/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.cassandra.cql3.validation.miscellaneous; import org.junit.Test; import org.apache.cassandra.cql3.CQLTester; public class RoleSyntaxTest extends CQLTester { private final String NO_QUOTED_USERNAME = "Quoted strings are are not supported for user names " + "and USER is deprecated, please use ROLE"; @Test public void standardOptionsSyntaxTest() throws Throwable { assertValidSyntax("CREATE ROLE r WITH LOGIN = true AND SUPERUSER = false AND PASSWORD = 'foo'"); assertValidSyntax("CREATE ROLE r WITH PASSWORD = 'foo' AND LOGIN = true AND SUPERUSER = false"); assertValidSyntax("CREATE ROLE r WITH SUPERUSER = true AND PASSWORD = 'foo' AND LOGIN = false"); assertValidSyntax("CREATE ROLE r WITH LOGIN = true AND PASSWORD = 'foo' AND SUPERUSER = false"); assertValidSyntax("CREATE ROLE r WITH SUPERUSER = true AND PASSWORD = 'foo' AND LOGIN = false"); assertValidSyntax("ALTER ROLE r WITH LOGIN = true AND SUPERUSER = false AND PASSWORD = 'foo'"); assertValidSyntax("ALTER ROLE r WITH PASSWORD = 'foo' AND LOGIN = true AND SUPERUSER = false"); assertValidSyntax("ALTER ROLE r WITH SUPERUSER = true AND PASSWORD = 'foo' AND LOGIN = false"); assertValidSyntax("ALTER ROLE r WITH LOGIN = true AND PASSWORD = 'foo' AND SUPERUSER = false"); assertValidSyntax("ALTER ROLE r WITH SUPERUSER = true AND PASSWORD = 'foo' AND LOGIN = false"); } @Test public void customOptionsSyntaxTest() throws Throwable { assertValidSyntax("CREATE ROLE r WITH OPTIONS = {'a':'b', 'b':1}"); assertInvalidSyntax("CREATE ROLE r WITH OPTIONS = 'term'"); assertInvalidSyntax("CREATE ROLE r WITH OPTIONS = 99"); assertValidSyntax("ALTER ROLE r WITH OPTIONS = {'a':'b', 'b':1}"); assertInvalidSyntax("ALTER ROLE r WITH OPTIONS = 'term'"); assertInvalidSyntax("ALTER ROLE r WITH OPTIONS = 99"); } @Test public void createSyntaxTest() throws Throwable { assertValidSyntax("CREATE ROLE r1"); assertValidSyntax("CREATE ROLE 'r1'"); assertValidSyntax("CREATE ROLE \"r1\""); assertValidSyntax("CREATE ROLE $$r1$$"); assertValidSyntax("CREATE ROLE $$ r1 ' x $ x ' $$"); assertValidSyntax("CREATE USER u1"); assertValidSyntax("CREATE USER 'u1'"); assertValidSyntax("CREATE USER $$u1$$"); assertValidSyntax("CREATE USER $$ u1 ' x $ x ' $$"); // user names may not be quoted names assertInvalidSyntax("CREATE USER \"u1\"", NO_QUOTED_USERNAME); } @Test public void dropSyntaxTest() throws Throwable { assertValidSyntax("DROP ROLE r1"); assertValidSyntax("DROP ROLE 'r1'"); assertValidSyntax("DROP ROLE \"r1\""); assertValidSyntax("DROP ROLE $$r1$$"); assertValidSyntax("DROP ROLE $$ r1 ' x $ x ' $$"); assertValidSyntax("DROP USER u1"); assertValidSyntax("DROP USER 'u1'"); assertValidSyntax("DROP USER $$u1$$"); assertValidSyntax("DROP USER $$ u1 ' x $ x ' $$"); // user names may not be quoted names assertInvalidSyntax("DROP USER \"u1\"", NO_QUOTED_USERNAME); } @Test public void alterSyntaxTest() throws Throwable { assertValidSyntax("ALTER ROLE r1 WITH PASSWORD = 'password'"); assertValidSyntax("ALTER ROLE 'r1' WITH PASSWORD = 'password'"); assertValidSyntax("ALTER ROLE \"r1\" WITH PASSWORD = 'password'"); assertValidSyntax("ALTER ROLE $$r1$$ WITH PASSWORD = 'password'"); assertValidSyntax("ALTER ROLE $$ r1 ' x $ x ' $$ WITH PASSWORD = 'password'"); // ALTER has slightly different form for USER (no =) assertValidSyntax("ALTER USER u1 WITH PASSWORD 'password'"); assertValidSyntax("ALTER USER 'u1' WITH PASSWORD 'password'"); assertValidSyntax("ALTER USER $$u1$$ WITH PASSWORD 'password'"); assertValidSyntax("ALTER USER $$ u1 ' x $ x ' $$ WITH PASSWORD 'password'"); // user names may not be quoted names assertInvalidSyntax("ALTER USER \"u1\" WITH PASSWORD 'password'", NO_QUOTED_USERNAME); } @Test public void grantRevokePermissionsSyntaxTest() throws Throwable { // grant/revoke on RoleResource assertValidSyntax("GRANT ALTER ON ROLE r1 TO r2"); assertValidSyntax("GRANT ALTER ON ROLE 'r1' TO \"r2\""); assertValidSyntax("GRANT ALTER ON ROLE \"r1\" TO 'r2'"); assertValidSyntax("GRANT ALTER ON ROLE $$r1$$ TO $$ r '2' $$"); assertValidSyntax("REVOKE ALTER ON ROLE r1 FROM r2"); assertValidSyntax("REVOKE ALTER ON ROLE 'r1' FROM \"r2\""); assertValidSyntax("REVOKE ALTER ON ROLE \"r1\" FROM 'r2'"); assertValidSyntax("REVOKE ALTER ON ROLE $$r1$$ FROM $$ r '2' $$"); // grant/revoke on DataResource assertValidSyntax("GRANT SELECT ON KEYSPACE ks TO r1"); assertValidSyntax("GRANT SELECT ON KEYSPACE ks TO 'r1'"); assertValidSyntax("GRANT SELECT ON KEYSPACE ks TO \"r1\""); assertValidSyntax("GRANT SELECT ON KEYSPACE ks TO $$ r '1' $$"); assertValidSyntax("REVOKE SELECT ON KEYSPACE ks FROM r1"); assertValidSyntax("REVOKE SELECT ON KEYSPACE ks FROM 'r1'"); assertValidSyntax("REVOKE SELECT ON KEYSPACE ks FROM \"r1\""); assertValidSyntax("REVOKE SELECT ON KEYSPACE ks FROM $$ r '1' $$"); } @Test public void listPermissionsSyntaxTest() throws Throwable { assertValidSyntax("LIST ALL PERMISSIONS ON ALL ROLES OF r1"); assertValidSyntax("LIST ALL PERMISSIONS ON ALL ROLES OF 'r1'"); assertValidSyntax("LIST ALL PERMISSIONS ON ALL ROLES OF \"r1\""); assertValidSyntax("LIST ALL PERMISSIONS ON ALL ROLES OF $$ r '1' $$"); assertValidSyntax("LIST ALL PERMISSIONS ON ROLE 'r1' OF r2"); assertValidSyntax("LIST ALL PERMISSIONS ON ROLE \"r1\" OF r2"); assertValidSyntax("LIST ALL PERMISSIONS ON ROLE $$ r '1' $$ OF r2"); assertValidSyntax("LIST ALL PERMISSIONS ON ROLE 'r1' OF 'r2'"); assertValidSyntax("LIST ALL PERMISSIONS ON ROLE \"r1\" OF \"r2\""); assertValidSyntax("LIST ALL PERMISSIONS ON ROLE $$r1$$ OF $$ r '2' $$"); assertValidSyntax("LIST ALL PERMISSIONS ON ALL KEYSPACES OF r1"); assertValidSyntax("LIST ALL PERMISSIONS ON ALL KEYSPACES OF 'r1'"); assertValidSyntax("LIST ALL PERMISSIONS ON ALL KEYSPACES OF \"r1\""); assertValidSyntax("LIST ALL PERMISSIONS ON ALL KEYSPACES OF $$ r '1' $$"); assertValidSyntax("LIST ALL PERMISSIONS OF r1"); assertValidSyntax("LIST ALL PERMISSIONS OF 'r1'"); assertValidSyntax("LIST ALL PERMISSIONS OF \"r1\""); assertValidSyntax("LIST ALL PERMISSIONS OF $$ r '1' $$"); } @Test public void listRolesSyntaxTest() throws Throwable { assertValidSyntax("LIST ROLES OF r1"); assertValidSyntax("LIST ROLES OF 'r1'"); assertValidSyntax("LIST ROLES OF \"r1\""); assertValidSyntax("LIST ROLES OF $$ r '1' $$"); } }