ctubbsii commented on PR #68: URL: https://github.com/apache/accumulo-proxy/pull/68#issuecomment-1424924924
> > For example, the permissions test could be changed so that the permissions are added/removed by the root user using the minicluster API directly, and the Proxy instance could be used to check the regular user's permissions are appropriately enabled/restricted. > > @ctubbsii, what do you mean by "regular user" here? In the tests when using the minicluster, the only user that is created/used is the root user. Look for lines that say `client.createLocalUser`. Those created an unprivileged user whose permissions were manipulated to verify that the permissions worked as expected in the proxy. There are a few things that were being verified by those tests: 1. The proxy's ability to create a user 2. The proxy's ability to switch users 3. The proxy's ability to execute the grant/revoke permission APIs 4. Verifying the new user's permissions were enforced when performing the operation whose permission was granted/revoked We still want to make sure we have proxy test coverage for 1 and 3. We could rely on Accumulo's own enforcement testing for 4, since the proxy now only has one user... and there's no risk of it using the wrong user's permissions now, but if we want the same coverage as before, we'll need to do some alternative to item 2, which we no longer need to test, as it is not supported. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
