From 7dbfbd9dfcc4a8ef296d8e2e86a3be65051449e6 Mon Sep 17 00:00:00 2001 From: taichong Date: Thu, 11 Jan 2024 11:20:23 +0800 Subject: [PATCH] chore(flaky): fix flaky 18_0002_ownership_cover --- .../18_rbac/18_0002_ownership_cover.result | 17 +++++++------ .../18_rbac/18_0002_ownership_cover.sh | 25 ++++++++----------- 2 files changed, 19 insertions(+), 23 deletions(-) diff --git a/tests/suites/0_stateless/18_rbac/18_0002_ownership_cover.result b/tests/suites/0_stateless/18_rbac/18_0002_ownership_cover.result index 6497a73b1d16..c737f4ea5aff 100644 --- a/tests/suites/0_stateless/18_rbac/18_0002_ownership_cover.result +++ b/tests/suites/0_stateless/18_rbac/18_0002_ownership_cover.result @@ -14,24 +14,25 @@ Error: APIError: ResponseError with 1063: Permission denied, privilege [Usage] i Error: APIError: ResponseError with 1063: Permission denied, privilege [Read] is required on STAGE hello for user 'owner'@'%' with roles [public,r_0002] Error: APIError: ResponseError with 1063: Permission denied, privilege [Select] is required on 'default'.'d_0002'.'t' for user 'owner'@'%' with roles [public,r_0002] === test ownership: show stmt === -Error: APIError: ResponseError with 1003: Unknown database 'db_a' public 0 false false role1 0 true true +t +t1 +db_a +information_schema GRANT OWNERSHIP ON 'default'.'db_a'.* TO ROLE `role1` GRANT OWNERSHIP ON 'default'.'db_a'.'t' TO ROLE `role1` GRANT OWNERSHIP ON 'default'.'db_a'.'t1' TO ROLE `role1` -GRANT CREATE ON *.* TO 'a'@'%' -GRANT OWNERSHIP ON 'default'.'db_a'.* TO ROLE `role1` -GRANT OWNERSHIP ON 'default'.'db_a'.'t1' TO ROLE `role1` -GRANT CREATE ON *.* TO 'a'@'%' -GRANT CREATE ON *.* TO 'b'@'%' GRANT OWNERSHIP ON 'default'.'db_a'.* TO 'b'@'%' +GRANT OWNERSHIP ON 'default'.'db_a'.'t' TO 'b'@'%' GRANT OWNERSHIP ON 'default'.'db_a'.'t1' TO 'b'@'%' -GRANT CREATE ON *.* TO 'a'@'%' GRANT OWNERSHIP ON 'default'.'db_a'.* TO 'a'@'%' +GRANT OWNERSHIP ON 'default'.'db_a'.'t' TO 'a'@'%' GRANT OWNERSHIP ON 'default'.'db_a'.'t1' TO 'a'@'%' +t t1 +t t1 -GRANT CREATE ON *.* TO 'a'@'%' Error: APIError: ResponseError with 1063: Permission denied: User 'a'@'%' does not have the required privileges for database 'db_a' +t t1 diff --git a/tests/suites/0_stateless/18_rbac/18_0002_ownership_cover.sh b/tests/suites/0_stateless/18_rbac/18_0002_ownership_cover.sh index 6cb6fc843ee8..3200ee75e482 100755 --- a/tests/suites/0_stateless/18_rbac/18_0002_ownership_cover.sh +++ b/tests/suites/0_stateless/18_rbac/18_0002_ownership_cover.sh @@ -83,34 +83,29 @@ echo "unset enable_experimental_rbac_check" | $BENDSQL_CLIENT_CONNECT echo "=== test ownership: show stmt ===" echo "drop user if exists a;" | $BENDSQL_CLIENT_CONNECT echo "drop user if exists b;" | $BENDSQL_CLIENT_CONNECT -echo "drop database db_a;" | $BENDSQL_CLIENT_CONNECT +echo "drop database if exists db_a;" | $BENDSQL_CLIENT_CONNECT echo "drop role if exists role1;" | $BENDSQL_CLIENT_CONNECT echo "create role role1;" | $BENDSQL_CLIENT_CONNECT -echo "create user a identified by '123' with DEFAULT_ROLE='role1';" | $BENDSQL_CLIENT_CONNECT -echo "create user b identified by '123';" | $BENDSQL_CLIENT_CONNECT -echo "grant create on *.* to a;" | $BENDSQL_CLIENT_CONNECT -echo "grant create on *.* to b;" | $BENDSQL_CLIENT_CONNECT +echo "create user a identified by '123'" | $BENDSQL_CLIENT_CONNECT +echo "create database db_a;" | $BENDSQL_CLIENT_CONNECT +echo "grant ownership on db_a.* to role role1;" | $BENDSQL_CLIENT_CONNECT echo "grant role role1 to a;" | $BENDSQL_CLIENT_CONNECT +echo "create user b identified by '123';" | $BENDSQL_CLIENT_CONNECT export USER_A_CONNECT="bendsql --user=a --password=123 --host=${QUERY_MYSQL_HANDLER_HOST} --port ${QUERY_HTTP_HANDLER_PORT}" export USER_B_CONNECT="bendsql --user=b --password=123 --host=${QUERY_MYSQL_HANDLER_HOST} --port ${QUERY_HTTP_HANDLER_PORT}" - +echo "set default role role1;" | $USER_A_CONNECT echo "show roles;" | $USER_A_CONNECT -echo "create database db_a;" | $USER_A_CONNECT echo "create table db_a.t(id int);" | $USER_A_CONNECT echo "create table db_a.t1(id int);" | $USER_A_CONNECT +echo "show tables from db_a" | $USER_A_CONNECT +echo "show databases" | $USER_A_CONNECT echo "show grants for role role1;" | $BENDSQL_CLIENT_CONNECT -echo "show grants for a;" | $BENDSQL_CLIENT_CONNECT - -echo "drop table db_a.t" | $USER_A_CONNECT - -echo "show grants for role role1;" | $BENDSQL_CLIENT_CONNECT -echo "show grants for a;" | $BENDSQL_CLIENT_CONNECT echo "grant role role1 to b;" | $BENDSQL_CLIENT_CONNECT echo "show grants for b;" | $BENDSQL_CLIENT_CONNECT @@ -122,12 +117,12 @@ echo "show tables from db_a;" | $USER_B_CONNECT echo "revoke role role1 from a;" | $BENDSQL_CLIENT_CONNECT echo "show grants for a ;" | $BENDSQL_CLIENT_CONNECT -echo "revoke create on *.* from a;" | $BENDSQL_CLIENT_CONNECT echo "show tables from db_a;" | $USER_A_CONNECT echo "show tables from db_a;" | $USER_B_CONNECT +echo "drop table db_a.t1;" | $USER_B_CONNECT +echo "drop database db_a;" | $BENDSQL_CLIENT_CONNECT echo "drop role if exists role1;" | $BENDSQL_CLIENT_CONNECT echo "drop user if exists a;" | $BENDSQL_CLIENT_CONNECT echo "drop user if exists b;" | $BENDSQL_CLIENT_CONNECT -echo "drop database db_a;" | $BENDSQL_CLIENT_CONNECT