audit_log.slt

# Copyright Materialize, Inc. and contributors. All rights reserved.
#
# Use of this software is governed by the Business Source License
# included in the LICENSE file at the root of this repository.
#
# As of the Change Date specified in that file, in accordance with
# the Business Source License, use of this software will be governed
# by the Apache License, Version 2.0.

# Test expected population of mz_audit_events after some DDL statements.

mode cockroach

# Start from a pristine server
reset-server

statement ok
CREATE DATABASE test

statement ok
CREATE SCHEMA test.sc1

statement ok
CREATE SCHEMA test.sc2

statement ok
DROP SCHEMA test.sc1

statement ok
DROP DATABASE test

statement ok
CREATE ROLE foo

statement ok
DROP ROLE foo

statement ok
CREATE CLUSTER foo REPLICAS (r (SIZE '1'));

statement ok
CREATE MATERIALIZED VIEW v2 AS SELECT 1

statement ok
CREATE VIEW unmat AS SELECT 1

statement ok
CREATE TABLE t ()

statement ok
CREATE DEFAULT INDEX ON t

statement ok
ALTER VIEW unmat RENAME TO renamed

statement ok
CREATE OR REPLACE MATERIALIZED VIEW v2 AS SELECT 2

statement ok
CREATE DEFAULT INDEX ON renamed

statement ok
DROP VIEW renamed

statement ok
CREATE SOURCE s FROM LOAD GENERATOR COUNTER WITH (SIZE '1');

statement ok
ALTER SOURCE s SET (SIZE '2');

statement ok
DROP SOURCE s;

statement ok
CREATE SOURCE multiplex FROM LOAD GENERATOR AUCTION FOR ALL TABLES WITH (SIZE '1');

statement ok
ALTER CLUSTER REPLICA foo.r RENAME TO s;

statement ok
ALTER CLUSTER foo RENAME TO bar;

statement ok
DROP CLUSTER REPLICA bar.s;

statement ok
DROP CLUSTER bar;

query ITTTT
SELECT id, event_type, object_type, details, user FROM mz_audit_events ORDER BY id
----
1  create  role  {"id":"u1","name":"materialize"}  NULL
2  grant  cluster  {"database_id":null,"grantee_id":"s2","privileges":"U","role_id":"p","schema_id":null}  NULL
3  grant  database  {"database_id":null,"grantee_id":"s2","privileges":"U","role_id":"p","schema_id":null}  NULL
4  grant  schema  {"database_id":null,"grantee_id":"s2","privileges":"U","role_id":"p","schema_id":null}  NULL
5  grant  type  {"database_id":null,"grantee_id":"p","privileges":"U","role_id":"p","schema_id":null}  NULL
6  create  database  {"id":"u1","name":"materialize"}  NULL
7  grant  database  {"grantee_id":"p","grantor_id":"s1","object_id":"Du1","privileges":"U"}  NULL
8  grant  database  {"grantee_id":"u1","grantor_id":"s1","object_id":"Du1","privileges":"UC"}  NULL
9  create  schema  {"database_name":"materialize","id":"3","name":"public"}  NULL
10  grant  schema  {"grantee_id":"u1","grantor_id":"s1","object_id":"Su1.u3","privileges":"UC"}  NULL
11  create  cluster  {"id":"u1","name":"default"}  NULL
12  grant  cluster  {"grantee_id":"p","grantor_id":"s1","object_id":"Cu1","privileges":"U"}  NULL
13  grant  cluster  {"grantee_id":"u1","grantor_id":"s1","object_id":"Cu1","privileges":"UC"}  NULL
14  create  cluster-replica  {"billed_as":null,"cluster_id":"u1","cluster_name":"default","disk":false,"internal":false,"logical_size":"1","replica_id":"u1","replica_name":"r1"}  NULL
15  grant  system  {"grantee_id":"s1","grantor_id":"s1","object_id":"SYSTEM","privileges":"RBN"}  NULL
16  grant  system  {"grantee_id":"u1","grantor_id":"s1","object_id":"SYSTEM","privileges":"RBN"}  NULL
17  create  database  {"id":"u2","name":"test"}  materialize
18  create  schema  {"database_name":"test","id":"u6","name":"public"}  materialize
19  create  schema  {"database_name":"test","id":"u7","name":"sc1"}  materialize
20  create  schema  {"database_name":"test","id":"u8","name":"sc2"}  materialize
21  drop  schema  {"database_name":"test","id":"u7","name":"sc1"}  materialize
22  drop  schema  {"database_name":"test","id":"u6","name":"public"}  materialize
23  drop  schema  {"database_name":"test","id":"u8","name":"sc2"}  materialize
24  drop  database  {"id":"u2","name":"test"}  materialize
25  create  role  {"id":"u2","name":"foo"}  materialize
26  drop  role  {"id":"u2","name":"foo"}  materialize
27  create  cluster  {"id":"u2","name":"foo"}  materialize
28  create  cluster-replica  {"billed_as":null,"cluster_id":"u2","cluster_name":"foo","disk":false,"internal":false,"logical_size":"1","replica_id":"u2","replica_name":"r"}  materialize
29  create  materialized-view  {"database":"materialize","id":"u1","item":"v2","schema":"public"}  materialize
30  create  view  {"database":"materialize","id":"u2","item":"unmat","schema":"public"}  materialize
31  create  table  {"database":"materialize","id":"u3","item":"t","schema":"public"}  materialize
32  create  index  {"database":"materialize","id":"u4","item":"t_primary_idx","schema":"public"}  materialize
33  alter  view  {"id":"u2","new_name":{"database":"materialize","item":"renamed","schema":"public"},"old_name":{"database":"materialize","item":"unmat","schema":"public"}}  materialize
34  drop  materialized-view  {"database":"materialize","id":"u1","item":"v2","schema":"public"}  materialize
35  create  materialized-view  {"database":"materialize","id":"u5","item":"v2","schema":"public"}  materialize
36  create  index  {"database":"materialize","id":"u6","item":"renamed_primary_idx","schema":"public"}  materialize
37  drop  index  {"database":"materialize","id":"u6","item":"renamed_primary_idx","schema":"public"}  materialize
38  drop  view  {"database":"materialize","id":"u2","item":"renamed","schema":"public"}  materialize
39  create  source  {"database":"materialize","id":"u7","item":"s_progress","schema":"public","size":null,"type":"progress"}  materialize
40  create  cluster  {"id":"u3","name":"materialize_public_s"}  materialize
41  create  cluster-replica  {"billed_as":null,"cluster_id":"u3","cluster_name":"materialize_public_s","disk":false,"internal":false,"logical_size":"1","replica_id":"u3","replica_name":"linked"}  materialize
42  create  source  {"database":"materialize","id":"u8","item":"s","schema":"public","size":"1","type":"load-generator"}  materialize
43  drop  cluster-replica  {"cluster_id":"u3","cluster_name":"materialize_public_s","replica_id":"u3","replica_name":"linked"}  materialize
44  create  cluster-replica  {"billed_as":null,"cluster_id":"u3","cluster_name":"materialize_public_s","disk":false,"internal":false,"logical_size":"2","replica_id":"u4","replica_name":"linked"}  materialize
45  alter  source  {"database":"materialize","id":"u8","item":"s","new_size":"2","old_size":"1","schema":"public"}  materialize
46  drop  source  {"database":"materialize","id":"u7","item":"s_progress","schema":"public"}  materialize
47  drop  source  {"database":"materialize","id":"u8","item":"s","schema":"public"}  materialize
48  drop  cluster-replica  {"cluster_id":"u3","cluster_name":"materialize_public_s","replica_id":"u4","replica_name":"linked"}  materialize
49  drop  cluster  {"id":"u3","name":"materialize_public_s"}  materialize
50  create  source  {"database":"materialize","id":"u9","item":"accounts","schema":"public","size":null,"type":"subsource"}  materialize
51  create  source  {"database":"materialize","id":"u10","item":"auctions","schema":"public","size":null,"type":"subsource"}  materialize
52  create  source  {"database":"materialize","id":"u11","item":"bids","schema":"public","size":null,"type":"subsource"}  materialize
53  create  source  {"database":"materialize","id":"u12","item":"organizations","schema":"public","size":null,"type":"subsource"}  materialize
54  create  source  {"database":"materialize","id":"u13","item":"users","schema":"public","size":null,"type":"subsource"}  materialize
55  create  source  {"database":"materialize","id":"u14","item":"multiplex_progress","schema":"public","size":null,"type":"progress"}  materialize
56  create  cluster  {"id":"u4","name":"materialize_public_multiplex"}  materialize
57  create  cluster-replica  {"billed_as":null,"cluster_id":"u4","cluster_name":"materialize_public_multiplex","disk":false,"internal":false,"logical_size":"1","replica_id":"u5","replica_name":"linked"}  materialize
58  create  source  {"database":"materialize","id":"u15","item":"multiplex","schema":"public","size":"1","type":"load-generator"}  materialize
59  alter  cluster-replica  {"cluster_id":"u2","new_name":"s","old_name":"r","replica_id":"u2"}  materialize
60  alter  cluster  {"id":"u2","new_name":"bar","old_name":"foo"}  materialize
61  drop  cluster-replica  {"cluster_id":"u2","cluster_name":"bar","replica_id":"u2","replica_name":"s"}  materialize
62  drop  cluster  {"id":"u2","name":"bar"}  materialize

simple conn=mz_system,user=mz_system
ALTER SYSTEM SET unsafe_mock_audit_event_timestamp = 666
----
COMPLETE 0

statement ok
CREATE TABLE tt ()

query ITTTTT
SELECT id, event_type, object_type, details, user, occurred_at FROM mz_audit_events ORDER BY id DESC LIMIT 1
----
63  create  table  {"database":"materialize","id":"u16","item":"tt","schema":"public"}  materialize  1970-01-01␠00:00:00.666+00

simple conn=mz_system,user=mz_system
ALTER SYSTEM RESET unsafe_mock_audit_event_timestamp
----
COMPLETE 0

statement ok
DROP TABLE tt

query B
SELECT occurred_at::text = '1970-01-01 00:00:00.666+00' FROM mz_audit_events ORDER BY id DESC LIMIT 1
----
false

query TTTTBBBT
SELECT replica_id, cluster_name, replica_name, size, created_at IS NOT NULL, dropped_at IS NOT NULL, created_at < dropped_at, credits_per_hour FROM mz_internal.mz_cluster_replica_history ORDER BY created_at
----
u1  default  r1  1  true  false  NULL  1
u2  foo  r  1  true  true  true  1
u3  materialize_public_s  linked  1  true  true  true  1
u4  materialize_public_s  linked  2  true  true  true  1
u5  materialize_public_multiplex  linked  1  true  false  NULL  1

simple conn=mz_system,user=mz_system
CREATE ROLE r1;
----
COMPLETE 0

simple conn=mz_system,user=mz_system
GRANT SELECT ON t TO r1;
----
COMPLETE 0

query ITTTT
SELECT id, event_type, object_type, details, user FROM mz_audit_events ORDER BY id DESC LIMIT 1
----
66  grant  table  {"grantee_id":"u3","grantor_id":"u1","object_id":"Iu3","privileges":"r"}  mz_system

simple conn=mz_system,user=mz_system
REVOKE SELECT ON t FROM r1;
----
COMPLETE 0

query ITTTT
SELECT id, event_type, object_type, details, user FROM mz_audit_events ORDER BY id DESC LIMIT 1
----
67  revoke  table  {"grantee_id":"u3","grantor_id":"u1","object_id":"Iu3","privileges":"r"}  mz_system

simple conn=mz_system,user=mz_system
ALTER DEFAULT PRIVILEGES FOR ROLE r1 IN SCHEMA public GRANT SELECT ON TABLES to PUBLIC;
----
COMPLETE 0

query ITTTT
SELECT id, event_type, object_type, details, user FROM mz_audit_events ORDER BY id DESC LIMIT 1
----
68  grant  table  {"database_id":"u1","grantee_id":"p","privileges":"r","role_id":"u3","schema_id":"u3"}  mz_system

simple conn=mz_system,user=mz_system
ALTER DEFAULT PRIVILEGES FOR ROLE r1 IN SCHEMA public REVOKE SELECT ON TABLES FROM PUBLIC;
----
COMPLETE 0

query ITTTT
SELECT id, event_type, object_type, details, user FROM mz_audit_events ORDER BY id DESC LIMIT 1
----
69  revoke  table  {"database_id":"u1","grantee_id":"p","privileges":"r","role_id":"u3","schema_id":"u3"}  mz_system

statement ok
CREATE TABLE t1 (a INT);

simple conn=mz_system,user=mz_system
ALTER TABLE t1 OWNER to r1;
----
COMPLETE 0

query ITTTT
SELECT id, event_type, object_type, details, user FROM mz_audit_events ORDER BY id DESC LIMIT 1
----
71  alter  table  {"new_owner_id":"u3","object_id":"Iu17","old_owner_id":"u1"}  mz_system

# Test events for auto-created users, which have the username only in the event details, but not the user column.
simple conn=c,user=new_user
SELECT 1
----
1
COMPLETE 1

query ITTTT
SELECT id, event_type, object_type, details, user FROM mz_audit_events ORDER BY id DESC LIMIT 1
----
72  create  role  {"id":"u4","name":"new_user"}  NULL