Re: [PR] Add test for check permissions after authorize [cassandra]

via GitHub Mon, 01 Dec 2025 12:08:30 -0800


ac1d0globlya commented on code in PR #4502:
URL: https://github.com/apache/cassandra/pull/4502#discussion_r2578458855



##########
test/unit/org/apache/cassandra/auth/GrantAndRevokeTest.java:
##########
@@ -577,6 +577,42 @@ public void testGrantOnVirtualKeyspaces() throws Throwable
         executeNet(ProtocolVersion.CURRENT, format("REVOKE SELECT PERMISSION 
ON KEYSPACE system_views FROM %s", user));
     }
 
+    @Test
+    public void testCheckPermissionsAfterAuthorize() throws Throwable
+    {
+        useSuperUser();
+
+        executeNet("CREATE KEYSPACE check_permissions WITH replication = 
{'class': 'SimpleStrategy', 'replication_factor': '1'}");
+        executeNet("CREATE TABLE check_permissions.t1 (k int PRIMARY KEY)");
+        executeNet("INSERT INTO check_permissions.t1 (k) VALUES (1)");
+
+        executeNet(String.format("CREATE ROLE %s WITH LOGIN = TRUE AND 
password='%s'", user, pass));
+
+        final String idm_user = "idm_user";
+        executeNet(String.format("CREATE ROLE %s WITH LOGIN = TRUE AND 
password='%s'", idm_user, idm_user));
+        executeNet("GRANT AUTHORIZE ON check_permissions.t1 TO " + idm_user);
+
+        useUser(user, pass);
+        assertUnauthorizedQuery("User user has no SELECT permission on <table 
check_permissions.t1> or any of its parents",

Review Comment:
   Typo? "User user .."
   It seems correct message must be "User simple_user has no .... "



##########
test/unit/org/apache/cassandra/auth/GrantAndRevokeTest.java:
##########
@@ -577,6 +577,42 @@ public void testGrantOnVirtualKeyspaces() throws Throwable
         executeNet(ProtocolVersion.CURRENT, format("REVOKE SELECT PERMISSION 
ON KEYSPACE system_views FROM %s", user));
     }
 
+    @Test
+    public void testCheckPermissionsAfterAuthorize() throws Throwable
+    {
+        useSuperUser();
+
+        executeNet("CREATE KEYSPACE check_permissions WITH replication = 
{'class': 'SimpleStrategy', 'replication_factor': '1'}");
+        executeNet("CREATE TABLE check_permissions.t1 (k int PRIMARY KEY)");
+        executeNet("INSERT INTO check_permissions.t1 (k) VALUES (1)");
+
+        executeNet(String.format("CREATE ROLE %s WITH LOGIN = TRUE AND 
password='%s'", user, pass));
+
+        final String idm_user = "idm_user";
+        executeNet(String.format("CREATE ROLE %s WITH LOGIN = TRUE AND 
password='%s'", idm_user, idm_user));
+        executeNet("GRANT AUTHORIZE ON check_permissions.t1 TO " + idm_user);
+
+        useUser(user, pass);
+        assertUnauthorizedQuery("User user has no SELECT permission on <table 
check_permissions.t1> or any of its parents",

Review Comment:
   Typo? "User user .."
   It seems correct message must be "User simple_user has no .... "



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [PR] Add test for check permissions after authorize [cassandra]

Reply via email to