This is an automated email from the ASF dual-hosted git repository. geniuspig pushed a commit to branch refactor_auth_test in repository https://gitbox.apache.org/repos/asf/iotdb.git
commit c1ce1230c808852746f8b6d6d7a8297a7cf81080 Author: Boris <[email protected]> AuthorDate: Tue Dec 15 18:17:25 2020 +0800 add test. --- .../org/apache/iotdb/db/auth/AuthException.java | 5 - .../iotdb/db/auth/authorizer/BasicAuthorizer.java | 2 +- .../db/auth/authorizer/LocalFileAuthorizer.java | 2 +- .../iotdb/db/auth/authorizer/OpenIdAuthorizer.java | 10 +- .../apache/iotdb/db/auth/AuthorityCheckerTest.java | 133 ++++++++++ .../{ => authorizer}/LocalFileAuthorizerTest.java | 295 ++++++++++----------- .../db/auth/authorizer/OpenIdAuthorizerTest.java | 103 ++++--- .../iotdb/db/auth/entity/PathPrivilegeTest.java} | 42 ++- .../org/apache/iotdb/db/auth/entity/RoleTest.java} | 43 ++- .../org/apache/iotdb/db/auth/entity/UserTest.java | 46 ++++ .../auth/{ => role}/LocalFileRoleAccessorTest.java | 13 +- .../auth/{ => role}/LocalFileRoleManagerTest.java | 45 ++-- .../auth/{ => user}/LocalFileUserAccessorTest.java | 13 +- .../auth/{ => user}/LocalFileUserManagerTest.java | 69 ++--- .../apache/iotdb/session/IoTDBSessionSimpleIT.java | 28 ++ 15 files changed, 536 insertions(+), 313 deletions(-) diff --git a/server/src/main/java/org/apache/iotdb/db/auth/AuthException.java b/server/src/main/java/org/apache/iotdb/db/auth/AuthException.java index c066de4..1410855 100644 --- a/server/src/main/java/org/apache/iotdb/db/auth/AuthException.java +++ b/server/src/main/java/org/apache/iotdb/db/auth/AuthException.java @@ -37,9 +37,4 @@ public class AuthException extends Exception { super(cause); } - protected AuthException(String message, Throwable cause, boolean enableSuppression, - boolean writableStackTrace) { - super(message, cause, enableSuppression, writableStackTrace); - } - } diff --git a/server/src/main/java/org/apache/iotdb/db/auth/authorizer/BasicAuthorizer.java b/server/src/main/java/org/apache/iotdb/db/auth/authorizer/BasicAuthorizer.java index d162a04..68d0bed 100644 --- a/server/src/main/java/org/apache/iotdb/db/auth/authorizer/BasicAuthorizer.java +++ b/server/src/main/java/org/apache/iotdb/db/auth/authorizer/BasicAuthorizer.java @@ -81,7 +81,7 @@ public abstract class BasicAuthorizer implements IAuthorizer, IService { private static IAuthorizer instance; static { - Class<BasicAuthorizer> c = null; + Class<BasicAuthorizer> c; try { c = (Class<BasicAuthorizer>) Class.forName(IoTDBDescriptor.getInstance().getConfig().getAuthorizerProvider()); logger.info("Authorizer provider class: {}", IoTDBDescriptor.getInstance().getConfig().getAuthorizerProvider()); diff --git a/server/src/main/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizer.java b/server/src/main/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizer.java index b040fcf..93636b4 100644 --- a/server/src/main/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizer.java +++ b/server/src/main/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizer.java @@ -28,7 +28,7 @@ import org.apache.iotdb.db.conf.IoTDBDescriptor; public class LocalFileAuthorizer extends BasicAuthorizer { - private static IoTDBConfig config = IoTDBDescriptor.getInstance().getConfig(); + private static final IoTDBConfig config = IoTDBDescriptor.getInstance().getConfig(); public LocalFileAuthorizer() throws AuthException { super(new LocalFileUserManager(config.getSystemDir() + File.separator + "users"), diff --git a/server/src/main/java/org/apache/iotdb/db/auth/authorizer/OpenIdAuthorizer.java b/server/src/main/java/org/apache/iotdb/db/auth/authorizer/OpenIdAuthorizer.java index c2d6f55..9b1070e 100644 --- a/server/src/main/java/org/apache/iotdb/db/auth/authorizer/OpenIdAuthorizer.java +++ b/server/src/main/java/org/apache/iotdb/db/auth/authorizer/OpenIdAuthorizer.java @@ -59,12 +59,12 @@ public class OpenIdAuthorizer extends BasicAuthorizer { public static final String IOTDB_ADMIN_ROLE_NAME = "iotdb_admin"; public static final String OPENID_USER_PREFIX = "openid-"; - private static IoTDBConfig config = IoTDBDescriptor.getInstance().getConfig(); + private static final IoTDBConfig config = IoTDBDescriptor.getInstance().getConfig(); - private RSAPublicKey providerKey; + private final RSAPublicKey providerKey; /** Stores all claims to the respective user */ - private Map<String, Claims> loggedClaims = new HashMap<>(); + private final Map<String, Claims> loggedClaims = new HashMap<>(); public OpenIdAuthorizer() throws AuthException, ParseException, IOException, URISyntaxException { this(config.getOpenIdProviderUrl()); @@ -82,10 +82,10 @@ public class OpenIdAuthorizer extends BasicAuthorizer { } OpenIdAuthorizer(String providerUrl) throws AuthException, URISyntaxException, ParseException, IOException { - this(getJWKfromProvider(providerUrl)); + this(getJWKFromProvider(providerUrl)); } - private static JSONObject getJWKfromProvider(String providerUrl) throws URISyntaxException, IOException, ParseException, AuthException { + private static JSONObject getJWKFromProvider(String providerUrl) throws URISyntaxException, IOException, ParseException, AuthException { if (providerUrl == null) { throw new IllegalArgumentException("OpenID Connect Provider URI must be given!"); } diff --git a/server/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java b/server/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java new file mode 100644 index 0000000..7017712 --- /dev/null +++ b/server/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java @@ -0,0 +1,133 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.iotdb.db.auth; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; +import org.apache.iotdb.db.auth.authorizer.BasicAuthorizer; +import org.apache.iotdb.db.auth.authorizer.IAuthorizer; +import org.apache.iotdb.db.auth.entity.PathPrivilege; +import org.apache.iotdb.db.auth.entity.User; +import org.apache.iotdb.db.exception.metadata.IllegalPathException; +import org.apache.iotdb.db.metadata.PartialPath; +import org.apache.iotdb.db.qp.logical.Operator.OperatorType; +import org.apache.iotdb.db.utils.EnvironmentUtils; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; + +public class AuthorityCheckerTest { + + IAuthorizer authorizer; + User user; + String nodeName = "root.laptop.d1"; + String roleName = "role"; + + + @Before + public void setUp() throws Exception { + EnvironmentUtils.envSetUp(); + authorizer = BasicAuthorizer.getInstance(); + user = new User("user", "password"); + } + + @After + public void tearDown() throws Exception { + EnvironmentUtils.cleanEnv(); + } + + @Test + public void test() throws AuthException, IllegalPathException { + authorizer.createUser(user.getName(), user.getPassword()); + authorizer.grantPrivilegeToUser(user.getName(), nodeName, 1); + PathPrivilege pathPrivilege = new PathPrivilege(); + Set<Integer> set = new HashSet<>(); + set.add(1); + pathPrivilege.setPrivileges(set); + + Assert.assertTrue( + AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.INSERT, user.getName())); + + Assert.assertTrue(AuthorityChecker.check("root", null, null, null)); + + Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.CREATE_ROLE, user.getName())); + + Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.QUERY, user.getName())); + + Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.UPDATE, user.getName())); + + Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.DROP_INDEX, user.getName())); + + Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.UNION, user.getName())); + + Assert.assertFalse(AuthorityChecker.check(user.getName(), new ArrayList<>(), + OperatorType.INSERT, user.getName())); + + Assert.assertTrue(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.MODIFY_PASSWORD, user.getName())); + + Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.GRANT_USER_PRIVILEGE, user.getName())); + + Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.GRANT_ROLE_PRIVILEGE, user.getName())); + + Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.REVOKE_USER_PRIVILEGE, user.getName())); + + Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.REVOKE_ROLE_PRIVILEGE, user.getName())); + + Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.REVOKE_ROLE_PRIVILEGE, user.getName())); + + Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.GRANT_USER_ROLE, user.getName())); + + Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.DELETE_USER, user.getName())); + + Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.DELETE_ROLE, user.getName())); + + Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.LIST_ROLE, user.getName())); + + Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.LIST_USER, user.getName())); + + Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.SET_STORAGE_GROUP, user.getName())); + + Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.CREATE_TIMESERIES, user.getName())); + + Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)), + OperatorType.DELETE_TIMESERIES, user.getName())); + } +} diff --git a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileAuthorizerTest.java b/server/src/test/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizerTest.java similarity index 52% rename from server/src/test/java/org/apache/iotdb/db/auth/LocalFileAuthorizerTest.java rename to server/src/test/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizerTest.java index 485bb5b..50b940c 100644 --- a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileAuthorizerTest.java +++ b/server/src/test/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizerTest.java @@ -16,29 +16,37 @@ * specific language governing permissions and limitations * under the License. */ -package org.apache.iotdb.db.auth; +package org.apache.iotdb.db.auth.authorizer; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; +import java.util.HashMap; import java.util.List; import java.util.Set; -import org.apache.iotdb.db.auth.authorizer.IAuthorizer; -import org.apache.iotdb.db.auth.authorizer.BasicAuthorizer; +import org.apache.iotdb.db.auth.AuthException; +import org.apache.iotdb.db.auth.entity.Role; import org.apache.iotdb.db.auth.entity.User; import org.apache.iotdb.db.conf.IoTDBConstant; import org.apache.iotdb.db.utils.EnvironmentUtils; import org.junit.After; +import org.junit.Assert; import org.junit.Before; import org.junit.Test; public class LocalFileAuthorizerTest { + IAuthorizer authorizer; + User user; + String nodeName = "root.laptop.d1"; + String roleName = "role"; + @Before public void setUp() throws Exception { EnvironmentUtils.envSetUp(); + authorizer = BasicAuthorizer.getInstance(); + user = new User("user", "password"); } @After @@ -47,68 +55,38 @@ public class LocalFileAuthorizerTest { } @Test - public void testAuthorizer() throws AuthException { - - IAuthorizer authorizer = BasicAuthorizer.getInstance(); - /* - * login - */ - try { - authorizer.login("root", "root"); - } catch (AuthException e) { - e.printStackTrace(); - fail(e.getMessage()); - } + public void testLogin() throws AuthException { + Assert.assertTrue(authorizer.login("root", "root")); + Assert.assertFalse(authorizer.login("root", "error")); + } - try { - authorizer.login("root", "error"); - } catch (AuthException e) { - assertEquals("The username or the password is not correct", e.getMessage()); - } - /* - * create user,delete user - */ - User user = new User("user", "password"); - try { - authorizer.createUser(user.getName(), user.getPassword()); - } catch (AuthException e) { - e.printStackTrace(); - fail(e.getMessage()); - } + @Test + public void createAndDeleteUser() throws AuthException { + authorizer.createUser(user.getName(), user.getPassword()); try { authorizer.createUser(user.getName(), user.getPassword()); } catch (AuthException e) { assertEquals("User user already exists", e.getMessage()); } - try { - authorizer.login(user.getName(), user.getPassword()); - } catch (AuthException e) { - e.printStackTrace(); - fail(e.getMessage()); - } - try { - authorizer.deleteUser(user.getName()); - } catch (AuthException e) { - e.printStackTrace(); - fail(e.getMessage()); - } + Assert.assertTrue(authorizer.login(user.getName(), user.getPassword())); + authorizer.deleteUser(user.getName()); try { authorizer.deleteUser(user.getName()); } catch (AuthException e) { assertEquals("User user does not exist", e.getMessage()); } - /* - * permission for user - */ - String nodeName = "root.laptop.d1"; try { - authorizer.createUser(user.getName(), user.getPassword()); - authorizer.grantPrivilegeToUser(user.getName(), nodeName, 1); + authorizer.deleteUser("root"); } catch (AuthException e) { - e.printStackTrace(); - fail(e.getMessage()); + assertEquals("Default administrator cannot be deleted", e.getMessage()); } + } + + @Test + public void testUserPermission() throws AuthException { + authorizer.createUser(user.getName(), user.getPassword()); + authorizer.grantPrivilegeToUser(user.getName(), nodeName, 1); try { authorizer.grantPrivilegeToUser(user.getName(), nodeName, 1); } catch (AuthException e) { @@ -119,85 +97,78 @@ public class LocalFileAuthorizerTest { } catch (AuthException e) { assertEquals("No such user error", e.getMessage()); } + try { - authorizer.revokePrivilegeFromUser(user.getName(), nodeName, 1); + authorizer.grantPrivilegeToUser("root", nodeName, 1); } catch (AuthException e) { - e.printStackTrace(); - fail(e.getMessage()); + Assert.assertEquals("Invalid operation, administrator already has all privileges", e.getMessage()); } + + try { + authorizer.grantPrivilegeToUser(user.getName(), nodeName, 100); + } catch (AuthException e) { + assertEquals("Invalid privilegeId 100", e.getMessage()); + } + + authorizer.revokePrivilegeFromUser(user.getName(), nodeName, 1); try { authorizer.revokePrivilegeFromUser(user.getName(), nodeName, 1); } catch (AuthException e) { assertEquals("User user does not have INSERT_TIMESERIES on root.laptop.d1", e.getMessage()); } + + try { + authorizer.revokePrivilegeFromUser(user.getName(), nodeName, 100); + } catch(AuthException e) { + assertEquals("Invalid privilegeId 100", e.getMessage()); + } + try { authorizer.deleteUser(user.getName()); authorizer.revokePrivilegeFromUser(user.getName(), nodeName, 1); } catch (AuthException e) { assertEquals("No such user user", e.getMessage()); } - /* - * role - */ - String roleName = "role"; + try { - authorizer.createRole(roleName); + authorizer.revokePrivilegeFromUser("root", "root", 1); } catch (AuthException e) { - e.printStackTrace(); - fail(e.getMessage()); + Assert.assertEquals("Invalid operation, administrator must have all privileges", e.getMessage()); } + } + + @Test + public void testCreateAndDeleteRole() throws AuthException { + authorizer.createRole(roleName); try { authorizer.createRole(roleName); } catch (AuthException e) { assertEquals("Role role already exists", e.getMessage()); } - - try { - authorizer.deleteRole(roleName); - } catch (AuthException e) { - e.printStackTrace(); - fail(e.getMessage()); - } + authorizer.deleteRole(roleName); try { authorizer.deleteRole(roleName); } catch (AuthException e) { assertEquals("Role role does not exist", e.getMessage()); } - /* - * role permission - */ - try { - authorizer.createRole(roleName); - authorizer.grantPrivilegeToRole(roleName, nodeName, 1); - } catch (AuthException e) { - e.printStackTrace(); - fail(e.getMessage()); - } + } + @Test + public void testRolePermission() throws AuthException { + authorizer.createRole(roleName); + authorizer.grantPrivilegeToRole(roleName, nodeName, 1); try { authorizer.grantPrivilegeToRole(roleName, nodeName, 1); } catch (AuthException e) { assertEquals("Role role already has INSERT_TIMESERIES on root.laptop.d1", e.getMessage()); } - - try { - authorizer.revokePrivilegeFromRole(roleName, nodeName, 1); - } catch (AuthException e1) { - fail(e1.getMessage()); - } + authorizer.revokePrivilegeFromRole(roleName, nodeName, 1); try { authorizer.revokePrivilegeFromRole(roleName, nodeName, 1); } catch (AuthException e) { assertEquals("Role role does not have INSERT_TIMESERIES on root.laptop.d1", e.getMessage()); } - - try { - authorizer.deleteRole(roleName); - } catch (AuthException e) { - e.printStackTrace(); - fail(e.getMessage()); - } - + authorizer.deleteRole(roleName); try { authorizer.revokePrivilegeFromRole(roleName, nodeName, 1); } catch (AuthException e) { @@ -208,70 +179,73 @@ public class LocalFileAuthorizerTest { } catch (AuthException e) { assertEquals("No such role role", e.getMessage()); } + } + + @Test + public void testUserRole() throws AuthException { + authorizer.createUser(user.getName(), user.getPassword()); + authorizer.createRole(roleName); + authorizer.grantRoleToUser(roleName, user.getName()); + authorizer.grantPrivilegeToUser(user.getName(), nodeName, 1); + authorizer.grantPrivilegeToRole(roleName, nodeName, 2); + authorizer.grantPrivilegeToRole(roleName, nodeName, 3); + + // a user can get all role permissions. + Set<Integer> permissions = authorizer.getPrivileges(user.getName(), nodeName); + assertEquals(3, permissions.size()); + assertTrue(permissions.contains(1)); + assertTrue(permissions.contains(2)); + assertTrue(permissions.contains(3)); + assertFalse(permissions.contains(4)); - /* - * user role - */ try { - authorizer.createUser(user.getName(), user.getPassword()); - authorizer.createRole(roleName); authorizer.grantRoleToUser(roleName, user.getName()); - } catch (AuthException e) { - e.printStackTrace(); - fail(e.getMessage()); - } - try { - authorizer.grantPrivilegeToUser(user.getName(), nodeName, 1); - authorizer.grantPrivilegeToRole(roleName, nodeName, 2); - authorizer.grantPrivilegeToRole(roleName, nodeName, 3); - } catch (AuthException e) { - e.printStackTrace(); - fail(e.getMessage()); - } - try { - Set<Integer> permisssions = authorizer.getPrivileges(user.getName(), nodeName); - assertEquals(3, permisssions.size()); - assertTrue(permisssions.contains(1)); - assertTrue(permisssions.contains(2)); - assertTrue(permisssions.contains(3)); - assertFalse(permisssions.contains(4)); - } catch (AuthException e) { - e.printStackTrace(); - fail(e.getMessage()); - } - try { - authorizer.revokeRoleFromUser(roleName, user.getName()); - Set<Integer> permisssions = authorizer.getPrivileges(user.getName(), nodeName); - assertEquals(1, permisssions.size()); - assertTrue(permisssions.contains(1)); - assertFalse(permisssions.contains(2)); - } catch (AuthException e) { - e.printStackTrace(); - fail(e.getMessage()); - } - try { - authorizer.checkUserPrivileges(user.getName(), nodeName, 1); - } catch (AuthException e) { - fail(e.getMessage()); - } - try { - authorizer.checkUserPrivileges(user.getName(), nodeName, 2); - } catch (AuthException e) { - fail(e.getMessage()); - } - try { - authorizer.updateUserPassword(user.getName(), "newPassword"); - authorizer.login(user.getName(), "newPassword"); - } catch (AuthException e) { - e.printStackTrace(); - fail(e.getMessage()); - } + } catch(AuthException e) { + Assert.assertEquals("User user already has role role", e.getMessage()); + } + // revoke a role from a user, the user will lose all role's permission + authorizer.revokeRoleFromUser(roleName, user.getName()); + Set<Integer> revokeRolePermissions = authorizer.getPrivileges(user.getName(), nodeName); + assertEquals(1, revokeRolePermissions.size()); + assertTrue(revokeRolePermissions.contains(1)); + assertFalse(revokeRolePermissions.contains(2)); + + //check the users' permission again + Assert.assertTrue(authorizer.checkUserPrivileges(user.getName(), nodeName, 1)); + Assert.assertFalse(authorizer.checkUserPrivileges(user.getName(), nodeName, 2)); + try { - authorizer.deleteUser(user.getName()); - authorizer.deleteRole(roleName); + authorizer.grantRoleToUser("role1", user.getName()); } catch (AuthException e) { - e.printStackTrace(); + Assert.assertEquals("No such role : role1", e.getMessage()); } + + } + + @Test + public void testUpdatePassword() throws AuthException { + authorizer.createUser(user.getName(), user.getPassword()); + authorizer.updateUserPassword(user.getName(), "newPassword"); + Assert.assertTrue(authorizer.login(user.getName(), "newPassword")); + } + + @Test + public void testUserWaterMark() throws AuthException { + authorizer.setUserUseWaterMark("root", true); + assertTrue(authorizer.getAllUserWaterMarkStatus().get("root")); + Assert.assertTrue(authorizer.isUserUseWaterMark("root")); + } + + @Test + public void testGetAllUsersAndRoles() throws AuthException { + authorizer.createUser("user0", "user"); + authorizer.createUser("user1", "user1"); + authorizer.createUser("user2", "user2"); + authorizer.createRole("role0"); + authorizer.createRole("role1"); + authorizer.createRole("role2"); + Assert.assertEquals(4, authorizer.getAllUsers().size()); + Assert.assertEquals(3, authorizer.getAllRoles().size()); } @Test @@ -334,4 +308,25 @@ public class LocalFileAuthorizerTest { } } } + + @Test + public void testReplaceAllUsers() throws AuthException { + IAuthorizer authorizer = BasicAuthorizer.getInstance(); + Assert.assertEquals("root", authorizer.listAllUsers().get(0)); + User user = new User("user", "user"); + HashMap<String, User> users = new HashMap<>(); + users.put("user", user); + authorizer.replaceAllUsers(users); + Assert.assertEquals("user", authorizer.listAllUsers().get(1)); + } + + @Test + public void testReplaceAllRole() throws AuthException { + IAuthorizer authorizer = BasicAuthorizer.getInstance(); + Role role = new Role("role"); + HashMap<String, Role> roles = new HashMap<>(); + roles.put("role", role); + authorizer.replaceAllRoles(roles); + Assert.assertEquals("role", authorizer.listAllRoles().get(0)); + } } diff --git a/server/src/test/java/org/apache/iotdb/db/auth/authorizer/OpenIdAuthorizerTest.java b/server/src/test/java/org/apache/iotdb/db/auth/authorizer/OpenIdAuthorizerTest.java index aa373ca..f0bde26 100644 --- a/server/src/test/java/org/apache/iotdb/db/auth/authorizer/OpenIdAuthorizerTest.java +++ b/server/src/test/java/org/apache/iotdb/db/auth/authorizer/OpenIdAuthorizerTest.java @@ -20,7 +20,10 @@ package org.apache.iotdb.db.auth.authorizer; import com.nimbusds.oauth2.sdk.ParseException; import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; +import net.minidev.json.JSONObject; import org.apache.iotdb.db.auth.AuthException; +import org.apache.iotdb.db.conf.IoTDBConfig; +import org.apache.iotdb.db.conf.IoTDBDescriptor; import org.junit.Ignore; import org.junit.Test; @@ -32,49 +35,63 @@ import static org.junit.Assert.assertTrue; public class OpenIdAuthorizerTest { - private static final String OPEN_ID_PUBLIC_JWK = "{\"kty\":\"RSA\",\"x5t#S256\":\"TZFbbj6HsRU28HYvrcVnDs03KreV3DE24-Cxb9EPdS4\",\"e\":\"AQAB\",\"use\":\"sig\",\"x5t\":\"l_N2UlC_a624iu5eYFypnB1Wr20\",\"kid\":\"q1-Wm0ozQ5O0mQH8-SJap2ZcN4MmucWwnQWKYxZJ4ow\",\"x5c\":[\"MIICmTCCAYECBgFyRdXW2DANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVJb1REQjAeFw0yMDA1MjQwODM3MjJaFw0zMDA1MjQwODM5MDJaMBAxDjAMBgNVBAMMBUlvVERCMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozDCZTVc9946VvhZ6E\\/OP8Yx6tJe0i9GR2Q9jR9S3jQo [...] + private static final String OPEN_ID_PUBLIC_JWK = "{\"kty\":\"RSA\",\"x5t#S256\":\"TZFbbj6HsRU28HYvrcVnDs03KreV3DE24-Cxb9EPdS4\",\"e\":\"AQAB\",\"use\":\"sig\",\"x5t\":\"l_N2UlC_a624iu5eYFypnB1Wr20\",\"kid\":\"q1-Wm0ozQ5O0mQH8-SJap2ZcN4MmucWwnQWKYxZJ4ow\",\"x5c\":[\"MIICmTCCAYECBgFyRdXW2DANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVJb1REQjAeFw0yMDA1MjQwODM3MjJaFw0zMDA1MjQwODM5MDJaMBAxDjAMBgNVBAMMBUlvVERCMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozDCZTVc9946VvhZ6E\\/OP8Yx6tJe0i9GR2Q9jR9S3jQoo0 [...] + private static final IoTDBConfig config = IoTDBDescriptor.getInstance().getConfig(); + + @Test + public void loginWithJWT() throws AuthException, ParseException, URISyntaxException { + String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxMS1XbTBvelE1TzBtUUg4LVNKYXAyWmNONE1tdWNXd25RV0tZeFpKNG93In0.eyJleHAiOjE1OTAzMTcxNzYsImlhdCI6MTU5MDMxNjg3NiwianRpIjoiY2MyNWQ3MDAtYjc5NC00OTA4LTg0OGUtOTRhNzYzNmM5YzQxIiwiaXNzIjoiaHR0cDovL2F1dGguZGVtby5wcmFnbWF0aWNpbmR1c3RyaWVzLmRlL2F1dGgvcmVhbG1zL0lvVERCIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6Ijg2YWRmNGIzLWE4ZTUtNDc1NC1iNWEwLTQ4OGI0OWY0M2VkMiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImlvdGRiIiwic2Vzc2lvbl9zdGF0ZSI6Ijk0ZmI5NGZjLTg3YTMtNDg4Ny [...] + + OpenIdAuthorizer authorizer = new OpenIdAuthorizer(JSONObjectUtils.parse(OPEN_ID_PUBLIC_JWK)); + boolean login = authorizer.login(jwt, null); + + assertTrue(login); + } + + @Test + public void isAdmin_hasAccess() + throws AuthException, ParseException { + // IOTDB_ADMIN = true + String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxMS1XbTBvelE1TzBtUUg4LVNKYXAyWmNONE1tdWNXd25RV0tZeFpKNG93In0.eyJleHAiOjE1OTAzMjM5MjgsImlhdCI6MTU5MDMyMzYyOCwianRpIjoiZGQ5ZDZhNmItZjgzOC00Mjk3LTg5YWUtMjdlZTgxNzVhMThiIiwiaXNzIjoiaHR0cDovL2F1dGguZGVtby5wcmFnbWF0aWNpbmR1c3RyaWVzLmRlL2F1dGgvcmVhbG1zL0lvVERCIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6ImJhMzJlNDcxLWM3NzItNGIzMy04ZGE2LTZmZThhY2RhMDA3MyIsInR5cCI6IkJlYXJlciIsImF6cCI6ImlvdGRiIiwic2Vzc2lvbl9zdGF0ZSI6IjViZDRhNmM5LTBmYzItNGIxMy [...] + + OpenIdAuthorizer authorizer = new OpenIdAuthorizer(JSONObjectUtils.parse(OPEN_ID_PUBLIC_JWK)); + boolean admin = authorizer.isAdmin(jwt); + + assertTrue(admin); + } + + @Test + public void isAdmin_noAdminClaim() + throws AuthException, ParseException { + // IOTDB_ADMIN = false + String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxMS1XbTBvelE1TzBtUUg4LVNKYXAyWmNONE1tdWNXd25RV0tZeFpKNG93In0.eyJleHAiOjE1OTAzMTcxNzYsImlhdCI6MTU5MDMxNjg3NiwianRpIjoiY2MyNWQ3MDAtYjc5NC00OTA4LTg0OGUtOTRhNzYzNmM5YzQxIiwiaXNzIjoiaHR0cDovL2F1dGguZGVtby5wcmFnbWF0aWNpbmR1c3RyaWVzLmRlL2F1dGgvcmVhbG1zL0lvVERCIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6Ijg2YWRmNGIzLWE4ZTUtNDc1NC1iNWEwLTQ4OGI0OWY0M2VkMiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImlvdGRiIiwic2Vzc2lvbl9zdGF0ZSI6Ijk0ZmI5NGZjLTg3YTMtNDg4Ny [...] + + OpenIdAuthorizer authorizer = new OpenIdAuthorizer(JSONObjectUtils.parse(OPEN_ID_PUBLIC_JWK)); + boolean admin = authorizer.isAdmin(jwt); + + assertFalse(admin); + } + + /** + * Can be run manually as long as the site below is active... + */ + @Test + @Ignore("We have to find a way to test this against a defined OIDC Provider") + public void fetchMetadata() + throws ParseException, IOException, URISyntaxException, AuthException { + OpenIdAuthorizer openIdAuthorizer = new OpenIdAuthorizer( + "https://auth.demo.pragmaticindustries.de/auth/realms/IoTDB/";); + boolean login = openIdAuthorizer.login( + "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxMS1XbTBvelE1TzBtUUg4LVNKYXAyWmNONE1tdWNXd25RV0tZeFpKNG93In0.eyJleHAiOjE1OTAzMTcxNzYsImlhdCI6MTU5MDMxNjg3NiwianRpIjoiY2MyNWQ3MDAtYjc5NC00OTA4LTg0OGUtOTRhNzYzNmM5YzQxIiwiaXNzIjoiaHR0cDovL2F1dGguZGVtby5wcmFnbWF0aWNpbmR1c3RyaWVzLmRlL2F1dGgvcmVhbG1zL0lvVERCIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6Ijg2YWRmNGIzLWE4ZTUtNDc1NC1iNWEwLTQ4OGI0OWY0M2VkMiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImlvdGRiIiwic2Vzc2lvbl9zdGF0ZSI6Ijk0ZmI5NGZjLTg3YTMtNDg4Ny04M2Q3LWE [...] + ""); + assertTrue(login); + config.setOpenIdProviderUrl("https://auth.demo.pragmaticindustries.de/auth/realms/IoTDB/";); + OpenIdAuthorizer openIdAuthorizer1 = new OpenIdAuthorizer(); + login = openIdAuthorizer1.login( + "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxMS1XbTBvelE1TzBtUUg4LVNKYXAyWmNONE1tdWNXd25RV0tZeFpKNG93In0.eyJleHAiOjE1OTAzMTcxNzYsImlhdCI6MTU5MDMxNjg3NiwianRpIjoiY2MyNWQ3MDAtYjc5NC00OTA4LTg0OGUtOTRhNzYzNmM5YzQxIiwiaXNzIjoiaHR0cDovL2F1dGguZGVtby5wcmFnbWF0aWNpbmR1c3RyaWVzLmRlL2F1dGgvcmVhbG1zL0lvVERCIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6Ijg2YWRmNGIzLWE4ZTUtNDc1NC1iNWEwLTQ4OGI0OWY0M2VkMiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImlvdGRiIiwic2Vzc2lvbl9zdGF0ZSI6Ijk0ZmI5NGZjLTg3YTMtNDg4Ny04M2Q3LWE [...] + ""); + assertTrue(login); + } - @Test - public void loginWithJWT() throws AuthException, ParseException, IOException, URISyntaxException { - String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxMS1XbTBvelE1TzBtUUg4LVNKYXAyWmNONE1tdWNXd25RV0tZeFpKNG93In0.eyJleHAiOjE1OTAzMTcxNzYsImlhdCI6MTU5MDMxNjg3NiwianRpIjoiY2MyNWQ3MDAtYjc5NC00OTA4LTg0OGUtOTRhNzYzNmM5YzQxIiwiaXNzIjoiaHR0cDovL2F1dGguZGVtby5wcmFnbWF0aWNpbmR1c3RyaWVzLmRlL2F1dGgvcmVhbG1zL0lvVERCIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6Ijg2YWRmNGIzLWE4ZTUtNDc1NC1iNWEwLTQ4OGI0OWY0M2VkMiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImlvdGRiIiwic2Vzc2lvbl9zdGF0ZSI6Ijk0ZmI5NGZjLTg3YTMtND [...] - OpenIdAuthorizer authorizer = new OpenIdAuthorizer(JSONObjectUtils.parse(OPEN_ID_PUBLIC_JWK)); - boolean login = authorizer.login(jwt, null); - - assertTrue(login); - } - - @Test - public void isAdmin_hasAccess() throws AuthException, ParseException, IOException, URISyntaxException { - // IOTDB_ADMIN = true - String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxMS1XbTBvelE1TzBtUUg4LVNKYXAyWmNONE1tdWNXd25RV0tZeFpKNG93In0.eyJleHAiOjE1OTAzMjM5MjgsImlhdCI6MTU5MDMyMzYyOCwianRpIjoiZGQ5ZDZhNmItZjgzOC00Mjk3LTg5YWUtMjdlZTgxNzVhMThiIiwiaXNzIjoiaHR0cDovL2F1dGguZGVtby5wcmFnbWF0aWNpbmR1c3RyaWVzLmRlL2F1dGgvcmVhbG1zL0lvVERCIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6ImJhMzJlNDcxLWM3NzItNGIzMy04ZGE2LTZmZThhY2RhMDA3MyIsInR5cCI6IkJlYXJlciIsImF6cCI6ImlvdGRiIiwic2Vzc2lvbl9zdGF0ZSI6IjViZDRhNmM5LTBmYzItNG [...] - - OpenIdAuthorizer authorizer = new OpenIdAuthorizer(JSONObjectUtils.parse(OPEN_ID_PUBLIC_JWK)); - boolean admin = authorizer.isAdmin(jwt); - - assertTrue(admin); - } - - @Test - public void isAdmin_noAdminClaim() throws AuthException, ParseException, IOException, URISyntaxException { - // IOTDB_ADMIN = false - String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxMS1XbTBvelE1TzBtUUg4LVNKYXAyWmNONE1tdWNXd25RV0tZeFpKNG93In0.eyJleHAiOjE1OTAzMTcxNzYsImlhdCI6MTU5MDMxNjg3NiwianRpIjoiY2MyNWQ3MDAtYjc5NC00OTA4LTg0OGUtOTRhNzYzNmM5YzQxIiwiaXNzIjoiaHR0cDovL2F1dGguZGVtby5wcmFnbWF0aWNpbmR1c3RyaWVzLmRlL2F1dGgvcmVhbG1zL0lvVERCIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6Ijg2YWRmNGIzLWE4ZTUtNDc1NC1iNWEwLTQ4OGI0OWY0M2VkMiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImlvdGRiIiwic2Vzc2lvbl9zdGF0ZSI6Ijk0ZmI5NGZjLTg3YTMtND [...] - - OpenIdAuthorizer authorizer = new OpenIdAuthorizer(JSONObjectUtils.parse(OPEN_ID_PUBLIC_JWK)); - boolean admin = authorizer.isAdmin(jwt); - - assertFalse(admin); - } - - /** - * Can be run manually as long as the site below is active... - */ - @Test - @Ignore("We have to find a way to test this against a defined OIDC Provider") - public void fetchMetadata() throws ParseException, IOException, URISyntaxException, AuthException { - OpenIdAuthorizer openIdAuthorizer = new OpenIdAuthorizer("https://auth.demo.pragmaticindustries.de/auth/realms/IoTDB/";); - final boolean login = openIdAuthorizer.login("eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxMS1XbTBvelE1TzBtUUg4LVNKYXAyWmNONE1tdWNXd25RV0tZeFpKNG93In0.eyJleHAiOjE1OTAzMTcxNzYsImlhdCI6MTU5MDMxNjg3NiwianRpIjoiY2MyNWQ3MDAtYjc5NC00OTA4LTg0OGUtOTRhNzYzNmM5YzQxIiwiaXNzIjoiaHR0cDovL2F1dGguZGVtby5wcmFnbWF0aWNpbmR1c3RyaWVzLmRlL2F1dGgvcmVhbG1zL0lvVERCIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6Ijg2YWRmNGIzLWE4ZTUtNDc1NC1iNWEwLTQ4OGI0OWY0M2VkMiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImlvdGRiIiwic2Vzc2lvbl [...] - - assertTrue(login); - } } \ No newline at end of file diff --git a/server/src/main/java/org/apache/iotdb/db/auth/AuthException.java b/server/src/test/java/org/apache/iotdb/db/auth/entity/PathPrivilegeTest.java similarity index 50% copy from server/src/main/java/org/apache/iotdb/db/auth/AuthException.java copy to server/src/test/java/org/apache/iotdb/db/auth/entity/PathPrivilegeTest.java index c066de4..5ae49d8 100644 --- a/server/src/main/java/org/apache/iotdb/db/auth/AuthException.java +++ b/server/src/test/java/org/apache/iotdb/db/auth/entity/PathPrivilegeTest.java @@ -16,30 +16,28 @@ * specific language governing permissions and limitations * under the License. */ -package org.apache.iotdb.db.auth; +package org.apache.iotdb.db.auth.entity; -/** - * The exception for authority model. - */ -public class AuthException extends Exception { - - private static final long serialVersionUID = 5091102941209301301L; - - public AuthException(String message) { - super(message); - } +import java.util.HashSet; +import java.util.Set; +import org.junit.Assert; +import org.junit.Test; - public AuthException(String message, Throwable cause) { - super(message, cause); - } - - public AuthException(Throwable cause) { - super(cause); - } +public class PathPrivilegeTest { - protected AuthException(String message, Throwable cause, boolean enableSuppression, - boolean writableStackTrace) { - super(message, cause, enableSuppression, writableStackTrace); + @Test + public void testPathPrivilege() { + PathPrivilege pathPrivilege = new PathPrivilege(); + pathPrivilege.setPath("root.ln"); + Set<Integer> set = new HashSet<>(); + set.add(1); + pathPrivilege.setPrivileges(set); + Assert.assertEquals("root.ln : INSERT_TIMESERIES", pathPrivilege.toString()); + PathPrivilege pathPrivilege1 = new PathPrivilege(); + pathPrivilege1.setPath("root.sg"); + pathPrivilege1.setPrivileges(set); + Assert.assertNotEquals(pathPrivilege, pathPrivilege1); + pathPrivilege.deserialize(pathPrivilege1.serialize()); + Assert.assertEquals("root.sg : INSERT_TIMESERIES", pathPrivilege.toString()); } - } diff --git a/server/src/main/java/org/apache/iotdb/db/auth/AuthException.java b/server/src/test/java/org/apache/iotdb/db/auth/entity/RoleTest.java similarity index 50% copy from server/src/main/java/org/apache/iotdb/db/auth/AuthException.java copy to server/src/test/java/org/apache/iotdb/db/auth/entity/RoleTest.java index c066de4..058ff1e 100644 --- a/server/src/main/java/org/apache/iotdb/db/auth/AuthException.java +++ b/server/src/test/java/org/apache/iotdb/db/auth/entity/RoleTest.java @@ -16,30 +16,29 @@ * specific language governing permissions and limitations * under the License. */ -package org.apache.iotdb.db.auth; +package org.apache.iotdb.db.auth.entity; -/** - * The exception for authority model. - */ -public class AuthException extends Exception { - - private static final long serialVersionUID = 5091102941209301301L; - - public AuthException(String message) { - super(message); - } +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; +import org.junit.Assert; +import org.junit.Test; - public AuthException(String message, Throwable cause) { - super(message, cause); - } - - public AuthException(Throwable cause) { - super(cause); - } +public class RoleTest { - protected AuthException(String message, Throwable cause, boolean enableSuppression, - boolean writableStackTrace) { - super(message, cause, enableSuppression, writableStackTrace); + @Test + public void testRole() { + Role role = new Role("role"); + PathPrivilege pathPrivilege = new PathPrivilege("root.ln"); + role.setPrivilegeList(Collections.singletonList(pathPrivilege)); + Set<Integer> set = new HashSet<>(); + set.add(1); + role.setPrivileges("root.ln", set); + Assert.assertEquals("Role{name='role', privilegeList=[root.ln : INSERT_TIMESERIES]}", + role.toString()); + Role role1 = new Role("role1"); + role1.deserialize(role.serialize()); + Assert.assertEquals("Role{name='role', privilegeList=[root.ln : INSERT_TIMESERIES]}", + role1.toString()); } - } diff --git a/server/src/test/java/org/apache/iotdb/db/auth/entity/UserTest.java b/server/src/test/java/org/apache/iotdb/db/auth/entity/UserTest.java new file mode 100644 index 0000000..a43417e --- /dev/null +++ b/server/src/test/java/org/apache/iotdb/db/auth/entity/UserTest.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.iotdb.db.auth.entity; + +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; +import org.junit.Assert; +import org.junit.Test; + +public class UserTest { + + @Test + public void testUser() { + User user = new User("user", "password"); + PathPrivilege pathPrivilege = new PathPrivilege("root.ln"); + user.setPrivilegeList(Collections.singletonList(pathPrivilege)); + Set<Integer> set = new HashSet<>(); + set.add(1); + user.setPrivileges("root.ln", set); + Assert.assertEquals( + "User{name='user', password='password', privilegeList=[root.ln : INSERT_TIMESERIES], roleList=[], useWaterMark=false, lastActiveTime=0}", + user.toString()); + User user1 = new User("user1", "password1"); + user1.deserialize(user.serialize()); + Assert.assertEquals( + "User{name='user', password='password', privilegeList=[root.ln : INSERT_TIMESERIES], roleList=[], useWaterMark=false, lastActiveTime=0}", + user1.toString()); + } +} diff --git a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileRoleAccessorTest.java b/server/src/test/java/org/apache/iotdb/db/auth/role/LocalFileRoleAccessorTest.java similarity index 85% rename from server/src/test/java/org/apache/iotdb/db/auth/LocalFileRoleAccessorTest.java rename to server/src/test/java/org/apache/iotdb/db/auth/role/LocalFileRoleAccessorTest.java index 29b8223..f983b68 100644 --- a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileRoleAccessorTest.java +++ b/server/src/test/java/org/apache/iotdb/db/auth/role/LocalFileRoleAccessorTest.java @@ -16,9 +16,12 @@ * specific language governing permissions and limitations * under the License. */ -package org.apache.iotdb.db.auth; +package org.apache.iotdb.db.auth.role; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; import java.io.File; import java.io.IOException; @@ -74,12 +77,12 @@ public class LocalFileRoleAccessorTest { Role loadedRole = accessor.loadRole(role.getName()); assertEquals(role, loadedRole); } - assertEquals(null, accessor.loadRole("not a role")); + assertNull(accessor.loadRole("not a role")); // delete - assertEquals(true, accessor.deleteRole(roles[roles.length - 1].getName())); - assertEquals(false, accessor.deleteRole(roles[roles.length - 1].getName())); - assertEquals(null, accessor.loadRole(roles[roles.length - 1].getName())); + assertTrue(accessor.deleteRole(roles[roles.length - 1].getName())); + assertFalse(accessor.deleteRole(roles[roles.length - 1].getName())); + assertNull(accessor.loadRole(roles[roles.length - 1].getName())); // list List<String> roleNames = accessor.listAllRoles(); diff --git a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileRoleManagerTest.java b/server/src/test/java/org/apache/iotdb/db/auth/role/LocalFileRoleManagerTest.java similarity index 73% rename from server/src/test/java/org/apache/iotdb/db/auth/LocalFileRoleManagerTest.java rename to server/src/test/java/org/apache/iotdb/db/auth/role/LocalFileRoleManagerTest.java index 9bb836f..db5891a 100644 --- a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileRoleManagerTest.java +++ b/server/src/test/java/org/apache/iotdb/db/auth/role/LocalFileRoleManagerTest.java @@ -16,16 +16,19 @@ * specific language governing permissions and limitations * under the License. */ -package org.apache.iotdb.db.auth; +package org.apache.iotdb.db.auth.role; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; import java.io.File; import java.util.List; import org.apache.commons.io.FileUtils; +import org.apache.iotdb.db.auth.AuthException; import org.apache.iotdb.db.auth.entity.PathPrivilege; import org.apache.iotdb.db.auth.entity.Role; -import org.apache.iotdb.db.auth.role.LocalFileRoleManager; import org.apache.iotdb.db.constant.TestConstant; import org.apache.iotdb.db.utils.EnvironmentUtils; import org.junit.After; @@ -65,73 +68,73 @@ public class LocalFileRoleManagerTest { // create Role role = manager.getRole(roles[0].getName()); - assertEquals(null, role); + assertNull(role); for (Role role1 : roles) { - assertEquals(true, manager.createRole(role1.getName())); + assertTrue(manager.createRole(role1.getName())); } for (Role role1 : roles) { role = manager.getRole(role1.getName()); assertEquals(role1.getName(), role.getName()); } - assertEquals(false, manager.createRole(roles[0].getName())); + assertFalse(manager.createRole(roles[0].getName())); boolean caught = false; try { manager.createRole("too"); } catch (AuthException e) { caught = true; } - assertEquals(true, caught); + assertTrue(caught); // delete - assertEquals(false, manager.deleteRole("not a role")); - assertEquals(true, manager.deleteRole(roles[roles.length - 1].getName())); - assertEquals(null, manager.getRole(roles[roles.length - 1].getName())); - assertEquals(false, manager.deleteRole(roles[roles.length - 1].getName())); + assertFalse(manager.deleteRole("not a role")); + assertTrue(manager.deleteRole(roles[roles.length - 1].getName())); + assertNull(manager.getRole(roles[roles.length - 1].getName())); + assertFalse(manager.deleteRole(roles[roles.length - 1].getName())); // grant privilege role = manager.getRole(roles[0].getName()); String path = "root.a.b.c"; int privilegeId = 0; - assertEquals(false, role.hasPrivilege(path, privilegeId)); - assertEquals(true, manager.grantPrivilegeToRole(role.getName(), path, privilegeId)); - assertEquals(true, manager.grantPrivilegeToRole(role.getName(), path, privilegeId + 1)); - assertEquals(false, manager.grantPrivilegeToRole(role.getName(), path, privilegeId)); + assertFalse(role.hasPrivilege(path, privilegeId)); + assertTrue(manager.grantPrivilegeToRole(role.getName(), path, privilegeId)); + assertTrue(manager.grantPrivilegeToRole(role.getName(), path, privilegeId + 1)); + assertFalse(manager.grantPrivilegeToRole(role.getName(), path, privilegeId)); role = manager.getRole(roles[0].getName()); - assertEquals(true, role.hasPrivilege(path, privilegeId)); + assertTrue(role.hasPrivilege(path, privilegeId)); caught = false; try { manager.grantPrivilegeToRole("not a role", path, privilegeId); } catch (AuthException e) { caught = true; } - assertEquals(true, caught); + assertTrue(caught); caught = false; try { manager.grantPrivilegeToRole(role.getName(), path, -1); } catch (AuthException e) { caught = true; } - assertEquals(true, caught); + assertTrue(caught); // revoke privilege role = manager.getRole(roles[0].getName()); - assertEquals(true, manager.revokePrivilegeFromRole(role.getName(), path, privilegeId)); - assertEquals(false, manager.revokePrivilegeFromRole(role.getName(), path, privilegeId)); + assertTrue(manager.revokePrivilegeFromRole(role.getName(), path, privilegeId)); + assertFalse(manager.revokePrivilegeFromRole(role.getName(), path, privilegeId)); caught = false; try { manager.revokePrivilegeFromRole("not a role", path, privilegeId); } catch (AuthException e) { caught = true; } - assertEquals(true, caught); + assertTrue(caught); caught = false; try { manager.revokePrivilegeFromRole(role.getName(), path, -1); } catch (AuthException e) { caught = true; } - assertEquals(true, caught); + assertTrue(caught); // list roles List<String> rolenames = manager.listAllRoles(); diff --git a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileUserAccessorTest.java b/server/src/test/java/org/apache/iotdb/db/auth/user/LocalFileUserAccessorTest.java similarity index 89% rename from server/src/test/java/org/apache/iotdb/db/auth/LocalFileUserAccessorTest.java rename to server/src/test/java/org/apache/iotdb/db/auth/user/LocalFileUserAccessorTest.java index 18c636e..11b8e11 100644 --- a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileUserAccessorTest.java +++ b/server/src/test/java/org/apache/iotdb/db/auth/user/LocalFileUserAccessorTest.java @@ -16,9 +16,12 @@ * specific language governing permissions and limitations * under the License. */ -package org.apache.iotdb.db.auth; +package org.apache.iotdb.db.auth.user; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import java.io.File; @@ -84,7 +87,7 @@ public class LocalFileUserAccessorTest { fail(e.getMessage()); } } - assertEquals(null, accessor.loadUser("not a user")); + assertNull(accessor.loadUser("not a user")); // list List<String> usernames = accessor.listAllUsers(); @@ -94,8 +97,8 @@ public class LocalFileUserAccessorTest { } // delete - assertEquals(false, accessor.deleteUser("not a user")); - assertEquals(true, accessor.deleteUser(users[users.length - 1].getName())); + assertFalse(accessor.deleteUser("not a user")); + assertTrue(accessor.deleteUser(users[users.length - 1].getName())); usernames = accessor.listAllUsers(); assertEquals(users.length - 1, usernames.size()); usernames.sort(null); @@ -103,6 +106,6 @@ public class LocalFileUserAccessorTest { assertEquals(users[i].getName(), usernames.get(i)); } User nullUser = accessor.loadUser(users[users.length - 1].getName()); - assertEquals(null, nullUser); + assertNull(nullUser); } } diff --git a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileUserManagerTest.java b/server/src/test/java/org/apache/iotdb/db/auth/user/LocalFileUserManagerTest.java similarity index 70% rename from server/src/test/java/org/apache/iotdb/db/auth/LocalFileUserManagerTest.java rename to server/src/test/java/org/apache/iotdb/db/auth/user/LocalFileUserManagerTest.java index 919c17c..7ef84f0 100644 --- a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileUserManagerTest.java +++ b/server/src/test/java/org/apache/iotdb/db/auth/user/LocalFileUserManagerTest.java @@ -16,16 +16,19 @@ * specific language governing permissions and limitations * under the License. */ -package org.apache.iotdb.db.auth; +package org.apache.iotdb.db.auth.user; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; import java.io.File; import java.util.List; import org.apache.commons.io.FileUtils; +import org.apache.iotdb.db.auth.AuthException; import org.apache.iotdb.db.auth.entity.PathPrivilege; import org.apache.iotdb.db.auth.entity.User; -import org.apache.iotdb.db.auth.user.LocalFileUserManager; import org.apache.iotdb.db.conf.IoTDBConstant; import org.apache.iotdb.db.constant.TestConstant; import org.apache.iotdb.db.utils.AuthUtils; @@ -68,9 +71,9 @@ public class LocalFileUserManagerTest { // create User user = manager.getUser(users[0].getName()); - assertEquals(null, user); + assertNull(user); for (User user1 : users) { - assertEquals(true, manager.createUser(user1.getName(), user1.getPassword())); + assertTrue(manager.createUser(user1.getName(), user1.getPassword())); } for (User user1 : users) { user = manager.getUser(user1.getName()); @@ -78,77 +81,77 @@ public class LocalFileUserManagerTest { assertEquals(AuthUtils.encryptPassword(user1.getPassword()), user.getPassword()); } - assertEquals(false, manager.createUser(users[0].getName(), users[0].getPassword())); + assertFalse(manager.createUser(users[0].getName(), users[0].getPassword())); boolean caught = false; try { manager.createUser("too", "short"); } catch (AuthException e) { caught = true; } - assertEquals(true, caught); + assertTrue(caught); caught = false; try { manager.createUser("short", "too"); } catch (AuthException e) { caught = true; } - assertEquals(true, caught); + assertTrue(caught); // delete - assertEquals(false, manager.deleteUser("not a user")); - assertEquals(true, manager.deleteUser(users[users.length - 1].getName())); - assertEquals(null, manager.getUser(users[users.length - 1].getName())); - assertEquals(false, manager.deleteUser(users[users.length - 1].getName())); + assertFalse(manager.deleteUser("not a user")); + assertTrue(manager.deleteUser(users[users.length - 1].getName())); + assertNull(manager.getUser(users[users.length - 1].getName())); + assertFalse(manager.deleteUser(users[users.length - 1].getName())); // grant privilege user = manager.getUser(users[0].getName()); String path = "root.a.b.c"; int privilegeId = 0; - assertEquals(false, user.hasPrivilege(path, privilegeId)); - assertEquals(true, manager.grantPrivilegeToUser(user.getName(), path, privilegeId)); - assertEquals(true, manager.grantPrivilegeToUser(user.getName(), path, privilegeId + 1)); - assertEquals(false, manager.grantPrivilegeToUser(user.getName(), path, privilegeId)); + assertFalse(user.hasPrivilege(path, privilegeId)); + assertTrue(manager.grantPrivilegeToUser(user.getName(), path, privilegeId)); + assertTrue(manager.grantPrivilegeToUser(user.getName(), path, privilegeId + 1)); + assertFalse(manager.grantPrivilegeToUser(user.getName(), path, privilegeId)); user = manager.getUser(users[0].getName()); - assertEquals(true, user.hasPrivilege(path, privilegeId)); + assertTrue(user.hasPrivilege(path, privilegeId)); caught = false; try { manager.grantPrivilegeToUser("not a user", path, privilegeId); } catch (AuthException e) { caught = true; } - assertEquals(true, caught); + assertTrue(caught); caught = false; try { manager.grantPrivilegeToUser(user.getName(), path, -1); } catch (AuthException e) { caught = true; } - assertEquals(true, caught); + assertTrue(caught); // revoke privilege user = manager.getUser(users[0].getName()); - assertEquals(true, manager.revokePrivilegeFromUser(user.getName(), path, privilegeId)); - assertEquals(false, manager.revokePrivilegeFromUser(user.getName(), path, privilegeId)); + assertTrue(manager.revokePrivilegeFromUser(user.getName(), path, privilegeId)); + assertFalse(manager.revokePrivilegeFromUser(user.getName(), path, privilegeId)); caught = false; try { manager.revokePrivilegeFromUser("not a user", path, privilegeId); } catch (AuthException e) { caught = true; } - assertEquals(true, caught); + assertTrue(caught); caught = false; try { manager.revokePrivilegeFromUser(user.getName(), path, -1); } catch (AuthException e) { caught = true; } - assertEquals(true, caught); + assertTrue(caught); // update password String newPassword = "newPassword"; String illegalPW = "new"; - assertEquals(true, manager.updateUserPassword(user.getName(), newPassword)); - assertEquals(false, manager.updateUserPassword(user.getName(), illegalPW)); + assertTrue(manager.updateUserPassword(user.getName(), newPassword)); + assertFalse(manager.updateUserPassword(user.getName(), illegalPW)); user = manager.getUser(user.getName()); assertEquals(AuthUtils.encryptPassword(newPassword), user.getPassword()); caught = false; @@ -157,34 +160,34 @@ public class LocalFileUserManagerTest { } catch (AuthException e) { caught = true; } - assertEquals(true, caught); + assertTrue(caught); // grant role String roleName = "newrole"; - assertEquals(true, manager.grantRoleToUser(roleName, user.getName())); - assertEquals(false, manager.grantRoleToUser(roleName, user.getName())); + assertTrue(manager.grantRoleToUser(roleName, user.getName())); + assertFalse(manager.grantRoleToUser(roleName, user.getName())); user = manager.getUser(user.getName()); - assertEquals(true, user.hasRole(roleName)); + assertTrue(user.hasRole(roleName)); caught = false; try { manager.grantRoleToUser("not a user", roleName); } catch (AuthException e) { caught = true; } - assertEquals(true, caught); + assertTrue(caught); // revoke role - assertEquals(true, manager.revokeRoleFromUser(roleName, user.getName())); - assertEquals(false, manager.revokeRoleFromUser(roleName, user.getName())); + assertTrue(manager.revokeRoleFromUser(roleName, user.getName())); + assertFalse(manager.revokeRoleFromUser(roleName, user.getName())); user = manager.getUser(user.getName()); - assertEquals(false, user.hasRole(roleName)); + assertFalse(user.hasRole(roleName)); caught = false; try { manager.revokeRoleFromUser("not a user", roleName); } catch (AuthException e) { caught = true; } - assertEquals(true, caught); + assertTrue(caught); // list users List<String> usernames = manager.listAllUsers(); diff --git a/session/src/test/java/org/apache/iotdb/session/IoTDBSessionSimpleIT.java b/session/src/test/java/org/apache/iotdb/session/IoTDBSessionSimpleIT.java index 09849c8..28fcf1e 100644 --- a/session/src/test/java/org/apache/iotdb/session/IoTDBSessionSimpleIT.java +++ b/session/src/test/java/org/apache/iotdb/session/IoTDBSessionSimpleIT.java @@ -24,6 +24,7 @@ import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; import java.util.ArrayList; +import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.List; @@ -388,4 +389,31 @@ public class IoTDBSessionSimpleIT { session.deleteStorageGroup(storageGroup); session.close(); } + + @Test + public void deleteData() throws StatementExecutionException, IoTDBConnectionException { + session = new Session("127.0.0.1", 6667, "root", "root"); + session.open(); + String device = "root.sg1.d1"; + List<MeasurementSchema> schemaList = new ArrayList<>(); + for (int i = 0; i < 3; i++) { + schemaList.add(new MeasurementSchema("s" + i, TSDataType.INT64)); + } + Tablet tablet = new Tablet(device, schemaList, 1000); + while(tablet.rowSize < 10) { + tablet.addTimestamp(tablet.rowSize, tablet.rowSize); + for (int i = 0; i < 3; i++) { + tablet.addValue("s" + i, tablet.rowSize, (long) tablet.rowSize); + } + tablet.rowSize++; + } + session.insertTablet(tablet); + session.executeNonQueryStatement("flush"); + session.deleteData(Collections.singletonList("root.sg1.d1.s1"), 4, 6); + SessionDataSet dataSet = session.executeQueryStatement("select s1 from root.sg1.d1 where time < 6 and time > 4"); + while(dataSet.hasNext()) { + RowRecord record = dataSet.next(); + System.out.println(record.toString()); + } + } }
