feat: access control checks above and beyond space rw checks
The patch adds remaining access checks for cluster wide management operations involving tables users and roles. Added checks closely follow ones in vanilla tarantool. Basic scenario now works. See newly added `test_create_space_smoke`. There are some follow ups I'd like to address separately, namely: - more tests for new ifs around box_access_check_ddl calls https://git.picodata.io/picodata/picodata/picodata/-/issues/420 - add tests for ownership semantics (these can be mostly ported from tarantool-module) blocked by https://git.picodata.io/picodata/picodata/picodata/-/issues/408 - port access.test and role.test from core (at some point later) https://git.picodata.io/picodata/picodata/picodata/-/issues/421 - Detect and prohibit circular role grants https://git.picodata.io/picodata/picodata/picodata/-/issues/415 Close #339
parent
161afc27
No related branches found
No related tags found
Showing
- src/access_control.rs 898 additions, 0 deletionssrc/access_control.rs
- src/cas.rs 5 additions, 10 deletionssrc/cas.rs
- src/lib.rs 6 additions, 0 deletionssrc/lib.rs
- src/sql.rs 4 additions, 2 deletionssrc/sql.rs
- test/conftest.py 70 additions, 6 deletionstest/conftest.py
- test/int/test_acl.py 66 additions, 57 deletionstest/int/test_acl.py
- test/int/test_sql.py 41 additions, 40 deletionstest/int/test_sql.py
Loading
Please register or sign in to comment