From 5bac7addccda73e1b514896737818d38262a69ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andre=CC=81s=20de=20la=20Pen=CC=83a?= <a.penya.garcia@gmail.com> Date: Tue, 7 Feb 2023 14:30:51 +0000 Subject: [PATCH] Update auth tests for SELECT_MASKED permission MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit atch by Andrés de la Peña; reviewed by Benjamin Lerer and Berenguer Blasi for CASSANDRA-18070 --- auth_test.py | 11 +++++++---- cqlsh_tests/test_cqlsh.py | 19 ++++++++++--------- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/auth_test.py b/auth_test.py index 2caad32673..f18f38e23a 100644 --- a/auth_test.py +++ b/auth_test.py @@ -34,7 +34,7 @@ def role_creator_permissions(self, creator, role): permissions = ('ALTER', 'DROP', 'DESCRIBE') return [(creator, role, perm) for perm in permissions] - def cluster_version_has_unmask_permission(self): + def cluster_version_has_masking_permissions(self): return self.cluster.version() >= LooseVersion('4.2') def data_resource_creator_permissions(self, creator, resource): @@ -48,8 +48,9 @@ def data_resource_creator_permissions(self, creator, resource): for perm in 'SELECT', 'MODIFY', 'ALTER', 'DROP', 'AUTHORIZE': permissions.append((creator, resource, perm)) - if self.cluster_version_has_unmask_permission(): + if self.cluster_version_has_masking_permissions(): permissions.append((creator, resource, 'UNMASK')) + permissions.append((creator, resource, 'SELECT_MASKED')) if resource.startswith("<keyspace "): permissions.append((creator, resource, 'CREATE')) @@ -1683,8 +1684,9 @@ def test_filter_granted_permissions_by_resource_type(self): ("mike", "<keyspace ks>", "SELECT"), ("mike", "<keyspace ks>", "MODIFY"), ("mike", "<keyspace ks>", "AUTHORIZE")] - if self.cluster_version_has_unmask_permission(): + if self.cluster_version_has_masking_permissions(): permissions.append(("mike", "<keyspace ks>", "UNMASK")) + permissions.append(("mike", "<keyspace ks>", "SELECT_MASKED")) self.assert_permissions_listed(permissions, self.superuser, "LIST ALL PERMISSIONS OF mike") @@ -1697,8 +1699,9 @@ def test_filter_granted_permissions_by_resource_type(self): ("mike", "<table ks.cf>", "SELECT"), ("mike", "<table ks.cf>", "MODIFY"), ("mike", "<table ks.cf>", "AUTHORIZE")] - if self.cluster_version_has_unmask_permission(): + if self.cluster_version_has_masking_permissions(): permissions.append(("mike", "<table ks.cf>", "UNMASK")) + permissions.append(("mike", "<table ks.cf>", "SELECT_MASKED")) self.assert_permissions_listed(permissions, self.superuser, "LIST ALL PERMISSIONS OF mike") diff --git a/cqlsh_tests/test_cqlsh.py b/cqlsh_tests/test_cqlsh.py index 06e0311cde..25f49cc22b 100644 --- a/cqlsh_tests/test_cqlsh.py +++ b/cqlsh_tests/test_cqlsh.py @@ -786,15 +786,16 @@ def test_list_queries(self): if self.cluster.version() >= LooseVersion('4.2'): self.verify_output("LIST ALL PERMISSIONS OF user1", node1, """ role | username | resource | permission --------+----------+---------------+------------ - user1 | user1 | <table ks.t1> | ALTER - user1 | user1 | <table ks.t1> | DROP - user1 | user1 | <table ks.t1> | SELECT - user1 | user1 | <table ks.t1> | MODIFY - user1 | user1 | <table ks.t1> | AUTHORIZE - user1 | user1 | <table ks.t1> | UNMASK - -(6 rows) +-------+----------+---------------+--------------- + user1 | user1 | <table ks.t1> | ALTER + user1 | user1 | <table ks.t1> | DROP + user1 | user1 | <table ks.t1> | SELECT + user1 | user1 | <table ks.t1> | MODIFY + user1 | user1 | <table ks.t1> | AUTHORIZE + user1 | user1 | <table ks.t1> | UNMASK + user1 | user1 | <table ks.t1> | SELECT_MASKED + +(7 rows) """) elif self.cluster.version() >= LooseVersion('2.2'): self.verify_output("LIST ALL PERMISSIONS OF user1", node1, """