test/unit/org/apache/cassandra/cql3/validation/miscellaneous/RoleSyntaxTest.java - cassandra - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.cassandra.cql3.validation.miscellaneous;

 import java.util.Arrays;

 import org.junit.Assert;
 import org.junit.Test;

 import org.apache.cassandra.auth.RoleResource;
 import org.apache.cassandra.cql3.CQLTester;

 public class RoleSyntaxTest extends CQLTester
 {
     private static final String NO_QUOTED_USERNAME = "Quoted strings are are not supported for user names " +
                                                      "and USER is deprecated, please use ROLE";

     @Test
     public void standardOptionsSyntaxTest() throws Throwable
     {
         assertValidSyntax("CREATE ROLE r WITH LOGIN = true AND SUPERUSER = false AND PASSWORD = 'foo'");
         assertValidSyntax("CREATE ROLE r WITH PASSWORD = 'foo' AND LOGIN = true AND SUPERUSER = false");
         assertValidSyntax("CREATE ROLE r WITH SUPERUSER = true AND PASSWORD = 'foo' AND LOGIN = false");
         assertValidSyntax("CREATE ROLE r WITH LOGIN = true AND PASSWORD = 'foo' AND SUPERUSER = false");
         assertValidSyntax("CREATE ROLE r WITH SUPERUSER = true AND PASSWORD = 'foo' AND LOGIN = false");

         assertValidSyntax("ALTER ROLE r WITH LOGIN = true AND SUPERUSER = false AND PASSWORD = 'foo'");
         assertValidSyntax("ALTER ROLE r WITH PASSWORD = 'foo' AND LOGIN = true AND SUPERUSER = false");
         assertValidSyntax("ALTER ROLE r WITH SUPERUSER = true AND PASSWORD = 'foo' AND LOGIN = false");
         assertValidSyntax("ALTER ROLE r WITH LOGIN = true AND PASSWORD = 'foo' AND SUPERUSER = false");
         assertValidSyntax("ALTER ROLE r WITH SUPERUSER = true AND PASSWORD = 'foo' AND LOGIN = false");
     }

     @Test
     public void customOptionsSyntaxTest() throws Throwable
     {
         assertValidSyntax("CREATE ROLE r WITH OPTIONS = {'a':'b', 'b':1}");
         assertInvalidSyntax("CREATE ROLE r WITH OPTIONS = 'term'");
         assertInvalidSyntax("CREATE ROLE r WITH OPTIONS = 99");

         assertValidSyntax("ALTER ROLE r WITH OPTIONS = {'a':'b', 'b':1}");
         assertInvalidSyntax("ALTER ROLE r WITH OPTIONS = 'term'");
         assertInvalidSyntax("ALTER ROLE r WITH OPTIONS = 99");
     }

     @Test
     public void createSyntaxTest() throws Throwable
     {
         assertValidSyntax("CREATE ROLE r1");
         assertValidSyntax("CREATE ROLE 'r1'");
         assertValidSyntax("CREATE ROLE \"r1\"");
         assertValidSyntax("CREATE ROLE $$r1$$");
         assertValidSyntax("CREATE ROLE $$ r1 ' x $ x ' $$");
         assertValidSyntax("CREATE USER u1");
         assertValidSyntax("CREATE USER 'u1'");
         assertValidSyntax("CREATE USER $$u1$$");
         assertValidSyntax("CREATE USER $$ u1 ' x $ x ' $$");
         // user names may not be quoted names
         assertInvalidSyntax("CREATE USER \"u1\"", NO_QUOTED_USERNAME);
     }

     @Test
     public void dropSyntaxTest() throws Throwable
     {
         assertValidSyntax("DROP ROLE r1");
         assertValidSyntax("DROP ROLE 'r1'");
         assertValidSyntax("DROP ROLE \"r1\"");
         assertValidSyntax("DROP ROLE $$r1$$");
         assertValidSyntax("DROP ROLE $$ r1 ' x $ x ' $$");
         assertValidSyntax("DROP USER u1");
         assertValidSyntax("DROP USER 'u1'");
         assertValidSyntax("DROP USER $$u1$$");
         assertValidSyntax("DROP USER $$ u1 ' x $ x ' $$");
         // user names may not be quoted names
         assertInvalidSyntax("DROP USER \"u1\"", NO_QUOTED_USERNAME);
     }

     @Test
     public void alterSyntaxTest() throws Throwable
     {
         assertValidSyntax("ALTER ROLE r1 WITH PASSWORD = 'password'");
         assertValidSyntax("ALTER ROLE 'r1' WITH PASSWORD = 'password'");
         assertValidSyntax("ALTER ROLE \"r1\" WITH PASSWORD = 'password'");
         assertValidSyntax("ALTER ROLE $$r1$$ WITH PASSWORD = 'password'");
         assertValidSyntax("ALTER ROLE $$ r1 ' x $ x ' $$ WITH PASSWORD = 'password'");
         // ALTER has slightly different form for USER (no =)
         assertValidSyntax("ALTER USER u1 WITH PASSWORD 'password'");
         assertValidSyntax("ALTER USER 'u1' WITH PASSWORD 'password'");
         assertValidSyntax("ALTER USER $$u1$$ WITH PASSWORD 'password'");
         assertValidSyntax("ALTER USER $$ u1 ' x $ x ' $$ WITH PASSWORD 'password'");
         // ALTER with IF EXISTS syntax
         assertValidSyntax("ALTER ROLE IF EXISTS r1 WITH PASSWORD = 'password'");
         assertValidSyntax("ALTER USER IF EXISTS u1 WITH PASSWORD 'password'");
         // user names may not be quoted names
         assertInvalidSyntax("ALTER USER \"u1\" WITH PASSWORD 'password'", NO_QUOTED_USERNAME);
     }

     @Test
     public void grantRevokePermissionsSyntaxTest() throws Throwable
     {
         for (String r1 : Arrays.asList("r1", "'r1'", "\"r1\"", "$$r1$$"))
         {
             for (String r2 : Arrays.asList("r2", "\"r2\"", "'r2'", "$$ r '2' $$"))
             {
                 // grant/revoke on RoleResource
                 assertValidSyntax(String.format("GRANT ALTER ON ROLE %s TO %s", r1, r2));
                 assertValidSyntax(String.format("GRANT ALTER PERMISSION ON ROLE %s TO %s", r1, r2));
                 assertValidSyntax(String.format("REVOKE ALTER ON ROLE %s FROM %s", r1, r2));
                 assertValidSyntax(String.format("REVOKE ALTER PERMISSION ON ROLE %s FROM %s", r1, r2));

                 // grant/revoke multiple permissions in a single statement
                 assertValidSyntax(String.format("GRANT CREATE, ALTER ON ROLE %s TO %s", r1, r2));
                 assertValidSyntax(String.format("GRANT CREATE PERMISSION, ALTER PERMISSION ON ROLE %s TO %s", r1, r2));
                 assertValidSyntax(String.format("REVOKE CREATE, ALTER ON ROLE %s FROM %s", r1, r2));
                 assertValidSyntax(String.format("REVOKE CREATE PERMISSION, ALTER PERMISSION ON ROLE %s FROM %s", r1, r2));
             }
         }

         for (String r1 : Arrays.asList("r1", "'r1'", "\"r1\"", "$$r1$$", "$$ r '1' $$"))
         {
             // grant/revoke on DataResource
             assertValidSyntax(String.format("GRANT SELECT ON KEYSPACE ks TO %s", r1));
             assertValidSyntax(String.format("GRANT SELECT PERMISSION ON KEYSPACE ks TO %s", r1));
             assertValidSyntax(String.format("REVOKE SELECT ON KEYSPACE ks FROM %s", r1));
             assertValidSyntax(String.format("REVOKE SELECT PERMISSION ON KEYSPACE ks FROM %s", r1));

             // grant/revoke multiple permissions in a single statement
             assertValidSyntax(String.format("GRANT MODIFY, SELECT ON KEYSPACE ks TO %s", r1));
             assertValidSyntax(String.format("GRANT MODIFY PERMISSION, SELECT PERMISSION ON KEYSPACE ks TO %s", r1));
             assertValidSyntax(String.format("GRANT MODIFY, SELECT ON ALL KEYSPACES TO %s", r1));
             assertValidSyntax(String.format("GRANT MODIFY PERMISSION, SELECT PERMISSION ON ALL KEYSPACES TO %s", r1));
             assertValidSyntax(String.format("REVOKE MODIFY, SELECT ON KEYSPACE ks FROM %s", r1));
             assertValidSyntax(String.format("REVOKE MODIFY PERMISSION, SELECT PERMISSION ON KEYSPACE ks FROM %s", r1));
             assertValidSyntax(String.format("REVOKE MODIFY, SELECT ON ALL KEYSPACES FROM %s", r1));
             assertValidSyntax(String.format("REVOKE MODIFY PERMISSION, SELECT PERMISSION ON ALL KEYSPACES FROM %s", r1));
         }
     }

     @Test
     public void listPermissionsSyntaxTest() throws Throwable
     {
         for (String r1 : Arrays.asList("r1", "'r1'", "\"r1\"", "$$r1$$", "$$ r '1' $$"))
         {
             assertValidSyntax(String.format("LIST ALL PERMISSIONS ON ALL ROLES OF %s", r1));
             assertValidSyntax(String.format("LIST ALL PERMISSIONS ON ALL KEYSPACES OF %s", r1));
             assertValidSyntax(String.format("LIST ALL PERMISSIONS OF %s", r1));
             assertValidSyntax(String.format("LIST MODIFY PERMISSION ON KEYSPACE ks OF %s", r1));
             assertValidSyntax(String.format("LIST MODIFY, SELECT OF %s", r1));
             assertValidSyntax(String.format("LIST MODIFY, SELECT PERMISSION ON KEYSPACE ks OF %s", r1));

             for (String r2 : Arrays.asList("r2", "\"r2\"", "'r2'", "$$ r '2' $$"))
             {
                 assertValidSyntax(String.format("LIST ALL PERMISSIONS ON ROLE %s OF %s", r1, r2));
                 assertValidSyntax(String.format("LIST ALTER PERMISSION ON ROLE %s OF %s", r1, r2));
                 assertValidSyntax(String.format("LIST ALTER, DROP PERMISSION ON ROLE %s OF %s", r1, r2));
             }
         }
     }

     @Test
     public void listRolesSyntaxTest() throws Throwable
     {
         assertValidSyntax("LIST ROLES OF r1");
         assertValidSyntax("LIST ROLES OF 'r1'");
         assertValidSyntax("LIST ROLES OF \"r1\"");
         assertValidSyntax("LIST ROLES OF $$ r '1' $$");
     }

     @Test
     public void roleNameTest()
     {
         // we used to split on all "/" which meant role names containing a / would trigger an exception in RoleResource.fromName()
         RoleResource t1 = RoleResource.role("ki/ng");
         RoleResource t2 = RoleResource.role("emperor");
         RoleResource t3 = RoleResource.role("aeou/!@*%");
         RoleResource t4 = RoleResource.role("do$\\$P#?:");
         RoleResource t5 = RoleResource.root();
         RoleResource r1 = RoleResource.fromName("roles/ki/ng");
         RoleResource r2 = RoleResource.fromName("roles/emperor");
         RoleResource r3 = RoleResource.fromName("roles/aeou/!@*%");
         RoleResource r4 = RoleResource.fromName("roles/do$\\$P#?:");
         RoleResource r5 = RoleResource.fromName("roles");
         Assert.assertEquals(t1, r1);
         Assert.assertEquals(t2, r2);
         Assert.assertEquals(t3, r3);
         Assert.assertEquals(t4, r4);
         Assert.assertEquals(t5, r5);
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.cassandra.cql3.validation.miscellaneous;

	import java.util.Arrays;

	import org.junit.Assert;
	import org.junit.Test;

	import org.apache.cassandra.auth.RoleResource;
	import org.apache.cassandra.cql3.CQLTester;

	public class RoleSyntaxTest extends CQLTester
	{
	private static final String NO_QUOTED_USERNAME = "Quoted strings are are not supported for user names " +
	"and USER is deprecated, please use ROLE";

	@Test
	public void standardOptionsSyntaxTest() throws Throwable
	{
	assertValidSyntax("CREATE ROLE r WITH LOGIN = true AND SUPERUSER = false AND PASSWORD = 'foo'");
	assertValidSyntax("CREATE ROLE r WITH PASSWORD = 'foo' AND LOGIN = true AND SUPERUSER = false");
	assertValidSyntax("CREATE ROLE r WITH SUPERUSER = true AND PASSWORD = 'foo' AND LOGIN = false");
	assertValidSyntax("CREATE ROLE r WITH LOGIN = true AND PASSWORD = 'foo' AND SUPERUSER = false");
	assertValidSyntax("CREATE ROLE r WITH SUPERUSER = true AND PASSWORD = 'foo' AND LOGIN = false");

	assertValidSyntax("ALTER ROLE r WITH LOGIN = true AND SUPERUSER = false AND PASSWORD = 'foo'");
	assertValidSyntax("ALTER ROLE r WITH PASSWORD = 'foo' AND LOGIN = true AND SUPERUSER = false");
	assertValidSyntax("ALTER ROLE r WITH SUPERUSER = true AND PASSWORD = 'foo' AND LOGIN = false");
	assertValidSyntax("ALTER ROLE r WITH LOGIN = true AND PASSWORD = 'foo' AND SUPERUSER = false");
	assertValidSyntax("ALTER ROLE r WITH SUPERUSER = true AND PASSWORD = 'foo' AND LOGIN = false");
	}

	@Test
	public void customOptionsSyntaxTest() throws Throwable
	{
	assertValidSyntax("CREATE ROLE r WITH OPTIONS = {'a':'b', 'b':1}");
	assertInvalidSyntax("CREATE ROLE r WITH OPTIONS = 'term'");
	assertInvalidSyntax("CREATE ROLE r WITH OPTIONS = 99");

	assertValidSyntax("ALTER ROLE r WITH OPTIONS = {'a':'b', 'b':1}");
	assertInvalidSyntax("ALTER ROLE r WITH OPTIONS = 'term'");
	assertInvalidSyntax("ALTER ROLE r WITH OPTIONS = 99");
	}

	@Test
	public void createSyntaxTest() throws Throwable
	{
	assertValidSyntax("CREATE ROLE r1");
	assertValidSyntax("CREATE ROLE 'r1'");
	assertValidSyntax("CREATE ROLE \"r1\"");
	assertValidSyntax("CREATE ROLE $$r1$$");
	assertValidSyntax("CREATE ROLE $$ r1 ' x $ x ' $$");
	assertValidSyntax("CREATE USER u1");
	assertValidSyntax("CREATE USER 'u1'");
	assertValidSyntax("CREATE USER $$u1$$");
	assertValidSyntax("CREATE USER $$ u1 ' x $ x ' $$");
	// user names may not be quoted names
	assertInvalidSyntax("CREATE USER \"u1\"", NO_QUOTED_USERNAME);
	}

	@Test
	public void dropSyntaxTest() throws Throwable
	{
	assertValidSyntax("DROP ROLE r1");
	assertValidSyntax("DROP ROLE 'r1'");
	assertValidSyntax("DROP ROLE \"r1\"");
	assertValidSyntax("DROP ROLE $$r1$$");
	assertValidSyntax("DROP ROLE $$ r1 ' x $ x ' $$");
	assertValidSyntax("DROP USER u1");
	assertValidSyntax("DROP USER 'u1'");
	assertValidSyntax("DROP USER $$u1$$");
	assertValidSyntax("DROP USER $$ u1 ' x $ x ' $$");
	// user names may not be quoted names
	assertInvalidSyntax("DROP USER \"u1\"", NO_QUOTED_USERNAME);
	}

	@Test
	public void alterSyntaxTest() throws Throwable
	{
	assertValidSyntax("ALTER ROLE r1 WITH PASSWORD = 'password'");
	assertValidSyntax("ALTER ROLE 'r1' WITH PASSWORD = 'password'");
	assertValidSyntax("ALTER ROLE \"r1\" WITH PASSWORD = 'password'");
	assertValidSyntax("ALTER ROLE $$r1$$ WITH PASSWORD = 'password'");
	assertValidSyntax("ALTER ROLE $$ r1 ' x $ x ' $$ WITH PASSWORD = 'password'");
	// ALTER has slightly different form for USER (no =)
	assertValidSyntax("ALTER USER u1 WITH PASSWORD 'password'");
	assertValidSyntax("ALTER USER 'u1' WITH PASSWORD 'password'");
	assertValidSyntax("ALTER USER $$u1$$ WITH PASSWORD 'password'");
	assertValidSyntax("ALTER USER $$ u1 ' x $ x ' $$ WITH PASSWORD 'password'");
	// ALTER with IF EXISTS syntax
	assertValidSyntax("ALTER ROLE IF EXISTS r1 WITH PASSWORD = 'password'");
	assertValidSyntax("ALTER USER IF EXISTS u1 WITH PASSWORD 'password'");
	// user names may not be quoted names
	assertInvalidSyntax("ALTER USER \"u1\" WITH PASSWORD 'password'", NO_QUOTED_USERNAME);
	}

	@Test
	public void grantRevokePermissionsSyntaxTest() throws Throwable
	{
	for (String r1 : Arrays.asList("r1", "'r1'", "\"r1\"", "$$r1$$"))
	{
	for (String r2 : Arrays.asList("r2", "\"r2\"", "'r2'", "$$ r '2' $$"))
	{
	// grant/revoke on RoleResource
	assertValidSyntax(String.format("GRANT ALTER ON ROLE %s TO %s", r1, r2));
	assertValidSyntax(String.format("GRANT ALTER PERMISSION ON ROLE %s TO %s", r1, r2));
	assertValidSyntax(String.format("REVOKE ALTER ON ROLE %s FROM %s", r1, r2));
	assertValidSyntax(String.format("REVOKE ALTER PERMISSION ON ROLE %s FROM %s", r1, r2));

	// grant/revoke multiple permissions in a single statement
	assertValidSyntax(String.format("GRANT CREATE, ALTER ON ROLE %s TO %s", r1, r2));
	assertValidSyntax(String.format("GRANT CREATE PERMISSION, ALTER PERMISSION ON ROLE %s TO %s", r1, r2));
	assertValidSyntax(String.format("REVOKE CREATE, ALTER ON ROLE %s FROM %s", r1, r2));
	assertValidSyntax(String.format("REVOKE CREATE PERMISSION, ALTER PERMISSION ON ROLE %s FROM %s", r1, r2));
	}
	}

	for (String r1 : Arrays.asList("r1", "'r1'", "\"r1\"", "$$r1$$", "$$ r '1' $$"))
	{
	// grant/revoke on DataResource
	assertValidSyntax(String.format("GRANT SELECT ON KEYSPACE ks TO %s", r1));
	assertValidSyntax(String.format("GRANT SELECT PERMISSION ON KEYSPACE ks TO %s", r1));
	assertValidSyntax(String.format("REVOKE SELECT ON KEYSPACE ks FROM %s", r1));
	assertValidSyntax(String.format("REVOKE SELECT PERMISSION ON KEYSPACE ks FROM %s", r1));

	// grant/revoke multiple permissions in a single statement
	assertValidSyntax(String.format("GRANT MODIFY, SELECT ON KEYSPACE ks TO %s", r1));
	assertValidSyntax(String.format("GRANT MODIFY PERMISSION, SELECT PERMISSION ON KEYSPACE ks TO %s", r1));
	assertValidSyntax(String.format("GRANT MODIFY, SELECT ON ALL KEYSPACES TO %s", r1));
	assertValidSyntax(String.format("GRANT MODIFY PERMISSION, SELECT PERMISSION ON ALL KEYSPACES TO %s", r1));
	assertValidSyntax(String.format("REVOKE MODIFY, SELECT ON KEYSPACE ks FROM %s", r1));
	assertValidSyntax(String.format("REVOKE MODIFY PERMISSION, SELECT PERMISSION ON KEYSPACE ks FROM %s", r1));
	assertValidSyntax(String.format("REVOKE MODIFY, SELECT ON ALL KEYSPACES FROM %s", r1));
	assertValidSyntax(String.format("REVOKE MODIFY PERMISSION, SELECT PERMISSION ON ALL KEYSPACES FROM %s", r1));
	}
	}

	@Test
	public void listPermissionsSyntaxTest() throws Throwable
	{
	for (String r1 : Arrays.asList("r1", "'r1'", "\"r1\"", "$$r1$$", "$$ r '1' $$"))
	{
	assertValidSyntax(String.format("LIST ALL PERMISSIONS ON ALL ROLES OF %s", r1));
	assertValidSyntax(String.format("LIST ALL PERMISSIONS ON ALL KEYSPACES OF %s", r1));
	assertValidSyntax(String.format("LIST ALL PERMISSIONS OF %s", r1));
	assertValidSyntax(String.format("LIST MODIFY PERMISSION ON KEYSPACE ks OF %s", r1));
	assertValidSyntax(String.format("LIST MODIFY, SELECT OF %s", r1));
	assertValidSyntax(String.format("LIST MODIFY, SELECT PERMISSION ON KEYSPACE ks OF %s", r1));

	for (String r2 : Arrays.asList("r2", "\"r2\"", "'r2'", "$$ r '2' $$"))
	{
	assertValidSyntax(String.format("LIST ALL PERMISSIONS ON ROLE %s OF %s", r1, r2));
	assertValidSyntax(String.format("LIST ALTER PERMISSION ON ROLE %s OF %s", r1, r2));
	assertValidSyntax(String.format("LIST ALTER, DROP PERMISSION ON ROLE %s OF %s", r1, r2));
	}
	}
	}

	@Test
	public void listRolesSyntaxTest() throws Throwable
	{
	assertValidSyntax("LIST ROLES OF r1");
	assertValidSyntax("LIST ROLES OF 'r1'");
	assertValidSyntax("LIST ROLES OF \"r1\"");
	assertValidSyntax("LIST ROLES OF $$ r '1' $$");
	}

	@Test
	public void roleNameTest()
	{
	// we used to split on all "/" which meant role names containing a / would trigger an exception in RoleResource.fromName()
	RoleResource t1 = RoleResource.role("ki/ng");
	RoleResource t2 = RoleResource.role("emperor");
	RoleResource t3 = RoleResource.role("aeou/!@*%");
	RoleResource t4 = RoleResource.role("do$\\$P#?:");
	RoleResource t5 = RoleResource.root();
	RoleResource r1 = RoleResource.fromName("roles/ki/ng");
	RoleResource r2 = RoleResource.fromName("roles/emperor");
	RoleResource r3 = RoleResource.fromName("roles/aeou/!@*%");
	RoleResource r4 = RoleResource.fromName("roles/do$\\$P#?:");
	RoleResource r5 = RoleResource.fromName("roles");
	Assert.assertEquals(t1, r1);
	Assert.assertEquals(t2, r2);
	Assert.assertEquals(t3, r3);
	Assert.assertEquals(t4, r4);
	Assert.assertEquals(t5, r5);
	}
	}