subtest basic-show-create-ec

disable-check-external-storage
----

disable-check-kms
----

exec-sql
CREATE EXTERNAL CONNECTION nodelocal AS 'nodelocal://1/foo';
----

exec-sql
CREATE EXTERNAL CONNECTION kms AS 'gcp-kms:///cmk?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg==';
----

exec-sql
CREATE EXTERNAL CONNECTION s3 AS 's3://bucket?AUTH=specified&AWS_ACCESS_KEY_ID=key&AWS_SECRET_ACCESS_KEY=secret-key';
----

exec-sql
CREATE EXTERNAL CONNECTION gs AS 'gs://bucket?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg==';
----

exec-sql
CREATE EXTERNAL CONNECTION kafka AS 'kafka://broker.address.com:9092';
----

query-sql
SHOW CREATE ALL EXTERNAL CONNECTIONS
----
gs CREATE EXTERNAL CONNECTION 'gs' AS 'gs://bucket?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg=='
kafka CREATE EXTERNAL CONNECTION 'kafka' AS 'kafka://broker.address.com:9092'
kms CREATE EXTERNAL CONNECTION 'kms' AS 'gcp-kms:///cmk?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg=='
nodelocal CREATE EXTERNAL CONNECTION 'nodelocal' AS 'nodelocal://1/foo'
s3 CREATE EXTERNAL CONNECTION 's3' AS 's3://bucket?AUTH=specified&AWS_ACCESS_KEY_ID=key&AWS_SECRET_ACCESS_KEY=secret-key'

query-sql
SHOW CREATE EXTERNAL CONNECTION nodelocal
----
nodelocal CREATE EXTERNAL CONNECTION 'nodelocal' AS 'nodelocal://1/foo'

query-sql
SHOW CREATE EXTERNAL CONNECTION kms
----
kms CREATE EXTERNAL CONNECTION 'kms' AS 'gcp-kms:///cmk?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg=='

query-sql
SHOW CREATE EXTERNAL CONNECTION kafka
----
kafka CREATE EXTERNAL CONNECTION 'kafka' AS 'kafka://broker.address.com:9092'

enable-check-external-storage
----

enable-check-kms
----

subtest end

subtest owner-or-admin

# Create an external connection as root, only root should be able to SHOW this object.
exec-sql
CREATE EXTERNAL CONNECTION foo AS 'nodelocal://1/foo'
----

exec-sql
CREATE USER testuser
----

exec-sql
GRANT SYSTEM EXTERNALCONNECTION TO testuser
----

query-sql user=testuser
SHOW CREATE ALL EXTERNAL CONNECTIONS
----
pq: must have VIEWCLUSTERMETADATA privilege to run `SHOW CREATE ALL EXTERNAL CONNECTIONS`

query-sql user=testuser
SHOW CREATE EXTERNAL CONNECTION foo
----
pq: must have VIEWCLUSTERMETADATA privilege or be owner of the External Connection "foo"

# Create External Connection where testuser is the owner, they should be able to SHOW this object.
exec-sql user=testuser
CREATE EXTERNAL CONNECTION bar AS 'nodelocal://1/foo'
----

query-sql user=testuser
SHOW CREATE ALL EXTERNAL CONNECTIONS
----
pq: must have VIEWCLUSTERMETADATA privilege to run `SHOW CREATE ALL EXTERNAL CONNECTIONS`

# TODO(aditymaru): Synthetic privileges do not have a concept of owners. Once they do, testuser will
# be able to run this query successfully since they are the owner of the External Connection object.
# query-sql user=testuser
# SHOW CREATE EXTERNAL CONNECTION bar
# ----

subtest end
