Gabriella Lotz has posted comments on this change. ( http://gerrit.cloudera.org:8080/23045 )
Change subject: Add REST API integration tests ...................................................................... Patch Set 8: (9 comments) Thank you so much for the reviews! http://gerrit.cloudera.org:8080/#/c/23045/7/src/kudu/integration-tests/master_authz-itest.cc File src/kudu/integration-tests/master_authz-itest.cc: http://gerrit.cloudera.org:8080/#/c/23045/7/src/kudu/integration-tests/master_authz-itest.cc@1061 PS7, Line 1061: verify that a table created by User A remain > How does User A creating a table verify isolation? Could you rephrase this Done http://gerrit.cloudera.org:8080/#/c/23045/7/src/kudu/integration-tests/master_authz-itest.cc@1063 PS7, Line 1063: : // Note: These methods default to using kTestUser as the owner : // when not explicitly specified in the privilege parame > could you leave a note in the comments, that these methods default to using Done http://gerrit.cloudera.org:8080/#/c/23045/7/src/kudu/integration-tests/master_authz-itest.cc@1067 PS7, Line 1067: NO_FATALS(this->GrantDropTablePrivilege({kDatabaseName, "test_table"})); > nit: if access is checked below in the scoped blocks, we dont need this lin Done http://gerrit.cloudera.org:8080/#/c/23045/7/src/kudu/integration-tests/master_authz-itest.cc@1072 PS7, Line 1072: string table_id = table->id(); : : // User B cannot access the table : { : ASSERT_OK(cluster_->kdc()->Kinit(kSecondUser)); : EasyCurl c; : faststring buf; : c.set_auth(CurlAuthType::SPNEGO); : c.set_custom_method("DELETE"); : : Status s = c.FetchURL(Substitute("http://$0/api/v1/tables/$1";, : cluster_->master()->bound_http_hostport().ToString(), : table_id), : &buf); : AssertUnauthorizedResponse(s, buf.ToString()); : : c.set_custom_method("PUT"); : string alter_json = CreateAlterTableJsonAddColumn("test_table"); : s = c.PostToURL(Substitute("http://$0/api/v1 > nit: isn't this the same piece of code that is below in the first {} block? Done http://gerrit.cloudera.org:8080/#/c/23045/7/src/kudu/integration-tests/master_authz-itest.cc@1101 PS7, Line 1101: ASSERT_OK(cluster_->kdc()->Kinit(kTestUser)); : EasyCurl c; : faststring buf; > nit: please add 2 extra spaces indent Done http://gerrit.cloudera.org:8080/#/c/23045/7/src/kudu/integration-tests/master_authz-itest.cc@1109 PS7, Line 1109: &buf)); : } : } : > nit: please add 2 extra spaces indent Done http://gerrit.cloudera.org:8080/#/c/23045/7/src/kudu/integration-tests/master_authz-itest.cc@1113 PS7, Line 1113: TEST_P(RestApiAuthzITest, TestRestApiCreateTableWithAuthorization) { > maybe it would be best to call kdestroy at the end of this block to make su Done http://gerrit.cloudera.org:8080/#/c/23045/7/src/kudu/integration-tests/master_authz-itest.cc@1124 PS7, Line 1124: Status s = c.PostToURL( : Substitute("http://$0/api/v1/tables";, cluster_->master()->bound_http_hostport().ToString()), : table_json, > nit: please add 2 extra spaces indent Done http://gerrit.cloudera.org:8080/#/c/23045/7/src/kudu/master/spnego_rest_catalog-test.cc File src/kudu/master/spnego_rest_catalog-test.cc: http://gerrit.cloudera.org:8080/#/c/23045/7/src/kudu/master/spnego_rest_catalog-test.cc@310 PS7, Line 310: protected: : unique_ptr<MiniKdc> kdc_; : unique_ptr<InternalMiniCluster> cluster_; : const string kDefaultPrincipal = "alice"; : }; : : TEST_F(MultiMasterSpnegoTest, TestAuthenticatedLeaderAccess) { : // Test authenticated access to leader endpoint across all masters : ASSERT_OK(kdc_->Kinit(kDefaultPrincipal)); : : set<string> leader_addresses; : static KuduRegex re("\"leader\":\"([^\"]+)\"", 1); : : for (int i = 0; i < cluster_->num_masters(); i++) { : EasyCurl c; : c.set_auth(CurlAuthType::SPNEGO); : faststring buf; : ASSERT_OK(c.FetchURL(Substitute("http://$0/api/v1/leader";, : cluster_->mini_master(i)->bound_http_addr().ToString()), : &buf)); : vector<string> matches; : ASSERT_TRUE(re.Match(buf.ToString(), &matches)); : leader_addresses.insert(matches[0]); : } : : // All masters should report the same leader with authentication : ASSERT_EQ(1, leader_addresses.size()) << "Authenticated requests yielded different leaders: " : << JoinStrings(leader_addresses, ", "); : } : > I think this part is not necessary as we have something like this built int Done -- To view, visit http://gerrit.cloudera.org:8080/23045 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ifd3ff0dfd67cbc2b5ed0454372dd2bcea71e2ba3 Gerrit-Change-Number: 23045 Gerrit-PatchSet: 8 Gerrit-Owner: Gabriella Lotz <[email protected]> Gerrit-Reviewer: Gabriella Lotz <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Marton Greber <[email protected]> Gerrit-Reviewer: Zoltan Chovan <[email protected]> Gerrit-Comment-Date: Mon, 18 Aug 2025 17:05:07 +0000 Gerrit-HasComments: Yes
