2021-12-22 20:25:10 +01:00
|
|
|
#coding:utf-8
|
|
|
|
|
|
2022-02-04 19:05:19 +01:00
|
|
|
"""
|
|
|
|
|
ID: syspriv.change-mapping-rules
|
|
|
|
|
TITLE: Check ability to manage auth mappings
|
|
|
|
|
DESCRIPTION:
|
|
|
|
|
Verify ability to issue CREATE / ALTER / DROP MAPPING by non-sysdba user.
|
|
|
|
|
FBTEST: functional.syspriv.change_mapping_rules
|
|
|
|
|
"""
|
2021-12-22 20:25:10 +01:00
|
|
|
|
2022-02-04 19:05:19 +01:00
|
|
|
import pytest
|
|
|
|
|
from firebird.qa import *
|
2021-12-22 20:25:10 +01:00
|
|
|
|
2022-02-04 19:05:19 +01:00
|
|
|
db = db_factory()
|
2021-12-22 20:25:10 +01:00
|
|
|
|
2022-02-04 19:05:19 +01:00
|
|
|
test_user = user_factory('db', name='john_smith_mapping_manager', do_not_create=True)
|
|
|
|
|
test_role = role_factory('db', name='tmp_role_for_change_mapping', do_not_create=True)
|
2021-12-22 20:25:10 +01:00
|
|
|
|
2022-02-04 19:05:19 +01:00
|
|
|
test_script = """
|
2021-12-22 20:25:10 +01:00
|
|
|
set wng off;
|
|
|
|
|
-- set bail on;
|
|
|
|
|
set list on;
|
|
|
|
|
|
|
|
|
|
-- NB: without 'grant admin role' it is unable to create GLOBAL mapping:
|
|
|
|
|
-- Statement failed, SQLSTATE = 28000 / ... / -CREATE OR ALTER MAPPING ... failed
|
|
|
|
|
-- -Unable to perform operation /-System privilege CHANGE_MAPPING_RULES is missing
|
|
|
|
|
create or alter
|
|
|
|
|
user john_smith_mapping_manager
|
|
|
|
|
password '123'
|
|
|
|
|
grant admin role --- [ !!! ]
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
set term ^;
|
|
|
|
|
execute block as
|
|
|
|
|
begin
|
|
|
|
|
execute statement 'drop role tmp_role_for_change_mapping';
|
|
|
|
|
when any do begin end
|
|
|
|
|
end^
|
|
|
|
|
set term ;^
|
|
|
|
|
|
|
|
|
|
create role tmp_role_for_change_mapping set system privileges to CHANGE_MAPPING_RULES;
|
|
|
|
|
commit;
|
|
|
|
|
|
|
|
|
|
grant default tmp_role_for_change_mapping to user john_smith_mapping_manager;
|
|
|
|
|
commit;
|
|
|
|
|
|
|
|
|
|
connect '$(DSN)' user john_smith_mapping_manager password '123'; -- role tmp_role_for_change_mapping;
|
|
|
|
|
|
|
|
|
|
create or alter mapping tmp_syspriv_local_map using plugin srp from any user to user;
|
|
|
|
|
create or alter global mapping tmp_syspriv_global_map using plugin srp from any user to user;
|
|
|
|
|
commit;
|
|
|
|
|
|
|
|
|
|
show mapping;
|
2022-02-04 19:05:19 +01:00
|
|
|
|
2021-12-22 20:25:10 +01:00
|
|
|
drop global mapping tmp_syspriv_global_map;
|
|
|
|
|
drop mapping tmp_syspriv_local_map;
|
|
|
|
|
commit;
|
|
|
|
|
|
2022-02-04 19:05:19 +01:00
|
|
|
--connect '$(DSN)' user sysdba password 'masterkey';
|
|
|
|
|
--drop user john_smith_mapping_manager;
|
|
|
|
|
--drop role tmp_role_for_change_mapping;
|
|
|
|
|
--commit;
|
2021-12-22 20:25:10 +01:00
|
|
|
"""
|
|
|
|
|
|
2022-02-04 19:05:19 +01:00
|
|
|
act = isql_act('db', test_script, substitutions=[('.*Global mapping.*', '')])
|
2021-12-22 20:25:10 +01:00
|
|
|
|
2022-02-04 19:05:19 +01:00
|
|
|
expected_stdout = """
|
2021-12-22 20:25:10 +01:00
|
|
|
TMP_SYSPRIV_LOCAL_MAP USING PLUGIN SRP FROM ANY USER TO USER
|
|
|
|
|
*** Global mapping ***
|
|
|
|
|
TMP_SYSPRIV_GLOBAL_MAP USING PLUGIN SRP FROM ANY USER TO USER
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
@pytest.mark.version('>=4.0')
|
2022-02-04 19:05:19 +01:00
|
|
|
def test_1(act: Action, test_user, test_role):
|
|
|
|
|
act.expected_stdout = expected_stdout
|
|
|
|
|
act.execute()
|
|
|
|
|
assert act.clean_stdout == act.clean_expected_stdout
|
