Don't let users drop or generally break tables in system_distributed patch by Aleksey Yeschenko; reviewed by Sylvain Lebresne for CASSANDRA-13813
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/957ae2bc Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/957ae2bc Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/957ae2bc Branch: refs/heads/master Commit: 957ae2bc455c56835632193e1aa251495c3724f8 Parents: f889dff Author: Aleksey Yeschenko <alek...@yeschenko.com> Authored: Thu Oct 5 16:16:02 2017 +0100 Committer: Aleksey Yeschenko <alek...@yeschenko.com> Committed: Tue Oct 17 13:42:22 2017 +0100 ---------------------------------------------------------------------- system_keyspaces_test.py | 118 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/957ae2bc/system_keyspaces_test.py ---------------------------------------------------------------------- diff --git a/system_keyspaces_test.py b/system_keyspaces_test.py new file mode 100644 index 0000000..90eb583 --- /dev/null +++ b/system_keyspaces_test.py @@ -0,0 +1,118 @@ +from cassandra import Unauthorized +from dtest import Tester +from tools.assertions import assert_all, assert_exception, assert_none +from tools.decorators import since + +class TestSystemKeyspaces(Tester): + + @since('3.0') + def test_local_system_keyspaces(self): + cluster = self.cluster + cluster.populate(1).start() + + node = cluster.nodelist()[0] + session = self.patient_cql_connection(node) + + # ALTER KEYSPACE should fail for system and system_schema + stmt = """ + ALTER KEYSPACE system + WITH replication = {'class': 'NetworkTopologyStrategy', 'datacenter1' : '1'};""" + assert_exception(session, stmt, expected=Unauthorized) + + stmt = """ + ALTER KEYSPACE system_schema + WITH replication = {'class': 'NetworkTopologyStrategy', 'datacenter1' : '1'};""" + assert_exception(session, stmt, expected=Unauthorized) + + # DROP KEYSPACE should fail for system and system_schema + assert_exception(session, 'DROP KEYSPACE system;', expected=Unauthorized) + assert_exception(session, 'DROP KEYSPACE system_schema;', expected=Unauthorized) + + # CREATE TABLE should fail in system and system_schema + assert_exception(session, + 'CREATE TABLE system.new_table (id int PRIMARY KEY);', + expected=Unauthorized) + + assert_exception(session, + 'CREATE TABLE system_schema.new_table (id int PRIMARY KEY);', + expected=Unauthorized) + + # ALTER TABLE should fail in system and system_schema + assert_exception(session, + "ALTER TABLE system.local WITH comment = '';", + expected=Unauthorized) + + assert_exception(session, + "ALTER TABLE system_schema.tables WITH comment = '';", + expected=Unauthorized) + + # DROP TABLE should fail in system and system_schema + assert_exception(session, 'DROP TABLE system.local;', expected=Unauthorized) + assert_exception(session, 'DROP TABLE system_schema.tables;', expected=Unauthorized) + + @since('3.0') + def test_replicated_system_keyspaces(self): + cluster = self.cluster + cluster.populate(1).start() + + node = cluster.nodelist()[0] + session = self.patient_cql_connection(node) + + # ALTER KEYSPACE should work for system_auth, system_distributed, and system_traces + stmt = """ + ALTER KEYSPACE system_auth + WITH replication = {'class': 'NetworkTopologyStrategy', 'datacenter1' : '1'};""" + assert_none(session, stmt) + + stmt = """ + ALTER KEYSPACE system_distributed + WITH replication = {'class': 'NetworkTopologyStrategy', 'datacenter1' : '1'};""" + assert_none(session, stmt) + + stmt = """ + ALTER KEYSPACE system_traces + WITH replication = {'class': 'NetworkTopologyStrategy', 'datacenter1' : '1'};""" + assert_none(session, stmt) + + stmt = """ + SELECT replication + FROM system_schema.keyspaces + WHERE keyspace_name IN ('system_auth', 'system_distributed', 'system_traces');""" + replication = {'class': 'org.apache.cassandra.locator.NetworkTopologyStrategy', 'datacenter1': '1'} + assert_all(session, stmt, [[replication], [replication], [replication]]) + + # DROP KEYSPACE should fail for system_auth, system_distributed, and system_traces + assert_exception(session, 'DROP KEYSPACE system_auth;', expected=Unauthorized) + assert_exception(session, 'DROP KEYSPACE system_distributed;', expected=Unauthorized) + assert_exception(session, 'DROP KEYSPACE system_traces;', expected=Unauthorized) + + # CREATE TABLE should fail in system_auth, system_distributed, and system_traces + assert_exception(session, + 'CREATE TABLE system_auth.new_table (id int PRIMARY KEY);', + expected=Unauthorized) + + assert_exception(session, + 'CREATE TABLE system_distributed.new_table (id int PRIMARY KEY);', + expected=Unauthorized) + + assert_exception(session, + 'CREATE TABLE system_traces.new_table (id int PRIMARY KEY);', + expected=Unauthorized) + + # ALTER TABLE should fail in system_auth, system_distributed, and system_traces + assert_exception(session, + "ALTER TABLE system_auth.roles WITH comment = '';", + expected=Unauthorized) + + assert_exception(session, + "ALTER TABLE system_distributed.repair_history WITH comment = '';", + expected=Unauthorized) + + assert_exception(session, + "ALTER TABLE system_traces.sessions WITH comment = '';", + expected=Unauthorized) + + # DROP TABLE should fail in system_auth, system_distributed, and system_traces + assert_exception(session, 'DROP TABLE system_auth.roles;', expected=Unauthorized) + assert_exception(session, 'DROP TABLE system_distributed.repair_history;', expected=Unauthorized) + assert_exception(session, 'DROP TABLE system_traces.sessions;', expected=Unauthorized) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
