Google Git
Sign in
apache / drill / ba601b01563afa520896f4c30044c79219f7bb8a / . / exec / java-exec / src / test / java / org / apache / drill / exec / resourcemgr / config / selectors / TestAclSelector.java
blob: 497f3bb1ed4ebd827fccdc7c8ba3422b38c5306d [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.drill.exec.resourcemgr.config.selectors;
import com.typesafe.config.Config;
import com.typesafe.config.ConfigFactory;
import com.typesafe.config.ConfigValueFactory;
import org.apache.drill.categories.ResourceManagerTest;
import org.apache.drill.exec.resourcemgr.config.exception.RMConfigException;
import org.apache.drill.test.BaseTest;
import org.junit.After;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
@Category(ResourceManagerTest.class)
public final class TestAclSelector extends BaseTest {
private static final List<String> groupsValue = new ArrayList<>();
private static final List<String> usersValue = new ArrayList<>();
private static final List<String> emptyList = new ArrayList<>();
private static final Map<String, List<String>> aclConfigValue = new HashMap<>();
private boolean checkIfSame(Object[] expected, Object[] actual) {
Arrays.sort(expected);
Arrays.sort(actual);
return Arrays.equals(expected, actual);
}
@After
public void cleanupAfterTest() {
groupsValue.clear();
usersValue.clear();
aclConfigValue.clear();
}
private ResourcePoolSelector testNegativeHelper() throws RMConfigException {
final Config testConfig = ConfigFactory.empty()
.withValue("acl", ConfigValueFactory.fromMap(aclConfigValue));
return ResourcePoolSelectorFactory.createSelector(testConfig);
}
private ResourcePoolSelector testCommonHelper(List<String> expectedPositiveUsers, List<String> expectedPositiveGroups,
List<String> expectedNegativeUsers, List<String> expectedNegativeGroups)
throws RMConfigException {
ResourcePoolSelector testSelector = testNegativeHelper();
assertTrue("TestSelector is not a ACL selector", testSelector instanceof AclSelector);
assertTrue("Expected +ve users config mismatched with actual config",
checkIfSame(expectedPositiveUsers.toArray(), ((AclSelector) testSelector).getAllowedUsers().toArray()));
assertTrue("Expected +ve groups config mismatched with actual config",
checkIfSame(expectedPositiveGroups.toArray(), ((AclSelector) testSelector).getAllowedGroups().toArray()));
assertTrue("Expected -ve users config mismatched with actual config",
checkIfSame(expectedNegativeUsers.toArray(), ((AclSelector) testSelector).getDeniedUsers().toArray()));
assertTrue("Expected -ve groups config mismatched with actual config",
checkIfSame(expectedNegativeGroups.toArray(), ((AclSelector) testSelector).getDeniedGroups().toArray()));
return testSelector;
}
@Test
public void testValidACLSelector_shortSyntax() throws Exception {
groupsValue.add("sales");
groupsValue.add("marketing");
usersValue.add("user1");
usersValue.add("user2");
aclConfigValue.put("groups", groupsValue);
aclConfigValue.put("users", usersValue);
AclSelector testSelector = (AclSelector) testCommonHelper(usersValue, groupsValue, emptyList, emptyList);
// check based on valid/invalid user
Set<String> groups = new HashSet<>();
assertFalse(testSelector.checkQueryUserGroups("user3", groups));
assertTrue(testSelector.checkQueryUserGroups("user1", groups));
// check based on correct group
groups.add("sales");
assertTrue(testSelector.checkQueryUserGroups("user3", groups));
}
@Test
public void testACLSelector_onlyUsers() throws Exception {
usersValue.add("user1");
aclConfigValue.put("users", usersValue);
testCommonHelper(usersValue, groupsValue, emptyList, emptyList);
}
@Test
public void testACLSelector_onlyGroups() throws Exception {
groupsValue.add("group1");
aclConfigValue.put("groups", groupsValue);
testCommonHelper(usersValue, groupsValue, emptyList, emptyList);
}
@Test(expected = RMConfigException.class)
public void testInValidACLSelector_shortSyntax() throws Exception {
aclConfigValue.put("groups", new ArrayList<>());
aclConfigValue.put("users", new ArrayList<>());
testNegativeHelper();
}
@Test
public void testValidACLSelector_longSyntax() throws Exception {
groupsValue.add("sales:+");
groupsValue.add("marketing:-");
List<String> expectedAllowedGroups = new ArrayList<>();
expectedAllowedGroups.add("sales");
List<String> expectedDisAllowedGroups = new ArrayList<>();
expectedDisAllowedGroups.add("marketing");
usersValue.add("user1:+");
usersValue.add("user2:-");
List<String> expectedAllowedUsers = new ArrayList<>();
expectedAllowedUsers.add("user1");
List<String> expectedDisAllowedUsers = new ArrayList<>();
expectedDisAllowedUsers.add("user2");
aclConfigValue.put("groups", groupsValue);
aclConfigValue.put("users", usersValue);
AclSelector testSelector = (AclSelector)testCommonHelper(expectedAllowedUsers, expectedAllowedGroups,
expectedDisAllowedUsers, expectedDisAllowedGroups);
Set<String> queryGroups = new HashSet<>();
// Negative user/group
queryGroups.add("marketing");
assertFalse(testSelector.checkQueryUserGroups("user2", queryGroups));
// Invalid user -ve group
assertFalse(testSelector.checkQueryUserGroups("user3", queryGroups));
// -ve user +ve group
queryGroups.clear();
queryGroups.add("sales");
assertFalse(testSelector.checkQueryUserGroups("user2", queryGroups));
// Invalid user +ve group
assertTrue(testSelector.checkQueryUserGroups("user3", queryGroups));
}
@Test(expected = RMConfigException.class)
public void testInvalidLongSyntaxIdentifier() throws Exception {
groupsValue.add("sales:|");
aclConfigValue.put("groups", groupsValue);
testNegativeHelper();
}
@Test
public void testMixLongShortAclSyntax() throws Exception {
groupsValue.add("groups1");
groupsValue.add("groups2:+");
groupsValue.add("groups3:-");
List<String> expectedAllowedGroups = new ArrayList<>();
expectedAllowedGroups.add("groups1");
expectedAllowedGroups.add("groups2");
List<String> expectedDisAllowedGroups = new ArrayList<>();
expectedDisAllowedGroups.add("groups3");
usersValue.add("user1");
usersValue.add("user2:+");
usersValue.add("user3:-");
List<String> expectedAllowedUsers = new ArrayList<>();
expectedAllowedUsers.add("user1");
expectedAllowedUsers.add("user2");
List<String> expectedDisAllowedUsers = new ArrayList<>();
expectedDisAllowedUsers.add("user3");
aclConfigValue.put("groups", groupsValue);
aclConfigValue.put("users", usersValue);
testCommonHelper(expectedAllowedUsers, expectedAllowedGroups, expectedDisAllowedUsers, expectedDisAllowedGroups);
}
@Test
public void testSameUserBothInPositiveNegative() throws Exception {
usersValue.add("user1:+");
usersValue.add("user1:-");
List<String> expectedDisAllowedUsers = new ArrayList<>();
expectedDisAllowedUsers.add("user1");
aclConfigValue.put("users", usersValue);
testCommonHelper(emptyList, emptyList, expectedDisAllowedUsers, emptyList);
}
@Test
public void testStarInPositiveUsers() throws Exception {
usersValue.add("*:+");
usersValue.add("user1:-");
List<String> expectedAllowedUsers = new ArrayList<>();
expectedAllowedUsers.add("*");
List<String> expectedDisAllowedUsers = new ArrayList<>();
expectedDisAllowedUsers.add("user1");
aclConfigValue.put("users", usersValue);
AclSelector testSelector = (AclSelector)testCommonHelper(expectedAllowedUsers, emptyList,
expectedDisAllowedUsers, emptyList);
Set<String> queryGroups = new HashSet<>();
// -ve user with Invalid groups
assertFalse(testSelector.checkQueryUserGroups("user1", queryGroups));
// Other user with invalid groups
assertTrue(testSelector.checkQueryUserGroups("user2", queryGroups));
}
@Test
public void testStarInNegativeUsers() throws Exception {
usersValue.add("*:-");
usersValue.add("user1:+");
List<String> expectedAllowedUsers = new ArrayList<>();
expectedAllowedUsers.add("user1");
List<String> expectedDisAllowedUsers = new ArrayList<>();
expectedDisAllowedUsers.add("*");
aclConfigValue.put("users", usersValue);
AclSelector testSelector = (AclSelector)testCommonHelper(expectedAllowedUsers, emptyList,
expectedDisAllowedUsers, emptyList);
Set<String> queryGroups = new HashSet<>();
// Other user with Invalid groups
assertFalse(testSelector.checkQueryUserGroups("user2", queryGroups));
// +ve user with invalid groups
assertTrue(testSelector.checkQueryUserGroups("user1", queryGroups));
}
}