Update auth tests for SELECT_MASKED permission

atch by Andrés de la Peña; reviewed by Benjamin Lerer and Berenguer Blasi for CASSANDRA-18070
apache · Mar 23, 2023 · f073dbc · f073dbc
1 parent f558a3f
commit f073dbc
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 13 deletions.
diff --git a/auth_test.py b/auth_test.py
@@ -34,7 +34,7 @@ def role_creator_permissions(self, creator, role):
             permissions = ('ALTER', 'DROP', 'DESCRIBE')
         return [(creator, role, perm) for perm in permissions]
 
-    def cluster_version_has_unmask_permission(self):
+    def cluster_version_has_masking_permissions(self):
         return self.cluster.version() >= LooseVersion('4.2')
 
     def data_resource_creator_permissions(self, creator, resource):
@@ -48,8 +48,9 @@ def data_resource_creator_permissions(self, creator, resource):
         for perm in 'SELECT', 'MODIFY', 'ALTER', 'DROP', 'AUTHORIZE':
             permissions.append((creator, resource, perm))
 
-        if self.cluster_version_has_unmask_permission():
+        if self.cluster_version_has_masking_permissions():
             permissions.append((creator, resource, 'UNMASK'))
+            permissions.append((creator, resource, 'SELECT_MASKED'))
 
         if resource.startswith("<keyspace "):
             permissions.append((creator, resource, 'CREATE'))
@@ -1683,8 +1684,9 @@ def test_filter_granted_permissions_by_resource_type(self):
                        ("mike", "<keyspace ks>", "SELECT"),
                        ("mike", "<keyspace ks>", "MODIFY"),
                        ("mike", "<keyspace ks>", "AUTHORIZE")]
-        if self.cluster_version_has_unmask_permission():
+        if self.cluster_version_has_masking_permissions():
             permissions.append(("mike", "<keyspace ks>", "UNMASK"))
+            permissions.append(("mike", "<keyspace ks>", "SELECT_MASKED"))
         self.assert_permissions_listed(permissions,
                                        self.superuser,
                                        "LIST ALL PERMISSIONS OF mike")
@@ -1697,8 +1699,9 @@ def test_filter_granted_permissions_by_resource_type(self):
                        ("mike", "<table ks.cf>", "SELECT"),
                        ("mike", "<table ks.cf>", "MODIFY"),
                        ("mike", "<table ks.cf>", "AUTHORIZE")]
-        if self.cluster_version_has_unmask_permission():
+        if self.cluster_version_has_masking_permissions():
             permissions.append(("mike", "<table ks.cf>", "UNMASK"))
+            permissions.append(("mike", "<table ks.cf>", "SELECT_MASKED"))
         self.assert_permissions_listed(permissions,
                                        self.superuser,
                                        "LIST ALL PERMISSIONS OF mike")

diff --git a/cqlsh_tests/test_cqlsh.py b/cqlsh_tests/test_cqlsh.py
@@ -786,15 +786,16 @@ def test_list_queries(self):
         if self.cluster.version() >= LooseVersion('4.2'):
             self.verify_output("LIST ALL PERMISSIONS OF user1", node1, """
  role  | username | resource      | permission
--------+----------+---------------+------------
- user1 |    user1 | <table ks.t1> |      ALTER
- user1 |    user1 | <table ks.t1> |       DROP
- user1 |    user1 | <table ks.t1> |     SELECT
- user1 |    user1 | <table ks.t1> |     MODIFY
- user1 |    user1 | <table ks.t1> |  AUTHORIZE
- user1 |    user1 | <table ks.t1> |     UNMASK
-
-(6 rows)
+-------+----------+---------------+---------------
+ user1 |    user1 | <table ks.t1> |         ALTER
+ user1 |    user1 | <table ks.t1> |          DROP
+ user1 |    user1 | <table ks.t1> |        SELECT
+ user1 |    user1 | <table ks.t1> |        MODIFY
+ user1 |    user1 | <table ks.t1> |     AUTHORIZE
+ user1 |    user1 | <table ks.t1> |        UNMASK
+ user1 |    user1 | <table ks.t1> | SELECT_MASKED
+
+(7 rows)
 """)
         elif self.cluster.version() >= LooseVersion('2.2'):
             self.verify_output("LIST ALL PERMISSIONS OF user1", node1, """