github-advanced-security[bot] commented on code in PR #19136: URL: https://github.com/apache/druid/pull/19136#discussion_r2920885599
########## embedded-tests/src/test/java/org/apache/druid/testing/embedded/server/EmbeddedBrokerDynamicConfigTest.java: ########## @@ -0,0 +1,166 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.druid.testing.embedded.server; + +import com.google.common.collect.ImmutableSet; +import org.apache.druid.common.utils.IdUtils; +import org.apache.druid.indexing.common.task.TaskBuilder; +import org.apache.druid.server.QueryBlocklistRule; +import org.apache.druid.server.broker.BrokerDynamicConfig; +import org.apache.druid.server.http.BrokerDynamicConfigSyncer; +import org.apache.druid.testing.embedded.EmbeddedBroker; +import org.apache.druid.testing.embedded.EmbeddedCoordinator; +import org.apache.druid.testing.embedded.EmbeddedDruidCluster; +import org.apache.druid.testing.embedded.EmbeddedHistorical; +import org.apache.druid.testing.embedded.EmbeddedIndexer; +import org.apache.druid.testing.embedded.EmbeddedOverlord; +import org.apache.druid.testing.embedded.indexing.Resources; +import org.apache.druid.testing.embedded.junit5.EmbeddedClusterTestBase; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.Timeout; + +import java.util.List; + +/** + * Integration test for broker dynamic configuration, covering {@code queryBlocklist} + * and {@code blacklistedDataNodes} features. + */ +public class EmbeddedBrokerDynamicConfigTest extends EmbeddedClusterTestBase +{ + private final EmbeddedCoordinator coordinator = new EmbeddedCoordinator(); + private final EmbeddedOverlord overlord = new EmbeddedOverlord(); + private final EmbeddedIndexer indexer = new EmbeddedIndexer(); + private final EmbeddedHistorical historical = new EmbeddedHistorical(); + private final EmbeddedBroker broker = new EmbeddedBroker(); + + @Override + protected EmbeddedDruidCluster createCluster() + { + indexer.addProperty("druid.segment.handoff.pollDuration", "PT0.1s"); + + return EmbeddedDruidCluster.withEmbeddedDerbyAndZookeeper() + .useLatchableEmitter() + .addServer(overlord) + .addServer(coordinator) + .addServer(indexer) + .addServer(historical) + .addServer(broker); + } + + @BeforeAll + @Override + public void setup() throws Exception + { + super.setup(); + ingestData(); + cluster.callApi().waitForAllSegmentsToBeAvailable(dataSource, coordinator, broker); + } + + @Test + @Timeout(30) + public void testQueryBlocklistBlocksMatchingQueries() + { + // Baseline: query succeeds before blocklist is applied + String initialResult = cluster.callApi().runSql("SELECT COUNT(*) FROM %s", dataSource); + Assertions.assertFalse(initialResult.isBlank()); + + // Apply blocklist rule that matches all queries on this datasource + QueryBlocklistRule blockRule = new QueryBlocklistRule( + "block-test-datasource", + ImmutableSet.of(dataSource), + null, + null + ); + updateBrokerDynamicConfig( + BrokerDynamicConfig.builder() + .withQueryBlocklist(List.of(blockRule)) + .build() + ); + + // Query should now throw due to FORBIDDEN blocklist rule + Assertions.assertThrows( + RuntimeException.class, + () -> cluster.callApi().runSql("SELECT COUNT(*) FROM %s", dataSource) + ); + + // Clear the blocklist and verify queries resume + updateBrokerDynamicConfig(BrokerDynamicConfig.builder().build()); + String finalResult = cluster.callApi().runSql("SELECT COUNT(*) FROM %s", dataSource); + Assertions.assertFalse(finalResult.isBlank()); + } + + @Test + @Timeout(30) + public void testBlacklistedDataNodesExcludesNodesFromQueryRouting() + { + // Baseline: query returns data + String initialResult = cluster.callApi().runSql("SELECT COUNT(*) FROM %s", dataSource); + int initialCount = Integer.parseInt(initialResult.trim()); + Assertions.assertTrue(initialCount > 0, "Expected non-zero row count before blacklisting"); + + // Blacklist the historical node + String historicalHostAndPort = historical.bindings().selfNode().getHostAndPort(); + updateBrokerDynamicConfig( + BrokerDynamicConfig.builder() + .withBlacklistedDataNodes(ImmutableSet.of(historicalHostAndPort)) + .build() + ); + + // No servers are available for any segment, so the broker returns 0 + String blacklistedResult = cluster.callApi().runSql("SELECT COUNT(*) FROM %s", dataSource); + int blacklistedCount = Integer.parseInt(blacklistedResult.trim()); + Assertions.assertEquals(0, blacklistedCount, "Expected 0 rows when historical is blacklisted"); + + // Clear the blacklist and verify data is accessible again + updateBrokerDynamicConfig(BrokerDynamicConfig.builder().build()); + String restoredResult = cluster.callApi().runSql("SELECT COUNT(*) FROM %s", dataSource); + int restoredCount = Integer.parseInt(restoredResult.trim()); Review Comment: ## Missing catch of NumberFormatException Potential uncaught 'java.lang.NumberFormatException'. [Show more details](https://github.com/apache/druid/security/code-scanning/10881) ########## embedded-tests/src/test/java/org/apache/druid/testing/embedded/server/EmbeddedBrokerDynamicConfigTest.java: ########## @@ -0,0 +1,166 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.druid.testing.embedded.server; + +import com.google.common.collect.ImmutableSet; +import org.apache.druid.common.utils.IdUtils; +import org.apache.druid.indexing.common.task.TaskBuilder; +import org.apache.druid.server.QueryBlocklistRule; +import org.apache.druid.server.broker.BrokerDynamicConfig; +import org.apache.druid.server.http.BrokerDynamicConfigSyncer; +import org.apache.druid.testing.embedded.EmbeddedBroker; +import org.apache.druid.testing.embedded.EmbeddedCoordinator; +import org.apache.druid.testing.embedded.EmbeddedDruidCluster; +import org.apache.druid.testing.embedded.EmbeddedHistorical; +import org.apache.druid.testing.embedded.EmbeddedIndexer; +import org.apache.druid.testing.embedded.EmbeddedOverlord; +import org.apache.druid.testing.embedded.indexing.Resources; +import org.apache.druid.testing.embedded.junit5.EmbeddedClusterTestBase; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.Timeout; + +import java.util.List; + +/** + * Integration test for broker dynamic configuration, covering {@code queryBlocklist} + * and {@code blacklistedDataNodes} features. + */ +public class EmbeddedBrokerDynamicConfigTest extends EmbeddedClusterTestBase +{ + private final EmbeddedCoordinator coordinator = new EmbeddedCoordinator(); + private final EmbeddedOverlord overlord = new EmbeddedOverlord(); + private final EmbeddedIndexer indexer = new EmbeddedIndexer(); + private final EmbeddedHistorical historical = new EmbeddedHistorical(); + private final EmbeddedBroker broker = new EmbeddedBroker(); + + @Override + protected EmbeddedDruidCluster createCluster() + { + indexer.addProperty("druid.segment.handoff.pollDuration", "PT0.1s"); + + return EmbeddedDruidCluster.withEmbeddedDerbyAndZookeeper() + .useLatchableEmitter() + .addServer(overlord) + .addServer(coordinator) + .addServer(indexer) + .addServer(historical) + .addServer(broker); + } + + @BeforeAll + @Override + public void setup() throws Exception + { + super.setup(); + ingestData(); + cluster.callApi().waitForAllSegmentsToBeAvailable(dataSource, coordinator, broker); + } + + @Test + @Timeout(30) + public void testQueryBlocklistBlocksMatchingQueries() + { + // Baseline: query succeeds before blocklist is applied + String initialResult = cluster.callApi().runSql("SELECT COUNT(*) FROM %s", dataSource); + Assertions.assertFalse(initialResult.isBlank()); + + // Apply blocklist rule that matches all queries on this datasource + QueryBlocklistRule blockRule = new QueryBlocklistRule( + "block-test-datasource", + ImmutableSet.of(dataSource), + null, + null + ); + updateBrokerDynamicConfig( + BrokerDynamicConfig.builder() + .withQueryBlocklist(List.of(blockRule)) + .build() + ); + + // Query should now throw due to FORBIDDEN blocklist rule + Assertions.assertThrows( + RuntimeException.class, + () -> cluster.callApi().runSql("SELECT COUNT(*) FROM %s", dataSource) + ); + + // Clear the blocklist and verify queries resume + updateBrokerDynamicConfig(BrokerDynamicConfig.builder().build()); + String finalResult = cluster.callApi().runSql("SELECT COUNT(*) FROM %s", dataSource); + Assertions.assertFalse(finalResult.isBlank()); + } + + @Test + @Timeout(30) + public void testBlacklistedDataNodesExcludesNodesFromQueryRouting() + { + // Baseline: query returns data + String initialResult = cluster.callApi().runSql("SELECT COUNT(*) FROM %s", dataSource); + int initialCount = Integer.parseInt(initialResult.trim()); + Assertions.assertTrue(initialCount > 0, "Expected non-zero row count before blacklisting"); + + // Blacklist the historical node + String historicalHostAndPort = historical.bindings().selfNode().getHostAndPort(); + updateBrokerDynamicConfig( + BrokerDynamicConfig.builder() + .withBlacklistedDataNodes(ImmutableSet.of(historicalHostAndPort)) + .build() + ); + + // No servers are available for any segment, so the broker returns 0 + String blacklistedResult = cluster.callApi().runSql("SELECT COUNT(*) FROM %s", dataSource); + int blacklistedCount = Integer.parseInt(blacklistedResult.trim()); Review Comment: ## Missing catch of NumberFormatException Potential uncaught 'java.lang.NumberFormatException'. [Show more details](https://github.com/apache/druid/security/code-scanning/10880) ########## embedded-tests/src/test/java/org/apache/druid/testing/embedded/server/EmbeddedBrokerDynamicConfigTest.java: ########## @@ -0,0 +1,166 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.druid.testing.embedded.server; + +import com.google.common.collect.ImmutableSet; +import org.apache.druid.common.utils.IdUtils; +import org.apache.druid.indexing.common.task.TaskBuilder; +import org.apache.druid.server.QueryBlocklistRule; +import org.apache.druid.server.broker.BrokerDynamicConfig; +import org.apache.druid.server.http.BrokerDynamicConfigSyncer; +import org.apache.druid.testing.embedded.EmbeddedBroker; +import org.apache.druid.testing.embedded.EmbeddedCoordinator; +import org.apache.druid.testing.embedded.EmbeddedDruidCluster; +import org.apache.druid.testing.embedded.EmbeddedHistorical; +import org.apache.druid.testing.embedded.EmbeddedIndexer; +import org.apache.druid.testing.embedded.EmbeddedOverlord; +import org.apache.druid.testing.embedded.indexing.Resources; +import org.apache.druid.testing.embedded.junit5.EmbeddedClusterTestBase; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.Timeout; + +import java.util.List; + +/** + * Integration test for broker dynamic configuration, covering {@code queryBlocklist} + * and {@code blacklistedDataNodes} features. + */ +public class EmbeddedBrokerDynamicConfigTest extends EmbeddedClusterTestBase +{ + private final EmbeddedCoordinator coordinator = new EmbeddedCoordinator(); + private final EmbeddedOverlord overlord = new EmbeddedOverlord(); + private final EmbeddedIndexer indexer = new EmbeddedIndexer(); + private final EmbeddedHistorical historical = new EmbeddedHistorical(); + private final EmbeddedBroker broker = new EmbeddedBroker(); + + @Override + protected EmbeddedDruidCluster createCluster() + { + indexer.addProperty("druid.segment.handoff.pollDuration", "PT0.1s"); + + return EmbeddedDruidCluster.withEmbeddedDerbyAndZookeeper() + .useLatchableEmitter() + .addServer(overlord) + .addServer(coordinator) + .addServer(indexer) + .addServer(historical) + .addServer(broker); + } + + @BeforeAll + @Override + public void setup() throws Exception + { + super.setup(); + ingestData(); + cluster.callApi().waitForAllSegmentsToBeAvailable(dataSource, coordinator, broker); + } + + @Test + @Timeout(30) + public void testQueryBlocklistBlocksMatchingQueries() + { + // Baseline: query succeeds before blocklist is applied + String initialResult = cluster.callApi().runSql("SELECT COUNT(*) FROM %s", dataSource); + Assertions.assertFalse(initialResult.isBlank()); + + // Apply blocklist rule that matches all queries on this datasource + QueryBlocklistRule blockRule = new QueryBlocklistRule( + "block-test-datasource", + ImmutableSet.of(dataSource), + null, + null + ); + updateBrokerDynamicConfig( + BrokerDynamicConfig.builder() + .withQueryBlocklist(List.of(blockRule)) + .build() + ); + + // Query should now throw due to FORBIDDEN blocklist rule + Assertions.assertThrows( + RuntimeException.class, + () -> cluster.callApi().runSql("SELECT COUNT(*) FROM %s", dataSource) + ); + + // Clear the blocklist and verify queries resume + updateBrokerDynamicConfig(BrokerDynamicConfig.builder().build()); + String finalResult = cluster.callApi().runSql("SELECT COUNT(*) FROM %s", dataSource); + Assertions.assertFalse(finalResult.isBlank()); + } + + @Test + @Timeout(30) + public void testBlacklistedDataNodesExcludesNodesFromQueryRouting() + { + // Baseline: query returns data + String initialResult = cluster.callApi().runSql("SELECT COUNT(*) FROM %s", dataSource); + int initialCount = Integer.parseInt(initialResult.trim()); Review Comment: ## Missing catch of NumberFormatException Potential uncaught 'java.lang.NumberFormatException'. [Show more details](https://github.com/apache/druid/security/code-scanning/10879) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
