Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
M
Metabase
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Wiki
Requirements
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Test cases
Artifacts
Deploy
Releases
Package registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Engineering Digital Service
Metabase
Commits
b3f47b34
Unverified
Commit
b3f47b34
authored
1 year ago
by
metamben
Committed by
GitHub
1 year ago
Browse files
Options
Downloads
Patches
Plain Diff
Generate unique user name in table-privileges-test (#39457)
* Generate unique user name in table-privileges-test
parent
99e4ce44
No related branches found
No related tags found
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
modules/drivers/redshift/test/metabase/driver/redshift_test.clj
+55
-54
55 additions, 54 deletions
...s/drivers/redshift/test/metabase/driver/redshift_test.clj
with
55 additions
and
54 deletions
modules/drivers/redshift/test/metabase/driver/redshift_test.clj
+
55
−
54
View file @
b3f47b34
...
...
@@ -11,6 +11,7 @@
[
metabase.driver.sql-jdbc.sync.describe-database
:as
sql-jdbc.describe-database
]
[
metabase.driver.sql.query-processor
:as
sql.qp
]
[
metabase.driver.sql.test-util.unique-prefix
:as
sql.tu.unique-prefix
]
[
metabase.models.database
:refer
[
Database
]]
[
metabase.models.field
:refer
[
Field
]]
[
metabase.models.table
:refer
[
Table
]]
...
...
@@ -409,7 +410,7 @@
(
testing
"`table-privileges` should return the correct data for current_user and role privileges"
(
mt/with-temp
[
Database
_database
{
:engine
:redshift,
:details
(
tx/dbdef->connection-details
:redshift
nil
nil
)}]
(
let
[
schema-name
(
redshift.test/unique-session-schema
)
username
"privilege_rows_test_
example_
role"
username
(
str
(
sql.tu.unique-prefix/unique-prefix
)
"privilege_rows_test_role"
)
table-name
"test_tp_table"
qual-tbl-name
(
format
"\"%s\".\"%s\""
schema-name
table-name
)
view-nm
"test_tp_view"
...
...
@@ -419,64 +420,64 @@
conn-spec
(
sql-jdbc.conn/db->pooled-connection-spec
(
mt/db
))
get-privileges
(
fn
[]
(
sql-jdbc.conn/with-connection-spec-for-testing-connection
[
spec
[
:redshift
(
assoc
(
:details
(
mt/db
))
:user
username
)]]
[
spec
[
:redshift
(
assoc
(
:details
(
mt/db
))
:user
username
)]]
(
with-redefs
[
sql-jdbc.conn/db->pooled-connection-spec
(
fn
[
_
]
spec
)]
(
set
(
sql-jdbc.sync/current-user-table-privileges
driver/*driver*
spec
)))))]
(
try
(
execute!
(
format
(
str
"CREATE TABLE %1$s (id INTEGER);\n"
"CREATE VIEW %2$s AS SELECT * from %1$s;\n"
"CREATE MATERIALIZED VIEW %3$s AS SELECT * from %1$s;\n"
"CREATE USER %4$s WITH PASSWORD '%5$s';\n"
"GRANT SELECT ON %1$s TO %4$s;\n"
"GRANT UPDATE ON %1$s TO %4$s;\n"
"GRANT SELECT ON %2$s TO %4$s;\n"
"GRANT SELECT ON %3$s TO %4$s;"
)
qual-tbl-name
qual-view-name
qual-mview-name
username
(
get-in
(
mt/db
)
[
:details
:password
])))
(
testing
"check that without USAGE privileges on the schema, nothing is returned"
(
is
(
=
#
{}
(
get-privileges
))))
(
testing
"with USAGE privileges, SELECT and UPDATE privileges are returned"
(
jdbc/execute!
conn-spec
(
format
"GRANT USAGE ON SCHEMA \"%s\" TO %s;"
schema-name
username
))
(
is
(
=
#
{{
:role
nil
:schema
schema-name
:table
table-name
:update
true
:select
true
:insert
false
:delete
false
}
{
:role
nil
:schema
schema-name
:table
view-nm
:update
false
:select
true
:insert
false
:delete
false
}
{
:role
nil
:schema
schema-name
:table
mview-name
:select
true
:update
false
:insert
false
:delete
false
}}
(
get-privileges
))))
(
finally
(
execute!
(
format
(
str
"
DROP
TABLE
IF EXISTS %2$s CASCADE
;\n"
"
DROP VIEW IF EXISTS %3
$s
C
AS
CADE
;\n"
"
DROP
MATERIALIZED VIEW
IF EXISTS %4
$s
C
AS
CADE
;\n"
"RE
VOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA
\"%
1
$s\"
FROM
%5$s;\n"
"
REVOKE ALL PRIVILEGES ON SCHEMA \"%1$s\" FROM %5$s
;\n"
"
REVOKE USAGE ON SCHEMA \"%1$s\" FROM %5$s
;\n"
"
DROP USER IF EXISTS %5$s;"
)
schema-name
"
CREATE
TABLE
%1$s (id INTEGER)
;\n"
"
CREATE VIEW %2
$s AS
SELECT * from %1$s
;\n"
"
CREATE
MATERIALIZED VIEW
%3
$s AS
SELECT * from %1$s
;\n"
"
C
RE
ATE USER
\"%
4
$s\"
WITH PASSWORD '
%5$s
'
;\n"
"
GRANT SELECT ON %1$s TO \"%4$s\"
;\n"
"
GRANT UPDATE ON %1$s TO \"%4$s\"
;\n"
"
GRANT SELECT ON %2$s TO \"%4$s\";\n"
"GRANT SELECT ON %3$s TO \"%4$s\";"
)
qual-tbl-name
qual-view-name
qual-mview-name
username
)))))))))
username
(
get-in
(
mt/db
)
[
:details
:password
])))
(
testing
"check that without USAGE privileges on the schema, nothing is returned"
(
is
(
=
#
{}
(
get-privileges
))))
(
testing
"with USAGE privileges, SELECT and UPDATE privileges are returned"
(
jdbc/execute!
conn-spec
(
format
"GRANT USAGE ON SCHEMA \"%s\" TO \"%s\";"
schema-name
username
))
(
is
(
=
#
{{
:role
nil
:schema
schema-name
:table
table-name
:update
true
:select
true
:insert
false
:delete
false
}
{
:role
nil
:schema
schema-name
:table
view-nm
:update
false
:select
true
:insert
false
:delete
false
}
{
:role
nil
:schema
schema-name
:table
mview-name
:select
true
:update
false
:insert
false
:delete
false
}}
(
get-privileges
))))
(
finally
(
execute!
(
format
(
str
"DROP TABLE IF EXISTS %2$s CASCADE;\n"
"DROP VIEW IF EXISTS %3$s CASCADE;\n"
"DROP MATERIALIZED VIEW IF EXISTS %4$s CASCADE;\n"
"REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA \"%1$s\" FROM \"%5$s\";\n"
"REVOKE ALL PRIVILEGES ON SCHEMA \"%1$s\" FROM \"%5$s\";\n"
"REVOKE USAGE ON SCHEMA \"%1$s\" FROM \"%5$s\";\n"
"DROP USER IF EXISTS \"%5$s\";"
)
schema-name
qual-tbl-name
qual-view-name
qual-mview-name
username
)))))))))
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
