external
/
citus
mirror of https://github.com/citusdata/citus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add multi-user tests for task-tracker protocol functions

pull/2490/head
Marco Slot 2018-11-22 17:09:51 +01:00
parent 8e93fe5870
commit e9a7295ead
4 changed files with 52 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/backend/distributed/master/master_metadata_utility.c
View File

@ -1355,7 +1355,7 @@ EnsureSchemaOwner(Oid schemaId)
{ {
if (!pg_namespace_ownercheck(schemaId, GetUserId())) if (!pg_namespace_ownercheck(schemaId, GetUserId()))
{ {
aclcheck_error(ACLCHECK_NOT_OWNER, ACLCHECK_OBJECT_TABLE, aclcheck_error(ACLCHECK_NOT_OWNER, ACLCHECK_OBJECT_SCHEMA,
get_namespace_name(schemaId)); get_namespace_name(schemaId));
} }
} }

21
src/test/regress/expected/multi_multiuser.out
View File

@ -130,6 +130,13 @@ SET citus.task_executor_type TO 'real-time';
COPY "postgresql.conf" TO STDOUT WITH (format transmit); COPY "postgresql.conf" TO STDOUT WITH (format transmit);
ERROR: operation is not allowed ERROR: operation is not allowed
HINT: Run the command with a superuser. HINT: Run the command with a superuser.
-- create a task that other users should not be able to inspect
SELECT task_tracker_assign_task(1, 1, 'SELECT 1');
task_tracker_assign_task
--------------------------
(1 row)
-- check read permission -- check read permission
SET ROLE read_access; SET ROLE read_access;
EXECUTE prepare_insert(1); EXECUTE prepare_insert(1);
@ -172,6 +179,14 @@ SELECT count(*) FROM test a JOIN test b ON (a.val = b.val) WHERE a.id = 1 AND b.
COPY "postgresql.conf" TO STDOUT WITH (format transmit); COPY "postgresql.conf" TO STDOUT WITH (format transmit);
ERROR: operation is not allowed ERROR: operation is not allowed
HINT: Run the command with a superuser. HINT: Run the command with a superuser.
-- should not be able to access tasks or jobs belonging to a different user
SELECT task_tracker_task_status(1, 1);
ERROR: could not find the worker task
DETAIL: Task jobId: 1 and taskId: 1
SELECT task_tracker_assign_task(1, 2, 'SELECT 1');
ERROR: must be owner of schema pg_merge_job_0001
SELECT task_tracker_cleanup_job(1);
ERROR: must be owner of schema pg_merge_job_0001
-- should not be allowed to take aggressive locks on table -- should not be allowed to take aggressive locks on table
BEGIN; BEGIN;
SELECT lock_relation_if_exists('test', 'ACCESS SHARE'); SELECT lock_relation_if_exists('test', 'ACCESS SHARE');
@ -261,6 +276,12 @@ SELECT result FROM run_command_on_workers($$SELECT tableowner FROM pg_tables WHE
full_access full_access
(2 rows) (2 rows)
SELECT task_tracker_cleanup_job(1);
task_tracker_cleanup_job
--------------------------
(1 row)
DROP TABLE my_table, singleshard, test, test_coloc; DROP TABLE my_table, singleshard, test, test_coloc;
DROP USER full_access; DROP USER full_access;
DROP USER read_access; DROP USER read_access;

21
src/test/regress/expected/multi_multiuser_0.out
View File

@ -130,6 +130,13 @@ SET citus.task_executor_type TO 'real-time';
COPY "postgresql.conf" TO STDOUT WITH (format transmit); COPY "postgresql.conf" TO STDOUT WITH (format transmit);
ERROR: operation is not allowed ERROR: operation is not allowed
HINT: Run the command with a superuser. HINT: Run the command with a superuser.
-- create a task that other users should not be able to inspect
SELECT task_tracker_assign_task(1, 1, 'SELECT 1');
task_tracker_assign_task
--------------------------
(1 row)
-- check read permission -- check read permission
SET ROLE read_access; SET ROLE read_access;
EXECUTE prepare_insert(1); EXECUTE prepare_insert(1);
@ -172,6 +179,14 @@ SELECT count(*) FROM test a JOIN test b ON (a.val = b.val) WHERE a.id = 1 AND b.
COPY "postgresql.conf" TO STDOUT WITH (format transmit); COPY "postgresql.conf" TO STDOUT WITH (format transmit);
ERROR: operation is not allowed ERROR: operation is not allowed
HINT: Run the command with a superuser. HINT: Run the command with a superuser.
-- should not be able to access tasks or jobs belonging to a different user
SELECT task_tracker_task_status(1, 1);
ERROR: could not find the worker task
DETAIL: Task jobId: 1 and taskId: 1
SELECT task_tracker_assign_task(1, 2, 'SELECT 1');
ERROR: must be owner of schema pg_merge_job_0001
SELECT task_tracker_cleanup_job(1);
ERROR: must be owner of schema pg_merge_job_0001
-- should not be allowed to take aggressive locks on table -- should not be allowed to take aggressive locks on table
BEGIN; BEGIN;
SELECT lock_relation_if_exists('test', 'ACCESS SHARE'); SELECT lock_relation_if_exists('test', 'ACCESS SHARE');
@ -261,6 +276,12 @@ SELECT result FROM run_command_on_workers($$SELECT tableowner FROM pg_tables WHE
full_access full_access
(2 rows) (2 rows)
SELECT task_tracker_cleanup_job(1);
task_tracker_cleanup_job
--------------------------
(1 row)
DROP TABLE my_table, singleshard, test, test_coloc; DROP TABLE my_table, singleshard, test, test_coloc;
DROP USER full_access; DROP USER full_access;
DROP USER read_access; DROP USER read_access;

9
src/test/regress/sql/multi_multiuser.sql
View File

@ -90,6 +90,9 @@ SET citus.task_executor_type TO 'real-time';
-- should not be able to transmit directly -- should not be able to transmit directly
COPY "postgresql.conf" TO STDOUT WITH (format transmit); COPY "postgresql.conf" TO STDOUT WITH (format transmit);
-- create a task that other users should not be able to inspect
SELECT task_tracker_assign_task(1, 1, 'SELECT 1');
-- check read permission -- check read permission
SET ROLE read_access; SET ROLE read_access;
@ -109,6 +112,11 @@ SELECT count(*) FROM test a JOIN test b ON (a.val = b.val) WHERE a.id = 1 AND b.
-- should not be able to transmit directly -- should not be able to transmit directly
COPY "postgresql.conf" TO STDOUT WITH (format transmit); COPY "postgresql.conf" TO STDOUT WITH (format transmit);
-- should not be able to access tasks or jobs belonging to a different user
SELECT task_tracker_task_status(1, 1);
SELECT task_tracker_assign_task(1, 2, 'SELECT 1');
SELECT task_tracker_cleanup_job(1);
-- should not be allowed to take aggressive locks on table -- should not be allowed to take aggressive locks on table
BEGIN; BEGIN;
SELECT lock_relation_if_exists('test', 'ACCESS SHARE'); SELECT lock_relation_if_exists('test', 'ACCESS SHARE');
@ -164,6 +172,7 @@ RESET ROLE;
SELECT create_distributed_table('my_table', 'id'); SELECT create_distributed_table('my_table', 'id');
SELECT result FROM run_command_on_workers($$SELECT tableowner FROM pg_tables WHERE tablename LIKE 'my_table_%' LIMIT 1$$); SELECT result FROM run_command_on_workers($$SELECT tableowner FROM pg_tables WHERE tablename LIKE 'my_table_%' LIMIT 1$$);
SELECT task_tracker_cleanup_job(1);
DROP TABLE my_table, singleshard, test, test_coloc; DROP TABLE my_table, singleshard, test, test_coloc;
DROP USER full_access; DROP USER full_access;
DROP USER read_access; DROP USER read_access;