accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From els...@apache.org
Subject [08/26] git commit: ACCUMULO-2444 unit tests for a.o.o.core.security
Date Fri, 14 Mar 2014 21:11:34 GMT
ACCUMULO-2444 unit tests for a.o.o.core.security


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/c657c575
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/c657c575
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/c657c575

Branch: refs/heads/ACCUMULO-2061
Commit: c657c5758a1ab1224abc3377066699eaf826dd62
Parents: 6dd1bd3
Author: Mike Drob <mdrob@cloudera.com>
Authored: Mon Mar 10 10:20:36 2014 -0400
Committer: Mike Drob <mdrob@cloudera.com>
Committed: Wed Mar 12 16:12:57 2014 -0400

----------------------------------------------------------------------
 .../core/security/NamespacePermission.java      |   1 +
 .../core/security/ColumnVisibilityTest.java     |  34 +++++-
 .../core/security/NamespacePermissionsTest.java |  39 +++++++
 .../core/security/VisibilityConstraintTest.java | 106 +++++++++++++++++++
 4 files changed, 178 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/c657c575/core/src/main/java/org/apache/accumulo/core/security/NamespacePermission.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/security/NamespacePermission.java
b/core/src/main/java/org/apache/accumulo/core/security/NamespacePermission.java
index f9f7564..44cee0c 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/NamespacePermission.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/NamespacePermission.java
@@ -80,6 +80,7 @@ public enum NamespacePermission {
    * @throws IndexOutOfBoundsException
    *           if the byte ID is invalid
    */
+  // This method isn't used anywhere, why is it public API?
   public static NamespacePermission getPermissionById(byte id) {
     NamespacePermission result = mapping[id];
     if (result != null)

http://git-wip-us.apache.org/repos/asf/accumulo/blob/c657c575/core/src/test/java/org/apache/accumulo/core/security/ColumnVisibilityTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/accumulo/core/security/ColumnVisibilityTest.java
b/core/src/test/java/org/apache/accumulo/core/security/ColumnVisibilityTest.java
index 7a6a80d..931ff41 100644
--- a/core/src/test/java/org/apache/accumulo/core/security/ColumnVisibilityTest.java
+++ b/core/src/test/java/org/apache/accumulo/core/security/ColumnVisibilityTest.java
@@ -19,10 +19,16 @@ package org.apache.accumulo.core.security;
 import static org.apache.accumulo.core.security.ColumnVisibility.quote;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
+import java.util.Comparator;
+
+import org.apache.accumulo.core.Constants;
 import org.apache.accumulo.core.security.ColumnVisibility.Node;
+import org.apache.accumulo.core.security.ColumnVisibility.NodeComparator;
 import org.apache.accumulo.core.security.ColumnVisibility.NodeType;
+import org.apache.hadoop.io.Text;
 import org.junit.Test;
 
 public class ColumnVisibilityTest {
@@ -46,8 +52,14 @@ public class ColumnVisibilityTest {
   @Test
   public void testEmpty() {
     // empty visibility is valid
-    new ColumnVisibility();
-    new ColumnVisibility(new byte[0]);
+    ColumnVisibility a = new ColumnVisibility();
+    ColumnVisibility b = new ColumnVisibility(new byte[0]);
+    ColumnVisibility c = new ColumnVisibility("");
+    ColumnVisibility d = new ColumnVisibility(new Text());
+
+    assertEquals(a, b);
+    assertEquals(a, c);
+    assertEquals(a, d);
   }
 
   @Test
@@ -205,6 +217,24 @@ public class ColumnVisibilityTest {
     assertNode(node.getChildren().get(1).children.get(1), NodeType.TERM, 7, 8);
   }
 
+  @Test
+  public void testEmptyParseTreesAreEqual() {
+    Comparator<Node> comparator = new NodeComparator(new byte[] {});
+    Node empty = new ColumnVisibility().getParseTree();
+    assertEquals(0, comparator.compare(empty, parse("")));
+  }
+
+  @Test
+  public void testParseTreesOrdering() {
+    byte[] expression = "(b&c&d)|((a|m)&y&z)|(e&f)".getBytes(Constants.UTF8);
+    byte[] flattened = new ColumnVisibility(expression).flatten();
+
+    // Convert to String for indexOf convenience
+    String flat = new String(flattened, Constants.UTF8);
+    assertTrue("shortest expressions sort first", flat.indexOf('e') < flat.indexOf('|'));
+    assertTrue("shortest children sort first", flat.indexOf('b') < flat.indexOf('a'));
+  }
+
   private Node parse(String s) {
     ColumnVisibility v = new ColumnVisibility(s);
     return v.getParseTree();

http://git-wip-us.apache.org/repos/asf/accumulo/blob/c657c575/core/src/test/java/org/apache/accumulo/core/security/NamespacePermissionsTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/accumulo/core/security/NamespacePermissionsTest.java
b/core/src/test/java/org/apache/accumulo/core/security/NamespacePermissionsTest.java
new file mode 100644
index 0000000..223b3ca
--- /dev/null
+++ b/core/src/test/java/org/apache/accumulo/core/security/NamespacePermissionsTest.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.accumulo.core.security;
+
+import static org.junit.Assert.assertTrue;
+
+import java.util.EnumSet;
+
+import org.junit.Test;
+
+public class NamespacePermissionsTest {
+  @Test
+  public void testEnsureEquivalencies() {
+    EnumSet<NamespacePermission> set = EnumSet.allOf(NamespacePermission.class);
+
+    for (TablePermission permission : TablePermission.values()) {
+      set.remove(NamespacePermission.getEquivalent(permission));
+    }
+    for (SystemPermission permission : SystemPermission.values()) {
+      set.remove(NamespacePermission.getEquivalent(permission));
+    }
+
+    assertTrue("All namespace permissions should have equivalent table or system permissions.",
set.isEmpty());
+  }
+}

http://git-wip-us.apache.org/repos/asf/accumulo/blob/c657c575/core/src/test/java/org/apache/accumulo/core/security/VisibilityConstraintTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/accumulo/core/security/VisibilityConstraintTest.java
b/core/src/test/java/org/apache/accumulo/core/security/VisibilityConstraintTest.java
new file mode 100644
index 0000000..de6ca21
--- /dev/null
+++ b/core/src/test/java/org/apache/accumulo/core/security/VisibilityConstraintTest.java
@@ -0,0 +1,106 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.accumulo.core.security;
+
+import static org.easymock.EasyMock.createMock;
+import static org.easymock.EasyMock.createNiceMock;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.replay;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+
+import java.util.Arrays;
+import java.util.List;
+
+import org.apache.accumulo.core.Constants;
+import org.apache.accumulo.core.constraints.Constraint.Environment;
+import org.apache.accumulo.core.data.ArrayByteSequence;
+import org.apache.accumulo.core.data.Mutation;
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Test;
+
+public class VisibilityConstraintTest {
+
+  VisibilityConstraint vc;
+  Environment env;
+  Mutation mutation;
+
+  static final ColumnVisibility good = new ColumnVisibility("good");
+  static final ColumnVisibility bad = new ColumnVisibility("bad");
+
+  static final String D = "don't care";
+
+  static final List<Short> ENOAUTH = Arrays.asList((short) 2);
+
+  /**
+   * @throws java.lang.Exception
+   */
+  @Before
+  public void setUp() throws Exception {
+    vc = new VisibilityConstraint();
+    mutation = new Mutation("r");
+
+    ArrayByteSequence bs = new ArrayByteSequence("good".getBytes(Constants.UTF8));
+
+    AuthorizationContainer ac = createNiceMock(AuthorizationContainer.class);
+    expect(ac.contains(bs)).andReturn(true);
+    replay(ac);
+
+    env = createMock(Environment.class);
+    expect(env.getAuthorizationsContainer()).andReturn(ac);
+    replay(env);
+  }
+
+  @Test
+  public void testNoVisibility() {
+    mutation.put(D, D, D);
+    assertNull("authorized", vc.check(env, mutation));
+  }
+
+  @Test
+  public void testVisibilityNoAuth() {
+    mutation.put(D, D, bad, D);
+    assertEquals("unauthorized", ENOAUTH, vc.check(env, mutation));
+  }
+
+  @Test
+  public void testGoodVisibilityAuth() {
+    mutation.put(D, D, good, D);
+    assertNull("authorized", vc.check(env, mutation));
+  }
+
+  @Test
+  public void testCachedVisibilities() {
+    mutation.put(D, D, good, "v");
+    mutation.put(D, D, good, "v2");
+    assertNull("authorized", vc.check(env, mutation));
+  }
+
+  @Test
+  public void testMixedVisibilities() {
+    mutation.put(D, D, bad, D);
+    mutation.put(D, D, good, D);
+    assertEquals("unauthorized", ENOAUTH, vc.check(env, mutation));
+  }
+
+  @Test
+  @Ignore
+  public void testMalformedVisibility() {
+    // TODO: ACCUMULO-1006 Should test for returning error code 1, but not sure how since
ColumnVisibility won't let us construct a bad one in the first place
+  }
+}


Mime
View raw message