github.com/matrixorigin/matrixone@v1.2.0/pkg/frontend/authenticate2_test.go (about) 1 // Copyright 2021 Matrix Origin 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package frontend 16 17 import ( 18 "context" 19 "testing" 20 21 "github.com/golang/mock/gomock" 22 "github.com/stretchr/testify/assert" 23 24 plan3 "github.com/matrixorigin/matrixone/pkg/pb/plan" 25 plan2 "github.com/matrixorigin/matrixone/pkg/sql/plan" 26 ) 27 28 func Test_verifyAccountCanOperateClusterTable(t *testing.T) { 29 type arg struct { 30 acc *TenantInfo 31 db string 32 op clusterTableOperationType 33 want bool 34 } 35 36 sys := &TenantInfo{ 37 Tenant: sysAccountName, 38 } 39 40 nonSys := &TenantInfo{ 41 Tenant: "abc", 42 } 43 44 var args []arg 45 46 for db := range bannedCatalogDatabases { 47 for i := clusterTableNone; i <= clusterTableDrop; i++ { 48 args = append(args, arg{ 49 acc: sys, 50 db: db, 51 op: i, 52 want: db == moCatalog, 53 }) 54 args = append(args, arg{ 55 acc: sys, 56 db: "abc", 57 op: i, 58 want: false, 59 }) 60 args = append(args, arg{ 61 acc: nonSys, 62 db: db, 63 op: i, 64 want: db == moCatalog && (i == clusterTableNone || i == clusterTableSelect), 65 }) 66 args = append(args, arg{ 67 acc: nonSys, 68 db: "abc", 69 op: i, 70 want: false, 71 }) 72 } 73 } 74 75 for _, a := range args { 76 ret := verifyAccountCanOperateClusterTable(a.acc, a.db, a.op) 77 assert.True(t, ret == a.want) 78 } 79 } 80 81 func Test_verifyLightPrivilege(t *testing.T) { 82 ctrl := gomock.NewController(t) 83 defer ctrl.Finish() 84 85 ses := newTestSession(t, ctrl) 86 defer ses.Close() 87 88 sys := &TenantInfo{ 89 Tenant: sysAccountName, 90 } 91 92 nonSys := &TenantInfo{ 93 Tenant: "abc", 94 } 95 96 ses.SetFromRealUser(true) 97 ses.SetTenantInfo(sys) 98 99 var ret bool 100 101 ret = verifyLightPrivilege(ses, moCatalog, true, 102 false, clusterTableNone) 103 assert.False(t, ret) 104 105 ret = verifyLightPrivilege(ses, moCatalog, true, 106 true, clusterTableCreate) 107 assert.True(t, ret) 108 109 ret = verifyLightPrivilege(ses, "abc", true, 110 true, clusterTableCreate) 111 assert.False(t, ret) 112 113 ret = verifyLightPrivilege(ses, "abc", true, 114 false, clusterTableCreate) 115 assert.True(t, ret) 116 117 ret = verifyLightPrivilege(ses, "abc", false, 118 false, clusterTableCreate) 119 assert.True(t, ret) 120 121 ses.SetTenantInfo(nonSys) 122 123 ret = verifyLightPrivilege(ses, moCatalog, true, 124 false, clusterTableNone) 125 assert.False(t, ret) 126 127 ret = verifyLightPrivilege(ses, moCatalog, true, 128 true, clusterTableCreate) 129 assert.False(t, ret) 130 131 ret = verifyLightPrivilege(ses, moCatalog, true, 132 true, clusterTableSelect) 133 assert.True(t, ret) 134 135 ret = verifyLightPrivilege(ses, moCatalog, true, 136 true, clusterTableNone) 137 assert.True(t, ret) 138 139 ret = verifyLightPrivilege(ses, "abc", true, 140 true, clusterTableCreate) 141 assert.False(t, ret) 142 143 ret = verifyLightPrivilege(ses, "abc", true, 144 false, clusterTableCreate) 145 assert.True(t, ret) 146 147 ret = verifyLightPrivilege(ses, "abc", false, 148 false, clusterTableCreate) 149 assert.True(t, ret) 150 } 151 152 func Test_moctrl(t *testing.T) { 153 ctrl := gomock.NewController(t) 154 defer ctrl.Finish() 155 156 ses := newTestSession(t, ctrl) 157 defer ses.Close() 158 159 sys := &TenantInfo{ 160 Tenant: sysAccountName, 161 } 162 163 sys2 := &TenantInfo{ 164 Tenant: sysAccountName, 165 DefaultRole: moAdminRoleName, 166 } 167 168 nonSys := &TenantInfo{ 169 Tenant: "abc", 170 } 171 172 nonSys2 := &TenantInfo{ 173 Tenant: "abc", 174 DefaultRole: moAdminRoleName, 175 } 176 ses.SetFromRealUser(true) 177 ses.SetTenantInfo(sys) 178 179 var ret bool 180 181 ret = verifyAccountCanExecMoCtrl(sys) 182 assert.False(t, ret) 183 184 ret = verifyAccountCanExecMoCtrl(sys2) 185 assert.True(t, ret) 186 187 ret = verifyAccountCanExecMoCtrl(nonSys) 188 assert.False(t, ret) 189 190 ret = verifyAccountCanExecMoCtrl(nonSys2) 191 assert.False(t, ret) 192 } 193 194 func Test_hasMoCtrl(t *testing.T) { 195 var ret bool 196 ret = hasMoCtrl(nil) 197 assert.False(t, ret) 198 199 ret = hasMoCtrl(&plan2.Plan{}) 200 assert.False(t, ret) 201 202 ret = hasMoCtrl(&plan2.Plan{ 203 Plan: &plan2.Plan_Query{ 204 Query: &plan2.Query{ 205 StmtType: plan3.Query_SELECT, 206 Nodes: []*plan3.Node{ 207 { 208 NodeType: plan3.Node_PROJECT, 209 ProjectList: []*plan3.Expr{ 210 { 211 Expr: &plan3.Expr_F{ 212 F: &plan3.Function{ 213 Func: &plan3.ObjectRef{ 214 ObjName: "mo_ctl", 215 }, 216 }, 217 }, 218 }, 219 }, 220 }, 221 }, 222 }, 223 }, 224 }) 225 assert.True(t, ret) 226 } 227 228 func newTestExecCtx(ctx context.Context, ctrl *gomock.Controller) *ExecCtx { 229 ret := &ExecCtx{ 230 reqCtx: ctx, 231 } 232 return ret 233 }