From f1d0b707e72862641d7cc2a96f9531c3942a70e5 Mon Sep 17 00:00:00 2001
From: Konstantin Osipov <kostja@tarantool.org>
Date: Thu, 18 Dec 2014 01:38:13 +0300
Subject: [PATCH] Implement role 'replication'. Fixes gh-660.

Update tests to use this role.
---
 extra/schema_fill.lua                 |   5 +++++
 src/box/bootstrap.snap                | Bin 1926 -> 2069 bytes
 src/box/box.cc                        |   2 +-
 test/box/access.result                |  30 +++++++++++++-------------
 test/box/access_bin.result            |   2 +-
 test/box/access_misc.result           |  12 +++++++----
 test/box/access_misc.test.lua         |   7 +++---
 test/box/bootstrap.result             |   3 +++
 test/replication/cluster.result       |   4 ++--
 test/replication/cluster.test.py      |   4 ++--
 test/replication/consistent.test.lua  |   4 ++--
 test/replication/hot_standby.result   |   2 +-
 test/replication/hot_standby.test.lua |   2 +-
 test/replication/init_storage.result  |   2 +-
 test/replication/init_storage.test.py |   2 +-
 test/replication/readonly.result      |   2 +-
 test/replication/readonly.test.py     |   2 +-
 17 files changed, 49 insertions(+), 36 deletions(-)

diff --git a/extra/schema_fill.lua b/extra/schema_fill.lua
index 126b3161aa..19ee7a1764 100644
--- a/extra/schema_fill.lua
+++ b/extra/schema_fill.lua
@@ -62,10 +62,15 @@ _index:insert{_cluster.id, 1, 'uuid', 'tree', 1, 1, 1, 'str'}
 _user:insert{GUEST, ADMIN, 'guest', 'user'}
 _user:insert{ADMIN, ADMIN, 'admin', 'user'}
 _user:insert{PUBLIC, ADMIN, 'public', 'role'}
+RPL_ID = _user:auto_increment{ADMIN, 'replication', 'role'}[1]
 -- grant admin access to the universe
 _priv:insert{1, 1, 'universe', 0, 7}
 -- grant 'public' role access to 'box.schema.user.info' function
 _func:insert{1, 1, 'box.schema.user.info', 1}
 _priv:insert{1, 2, 'function', 1, 4}
+-- replication can read universe
+_priv:insert{1, RPL_ID, 'universe', 0, 1}
+-- replication can append to '_cluster' system space
+_priv:insert{1, RPL_ID, 'space', box.schema.CLUSTER_ID, 2}
 -- grant 'guest' role 'public'
 _priv:insert{1, 0, 'role', 2, 4}
diff --git a/src/box/bootstrap.snap b/src/box/bootstrap.snap
index b05c412abd7caacb3a4f7d12befa761f39e198e8..9756b8a9df93c84cfd3e105a97267cd25cb9520c 100644
GIT binary patch
delta 490
zcmZqUpDIuv?B^K3WuRwh#1))cRF+y~rI2i7oMLL8Y@};$VQ#5wVv>}iYhh|`p=)NA
zmTHt_nP_fdoWd36oRgoNZKY6cXr*9K%f)qd7x!u#hI5~fr&TTwfPf|jCT7MafpZKD
zi~@?2mM7<w7MG+J-Bd|QH8D)IG&0vUwKO&p(={<Su+X(gvb5ASG&f5$u{1R_Ff!RV
zRhi90k>T9wk1u~9n<o!3&p>esGvn%_)PkJM<iwK9{JbSa`8lZ|H;6Nwlew^@9$AmV
z<TGrN^;6{+O-B}0gqUQZIF*rcMQL6p(Cfvi4D28?q#4d-uFSiQtXc`7nrTH^X<jnO
zQbrb#YAJ?u@v$PekX0)qR5LFvE=WvHJzLA@zyvkBOn0>zvT7A1)d-g`f>fI_ocnNu
Yu?$(YDnzw|;v~kKD#S$9Re`l{0h#lghyVZp

delta 303
zcmbO#(8gaM?B^K3WuRwh#1))cRF+y~rC^bgY?_vAW~6IiW^Al$Vs37vYhh-Ps%vCn
zm~3vAmX?&7X2ccdoRgoNZKY6cXr*9K%f)qd7x!u#hI5Ort}t0100B)5Ow5c;0_PYQ
z7zGq3El<uVEiOqdx~Y<CVQ6A$l5D7(W{_whrfXtmmZWQ$mSUuvYH4g?o|a;6nQFRm
zsxq61IKw#;ZYK$3^W-P7OA0<X6SN*#P+_tbyDZE1yLFQ%%d(3{Fs(={%}XxH%+F(F
g0XfT*;aura0~BW|L7e5FIEnG53Nik@DzNq~09H_2UH||9

diff --git a/src/box/box.cc b/src/box/box.cc
index e7b2c45aff..20097d52de 100644
--- a/src/box/box.cc
+++ b/src/box/box.cc
@@ -305,7 +305,7 @@ boxk(enum iproto_type type, uint32_t space_id, const char *format, ...)
 /**
  * @brief Called when recovery/replication wants to add a new server
  * to cluster.
- * cluster_add_server() is called as a commit trigger on jcluster
+ * cluster_add_server() is called as a commit trigger on cluster
  * space and actually adds the server to the cluster.
  * @param server_uuid
  */
diff --git a/test/box/access.result b/test/box/access.result
index 2e5bf7f937..ea88661bcc 100644
--- a/test/box/access.result
+++ b/test/box/access.result
@@ -82,7 +82,7 @@ end;
 ...
 usermax();
 ---
-- error: User 'user29' is not found
+- error: User 'user28' is not found
 ...
 --# setopt delimiter ''
 box.schema.user.create('rich')
@@ -122,7 +122,7 @@ box.schema.user.revoke('rich', 'public')
 ...
 box.space['_user']:delete{uid}
 ---
-- [4, 1, 'rich', 'user', []]
+- [5, 1, 'rich', 'user', []]
 ...
 box.schema.user.drop('test')
 ---
@@ -318,7 +318,7 @@ box.schema.user.create('user1')
 ...
 box.space._user.index.name:select{'user1'}
 ---
-- - [3, 1, 'user1', 'user', []]
+- - [4, 1, 'user1', 'user', []]
 ...
 session.su('user1')
 ---
@@ -331,7 +331,7 @@ session.su('admin')
 ...
 box.space._user.index.name:select{'user1'}
 ---
-- - [3, 1, 'user1', 'user', {'chap-sha1': 'CRO/LiziDOIb+xlhrxJNSSBFjl8='}]
+- - [4, 1, 'user1', 'user', {'chap-sha1': 'CRO/LiziDOIb+xlhrxJNSSBFjl8='}]
 ...
 box.schema.user.drop('user1')
 ---
@@ -355,8 +355,8 @@ box.schema.user.grant('user', 'read,write', 'universe')
 ...
 box.space._priv:select{id}
 ---
-- - [1, 3, 'role', 2, 4]
-  - [1, 3, 'universe', 0, 3]
+- - [1, 4, 'role', 2, 4]
+  - [1, 4, 'universe', 0, 3]
 ...
 box.schema.user.grant('user', 'read', 'universe')
 ---
@@ -364,39 +364,39 @@ box.schema.user.grant('user', 'read', 'universe')
 ...
 box.space._priv:select{id}
 ---
-- - [1, 3, 'role', 2, 4]
-  - [1, 3, 'universe', 0, 3]
+- - [1, 4, 'role', 2, 4]
+  - [1, 4, 'universe', 0, 3]
 ...
 box.schema.user.revoke('user', 'write', 'universe')
 ---
 ...
 box.space._priv:select{id}
 ---
-- - [1, 3, 'role', 2, 4]
-  - [1, 3, 'universe', 0, 1]
+- - [1, 4, 'role', 2, 4]
+  - [1, 4, 'universe', 0, 1]
 ...
 box.schema.user.revoke('user', 'read', 'universe')
 ---
 ...
 box.space._priv:select{id}
 ---
-- - [1, 3, 'role', 2, 4]
+- - [1, 4, 'role', 2, 4]
 ...
 box.schema.user.grant('user', 'write', 'universe')
 ---
 ...
 box.space._priv:select{id}
 ---
-- - [1, 3, 'role', 2, 4]
-  - [1, 3, 'universe', 0, 2]
+- - [1, 4, 'role', 2, 4]
+  - [1, 4, 'universe', 0, 2]
 ...
 box.schema.user.grant('user', 'read', 'universe')
 ---
 ...
 box.space._priv:select{id}
 ---
-- - [1, 3, 'role', 2, 4]
-  - [1, 3, 'universe', 0, 3]
+- - [1, 4, 'role', 2, 4]
+  - [1, 4, 'universe', 0, 3]
 ...
 box.schema.user.drop('user')
 ---
diff --git a/test/box/access_bin.result b/test/box/access_bin.result
index ce7c815456..9dd70ba901 100644
--- a/test/box/access_bin.result
+++ b/test/box/access_bin.result
@@ -170,7 +170,7 @@ box.schema.user.drop('test')
 ...
 c.space.test:insert{1}
 ---
-- error: User '3' is not found
+- error: User '4' is not found
 ...
 c:close()
 ---
diff --git a/test/box/access_misc.result b/test/box/access_misc.result
index b181cbba87..381969b514 100644
--- a/test/box/access_misc.result
+++ b/test/box/access_misc.result
@@ -320,6 +320,9 @@ s:drop()
 box.schema.user.create('testuser')
 ---
 ...
+maxuid = box.space._user.index.primary:max()[1]
+---
+...
 box.schema.user.grant('testuser', 'write', 'space', '_user')
 ---
 ...
@@ -337,12 +340,12 @@ box.space._user:select(1)
 ---
 - error: Read access denied for user 'testuser' to space '_user'
 ...
-uid = box.space._user:insert{4, session.uid(), 'someone', 'user'}[1]
+uid = box.space._user:insert{maxuid+1, session.uid(), 'someone', 'user'}[1]
 ---
 ...
-box.space._user:delete(4)
+box.space._user:delete(uid)
 ---
-- [4, 3, 'someone', 'user']
+- [5, 4, 'someone', 'user']
 ...
 session.su('admin')
 ---
@@ -375,7 +378,7 @@ box.space._user:select(1)
 ---
 - - [1, 1, 'admin', 'user']
 ...
-box.space._user:insert{4,session.uid(),'someone2', 'user'}
+box.space._user:insert{uid, session.uid(), 'someone2', 'user'}
 ---
 - error: Write access denied for user 'testuser' to space '_user'
 ...
@@ -570,6 +573,7 @@ box.space._user:select()
 - - [0, 1, 'guest', 'user']
   - [1, 1, 'admin', 'user']
   - [2, 1, 'public', 'role']
+  - [3, 1, 'replication', 'role']
 ...
 box.space._space:select()
 ---
diff --git a/test/box/access_misc.test.lua b/test/box/access_misc.test.lua
index afe6d7be4b..e453d79acf 100644
--- a/test/box/access_misc.test.lua
+++ b/test/box/access_misc.test.lua
@@ -134,14 +134,15 @@ s:drop()
 -- Check write grant on _user
 --
 box.schema.user.create('testuser')
+maxuid = box.space._user.index.primary:max()[1]
 
 box.schema.user.grant('testuser', 'write', 'space', '_user')
 session.su('testuser')
 testuser_uid = session.uid()
 box.space._user:delete(2)
 box.space._user:select(1)
-uid = box.space._user:insert{4, session.uid(), 'someone', 'user'}[1]
-box.space._user:delete(4)
+uid = box.space._user:insert{maxuid+1, session.uid(), 'someone', 'user'}[1]
+box.space._user:delete(uid)
 
 session.su('admin')
 box.space._user:select(1)
@@ -154,7 +155,7 @@ box.schema.user.grant('testuser', 'read', 'space', '_user')
 session.su('testuser')
 box.space._user:delete(2)
 box.space._user:select(1)
-box.space._user:insert{4,session.uid(),'someone2', 'user'}
+box.space._user:insert{uid, session.uid(), 'someone2', 'user'}
 
 session.su('admin')
 --
diff --git a/test/box/bootstrap.result b/test/box/bootstrap.result
index d42ed4f182..9c96110c22 100644
--- a/test/box/bootstrap.result
+++ b/test/box/bootstrap.result
@@ -80,6 +80,7 @@ box.space._user:select{}
 - - [0, 1, 'guest', 'user']
   - [1, 1, 'admin', 'user']
   - [2, 1, 'public', 'role']
+  - [3, 1, 'replication', 'role']
 ...
 box.space._func:select{}
 ---
@@ -90,4 +91,6 @@ box.space._priv:select{}
 - - [1, 0, 'role', 2, 4]
   - [1, 1, 'universe', 0, 7]
   - [1, 2, 'function', 1, 4]
+  - [1, 3, 'space', 320, 2]
+  - [1, 3, 'universe', 0, 1]
 ...
diff --git a/test/replication/cluster.result b/test/replication/cluster.result
index fc11db893f..520f03d4ea 100644
--- a/test/replication/cluster.result
+++ b/test/replication/cluster.result
@@ -32,7 +32,7 @@ box.space._cluster:replace{1, require('uuid').NULL:str()}
 -------------------------------------------------------------
 gh-527: update vclock on delete from box.space._cluster
 -------------------------------------------------------------
-box.schema.user.grant('guest', 'read,write,execute', 'universe')
+box.schema.user.grant('guest', 'replication')
 ---
 ...
 box.space._schema:insert{"test", 48}
@@ -131,6 +131,6 @@ box.info.vclock[11]
 ---
 - 0
 ...
-box.schema.user.revoke('guest', 'read,write,execute', 'universe')
+box.schema.user.revoke('guest', 'replication')
 ---
 ...
diff --git a/test/replication/cluster.test.py b/test/replication/cluster.test.py
index 5beec7a8e8..11ef2c1a4c 100644
--- a/test/replication/cluster.test.py
+++ b/test/replication/cluster.test.py
@@ -47,7 +47,7 @@ print '-------------------------------------------------------------'
 master = server
 master_id = master.get_param('server')['id']
 
-master.admin("box.schema.user.grant('guest', 'read,write,execute', 'universe')")
+master.admin("box.schema.user.grant('guest', 'replication')")
 
 replica = TarantoolServer(server.ini)
 replica.script = 'replication/replica.lua'
@@ -98,4 +98,4 @@ replica.admin('box.info.vclock[%d]' % replica_id3)
 # Cleanup
 sys.stdout.pop_filter()
 
-master.admin("box.schema.user.revoke('guest', 'read,write,execute', 'universe')")
+master.admin("box.schema.user.revoke('guest', 'replication')")
diff --git a/test/replication/consistent.test.lua b/test/replication/consistent.test.lua
index 06c18ac135..a921afba79 100644
--- a/test/replication/consistent.test.lua
+++ b/test/replication/consistent.test.lua
@@ -1,7 +1,7 @@
 --# create server replica with rpl_master=default, script='replication/replica.lua'
 --# start server replica
 --# set connection default
-box.schema.user.grant('guest', 'read,write,execute', 'universe')
+box.schema.user.grant('guest', 'replication')
 -- Wait until the grant reaches the replica
 --# set connection replica
 while box.space['_priv']:len() < 1 do box.fiber.sleep(0.01) end
@@ -172,4 +172,4 @@ box.space[0]:insert{0, 'replica is RO'}
 --# cleanup server replica
 --# set connection default
 box.space[0]:drop()
-box.schema.user.revoke('guest', 'read,write,execute', 'universe')
+box.schema.user.revoke('guest', 'replication')
diff --git a/test/replication/hot_standby.result b/test/replication/hot_standby.result
index 571613664c..a864e40da0 100644
--- a/test/replication/hot_standby.result
+++ b/test/replication/hot_standby.result
@@ -1,5 +1,5 @@
 --# set connection default
-box.schema.user.grant('guest', 'read,write,execute', 'universe')
+box.schema.user.grant('guest', 'replication')
 ---
 ...
 --# create server hot_standby with script='replication/hot_standby.lua', rpl_master=default
diff --git a/test/replication/hot_standby.test.lua b/test/replication/hot_standby.test.lua
index 655c226527..d296e1726b 100644
--- a/test/replication/hot_standby.test.lua
+++ b/test/replication/hot_standby.test.lua
@@ -1,5 +1,5 @@
 --# set connection default
-box.schema.user.grant('guest', 'read,write,execute', 'universe')
+box.schema.user.grant('guest', 'replication')
 --# create server hot_standby with script='replication/hot_standby.lua', rpl_master=default
 --# create server replica with rpl_master=default, script='replication/replica.lua'
 --# start server hot_standby
diff --git a/test/replication/init_storage.result b/test/replication/init_storage.result
index a013177fbb..f2d992e897 100644
--- a/test/replication/init_storage.result
+++ b/test/replication/init_storage.result
@@ -1,4 +1,4 @@
-box.schema.user.grant('guest', 'read,write,execute', 'universe')
+box.schema.user.grant('guest', 'replication')
 ---
 ...
 space = box.schema.create_space('test', {id =  42})
diff --git a/test/replication/init_storage.test.py b/test/replication/init_storage.test.py
index 4f6f78a6d0..d17f7cbf3f 100644
--- a/test/replication/init_storage.test.py
+++ b/test/replication/init_storage.test.py
@@ -6,7 +6,7 @@ from lib.tarantool_server import TarantoolServer
 master = server
 master_id = master.get_param('server')['id']
 
-master.admin("box.schema.user.grant('guest', 'read,write,execute', 'universe')")
+master.admin("box.schema.user.grant('guest', 'replication')")
 master.admin("space = box.schema.create_space('test', {id =  42})")
 master.admin("index = space:create_index('primary', { type = 'tree'})")
 
diff --git a/test/replication/readonly.result b/test/replication/readonly.result
index 9a3b22b210..f6d59d4e12 100644
--- a/test/replication/readonly.result
+++ b/test/replication/readonly.result
@@ -1,4 +1,4 @@
-box.schema.user.grant('guest', 'read,write,execute', 'universe')
+box.schema.user.grant('guest', 'replication')
 ---
 ...
 box.info.server.id
diff --git a/test/replication/readonly.test.py b/test/replication/readonly.test.py
index 24789c51a7..deb323536d 100644
--- a/test/replication/readonly.test.py
+++ b/test/replication/readonly.test.py
@@ -6,7 +6,7 @@ from lib.tarantool_server import TarantoolServer
 master = server
 master_id = master.get_param('server')['id']
 
-master.admin("box.schema.user.grant('guest', 'read,write,execute', 'universe')")
+master.admin("box.schema.user.grant('guest', 'replication')")
 
 replica = TarantoolServer(server.ini)
 replica.script = 'replication/replica.lua'
-- 
GitLab