firebird-qa/tests/functional/syspriv/test_drop_database.py

#coding:utf-8

"""
ID:          syspriv.drop-database
TITLE:       Check ability to DROP database by non-sysdba user who is granted with necessary system privileges
DESCRIPTION:
  We make backup and restore of current DB to other name ('functional.syspriv.drop_database.tmp').
  Than we attach to DB 'functional.syspriv.drop_database.tmp' as user U01 and try to DROP it.
  This should NOT raise any error, database file should be deleted from disk.
FBTEST:      functional.syspriv.drop_database

NOTES:
    [20.05.2022] pzotov
    Test creates TEMPORARY database (beside of 'main' one) and uses SYSDBA for that.
    Then it creates NON-dba user and role with system privilege DROP_DATABASE.
    Finally, it grants role to non-dba user, makes connect to temporary DB and tries to DROP it using NON-dba user.
    Checked on 4.0.1.2692, 5.0.0.497.
"""

import pytest
from firebird.qa import *
from firebird.driver.types import DatabaseError

substitutions = [('[ \\t]+', ' '), ('DB_NAME.*TMP4TEST.TMP', 'DB_NAME TMP4TEST.TMP')]
db_main = db_factory()
tmp_user = user_factory('db_main', name='tmp_syspriv_user', password='123')
tmp_role = role_factory('db_main', name='tmp_role_for_drop_database')
act = python_act('db_main', substitutions = substitutions)

db_temp = db_factory(filename = 'tmp4test.tmp', do_not_create=True, do_not_drop=True)

expected_stdout_isql = """
    DB_NAME                         TMP4TEST.TMP
    WHO_AMI                         TMP_SYSPRIV_USER
    RDB$ROLE_NAME                   RDB$ADMIN
    RDB_ROLE_IN_USE                 <false>
    RDB$SYSTEM_PRIVILEGES           FFFFFFFFFFFFFFFF
    DB_NAME                         TMP4TEST.TMP
    WHO_AMI                         TMP_SYSPRIV_USER
    RDB$ROLE_NAME                   TMP_ROLE_FOR_DROP_DATABASE
    RDB_ROLE_IN_USE                 <true>
    RDB$SYSTEM_PRIVILEGES           0004000000000000
"""

@pytest.mark.version('>=4.0')
def test_1(act: Action, tmp_user: User, tmp_role:Role, db_temp: Database, capsys):
    init_script = \
    f"""
        set wng off;
        set list on;
        set bail on;

        create database '{db_temp.dsn}' user {act.db.user} password '{act.db.password}'; -- DB is created by ### SYSDBA ###

        create or alter view v_check as
        select
            upper(mon$database_name) as db_name
            ,current_user as who_ami
            ,r.rdb$role_name
            ,rdb$role_in_use(r.rdb$role_name) as RDB_ROLE_IN_USE
            ,r.rdb$system_privileges
        from mon$database m cross join rdb$roles r
        order by r.rdb$role_name;
        commit;
        grant select on v_check to public;
        commit;

        alter user {tmp_user.name} revoke admin role;
        revoke all on all from {tmp_user.name};
        commit;
        create role {tmp_role.name} set system privileges to DROP_DATABASE;
        commit;
        grant default {tmp_role.name} to user {tmp_user.name};
        commit;
        connect '{db_temp.dsn}' user {tmp_user.name} password '{tmp_user.password}';
        select * from v_check;
        commit;
        drop database; -- DB is dropped by ### NON-DBA ### who has granted with apropriate role with system privilege.
    """

    act.isql(switches=['-q'], input=init_script, connect_db = False, credentials = False, combine_output=True)
    act.expected_stdout = expected_stdout_isql
    assert act.clean_stdout == act.clean_expected_stdout
Firebird engine tests 2021-04-26 20:07:00 +02:00			`#coding:utf-8`

New metadata + cleanup 2022-02-04 19:05:19 +01:00			`"""`
			`ID: syspriv.drop-database`
			`TITLE: Check ability to DROP database by non-sysdba user who is granted with necessary system privileges`
			`DESCRIPTION:`
			`We make backup and restore of current DB to other name ('functional.syspriv.drop_database.tmp').`
			`Than we attach to DB 'functional.syspriv.drop_database.tmp' as user U01 and try to DROP it.`
			`This should NOT raise any error, database file should be deleted from disk.`
			`FBTEST: functional.syspriv.drop_database`
Added/Updated functional\syspriv\test_drop_database.py: Checked on 4.0.1.2692, 5.0.0.497. 2022-05-20 20:16:45 +02:00
			`NOTES:`
			`[20.05.2022] pzotov`
			`Test creates TEMPORARY database (beside of 'main' one) and uses SYSDBA for that.`
			`Then it creates NON-dba user and role with system privilege DROP_DATABASE.`
			`Finally, it grants role to non-dba user, makes connect to temporary DB and tries to DROP it using NON-dba user.`
			`Checked on 4.0.1.2692, 5.0.0.497.`
New metadata + cleanup 2022-02-04 19:05:19 +01:00			`"""`
Firebird engine tests 2021-04-26 20:07:00 +02:00
New metadata + cleanup 2022-02-04 19:05:19 +01:00			`import pytest`
			`from firebird.qa import *`
Added/Updated functional\syspriv\test_drop_database.py: Checked on 4.0.1.2692, 5.0.0.497. 2022-05-20 20:16:45 +02:00			`from firebird.driver.types import DatabaseError`
Firebird engine tests 2021-04-26 20:07:00 +02:00
Added/Updated functional\syspriv\test_drop_database.py: Checked on 4.0.1.2692, 5.0.0.497. 2022-05-20 20:16:45 +02:00			`substitutions = [('[ \\t]+', ' '), ('DB_NAME.*TMP4TEST.TMP', 'DB_NAME TMP4TEST.TMP')]`
			`db_main = db_factory()`
			`tmp_user = user_factory('db_main', name='tmp_syspriv_user', password='123')`
			`tmp_role = role_factory('db_main', name='tmp_role_for_drop_database')`
			`act = python_act('db_main', substitutions = substitutions)`
Firebird engine tests 2021-04-26 20:07:00 +02:00
Added/Updated functional\syspriv\test_drop_database.py: Checked on 4.0.1.2692, 5.0.0.497. 2022-05-20 20:16:45 +02:00			`db_temp = db_factory(filename = 'tmp4test.tmp', do_not_create=True, do_not_drop=True)`
New metadata + cleanup 2022-02-04 19:05:19 +01:00
Added/Updated functional\syspriv\test_drop_database.py: Checked on 4.0.1.2692, 5.0.0.497. 2022-05-20 20:16:45 +02:00			`expected_stdout_isql = """`
			`DB_NAME TMP4TEST.TMP`
			`WHO_AMI TMP_SYSPRIV_USER`
New metadata + cleanup 2022-02-04 19:05:19 +01:00			`RDB$ROLE_NAME RDB$ADMIN`
			`RDB_ROLE_IN_USE <false>`
			`RDB$SYSTEM_PRIVILEGES FFFFFFFFFFFFFFFF`
Added/Updated functional\syspriv\test_drop_database.py: Checked on 4.0.1.2692, 5.0.0.497. 2022-05-20 20:16:45 +02:00			`DB_NAME TMP4TEST.TMP`
			`WHO_AMI TMP_SYSPRIV_USER`
			`RDB$ROLE_NAME TMP_ROLE_FOR_DROP_DATABASE`
New metadata + cleanup 2022-02-04 19:05:19 +01:00			`RDB_ROLE_IN_USE <true>`
			`RDB$SYSTEM_PRIVILEGES 0004000000000000`
			`"""`

			`@pytest.mark.version('>=4.0')`
Added/Updated functional\syspriv\test_drop_database.py: Checked on 4.0.1.2692, 5.0.0.497. 2022-05-20 20:16:45 +02:00			`def test_1(act: Action, tmp_user: User, tmp_role:Role, db_temp: Database, capsys):`
			`init_script = \`
			`f"""`
			`set wng off;`
			`set list on;`
			`set bail on;`

			`create database '{db_temp.dsn}' user {act.db.user} password '{act.db.password}'; -- DB is created by ### SYSDBA ###`

			`create or alter view v_check as`
			`select`
			`upper(mon$database_name) as db_name`
			`,current_user as who_ami`
			`,r.rdb$role_name`
			`,rdb$role_in_use(r.rdb$role_name) as RDB_ROLE_IN_USE`
			`,r.rdb$system_privileges`
			`from mon$database m cross join rdb$roles r`
			`order by r.rdb$role_name;`
			`commit;`
			`grant select on v_check to public;`
			`commit;`

			`alter user {tmp_user.name} revoke admin role;`
			`revoke all on all from {tmp_user.name};`
			`commit;`
			`create role {tmp_role.name} set system privileges to DROP_DATABASE;`
			`commit;`
			`grant default {tmp_role.name} to user {tmp_user.name};`
			`commit;`
			`connect '{db_temp.dsn}' user {tmp_user.name} password '{tmp_user.password}';`
			`select * from v_check;`
			`commit;`
			`drop database; -- DB is dropped by ### NON-DBA ### who has granted with apropriate role with system privilege.`
			`"""`

			`act.isql(switches=['-q'], input=init_script, connect_db = False, credentials = False, combine_output=True)`
			`act.expected_stdout = expected_stdout_isql`
			`assert act.clean_stdout == act.clean_expected_stdout`
Firebird engine tests 2021-04-26 20:07:00 +02:00