cockroachdb · craig · Aug 18, 2022 · Aug 17, 2022
diff --git a/pkg/ccl/backupccl/testdata/backup-restore/external-connections-privileges b/pkg/ccl/backupccl/testdata/backup-restore/external-connections-privileges
@@ -12,7 +12,7 @@ CREATE EXTERNAL CONNECTION root AS 'nodelocal://1/root'
 ----
 
 exec-sql user=testuser
-CREATE EXTERNAL CONNECTION fails AS 'userfile:///noprivs'
+CREATE EXTERNAL CONNECTION "testuser-ec" AS 'userfile:///noprivs'
 ----
 pq: only users with the EXTERNALCONNECTION system privilege are allowed to CREATE EXTERNAL CONNECTION
 
@@ -21,7 +21,7 @@ GRANT SYSTEM EXTERNALCONNECTION TO testuser;
 ----
 
 exec-sql user=testuser
-CREATE EXTERNAL CONNECTION fails AS 'nodelocal://1/privs'
+CREATE EXTERNAL CONNECTION "testuser-ec" AS 'nodelocal://1/privs'
 ----
 
 exec-sql
@@ -32,17 +32,17 @@ exec-sql
 GRANT SELECT ON TABLE foo TO testuser
 ----
 
+# Since testuser created the External Connection they have `ALL` privileges on the object.
 exec-sql user=testuser
-BACKUP TABLE foo INTO 'external://fails'
+BACKUP TABLE foo INTO 'external://testuser-ec'
 ----
-pq: user testuser does not have USAGE privilege on external_connection fails
 
 exec-sql
-GRANT USAGE ON EXTERNAL CONNECTION fails TO testuser;
+GRANT USAGE ON EXTERNAL CONNECTION "testuser-ec" TO testuser;
 ----
 
 exec-sql user=testuser
-BACKUP TABLE foo INTO 'external://fails'
+BACKUP TABLE foo INTO LATEST IN 'external://testuser-ec'
 ----
 
 # Sanity check that the user can't write to any other external connection.
@@ -51,18 +51,34 @@ BACKUP TABLE foo INTO 'external://root'
 ----
 pq: user testuser does not have USAGE privilege on external_connection root
 
-# Revoke the USAGE privilege to test that restore also requires it.
+query-sql
+SELECT * FROM system.privileges
+----
+root /externalconn/root {ALL} {}
+testuser /externalconn/testuser-ec {ALL} {}
+testuser /global/ {EXTERNALCONNECTION} {}
+
+# Revoke the USAGE privilege. Note testuser had ALL privileges since they
+# created the External Connection, but revoking USAGE means that they will now
+# only have DROP privileges. Thus, they shouldn't be able to restore.
 exec-sql
-REVOKE USAGE ON EXTERNAL CONNECTION fails FROM testuser;
+REVOKE USAGE ON EXTERNAL CONNECTION "testuser-ec" FROM testuser;
+----
+
+query-sql
+SELECT * FROM system.privileges
 ----
+root /externalconn/root {ALL} {}
+testuser /externalconn/testuser-ec {DROP} {}
+testuser /global/ {EXTERNALCONNECTION} {}
 
 exec-sql user=testuser
-RESTORE TABLE foo FROM LATEST IN 'external://fails'
+RESTORE TABLE foo FROM LATEST IN 'external://testuser-ec'
 ----
-pq: user testuser does not have USAGE privilege on external_connection fails
+pq: user testuser does not have USAGE privilege on external_connection testuser-ec
 
 exec-sql
-GRANT USAGE ON EXTERNAL CONNECTION fails TO testuser;
+GRANT USAGE ON EXTERNAL CONNECTION "testuser-ec" TO testuser;
 ----
 
 exec-sql
@@ -71,7 +87,7 @@ GRANT CREATE ON DATABASE failsdb TO testuser;
 ----
 
 exec-sql user=testuser
-RESTORE TABLE foo FROM LATEST IN 'external://fails' WITH into_db=failsdb;
+RESTORE TABLE foo FROM LATEST IN 'external://testuser-ec' WITH into_db=failsdb;
 ----
 
 subtest end
@@ -10,6 +10,7 @@ go_test(
     data = glob(["testdata/**"]),
     deps = [
         "//pkg/base",
+        "//pkg/ccl/backupccl",
         "//pkg/ccl/changefeedccl",
         "//pkg/ccl/kvccl/kvtenantccl",
         "//pkg/cloud/externalconn",

@@ -15,6 +15,7 @@ import (
 	"testing"
 
 	"github.com/cockroachdb/cockroach/pkg/base"
+	_ "github.com/cockroachdb/cockroach/pkg/ccl/backupccl"
 	_ "github.com/cockroachdb/cockroach/pkg/ccl/changefeedccl"
 	"github.com/cockroachdb/cockroach/pkg/cloud/externalconn"
 	_ "github.com/cockroachdb/cockroach/pkg/cloud/externalconn/providers" // register all the concrete External Connection implementations

@@ -23,7 +23,7 @@ pq: failed to construct External Connection details: failed to create nodelocal
 exec-sql
 CREATE EXTERNAL CONNECTION foo AS 'nodelocal://1/foo';
 ----
-pq: external connection with connection name 'foo' already exists
+pq: failed to create external connection: external connection with connection name 'foo' already exists
 
 # Create another External Connection with a unique name.
 exec-sql
@@ -57,89 +57,6 @@ inspect-system-table
 
 subtest end
 
-subtest create-external-connection-global-privilege
-
-exec-sql
-CREATE USER testuser;
-----
-
-exec-sql user=testuser
-CREATE EXTERNAL CONNECTION privileged AS 'nodelocal://1/foo'
-----
-pq: only users with the EXTERNALCONNECTION system privilege are allowed to CREATE EXTERNAL CONNECTION
-
-exec-sql
-GRANT SYSTEM EXTERNALCONNECTION TO testuser;
-----
-
-exec-sql user=testuser
-CREATE EXTERNAL CONNECTION privileged AS 'nodelocal://1/foo'
-----
-
-inspect-system-table
-----
-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}}
-
-exec-sql
-DROP EXTERNAL CONNECTION privileged;
-----
-
-exec-sql
-REVOKE SYSTEM EXTERNALCONNECTION FROM testuser;
-----
-
-exec-sql user=testuser
-CREATE EXTERNAL CONNECTION privileged AS 'nodelocal://1/foo'
-----
-pq: only users with the EXTERNALCONNECTION system privilege are allowed to CREATE EXTERNAL CONNECTION
-
-subtest end
-
-subtest drop-external-storage-privilege
-
-exec-sql
-CREATE EXTERNAL CONNECTION privileged AS 'nodelocal://1/foo'
-----
-
-# Create another External Connection.
-exec-sql
-CREATE EXTERNAL CONNECTION 'privileged-dup' AS 'nodelocal://1/foo'
-----
-
-exec-sql user=testuser
-DROP EXTERNAL CONNECTION privileged
-----
-pq: user testuser does not have DROP privilege on external_connection privileged
-
-inspect-system-table
-----
-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}}
-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}}
-
-exec-sql
-GRANT DROP ON EXTERNAL CONNECTION privileged TO testuser;
-----
-
-exec-sql user=testuser
-DROP EXTERNAL CONNECTION privileged
-----
-
-# Try to drop the second external connection, testuser should be disallowed.
-exec-sql user=testuser
-DROP EXTERNAL CONNECTION 'privileged-dup'
-----
-pq: user testuser does not have DROP privilege on external_connection privileged-dup
-
-inspect-system-table
-----
-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}}
-
-exec-sql
-DROP EXTERNAL CONNECTION 'privileged-dup'
-----
-
-subtest end
-
 subtest basic-gcp-kms
 
 disable-check-kms

@@ -26,7 +26,7 @@ pq: failed to construct External Connection details: failed to create nodelocal
 exec-sql
 CREATE EXTERNAL CONNECTION foo AS 'nodelocal://1/foo';
 ----
-pq: external connection with connection name 'foo' already exists
+pq: failed to create external connection: external connection with connection name 'foo' already exists
 
 # Create another External Connection with a unique name.
 exec-sql
@@ -60,89 +60,6 @@ inspect-system-table
 
 subtest end
 
-subtest create-external-connection-global-privilege
-
-exec-sql
-CREATE USER testuser;
-----
-
-exec-sql user=testuser
-CREATE EXTERNAL CONNECTION privileged AS 'nodelocal://1/foo'
-----
-pq: only users with the EXTERNALCONNECTION system privilege are allowed to CREATE EXTERNAL CONNECTION
-
-exec-sql
-GRANT SYSTEM EXTERNALCONNECTION TO testuser;
-----
-
-exec-sql user=testuser
-CREATE EXTERNAL CONNECTION privileged AS 'nodelocal://1/foo'
-----
-
-inspect-system-table
-----
-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}}
-
-exec-sql
-DROP EXTERNAL CONNECTION privileged;
-----
-
-exec-sql
-REVOKE SYSTEM EXTERNALCONNECTION FROM testuser;
-----
-
-exec-sql user=testuser
-CREATE EXTERNAL CONNECTION privileged AS 'nodelocal://1/foo'
-----
-pq: only users with the EXTERNALCONNECTION system privilege are allowed to CREATE EXTERNAL CONNECTION
-
-subtest end
-
-subtest drop-external-storage-privilege
-
-exec-sql
-CREATE EXTERNAL CONNECTION privileged AS 'nodelocal://1/foo'
-----
-
-# Create another External Connection.
-exec-sql
-CREATE EXTERNAL CONNECTION 'privileged-dup' AS 'nodelocal://1/foo'
-----
-
-exec-sql user=testuser
-DROP EXTERNAL CONNECTION privileged
-----
-pq: user testuser does not have DROP privilege on external_connection privileged
-
-inspect-system-table
-----
-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}}
-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}}
-
-exec-sql
-GRANT DROP ON EXTERNAL CONNECTION privileged TO testuser;
-----
-
-exec-sql user=testuser
-DROP EXTERNAL CONNECTION privileged
-----
-
-# Try to drop the second external connection, testuser should be disallowed.
-exec-sql user=testuser
-DROP EXTERNAL CONNECTION 'privileged-dup'
-----
-pq: user testuser does not have DROP privilege on external_connection privileged-dup
-
-inspect-system-table
-----
-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}}
-
-exec-sql
-DROP EXTERNAL CONNECTION 'privileged-dup'
-----
-
-subtest end
-
 subtest basic-gs-kms
 
 disable-check-kms