首页 项目目录 关于我们
Sign In
rust
/
Materialize
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
Materialize
/
test
/
sqllogictest
/
role_create.slt

role_create.slt 10 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299 
  1. # Copyright Materialize, Inc. and contributors. All rights reserved.
    2. 

  2. #
    3. 

  3. # Use of this software is governed by the Business Source License
    4. 

  4. # included in the LICENSE file at the root of this repository.
    5. 

  5. #
    6. 

  6. # As of the Change Date specified in that file, in accordance with
    7. 

  7. # the Business Source License, use of this software will be governed
    8. 

  8. # by the Apache License, Version 2.0.
    9. 

  9. 

  10. # Loosely based on https://github.com/postgres/postgres/blob/master/src/test/regress/expected/create_role.out
    11. 

  11. # We have replaced role attributes with system privileges so we had to make a lot of changes to
    12. 

  12. # this test file to reflect that.
    13. 

  13. 

  14. mode cockroach
    15. 

  15. 

  16. reset-server
    17. 

  17. 

  18. simple conn=mz_system,user=mz_system
    19. 

  19. ALTER SYSTEM SET enable_rbac_checks TO true;
    20. 

  20. ----
    21. 

  21. COMPLETE 0
    22. 

  22. 

  23. simple conn=mz_system,user=mz_system
    24. 

  24. CREATE ROLE regress_role_admin;
    25. 

  25. ----
    26. 

  26. COMPLETE 0
    27. 

  27. 

  28. simple conn=mz_system,user=mz_system
    29. 

  29. GRANT CREATEDB, CREATECLUSTER, CREATEROLE ON SYSTEM TO regress_role_admin;
    30. 

  30. ----
    31. 

  31. COMPLETE 0
    32. 

  32. 

  33. simple conn=mz_system,user=mz_system
    34. 

  34. CREATE DATABASE regression
    35. 

  35. ----
    36. 

  36. COMPLETE 0
    37. 

  37. 

  38. simple conn=mz_system,user=mz_system
    39. 

  39. GRANT CREATE ON DATABASE regression TO regress_role_admin;
    40. 

  40. ----
    41. 

  41. COMPLETE 0
    42. 

  42. 

  43. simple conn=mz_system,user=mz_system
    44. 

  44. GRANT CREATE ON DATABASE regression TO regress_role_admin WITH GRANT OPTION;
    45. 

  45. ----
    46. 

  46. db error: ERROR: Expected end of statement, found WITH
    47. 

  47. 

  48. simple conn=mz_system,user=mz_system
    49. 

  49. CREATE ROLE regress_role_limited_admin;
    50. 

  50. ----
    51. 

  51. COMPLETE 0
    52. 

  52. 

  53. simple conn=mz_system,user=mz_system
    54. 

  54. GRANT CREATEROLE ON SYSTEM TO regress_role_limited_admin;
    55. 

  55. ----
    56. 

  56. COMPLETE 0
    57. 

  57. 

  58. simple conn=mz_system,user=mz_system
    59. 

  59. CREATE ROLE regress_role_normal;
    60. 

  60. ----
    61. 

  61. COMPLETE 0
    62. 

  62. 

  63. simple conn=regress_role_limited_admin,user=regress_role_limited_admin
    64. 

  64. CREATE ROLE regress_nosuch_superuser SUPERUSER;
    65. 

  65. ----
    66. 

  66. db error: ERROR: permission denied to create superuser role
    67. 

  67. DETAIL: You must be a superuser to create superuser role
    68. 

  68. 

  69. simple conn=regress_role_limited_admin,user=regress_role_limited_admin
    70. 

  70. CREATE ROLE regress_nosuch_createdb CREATEDB;
    71. 

  71. ----
    72. 

  72. db error: ERROR: CREATEDB attribute is not supported, for more information consult the documentation at https://materialize.com/docs/sql/create-role/#details
    73. 

  73. DETAIL: Use system privileges instead.
    74. 

  74. 

  75. simple conn=regress_role_limited_admin,user=regress_role_limited_admin
    76. 

  76. CREATE ROLE regress_nosuch_createcluster CREATECLUSTER;
    77. 

  77. ----
    78. 

  78. db error: ERROR: CREATECLUSTER attribute is not supported, for more information consult the documentation at https://materialize.com/docs/sql/create-role/#details
    79. 

  79. DETAIL: Use system privileges instead.
    80. 

  80. 

  81. simple conn=regress_role_limited_admin,user=regress_role_limited_admin
    82. 

  82. CREATE ROLE regress_role_limited;
    83. 

  83. ----
    84. 

  84. COMPLETE 0
    85. 

  85. 

  86. simple conn=regress_role_limited_admin,user=regress_role_limited_admin
    87. 

  87. ALTER ROLE regress_role_limited CREATEDB;
    88. 

  88. ----
    89. 

  89. db error: ERROR: CREATEDB attribute is not supported, for more information consult the documentation at https://materialize.com/docs/sql/create-role/#details
    90. 

  90. DETAIL: Use system privileges instead.
    91. 

  91. 

  92. simple conn=regress_role_limited_admin,user=regress_role_limited_admin
    93. 

  93. ALTER ROLE regress_role_limited CREATECLUSTER;
    94. 

  94. ----
    95. 

  95. db error: ERROR: CREATECLUSTER attribute is not supported, for more information consult the documentation at https://materialize.com/docs/sql/create-role/#details
    96. 

  96. DETAIL: Use system privileges instead.
    97. 

  97. 

  98. simple conn=regress_role_admin,user=regress_role_admin
    99. 

  99. CREATE ROLE regress_createdb;
    100. 

  100. ----
    101. 

  101. COMPLETE 0
    102. 

  102. 

  103. simple conn=mz_system,user=mz_system
    104. 

  104. GRANT CREATEDB ON SYSTEM TO regress_createdb;
    105. 

  105. ----
    106. 

  106. COMPLETE 0
    107. 

  107. 

  108. simple conn=regress_role_admin,user=regress_role_admin
    109. 

  109. ALTER ROLE regress_createdb NOCREATEDB;
    110. 

  110. ----
    111. 

  111. db error: ERROR: CREATEDB attribute is not supported, for more information consult the documentation at https://materialize.com/docs/sql/create-role/#details
    112. 

  112. DETAIL: Use system privileges instead.
    113. 

  113. 

  114. simple conn=regress_role_admin,user=regress_role_admin
    115. 

  115. ALTER ROLE regress_createdb CREATEDB;
    116. 

  116. ----
    117. 

  117. db error: ERROR: CREATEDB attribute is not supported, for more information consult the documentation at https://materialize.com/docs/sql/create-role/#details
    118. 

  118. DETAIL: Use system privileges instead.
    119. 

  119. 

  120. simple conn=regress_role_admin,user=regress_role_admin
    121. 

  121. CREATE ROLE regress_createcluster;
    122. 

  122. ----
    123. 

  123. COMPLETE 0
    124. 

  124. 

  125. simple conn=mz_system,user=mz_system
    126. 

  126. GRANT CREATECLUSTER ON SYSTEM TO regress_createcluster;
    127. 

  127. ----
    128. 

  128. COMPLETE 0
    129. 

  129. 

  130. simple conn=regress_role_admin,user=regress_role_admin
    131. 

  131. ALTER ROLE regress_createcluster NOCREATECLUSTER;
    132. 

  132. ----
    133. 

  133. db error: ERROR: CREATECLUSTER attribute is not supported, for more information consult the documentation at https://materialize.com/docs/sql/create-role/#details
    134. 

  134. DETAIL: Use system privileges instead.
    135. 

  135. 

  136. simple conn=regress_role_admin,user=regress_role_admin
    137. 

  137. ALTER ROLE regress_createcluster CREATECLUSTER;
    138. 

  138. ----
    139. 

  139. db error: ERROR: CREATECLUSTER attribute is not supported, for more information consult the documentation at https://materialize.com/docs/sql/create-role/#details
    140. 

  140. DETAIL: Use system privileges instead.
    141. 

  141. 

  142. simple conn=regress_role_admin,user=regress_role_admin
    143. 

  143. ALTER ROLE regress_createdb SUPERUSER;
    144. 

  144. ----
    145. 

  145. db error: ERROR: permission denied to alter superuser role
    146. 

  146. DETAIL: You must be a superuser to alter superuser role
    147. 

  147. 

  148. simple conn=regress_role_admin,user=regress_role_admin
    149. 

  149. ALTER ROLE regress_createdb NOSUPERUSER;
    150. 

  150. ----
    151. 

  151. db error: ERROR: SUPERUSER, PASSWORD, and LOGIN attributes is not supported in this environment. For more information consult the documentation at https://materialize.com/docs/sql/create-role/#details
    152. 

  152. 

  153. simple conn=regress_role_admin,user=regress_role_admin
    154. 

  154. CREATE ROLE regress_createrole;
    155. 

  155. ----
    156. 

  156. COMPLETE 0
    157. 

  157. 

  158. simple conn=mz_system,user=mz_system
    159. 

  159. GRANT CREATEROLE ON SYSTEM TO regress_createrole;
    160. 

  160. ----
    161. 

  161. COMPLETE 0
    162. 

  162. 

  163. simple conn=regress_role_admin,user=regress_role_admin
    164. 

  164. CREATE ROLE regress_connection_limit CONNECTION LIMIT 5;
    165. 

  165. ----
    166. 

  166. db error: ERROR: Expected end of statement, found CONNECTION
    167. 

  167. 

  168. # You might think to yourself "why is creating a role with PASSWORD NULL
    169. 

  169. # allowed? Especially when self hosted auth isn't enabled?"
    170. 

  170. # The answer is unsatisfying: it's a legacy behavior from Postgres.
    171. 

  171. # Creating a role with a null password is the same as not specifying a password at all.
    172. 

  172. # So, uh, sure...
    173. 

  173. simple conn=regress_role_admin,user=regress_role_admin
    174. 

  174. CREATE ROLE regress_password_null PASSWORD NULL;
    175. 

  175. ----
    176. 

  176. COMPLETE 0
    177. 

  177. 

  178. simple conn=regress_role_admin,user=regress_role_admin
    179. 

  179. CREATE ROLE regress_noiseword SYSID 12345;
    180. 

  180. ----
    181. 

  181. db error: ERROR: Expected end of statement, found identifier "sysid"
    182. 

  182. 

  183. simple conn=regress_role_admin,user=regress_role_admin
    184. 

  184. CREATE ROLE regress_noiseword USER x;
    185. 

  185. ----
    186. 

  186. db error: ERROR: Expected end of statement, found USER
    187. 

  187. 

  188. simple conn=regress_role_admin,user=regress_role_admin
    189. 

  189. CREATE ROLE regress_noiseword ADMIN x
    190. 

  190. ----
    191. 

  191. db error: ERROR: Expected end of statement, found identifier "admin"
    192. 

  192. 

  193. simple conn=regress_role_admin,user=regress_role_admin
    194. 

  194. CREATE ROLE regress_noiseword ROLE x
    195. 

  195. ----
    196. 

  196. db error: ERROR: Expected end of statement, found ROLE
    197. 

  197. 

  198. simple conn=regress_role_admin,user=regress_role_admin
    199. 

  199. CREATE ROLE regress_noiseword IN GROUP x
    200. 

  200. ----
    201. 

  201. db error: ERROR: Expected end of statement, found IN
    202. 

  202. 

  203. simple conn=regress_role_admin,user=regress_role_admin
    204. 

  204. CREATE ROLE regress_noiseword IN ROLE x;
    205. 

  205. ----
    206. 

  206. db error: ERROR: Expected end of statement, found IN
    207. 

  207. 

  208. simple conn=regress_role_admin,user=regress_role_admin
    209. 

  209. CREATE ROLE regress_noiseword VALID UNTIL '2024';
    210. 

  210. ----
    211. 

  211. db error: ERROR: Expected end of statement, found identifier "valid"
    212. 

  212. 

  213. simple conn=regress_role_admin,user=regress_role_admin
    214. 

  214. CREATE ROLE regress_noiseword ENCRYPTED PASSWORD NULL;
    215. 

  215. ----
    216. 

  216. db error: ERROR: Expected end of statement, found identifier "encrypted"
    217. 

  217. 

  218. simple conn=regress_role_admin,user=regress_role_admin
    219. 

  219. CREATE ROLE regress_noiseword BYPASSRLS;
    220. 

  220. ----
    221. 

  221. db error: ERROR: Expected end of statement, found identifier "bypassrls"
    222. 

  222. 

  223. simple conn=regress_role_admin,user=regress_role_admin
    224. 

  224. CREATE ROLE regress_noiseword NOBYPASSRLS;
    225. 

  225. ----
    226. 

  226. db error: ERROR: Expected end of statement, found identifier "nobypassrls"
    227. 

  227. 

  228. simple conn=regress_role_admin,user=regress_role_admin
    229. 

  229. CREATE ROLE regress_noiseword REPLICATION;
    230. 

  230. ----
    231. 

  231. db error: ERROR: Expected end of statement, found REPLICATION
    232. 

  232. 

  233. simple conn=regress_role_admin,user=regress_role_admin
    234. 

  234. CREATE ROLE regress_noiseword NOREPLICATION;
    235. 

  235. ----
    236. 

  236. db error: ERROR: Expected end of statement, found identifier "noreplication"
    237. 

  237. 

  238. simple conn=regress_role_admin,user=regress_role_admin
    239. 

  239. CREATE ROLE regress_noiseword LOGIN;
    240. 

  240. ----
    241. 

  241. db error: ERROR: SUPERUSER, PASSWORD, and LOGIN attributes is not supported in this environment. For more information consult the documentation at https://materialize.com/docs/sql/create-role/#details
    242. 

  242. 

  243. simple conn=regress_role_admin,user=regress_role_admin
    244. 

  244. CREATE ROLE regress_noiseword NOLOGIN;
    245. 

  245. ----
    246. 

  246. db error: ERROR: SUPERUSER, PASSWORD, and LOGIN attributes is not supported in this environment. For more information consult the documentation at https://materialize.com/docs/sql/create-role/#details
    247. 

  247. 

  248. simple conn=mz_system,user=mz_system
    249. 

  249. ALTER SYSTEM SET enable_password_auth = true
    250. 

  250. ----
    251. 

  251. COMPLETE 0
    252. 

  252. 

  253. simple conn=regress_role_admin,user=regress_role_admin
    254. 

  254. CREATE ROLE password_role WITH PASSWORD 'password';
    255. 

  255. ----
    256. 

  256. COMPLETE 0
    257. 

  257. 

  258. simple conn=regress_role_admin,user=regress_role_admin
    259. 

  259. CREATE ROLE login_password_role WITH LOGIN PASSWORD 'password';
    260. 

  260. ----
    261. 

  261. COMPLETE 0
    262. 

  262. 

  263. simple conn=regress_role_admin,user=regress_role_admin
    264. 

  264. ALTER ROLE password_role WITH PASSWORD 'new_password';
    265. 

  265. ----
    266. 

  266. db error: ERROR: permission denied to alter password of role
    267. 

  267. DETAIL: You must be a superuser to alter password of role
    268. 

  268. 

  269. simple conn=regress_role_admin,user=regress_role_admin
    270. 

  270. ALTER ROLE regress_role_admin WITH PASSWORD 'new_password';
    271. 

  271. ----
    272. 

  272. COMPLETE 0
    273. 

  273. 

  274. simple conn=regress_role_admin,user=regress_role_admin
    275. 

  275. ALTER ROLE password_role WITH PASSWORD NULL;
    276. 

  276. ----
    277. 

  277. COMPLETE 0
    278. 

  278. 

  279. simple conn=regress_role_admin,user=regress_role_admin
    280. 

  280. ALTER ROLE password_role WITH PASSWORD 123;
    281. 

  281. ----
    282. 

  282. db error: ERROR: Expected literal string, found number "123"
    283. 

  283. 

  284. simple conn=regress_role_admin,user=regress_role_admin
    285. 

  285. CREATE ROLE superuser_login_password_role WITH SUPERUSER LOGIN PASSWORD 'password';
    286. 

  286. ----
    287. 

  287. db error: ERROR: permission denied to create superuser role
    288. 

  288. DETAIL: You must be a superuser to create superuser role
    289. 

  289. 

  290. simple conn=regress_role_admin,user=regress_role_admin
    291. 

  291. ALTER ROLE password_role WITH SUPERUSER;
    292. 

  292. ----
    293. 

  293. db error: ERROR: permission denied to alter superuser role
    294. 

  294. DETAIL: You must be a superuser to alter superuser role
    295. 

  295. 

  296. simple conn=regress_role_admin,user=regress_role_admin
    297. 

  297. DROP ROLE password_role;
    298. 

  298. ----
    299. 

  299. COMPLETE 0
    300.