mirrors/scylladb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3a67423ac94de4c742ba80c8cebfdd054a407da1
scylladb/test/auth_cluster/test_auth_raft_command_split.py
Marcin Maliszkiewicz cbf47319c1 db: auth: move auth tables to system keyspace 
Separate keyspace which also behaves as system brings
little benefit while creating some compatibility problems
like schema digest mismatch during rollback. So we decided
to move auth tables into system keyspace.

Fixes https://github.com/scylladb/scylladb/issues/18098

Closes scylladb/scylladb#18769

(cherry picked from commit 2ab143fb40)

[avi: adjust test/alternator/suite.yaml to reflect new keyspace]
2024-06-02 21:41:14 +03:00

54 lines
2.1 KiB
Python
Raw Blame History

#
# Copyright (C) 2024-present ScyllaDB
#
# SPDX-License-Identifier: AGPL-3.0-or-later
#
import asyncio
from test.pylib.manager_client import ManagerClient
import pytest
from test.pylib.rest_client import inject_error, inject_error_one_shot
from test.pylib.util import read_barrier, unique_name, wait_for_cql_and_get_hosts
"""
Tests case when bigger auth operation is split into multiple raft commands.
"""
@pytest.mark.asyncio
async def test_auth_raft_command_split(manager: ManagerClient) -> None:
servers = await manager.servers_add(3)
cql, hosts = await manager.get_ready_cql(servers)
initial_perms = await cql.run_async("SELECT * FROM system.role_permissions")
shared_role = "shared_role_" + unique_name()
await cql.run_async(f"CREATE ROLE {shared_role}")
users = ["user_" + unique_name() for _ in range(30)]
for user in users:
await cql.run_async(f"CREATE ROLE {user}")
await cql.run_async(f"GRANT ALL ON ROLE {shared_role} TO {user}")
# this will trigger cascade of deletes which should be packed
# into raft commands in a way that none exceeds max_command_size
await manager.driver_connect(server=servers[0])
cql, _ = await manager.get_ready_cql([servers[0]])
async with inject_error(manager.api, servers[0].ip_addr,
'auth_announce_mutations_command_max_size'):
await cql.run_async(f"DROP ROLE IF EXISTS {shared_role}", execution_profile='whitelist')
cql, hosts = await manager.get_ready_cql(servers)
# auth reads are eventually consistent so we need to sync all nodes
await asyncio.gather(*(read_barrier(cql, host) for host in hosts))
# confirm that deleted shared_role is not attached to any other role
assert await cql.run_async(f"SELECT * FROM system.role_permissions WHERE resource = 'role/{shared_role}' ALLOW FILTERING") == []
# cleanup
for user in users:
await cql.run_async(f"DROP ROLE IF EXISTS {user}")
await asyncio.gather(*(read_barrier(cql, host) for host in hosts))
current_perms = await cql.run_async("SELECT * FROM system.role_permissions")
assert initial_perms == current_perms
Reference in New Issue View Git Blame Copy Permalink