mirrors/scylladb
1
0
Fork 0
mirror of https://github.com/scylladb/scylladb.git synced 2026-04-21 09:00:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3a67423ac94de4c742ba80c8cebfdd054a407da1
scylladb/test/boost/role_manager_test.cc
Kefu Chai 372a4d1b79 treewide: do not define FMT_DEPRECATED_OSTREAM 
since we do not rely on FMT_DEPRECATED_OSTREAM to define the
fmt::formatter for us anymore, let's stop defining `FMT_DEPRECATED_OSTREAM`.

in this change,

* utils: drop the range formatters in to_string.hh and to_string.c, as
  we don't use them anymore. and the tests for them in
  test/boost/string_format_test.cc are removed accordingly.
* utils: use fmt to print chunk_vector and small_vector. as
  we are not able to print the elements using operator<< anymore
  after switching to {fmt} formatters.
* test/boost: specialize fmt::details::is_std_string_like<bytes>
  due to a bug in {fmt} v9, {fmt} fails to format a range whose
  element type is `basic_sstring<uint8_t>`, as it considers it
  as a string-like type, but `basic_sstring<uint8_t>`'s char type
  is signed char, not char. this issue does not exist in {fmt} v10,
  so, in this change, we add a workaround to explicitly specialize
  the type trait to assure that {fmt} format this type using its
  `fmt::formatter` specialization instead of trying to format it
  as a string. also, {fmt}'s generic ranges formatter calls the
  pair formatter's `set_brackets()` and `set_separator()` methods
  when printing the range, but operator<< based formatter does not
  provide these method, we have to include this change in the change
  switching to {fmt}, otherwise the change specializing
  `fmt::details::is_std_string_like<bytes>` won't compile.
* test/boost: in tests, we use `BOOST_REQUIRE_EQUAL()` and its friends
  for comparing values. but without the operator<< based formatters,
  Boost.Test would not be able to print them. after removing
  the homebrew formatters, we need to use the generic
  `boost_test_print_type()` helper to do this job. so we are
  including `test_utils.hh` in tests so that we can print
  the formattable types.
* treewide: add "#include "utils/to_string.hh" where
  `fmt::formatter<optional<>>` is used.
* configure.py: do not define FMT_DEPRECATED_OSTREAM
* cmake: do not define FMT_DEPRECATED_OSTREAM

Refs #13245

Signed-off-by: Kefu Chai <kefu.chai@scylladb.com>
2024-04-19 22:57:36 +08:00

213 lines
6.7 KiB
C++
Raw Blame History

/*
* Copyright (C) 2017-present ScyllaDB
*/
/*
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
#include <fmt/ranges.h>
#include "auth/standard_role_manager.hh"
#include "test/lib/scylla_test_case.hh"
#include "test/lib/test_utils.hh"
#include "test/lib/cql_test_env.hh"
auto make_manager(cql_test_env& env) {
auto stop_role_manager = [] (auth::standard_role_manager* m) {
m->stop().get();
std::default_delete<auth::standard_role_manager>()(m);
};
return std::unique_ptr<auth::standard_role_manager, decltype(stop_role_manager)>(
new auth::standard_role_manager(env.local_qp(), env.get_raft_group0_client(), env.migration_manager().local()),
std::move(stop_role_manager));
}
SEASTAR_TEST_CASE(create_role) {
return do_with_cql_env_thread([](auto&& env) {
auto m = make_manager(env);
m->start().get();
const auto anon = auth::authenticated_user();
//
// Create a role, and verify its properties.
//
auth::role_config c;
c.is_superuser = true;
m->create("admin", c).get();
BOOST_REQUIRE_EQUAL(m->exists("admin").get(), true);
BOOST_REQUIRE_EQUAL(m->can_login("admin").get(), false);
BOOST_REQUIRE_EQUAL(m->is_superuser("admin").get(), true);
BOOST_REQUIRE_EQUAL(
m->query_granted("admin", auth::recursive_role_query::yes).get(),
std::unordered_set<sstring>{"admin"});
//
// Creating a role that already exists is an error.
//
BOOST_REQUIRE_THROW(m->create("admin", c).get(), auth::role_already_exists);
});
}
SEASTAR_TEST_CASE(drop_role) {
return do_with_cql_env_thread([](auto&& env) {
auto m = make_manager(env);
m->start().get();
const auto anon = auth::authenticated_user();
//
// Create a role, then drop it, then verify it's gone.
//
m->create("lord", auth::role_config()).get();
m->drop("lord").get();
BOOST_REQUIRE_EQUAL(m->exists("lord").get(), false);
//
// Dropping a role revokes it from other roles and revokes other roles from it.
//
m->create("peasant", auth::role_config()).get();
m->create("lord", auth::role_config()).get();
m->create("king", auth::role_config()).get();
auth::role_config tim_config;
tim_config.is_superuser = false;
tim_config.can_login = true;
m->create("tim", tim_config).get();
m->grant("lord", "peasant").get();
m->grant("king", "lord").get();
m->grant("tim", "lord").get();
m->drop("lord").get();
BOOST_REQUIRE_EQUAL(
m->query_granted("tim", auth::recursive_role_query::yes).get(),
std::unordered_set<sstring>{"tim"});
BOOST_REQUIRE_EQUAL(
m->query_granted("king", auth::recursive_role_query::yes).get(),
std::unordered_set<sstring>{"king"});
//
// Dropping a role that does not exist is an error.
//
BOOST_REQUIRE_THROW(m->drop("emperor").get(), auth::nonexistant_role);
});
}
SEASTAR_TEST_CASE(grant_role) {
return do_with_cql_env_thread([](auto&& env) {
auto m = make_manager(env);
m->start().get();
const auto anon = auth::authenticated_user();
auth::role_config jsnow_config;
jsnow_config.is_superuser = false;
jsnow_config.can_login = true;
m->create("jsnow", jsnow_config).get();
m->create("lord", auth::role_config()).get();
m->create("king", auth::role_config()).get();
//
// All kings have the rights of lords, and 'jsnow' is a king.
//
m->grant("king", "lord").get();
m->grant("jsnow", "king").get();
BOOST_REQUIRE_EQUAL(
m->query_granted("king", auth::recursive_role_query::yes).get(),
(std::unordered_set<sstring>{"king", "lord"}));
BOOST_REQUIRE_EQUAL(
m->query_granted("jsnow", auth::recursive_role_query::no).get(),
(std::unordered_set<sstring>{"jsnow", "king"}));
BOOST_REQUIRE_EQUAL(
m->query_granted("jsnow", auth::recursive_role_query::yes).get(),
(std::unordered_set<sstring>{"jsnow", "king", "lord"}));
// A non-existing role cannot be granted.
BOOST_REQUIRE_THROW(m->grant("jsnow", "doctor").get(), auth::nonexistant_role);
// A role cannot be granted to a non-existing role.
BOOST_REQUIRE_THROW(m->grant("hpotter", "lord").get(), auth::nonexistant_role);
});
}
SEASTAR_TEST_CASE(revoke_role) {
return do_with_cql_env_thread([](auto&& env) {
auto m = make_manager(env);
m->start().get();
const auto anon = auth::authenticated_user();
auth::role_config rrat_config;
rrat_config.is_superuser = false;
rrat_config.can_login = true;
m->create("rrat", rrat_config).get();
m->create("chef", auth::role_config()).get();
m->create("sous_chef", auth::role_config()).get();
m->grant("chef", "sous_chef").get();
m->grant("rrat", "chef").get();
m->revoke("chef", "sous_chef").get();
BOOST_REQUIRE_EQUAL(
m->query_granted("rrat", auth::recursive_role_query::yes).get(),
(std::unordered_set<sstring>{"chef", "rrat"}));
m->revoke("rrat", "chef").get();
BOOST_REQUIRE_EQUAL(
m->query_granted("rrat", auth::recursive_role_query::yes).get(),
std::unordered_set<sstring>{"rrat"});
// A non-existing role cannot be revoked.
BOOST_REQUIRE_THROW(m->revoke("rrat", "taster").get(), auth::nonexistant_role);
// A role cannot be revoked from a non-existing role.
BOOST_REQUIRE_THROW(m->revoke("ccasper", "chef").get(), auth::nonexistant_role);
// Revoking a role not granted is an error.
BOOST_REQUIRE_THROW(m->revoke("rrat", "sous_chef").get(), auth::revoke_ungranted_role);
});
}
SEASTAR_TEST_CASE(alter_role) {
return do_with_cql_env_thread([](auto&& env) {
auto m = make_manager(env);
m->start().get();
const auto anon = auth::authenticated_user();
auth::role_config tsmith_config;
tsmith_config.is_superuser = true;
tsmith_config.can_login = true;
m->create("tsmith", tsmith_config).get();
auth::role_config_update u;
u.can_login = false;
m->alter("tsmith", u).get();
BOOST_REQUIRE_EQUAL(m->is_superuser("tsmith").get(), true);
BOOST_REQUIRE_EQUAL(m->can_login("tsmith").get(), false);
// Altering a non-existing role is an error.
BOOST_REQUIRE_THROW(m->alter("hjones", u).get(), auth::nonexistant_role);
});
}
Reference in New Issue View Git Blame Copy Permalink