def feature(self, node="clickhouse1"):
"""Check revoke privilege syntax.
```sql
REVOKE [ON CLUSTER cluster_name] privilege
[(column_name [,...])] [,...]
ON {db.table|db.*|*.*|table|*}
FROM {user | CURRENT_USER} [,...] | ALL | ALL EXCEPT {user | CURRENT_USER} [,...]
```
"""
node = self.context.cluster.node(node)
Scenario(run=revoke_privileges)
with Scenario("I revoke privilege ON CLUSTER", flags=TE, requirements=[
RQ_SRS_006_RBAC_Revoke_Privilege_Cluster("1.0"),
RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]):
with setup(node):
with When("I revoke privilege ON CLUSTER"):
node.query("REVOKE ON CLUSTER sharded_cluster NONE FROM user0")
with Scenario("I revoke privilege ON fake CLUSTER, throws exception", flags=TE, requirements=[
RQ_SRS_006_RBAC_Revoke_Privilege_Cluster("1.0"),
RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]):
with setup(node):
with When("I revoke privilege ON CLUSTER"):
exitcode, message = errors.cluster_not_found("fake_cluster")
node.query("REVOKE ON CLUSTER fake_cluster NONE FROM user0",
exitcode=exitcode, message=message)
with Scenario("I revoke privilege from multiple users and roles", flags=TE, requirements=[
RQ_SRS_006_RBAC_Revoke_Privilege_From("1.0"),
RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]):
with setup(node):
with When("I revoke privilege from multiple users"):
node.query("REVOKE NONE FROM user0, user1, role1")
with Scenario("I revoke privilege from current user", flags=TE, requirements=[
RQ_SRS_006_RBAC_Revoke_Privilege_From("1.0"),
RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]):
with setup(node):
with When("I revoke privilege from current user"):
node.query("REVOKE NONE FROM CURRENT_USER", settings = [("user","user0")])
with Scenario("I revoke privilege from all users", flags=TE, requirements=[
RQ_SRS_006_RBAC_Revoke_Privilege_From("1.0"),
RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]):
with setup(node):
with When("I revoke privilege from all users"):
exitcode, message = errors.cannot_update_default()
node.query("REVOKE NONE FROM ALL", exitcode=exitcode,message=message)
with Scenario("I revoke privilege from default user", flags=TE, requirements=[
RQ_SRS_006_RBAC_Revoke_Privilege_From("1.0"),
RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]):
with setup(node):
with When("I revoke privilege from default user"):
exitcode, message = errors.cannot_update_default()
node.query("REVOKE NONE FROM default", exitcode=exitcode,message=message)
#By default, ClickHouse treats unnamed object as role
with Scenario("I revoke privilege from nonexistent role, throws exception", flags=TE, requirements=[
RQ_SRS_006_RBAC_Revoke_Privilege_From("1.0"),
RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]):
role = "role5"
with Given(f"I ensure that role {role} does not exist"):
node.query(f"DROP ROLE IF EXISTS {role}")
with When(f"I revoke privilege from nonexistent role {role}"):
exitcode, message = errors.role_not_found_in_disk(role)
node.query(f"REVOKE NONE FROM {role}", exitcode=exitcode,message=message)
with Scenario("I revoke privilege from ALL EXCEPT nonexistent role, throws exception", flags=TE, requirements=[
RQ_SRS_006_RBAC_Revoke_Privilege_From("1.0"),
RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]):
role = "role5"
with Given(f"I ensure that role {role} does not exist"):
node.query(f"DROP ROLE IF EXISTS {role}")
with When(f"I revoke privilege from nonexistent role {role}"):
exitcode, message = errors.role_not_found_in_disk(role)
node.query(f"REVOKE NONE FROM ALL EXCEPT {role}", exitcode=exitcode,message=message)
with Scenario("I revoke privilege from all except some users and roles", flags=TE, requirements=[
RQ_SRS_006_RBAC_Revoke_Privilege_From("1.0"),
RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]):
with setup(node):
with When("I revoke privilege all except some users"):
node.query("REVOKE NONE FROM ALL EXCEPT default, user0, role1")
with Scenario("I revoke privilege from all except current user", flags=TE, requirements=[
RQ_SRS_006_RBAC_Revoke_Privilege_From("1.0"),
RQ_SRS_006_RBAC_Revoke_Privilege_None("1.0")]):
with setup(node):
with When("I revoke privilege from all except current user"):
node.query("REVOKE NONE FROM ALL EXCEPT CURRENT_USER")
def feature(self, node="clickhouse1"):
"""Check grant query syntax.
```sql
GRANT ON CLUSTER [cluster_name] role [,...] TO {user | another_role | CURRENT_USER} [,...] [WITH ADMIN OPTION]
```
"""
node = self.context.cluster.node(node)
@contextmanager
def setup(users=0, roles=0):
try:
with Given("I have some users and roles"):
for i in range(users):
node.query(f"CREATE USER OR REPLACE user{i}")
for j in range(roles):
node.query(f"CREATE ROLE OR REPLACE role{j}")
yield
finally:
with Finally("I drop the users and roles"):
for i in range(users):
node.query(f"DROP USER IF EXISTS user{i}")
for j in range(roles):
node.query(f"DROP ROLE IF EXISTS role{j}")
with Scenario("I grant a role to a user",
flags=TE,
requirements=[RQ_SRS_006_RBAC_Grant_Role("1.0")]):
with setup(1, 1):
with When("I grant a role"):
node.query("GRANT role0 TO user0")
with Scenario("I grant a nonexistent role to user",
requirements=[RQ_SRS_006_RBAC_Grant_Role("1.0")]):
with setup(1, 0):
with When("I grant nonexistent role to a user"):
exitcode, message = errors.role_not_found_in_disk(name="role0")
node.query("GRANT role0 TO user0",
exitcode=exitcode,
message=message)
# with nonexistent object name, GRANT assumes type role (treats user0 as role)
with Scenario("I grant a role to a nonexistent user",
requirements=[RQ_SRS_006_RBAC_Grant_Role("1.0")]):
with setup(0, 1):
with When("I grant role to a nonexistent user"):
exitcode, message = errors.role_not_found_in_disk(name="user0")
node.query("GRANT role0 TO user0",
exitcode=exitcode,
message=message)
with Scenario("I grant a nonexistent role to a nonexistent user",
requirements=[RQ_SRS_006_RBAC_Grant_Role("1.0")]):
with setup(0, 0):
with When("I grant nonexistent role to a nonexistent user"):
exitcode, message = errors.role_not_found_in_disk(name="role0")
node.query("GRANT role0 TO user0",
exitcode=exitcode,
message=message)
with Scenario("I grant a role to multiple users",
flags=TE,
requirements=[RQ_SRS_006_RBAC_Grant_Role("1.0")]):
with setup(2, 1):
with When("I grant role to a multiple users"):
node.query("GRANT role0 TO user0, user1")
with Scenario("I grant multiple roles to multiple users",
flags=TE,
requirements=[RQ_SRS_006_RBAC_Grant_Role("1.0")]):
with setup(2, 2):
with When("I grant multiple roles to multiple users"):
node.query("GRANT role0, role1 TO user0, user1")
with Scenario("I grant role to current user",
flags=TE,
requirements=[RQ_SRS_006_RBAC_Grant_Role_CurrentUser("1.0")
]):
with setup(1, 1):
with Given("I have a user with access management privilege"):
node.query("GRANT ACCESS MANAGEMENT ON *.* TO user0")
with When("I grant role to current user"):
node.query("GRANT role0 TO CURRENT_USER",
settings=[("user", "user0")])
with Scenario("I grant role to default user, throws exception",
flags=TE,
requirements=[RQ_SRS_006_RBAC_Grant_Role_CurrentUser("1.0")
]):
with setup(1, 1):
with When("I grant role to default user"):
exitcode, message = errors.cannot_update_default()
node.query("GRANT role0 TO CURRENT_USER",
exitcode=exitcode,
message=message)
with Scenario("I grant role to user with admin option",
flags=TE,
requirements=[RQ_SRS_006_RBAC_Grant_Role_AdminOption("1.0")
]):
with setup(1, 1):
with When("I grant role to a user with admin option"):
node.query("GRANT role0 TO user0 WITH ADMIN OPTION")
with Scenario("I grant role to user on cluster",
flags=TE,
requirements=[RQ_SRS_006_RBAC_Grant_Role_OnCluster("1.0")]):
try:
with Given("I have a user and a role on a cluster"):
node.query("CREATE USER user0 ON CLUSTER sharded_cluster")
node.query("CREATE ROLE role0 ON CLUSTER sharded_cluster")
with When("I grant the role to the user"):
node.query("GRANT ON CLUSTER sharded_cluster role0 TO user0")
finally:
with Finally("I drop the user and role"):
node.query("DROP USER user0 ON CLUSTER sharded_cluster")
node.query("DROP ROLE role0 ON CLUSTER sharded_cluster")
with Scenario("I grant role to user on fake cluster, throws exception",
flags=TE,
requirements=[RQ_SRS_006_RBAC_Grant_Role_OnCluster("1.0")]):
with setup(1, 1):
with When("I grant the role to the user"):
exitcode, message = errors.cluster_not_found("fake_cluster")
node.query("GRANT ON CLUSTER fake_cluster role0 TO user0",
exitcode=exitcode,
message=message)
def feature(self, node="clickhouse1"):
"""Check revoke query syntax.
```sql
REVOKE [ON CLUSTER cluster_name] [ADMIN OPTION FOR]
role [,...] FROM {user | role | CURRENT_USER} [,...]
| ALL | ALL EXCEPT {user_name | role_name | CURRENT_USER} [,...]
```
"""
node = self.context.cluster.node(node)
@contextmanager
def setup(users=2, roles=2):
try:
with Given("I have some users"):
for i in range(users):
node.query(f"CREATE USER OR REPLACE user{i}")
with And("I have some roles"):
for i in range(roles):
node.query(f"CREATE ROLE OR REPLACE role{i}")
yield
finally:
with Finally("I drop the users"):
for i in range(users):
node.query(f"DROP USER IF EXISTS user{i}")
with And("I drop the roles"):
for i in range(roles):
node.query(f"DROP ROLE IF EXISTS role{i}")
with Scenario("I revoke a role from a user",
flags=TE,
requirements=[RQ_SRS_006_RBAC_Revoke_Role("1.0")]):
with setup():
with When("I revoke a role"):
node.query("REVOKE role0 FROM user0")
with Scenario("I revoke a nonexistent role from user",
requirements=[RQ_SRS_006_RBAC_Revoke_Role("1.0")]):
with setup(1, 0):
with When("I revoke nonexistent role from a user"):
exitcode, message = errors.role_not_found_in_disk(name="role0")
node.query("REVOKE role0 FROM user0",
exitcode=exitcode,
message=message)
# with nonexistent object name, REVOKE assumes type role (treats user0 as role)
with Scenario("I revoke a role from a nonexistent user",
requirements=[RQ_SRS_006_RBAC_Revoke_Role("1.0")]):
with setup(0, 1):
with When("I revoke role from a nonexistent user"):
exitcode, message = errors.role_not_found_in_disk(name="user0")
node.query("REVOKE role0 FROM user0",
exitcode=exitcode,
message=message)
# with nonexistent object name, REVOKE assumes type role (treats user0 as role)
with Scenario("I revoke a role from ALL EXCEPT nonexistent user",
requirements=[RQ_SRS_006_RBAC_Revoke_Role("1.0")]):
with setup(0, 1):
with When("I revoke role from a nonexistent user"):
exitcode, message = errors.role_not_found_in_disk(name="user0")
node.query("REVOKE role0 FROM ALL EXCEPT user0",
exitcode=exitcode,
message=message)
with Scenario("I revoke a nonexistent role from a nonexistent user",
requirements=[RQ_SRS_006_RBAC_Revoke_Role("1.0")]):
with setup(0, 0):
with When("I revoke nonexistent role from a nonexistent user"):
exitcode, message = errors.role_not_found_in_disk(name="role0")
node.query("REVOKE role0 FROM user0",
exitcode=exitcode,
message=message)
with Scenario("I revoke a role from multiple users",
flags=TE,
requirements=[RQ_SRS_006_RBAC_Revoke_Role("1.0")]):
with setup():
with When("I revoke a role from multiple users"):
node.query("REVOKE role0 FROM user0, user1")
with Scenario("I revoke multiple roles from multiple users",
flags=TE,
requirements=[RQ_SRS_006_RBAC_Revoke_Role("1.0")]):
with setup():
node.query("REVOKE role0, role1 FROM user0, user1")
#user is default, expect exception
with Scenario("I revoke a role from default user",
flags=TE,
requirements=[
RQ_SRS_006_RBAC_Revoke_Role("1.0"),
RQ_SRS_006_RBAC_Revoke_Role_Keywords("1.0")
]):
with setup():
with When("I revoke a role from default user"):
exitcode, message = errors.cannot_update_default()
node.query("REVOKE role0 FROM CURRENT_USER",
exitcode=exitcode,
message=message)
#user is user0
with Scenario("I revoke a role from current user",
flags=TE,
requirements=[
RQ_SRS_006_RBAC_Revoke_Role("1.0"),
RQ_SRS_006_RBAC_Revoke_Role_Keywords("1.0")
]):
with setup():
with When("I revoke a role from current user"):
node.query("REVOKE role0 FROM CURRENT_USER",
settings=[("user", "user0")])
#user is default, expect exception
with Scenario("I revoke a role from all",
flags=TE,
requirements=[
RQ_SRS_006_RBAC_Revoke_Role("1.0"),
RQ_SRS_006_RBAC_Revoke_Role_Keywords("1.0")
]):
with setup():
with When("I revoke a role from all"):
exitcode, message = errors.cannot_update_default()
node.query("REVOKE role0 FROM ALL",
exitcode=exitcode,
message=message)
#user is default, expect exception
with Scenario("I revoke multiple roles from all",
flags=TE,
requirements=[
RQ_SRS_006_RBAC_Revoke_Role("1.0"),
RQ_SRS_006_RBAC_Revoke_Role_Keywords("1.0")
]):
with setup():
with When("I revoke multiple roles from all"):
exitcode, message = errors.cannot_update_default()
node.query("REVOKE role0, role1 FROM ALL",
exitcode=exitcode,
message=message)
with Scenario("I revoke a role from all but current user",
flags=TE,
requirements=[
RQ_SRS_006_RBAC_Revoke_Role("1.0"),
RQ_SRS_006_RBAC_Revoke_Role_Keywords("1.0")
]):
with setup():
with When("I revoke a role from all except current"):
node.query("REVOKE role0 FROM ALL EXCEPT CURRENT_USER")
with Scenario("I revoke a role from all but default user",
flags=TE,
requirements=[
RQ_SRS_006_RBAC_Revoke_Role("1.0"),
RQ_SRS_006_RBAC_Revoke_Role_Keywords("1.0")
]):
with setup():
with When("I revoke a role from all except default"):
node.query("REVOKE role0 FROM ALL EXCEPT default",
settings=[("user", "user0")])
with Scenario("I revoke multiple roles from all but default user",
flags=TE,
requirements=[
RQ_SRS_006_RBAC_Revoke_Role("1.0"),
RQ_SRS_006_RBAC_Revoke_Role_Keywords("1.0")
]):
with setup():
with When("I revoke multiple roles from all except default"):
node.query("REVOKE role0, role1 FROM ALL EXCEPT default",
settings=[("user", "user0")])
with Scenario("I revoke a role from a role",
flags=TE,
requirements=[RQ_SRS_006_RBAC_Revoke_Role("1.0")]):
with setup():
with When("I revoke a role from a role"):
node.query("REVOKE role0 FROM role1")
with Scenario("I revoke a role from a role and a user",
flags=TE,
requirements=[RQ_SRS_006_RBAC_Revoke_Role("1.0")]):
with setup():
with When("I revoke a role from multiple roles"):
node.query("REVOKE role0 FROM role1, user0")
with Scenario("I revoke a role from a user on cluster",
flags=TE,
requirements=[RQ_SRS_006_RBAC_Revoke_Role_Cluster("1.0")]):
with Given("I have a role and a user on a cluster"):
node.query(
"CREATE USER OR REPLACE user0 ON CLUSTER sharded_cluster")
node.query(
"CREATE ROLE OR REPLACE role0 ON CLUSTER sharded_cluster")
with When("I revoke a role from user on a cluster"):
node.query("REVOKE ON CLUSTER sharded_cluster role0 FROM user0")
with Finally("I drop the user and role"):
node.query("DROP USER IF EXISTS user0 ON CLUSTER sharded_cluster")
node.query("DROP ROLE IF EXISTS role0 ON CLUSTER sharded_cluster")
with Scenario("I revoke a role on fake cluster, throws exception",
flags=TE,
requirements=[RQ_SRS_006_RBAC_Revoke_Role_Cluster("1.0")]):
with When("I revoke a role from user on a cluster"):
exitcode, message = errors.cluster_not_found("fake_cluster")
node.query("REVOKE ON CLUSTER fake_cluster role0 FROM user0",
exitcode=exitcode,
message=message)
with Scenario("I revoke multiple roles from multiple users on cluster",
flags=TE,
requirements=[
RQ_SRS_006_RBAC_Revoke_Role("1.0"),
RQ_SRS_006_RBAC_Revoke_Role_Cluster("1.0")
]):
with Given("I have multiple roles and multiple users on a cluster"):
for i in range(2):
node.query(
f"CREATE USER OR REPLACE user{i} ON CLUSTER sharded_cluster"
)
node.query(
f"CREATE ROLE OR REPLACE role{i} ON CLUSTER sharded_cluster"
)
with When("I revoke multiple roles from multiple users on cluster"):
node.query(
"REVOKE ON CLUSTER sharded_cluster role0, role1 FROM user0, user1"
)
with Finally("I drop the roles and users"):
for i in range(2):
node.query(
f"DROP USER IF EXISTS user{i} ON CLUSTER sharded_cluster")
node.query(
f"DROP ROLE IF EXISTS role{i} ON CLUSTER sharded_cluster")
with Scenario("I revoke admin option for role from a user",
flags=TE,
requirements=[RQ_SRS_006_RBAC_Revoke_AdminOption("1.0")]):
with setup():
with When("I revoke admin option for role from a user"):
node.query("REVOKE ADMIN OPTION FOR role0 FROM user0")
with Scenario(
"I revoke admin option for multiple roles from multiple users",
flags=TE,
requirements=[
RQ_SRS_006_RBAC_Revoke_Role("1.0"),
RQ_SRS_006_RBAC_Revoke_AdminOption("1.0")
]):
with setup():
with When(
"I revoke admin option for multiple roles from multiple users"
):
node.query(
"REVOKE ADMIN OPTION FOR role0, role1 FROM user0, user1")
def feature(self, node="clickhouse1"):
"""Check set default role query syntax.
```sql
SET DEFAULT ROLE {NONE | role [,...] | ALL | ALL EXCEPT role [,...]} TO {user|CURRENT_USER} [,...]
```
"""
node = self.context.cluster.node(node)
@contextmanager
def setup(users=2,roles=2):
try:
with Given("I have some users"):
for i in range(users):
node.query(f"CREATE USER OR REPLACE user{i}")
with And("I have some roles"):
for i in range(roles):
node.query(f"CREATE ROLE OR REPLACE role{i}")
yield
finally:
with Finally("I drop the users"):
for i in range(users):
node.query(f"DROP USER IF EXISTS user{i}")
with And("I drop the roles"):
for i in range(roles):
node.query(f"DROP ROLE IF EXISTS role{i}")
with Scenario("I set default a nonexistent role to user", requirements=[
RQ_SRS_006_RBAC_SetDefaultRole("1.0")]):
with setup(1,0):
with When("I set default nonexistent role to a user"):
exitcode, message = errors.role_not_found_in_disk(name="role0")
node.query("SET DEFAULT ROLE role0 TO user0", exitcode=exitcode, message=message)
with Scenario("I set default ALL EXCEPT a nonexistent role to user", requirements=[
RQ_SRS_006_RBAC_SetDefaultRole("1.0")]):
with setup(1,0):
with When("I set default nonexistent role to a user"):
exitcode, message = errors.role_not_found_in_disk(name="role0")
node.query("SET DEFAULT ROLE ALL EXCEPT role0 TO user0", exitcode=exitcode, message=message)
with Scenario("I set default a role to a nonexistent user", requirements=[
RQ_SRS_006_RBAC_SetDefaultRole("1.0")]):
with setup(0,1):
with When("I set default role to a nonexistent user"):
exitcode, message = errors.user_not_found_in_disk(name="user0")
node.query("SET DEFAULT ROLE role0 TO user0", exitcode=exitcode, message=message)
# In SET DEFAULT ROLE, the nonexistent user is noticed first and becomes the thrown exception
with Scenario("I set default a nonexistent role to a nonexistent user", requirements=[
RQ_SRS_006_RBAC_SetDefaultRole("1.0")]):
with setup(0,0):
with When("I set default nonexistent role to a nonexistent user"):
exitcode, message = errors.user_not_found_in_disk(name="user0")
node.query("SET DEFAULT ROLE role0 TO user0", exitcode=exitcode, message=message)
try:
with Given("I have some roles and some users"):
for i in range(2):
node.query(f"CREATE ROLE role{i}")
node.query(f"CREATE USER user{i}")
node.query(f"GRANT role0, role1 TO user0, user1")
with Scenario("I set default role for a user to none", flags = TE, requirements=[
RQ_SRS_006_RBAC_SetDefaultRole_None("1.0")]):
with When("I set no roles default for user"):
node.query("SET DEFAULT ROLE NONE TO user0")
with Scenario("I set one default role for a user", flags = TE, requirements=[
RQ_SRS_006_RBAC_SetDefaultRole("1.0")]):
with When("I set a default role for user "):
node.query("SET DEFAULT ROLE role0 TO user0")
with Scenario("I set one default role for user default, throws exception", flags = TE, requirements=[
RQ_SRS_006_RBAC_SetDefaultRole("1.0")]):
with When("I set a default role for default"):
exitcode, message = errors.cannot_update_default()
node.query("SET DEFAULT ROLE role0 TO default", exitcode=exitcode, message=message)
with Scenario("I set multiple default roles for a user", flags = TE, requirements=[
RQ_SRS_006_RBAC_SetDefaultRole("1.0")]):
with When("I set multiple default roles to user"):
node.query("SET DEFAULT ROLE role0, role1 TO user0")
with Scenario("I set multiple default roles for multiple users", flags = TE, requirements=[
RQ_SRS_006_RBAC_SetDefaultRole("1.0")]):
with When("I set multiple default roles to multiple users"):
node.query("SET DEFAULT ROLE role0, role1 TO user0, user1")
with Scenario("I set all roles as default for a user", flags = TE, requirements=[
RQ_SRS_006_RBAC_SetDefaultRole_All("1.0")]):
with When("I set all roles default to user"):
node.query("SET DEFAULT ROLE ALL TO user0")
with Scenario("I set all roles except one for a user", flags = TE, requirements=[
RQ_SRS_006_RBAC_SetDefaultRole_AllExcept("1.0")]):
with When("I set all except one role default to user"):
node.query("SET DEFAULT ROLE ALL EXCEPT role0 TO user0")
with Scenario("I set default role for current user", flags = TE, requirements=[
RQ_SRS_006_RBAC_SetDefaultRole_CurrentUser("1.0")]):
with When("I set default role to current user"):
node.query("GRANT ACCESS MANAGEMENT ON *.* TO user0")
node.query("SET DEFAULT ROLE role0 TO CURRENT_USER", settings = [("user","user0")])
finally:
with Finally("I drop the roles and users"):
for i in range(2):
node.query(f"DROP ROLE IF EXISTS role{i}")
node.query(f"DROP USER IF EXISTS user{i}")
def feature(self, node="clickhouse1"):
"""Check grant privilege syntax.
```sql
GRANT [ON CLUSTER cluster_name]
privilege {SELECT | SELECT(columns) | INSERT | ALTER | CREATE | DROP | TRUNCATE | OPTIMIZE | SHOW | KILL QUERY | ACCESS MANAGEMENT | SYSTEM | INTROSPECTION | SOURCES | dictGet | NONE |ALL [PRIVILEGES]} [, ...]
ON {*.* | database.* | database.table | * | table}
TO {user | role | CURRENT_USER} [,...]
[WITH GRANT OPTION]
```
"""
node = self.context.cluster.node(node)
Scenario(run=grant_privileges)
# with nonexistant object name, GRANT assumes type role
with Scenario("I grant privilege to role that does not exist", flags=TE, requirements=[
RQ_SRS_006_RBAC_Grant_Privilege_None("1.0")]):
with Given("I ensure that role does not exist"):
node.query("DROP ROLE IF EXISTS role0")
with When("I grant privilege ON CLUSTER"):
exitcode, message = errors.role_not_found_in_disk(name="role0")
node.query("GRANT NONE TO role0", exitcode=exitcode, message=message)
with Scenario("I grant privilege ON CLUSTER", flags=TE, requirements=[
RQ_SRS_006_RBAC_Grant_Privilege_OnCluster("1.0"),
RQ_SRS_006_RBAC_Grant_Privilege_None("1.0")]):
with setup(node):
with When("I grant privilege ON CLUSTER"):
node.query("GRANT ON CLUSTER sharded_cluster NONE TO user0")
with Scenario("I grant privilege on fake cluster, throws exception", flags=TE, requirements=[
RQ_SRS_006_RBAC_Grant_Privilege_OnCluster("1.0")]):
with setup(node):
with When("I grant privilege ON CLUSTER"):
exitcode, message = errors.cluster_not_found("fake_cluster")
node.query("GRANT ON CLUSTER fake_cluster NONE TO user0", exitcode=exitcode, message=message)
with Scenario("I grant privilege to multiple users and roles", flags=TE, requirements=[
RQ_SRS_006_RBAC_Grant_Privilege_To("1.0"),
RQ_SRS_006_RBAC_Grant_Privilege_None("1.0")]):
with setup(node):
with When("I grant privilege to several users"):
node.query("GRANT NONE TO user0, user1, role1")
with Scenario("I grant privilege to current user", flags=TE, requirements=[
RQ_SRS_006_RBAC_Grant_Privilege_ToCurrentUser("1.0"),
RQ_SRS_006_RBAC_Grant_Privilege_None("1.0")]):
with setup(node):
with When("I grant privilege to current user"):
node.query("GRANT NONE TO CURRENT_USER", settings = [("user","user0")])
with Scenario("I grant privilege NONE to default user, throws exception", flags=TE, requirements=[
RQ_SRS_006_RBAC_Grant_Privilege_ToCurrentUser("1.0"),
RQ_SRS_006_RBAC_Grant_Privilege_None("1.0")]):
with setup(node):
with When("I grant privilege to current user"):
exitcode, message = errors.cannot_update_default()
node.query("GRANT NONE TO CURRENT_USER", exitcode=exitcode, message=message)
with Scenario("I grant privilege with grant option", flags=TE, requirements=[
RQ_SRS_006_RBAC_Grant_Privilege_GrantOption("1.0"),
RQ_SRS_006_RBAC_Grant_Privilege_None("1.0")]):
with setup(node):
with When("I grant privilege with grant option"):
node.query("GRANT NONE ON *.* TO user0 WITH GRANT OPTION")