accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From e..@apache.org
Subject svn commit: r1489585 [2/2] - in /accumulo/trunk: conf/examples/1GB/native-standalone/ conf/examples/1GB/standalone/ conf/examples/2GB/native-standalone/ conf/examples/2GB/standalone/ conf/examples/3GB/native-standalone/ conf/examples/3GB/standalone/ co...
Date Tue, 04 Jun 2013 19:54:22 GMT
Added: accumulo/trunk/test/src/test/java/org/apache/accumulo/test/AuditMessageTest.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/test/src/test/java/org/apache/accumulo/test/AuditMessageTest.java?rev=1489585&view=auto
==============================================================================
--- accumulo/trunk/test/src/test/java/org/apache/accumulo/test/AuditMessageTest.java (added)
+++ accumulo/trunk/test/src/test/java/org/apache/accumulo/test/AuditMessageTest.java Tue Jun
 4 19:54:19 2013
@@ -0,0 +1,475 @@
+package org.apache.accumulo.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.*;
+
+import org.apache.accumulo.core.Constants;
+import org.apache.accumulo.core.client.*;
+import org.apache.accumulo.core.client.Scanner;
+import org.apache.accumulo.core.client.security.tokens.PasswordToken;
+import org.apache.accumulo.core.data.Key;
+import org.apache.accumulo.core.data.Mutation;
+import org.apache.accumulo.core.data.Range;
+import org.apache.accumulo.core.data.Value;
+import org.apache.accumulo.core.security.Authorizations;
+import org.apache.accumulo.core.security.SystemPermission;
+import org.apache.accumulo.core.security.TablePermission;
+import org.apache.accumulo.minicluster.MiniAccumuloCluster;
+import org.apache.accumulo.server.security.AuditedSecurityOperation;
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.io.LineIterator;
+import org.apache.hadoop.io.Text;
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+
+/**
+ * Tests that Accumulo is outputting audit messages as expected. Since this is using MiniAccumuloCluster,
it could take a while if we test everything in
+ * isolation. We test blocks of related operations, run the whole test in one MiniAccumulo
instance, trying to clean up objects between each test. The
+ * MiniAccumuloClusterTest sets up the log4j stuff differently to an installed instance,
instead piping everything through stdout and writing to a set location
+ * so we have to find the logs and grep the bits we need out.
+ */
+public class AuditMessageTest {
+  
+  private static MiniAccumuloCluster accumulo;
+  private static File logDir;
+  private static List<MiniAccumuloCluster.LogWriter> logWriters;
+  private final String AUDIT_USER_1 = "AuditUser1";
+  private final String AUDIT_USER_2 = "AuditUser2";
+  private final PasswordToken PASSWORD_TOKEN = new PasswordToken("password");
+  private final String OLD_TEST_TABLE_NAME = "apples";
+  private final String NEW_TEST_TABLE_NAME = "oranges";
+  private final String THIRD_TEST_TABLE_NAME = "pears";
+  private final Authorizations auths = new Authorizations("private", "public");
+  private static TemporaryFolder folder = new TemporaryFolder();
+
+
+  // Must be static to survive Junit re-initialising the class every time.
+  private static String lastAuditTimestamp;
+  private Connector auditConnector;
+  private Connector conn;
+  
+  private static ArrayList<String> findAuditMessage(ArrayList<String> input,
String pattern) {
+    ArrayList<String> result = new ArrayList<String>();
+    for (String s : input) {
+      if (s.matches(".*" + pattern + ".*"))
+        result.add(s);
+    }
+    return result;
+  }
+  
+  @BeforeClass
+  public static void setupMiniCluster() throws Exception {
+    folder.create();
+    Logger.getLogger("org.apache.zookeeper").setLevel(Level.ERROR);
+    
+    accumulo = new MiniAccumuloCluster(folder.getRoot(), "superSecret");
+    accumulo.start();
+    logDir = accumulo.getConfig().getLogDir();
+    logWriters = accumulo.getLogWriters();
+  }
+  
+
+  /**
+   * Returns a List of Audit messages that have been grep'd out of the MiniAccumuloCluster
output.
+   * 
+   * @param stepName
+   *          A unique name for the test being executed, to identify the System.out messages.
+   * @return A List of the Audit messages, sorted (so in chronological order).
+   */
+  private ArrayList<String> getAuditMessages(String stepName) throws IOException {
+    
+    for (MiniAccumuloCluster.LogWriter lw : logWriters) {
+      lw.flush();
+    }
+    
+    // Grab the audit messages
+    System.out.println("Start of captured audit messages for step " + stepName);
+    
+    ArrayList<String> result = new ArrayList<String>();
+    for (File file : logDir.listFiles()) {
+      // We want to grab the files called .out
+      if (file.getName().contains(".out") && file.isFile() && file.canRead())
{
+        LineIterator it = FileUtils.lineIterator(file, "UTF-8");
+        try {
+          while (it.hasNext()) {
+            String line = it.nextLine();
+            if (line.matches(".* \\[" + Constants.AUDITLOG + "\\s*\\].*")) {
+              // Only include the message if startTimestamp is null. or the message occurred
after the startTimestamp value
+              if ((lastAuditTimestamp == null) || (line.substring(0, 23).compareTo(lastAuditTimestamp)
> 0))
+                result.add(line);
+            }
+          }
+        } finally {
+          LineIterator.closeQuietly(it);
+        }
+      }
+    }
+    Collections.sort(result);
+    
+    for (String s : result) {
+      System.out.println(s);
+    }
+    System.out.println("End of captured audit messages for step " + stepName);
+    if (result.size() > 0)
+      lastAuditTimestamp = (result.get(result.size() - 1)).substring(0, 23);
+    
+    return result;
+  }
+  
+  private void grantEverySystemPriv(Connector conn, String user) throws AccumuloSecurityException,
AccumuloException {
+    SystemPermission[] arrayOfP = new SystemPermission[] {SystemPermission.SYSTEM, SystemPermission.ALTER_TABLE,
SystemPermission.ALTER_USER,
+        SystemPermission.CREATE_TABLE, SystemPermission.CREATE_USER, SystemPermission.DROP_TABLE,
SystemPermission.DROP_USER};
+    for (SystemPermission p : arrayOfP) {
+      conn.securityOperations().grantSystemPermission(user, p);
+    }
+  }
+  
+  @Before
+  public void setup() throws AccumuloException, AccumuloSecurityException, TableNotFoundException,
IOException {
+    conn = new ZooKeeperInstance(accumulo.getInstanceName(), accumulo.getZooKeepers()).getConnector("root",
new PasswordToken("superSecret"));
+    
+    // I don't want to recreate the instance for every test since it will take ages.
+    // If we run every test as non-root users, I can drop these users every test which should
effectively
+    // reset the environment.
+    
+    if (conn.securityOperations().listLocalUsers().contains(AUDIT_USER_1))
+      conn.securityOperations().dropLocalUser(AUDIT_USER_1);
+    if (conn.securityOperations().listLocalUsers().contains(AUDIT_USER_2))
+      conn.securityOperations().dropLocalUser(AUDIT_USER_2);
+    if (conn.securityOperations().listLocalUsers().contains(AUDIT_USER_2))
+      conn.securityOperations().dropLocalUser(THIRD_TEST_TABLE_NAME);
+    if (conn.tableOperations().exists(NEW_TEST_TABLE_NAME))
+      conn.tableOperations().delete(NEW_TEST_TABLE_NAME);
+    if (conn.tableOperations().exists(OLD_TEST_TABLE_NAME))
+      conn.tableOperations().delete(OLD_TEST_TABLE_NAME);
+    
+    // This will set the lastAuditTimestamp for the first test
+    getAuditMessages("setup");
+    
+  }
+  
+  @Test
+  @SuppressWarnings("unchecked")
+  public void testTableOperationsAudits() throws AccumuloException, AccumuloSecurityException,
TableExistsException, TableNotFoundException, IOException,
+      InterruptedException {
+    
+    conn.securityOperations().createLocalUser(AUDIT_USER_1, PASSWORD_TOKEN);
+    conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM);
+    conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.CREATE_TABLE);
+    
+    // Connect as Audit User and do a bunch of stuff.
+    // Testing activity begins here
+    auditConnector = new ZooKeeperInstance(accumulo.getInstanceName(), accumulo.getZooKeepers()).getConnector(AUDIT_USER_1,
PASSWORD_TOKEN);
+    auditConnector.tableOperations().create(OLD_TEST_TABLE_NAME);
+    auditConnector.tableOperations().rename(OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME);
+    auditConnector.tableOperations().clone(NEW_TEST_TABLE_NAME, OLD_TEST_TABLE_NAME, true,
Collections.EMPTY_MAP, Collections.EMPTY_SET);
+    auditConnector.tableOperations().delete(OLD_TEST_TABLE_NAME);
+    auditConnector.tableOperations().offline(NEW_TEST_TABLE_NAME);
+    auditConnector.tableOperations().delete(NEW_TEST_TABLE_NAME);
+    // Testing activity ends here
+    
+    ArrayList<String> auditMessages = getAuditMessages("testTableOperationsAudits");
+    
+    assertEquals(1, findAuditMessage(auditMessages, "action: createTable; targetTable: "
+ OLD_TEST_TABLE_NAME).size());
+    assertEquals(1, findAuditMessage(auditMessages, "action: renameTable; targetTable: "
+ OLD_TEST_TABLE_NAME).size());
+    assertEquals(1, findAuditMessage(auditMessages, "action: cloneTable; targetTable: " +
NEW_TEST_TABLE_NAME).size());
+    assertEquals(1, findAuditMessage(auditMessages, "action: deleteTable; targetTable: "
+ OLD_TEST_TABLE_NAME).size());
+    assertEquals(1, findAuditMessage(auditMessages, "action: offlineTable; targetTable: "
+ NEW_TEST_TABLE_NAME).size());
+    assertEquals(1, findAuditMessage(auditMessages, "action: deleteTable; targetTable: "
+ NEW_TEST_TABLE_NAME).size());
+    
+  }
+  
+  @Test
+  public void testUserOperationsAudits() throws AccumuloSecurityException, AccumuloException,
TableExistsException, InterruptedException, IOException {
+    
+    conn.securityOperations().createLocalUser(AUDIT_USER_1, PASSWORD_TOKEN);
+    conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM);
+    conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.CREATE_USER);
+    grantEverySystemPriv(conn, AUDIT_USER_1);
+    
+    // Connect as Audit User and do a bunch of stuff.
+    // Start testing activities here
+    auditConnector = new ZooKeeperInstance(accumulo.getInstanceName(), accumulo.getZooKeepers()).getConnector(AUDIT_USER_1,
PASSWORD_TOKEN);
+    auditConnector.securityOperations().createLocalUser(AUDIT_USER_2, PASSWORD_TOKEN);
+    
+    // It seems only root can grant stuff.
+    conn.securityOperations().grantSystemPermission(AUDIT_USER_2, SystemPermission.ALTER_TABLE);
+    conn.securityOperations().revokeSystemPermission(AUDIT_USER_2, SystemPermission.ALTER_TABLE);
+    auditConnector.tableOperations().create(NEW_TEST_TABLE_NAME);
+    conn.securityOperations().grantTablePermission(AUDIT_USER_2, NEW_TEST_TABLE_NAME, TablePermission.READ);
+    conn.securityOperations().revokeTablePermission(AUDIT_USER_2, NEW_TEST_TABLE_NAME, TablePermission.READ);
+    auditConnector.securityOperations().changeLocalUserPassword(AUDIT_USER_2, new PasswordToken("anything"));
+    auditConnector.securityOperations().changeUserAuthorizations(AUDIT_USER_2, auths);
+    auditConnector.securityOperations().dropLocalUser(AUDIT_USER_2);
+    // Stop testing activities here
+    
+    ArrayList<String> auditMessages = getAuditMessages("testUserOperationsAudits");
+    
+    assertEquals(1, findAuditMessage(auditMessages, "action: createUser; targetUser: " +
AUDIT_USER_2).size());
+    assertEquals(
+        1,
+        findAuditMessage(auditMessages,
+            "action: grantSystemPermission; permission: " + SystemPermission.ALTER_TABLE.toString()
+ "; targetUser: " + AUDIT_USER_2).size());
+    assertEquals(
+        1,
+        findAuditMessage(auditMessages,
+            "action: revokeSystemPermission; permission: " + SystemPermission.ALTER_TABLE.toString()
+ "; targetUser: " + AUDIT_USER_2).size());
+    assertEquals(
+        1,
+        findAuditMessage(auditMessages,
+            "action: grantTablePermission; permission: " + TablePermission.READ.toString()
+ "; targetTable: " + NEW_TEST_TABLE_NAME).size());
+    assertEquals(
+        1,
+        findAuditMessage(auditMessages,
+            "action: revokeTablePermission; permission: " + TablePermission.READ.toString()
+ "; targetTable: " + NEW_TEST_TABLE_NAME).size());
+    assertEquals(1, findAuditMessage(auditMessages, "action: changePassword; targetUser:
" + AUDIT_USER_2 + "").size());
+    assertEquals(1, findAuditMessage(auditMessages, "action: changeAuthorizations; targetUser:
" + AUDIT_USER_2 + "; authorizations: " + auths.toString())
+        .size());
+    assertEquals(1, findAuditMessage(auditMessages, "action: dropUser; targetUser: " + AUDIT_USER_2).size());
+  }
+  
+  @Test
+  public void testImportExportOperationsAudits() throws AccumuloSecurityException, AccumuloException,
TableExistsException, TableNotFoundException,
+      IOException, InterruptedException {
+    
+    conn.securityOperations().createLocalUser(AUDIT_USER_1, PASSWORD_TOKEN);
+    conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM);
+    conn.securityOperations().changeUserAuthorizations(AUDIT_USER_1, auths);
+    grantEverySystemPriv(conn, AUDIT_USER_1);
+    
+    // Connect as Audit User and do a bunch of stuff.
+    // Start testing activities here
+    auditConnector = new ZooKeeperInstance(accumulo.getInstanceName(), accumulo.getZooKeepers()).getConnector(AUDIT_USER_1,
PASSWORD_TOKEN);
+    auditConnector.tableOperations().create(OLD_TEST_TABLE_NAME);
+    
+    // Insert some play data
+    BatchWriter bw = auditConnector.createBatchWriter(OLD_TEST_TABLE_NAME, new BatchWriterConfig());
+    Mutation m = new Mutation("myRow");
+    m.put("cf1", "cq1", "v1");
+    m.put("cf1", "cq2", "v3");
+    bw.addMutation(m);
+    bw.close();
+    
+    // Prepare to export the table
+    File exportDir = new File(accumulo.getConfig().getDir().toString() + "/export");
+    
+    auditConnector.tableOperations().offline(OLD_TEST_TABLE_NAME);
+    auditConnector.tableOperations().exportTable(OLD_TEST_TABLE_NAME, exportDir.toString());
+    
+    // We've exported the table metadata to the MiniAccumuloCluster root dir. Grab the .rf
file path to re-import it
+    File distCpTxt = new File(exportDir.toString() + "/distcp.txt");
+    File importFile = null;
+    LineIterator it = FileUtils.lineIterator(distCpTxt, "UTF-8");
+    
+    // Just grab the first rf file, it will do for now.
+    String filePrefix = "file:";
+    try {
+      while (it.hasNext() && importFile == null) {
+        String line = it.nextLine();
+        if (line.matches(".*\\.rf")) {
+          importFile = new File(line.replaceFirst(filePrefix, ""));
+        }
+      }
+    } finally {
+      LineIterator.closeQuietly(it);
+    }
+    FileUtils.copyFileToDirectory(importFile, exportDir);
+    auditConnector.tableOperations().importTable(NEW_TEST_TABLE_NAME, exportDir.toString());
+    
+    // Now do a Directory (bulk) import of the same data.
+    auditConnector.tableOperations().create(THIRD_TEST_TABLE_NAME);
+    File failDir = new File(exportDir + "/tmp");
+    failDir.mkdirs();
+    auditConnector.tableOperations().importDirectory(THIRD_TEST_TABLE_NAME, exportDir.toString(),
failDir.toString(), false);
+    auditConnector.tableOperations().online(OLD_TEST_TABLE_NAME);
+    
+    // Stop testing activities here
+    
+    ArrayList<String> auditMessages = getAuditMessages("testImportExportOperationsAudits");
+    
+    assertEquals(1, findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_CREATE_TABLE_AUDIT_TEMPLATE,
OLD_TEST_TABLE_NAME)).size());
+    assertEquals(1,
+        findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE,
"offlineTable", OLD_TEST_TABLE_NAME))
+            .size());
+    assertEquals(1,
+        findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_EXPORT_AUDIT_TEMPLATE,
OLD_TEST_TABLE_NAME, exportDir.toString())).size());
+    assertEquals(1,
+        findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_IMPORT_AUDIT_TEMPLATE,
NEW_TEST_TABLE_NAME, exportDir.toString())).size());
+    assertEquals(1, findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_CREATE_TABLE_AUDIT_TEMPLATE,
THIRD_TEST_TABLE_NAME)).size());
+    assertEquals(
+        1,
+        findAuditMessage(
+            auditMessages,
+            String.format(AuditedSecurityOperation.CAN_BULK_IMPORT_AUDIT_TEMPLATE, THIRD_TEST_TABLE_NAME,
filePrefix + exportDir.toString(), filePrefix
+                + failDir.toString())).size());
+    assertEquals(1,
+        findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE,
"onlineTable", OLD_TEST_TABLE_NAME))
+            .size());
+    
+  }
+  
+  @Test
+  public void testDataOperationsAudits() throws AccumuloSecurityException, AccumuloException,
TableExistsException, TableNotFoundException, IOException,
+      InterruptedException {
+    
+    conn.securityOperations().createLocalUser(AUDIT_USER_1, PASSWORD_TOKEN);
+    conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM);
+    conn.securityOperations().changeUserAuthorizations(AUDIT_USER_1, auths);
+    grantEverySystemPriv(conn, AUDIT_USER_1);
+    
+    // Connect as Audit User and do a bunch of stuff.
+    // Start testing activities here
+    auditConnector = new ZooKeeperInstance(accumulo.getInstanceName(), accumulo.getZooKeepers()).getConnector(AUDIT_USER_1,
PASSWORD_TOKEN);
+    auditConnector.tableOperations().create(OLD_TEST_TABLE_NAME);
+    
+    // Insert some play data
+    BatchWriter bw = auditConnector.createBatchWriter(OLD_TEST_TABLE_NAME, new BatchWriterConfig());
+    Mutation m = new Mutation("myRow");
+    m.put("cf1", "cq1", "v1");
+    m.put("cf1", "cq2", "v3");
+    bw.addMutation(m);
+    bw.close();
+    
+    // Start testing activities here
+    // A regular scan
+    Scanner scanner = auditConnector.createScanner(OLD_TEST_TABLE_NAME, auths);
+    for (Map.Entry<Key,Value> entry : scanner) {
+      System.out.println("Scanner row: " + entry.getKey() + " " + entry.getValue());
+    }
+    scanner.close();
+    
+    // A batch scan
+    BatchScanner bs = auditConnector.createBatchScanner(OLD_TEST_TABLE_NAME, auths, 1);
+    bs.fetchColumn(new Text("cf1"), new Text("cq1"));
+    bs.setRanges(Arrays.asList(new Range("myRow", "myRow~")));
+    
+    for (Map.Entry<Key,Value> entry : bs) {
+      System.out.println("BatchScanner row: " + entry.getKey() + " " + entry.getValue());
+    }
+    bs.close();
+    
+    // Delete some data.
+    auditConnector.tableOperations().deleteRows(OLD_TEST_TABLE_NAME, new Text("myRow"), new
Text("myRow~"));
+    
+    // End of testing activities
+    
+    ArrayList<String> auditMessages = getAuditMessages("testDataOperationsAudits");
+    assertTrue(1 <= findAuditMessage(auditMessages, "action: scan; targetTable: " + OLD_TEST_TABLE_NAME).size());
+    assertTrue(1 <= findAuditMessage(auditMessages, "action: scan; targetTable: " + OLD_TEST_TABLE_NAME).size());
+    assertEquals(1,
+        findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_DELETE_RANGE_AUDIT_TEMPLATE,
OLD_TEST_TABLE_NAME, "myRow", "myRow~")).size());
+    
+  }
+  
+  @Test
+  public void testDeniedAudits() throws AccumuloSecurityException, AccumuloException, TableExistsException,
TableNotFoundException, IOException,
+      InterruptedException {
+    
+    // Create our user with no privs
+    conn.securityOperations().createLocalUser(AUDIT_USER_1, PASSWORD_TOKEN);
+    conn.tableOperations().create(OLD_TEST_TABLE_NAME);
+    auditConnector = new ZooKeeperInstance(accumulo.getInstanceName(), accumulo.getZooKeepers()).getConnector(AUDIT_USER_1,
PASSWORD_TOKEN);
+    
+    // Start testing activities
+    // We should get denied or / failed audit messages here.
+    // We don't want the thrown exceptions to stop our tests, and we are not testing that
the Exceptions are thrown.
+    
+    try {
+      auditConnector.tableOperations().create(NEW_TEST_TABLE_NAME);
+    } catch (AccumuloSecurityException ex) {}
+    try {
+      auditConnector.tableOperations().rename(OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME);
+    } catch (AccumuloSecurityException ex) {}
+    try {
+      auditConnector.tableOperations().clone(OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME, true,
Collections.EMPTY_MAP, Collections.EMPTY_SET);
+    } catch (AccumuloSecurityException ex) {}
+    try {
+      auditConnector.tableOperations().delete(OLD_TEST_TABLE_NAME);
+    } catch (AccumuloSecurityException ex) {}
+    try {
+      auditConnector.tableOperations().offline(OLD_TEST_TABLE_NAME);
+    } catch (AccumuloSecurityException ex) {}
+    try {
+      Scanner scanner = auditConnector.createScanner(OLD_TEST_TABLE_NAME, auths);
+      scanner.iterator().next().getKey();
+    } catch (RuntimeException ex) {}
+    try {
+      auditConnector.tableOperations().deleteRows(OLD_TEST_TABLE_NAME, new Text("myRow"),
new Text("myRow~"));
+    } catch (AccumuloSecurityException ex) {}
+    
+    // ... that will do for now.
+    // End of testing activities
+    
+    ArrayList<String> auditMessages = getAuditMessages("testDeniedAudits");
+    assertEquals(1,
+        findAuditMessage(auditMessages, "operation: denied;.*" + String.format(AuditedSecurityOperation.CAN_CREATE_TABLE_AUDIT_TEMPLATE,
NEW_TEST_TABLE_NAME))
+            .size());
+    assertEquals(
+        1,
+        findAuditMessage(auditMessages,
+            "operation: denied;.*" + String.format(AuditedSecurityOperation.CAN_RENAME_TABLE_AUDIT_TEMPLATE,
OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME)).size());
+    assertEquals(
+        1,
+        findAuditMessage(auditMessages,
+            "operation: denied;.*" + String.format(AuditedSecurityOperation.CAN_CLONE_TABLE_AUDIT_TEMPLATE,
OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME)).size());
+    assertEquals(1,
+        findAuditMessage(auditMessages, "operation: denied;.*" + String.format(AuditedSecurityOperation.CAN_DELETE_TABLE_AUDIT_TEMPLATE,
OLD_TEST_TABLE_NAME))
+            .size());
+    assertEquals(
+        1,
+        findAuditMessage(auditMessages,
+            "operation: denied;.*" + String.format(AuditedSecurityOperation.CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE,
"offlineTable", OLD_TEST_TABLE_NAME))
+            .size());
+    assertEquals(1, findAuditMessage(auditMessages, "operation: denied;.*" + "action: scan;
targetTable: " + OLD_TEST_TABLE_NAME).size());
+    assertEquals(
+        1,
+        findAuditMessage(auditMessages,
+            "operation: denied;.*" + String.format(AuditedSecurityOperation.CAN_DELETE_RANGE_AUDIT_TEMPLATE,
OLD_TEST_TABLE_NAME, "myRow", "myRow~")).size());
+  }
+  
+  @Test
+  public void testFailedAudits() throws AccumuloSecurityException, AccumuloException, TableExistsException,
TableNotFoundException, IOException,
+      InterruptedException {
+    
+    // Start testing activities
+    // Test that we get a few "failed" audit messages come through when we tell it to do
dumb stuff
+    // We don't want the thrown exceptions to stop our tests, and we are not testing that
the Exceptions are thrown.
+    try {
+      conn.securityOperations().dropLocalUser(AUDIT_USER_2);
+    } catch (AccumuloSecurityException ex) {}
+    try {
+      conn.securityOperations().revokeSystemPermission(AUDIT_USER_2, SystemPermission.ALTER_TABLE);
+    } catch (AccumuloSecurityException ex) {}
+    try {
+      conn.securityOperations().createLocalUser("root", new PasswordToken("super secret"));
+    } catch (AccumuloSecurityException ex) {}
+    ArrayList<String> auditMessages = getAuditMessages("testFailedAudits");
+    // ... that will do for now.
+    // End of testing activities
+    
+    assertEquals(1, findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.DROP_USER_AUDIT_TEMPLATE,
AUDIT_USER_2)).size());
+    assertEquals(
+        1,
+        findAuditMessage(auditMessages,
+            String.format(AuditedSecurityOperation.REVOKE_SYSTEM_PERMISSION_AUDIT_TEMPLATE,
SystemPermission.ALTER_TABLE, AUDIT_USER_2)).size());
+    assertEquals(1, findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CREATE_USER_AUDIT_TEMPLATE,
"root", "")).size());
+    
+  }
+
+  @AfterClass
+  public static void tearDownMiniCluster() throws Exception {
+    accumulo.stop();
+
+    // Comment this out to have a look at the logs, they will be in /tmp/junit*
+    folder.delete();
+  }
+}

Propchange: accumulo/trunk/test/src/test/java/org/apache/accumulo/test/AuditMessageTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: accumulo/trunk/test/src/test/resources/log4j.properties
URL: http://svn.apache.org/viewvc/accumulo/trunk/test/src/test/resources/log4j.properties?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/test/src/test/resources/log4j.properties (original)
+++ accumulo/trunk/test/src/test/resources/log4j.properties Tue Jun  4 19:54:19 2013
@@ -16,7 +16,7 @@
 log4j.rootLogger=INFO, CA
 log4j.appender.CA=org.apache.log4j.ConsoleAppender
 log4j.appender.CA.layout=org.apache.log4j.PatternLayout
-log4j.appender.CA.layout.ConversionPattern=%d{ISO8601} [%-8c{2}] %-5p: %m%n
+log4j.appender.CA.layout.ConversionPattern=%d{ISO8601} [%c{2}] %-5p: %m%n
 
 log4j.logger.org.apache.accumulo.core.client.impl.ServerClient=ERROR
 log4j.logger.org.apache.accumulo.core.util.shell.Shell.audit=off



Mime
View raw message