From 5bac7addccda73e1b514896737818d38262a69ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andre=CC=81s=20de=20la=20Pen=CC=83a?=
 <a.penya.garcia@gmail.com>
Date: Tue, 7 Feb 2023 14:30:51 +0000
Subject: [PATCH] Update auth tests for SELECT_MASKED permission
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

atch by Andrés de la Peña; reviewed by Benjamin Lerer and Berenguer Blasi for CASSANDRA-18070
---
 auth_test.py              | 11 +++++++----
 cqlsh_tests/test_cqlsh.py | 19 ++++++++++---------
 2 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/auth_test.py b/auth_test.py
index 2caad32673..f18f38e23a 100644
--- a/auth_test.py
+++ b/auth_test.py
@@ -34,7 +34,7 @@ def role_creator_permissions(self, creator, role):
             permissions = ('ALTER', 'DROP', 'DESCRIBE')
         return [(creator, role, perm) for perm in permissions]
 
-    def cluster_version_has_unmask_permission(self):
+    def cluster_version_has_masking_permissions(self):
         return self.cluster.version() >= LooseVersion('4.2')
 
     def data_resource_creator_permissions(self, creator, resource):
@@ -48,8 +48,9 @@ def data_resource_creator_permissions(self, creator, resource):
         for perm in 'SELECT', 'MODIFY', 'ALTER', 'DROP', 'AUTHORIZE':
             permissions.append((creator, resource, perm))
 
-        if self.cluster_version_has_unmask_permission():
+        if self.cluster_version_has_masking_permissions():
             permissions.append((creator, resource, 'UNMASK'))
+            permissions.append((creator, resource, 'SELECT_MASKED'))
 
         if resource.startswith("<keyspace "):
             permissions.append((creator, resource, 'CREATE'))
@@ -1683,8 +1684,9 @@ def test_filter_granted_permissions_by_resource_type(self):
                        ("mike", "<keyspace ks>", "SELECT"),
                        ("mike", "<keyspace ks>", "MODIFY"),
                        ("mike", "<keyspace ks>", "AUTHORIZE")]
-        if self.cluster_version_has_unmask_permission():
+        if self.cluster_version_has_masking_permissions():
             permissions.append(("mike", "<keyspace ks>", "UNMASK"))
+            permissions.append(("mike", "<keyspace ks>", "SELECT_MASKED"))
         self.assert_permissions_listed(permissions,
                                        self.superuser,
                                        "LIST ALL PERMISSIONS OF mike")
@@ -1697,8 +1699,9 @@ def test_filter_granted_permissions_by_resource_type(self):
                        ("mike", "<table ks.cf>", "SELECT"),
                        ("mike", "<table ks.cf>", "MODIFY"),
                        ("mike", "<table ks.cf>", "AUTHORIZE")]
-        if self.cluster_version_has_unmask_permission():
+        if self.cluster_version_has_masking_permissions():
             permissions.append(("mike", "<table ks.cf>", "UNMASK"))
+            permissions.append(("mike", "<table ks.cf>", "SELECT_MASKED"))
         self.assert_permissions_listed(permissions,
                                        self.superuser,
                                        "LIST ALL PERMISSIONS OF mike")
diff --git a/cqlsh_tests/test_cqlsh.py b/cqlsh_tests/test_cqlsh.py
index 06e0311cde..25f49cc22b 100644
--- a/cqlsh_tests/test_cqlsh.py
+++ b/cqlsh_tests/test_cqlsh.py
@@ -786,15 +786,16 @@ def test_list_queries(self):
         if self.cluster.version() >= LooseVersion('4.2'):
             self.verify_output("LIST ALL PERMISSIONS OF user1", node1, """
  role  | username | resource      | permission
--------+----------+---------------+------------
- user1 |    user1 | <table ks.t1> |      ALTER
- user1 |    user1 | <table ks.t1> |       DROP
- user1 |    user1 | <table ks.t1> |     SELECT
- user1 |    user1 | <table ks.t1> |     MODIFY
- user1 |    user1 | <table ks.t1> |  AUTHORIZE
- user1 |    user1 | <table ks.t1> |     UNMASK
-
-(6 rows)
+-------+----------+---------------+---------------
+ user1 |    user1 | <table ks.t1> |         ALTER
+ user1 |    user1 | <table ks.t1> |          DROP
+ user1 |    user1 | <table ks.t1> |        SELECT
+ user1 |    user1 | <table ks.t1> |        MODIFY
+ user1 |    user1 | <table ks.t1> |     AUTHORIZE
+ user1 |    user1 | <table ks.t1> |        UNMASK
+ user1 |    user1 | <table ks.t1> | SELECT_MASKED
+
+(7 rows)
 """)
         elif self.cluster.version() >= LooseVersion('2.2'):
             self.verify_output("LIST ALL PERMISSIONS OF user1", node1, """