def feature(self, node="clickhouse1"): """Check grant privilege syntax. ```sql GRANT [ON CLUSTER cluster_name] privilege {SELECT | SELECT(columns) | INSERT | ALTER | CREATE | DROP | TRUNCATE | OPTIMIZE | SHOW | KILL QUERY | ACCESS MANAGEMENT | SYSTEM | INTROSPECTION | SOURCES | dictGet | NONE |ALL [PRIVILEGES]} [, ...] ON {*.* | database.* | database.table | * | table} TO {user | role | CURRENT_USER} [,...] [WITH GRANT OPTION] ``` """ node = self.context.cluster.node(node) Scenario(run=grant_privileges) # with nonexistant object name, GRANT assumes type role with Scenario("I grant privilege to role that does not exist", flags=TE, requirements=[RQ_SRS_006_RBAC_Grant_Privilege_None("1.0")]): with Given("I ensure that role does not exist"): node.query("DROP ROLE IF EXISTS role0") with When("I grant privilege ON CLUSTER"): exitcode, message = errors.role_not_found_in_disk(name="role0") node.query("GRANT NONE TO role0", exitcode=exitcode, message=message) with Scenario("I grant privilege ON CLUSTER", flags=TE, requirements=[ RQ_SRS_006_RBAC_Grant_Privilege_OnCluster("1.0"), RQ_SRS_006_RBAC_Grant_Privilege_None("1.0") ]): with setup(node): with When("I grant privilege ON CLUSTER"): node.query("GRANT ON CLUSTER sharded_cluster NONE TO user0") with Scenario( "I grant privilege on fake cluster, throws exception", flags=TE, requirements=[RQ_SRS_006_RBAC_Grant_Privilege_OnCluster("1.0")]): with setup(node): with When("I grant privilege ON CLUSTER"): exitcode, message = errors.cluster_not_found("fake_cluster") node.query("GRANT ON CLUSTER fake_cluster NONE TO user0", exitcode=exitcode, message=message) with Scenario("I grant privilege to multiple users and roles", flags=TE, requirements=[ RQ_SRS_006_RBAC_Grant_Privilege_To("1.0"), RQ_SRS_006_RBAC_Grant_Privilege_None("1.0") ]): with setup(node): with When("I grant privilege to several users"): node.query("GRANT NONE TO user0, user1, role1") with Scenario("I grant privilege to current user", flags=TE, requirements=[ RQ_SRS_006_RBAC_Grant_Privilege_ToCurrentUser("1.0"), RQ_SRS_006_RBAC_Grant_Privilege_None("1.0") ]): with setup(node): with When("I grant privilege to current user"): node.query("GRANT NONE TO CURRENT_USER", settings=[("user", "user0")]) with Scenario("I grant privilege NONE to default user, throws exception", flags=TE, requirements=[ RQ_SRS_006_RBAC_Grant_Privilege_ToCurrentUser("1.0"), RQ_SRS_006_RBAC_Grant_Privilege_None("1.0") ]): with setup(node): with When("I grant privilege to current user"): exitcode, message = errors.cannot_update_default() node.query("GRANT NONE TO CURRENT_USER", exitcode=exitcode, message=message) with Scenario("I grant privilege with grant option", flags=TE, requirements=[ RQ_SRS_006_RBAC_Grant_Privilege_GrantOption("1.0"), RQ_SRS_006_RBAC_Grant_Privilege_None("1.0") ]): with setup(node): with When("I grant privilege with grant option"): node.query("GRANT NONE ON *.* TO user0 WITH GRANT OPTION")
def feature(self, node="clickhouse1"): """Check revoke query syntax. ```sql REVOKE [ON CLUSTER cluster_name] [ADMIN OPTION FOR] role [,...] FROM {user | role | CURRENT_USER} [,...] | ALL | ALL EXCEPT {user_name | role_name | CURRENT_USER} [,...] ``` """ node = self.context.cluster.node(node) @contextmanager def setup(users=2, roles=2): try: with Given("I have some users"): for i in range(users): node.query(f"CREATE USER OR REPLACE user{i}") with And("I have some roles"): for i in range(roles): node.query(f"CREATE ROLE OR REPLACE role{i}") yield finally: with Finally("I drop the users"): for i in range(users): node.query(f"DROP USER IF EXISTS user{i}") with And("I drop the roles"): for i in range(roles): node.query(f"DROP ROLE IF EXISTS role{i}") with Scenario("I revoke a role from a user", requirements=[RQ_SRS_006_RBAC_Revoke_Role("1.0")]): with setup(): with When("I revoke a role"): node.query("REVOKE role0 FROM user0") with Scenario("I revoke a nonexistent role from user", requirements=[RQ_SRS_006_RBAC_Revoke_Role("1.0")]): with setup(1, 0): with When("I revoke nonexistent role from a user"): exitcode, message = errors.role_not_found_in_disk(name="role0") node.query("REVOKE role0 FROM user0", exitcode=exitcode, message=message) # with nonexistent object name, REVOKE assumes type role (treats user0 as role) with Scenario("I revoke a role from a nonexistent user", requirements=[RQ_SRS_006_RBAC_Revoke_Role("1.0")]): with setup(0, 1): with When("I revoke role from a nonexistent user"): exitcode, message = errors.role_not_found_in_disk(name="user0") node.query("REVOKE role0 FROM user0", exitcode=exitcode, message=message) # with nonexistent object name, REVOKE assumes type role (treats user0 as role) with Scenario("I revoke a role from ALL EXCEPT nonexistent user", requirements=[RQ_SRS_006_RBAC_Revoke_Role("1.0")]): with setup(0, 1): with When("I revoke role from a nonexistent user"): exitcode, message = errors.role_not_found_in_disk(name="user0") node.query("REVOKE role0 FROM ALL EXCEPT user0", exitcode=exitcode, message=message) with Scenario("I revoke a nonexistent role from a nonexistent user", requirements=[RQ_SRS_006_RBAC_Revoke_Role("1.0")]): with setup(0, 0): with When("I revoke nonexistent role from a nonexistent user"): exitcode, message = errors.role_not_found_in_disk(name="user0") node.query("REVOKE role0 FROM user0", exitcode=exitcode, message=message) with Scenario("I revoke a role from multiple users", requirements=[RQ_SRS_006_RBAC_Revoke_Role("1.0")]): with setup(): with When("I revoke a role from multiple users"): node.query("REVOKE role0 FROM user0, user1") with Scenario("I revoke multiple roles from multiple users", requirements=[RQ_SRS_006_RBAC_Revoke_Role("1.0")]): with setup(): node.query("REVOKE role0, role1 FROM user0, user1") #user is default, expect exception with Scenario("I revoke a role from default user", requirements=[ RQ_SRS_006_RBAC_Revoke_Role("1.0"), RQ_SRS_006_RBAC_Revoke_Role_Keywords("1.0") ]): with setup(): with When("I revoke a role from default user"): exitcode, message = errors.cannot_update_default() node.query("REVOKE role0 FROM CURRENT_USER", exitcode=exitcode, message=message) #user is user0 with Scenario("I revoke a role from current user", requirements=[ RQ_SRS_006_RBAC_Revoke_Role("1.0"), RQ_SRS_006_RBAC_Revoke_Role_Keywords("1.0") ]): with setup(): with When("I revoke a role from current user"): node.query("REVOKE role0 FROM CURRENT_USER", settings=[("user", "user0")]) #user is default, expect exception with Scenario("I revoke a role from all", requirements=[ RQ_SRS_006_RBAC_Revoke_Role("1.0"), RQ_SRS_006_RBAC_Revoke_Role_Keywords("1.0") ]): with setup(): with When("I revoke a role from all"): exitcode, message = errors.cannot_update_default() node.query("REVOKE role0 FROM ALL", exitcode=exitcode, message=message) #user is default, expect exception with Scenario("I revoke multiple roles from all", requirements=[ RQ_SRS_006_RBAC_Revoke_Role("1.0"), RQ_SRS_006_RBAC_Revoke_Role_Keywords("1.0") ]): with setup(): with When("I revoke multiple roles from all"): exitcode, message = errors.cannot_update_default() node.query("REVOKE role0, role1 FROM ALL", exitcode=exitcode, message=message) with Scenario("I revoke a role from all but current user", requirements=[ RQ_SRS_006_RBAC_Revoke_Role("1.0"), RQ_SRS_006_RBAC_Revoke_Role_Keywords("1.0") ]): with setup(): with When("I revoke a role from all except current"): node.query("REVOKE role0 FROM ALL EXCEPT CURRENT_USER") with Scenario("I revoke a role from all but default user", requirements=[ RQ_SRS_006_RBAC_Revoke_Role("1.0"), RQ_SRS_006_RBAC_Revoke_Role_Keywords("1.0") ]): with setup(): with When("I revoke a role from all except default"): node.query("REVOKE role0 FROM ALL EXCEPT default", settings=[("user", "user0")]) with Scenario("I revoke multiple roles from all but default user", requirements=[ RQ_SRS_006_RBAC_Revoke_Role("1.0"), RQ_SRS_006_RBAC_Revoke_Role_Keywords("1.0") ]): with setup(): with When("I revoke multiple roles from all except default"): node.query("REVOKE role0, role1 FROM ALL EXCEPT default", settings=[("user", "user0")]) with Scenario("I revoke a role from a role", requirements=[RQ_SRS_006_RBAC_Revoke_Role("1.0")]): with setup(): with When("I revoke a role from a role"): node.query("REVOKE role0 FROM role1") with Scenario("I revoke a role from a role and a user", requirements=[RQ_SRS_006_RBAC_Revoke_Role("1.0")]): with setup(): with When("I revoke a role from multiple roles"): node.query("REVOKE role0 FROM role1, user0") with Scenario("I revoke a role from a user on cluster", requirements=[RQ_SRS_006_RBAC_Revoke_Role_Cluster("1.0")]): with Given("I have a role and a user on a cluster"): node.query( "CREATE USER OR REPLACE user0 ON CLUSTER sharded_cluster") node.query( "CREATE ROLE OR REPLACE role0 ON CLUSTER sharded_cluster") with When("I revoke a role from user on a cluster"): node.query("REVOKE ON CLUSTER sharded_cluster role0 FROM user0") with Finally("I drop the user and role"): node.query("DROP USER IF EXISTS user0 ON CLUSTER sharded_cluster") node.query("DROP ROLE IF EXISTS role0 ON CLUSTER sharded_cluster") with Scenario("I revoke a role on fake cluster, throws exception", requirements=[RQ_SRS_006_RBAC_Revoke_Role_Cluster("1.0")]): with Given("I have a role and a user on a cluster"): node.query("CREATE USER OR REPLACE user0") node.query("CREATE ROLE OR REPLACE role0") with When("I revoke a role from user on a cluster"): exitcode, message = errors.cluster_not_found("fake_cluster") node.query("REVOKE ON CLUSTER fake_cluster role0 FROM user0", exitcode=exitcode, message=message) with Finally("I drop the user and role"): node.query("DROP USER IF EXISTS user0") node.query("DROP ROLE IF EXISTS role0") with Scenario("I revoke multiple roles from multiple users on cluster", requirements=[ RQ_SRS_006_RBAC_Revoke_Role("1.0"), RQ_SRS_006_RBAC_Revoke_Role_Cluster("1.0") ]): with Given("I have multiple roles and multiple users on a cluster"): for i in range(2): node.query( f"CREATE USER OR REPLACE user{i} ON CLUSTER sharded_cluster" ) node.query( f"CREATE ROLE OR REPLACE role{i} ON CLUSTER sharded_cluster" ) with When("I revoke multiple roles from multiple users on cluster"): node.query( "REVOKE ON CLUSTER sharded_cluster role0, role1 FROM user0, user1" ) with Finally("I drop the roles and users"): for i in range(2): node.query( f"DROP USER IF EXISTS user{i} ON CLUSTER sharded_cluster") node.query( f"DROP ROLE IF EXISTS role{i} ON CLUSTER sharded_cluster") with Scenario("I revoke admin option for role from a user", requirements=[RQ_SRS_006_RBAC_Revoke_AdminOption("1.0")]): with setup(): with When("I revoke admin option for role from a user"): node.query("REVOKE ADMIN OPTION FOR role0 FROM user0") with Scenario( "I revoke admin option for multiple roles from multiple users", requirements=[ RQ_SRS_006_RBAC_Revoke_Role("1.0"), RQ_SRS_006_RBAC_Revoke_AdminOption("1.0") ]): with setup(): with When( "I revoke admin option for multiple roles from multiple users" ): node.query( "REVOKE ADMIN OPTION FOR role0, role1 FROM user0, user1")
def feature(self, node="clickhouse1"): """Check grant query syntax. ```sql GRANT ON CLUSTER [cluster_name] role [,...] TO {user | another_role | CURRENT_USER} [,...] [WITH ADMIN OPTION] ``` """ node = self.context.cluster.node(node) @contextmanager def setup(users=0, roles=0): try: with Given("I have some users and roles"): for i in range(users): node.query(f"CREATE USER OR REPLACE user{i}") for j in range(roles): node.query(f"CREATE ROLE OR REPLACE role{j}") yield finally: with Finally("I drop the users and roles"): for i in range(users): node.query(f"DROP USER IF EXISTS user{i}") for j in range(roles): node.query(f"DROP ROLE IF EXISTS role{j}") with Scenario("I grant a role to a user", requirements=[RQ_SRS_006_RBAC_Grant_Role("1.0")]): with setup(1, 1): with When("I grant a role"): node.query("GRANT role0 TO user0") with Scenario( "I grant a nonexistent role to user", requirements=[RQ_SRS_006_RBAC_Grant_Role("1.0")], ): with setup(1, 0): with When("I grant nonexistent role to a user"): exitcode, message = errors.role_not_found_in_disk(name="role0") node.query("GRANT role0 TO user0", exitcode=exitcode, message=message) # with nonexistent object name, GRANT assumes type role (treats user0 as role) with Scenario( "I grant a role to a nonexistent user", requirements=[RQ_SRS_006_RBAC_Grant_Role("1.0")], ): with setup(0, 1): with When("I grant role to a nonexistent user"): exitcode, message = errors.role_not_found_in_disk(name="user0") node.query("GRANT role0 TO user0", exitcode=exitcode, message=message) with Scenario( "I grant a nonexistent role to a nonexistent user", requirements=[RQ_SRS_006_RBAC_Grant_Role("1.0")], ): with setup(0, 0): with When("I grant nonexistent role to a nonexistent user"): exitcode, message = (errors.role_not_found_in_disk( name="user0") if check_clickhouse_version(">=21.09")(self) else errors.role_not_found_in_disk( name="role0")) node.query("GRANT role0 TO user0", exitcode=exitcode, message=message) with Scenario( "I grant a role to multiple users", requirements=[RQ_SRS_006_RBAC_Grant_Role("1.0")], ): with setup(2, 1): with When("I grant role to a multiple users"): node.query("GRANT role0 TO user0, user1") with Scenario( "I grant multiple roles to multiple users", requirements=[RQ_SRS_006_RBAC_Grant_Role("1.0")], ): with setup(2, 2): with When("I grant multiple roles to multiple users"): node.query("GRANT role0, role1 TO user0, user1") with Scenario( "I grant role to current user", requirements=[RQ_SRS_006_RBAC_Grant_Role_CurrentUser("1.0")], ): with setup(1, 1): with Given("I have a user with access management privilege"): node.query("GRANT ACCESS MANAGEMENT ON *.* TO user0") with When("I grant role to current user"): node.query("GRANT role0 TO CURRENT_USER", settings=[("user", "user0")]) with Scenario( "I grant role to default user, throws exception", requirements=[RQ_SRS_006_RBAC_Grant_Role_CurrentUser("1.0")], ): with setup(1, 1): with When("I grant role to default user"): exitcode, message = errors.cannot_update_default() node.query("GRANT role0 TO CURRENT_USER", exitcode=exitcode, message=message) with Scenario( "I grant role to user with admin option", requirements=[RQ_SRS_006_RBAC_Grant_Role_AdminOption("1.0")], ): with setup(1, 1): with When("I grant role to a user with admin option"): node.query("GRANT role0 TO user0 WITH ADMIN OPTION") with Scenario( "I grant role to user on cluster", requirements=[RQ_SRS_006_RBAC_Grant_Role_OnCluster("1.0")], ): try: with Given("I have a user and a role on a cluster"): node.query( "CREATE USER OR REPLACE user0 ON CLUSTER sharded_cluster") node.query( "CREATE ROLE OR REPLACE role0 ON CLUSTER sharded_cluster") with When("I grant the role to the user"): node.query("GRANT ON CLUSTER sharded_cluster role0 TO user0") finally: with Finally("I drop the user and role"): node.query( "DROP USER IF EXISTS user0 ON CLUSTER sharded_cluster") node.query( "DROP ROLE IF EXISTS role0 ON CLUSTER sharded_cluster") with Scenario( "I grant role to user on fake cluster, throws exception", requirements=[RQ_SRS_006_RBAC_Grant_Role_OnCluster("1.0")], ): with setup(1, 1): with When("I grant the role to the user"): exitcode, message = errors.cluster_not_found("fake_cluster") node.query( "GRANT ON CLUSTER fake_cluster role0 TO user0", exitcode=exitcode, message=message, )
def feature(self, node="clickhouse1"): """Check set default role query syntax. ```sql SET DEFAULT ROLE {NONE | role [,...] | ALL | ALL EXCEPT role [,...]} TO {user|CURRENT_USER} [,...] ``` """ node = self.context.cluster.node(node) @contextmanager def setup(users=2,roles=2): try: with Given("I have some users"): for i in range(users): node.query(f"CREATE USER OR REPLACE user{i}") with And("I have some roles"): for i in range(roles): node.query(f"CREATE ROLE OR REPLACE role{i}") yield finally: with Finally("I drop the users"): for i in range(users): node.query(f"DROP USER IF EXISTS user{i}") with And("I drop the roles"): for i in range(roles): node.query(f"DROP ROLE IF EXISTS role{i}") with Scenario("I set default a nonexistent role to user", requirements=[ RQ_SRS_006_RBAC_SetDefaultRole("1.0")]): with setup(1,0): with When("I set default nonexistent role to a user"): exitcode, message = errors.role_not_found_in_disk(name="role0") node.query("SET DEFAULT ROLE role0 TO user0", exitcode=exitcode, message=message) with Scenario("I set default ALL EXCEPT a nonexistent role to user", requirements=[ RQ_SRS_006_RBAC_SetDefaultRole("1.0")]): with setup(1,0): with When("I set default nonexistent role to a user"): exitcode, message = errors.role_not_found_in_disk(name="role0") node.query("SET DEFAULT ROLE ALL EXCEPT role0 TO user0", exitcode=exitcode, message=message) with Scenario("I set default a role to a nonexistent user", requirements=[ RQ_SRS_006_RBAC_SetDefaultRole("1.0")]): with setup(0,1): with When("I set default role to a nonexistent user"): exitcode, message = errors.user_not_found_in_disk(name="user0") node.query("SET DEFAULT ROLE role0 TO user0", exitcode=exitcode, message=message) #in SET DEFAULT ROLE, the nonexistent user is noticed first and becomes the thrown exception with Scenario("I set default a nonexistent role to a nonexistent user", requirements=[ RQ_SRS_006_RBAC_SetDefaultRole("1.0")]): with setup(0,0): with When("I set default nonexistent role to a nonexistent user"): exitcode, message = errors.user_not_found_in_disk(name="user0") node.query("SET DEFAULT ROLE role0 TO user0", exitcode=exitcode, message=message) try: with Given("I have some roles and some users"): for i in range(2): node.query(f"CREATE ROLE role{i}") node.query(f"CREATE USER user{i}") node.query(f"GRANT role0, role1 TO user0, user1") with Scenario("I set default role for a user to none", requirements=[ RQ_SRS_006_RBAC_SetDefaultRole_None("1.0")]): with When("I set no roles default for user"): node.query("SET DEFAULT ROLE NONE TO user0") with Scenario("I set one default role for a user", requirements=[ RQ_SRS_006_RBAC_SetDefaultRole("1.0")]): with When("I set a default role for user "): node.query("SET DEFAULT ROLE role0 TO user0") with Scenario("I set one default role for user default, throws exception", requirements=[ RQ_SRS_006_RBAC_SetDefaultRole("1.0")]): with When("I set a default role for default"): exitcode, message = errors.cannot_update_default() node.query("SET DEFAULT ROLE role0 TO default", exitcode=exitcode, message=message) with Scenario("I set multiple default roles for a user", requirements=[ RQ_SRS_006_RBAC_SetDefaultRole("1.0")]): with When("I set multiple default roles to user"): node.query("SET DEFAULT ROLE role0, role1 TO user0") with Scenario("I set multiple default roles for multiple users", requirements=[ RQ_SRS_006_RBAC_SetDefaultRole("1.0")]): with When("I set multiple default roles to multiple users"): node.query("SET DEFAULT ROLE role0, role1 TO user0, user1") with Scenario("I set all roles as default for a user", requirements=[ RQ_SRS_006_RBAC_SetDefaultRole_All("1.0")]): with When("I set all roles default to user"): node.query("SET DEFAULT ROLE ALL TO user0") with Scenario("I set all roles except one for a user", requirements=[ RQ_SRS_006_RBAC_SetDefaultRole_AllExcept("1.0")]): with When("I set all except one role default to user"): node.query("SET DEFAULT ROLE ALL EXCEPT role0 TO user0") with Scenario("I set default role for current user", requirements=[ RQ_SRS_006_RBAC_SetDefaultRole_CurrentUser("1.0")]): with When("I set default role to current user"): node.query("GRANT ACCESS MANAGEMENT ON *.* TO user0") node.query("SET DEFAULT ROLE role0 TO CURRENT_USER", settings = [("user","user0")]) finally: with Finally("I drop the roles and users"): for i in range(2): node.query(f"DROP ROLE IF EXISTS role{i}") node.query(f"DROP USER IF EXISTS user{i}")
def feature(self, node="clickhouse1"): """Check revoke privilege syntax. ```sql REVOKE [ON CLUSTER cluster_name] privilege [(column_name [,...])] [,...] ON {db.table|db.*|*.*|table|*} FROM {user | CURRENT_USER} [,...] | ALL | ALL EXCEPT {user | CURRENT_USER} [,...] ``` """ node = self.context.cluster.node(node) Scenario(run=revoke_privileges) with Scenario("I revoke privilege ON CLUSTER", requirements=[ RQ_SRS_006_RBAC_Revoke_Privilege_Cluster("1.0"), RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]): with setup(node): with When("I revoke privilege ON CLUSTER"): node.query("REVOKE ON CLUSTER sharded_cluster NONE FROM user0") with Scenario("I revoke privilege ON fake CLUSTER, throws exception", requirements=[ RQ_SRS_006_RBAC_Revoke_Privilege_Cluster("1.0"), RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]): with setup(node): with When("I revoke privilege ON CLUSTER"): exitcode, message = errors.cluster_not_found("fake_cluster") node.query("REVOKE ON CLUSTER fake_cluster NONE FROM user0", exitcode=exitcode, message=message) with Scenario("I revoke privilege from multiple users and roles", requirements=[ RQ_SRS_006_RBAC_Revoke_Privilege_From("1.0"), RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]): with setup(node): with When("I revoke privilege from multiple users"): node.query("REVOKE NONE FROM user0, user1, role1") with Scenario("I revoke privilege from current user", requirements=[ RQ_SRS_006_RBAC_Revoke_Privilege_From("1.0"), RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]): with setup(node): with When("I revoke privilege from current user"): node.query("REVOKE NONE FROM CURRENT_USER", settings = [("user","user0")]) with Scenario("I revoke privilege from all users", requirements=[ RQ_SRS_006_RBAC_Revoke_Privilege_From("1.0"), RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]): with setup(node): with When("I revoke privilege from all users"): exitcode, message = errors.cannot_update_default() node.query("REVOKE NONE FROM ALL", exitcode=exitcode,message=message) with Scenario("I revoke privilege from default user", requirements=[ RQ_SRS_006_RBAC_Revoke_Privilege_From("1.0"), RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]): with setup(node): with When("I revoke privilege from default user"): exitcode, message = errors.cannot_update_default() node.query("REVOKE NONE FROM default", exitcode=exitcode,message=message) #By default, ClickHouse treats unnamed object as role with Scenario("I revoke privilege from nonexistent role, throws exception", requirements=[ RQ_SRS_006_RBAC_Revoke_Privilege_From("1.0"), RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]): role = "role5" with Given(f"I ensure that role {role} does not exist"): node.query(f"DROP ROLE IF EXISTS {role}") with When(f"I revoke privilege from nonexistent role {role}"): exitcode, message = errors.role_not_found_in_disk(role) node.query(f"REVOKE NONE FROM {role}", exitcode=exitcode,message=message) with Scenario("I revoke privilege from ALL EXCEPT nonexistent role, throws exception", requirements=[ RQ_SRS_006_RBAC_Revoke_Privilege_From("1.0"), RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]): role = "role5" with Given(f"I ensure that role {role} does not exist"): node.query(f"DROP ROLE IF EXISTS {role}") with When(f"I revoke privilege from nonexistent role {role}"): exitcode, message = errors.role_not_found_in_disk(role) node.query(f"REVOKE NONE FROM ALL EXCEPT {role}", exitcode=exitcode,message=message) with Scenario("I revoke privilege from all except some users and roles", requirements=[ RQ_SRS_006_RBAC_Revoke_Privilege_From("1.0"), RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]): with setup(node): with When("I revoke privilege all except some users"): node.query("REVOKE NONE FROM ALL EXCEPT default, user0, role1") with Scenario("I revoke privilege from all except current user", requirements=[ RQ_SRS_006_RBAC_Revoke_Privilege_From("1.0"), RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]): with setup(node): with When("I revoke privilege from all except current user"): node.query("REVOKE NONE FROM ALL EXCEPT CURRENT_USER")