# LogicTest: local 3node-tenant

query T
SHOW is_superuser
----
on

query TTT colnames,rowsort
SHOW USERS
----
username  options  member_of
admin     ·        {}
root      ·        {admin}
testuser  ·        {}

statement ok
CREATE USER user1

query TTT colnames,rowsort
SHOW USERS
----
username  options  member_of
admin     ·        {}
root      ·        {admin}
testuser  ·        {}
user1     ·        {}

statement error pgcode 42710 a role/user named admin already exists
CREATE USER admin

statement ok
CREATE USER IF NOT EXISTS admin

statement error pgcode 42710 a role/user named user1 already exists
CREATE USER user1

statement ok
CREATE USER IF NOT EXISTS user1

statement error pgcode 42710 a role/user named user1 already exists
CREATE USER UsEr1

statement ok
CREATE USER Ομηρος

statement error pgcode 42939 role name "node" is reserved
CREATE USER node

statement error pgcode 42939 role name "public" is reserved
CREATE USER public

statement error pgcode 42939 role name "none" is reserved
CREATE USER "none"

statement error empty passwords are not permitted
CREATE USER test WITH PASSWORD ''

statement ok
CREATE USER uSEr2 WITH PASSWORD 'cockroach'

statement ok
CREATE USER user3 WITH PASSWORD '蟑螂'

statement error pq: "foo☂": username is invalid
CREATE USER foo☂

statement error pq: "-foo": username is invalid
CREATE USER "-foo"

statement error at or near "-": syntax error
CREATE USER foo-bar

statement ok
CREATE USER "foo-bar"

statement ok
PREPARE pcu AS CREATE USER foo WITH PASSWORD $1;
  EXECUTE pcu('bar')

statement ok
ALTER USER foo WITH PASSWORD 'somepass'

statement ok
PREPARE chpw AS ALTER USER foo WITH PASSWORD $1;
  EXECUTE chpw('bar')

statement error user "blix" does not exist
PREPARE chpw2 AS ALTER USER blix WITH PASSWORD $1;
  EXECUTE chpw2('baz')

query TTT colnames,rowsort
SHOW USERS
----
username  options  member_of
admin     ·        {}
foo       ·        {}
foo-bar   ·        {}
root      ·        {admin}
testuser  ·        {}
user1     ·        {}
user2     ·        {}
user3     ·        {}
ομηρος    ·        {}

statement error "": username is empty
CREATE USER ""

query TTTTT
SELECT current_user, current_user(), session_user, session_user(), user
----
root  root  root  root  root

statement ok
CREATE USER testuser2;
GRANT admin TO testuser2

user testuser2

query T
SHOW is_superuser
----
on

user testuser

query T
SHOW is_superuser
----
off

statement error pq: user testuser does not have CREATEROLE privilege
CREATE USER user4

statement error pq: user testuser does not have INSERT privilege on relation users
UPSERT INTO system.users VALUES (user1, 'newpassword', false)

statement error pq: user testuser does not have SELECT privilege on relation user
SHOW USERS

query TTTTT
SELECT current_user, current_user(), session_user, session_user(), user
----
testuser  testuser  testuser  testuser  testuser

statement ok
SET SESSION AUTHORIZATION DEFAULT

query T
SHOW session_user
----
testuser

user root

statement ok
SET SESSION AUTHORIZATION DEFAULT

query T
SHOW session_user
----
root

# Test CREATEROLE privilege.

statement ok
ALTER USER testuser CREATEROLE

user testuser

statement ok
CREATE ROLE user4 CREATEROLE

statement ok
CREATE USER user5 NOLOGIN

user root

query TTTO rowsort
SELECT * FROM system.role_options
----
testuser  CREATEROLE  NULL  100
user4     CREATEROLE  NULL  108
user4     NOLOGIN     NULL  108
user5     NOLOGIN     NULL  109

user testuser

query T
SHOW is_superuser
----
off

statement ok
DROP ROLE user4

statement ok
DROP ROLE user5

subtest min_password_length

user root

statement ok
SET CLUSTER SETTING server.user_login.min_password_length = 12

statement error password too short
CREATE USER baduser WITH PASSWORD 'abc'

statement error password too short
ALTER USER testuser WITH PASSWORD 'abc'

statement ok
CREATE USER userlongpassword WITH PASSWORD '012345678901'

statement ok
ALTER USER userlongpassword WITH PASSWORD '987654321021'

statement ok
DROP USER userlongpassword
