| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package org.apache.cassandra.cql3.validation.miscellaneous; |
| |
| import org.junit.Test; |
| |
| import org.apache.cassandra.cql3.CQLTester; |
| |
| public class RoleSyntaxTest extends CQLTester |
| { |
| private final String NO_QUOTED_USERNAME = "Quoted strings are are not supported for user names " + |
| "and USER is deprecated, please use ROLE"; |
| @Test |
| public void standardOptionsSyntaxTest() throws Throwable |
| { |
| assertValidSyntax("CREATE ROLE r WITH LOGIN = true AND SUPERUSER = false AND PASSWORD = 'foo'"); |
| assertValidSyntax("CREATE ROLE r WITH PASSWORD = 'foo' AND LOGIN = true AND SUPERUSER = false"); |
| assertValidSyntax("CREATE ROLE r WITH SUPERUSER = true AND PASSWORD = 'foo' AND LOGIN = false"); |
| assertValidSyntax("CREATE ROLE r WITH LOGIN = true AND PASSWORD = 'foo' AND SUPERUSER = false"); |
| assertValidSyntax("CREATE ROLE r WITH SUPERUSER = true AND PASSWORD = 'foo' AND LOGIN = false"); |
| |
| assertValidSyntax("ALTER ROLE r WITH LOGIN = true AND SUPERUSER = false AND PASSWORD = 'foo'"); |
| assertValidSyntax("ALTER ROLE r WITH PASSWORD = 'foo' AND LOGIN = true AND SUPERUSER = false"); |
| assertValidSyntax("ALTER ROLE r WITH SUPERUSER = true AND PASSWORD = 'foo' AND LOGIN = false"); |
| assertValidSyntax("ALTER ROLE r WITH LOGIN = true AND PASSWORD = 'foo' AND SUPERUSER = false"); |
| assertValidSyntax("ALTER ROLE r WITH SUPERUSER = true AND PASSWORD = 'foo' AND LOGIN = false"); |
| } |
| |
| @Test |
| public void customOptionsSyntaxTest() throws Throwable |
| { |
| assertValidSyntax("CREATE ROLE r WITH OPTIONS = {'a':'b', 'b':1}"); |
| assertInvalidSyntax("CREATE ROLE r WITH OPTIONS = 'term'"); |
| assertInvalidSyntax("CREATE ROLE r WITH OPTIONS = 99"); |
| |
| assertValidSyntax("ALTER ROLE r WITH OPTIONS = {'a':'b', 'b':1}"); |
| assertInvalidSyntax("ALTER ROLE r WITH OPTIONS = 'term'"); |
| assertInvalidSyntax("ALTER ROLE r WITH OPTIONS = 99"); |
| } |
| |
| @Test |
| public void createSyntaxTest() throws Throwable |
| { |
| assertValidSyntax("CREATE ROLE r1"); |
| assertValidSyntax("CREATE ROLE 'r1'"); |
| assertValidSyntax("CREATE ROLE \"r1\""); |
| assertValidSyntax("CREATE ROLE $$r1$$"); |
| assertValidSyntax("CREATE ROLE $$ r1 ' x $ x ' $$"); |
| assertValidSyntax("CREATE USER u1"); |
| assertValidSyntax("CREATE USER 'u1'"); |
| assertValidSyntax("CREATE USER $$u1$$"); |
| assertValidSyntax("CREATE USER $$ u1 ' x $ x ' $$"); |
| // user names may not be quoted names |
| assertInvalidSyntax("CREATE USER \"u1\"", NO_QUOTED_USERNAME); |
| } |
| |
| @Test |
| public void dropSyntaxTest() throws Throwable |
| { |
| assertValidSyntax("DROP ROLE r1"); |
| assertValidSyntax("DROP ROLE 'r1'"); |
| assertValidSyntax("DROP ROLE \"r1\""); |
| assertValidSyntax("DROP ROLE $$r1$$"); |
| assertValidSyntax("DROP ROLE $$ r1 ' x $ x ' $$"); |
| assertValidSyntax("DROP USER u1"); |
| assertValidSyntax("DROP USER 'u1'"); |
| assertValidSyntax("DROP USER $$u1$$"); |
| assertValidSyntax("DROP USER $$ u1 ' x $ x ' $$"); |
| // user names may not be quoted names |
| assertInvalidSyntax("DROP USER \"u1\"", NO_QUOTED_USERNAME); |
| } |
| |
| @Test |
| public void alterSyntaxTest() throws Throwable |
| { |
| assertValidSyntax("ALTER ROLE r1 WITH PASSWORD = 'password'"); |
| assertValidSyntax("ALTER ROLE 'r1' WITH PASSWORD = 'password'"); |
| assertValidSyntax("ALTER ROLE \"r1\" WITH PASSWORD = 'password'"); |
| assertValidSyntax("ALTER ROLE $$r1$$ WITH PASSWORD = 'password'"); |
| assertValidSyntax("ALTER ROLE $$ r1 ' x $ x ' $$ WITH PASSWORD = 'password'"); |
| // ALTER has slightly different form for USER (no =) |
| assertValidSyntax("ALTER USER u1 WITH PASSWORD 'password'"); |
| assertValidSyntax("ALTER USER 'u1' WITH PASSWORD 'password'"); |
| assertValidSyntax("ALTER USER $$u1$$ WITH PASSWORD 'password'"); |
| assertValidSyntax("ALTER USER $$ u1 ' x $ x ' $$ WITH PASSWORD 'password'"); |
| // user names may not be quoted names |
| assertInvalidSyntax("ALTER USER \"u1\" WITH PASSWORD 'password'", NO_QUOTED_USERNAME); |
| } |
| |
| @Test |
| public void grantRevokePermissionsSyntaxTest() throws Throwable |
| { |
| // grant/revoke on RoleResource |
| assertValidSyntax("GRANT ALTER ON ROLE r1 TO r2"); |
| assertValidSyntax("GRANT ALTER ON ROLE 'r1' TO \"r2\""); |
| assertValidSyntax("GRANT ALTER ON ROLE \"r1\" TO 'r2'"); |
| assertValidSyntax("GRANT ALTER ON ROLE $$r1$$ TO $$ r '2' $$"); |
| assertValidSyntax("REVOKE ALTER ON ROLE r1 FROM r2"); |
| assertValidSyntax("REVOKE ALTER ON ROLE 'r1' FROM \"r2\""); |
| assertValidSyntax("REVOKE ALTER ON ROLE \"r1\" FROM 'r2'"); |
| assertValidSyntax("REVOKE ALTER ON ROLE $$r1$$ FROM $$ r '2' $$"); |
| |
| // grant/revoke on DataResource |
| assertValidSyntax("GRANT SELECT ON KEYSPACE ks TO r1"); |
| assertValidSyntax("GRANT SELECT ON KEYSPACE ks TO 'r1'"); |
| assertValidSyntax("GRANT SELECT ON KEYSPACE ks TO \"r1\""); |
| assertValidSyntax("GRANT SELECT ON KEYSPACE ks TO $$ r '1' $$"); |
| assertValidSyntax("REVOKE SELECT ON KEYSPACE ks FROM r1"); |
| assertValidSyntax("REVOKE SELECT ON KEYSPACE ks FROM 'r1'"); |
| assertValidSyntax("REVOKE SELECT ON KEYSPACE ks FROM \"r1\""); |
| assertValidSyntax("REVOKE SELECT ON KEYSPACE ks FROM $$ r '1' $$"); |
| } |
| |
| @Test |
| public void listPermissionsSyntaxTest() throws Throwable |
| { |
| assertValidSyntax("LIST ALL PERMISSIONS ON ALL ROLES OF r1"); |
| assertValidSyntax("LIST ALL PERMISSIONS ON ALL ROLES OF 'r1'"); |
| assertValidSyntax("LIST ALL PERMISSIONS ON ALL ROLES OF \"r1\""); |
| assertValidSyntax("LIST ALL PERMISSIONS ON ALL ROLES OF $$ r '1' $$"); |
| assertValidSyntax("LIST ALL PERMISSIONS ON ROLE 'r1' OF r2"); |
| assertValidSyntax("LIST ALL PERMISSIONS ON ROLE \"r1\" OF r2"); |
| assertValidSyntax("LIST ALL PERMISSIONS ON ROLE $$ r '1' $$ OF r2"); |
| assertValidSyntax("LIST ALL PERMISSIONS ON ROLE 'r1' OF 'r2'"); |
| assertValidSyntax("LIST ALL PERMISSIONS ON ROLE \"r1\" OF \"r2\""); |
| assertValidSyntax("LIST ALL PERMISSIONS ON ROLE $$r1$$ OF $$ r '2' $$"); |
| |
| assertValidSyntax("LIST ALL PERMISSIONS ON ALL KEYSPACES OF r1"); |
| assertValidSyntax("LIST ALL PERMISSIONS ON ALL KEYSPACES OF 'r1'"); |
| assertValidSyntax("LIST ALL PERMISSIONS ON ALL KEYSPACES OF \"r1\""); |
| assertValidSyntax("LIST ALL PERMISSIONS ON ALL KEYSPACES OF $$ r '1' $$"); |
| assertValidSyntax("LIST ALL PERMISSIONS OF r1"); |
| assertValidSyntax("LIST ALL PERMISSIONS OF 'r1'"); |
| assertValidSyntax("LIST ALL PERMISSIONS OF \"r1\""); |
| assertValidSyntax("LIST ALL PERMISSIONS OF $$ r '1' $$"); |
| } |
| |
| @Test |
| public void listRolesSyntaxTest() throws Throwable |
| { |
| assertValidSyntax("LIST ROLES OF r1"); |
| assertValidSyntax("LIST ROLES OF 'r1'"); |
| assertValidSyntax("LIST ROLES OF \"r1\""); |
| assertValidSyntax("LIST ROLES OF $$ r '1' $$"); |
| } |
| } |
