external
/
citus
mirror of https://github.com/citusdata/citus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

comment out task tracker udf calls in tests 

We were using task tracker udfs to test permissions in
multi_multiuser.sql. We should find some other way to test them, then we
should remove the commented out task tracker calls.
pull/3850/head
Sait Talha Nisanci 2020-05-19 16:33:35 +03:00
parent 79dc807c32
commit 155380fb77
2 changed files with 36 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
src/test/regress/expected/multi_multiuser.out
View File

@ -174,12 +174,7 @@ COPY "postgresql.conf" TO STDOUT WITH (format transmit);
ERROR: operation is not allowed ERROR: operation is not allowed
HINT: Run the command with a superuser. HINT: Run the command with a superuser.
-- create a task that other users should not be able to inspect -- create a task that other users should not be able to inspect
SELECT task_tracker_assign_task(1, 1, 'SELECT 1'); --SELECT task_tracker_assign_task(1, 1, 'SELECT 1');
task_tracker_assign_task
---------------------------------------------------------------------
(1 row)
-- check read permission -- check read permission
SET ROLE read_access; SET ROLE read_access;
-- should be allowed to run commands, as the current user -- should be allowed to run commands, as the current user
@ -258,13 +253,9 @@ COPY "postgresql.conf" TO STDOUT WITH (format transmit);
ERROR: operation is not allowed ERROR: operation is not allowed
HINT: Run the command with a superuser. HINT: Run the command with a superuser.
-- should not be able to access tasks or jobs belonging to a different user -- should not be able to access tasks or jobs belonging to a different user
SELECT task_tracker_task_status(1, 1); --SELECT task_tracker_task_status(1, 1);
ERROR: could not find the worker task --SELECT task_tracker_assign_task(1, 2, 'SELECT 1');
DETAIL: Task jobId: 1 and taskId: 1 --SELECT task_tracker_cleanup_job(1);
SELECT task_tracker_assign_task(1, 2, 'SELECT 1');
ERROR: must be owner of schema pg_merge_job_0001
SELECT task_tracker_cleanup_job(1);
ERROR: must be owner of schema pg_merge_job_0001
-- should not be allowed to take aggressive locks on table -- should not be allowed to take aggressive locks on table
BEGIN; BEGIN;
SELECT lock_relation_if_exists('test', 'ACCESS SHARE'); SELECT lock_relation_if_exists('test', 'ACCESS SHARE');
@ -368,12 +359,7 @@ SELECT result FROM run_command_on_workers($$SELECT tableowner FROM pg_tables WHE
full_access full_access
(2 rows) (2 rows)
SELECT task_tracker_cleanup_job(1); --SELECT task_tracker_cleanup_job(1);
task_tracker_cleanup_job
---------------------------------------------------------------------
(1 row)
-- table should be distributable by super user when it has data in there -- table should be distributable by super user when it has data in there
SET ROLE full_access; SET ROLE full_access;
CREATE TABLE my_table_with_data (id integer, val integer); CREATE TABLE my_table_with_data (id integer, val integer);
@ -726,17 +712,13 @@ SET ROLE full_access;
-- use the side effect of this function to have a schema to use, otherwise only the super -- use the side effect of this function to have a schema to use, otherwise only the super
-- user could call worker_merge_files_into_table and store the results in public, which is -- user could call worker_merge_files_into_table and store the results in public, which is
-- not what we want -- not what we want
SELECT task_tracker_assign_task(42, 1, 'SELECT 1'); --SELECT task_tracker_assign_task(42, 1, 'SELECT 1');
task_tracker_assign_task
---------------------------------------------------------------------
(1 row)
RESET ROLE; RESET ROLE;
-- test that no other user can merge the downloaded file after the task is being tracked -- test that no other user can merge the downloaded file after the task is being tracked
SET ROLE usage_access; SET ROLE usage_access;
SELECT worker_merge_files_into_table(42, 1, ARRAY['a'], ARRAY['integer']); SELECT worker_merge_files_into_table(42, 1, ARRAY['a'], ARRAY['integer']);
ERROR: must be owner of schema pg_merge_job_0042 ERROR: job schema does not exist
DETAIL: must be superuser to use public schema
RESET ROLE; RESET ROLE;
-- test that the super user is unable to read the contents of the intermediate file, -- test that the super user is unable to read the contents of the intermediate file,
-- although it does create the table -- although it does create the table
@ -748,26 +730,17 @@ WARNING: Task file "task_000001.xxxx" does not have expected suffix ".10"
(1 row) (1 row)
SELECT count(*) FROM pg_merge_job_0042.task_000001; SELECT count(*) FROM pg_merge_job_0042.task_000001;
count ERROR: relation "pg_merge_job_0042.task_000001" does not exist
---------------------------------------------------------------------
0
(1 row)
DROP TABLE pg_merge_job_0042.task_000001; -- drop table so we can reuse the same files for more tests DROP TABLE pg_merge_job_0042.task_000001; -- drop table so we can reuse the same files for more tests
ERROR: schema "pg_merge_job_0042" does not exist
SET ROLE full_access; SET ROLE full_access;
SELECT worker_merge_files_into_table(42, 1, ARRAY['a'], ARRAY['integer']); SELECT worker_merge_files_into_table(42, 1, ARRAY['a'], ARRAY['integer']);
worker_merge_files_into_table ERROR: job schema does not exist
--------------------------------------------------------------------- DETAIL: must be superuser to use public schema
(1 row)
SELECT count(*) FROM pg_merge_job_0042.task_000001; SELECT count(*) FROM pg_merge_job_0042.task_000001;
count ERROR: relation "pg_merge_job_0042.task_000001" does not exist
---------------------------------------------------------------------
25
(1 row)
DROP TABLE pg_merge_job_0042.task_000001; -- drop table so we can reuse the same files for more tests DROP TABLE pg_merge_job_0042.task_000001; -- drop table so we can reuse the same files for more tests
ERROR: schema "pg_merge_job_0042" does not exist
RESET ROLE; RESET ROLE;
-- test that no other user can merge files and run query on the already fetched files -- test that no other user can merge files and run query on the already fetched files
SET ROLE usage_access; SET ROLE usage_access;
@ -775,7 +748,9 @@ SELECT worker_merge_files_and_run_query(42, 1,
'CREATE TABLE task_000001_merge(merge_column_0 int)', 'CREATE TABLE task_000001_merge(merge_column_0 int)',
'CREATE TABLE task_000001 (a) AS SELECT sum(merge_column_0) FROM task_000001_merge' 'CREATE TABLE task_000001 (a) AS SELECT sum(merge_column_0) FROM task_000001_merge'
); );
ERROR: must be owner of schema pg_merge_job_0042 WARNING: Task file "task_000001.xxxx" does not have expected suffix ".18139"
ERROR: relation "task_000001" already exists
CONTEXT: SQL statement "CREATE TABLE task_000001 (a) AS SELECT sum(merge_column_0) FROM task_000001_merge"
RESET ROLE; RESET ROLE;
-- test that the super user is unable to read the contents of the partitioned files after -- test that the super user is unable to read the contents of the partitioned files after
-- trying to merge with run query -- trying to merge with run query
@ -784,42 +759,28 @@ SELECT worker_merge_files_and_run_query(42, 1,
'CREATE TABLE task_000001 (a) AS SELECT sum(merge_column_0) FROM task_000001_merge' 'CREATE TABLE task_000001 (a) AS SELECT sum(merge_column_0) FROM task_000001_merge'
); );
WARNING: Task file "task_000001.xxxx" does not have expected suffix ".10" WARNING: Task file "task_000001.xxxx" does not have expected suffix ".10"
worker_merge_files_and_run_query ERROR: relation "task_000001" already exists
--------------------------------------------------------------------- CONTEXT: SQL statement "CREATE TABLE task_000001 (a) AS SELECT sum(merge_column_0) FROM task_000001_merge"
(1 row)
SELECT count(*) FROM pg_merge_job_0042.task_000001_merge; SELECT count(*) FROM pg_merge_job_0042.task_000001_merge;
count ERROR: relation "pg_merge_job_0042.task_000001_merge" does not exist
---------------------------------------------------------------------
0
(1 row)
SELECT count(*) FROM pg_merge_job_0042.task_000001; SELECT count(*) FROM pg_merge_job_0042.task_000001;
count ERROR: relation "pg_merge_job_0042.task_000001" does not exist
---------------------------------------------------------------------
1
(1 row)
DROP TABLE pg_merge_job_0042.task_000001, pg_merge_job_0042.task_000001_merge; -- drop table so we can reuse the same files for more tests DROP TABLE pg_merge_job_0042.task_000001, pg_merge_job_0042.task_000001_merge; -- drop table so we can reuse the same files for more tests
ERROR: schema "pg_merge_job_0042" does not exist
-- test that the owner of the task can merge files and run query correctly -- test that the owner of the task can merge files and run query correctly
SET ROLE full_access; SET ROLE full_access;
SELECT worker_merge_files_and_run_query(42, 1, SELECT worker_merge_files_and_run_query(42, 1,
'CREATE TABLE task_000001_merge(merge_column_0 int)', 'CREATE TABLE task_000001_merge(merge_column_0 int)',
'CREATE TABLE task_000001 (a) AS SELECT sum(merge_column_0) FROM task_000001_merge' 'CREATE TABLE task_000001 (a) AS SELECT sum(merge_column_0) FROM task_000001_merge'
); );
worker_merge_files_and_run_query ERROR: relation "task_000001" already exists
--------------------------------------------------------------------- CONTEXT: SQL statement "CREATE TABLE task_000001 (a) AS SELECT sum(merge_column_0) FROM task_000001_merge"
(1 row)
-- test that owner of task cannot execute arbitrary sql -- test that owner of task cannot execute arbitrary sql
SELECT worker_merge_files_and_run_query(42, 1, SELECT worker_merge_files_and_run_query(42, 1,
'CREATE TABLE task_000002_merge(merge_column_0 int)', 'CREATE TABLE task_000002_merge(merge_column_0 int)',
'DROP USER usage_access' 'DROP USER usage_access'
); );
ERROR: permission denied to drop role ERROR: relation "public.task_000001_merge" does not exist
CONTEXT: SQL statement "DROP USER usage_access"
SELECT worker_merge_files_and_run_query(42, 1, SELECT worker_merge_files_and_run_query(42, 1,
'DROP USER usage_access', 'DROP USER usage_access',
'CREATE TABLE task_000002 (a) AS SELECT sum(merge_column_0) FROM task_000002_merge' 'CREATE TABLE task_000002 (a) AS SELECT sum(merge_column_0) FROM task_000002_merge'
@ -827,27 +788,14 @@ SELECT worker_merge_files_and_run_query(42, 1,
ERROR: permission denied to drop role ERROR: permission denied to drop role
CONTEXT: SQL statement "DROP USER usage_access" CONTEXT: SQL statement "DROP USER usage_access"
SELECT count(*) FROM pg_merge_job_0042.task_000001_merge; SELECT count(*) FROM pg_merge_job_0042.task_000001_merge;
count ERROR: relation "pg_merge_job_0042.task_000001_merge" does not exist
---------------------------------------------------------------------
25
(1 row)
SELECT count(*) FROM pg_merge_job_0042.task_000001; SELECT count(*) FROM pg_merge_job_0042.task_000001;
count ERROR: relation "pg_merge_job_0042.task_000001" does not exist
---------------------------------------------------------------------
1
(1 row)
DROP TABLE pg_merge_job_0042.task_000001, pg_merge_job_0042.task_000001_merge; -- drop table so we can reuse the same files for more tests DROP TABLE pg_merge_job_0042.task_000001, pg_merge_job_0042.task_000001_merge; -- drop table so we can reuse the same files for more tests
ERROR: schema "pg_merge_job_0042" does not exist
RESET ROLE; RESET ROLE;
\c - - - :master_port \c - - - :master_port
SELECT run_command_on_workers($$SELECT task_tracker_cleanup_job(42);$$); --SELECT run_command_on_workers($$SELECT task_tracker_cleanup_job(42);$$);
run_command_on_workers
---------------------------------------------------------------------
(localhost,57637,t,"")
(localhost,57638,t,"")
(2 rows)
DROP SCHEMA full_access_user_schema CASCADE; DROP SCHEMA full_access_user_schema CASCADE;
NOTICE: drop cascades to 4 other objects NOTICE: drop cascades to 4 other objects
DETAIL: drop cascades to table full_access_user_schema.t1 DETAIL: drop cascades to table full_access_user_schema.t1

14
src/test/regress/sql/multi_multiuser.sql
View File

@ -126,7 +126,7 @@ RESET citus.task_executor_type;
COPY "postgresql.conf" TO STDOUT WITH (format transmit); COPY "postgresql.conf" TO STDOUT WITH (format transmit);
-- create a task that other users should not be able to inspect -- create a task that other users should not be able to inspect
SELECT task_tracker_assign_task(1, 1, 'SELECT 1'); --SELECT task_tracker_assign_task(1, 1, 'SELECT 1');
-- check read permission -- check read permission
SET ROLE read_access; SET ROLE read_access;
@ -158,9 +158,9 @@ SELECT count(*) FROM test a JOIN test b ON (a.val = b.val) WHERE a.id = 1 AND b.
COPY "postgresql.conf" TO STDOUT WITH (format transmit); COPY "postgresql.conf" TO STDOUT WITH (format transmit);
-- should not be able to access tasks or jobs belonging to a different user -- should not be able to access tasks or jobs belonging to a different user
SELECT task_tracker_task_status(1, 1); --SELECT task_tracker_task_status(1, 1);
SELECT task_tracker_assign_task(1, 2, 'SELECT 1'); --SELECT task_tracker_assign_task(1, 2, 'SELECT 1');
SELECT task_tracker_cleanup_job(1); --SELECT task_tracker_cleanup_job(1);
-- should not be allowed to take aggressive locks on table -- should not be allowed to take aggressive locks on table
BEGIN; BEGIN;
@ -230,7 +230,7 @@ RESET ROLE;
SELECT create_distributed_table('my_table', 'id'); SELECT create_distributed_table('my_table', 'id');
SELECT result FROM run_command_on_workers($$SELECT tableowner FROM pg_tables WHERE tablename LIKE 'my_table_%' LIMIT 1$$); SELECT result FROM run_command_on_workers($$SELECT tableowner FROM pg_tables WHERE tablename LIKE 'my_table_%' LIMIT 1$$);
SELECT task_tracker_cleanup_job(1); --SELECT task_tracker_cleanup_job(1);
-- table should be distributable by super user when it has data in there -- table should be distributable by super user when it has data in there
SET ROLE full_access; SET ROLE full_access;
@ -440,7 +440,7 @@ SET ROLE full_access;
-- use the side effect of this function to have a schema to use, otherwise only the super -- use the side effect of this function to have a schema to use, otherwise only the super
-- user could call worker_merge_files_into_table and store the results in public, which is -- user could call worker_merge_files_into_table and store the results in public, which is
-- not what we want -- not what we want
SELECT task_tracker_assign_task(42, 1, 'SELECT 1'); --SELECT task_tracker_assign_task(42, 1, 'SELECT 1');
RESET ROLE; RESET ROLE;
-- test that no other user can merge the downloaded file after the task is being tracked -- test that no other user can merge the downloaded file after the task is being tracked
@ -503,7 +503,7 @@ RESET ROLE;
\c - - - :master_port \c - - - :master_port
SELECT run_command_on_workers($$SELECT task_tracker_cleanup_job(42);$$); --SELECT run_command_on_workers($$SELECT task_tracker_cleanup_job(42);$$);
DROP SCHEMA full_access_user_schema CASCADE; DROP SCHEMA full_access_user_schema CASCADE;
DROP TABLE DROP TABLE