dolthub · Hydrocharged · Feb 1, 2022 · Feb 1, 2022
diff --git a/enginetest/priv_auth_queries.go b/enginetest/priv_auth_queries.go
@@ -200,6 +200,343 @@ var UserPrivTests = []UserPrivilegeTest{
 			},
 		},
 	},
+	{
+		Name: "Basic revoke SELECT privilege",
+		SetUpScript: []string{
+			"CREATE TABLE test (pk BIGINT PRIMARY KEY);",
+			"INSERT INTO test VALUES (1), (2), (3);",
+			"CREATE USER tester@localhost;",
+			"GRANT SELECT ON *.* TO tester@localhost;",
+		},
+		Assertions: []UserPrivilegeTestAssertion{
+			{
+				User:     "tester",
+				Host:     "localhost",
+				Query:    "SELECT * FROM test;",
+				Expected: []sql.Row{{1}, {2}, {3}},
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT User, Host, Select_priv FROM mysql.user WHERE User = 'tester';",
+				Expected: []sql.Row{{"tester", "localhost", "Y"}},
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "REVOKE SELECT ON *.* FROM tester@localhost;",
+				Expected: []sql.Row{{sql.NewOkResult(0)}},
+			},
+			{
+				User:        "tester",
+				Host:        "localhost",
+				Query:       "SELECT * FROM test;",
+				ExpectedErr: sql.ErrPrivilegeCheckFailed,
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT User, Host, Select_priv FROM mysql.user WHERE User = 'tester';",
+				Expected: []sql.Row{{"tester", "localhost", "N"}},
+			},
+		},
+	},
+	{
+		Name: "Basic revoke all global static privileges",
+		SetUpScript: []string{
+			"CREATE TABLE test (pk BIGINT PRIMARY KEY);",
+			"INSERT INTO test VALUES (1), (2), (3);",
+			"CREATE USER tester@localhost;",
+			"GRANT ALL ON *.* TO tester@localhost;",
+		},
+		Assertions: []UserPrivilegeTestAssertion{
+			{
+				User:     "tester",
+				Host:     "localhost",
+				Query:    "INSERT INTO test VALUES (4);",
+				Expected: []sql.Row{{sql.NewOkResult(1)}},
+			},
+			{
+				User:     "tester",
+				Host:     "localhost",
+				Query:    "SELECT * FROM test;",
+				Expected: []sql.Row{{1}, {2}, {3}, {4}},
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT User, Host, Select_priv, Insert_priv FROM mysql.user WHERE User = 'tester';",
+				Expected: []sql.Row{{"tester", "localhost", "Y", "Y"}},
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "REVOKE ALL ON *.* FROM tester@localhost;",
+				Expected: []sql.Row{{sql.NewOkResult(0)}},
+			},
+			{
+				User:        "tester",
+				Host:        "localhost",
+				Query:       "SELECT * FROM test;",
+				ExpectedErr: sql.ErrPrivilegeCheckFailed,
+			},
+			{
+				User:        "tester",
+				Host:        "localhost",
+				Query:       "INSERT INTO test VALUES (5);",
+				ExpectedErr: sql.ErrPrivilegeCheckFailed,
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT User, Host, Select_priv, Insert_priv FROM mysql.user WHERE User = 'tester';",
+				Expected: []sql.Row{{"tester", "localhost", "N", "N"}},
+			},
+		},
+	},
+	{
+		Name: "Basic role creation",
+		SetUpScript: []string{
+			"CREATE ROLE test_role;",
+		},
+		Assertions: []UserPrivilegeTestAssertion{
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT User, Host, account_locked FROM mysql.user WHERE User = 'test_role';",
+				Expected: []sql.Row{{"test_role", "%", "Y"}},
+			},
+		},
+	},
+	{
+		Name: "Grant Role with SELECT Privilege",
+		SetUpScript: []string{
+			"SET @@GLOBAL.activate_all_roles_on_login = true;",
+			"CREATE TABLE test (pk BIGINT PRIMARY KEY);",
+			"INSERT INTO test VALUES (1), (2), (3);",
+			"CREATE USER tester@localhost;",
+			"CREATE ROLE test_role;",
+			"GRANT SELECT ON *.* TO test_role;",
+		},
+		Assertions: []UserPrivilegeTestAssertion{
+			{
+				User:        "tester",
+				Host:        "localhost",
+				Query:       "SELECT * FROM test;",
+				ExpectedErr: sql.ErrPrivilegeCheckFailed,
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT COUNT(*) FROM mysql.role_edges;",
+				Expected: []sql.Row{{0}},
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "GRANT test_role TO tester@localhost;",
+				Expected: []sql.Row{{sql.NewOkResult(0)}},
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT * FROM mysql.role_edges;",
+				Expected: []sql.Row{{"%", "test_role", "localhost", "tester", "N"}},
+			},
+			{
+				User:     "tester",
+				Host:     "localhost",
+				Query:    "SELECT * FROM test;",
+				Expected: []sql.Row{{1}, {2}, {3}},
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT User, Host, Select_priv FROM mysql.user WHERE User = 'tester';",
+				Expected: []sql.Row{{"tester", "localhost", "N"}},
+			},
+		},
+	},
+	{
+		Name: "Revoke role currently granted to a user",
+		SetUpScript: []string{
+			"SET @@GLOBAL.activate_all_roles_on_login = true;",
+			"CREATE TABLE test (pk BIGINT PRIMARY KEY);",
+			"INSERT INTO test VALUES (1), (2), (3);",
+			"CREATE USER tester@localhost;",
+			"CREATE ROLE test_role;",
+			"GRANT SELECT ON *.* TO test_role;",
+			"GRANT test_role TO tester@localhost;",
+		},
+		Assertions: []UserPrivilegeTestAssertion{
+			{
+				User:     "tester",
+				Host:     "localhost",
+				Query:    "SELECT * FROM test;",
+				Expected: []sql.Row{{1}, {2}, {3}},
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT * FROM mysql.role_edges;",
+				Expected: []sql.Row{{"%", "test_role", "localhost", "tester", "N"}},
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "REVOKE test_role FROM tester@localhost;",
+				Expected: []sql.Row{{sql.NewOkResult(0)}},
+			},
+			{
+				User:        "tester",
+				Host:        "localhost",
+				Query:       "SELECT * FROM test;",
+				ExpectedErr: sql.ErrPrivilegeCheckFailed,
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT COUNT(*) FROM mysql.role_edges;",
+				Expected: []sql.Row{{0}},
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT COUNT(*) FROM mysql.user WHERE User = 'test_role';",
+				Expected: []sql.Row{{1}},
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT COUNT(*) FROM mysql.user WHERE User = 'tester';",
+				Expected: []sql.Row{{1}},
+			},
+		},
+	},
+	{
+		Name: "Drop role currently granted to a user",
+		SetUpScript: []string{
+			"SET @@GLOBAL.activate_all_roles_on_login = true;",
+			"CREATE TABLE test (pk BIGINT PRIMARY KEY);",
+			"INSERT INTO test VALUES (1), (2), (3);",
+			"CREATE USER tester@localhost;",
+			"CREATE ROLE test_role;",
+			"GRANT SELECT ON *.* TO test_role;",
+			"GRANT test_role TO tester@localhost;",
+		},
+		Assertions: []UserPrivilegeTestAssertion{
+			{
+				User:     "tester",
+				Host:     "localhost",
+				Query:    "SELECT * FROM test;",
+				Expected: []sql.Row{{1}, {2}, {3}},
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT * FROM mysql.role_edges;",
+				Expected: []sql.Row{{"%", "test_role", "localhost", "tester", "N"}},
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "DROP ROLE test_role;",
+				Expected: []sql.Row{{sql.NewOkResult(0)}},
+			},
+			{
+				User:        "tester",
+				Host:        "localhost",
+				Query:       "SELECT * FROM test;",
+				ExpectedErr: sql.ErrPrivilegeCheckFailed,
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT COUNT(*) FROM mysql.role_edges;",
+				Expected: []sql.Row{{0}},
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT COUNT(*) FROM mysql.user WHERE User = 'test_role';",
+				Expected: []sql.Row{{0}},
+			},
+			{ // Ensure nothing wonky happened like the user was deleted as well
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT COUNT(*) FROM mysql.user WHERE User = 'tester';",
+				Expected: []sql.Row{{1}},
+			},
+			{
+				User:        "root",
+				Host:        "localhost",
+				Query:       "DROP ROLE test_role;",
+				ExpectedErr: sql.ErrRoleDeletionFailure,
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "DROP ROLE IF EXISTS test_role;",
+				Expected: []sql.Row{{sql.NewOkResult(0)}},
+			},
+		},
+	},
+	{
+		Name: "Drop user with role currently granted",
+		SetUpScript: []string{
+			"SET @@GLOBAL.activate_all_roles_on_login = true;",
+			"CREATE TABLE test (pk BIGINT PRIMARY KEY);",
+			"INSERT INTO test VALUES (1), (2), (3);",
+			"CREATE USER tester@localhost;",
+			"CREATE ROLE test_role;",
+			"GRANT SELECT ON *.* TO test_role;",
+			"GRANT test_role TO tester@localhost;",
+		},
+		Assertions: []UserPrivilegeTestAssertion{
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT * FROM mysql.role_edges;",
+				Expected: []sql.Row{{"%", "test_role", "localhost", "tester", "N"}},
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "DROP USER tester@localhost;",
+				Expected: []sql.Row{{sql.NewOkResult(0)}},
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT COUNT(*) FROM mysql.role_edges;",
+				Expected: []sql.Row{{0}},
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT COUNT(*) FROM mysql.user WHERE User = 'tester';",
+				Expected: []sql.Row{{0}},
+			},
+			{ // Ensure nothing wonky happened like the role was deleted as well
+				User:     "root",
+				Host:     "localhost",
+				Query:    "SELECT COUNT(*) FROM mysql.user WHERE User = 'test_role';",
+				Expected: []sql.Row{{1}},
+			},
+			{
+				User:        "root",
+				Host:        "localhost",
+				Query:       "DROP USER tester@localhost;",
+				ExpectedErr: sql.ErrUserDeletionFailure,
+			},
+			{
+				User:     "root",
+				Host:     "localhost",
+				Query:    "DROP USER IF EXISTS tester@localhost;",
+				Expected: []sql.Row{{sql.NewOkResult(0)}},
+			},
+		},
+	},
 }
 
 // ServerAuthTests test the server authentication system. These tests always have the root account available, and the