Google Git
Sign in
apache / iotdb / c232ee02239e26562d7db27e46e99f586a02c3aa / . / iotdb-core / confignode / src / test / java / org / apache / iotdb / confignode / persistence / AuthorInfoTest.java
blob: 12bab54572a920b51c20b633e465923e4c6adf65 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.iotdb.confignode.persistence;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.auth.AuthException;
import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer;
import org.apache.iotdb.commons.auth.entity.PriPrivilegeType;
import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.conf.CommonDescriptor;
import org.apache.iotdb.commons.exception.IllegalPathException;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.commons.utils.AuthUtils;
import org.apache.iotdb.confignode.consensus.request.ConfigPhysicalPlanType;
import org.apache.iotdb.confignode.consensus.request.auth.AuthorPlan;
import org.apache.iotdb.confignode.consensus.response.auth.PermissionInfoResp;
import org.apache.iotdb.confignode.rpc.thrift.TCheckUserPrivilegesReq;
import org.apache.iotdb.confignode.rpc.thrift.TPermissionInfoResp;
import org.apache.iotdb.rpc.TSStatusCode;
import org.apache.commons.io.FileUtils;
import org.apache.thrift.TException;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import static org.apache.iotdb.db.utils.constant.TestConstant.BASE_OUTPUT_PATH;
public class AuthorInfoTest {
private static AuthorInfo authorInfo;
private static final File snapshotDir = new File(BASE_OUTPUT_PATH, "authorInfo-snapshot");
private static final File userFolder =
new File(CommonDescriptor.getInstance().getConfig().getUserFolder());
private static final File roleFolder =
new File(CommonDescriptor.getInstance().getConfig().getRoleFolder());
@BeforeClass
public static void setup() {
authorInfo = new AuthorInfo();
if (!snapshotDir.exists()) {
snapshotDir.mkdirs();
}
if (!userFolder.exists()) {
userFolder.mkdirs();
}
if (!roleFolder.exists()) {
roleFolder.mkdirs();
}
}
@AfterClass
public static void cleanup() throws IOException, AuthException {
authorInfo.clear();
if (snapshotDir.exists()) {
FileUtils.deleteDirectory(snapshotDir);
}
if (userFolder.exists()) {
FileUtils.deleteDirectory(userFolder);
}
if (roleFolder.exists()) {
FileUtils.deleteDirectory(roleFolder);
}
}
@Test
public void permissionTest() throws TException, AuthException, IllegalPathException {
TSStatus status;
List<String> userList = new ArrayList<>();
userList.add("root");
userList.add("user0");
userList.add("user1");
List<String> roleList = new ArrayList<>();
roleList.add("role0");
roleList.add("role1");
AuthorPlan authorPlan;
TCheckUserPrivilegesReq checkUserPrivilegesReq;
Set<Integer> privilegeList = new HashSet<>();
privilegeList.add(PrivilegeType.READ_DATA.ordinal());
Set<Integer> sysPriList = new HashSet<>();
sysPriList.add(PrivilegeType.MANAGE_ROLE.ordinal());
Set<Integer> revokePrivilege = new HashSet<>();
revokePrivilege.add(PrivilegeType.READ_DATA.ordinal());
List<String> privilege = new ArrayList<>();
privilege.add("root.** : MANAGE_USER");
List<PartialPath> paths = new ArrayList<>();
paths.add(new PartialPath("root.ln"));
cleanUserAndRole();
// create user
{
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.CreateUser,
"user0",
"",
"passwd",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertNull(status.getMessage());
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
authorPlan.setUserName("user1");
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
}
// check user privileges
status =
authorInfo
.checkUserPrivileges("user0", paths, PrivilegeType.MANAGE_USER.ordinal())
.getStatus();
Assert.assertEquals(TSStatusCode.NO_PERMISSION.getStatusCode(), status.getCode());
// drop user
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.DropUser,
"user1",
"",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// list user
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.ListUser,
"",
"",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
PermissionInfoResp permissionInfoResp = authorInfo.executeListUsers(authorPlan);
status = permissionInfoResp.getStatus();
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
userList.remove("user1");
Assert.assertEquals(userList, permissionInfoResp.getMemberList());
// create role
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.CreateRole,
"",
"role0",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
authorPlan.setRoleName("role1");
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// drop role
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.DropRole,
"",
"role1",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// list role
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.ListRole,
"",
"",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
permissionInfoResp = authorInfo.executeListRoles(authorPlan);
status = permissionInfoResp.getStatus();
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
roleList.remove("role1");
Assert.assertEquals(roleList, permissionInfoResp.getMemberList());
// alter user
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.UpdateUser,
"user0",
"",
"",
"newpwd",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// grant user path privilege
List<PartialPath> nodeNameList = new ArrayList<>();
nodeNameList.add(new PartialPath("root.ln.**"));
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.GrantUser,
"user0",
"",
"",
"",
privilegeList,
false,
nodeNameList);
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
Assert.assertEquals(
authorInfo
.checkUserPrivileges("user0", nodeNameList, PrivilegeType.READ_DATA.ordinal())
.getStatus()
.getCode(),
TSStatusCode.SUCCESS_STATUS.getStatusCode());
// grant user system privilege
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.GrantUser, "user0", "", "", "", sysPriList, false, null);
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
Assert.assertEquals(
authorInfo
.checkUserPrivileges("user0", new ArrayList<>(), PrivilegeType.MANAGE_ROLE.ordinal())
.getStatus()
.getCode(),
TSStatusCode.SUCCESS_STATUS.getStatusCode());
// check user privileges
status =
authorInfo
.checkUserPrivileges("user0", new ArrayList<>(), PrivilegeType.MANAGE_ROLE.ordinal())
.getStatus();
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// grant role
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.GrantRole,
"",
"role0",
"",
"",
privilegeList,
false,
nodeNameList);
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// grant role to user
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.GrantRoleToUser,
"user0",
"role0",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// revoke user
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.RevokeUser,
"user0",
"",
"",
"",
revokePrivilege,
false,
nodeNameList);
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// revoke role
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.RevokeRole,
"",
"role0",
"",
"",
revokePrivilege,
false,
nodeNameList);
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// list privileges user
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.ListUserPrivilege,
"user0",
"",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
permissionInfoResp = authorInfo.executeListUserPrivileges(authorPlan);
status = permissionInfoResp.getStatus();
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
Assert.assertEquals(
authorInfo.getUserPermissionInfo("user0"), permissionInfoResp.getPermissionInfoResp());
// list privileges role
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.ListRolePrivilege,
"",
"role0",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
permissionInfoResp = authorInfo.executeListRolePrivileges(authorPlan);
status = permissionInfoResp.getStatus();
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// list all role of user
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.ListRole,
"user0",
"",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
permissionInfoResp = authorInfo.executeListRoles(authorPlan);
status = permissionInfoResp.getStatus();
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
roleList.remove("role1");
Assert.assertEquals(roleList, permissionInfoResp.getMemberList());
// list all user of role
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.ListUser,
"",
"role0",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
permissionInfoResp = authorInfo.executeListUsers(authorPlan);
status = permissionInfoResp.getStatus();
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
userList.remove("user1");
userList.remove("root");
Assert.assertEquals(userList, permissionInfoResp.getMemberList());
// revoke role from user
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.RevokeRoleFromUser,
"user0",
"role0",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
}
private void cleanUserAndRole() throws TException, AuthException {
TSStatus status;
// clean user
AuthorPlan authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.ListUser,
"",
"",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
PermissionInfoResp permissionInfoResp = authorInfo.executeListUsers(authorPlan);
status = permissionInfoResp.getStatus();
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
List<String> allUsers = permissionInfoResp.getMemberList();
for (String user : allUsers) {
if (!user.equals("root")) {
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.DropUser,
user,
"",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
}
}
// clean role
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.ListRole,
"",
"",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
permissionInfoResp = authorInfo.executeListRoles(authorPlan);
status = permissionInfoResp.getStatus();
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
List<String> roleList = permissionInfoResp.getMemberList();
for (String roleN : roleList) {
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.DropRole,
"",
roleN,
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
}
}
@Test
public void takeSnapshot() throws TException, IOException, AuthException {
cleanUserAndRole();
// create role
AuthorPlan createRoleReq = new AuthorPlan(ConfigPhysicalPlanType.CreateRole);
createRoleReq.setRoleName("testRole");
TSStatus status = authorInfo.authorNonQuery(createRoleReq);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
AuthorPlan createUserReq = new AuthorPlan(ConfigPhysicalPlanType.CreateUser);
createUserReq.setUserName("testUser");
createUserReq.setPassword("testPassword");
status = authorInfo.authorNonQuery(createUserReq);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
AuthorPlan listUserPlan =
new AuthorPlan(
ConfigPhysicalPlanType.ListUser,
"",
"",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
AuthorPlan listRolePlan =
new AuthorPlan(
ConfigPhysicalPlanType.ListRole,
"",
"",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
Assert.assertEquals(1, authorInfo.executeListRoles(listRolePlan).getMemberList().size());
Assert.assertEquals(2, authorInfo.executeListUsers(listUserPlan).getMemberList().size());
Assert.assertTrue(authorInfo.processTakeSnapshot(snapshotDir));
authorInfo.clear();
authorInfo.processLoadSnapshot(snapshotDir);
Assert.assertEquals(1, authorInfo.executeListRoles(listRolePlan).getMemberList().size());
Assert.assertEquals(2, authorInfo.executeListUsers(listUserPlan).getMemberList().size());
}
@Test
public void testMultPathsPermission() throws TException, AuthException, IllegalPathException {
TSStatus status;
AuthorPlan authorPlan;
Set<Integer> privilegeList = new HashSet<>();
privilegeList.add(PrivilegeType.WRITE_DATA.ordinal());
privilegeList.add(PrivilegeType.READ_DATA.ordinal());
Map<String, List<String>> permissionInfo;
List<String> userPrivilege = new ArrayList<>();
userPrivilege.add("root.sg.** : READ_DATA WRITE_DATA");
userPrivilege.add("root.ln.** : READ_DATA WRITE_DATA");
Collections.sort(userPrivilege);
List<String> rolePrivilege = new ArrayList<>();
rolePrivilege.add("root.abc.** : READ_DATA WRITE_DATA");
rolePrivilege.add("root.role_1.** : READ_DATA WRITE_DATA");
Collections.sort(rolePrivilege);
List<String> allPrivilege = new ArrayList<>();
allPrivilege.addAll(userPrivilege);
allPrivilege.addAll(rolePrivilege);
Collections.sort(allPrivilege);
List<PartialPath> userPaths = new ArrayList<>();
userPaths.add(new PartialPath("root.ln.**"));
userPaths.add(new PartialPath("root.sg.**"));
List<PartialPath> rolePaths = new ArrayList<>();
rolePaths.add(new PartialPath("root.role_1.**"));
rolePaths.add(new PartialPath("root.abc.**"));
cleanUserAndRole();
// create user
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.CreateUser,
"user0",
"",
"passwd",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertNull(status.getMessage());
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// create role
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.CreateRole,
"",
"role0",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// grant user
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.GrantUser, "user0", "", "", "", privilegeList, false, userPaths);
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// check user privileges
status =
authorInfo
.checkUserPrivileges("user0", userPaths, PrivilegeType.WRITE_DATA.ordinal())
.getStatus();
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// grant role
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.GrantRole, "", "role0", "", "", privilegeList, false, rolePaths);
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// grant role to user
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.GrantRoleToUser,
"user0",
"role0",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// list privileges user
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.ListUserPrivilege,
"user0",
"",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
PermissionInfoResp permissionInfoResp;
permissionInfoResp = authorInfo.executeListUserPrivileges(authorPlan);
status = permissionInfoResp.getStatus();
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// list privileges role
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.ListRolePrivilege,
"",
"role0",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
permissionInfoResp = authorInfo.executeListRolePrivileges(authorPlan);
status = permissionInfoResp.getStatus();
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
}
@Test
public void testDepAuthorPlan() throws TException, AuthException, IllegalPathException {
AuthorPlan authorPlan;
TSStatus status;
cleanUserAndRole();
/*--TEST FOR USER CREATE 、UPDATE AND DROP -*/
// this operation will success for pre version.
{
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.CreateUserDep,
"user1",
"",
"password1",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// this operation will success for pre version. --length~(32,64)
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.CreateUserDep,
"user1234567user1234567user1234567user1234567",
"",
"password1",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// this operation will fail for pre version. --length > 64
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.CreateUserDep,
"user1234567user1234567user1234567user1234567user1234567user1234567user1234567user1234567",
"",
"password1",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.ILLEGAL_PARAMETER.getStatusCode(), status.getCode());
// this operation will fail for pre version. -- contain &%*@
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.CreateUserDep,
"user1*&%",
"",
"password1",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.ILLEGAL_PARAMETER.getStatusCode(), status.getCode());
// root, user1, user1234567user1234567user1234567user1234567
Assert.assertEquals(
3,
authorInfo
.executeListUsers(
new AuthorPlan(
ConfigPhysicalPlanType.ListUser,
"",
"",
"",
"",
new HashSet<>(),
false,
new ArrayList<>()))
.getMemberList()
.size());
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.DropUserDep,
"user1234567user1234567user1234567user1234567",
"",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
Assert.assertEquals(
2,
authorInfo
.executeListUsers(
new AuthorPlan(
ConfigPhysicalPlanType.ListUserDep,
"",
"",
"",
"",
new HashSet<>(),
false,
new ArrayList<>()))
.getMemberList()
.size());
// for pre version, password with &% will meet error.
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.UpdateUserDep,
"user1",
"",
"password*&S",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.ILLEGAL_PARAMETER.getStatusCode(), status.getCode());
/*--TEST FOR ROLE CREATE AND DROP -*/
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.CreateRoleDep,
"",
"role1",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// name longer than 32, It's ok.
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.CreateRoleDep,
"",
"role1234567role1234567role1234567role1234567",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
// contain wrong character, error.
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.CreateRoleDep,
"",
"role1234567role1%%234567role1234567role1234567",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.ILLEGAL_PARAMETER.getStatusCode(), status.getCode());
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.DropRoleDep,
"",
"role1234567role1234567role1234567role1234567",
"",
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
Assert.assertEquals(
1,
authorInfo
.executeListRoles(
new AuthorPlan(
ConfigPhysicalPlanType.ListRoleDep,
"",
"",
"",
"",
new HashSet<>(),
false,
new ArrayList<>()))
.getMemberList()
.size());
}
// NOW WE HAVE USER:user1, root; ROLE: role1
for (PriPrivilegeType item : PriPrivilegeType.values()) {
/*-- TEST IGNORE PRIVILEGES --*/
if (!item.isAccept()) {
// for user to grant
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.GrantUserDep,
"user1",
"",
"",
"",
Collections.singleton(item.ordinal()),
false,
Collections.singletonList(new PartialPath("root.**")));
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
Assert.assertEquals(
0, BasicAuthorizer.getInstance().getUser("user1").getPathPrivilegeList().size());
Assert.assertEquals(
0, BasicAuthorizer.getInstance().getUser("user1").getSysPrivilege().size());
// for role to grant
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.GrantRoleDep,
"",
"role1",
"",
"",
Collections.singleton(item.ordinal()),
false,
Collections.singletonList(new PartialPath("root.**")));
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
Assert.assertEquals(
0, BasicAuthorizer.getInstance().getRole("role1").getPathPrivilegeList().size());
Assert.assertEquals(
0, BasicAuthorizer.getInstance().getRole("role1").getSysPrivilege().size());
// for user to revoke
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.RevokeUserDep,
"user1",
"",
"",
"",
Collections.singleton(item.ordinal()),
false,
Collections.singletonList(new PartialPath("root.**")));
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
Assert.assertEquals(
0, BasicAuthorizer.getInstance().getUser("user1").getPathPrivilegeList().size());
Assert.assertEquals(
0, BasicAuthorizer.getInstance().getUser("user1").getSysPrivilege().size());
// for role to revoke
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.RevokeRoleDep,
"",
"role1",
"",
"",
Collections.singleton(item.ordinal()),
false,
Collections.singletonList(new PartialPath("root.**")));
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
Assert.assertEquals(
0, BasicAuthorizer.getInstance().getRole("role1").getPathPrivilegeList().size());
Assert.assertEquals(
0, BasicAuthorizer.getInstance().getRole("role1").getSysPrivilege().size());
} else {
if (item == PriPrivilegeType.ALL) {
continue;
}
if (item.isPrePathRelevant()) {
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.GrantUserDep,
"user1",
"",
"",
"",
Collections.singleton(item.ordinal()),
false,
Collections.singletonList(new PartialPath("root.t1.*.t2")));
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
Assert.assertEquals(
1,
BasicAuthorizer.getInstance()
.getUser("user1")
.getPathPrivileges(new PartialPath("root.t1.*.t2"))
.size());
authorInfo.checkUserPathPrivilege();
PartialPath path1 = AuthUtils.convertPatternPath(new PartialPath("root.t1.*.t2"));
for (PrivilegeType pri : item.getSubPri()) {
if (pri.isPathRelevant()) {
Assert.assertTrue(
BasicAuthorizer.getInstance()
.getUser("user1")
.checkPathPrivilege(path1, pri.ordinal()));
BasicAuthorizer.getInstance()
.getUser("user1")
.removePathPrivilege(path1, pri.ordinal());
} else {
Assert.assertTrue(
BasicAuthorizer.getInstance().getUser("user1").checkSysPrivilege(pri.ordinal()));
BasicAuthorizer.getInstance().getUser("user1").removeSysPrivilege(pri.ordinal());
}
}
} else {
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.GrantUserDep,
"user1",
"",
"",
"",
Collections.singleton(item.ordinal()),
false,
Collections.singletonList(new PartialPath("root.**")));
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
authorInfo.checkUserPathPrivilege();
Assert.assertTrue(
BasicAuthorizer.getInstance()
.getUser("user1")
.getSysPrivilege()
.containsAll(item.getSubSysPriOrd()));
for (PrivilegeType pri : item.getSubPri()) {
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.RevokeUser,
"user1",
"",
"",
"",
Collections.singleton(pri.ordinal()),
false,
Collections.emptyList());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
Assert.assertEquals(
0, BasicAuthorizer.getInstance().getUser("user1").getSysPrivilege().size());
}
}
}
}
}
@Test
public void createUserWithRawPassword() throws AuthException {
TSStatus status;
AuthorPlan authorPlan;
authorPlan =
new AuthorPlan(
ConfigPhysicalPlanType.CreateUserWithRawPassword,
"testuser",
"",
AuthUtils.encryptPassword("password"),
"",
new HashSet<>(),
false,
new ArrayList<>());
status = authorInfo.authorNonQuery(authorPlan);
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
TPermissionInfoResp result = authorInfo.login("testuser", "password");
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), result.getStatus().getCode());
}
}