From e9a7295ead49d7a75771082f92ec7668e57de090 Mon Sep 17 00:00:00 2001 From: Marco Slot Date: Thu, 22 Nov 2018 17:09:51 +0100 Subject: [PATCH] Add multi-user tests for task-tracker protocol functions --- .../master/master_metadata_utility.c | 2 +- src/test/regress/expected/multi_multiuser.out | 21 +++++++++++++++++++ .../regress/expected/multi_multiuser_0.out | 21 +++++++++++++++++++ src/test/regress/sql/multi_multiuser.sql | 9 ++++++++ 4 files changed, 52 insertions(+), 1 deletion(-) diff --git a/src/backend/distributed/master/master_metadata_utility.c b/src/backend/distributed/master/master_metadata_utility.c index b8798611f..f9223cf35 100644 --- a/src/backend/distributed/master/master_metadata_utility.c +++ b/src/backend/distributed/master/master_metadata_utility.c @@ -1355,7 +1355,7 @@ EnsureSchemaOwner(Oid schemaId) { if (!pg_namespace_ownercheck(schemaId, GetUserId())) { - aclcheck_error(ACLCHECK_NOT_OWNER, ACLCHECK_OBJECT_TABLE, + aclcheck_error(ACLCHECK_NOT_OWNER, ACLCHECK_OBJECT_SCHEMA, get_namespace_name(schemaId)); } } diff --git a/src/test/regress/expected/multi_multiuser.out b/src/test/regress/expected/multi_multiuser.out index a3a381966..52b7b18ff 100644 --- a/src/test/regress/expected/multi_multiuser.out +++ b/src/test/regress/expected/multi_multiuser.out @@ -130,6 +130,13 @@ SET citus.task_executor_type TO 'real-time'; COPY "postgresql.conf" TO STDOUT WITH (format transmit); ERROR: operation is not allowed HINT: Run the command with a superuser. +-- create a task that other users should not be able to inspect +SELECT task_tracker_assign_task(1, 1, 'SELECT 1'); + task_tracker_assign_task +-------------------------- + +(1 row) + -- check read permission SET ROLE read_access; EXECUTE prepare_insert(1); @@ -172,6 +179,14 @@ SELECT count(*) FROM test a JOIN test b ON (a.val = b.val) WHERE a.id = 1 AND b. COPY "postgresql.conf" TO STDOUT WITH (format transmit); ERROR: operation is not allowed HINT: Run the command with a superuser. +-- should not be able to access tasks or jobs belonging to a different user +SELECT task_tracker_task_status(1, 1); +ERROR: could not find the worker task +DETAIL: Task jobId: 1 and taskId: 1 +SELECT task_tracker_assign_task(1, 2, 'SELECT 1'); +ERROR: must be owner of schema pg_merge_job_0001 +SELECT task_tracker_cleanup_job(1); +ERROR: must be owner of schema pg_merge_job_0001 -- should not be allowed to take aggressive locks on table BEGIN; SELECT lock_relation_if_exists('test', 'ACCESS SHARE'); @@ -261,6 +276,12 @@ SELECT result FROM run_command_on_workers($$SELECT tableowner FROM pg_tables WHE full_access (2 rows) +SELECT task_tracker_cleanup_job(1); + task_tracker_cleanup_job +-------------------------- + +(1 row) + DROP TABLE my_table, singleshard, test, test_coloc; DROP USER full_access; DROP USER read_access; diff --git a/src/test/regress/expected/multi_multiuser_0.out b/src/test/regress/expected/multi_multiuser_0.out index adbac9b1d..6f343379b 100644 --- a/src/test/regress/expected/multi_multiuser_0.out +++ b/src/test/regress/expected/multi_multiuser_0.out @@ -130,6 +130,13 @@ SET citus.task_executor_type TO 'real-time'; COPY "postgresql.conf" TO STDOUT WITH (format transmit); ERROR: operation is not allowed HINT: Run the command with a superuser. +-- create a task that other users should not be able to inspect +SELECT task_tracker_assign_task(1, 1, 'SELECT 1'); + task_tracker_assign_task +-------------------------- + +(1 row) + -- check read permission SET ROLE read_access; EXECUTE prepare_insert(1); @@ -172,6 +179,14 @@ SELECT count(*) FROM test a JOIN test b ON (a.val = b.val) WHERE a.id = 1 AND b. COPY "postgresql.conf" TO STDOUT WITH (format transmit); ERROR: operation is not allowed HINT: Run the command with a superuser. +-- should not be able to access tasks or jobs belonging to a different user +SELECT task_tracker_task_status(1, 1); +ERROR: could not find the worker task +DETAIL: Task jobId: 1 and taskId: 1 +SELECT task_tracker_assign_task(1, 2, 'SELECT 1'); +ERROR: must be owner of schema pg_merge_job_0001 +SELECT task_tracker_cleanup_job(1); +ERROR: must be owner of schema pg_merge_job_0001 -- should not be allowed to take aggressive locks on table BEGIN; SELECT lock_relation_if_exists('test', 'ACCESS SHARE'); @@ -261,6 +276,12 @@ SELECT result FROM run_command_on_workers($$SELECT tableowner FROM pg_tables WHE full_access (2 rows) +SELECT task_tracker_cleanup_job(1); + task_tracker_cleanup_job +-------------------------- + +(1 row) + DROP TABLE my_table, singleshard, test, test_coloc; DROP USER full_access; DROP USER read_access; diff --git a/src/test/regress/sql/multi_multiuser.sql b/src/test/regress/sql/multi_multiuser.sql index ca072106d..6f73e4098 100644 --- a/src/test/regress/sql/multi_multiuser.sql +++ b/src/test/regress/sql/multi_multiuser.sql @@ -90,6 +90,9 @@ SET citus.task_executor_type TO 'real-time'; -- should not be able to transmit directly COPY "postgresql.conf" TO STDOUT WITH (format transmit); +-- create a task that other users should not be able to inspect +SELECT task_tracker_assign_task(1, 1, 'SELECT 1'); + -- check read permission SET ROLE read_access; @@ -109,6 +112,11 @@ SELECT count(*) FROM test a JOIN test b ON (a.val = b.val) WHERE a.id = 1 AND b. -- should not be able to transmit directly COPY "postgresql.conf" TO STDOUT WITH (format transmit); +-- should not be able to access tasks or jobs belonging to a different user +SELECT task_tracker_task_status(1, 1); +SELECT task_tracker_assign_task(1, 2, 'SELECT 1'); +SELECT task_tracker_cleanup_job(1); + -- should not be allowed to take aggressive locks on table BEGIN; SELECT lock_relation_if_exists('test', 'ACCESS SHARE'); @@ -164,6 +172,7 @@ RESET ROLE; SELECT create_distributed_table('my_table', 'id'); SELECT result FROM run_command_on_workers($$SELECT tableowner FROM pg_tables WHERE tablename LIKE 'my_table_%' LIMIT 1$$); +SELECT task_tracker_cleanup_job(1); DROP TABLE my_table, singleshard, test, test_coloc; DROP USER full_access; DROP USER read_access;