From b3f47b34116aa3a4237342c161ce896be931951c Mon Sep 17 00:00:00 2001
From: metamben <103100869+metamben@users.noreply.github.com>
Date: Fri, 1 Mar 2024 23:00:30 +0300
Subject: [PATCH] Generate unique user name in table-privileges-test (#39457)
* Generate unique user name in table-privileges-test
---
.../test/metabase/driver/redshift_test.clj | 109 +++++++++---------
1 file changed, 55 insertions(+), 54 deletions(-)
diff --git a/modules/drivers/redshift/test/metabase/driver/redshift_test.clj b/modules/drivers/redshift/test/metabase/driver/redshift_test.clj
index 02dcc585ccf..f75a49dd54c 100644
--- a/modules/drivers/redshift/test/metabase/driver/redshift_test.clj
+++ b/modules/drivers/redshift/test/metabase/driver/redshift_test.clj
@@ -11,6 +11,7 @@
[metabase.driver.sql-jdbc.sync.describe-database
:as sql-jdbc.describe-database]
[metabase.driver.sql.query-processor :as sql.qp]
+ [metabase.driver.sql.test-util.unique-prefix :as sql.tu.unique-prefix]
[metabase.models.database :refer [Database]]
[metabase.models.field :refer [Field]]
[metabase.models.table :refer [Table]]
@@ -409,7 +410,7 @@
(testing "`table-privileges` should return the correct data for current_user and role privileges"
(mt/with-temp [Database _database {:engine :redshift, :details (tx/dbdef->connection-details :redshift nil nil)}]
(let [schema-name (redshift.test/unique-session-schema)
- username "privilege_rows_test_example_role"
+ username (str (sql.tu.unique-prefix/unique-prefix) "privilege_rows_test_role")
table-name "test_tp_table"
qual-tbl-name (format "\"%s\".\"%s\"" schema-name table-name)
view-nm "test_tp_view"
@@ -419,64 +420,64 @@
conn-spec (sql-jdbc.conn/db->pooled-connection-spec (mt/db))
get-privileges (fn []
(sql-jdbc.conn/with-connection-spec-for-testing-connection
- [spec [:redshift (assoc (:details (mt/db)) :user username)]]
+ [spec [:redshift (assoc (:details (mt/db)) :user username)]]
(with-redefs [sql-jdbc.conn/db->pooled-connection-spec (fn [_] spec)]
(set (sql-jdbc.sync/current-user-table-privileges driver/*driver* spec)))))]
(try
- (execute! (format
- (str
- "CREATE TABLE %1$s (id INTEGER);\n"
- "CREATE VIEW %2$s AS SELECT * from %1$s;\n"
- "CREATE MATERIALIZED VIEW %3$s AS SELECT * from %1$s;\n"
- "CREATE USER %4$s WITH PASSWORD '%5$s';\n"
- "GRANT SELECT ON %1$s TO %4$s;\n"
- "GRANT UPDATE ON %1$s TO %4$s;\n"
- "GRANT SELECT ON %2$s TO %4$s;\n"
- "GRANT SELECT ON %3$s TO %4$s;")
- qual-tbl-name
- qual-view-name
- qual-mview-name
- username
- (get-in (mt/db) [:details :password])))
- (testing "check that without USAGE privileges on the schema, nothing is returned"
- (is (= #{}
- (get-privileges))))
- (testing "with USAGE privileges, SELECT and UPDATE privileges are returned"
- (jdbc/execute! conn-spec (format "GRANT USAGE ON SCHEMA \"%s\" TO %s;" schema-name username))
- (is (= #{{:role nil
- :schema schema-name
- :table table-name
- :update true
- :select true
- :insert false
- :delete false}
- {:role nil
- :schema schema-name
- :table view-nm
- :update false
- :select true
- :insert false
- :delete false}
- {:role nil
- :schema schema-name
- :table mview-name
- :select true
- :update false
- :insert false
- :delete false}}
- (get-privileges))))
- (finally
(execute! (format
(str
- "DROP TABLE IF EXISTS %2$s CASCADE;\n"
- "DROP VIEW IF EXISTS %3$s CASCADE;\n"
- "DROP MATERIALIZED VIEW IF EXISTS %4$s CASCADE;\n"
- "REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA \"%1$s\" FROM %5$s;\n"
- "REVOKE ALL PRIVILEGES ON SCHEMA \"%1$s\" FROM %5$s;\n"
- "REVOKE USAGE ON SCHEMA \"%1$s\" FROM %5$s;\n"
- "DROP USER IF EXISTS %5$s;")
- schema-name
+ "CREATE TABLE %1$s (id INTEGER);\n"
+ "CREATE VIEW %2$s AS SELECT * from %1$s;\n"
+ "CREATE MATERIALIZED VIEW %3$s AS SELECT * from %1$s;\n"
+ "CREATE USER \"%4$s\" WITH PASSWORD '%5$s';\n"
+ "GRANT SELECT ON %1$s TO \"%4$s\";\n"
+ "GRANT UPDATE ON %1$s TO \"%4$s\";\n"
+ "GRANT SELECT ON %2$s TO \"%4$s\";\n"
+ "GRANT SELECT ON %3$s TO \"%4$s\";")
qual-tbl-name
qual-view-name
qual-mview-name
- username)))))))))
+ username
+ (get-in (mt/db) [:details :password])))
+ (testing "check that without USAGE privileges on the schema, nothing is returned"
+ (is (= #{}
+ (get-privileges))))
+ (testing "with USAGE privileges, SELECT and UPDATE privileges are returned"
+ (jdbc/execute! conn-spec (format "GRANT USAGE ON SCHEMA \"%s\" TO \"%s\";" schema-name username))
+ (is (= #{{:role nil
+ :schema schema-name
+ :table table-name
+ :update true
+ :select true
+ :insert false
+ :delete false}
+ {:role nil
+ :schema schema-name
+ :table view-nm
+ :update false
+ :select true
+ :insert false
+ :delete false}
+ {:role nil
+ :schema schema-name
+ :table mview-name
+ :select true
+ :update false
+ :insert false
+ :delete false}}
+ (get-privileges))))
+ (finally
+ (execute! (format
+ (str
+ "DROP TABLE IF EXISTS %2$s CASCADE;\n"
+ "DROP VIEW IF EXISTS %3$s CASCADE;\n"
+ "DROP MATERIALIZED VIEW IF EXISTS %4$s CASCADE;\n"
+ "REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA \"%1$s\" FROM \"%5$s\";\n"
+ "REVOKE ALL PRIVILEGES ON SCHEMA \"%1$s\" FROM \"%5$s\";\n"
+ "REVOKE USAGE ON SCHEMA \"%1$s\" FROM \"%5$s\";\n"
+ "DROP USER IF EXISTS \"%5$s\";")
+ schema-name
+ qual-tbl-name
+ qual-view-name
+ qual-mview-name
+ username)))))))))
--
GitLab