mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-19 13:32:33 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/suite/galera/t/galera_roles.test

168 lines
3.4 KiB
Text
Raw Normal View History

MDEV-8383 : "GRANT role TO user" does not replicate Enable replication of GRANT/REVOKE ROLE commands across galera nodes.
2015-07-11 01:06:42 +02:00
#
# Test for CREATE/DROP/GRANT/REVOKE role.
#
--source include/galera_cluster.inc
--source include/have_innodb.inc
--echo #
--echo # Testing CREATE/GRANT role
--echo #
--echo
--echo # On node_1
--connection node_1
CREATE DATABASE test1;
CREATE TABLE test1.t1 (a int, b int);
CREATE TABLE test1.t2 (a int, b int);
INSERT INTO test1.t1 values (1,2),(3,4);
INSERT INTO test1.t2 values (5,6),(7,8);
CREATE PROCEDURE test1.pr1() SELECT "pr1";
CREATE USER foo@localhost;
CREATE ROLE role1;
GRANT role1 TO foo@localhost;
GRANT RELOAD ON *.* TO role1;
GRANT SELECT ON mysql.* TO role1;
GRANT EXECUTE ON PROCEDURE test1.pr1 TO role1;
GRANT SELECT ON test1.t1 TO role1;
GRANT SELECT (a) ON test1.t2 TO role1;
--echo # Open connections to the 2 nodes using 'foo' user.
--let $port_1= \$NODE_MYPORT_1
--connect(foo_node_1,127.0.0.1,foo,,test,$port_1,)
--let $port_2= \$NODE_MYPORT_2
--connect(foo_node_2,127.0.0.1,foo,,test,$port_2,)
--echo
--echo # Connect with foo_node_1
--connection foo_node_1
SHOW GRANTS;
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
FLUSH TABLES;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM mysql.roles_mapping;
--error ER_DBACCESS_DENIED_ERROR
SHOW TABLES FROM test1;
SET ROLE role1;
FLUSH TABLES;
--sorted_result
SELECT * FROM mysql.roles_mapping;
SHOW TABLES FROM test1;
SELECT * FROM test1.t1;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM test1.t2;
SELECT a FROM test1.t2;
CALL test1.pr1();
--echo
--echo # Connect with foo_node_2
--connection foo_node_2
SHOW GRANTS;
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
FLUSH TABLES;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM mysql.roles_mapping;
--error ER_DBACCESS_DENIED_ERROR
SHOW TABLES FROM test1;
SET ROLE role1;
FLUSH TABLES;
--sorted_result
SELECT * FROM mysql.roles_mapping;
SHOW TABLES FROM test1;
SELECT * FROM test1.t1;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM test1.t2;
SELECT a FROM test1.t2;
CALL test1.pr1();
--echo #
--echo # Testing REVOKE role
--echo #
--echo #
--echo # Connect with node_1
--connection node_1
REVOKE EXECUTE ON PROCEDURE test1.pr1 FROM role1;
--echo
--echo # Connect with foo_node_1
--connection foo_node_1
--error ER_PROCACCESS_DENIED_ERROR
CALL test1.pr1();
--echo
--echo # Connect with foo_node_2
--connection foo_node_2
--error ER_PROCACCESS_DENIED_ERROR
CALL test1.pr1();
--echo #
--echo # Testing DROP role
--echo #
--echo
--echo # Connect with node_1
--connection node_1
DROP ROLE role1;
--echo
--echo # Connect with foo_node_1
--connection foo_node_1
FLUSH TABLES;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM mysql.roles_mapping;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM test1.t1;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT a FROM test1.t2;
SHOW GRANTS;
SELECT * FROM INFORMATION_SCHEMA.ENABLED_ROLES;
SELECT * FROM INFORMATION_SCHEMA.ENABLED_ROLES; # yes, repeat it twice
SELECT CURRENT_ROLE();
--echo
--echo # Connect with foo_node_2
--connection foo_node_2
FLUSH TABLES;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM mysql.roles_mapping;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM test1.t1;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT a FROM test1.t2;
SHOW GRANTS;
SELECT * FROM INFORMATION_SCHEMA.ENABLED_ROLES;
SELECT * FROM INFORMATION_SCHEMA.ENABLED_ROLES; # yes, repeat it twice
SELECT CURRENT_ROLE();
# Cleanup
disconnect foo_node_2;
--echo # Connect with node_1
--connection node_1
DROP USER foo@localhost;
DROP DATABASE test1;
--source include/galera_end.inc
--echo # End of test
Reference in a new issue Copy permalink