# LogicTest: !3node-tenant-default-configs

subtest check_consistency

# Without explicit keys, scans all ranges (we don't test this too precisely to
# avoid flaking the test when the range count changes, just want to know that
# we're touching multiple ranges).
query B
SELECT count(*) > 5 FROM crdb_internal.check_consistency(true, '', '')
----
true

# Query that should touch only a single range.
#
# NB: the use of ScanMetaKVs causes issues here. Bounds [`k`, k.Next()]` don't work,
# with errors such as (here k=\xff):
#          pq: failed to verify keys for Scan: end key /Meta2/"\xff\x00" must be greater than start /Meta2/"\xff\x00"
query B
SELECT count(*) = 1 FROM crdb_internal.check_consistency(true, '\xff', '\xffff')
----
true

# Ditto, but implicit start key \x03
query B
SELECT count(*) = 1 FROM crdb_internal.check_consistency(true, '', '\x04')
----
true

# Ditto, but implicit end key.
query B
SELECT count(*) = 1 FROM crdb_internal.check_consistency(true, '\xff', '')
----
true

# Run a full consistency check across all ranges.
query B
SELECT count(*) > 10 FROM crdb_internal.check_consistency(false, '', '')
----
true

# Test crdb_internal commands which execute as root, but
# only checks for permissions afterwards.
subtest crdb_internal_privileged_only

user root

statement ok
CREATE DATABASE root_test;
REVOKE CONNECT ON DATABASE root_test FROM public

statement ok
CREATE TABLE root_test.t(a int)

statement ok
ALTER DATABASE root_test CONFIGURE ZONE USING num_replicas = 5

query I
SELECT crdb_internal.get_namespace_id(0, 'does_not_exist')
----
NULL

let $root_test_id
SELECT crdb_internal.get_namespace_id(0, 'root_test')

query I
SELECT crdb_internal.get_namespace_id(crdb_internal.get_namespace_id(0, 'root_test'), 't')
----
NULL

query T
SELECT crdb_internal.get_zone_config(-1)::string
----
NULL

query T
SELECT crdb_internal.get_zone_config(crdb_internal.get_namespace_id(0, 'root_test'))::string
----
\x2805500158017800

query T
SELECT crdb_internal.get_zone_config(crdb_internal.get_namespace_id(crdb_internal.get_namespace_id(0, 'root_test'), 't'))::string
----
NULL

# switch users -- this one has no permissions so expect errors
user testuser

query I
SELECT crdb_internal.get_namespace_id(0, 'does_not_exist')
----
NULL

query error insufficient privilege
SELECT crdb_internal.get_namespace_id(0, 'root_test')

query T
SELECT crdb_internal.get_zone_config(-1)::string
----
NULL

query error insufficient privilege
SELECT crdb_internal.get_zone_config($root_test_id)::string -- based on root query. having no permissions blocks us from this test rapidly changing though.

# give testuser permissions on everything and retest
user root

statement ok
GRANT ALL ON DATABASE root_test TO testuser

statement ok
GRANT ALL ON root_test.t TO testuser

user testuser

query B
SELECT crdb_internal.get_namespace_id(0, 'root_test') = $root_test_id
----
true

let $root_test_id
SELECT crdb_internal.get_namespace_id(0, 'root_test')

let $root_test_public_schema_id
SELECT crdb_internal.get_namespace_id($root_test_id, 'public')

let $t_id
SELECT crdb_internal.get_namespace_id($root_test_id, $root_test_public_schema_id, 't')

query T
SELECT crdb_internal.get_zone_config(crdb_internal.get_namespace_id(0, 'root_test'))::string
----
\x2805500158017800

query T
SELECT ($t_id)::regclass
----
108

# reset state to default
user root

statement ok
DROP DATABASE root_test CASCADE
