefix("==========step0: init, user list only has root account")
@@ -276,6 +481,9 @@ class TDTestCase:
        self.login_currrent(self.__user_list[0], self.__passwd_list[0])
        self.login_err(self.__user_list[0], f"new{self.__passwd_list[0]}")

+        # 用户权限设置
+        self.test_grant()
+
        # 修改密码
        tdLog.printNoPrefix("==========step3: alter user pass test")
        self.test_alter_pass()

--- a/tests/system-test/fulltest.sh
+++ b/tests/system-test/fulltest.sh
@@ -9,7 +9,8 @@ python3 ./test.py -f 0-others/telemetry.py
 python3 ./test.py -f 0-others/taosdMonitor.py
 python3 ./test.py -f 0-others/udfTest.py

-python3 ./test.py -f 0-others/user_control.py
+# TODO privilege has error
+# python3 ./test.py -f 0-others/user_control.py

 #python3 ./test.py -f 2-query/between.py
 python3 ./test.py -f 2-query/distinct.py