-
Notifications
You must be signed in to change notification settings - Fork 465
/
Copy pathaudit_log.slt
307 lines (244 loc) · 12.1 KB
/
audit_log.slt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
# Copyright Materialize, Inc. and contributors. All rights reserved.
#
# Use of this software is governed by the Business Source License
# included in the LICENSE file at the root of this repository.
#
# As of the Change Date specified in that file, in accordance with
# the Business Source License, use of this software will be governed
# by the Apache License, Version 2.0.
# Test expected population of mz_audit_events after some DDL statements.
mode cockroach
# Start from a pristine server
reset-server
statement ok
CREATE DATABASE test
statement ok
CREATE SCHEMA test.sc1
statement ok
CREATE SCHEMA test.sc2
statement ok
DROP SCHEMA test.sc1
statement ok
DROP DATABASE test
statement ok
CREATE ROLE foo
statement ok
DROP ROLE foo
statement ok
CREATE CLUSTER foo REPLICAS (r (SIZE '1'));
statement ok
CREATE MATERIALIZED VIEW v2 AS SELECT 1
statement ok
CREATE VIEW unmat AS SELECT 1
statement ok
CREATE TABLE t ()
statement ok
CREATE DEFAULT INDEX ON t
statement ok
ALTER VIEW unmat RENAME TO renamed
statement ok
CREATE OR REPLACE MATERIALIZED VIEW v2 AS SELECT 2
statement ok
CREATE DEFAULT INDEX ON renamed
statement ok
DROP VIEW renamed
statement ok
CREATE SOURCE s FROM LOAD GENERATOR COUNTER;
statement ok
DROP SOURCE s;
statement ok
CREATE SOURCE multiplex FROM LOAD GENERATOR AUCTION;
statement ok
CREATE TABLE accounts FROM SOURCE multiplex (REFERENCE accounts);
statement ok
CREATE TABLE auctions FROM SOURCE multiplex (REFERENCE auctions);
statement ok
CREATE TABLE bids FROM SOURCE multiplex (REFERENCE bids);
statement ok
CREATE TABLE organizations FROM SOURCE multiplex (REFERENCE organizations);
statement ok
CREATE TABLE users FROM SOURCE multiplex (REFERENCE users);
statement ok
ALTER CLUSTER REPLICA foo.r RENAME TO s;
statement ok
COMMENT ON CLUSTER foo IS 'test comment'
statement ok
COMMENT ON CLUSTER foo IS NULL
statement ok
ALTER CLUSTER foo RENAME TO bar;
statement ok
DROP CLUSTER REPLICA bar.s;
statement ok
DROP CLUSTER bar;
statement ok
ALTER MATERIALIZED VIEW v2 SET (RETAIN HISTORY FOR '5m');
statement ok
ALTER MATERIALIZED VIEW v2 RESET (RETAIN HISTORY);
statement ok
COMMENT ON MATERIALIZED VIEW v2 IS 'test comment'
statement ok
CREATE CONNECTION conn TO SSH TUNNEL (HOST 'host', PORT 22, USER 'materialize')
statement ok
ALTER CONNECTION conn ROTATE KEYS
simple conn=mz_system,user=mz_system
ALTER SYSTEM SET max_aws_privatelink_connections = '10'
----
COMPLETE 0
simple conn=mz_system,user=mz_system
ALTER SYSTEM RESET max_aws_privatelink_connections
----
COMPLETE 0
simple conn=mz_system,user=mz_system
ALTER SYSTEM RESET ALL
----
COMPLETE 0
query ITTTT
SELECT id, event_type, object_type, details, user FROM mz_audit_events ORDER BY id
----
1 create role {"id":"u1","name":"materialize"} NULL
2 grant cluster {"database_id":null,"grantee_id":"s2","privileges":"U","role_id":"p","schema_id":null} NULL
3 grant database {"database_id":null,"grantee_id":"s2","privileges":"U","role_id":"p","schema_id":null} NULL
4 grant schema {"database_id":null,"grantee_id":"s2","privileges":"U","role_id":"p","schema_id":null} NULL
5 grant type {"database_id":null,"grantee_id":"p","privileges":"U","role_id":"p","schema_id":null} NULL
6 create database {"id":"u1","name":"materialize"} NULL
7 grant database {"grantee_id":"p","grantor_id":"s1","object_id":"Du1","privileges":"U"} NULL
8 grant database {"grantee_id":"u1","grantor_id":"s1","object_id":"Du1","privileges":"UC"} NULL
9 create schema {"database_name":"materialize","id":"3","name":"public"} NULL
10 grant schema {"grantee_id":"u1","grantor_id":"s1","object_id":"Su1.u3","privileges":"UC"} NULL
11 create network-policy {"id":"u1","name":"default"} NULL
12 create cluster {"id":"u1","name":"quickstart"} NULL
13 grant cluster {"grantee_id":"p","grantor_id":"s1","object_id":"Cu1","privileges":"U"} NULL
14 grant cluster {"grantee_id":"u1","grantor_id":"s1","object_id":"Cu1","privileges":"UC"} NULL
15 create cluster-replica {"billed_as":null,"cluster_id":"u1","cluster_name":"quickstart","disk":false,"internal":false,"logical_size":"2","reason":"system","replica_id":"u1","replica_name":"r1"} NULL
16 grant system {"grantee_id":"s1","grantor_id":"s1","object_id":"SYSTEM","privileges":"RBNP"} NULL
17 grant system {"grantee_id":"u1","grantor_id":"s1","object_id":"SYSTEM","privileges":"RBNP"} NULL
18 alter system {"name":"enable_reduce_mfp_fusion","value":"on"} mz_system
19 alter system {"name":"unsafe_enable_unsafe_functions","value":"on"} mz_system
20 create database {"id":"u2","name":"test"} materialize
21 create schema {"database_name":"test","id":"u9","name":"public"} materialize
22 create schema {"database_name":"test","id":"u10","name":"sc1"} materialize
23 create schema {"database_name":"test","id":"u11","name":"sc2"} materialize
24 drop schema {"database_name":"test","id":"u10","name":"sc1"} materialize
25 drop schema {"database_name":"test","id":"u9","name":"public"} materialize
26 drop schema {"database_name":"test","id":"u11","name":"sc2"} materialize
27 drop database {"id":"u2","name":"test"} materialize
28 create role {"id":"u2","name":"foo"} materialize
29 drop role {"id":"u2","name":"foo"} materialize
30 create cluster {"id":"u2","name":"foo"} materialize
31 create cluster-replica {"billed_as":null,"cluster_id":"u2","cluster_name":"foo","disk":true,"internal":false,"logical_size":"1","reason":"manual","replica_id":"u2","replica_name":"r"} materialize
32 create materialized-view {"cluster_id":"u1","database":"materialize","id":"u1","item":"v2","schema":"public"} materialize
33 create view {"database":"materialize","id":"u2","item":"unmat","schema":"public"} materialize
34 create table {"database":"materialize","id":"u3","item":"t","schema":"public"} materialize
35 create index {"cluster_id":"u1","database":"materialize","id":"u4","item":"t_primary_idx","schema":"public"} materialize
36 alter view {"id":"u2","new_name":{"database":"materialize","item":"renamed","schema":"public"},"old_name":{"database":"materialize","item":"unmat","schema":"public"}} materialize
37 drop materialized-view {"database":"materialize","id":"u1","item":"v2","schema":"public"} materialize
38 create materialized-view {"cluster_id":"u1","database":"materialize","id":"u5","item":"v2","schema":"public"} materialize
39 create index {"cluster_id":"u1","database":"materialize","id":"u6","item":"renamed_primary_idx","schema":"public"} materialize
40 drop index {"database":"materialize","id":"u6","item":"renamed_primary_idx","schema":"public"} materialize
41 drop view {"database":"materialize","id":"u2","item":"renamed","schema":"public"} materialize
42 create source {"cluster_id":null,"database":"materialize","id":"u7","item":"s_progress","schema":"public","type":"progress"} materialize
43 create source {"cluster_id":"u1","database":"materialize","id":"u8","item":"s","schema":"public","type":"load-generator"} materialize
44 drop source {"database":"materialize","id":"u8","item":"s","schema":"public"} materialize
45 drop source {"database":"materialize","id":"u7","item":"s_progress","schema":"public"} materialize
46 create source {"cluster_id":null,"database":"materialize","id":"u9","item":"multiplex_progress","schema":"public","type":"progress"} materialize
47 create source {"cluster_id":"u1","database":"materialize","id":"u10","item":"multiplex","schema":"public","type":"load-generator"} materialize
48 create table {"database":"materialize","id":"u11","item":"accounts","schema":"public"} materialize
49 create table {"database":"materialize","id":"u12","item":"auctions","schema":"public"} materialize
50 create table {"database":"materialize","id":"u13","item":"bids","schema":"public"} materialize
51 create table {"database":"materialize","id":"u14","item":"organizations","schema":"public"} materialize
52 create table {"database":"materialize","id":"u15","item":"users","schema":"public"} materialize
53 alter cluster-replica {"cluster_id":"u2","new_name":"s","old_name":"r","replica_id":"u2"} materialize
54 comment cluster {"id":"Cluster(User(2))","name":"foo"} materialize
55 comment cluster {"id":"Cluster(User(2))","name":"foo"} materialize
56 alter cluster {"id":"u2","new_name":"bar","old_name":"foo"} materialize
57 drop cluster-replica {"cluster_id":"u2","cluster_name":"bar","reason":"manual","replica_id":"u2","replica_name":"s"} materialize
58 drop cluster {"id":"u2","name":"bar"} materialize
59 alter materialized-view {"id":"u5","new_history":"'5m'","old_history":null} materialize
60 alter materialized-view {"id":"u5","new_history":null,"old_history":"FOR␠'5m'"} materialize
61 comment materialized-view {"id":"MaterializedView(User(5))","name":"materialize.public.v2"} materialize
62 create connection {"database":"materialize","id":"u16","item":"conn","schema":"public"} materialize
63 alter connection {"database":"materialize","id":"u16","item":"conn","schema":"public"} materialize
64 alter system {"name":"max_aws_privatelink_connections","value":"10"} mz_system
65 alter system {"name":"max_aws_privatelink_connections","value":null} mz_system
66 alter system null mz_system
simple conn=mz_system,user=mz_system
ALTER SYSTEM SET unsafe_mock_audit_event_timestamp = 666
----
COMPLETE 0
statement ok
CREATE TABLE tt ()
query ITTTTT
SELECT id, event_type, object_type, details, user, occurred_at FROM mz_audit_events ORDER BY id DESC LIMIT 1
----
68 create table {"database":"materialize","id":"u17","item":"tt","schema":"public"} materialize 1970-01-01␠00:00:00.666+00
simple conn=mz_system,user=mz_system
ALTER SYSTEM RESET unsafe_mock_audit_event_timestamp
----
COMPLETE 0
statement ok
DROP TABLE tt
query B
SELECT occurred_at::text = '1970-01-01 00:00:00.666+00' FROM mz_audit_events ORDER BY id DESC LIMIT 1
----
false
query TTTTBBBT
SELECT replica_id, cluster_name, replica_name, size, created_at IS NOT NULL, dropped_at IS NOT NULL, created_at < dropped_at, credits_per_hour FROM mz_internal.mz_cluster_replica_history ORDER BY created_at
----
u1 quickstart r1 2 true false NULL 1
u2 foo r 1 true true true 1
simple conn=mz_system,user=mz_system
CREATE ROLE r1;
----
COMPLETE 0
simple conn=mz_system,user=mz_system
GRANT SELECT ON t TO r1;
----
COMPLETE 0
query ITTTT
SELECT id, event_type, object_type, details, user FROM mz_audit_events ORDER BY id DESC LIMIT 1
----
72 grant table {"grantee_id":"u3","grantor_id":"u1","object_id":"Iu3","privileges":"r"} mz_system
simple conn=mz_system,user=mz_system
REVOKE SELECT ON t FROM r1;
----
COMPLETE 0
query ITTTT
SELECT id, event_type, object_type, details, user FROM mz_audit_events ORDER BY id DESC LIMIT 1
----
73 revoke table {"grantee_id":"u3","grantor_id":"u1","object_id":"Iu3","privileges":"r"} mz_system
simple conn=mz_system,user=mz_system
ALTER DEFAULT PRIVILEGES FOR ROLE r1 IN SCHEMA public GRANT SELECT ON TABLES to PUBLIC;
----
COMPLETE 0
query ITTTT
SELECT id, event_type, object_type, details, user FROM mz_audit_events ORDER BY id DESC LIMIT 1
----
74 grant table {"database_id":"u1","grantee_id":"p","privileges":"r","role_id":"u3","schema_id":"u3"} mz_system
simple conn=mz_system,user=mz_system
ALTER DEFAULT PRIVILEGES FOR ROLE r1 IN SCHEMA public REVOKE SELECT ON TABLES FROM PUBLIC;
----
COMPLETE 0
query ITTTT
SELECT id, event_type, object_type, details, user FROM mz_audit_events ORDER BY id DESC LIMIT 1
----
75 revoke table {"database_id":"u1","grantee_id":"p","privileges":"r","role_id":"u3","schema_id":"u3"} mz_system
statement ok
CREATE TABLE t1 (a INT);
simple conn=mz_system,user=mz_system
ALTER TABLE t1 OWNER to r1;
----
COMPLETE 0
query ITTTT
SELECT id, event_type, object_type, details, user FROM mz_audit_events ORDER BY id DESC LIMIT 1
----
77 alter table {"new_owner_id":"u3","object_id":"Iu18","old_owner_id":"u1"} mz_system
# Test events for auto-created users, which have the username only in the event details, but not the user column.
simple conn=c,user=new_user
SELECT 1
----
1
COMPLETE 1
query ITTTT
SELECT id, event_type, object_type, details, user FROM mz_audit_events ORDER BY id DESC LIMIT 1
----
78 create role {"id":"u4","name":"new_user"} NULL