Search in sources :

Example 11 with ColumnVisibilitySecurityMarking

use of datawave.marking.ColumnVisibilitySecurityMarking in project datawave by NationalSecurityAgency.

the class ExtendedQueryExecutorBeanTest method testCreateQueryAndNext_AddToCacheException.

@SuppressWarnings({ "rawtypes", "unchecked" })
@Test
public void testCreateQueryAndNext_AddToCacheException() throws Exception {
    // Set local test input
    String queryLogicName = "queryLogicName";
    String query = "query";
    String queryName = "queryName";
    String queryVisibility = "A&B";
    long currentTime = System.currentTimeMillis();
    Date beginDate = new Date(currentTime - 5000);
    Date endDate = new Date(currentTime - 1000);
    String queryAuthorizations = "AUTH_1";
    Date expirationDate = new Date(currentTime + 9999);
    int pagesize = 10;
    int pageTimeout = -1;
    QueryPersistence persistenceMode = QueryPersistence.PERSISTENT;
    boolean trace = false;
    String userName = "userName";
    String userSid = "userSid";
    String userDN = "userDN";
    SubjectIssuerDNPair userDNpair = SubjectIssuerDNPair.of(userDN);
    List<String> dnList = Collections.singletonList(userDN);
    UUID queryId = UUID.randomUUID();
    MultivaluedMap<String, String> queryParameters = new MultivaluedMapImpl<>();
    queryParameters.putSingle(QueryParameters.QUERY_STRING, query);
    queryParameters.putSingle(QueryParameters.QUERY_NAME, queryName);
    queryParameters.putSingle(QueryParameters.QUERY_LOGIC_NAME, queryLogicName);
    queryParameters.putSingle(QueryParameters.QUERY_BEGIN, QueryParametersImpl.formatDate(beginDate));
    queryParameters.putSingle(QueryParameters.QUERY_END, QueryParametersImpl.formatDate(endDate));
    queryParameters.putSingle(QueryParameters.QUERY_EXPIRATION, QueryParametersImpl.formatDate(expirationDate));
    queryParameters.putSingle(QueryParameters.QUERY_AUTHORIZATIONS, queryAuthorizations);
    queryParameters.putSingle(QueryParameters.QUERY_PAGESIZE, String.valueOf(pagesize));
    queryParameters.putSingle(QueryParameters.QUERY_PAGETIMEOUT, String.valueOf(pageTimeout));
    queryParameters.putSingle(QueryParameters.QUERY_PERSISTENCE, persistenceMode.name());
    queryParameters.putSingle(QueryParameters.QUERY_TRACE, String.valueOf(trace));
    queryParameters.putSingle("valid", "param");
    queryParameters.putSingle(ColumnVisibilitySecurityMarking.VISIBILITY_MARKING, queryVisibility);
    ColumnVisibilitySecurityMarking marking = new ColumnVisibilitySecurityMarking();
    marking.validate(queryParameters);
    QueryParameters qp = new QueryParametersImpl();
    qp.validate(queryParameters);
    MultivaluedMap<String, String> op = new MultivaluedMapImpl<>();
    op.putAll(qp.getUnknownParameters(queryParameters));
    // op.putSingle(PrivateAuditConstants.AUDIT_TYPE, AuditType.ACTIVE.name());
    op.putSingle(PrivateAuditConstants.LOGIC_CLASS, queryLogicName);
    op.putSingle(PrivateAuditConstants.COLUMN_VISIBILITY, queryVisibility);
    op.putSingle(PrivateAuditConstants.USER_DN, userDNpair.subjectDN());
    // Set expectations
    expect(context.getCallerPrincipal()).andReturn(principal);
    queryLogic1.validate(queryParameters);
    expect(this.queryLogicFactory.getQueryLogic(queryLogicName, this.principal)).andReturn((QueryLogic) this.queryLogic1);
    expect(this.queryLogic1.getMaxPageSize()).andReturn(1000).times(2);
    expect(this.context.getCallerPrincipal()).andReturn(this.principal);
    expect(this.principal.getName()).andReturn(userName);
    expect(this.principal.getShortName()).andReturn(userSid);
    expect(this.principal.getUserDN()).andReturn(userDNpair);
    expect(this.principal.getDNs()).andReturn(new String[] { userDN });
    expect(this.principal.getProxyServers()).andReturn(new ArrayList<>(0));
    expect(this.queryLogic1.containsDNWithAccess(Collections.singletonList(userDN))).andReturn(true);
    expect(this.queryLogic1.getAuditType(null)).andReturn(AuditType.ACTIVE);
    expect(this.principal.getAuthorizations()).andReturn((Collection) Arrays.asList(Arrays.asList(queryAuthorizations)));
    expect(persister.create(eq(userDNpair.subjectDN()), eq(dnList), eq(marking), eq(queryLogicName), eq(qp), eq(op))).andReturn(this.query);
    expect(this.queryLogic1.getAuditType(this.query)).andReturn(AuditType.ACTIVE);
    expect(this.queryLogic1.getSelectors(this.query)).andReturn(null);
    expect(auditor.audit(eq(queryParameters))).andReturn(null);
    expect(this.queryLogic1.getConnectionPriority()).andReturn(Priority.NORMAL);
    expect(this.queryLogic1.getConnPoolName()).andReturn("connPool1");
    expect(this.connectionFactory.getTrackingMap(isA(StackTraceElement[].class))).andReturn(null);
    this.connectionRequestBean.requestBegin(queryId.toString());
    expect(this.connectionFactory.getConnection("connPool1", Priority.NORMAL, null)).andReturn(this.connector);
    this.connectionRequestBean.requestEnd(queryId.toString());
    expect(this.traceInfos.get(userSid)).andReturn(Arrays.asList(PatternWrapper.wrap(query)));
    expect(this.qlCache.add(queryId.toString(), userSid, this.queryLogic1, this.connector)).andThrow(new IllegalStateException("INTENTIONALLY THROWN TEST EXCEPTION: PROBLEM ADDING QUERY LOGIC TO CACHE"));
    this.queryLogic1.close();
    this.connectionFactory.returnConnection(this.connector);
    PowerMock.expectLastCall().andThrow(new IOException("INTENTIONALLY THROWN 2ND-LEVEL TEST EXCEPTION"));
    this.persister.remove(this.query);
    PowerMock.expectLastCall().andThrow(new IOException("INTENTIONALLY THROWN 3RD-LEVEL TEST EXCEPTION"));
    expect(this.query.getId()).andReturn(queryId).anyTimes();
    expect(this.qlCache.poll(queryId.toString())).andReturn(null);
    // Run the test
    PowerMock.replayAll();
    QueryExecutorBean subject = new QueryExecutorBean();
    setInternalState(subject, EJBContext.class, context);
    setInternalState(subject, QueryParameters.class, new QueryParametersImpl());
    setInternalState(subject, AccumuloConnectionFactory.class, connectionFactory);
    setInternalState(subject, ResponseObjectFactory.class, responseObjectFactory);
    setInternalState(subject, CreatedQueryLogicCacheBean.class, qlCache);
    setInternalState(subject, Persister.class, persister);
    setInternalState(subject, QueryLogicFactory.class, queryLogicFactory);
    setInternalState(subject, QueryExpirationConfiguration.class, queryExpirationConf);
    setInternalState(subject, AuditBean.class, auditor);
    setInternalState(subject, Multimap.class, traceInfos);
    setInternalState(subject, SecurityMarking.class, marking);
    setInternalState(subject, QueryMetricFactory.class, new QueryMetricFactoryImpl());
    setInternalState(connectionRequestBean, EJBContext.class, context);
    setInternalState(subject, AccumuloConnectionRequestBean.class, connectionRequestBean);
    Throwable result1 = null;
    try {
        subject.createQueryAndNext(queryLogicName, queryParameters);
    } catch (DatawaveWebApplicationException e) {
        result1 = e.getCause();
    }
    PowerMock.verifyAll();
    // Verify results
    assertTrue("QueryException expected to have been thrown", result1 instanceof QueryException);
    assertEquals("Exception expected to have been caused by problem adding query logic to cache", "500-7", ((QueryException) result1).getErrorCode());
}
Also used : SubjectIssuerDNPair(datawave.security.authorization.SubjectIssuerDNPair) MultivaluedMapImpl(org.jboss.resteasy.specimpl.MultivaluedMapImpl) QueryParameters(datawave.webservice.query.QueryParameters) IOException(java.io.IOException) QueryParametersImpl(datawave.webservice.query.QueryParametersImpl) Date(java.util.Date) ColumnVisibilitySecurityMarking(datawave.marking.ColumnVisibilitySecurityMarking) NoResultsQueryException(datawave.webservice.query.exception.NoResultsQueryException) QueryException(datawave.webservice.query.exception.QueryException) QueryPersistence(datawave.webservice.query.QueryPersistence) DatawaveWebApplicationException(datawave.webservice.common.exception.DatawaveWebApplicationException) UUID(java.util.UUID) QueryMetricFactoryImpl(datawave.microservice.querymetric.QueryMetricFactoryImpl) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 12 with ColumnVisibilitySecurityMarking

use of datawave.marking.ColumnVisibilitySecurityMarking in project datawave by NationalSecurityAgency.

the class ExtendedQueryExecutorBeanTest method testPlanQuery_userNotInAllowedDNs.

@Test
public void testPlanQuery_userNotInAllowedDNs() throws Exception {
    // Set local test input
    String queryLogicName = "queryLogicName";
    String query = "query";
    String queryName = "queryName";
    String queryVisibility = "A&B";
    long currentTime = System.currentTimeMillis();
    Date beginDate = new Date(currentTime - 5000);
    Date endDate = new Date(currentTime - 1000);
    String queryAuthorizations = "AUTH_1";
    Date expirationDate = new Date(currentTime + 999999);
    int pagesize = 10;
    int pageTimeout = -1;
    QueryPersistence persistenceMode = QueryPersistence.PERSISTENT;
    boolean trace = false;
    String userName = "userName";
    String userSid = "userSid";
    String userDN = "userdn";
    SubjectIssuerDNPair userDNpair = SubjectIssuerDNPair.of(userDN);
    MultivaluedMap<String, String> queryParameters = new MultivaluedMapImpl<>();
    queryParameters.putSingle(QueryParameters.QUERY_LOGIC_NAME, queryLogicName);
    queryParameters.putSingle(QueryParameters.QUERY_STRING, query);
    queryParameters.putSingle(QueryParameters.QUERY_NAME, queryName);
    queryParameters.putSingle(QueryParameters.QUERY_BEGIN, QueryParametersImpl.formatDate(beginDate));
    queryParameters.putSingle(QueryParameters.QUERY_END, QueryParametersImpl.formatDate(endDate));
    queryParameters.putSingle(QueryParameters.QUERY_EXPIRATION, QueryParametersImpl.formatDate(expirationDate));
    queryParameters.putSingle(QueryParameters.QUERY_AUTHORIZATIONS, queryAuthorizations);
    queryParameters.putSingle(QueryParameters.QUERY_PAGESIZE, String.valueOf(pagesize));
    queryParameters.putSingle(QueryParameters.QUERY_PAGETIMEOUT, String.valueOf(pageTimeout));
    queryParameters.putSingle(QueryParameters.QUERY_PERSISTENCE, persistenceMode.name());
    queryParameters.putSingle(QueryParameters.QUERY_TRACE, String.valueOf(trace));
    queryParameters.putSingle(ColumnVisibilitySecurityMarking.VISIBILITY_MARKING, queryVisibility);
    queryParameters.putSingle("valid", "param");
    ColumnVisibilitySecurityMarking marking = new ColumnVisibilitySecurityMarking();
    marking.validate(queryParameters);
    QueryParameters qp = new QueryParametersImpl();
    qp.validate(queryParameters);
    MultivaluedMap<String, String> op = new MultivaluedMapImpl<>();
    op.putAll(qp.getUnknownParameters(queryParameters));
    op.putSingle(PrivateAuditConstants.LOGIC_CLASS, queryLogicName);
    op.putSingle(PrivateAuditConstants.COLUMN_VISIBILITY, queryVisibility);
    op.putSingle(PrivateAuditConstants.USER_DN, userDNpair.subjectDN());
    // Set expectations of the create logic
    queryLogic1.validate(queryParameters);
    expect(this.queryLogicFactory.getQueryLogic(queryLogicName, this.principal)).andReturn((QueryLogic) this.queryLogic1);
    expect(this.context.getCallerPrincipal()).andReturn(this.principal).anyTimes();
    expect(this.principal.getName()).andReturn(userName);
    expect(this.principal.getShortName()).andReturn(userSid);
    expect(this.principal.getUserDN()).andReturn(userDNpair);
    expect(this.principal.getDNs()).andReturn(new String[] { userDN });
    expect(this.principal.getProxyServers()).andReturn(new ArrayList<>(0)).anyTimes();
    expect(this.queryLogic1.containsDNWithAccess(Collections.singletonList(userDN))).andReturn(false);
    // Run the test
    PowerMock.replayAll();
    QueryExecutorBean subject = new QueryExecutorBean();
    setInternalState(subject, EJBContext.class, context);
    setInternalState(subject, AccumuloConnectionFactory.class, connectionFactory);
    setInternalState(subject, ResponseObjectFactory.class, responseObjectFactory);
    setInternalState(subject, CreatedQueryLogicCacheBean.class, qlCache);
    setInternalState(subject, QueryCache.class, cache);
    setInternalState(subject, ClosedQueryCache.class, closedCache);
    setInternalState(subject, Persister.class, persister);
    setInternalState(subject, QueryLogicFactoryImpl.class, queryLogicFactory);
    setInternalState(subject, QueryExpirationConfiguration.class, queryExpirationConf);
    setInternalState(subject, AuditBean.class, auditor);
    setInternalState(subject, QueryMetricsBean.class, metrics);
    setInternalState(subject, Multimap.class, traceInfos);
    setInternalState(subject, SecurityMarking.class, new ColumnVisibilitySecurityMarking());
    setInternalState(subject, QueryParameters.class, new QueryParametersImpl());
    setInternalState(subject, QueryMetricFactory.class, new QueryMetricFactoryImpl());
    setInternalState(connectionRequestBean, EJBContext.class, context);
    setInternalState(subject, AccumuloConnectionRequestBean.class, connectionRequestBean);
    Throwable result1 = null;
    try {
        subject.planQuery(queryLogicName, queryParameters);
    } catch (DatawaveWebApplicationException e) {
        result1 = e.getCause();
    }
    PowerMock.verifyAll();
    // Verify results
    assertTrue("QueryException expected to have been thrown", result1 instanceof QueryException);
    assertEquals("Thrown exception expected to have been due to access denied", "401", ((QueryException) result1).getErrorCode());
    assertEquals("Thrown exception expected to detail reason for access denial", "None of the DNs used have access to this query logic: [userdn]", result1.getMessage());
}
Also used : SubjectIssuerDNPair(datawave.security.authorization.SubjectIssuerDNPair) ArrayList(java.util.ArrayList) MultivaluedMapImpl(org.jboss.resteasy.specimpl.MultivaluedMapImpl) QueryParameters(datawave.webservice.query.QueryParameters) QueryParametersImpl(datawave.webservice.query.QueryParametersImpl) Date(java.util.Date) ColumnVisibilitySecurityMarking(datawave.marking.ColumnVisibilitySecurityMarking) NoResultsQueryException(datawave.webservice.query.exception.NoResultsQueryException) QueryException(datawave.webservice.query.exception.QueryException) QueryPersistence(datawave.webservice.query.QueryPersistence) DatawaveWebApplicationException(datawave.webservice.common.exception.DatawaveWebApplicationException) QueryMetricFactoryImpl(datawave.microservice.querymetric.QueryMetricFactoryImpl) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 13 with ColumnVisibilitySecurityMarking

use of datawave.marking.ColumnVisibilitySecurityMarking in project datawave by NationalSecurityAgency.

the class ExtendedQueryExecutorBeanTest method testCreateQueryAndNext_DoubleAuditValues.

@SuppressWarnings({ "rawtypes", "unchecked" })
@Test
public void testCreateQueryAndNext_DoubleAuditValues() throws Exception {
    // Set local test input
    String queryLogicName = "queryLogicName";
    String query = "query";
    String queryName = "queryName";
    String queryVisibility = "A&B";
    long currentTime = System.currentTimeMillis();
    Date beginDate = new Date(currentTime - 5000);
    Date endDate = new Date(currentTime - 1000);
    String queryAuthorizations = "AUTH_1";
    Date expirationDate = new Date(currentTime + 999999);
    int pagesize = 10;
    int pageTimeout = -1;
    QueryPersistence persistenceMode = QueryPersistence.PERSISTENT;
    boolean trace = false;
    String userName = "userName";
    String userSid = "userSid";
    String userDN = "userDN";
    SubjectIssuerDNPair userDNpair = SubjectIssuerDNPair.of(userDN);
    List<String> dnList = Collections.singletonList(userDN);
    UUID queryId = UUID.randomUUID();
    long pageNumber = 0L;
    HashMap<String, Collection<String>> authsMap = new HashMap<>();
    authsMap.put("userdn", Arrays.asList(queryAuthorizations));
    MultivaluedMap<String, String> queryParameters = new MultivaluedMapImpl<>();
    queryParameters.putSingle(QueryParameters.QUERY_STRING, query);
    queryParameters.putSingle(QueryParameters.QUERY_NAME, queryName);
    queryParameters.putSingle(QueryParameters.QUERY_LOGIC_NAME, queryLogicName);
    queryParameters.putSingle(QueryParameters.QUERY_BEGIN, QueryParametersImpl.formatDate(beginDate));
    queryParameters.putSingle(QueryParameters.QUERY_END, QueryParametersImpl.formatDate(endDate));
    queryParameters.putSingle(QueryParameters.QUERY_EXPIRATION, QueryParametersImpl.formatDate(expirationDate));
    queryParameters.putSingle(QueryParameters.QUERY_AUTHORIZATIONS, queryAuthorizations);
    queryParameters.putSingle(QueryParameters.QUERY_PAGESIZE, String.valueOf(pagesize));
    queryParameters.putSingle(QueryParameters.QUERY_PAGETIMEOUT, String.valueOf(pageTimeout));
    queryParameters.putSingle(QueryParameters.QUERY_PERSISTENCE, persistenceMode.name());
    queryParameters.putSingle(QueryParameters.QUERY_TRACE, String.valueOf(trace));
    queryParameters.putSingle(ColumnVisibilitySecurityMarking.VISIBILITY_MARKING, queryVisibility);
    queryParameters.putSingle(QueryParameters.QUERY_PARAMS, "auditType:NONE;auditColumnVisibility:A&B&C&D;auditUserDN:" + userDN);
    queryParameters.putSingle("valid", "param");
    ColumnVisibilitySecurityMarking marking = new ColumnVisibilitySecurityMarking();
    marking.validate(queryParameters);
    QueryParameters qp = new QueryParametersImpl();
    qp.validate(queryParameters);
    MultivaluedMap<String, String> op = new MultivaluedMapImpl<>();
    op.putAll(qp.getUnknownParameters(queryParameters));
    // op.putSingle(PrivateAuditConstants.AUDIT_TYPE, AuditType.NONE.name());
    op.putSingle(PrivateAuditConstants.LOGIC_CLASS, queryLogicName);
    op.putSingle(PrivateAuditConstants.COLUMN_VISIBILITY, queryVisibility);
    op.putSingle(PrivateAuditConstants.USER_DN, userDNpair.subjectDN());
    // Set expectations of the create logic
    queryLogic1.validate(queryParameters);
    expect(this.queryLogicFactory.getQueryLogic(queryLogicName, this.principal)).andReturn((QueryLogic) this.queryLogic1);
    expect(this.queryLogic1.getMaxPageSize()).andReturn(1000).times(2);
    expect(this.context.getCallerPrincipal()).andReturn(this.principal).anyTimes();
    expect(this.principal.getName()).andReturn(userName);
    expect(this.principal.getShortName()).andReturn(userSid);
    expect(this.principal.getUserDN()).andReturn(userDNpair);
    expect(this.principal.getDNs()).andReturn(new String[] { userDN });
    expect(this.principal.getProxyServers()).andReturn(new ArrayList<>(0)).anyTimes();
    expect(this.queryLogic1.containsDNWithAccess(Collections.singletonList(userDN))).andReturn(true);
    expect(this.queryLogic1.getAuditType(null)).andReturn(AuditType.NONE);
    expect(this.principal.getAuthorizations()).andReturn((Collection) Arrays.asList(Arrays.asList(queryAuthorizations)));
    expect(this.principal.getPrimaryUser()).andReturn(dwUser);
    expect(this.dwUser.getAuths()).andReturn(Collections.singleton(queryAuthorizations));
    expect(this.principal.getProxiedUsers()).andReturn(Collections.singletonList(dwUser));
    expect(persister.create(eq(userDNpair.subjectDN()), eq(dnList), eq(marking), eq(queryLogicName), eq(qp), eq(op))).andReturn(this.query);
    expect(this.queryLogic1.getAuditType(this.query)).andReturn(AuditType.NONE);
    expect(this.queryLogic1.getConnectionPriority()).andReturn(Priority.NORMAL);
    expect(this.queryLogic1.getConnPoolName()).andReturn("connPool1");
    expect(this.connectionFactory.getTrackingMap(isA(StackTraceElement[].class))).andReturn(null);
    expect(this.connectionFactory.getConnection("connPool1", Priority.NORMAL, null)).andReturn(this.connector);
    expect(this.traceInfos.get(userSid)).andReturn(new ArrayList<>(0));
    expect(this.traceInfos.get(null)).andReturn(Arrays.asList(PatternWrapper.wrap("NONMATCHING_REGEX")));
    expect(this.qlCache.add(queryId.toString(), userSid, this.queryLogic1, this.connector)).andReturn(true);
    expect(this.queryLogic1.getCollectQueryMetrics()).andReturn(true);
    expect(this.query.getOwner()).andReturn(userSid).anyTimes();
    expect(this.query.getId()).andReturn(queryId).anyTimes();
    expect(this.query.getQuery()).andReturn(queryName).anyTimes();
    expect(this.query.getQueryLogicName()).andReturn(queryLogicName).anyTimes();
    expect(this.query.getBeginDate()).andReturn(null).anyTimes();
    expect(this.query.getEndDate()).andReturn(null).anyTimes();
    expect(this.query.getColumnVisibility()).andReturn(null).anyTimes();
    expect(this.query.getQueryAuthorizations()).andReturn(queryAuthorizations).anyTimes();
    expect(this.query.getQueryName()).andReturn(null).anyTimes();
    expect(this.query.getPagesize()).andReturn(0).anyTimes();
    expect(this.query.getPageTimeout()).andReturn(-1).anyTimes();
    expect(this.query.getExpirationDate()).andReturn(null).anyTimes();
    expect(this.query.getParameters()).andReturn((Set) Collections.emptySet()).anyTimes();
    expect(this.query.getUncaughtExceptionHandler()).andReturn(new QueryUncaughtExceptionHandler()).anyTimes();
    this.metrics.updateMetric(isA(QueryMetric.class));
    PowerMock.expectLastCall().times(2);
    expect(this.query.getUserDN()).andReturn(userDN).anyTimes();
    expect(this.query.getDnList()).andReturn(dnList).anyTimes();
    expect(this.queryLogic1.getResultLimit(dnList)).andReturn(-1L);
    expect(this.queryLogic1.getMaxResults()).andReturn(-1L);
    expect(this.queryLogic1.initialize(eq(this.connector), eq(this.query), isA(Set.class))).andReturn(this.genericConfiguration);
    this.queryLogic1.setupQuery(this.genericConfiguration);
    expect(this.queryLogic1.getTransformIterator(this.query)).andReturn(this.transformIterator);
    expect(this.genericConfiguration.getQueryString()).andReturn(queryName).once();
    cache.put(eq(queryId.toString()), isA(RunningQuery.class));
    expect(this.qlCache.poll(queryId.toString())).andReturn(null);
    // Set expectations of the next logic
    expect(this.principal.getName()).andReturn(userName);
    expect(this.principal.getShortName()).andReturn(userSid);
    expect(this.context.getUserTransaction()).andReturn(this.transaction).anyTimes();
    this.transaction.begin();
    expect(this.cache.get(queryId.toString())).andReturn(this.runningQuery);
    expect(cache.lock(queryId.toString())).andReturn(true);
    expect(this.runningQuery.getSettings()).andReturn(this.query);
    this.connectionRequestBean.requestBegin(queryId.toString());
    expect(this.runningQuery.getConnection()).andReturn(this.connector);
    this.connectionRequestBean.requestEnd(queryId.toString());
    this.runningQuery.setActiveCall(true);
    expectLastCall();
    expect(this.runningQuery.getTraceInfo()).andReturn(this.traceInfo);
    expect(this.runningQuery.next()).andReturn(this.resultsPage);
    expect(this.runningQuery.getLastPageNumber()).andReturn(pageNumber);
    expect(this.runningQuery.getLogic()).andReturn((QueryLogic) this.queryLogic1).times(2);
    expect(this.runningQuery.getSettings()).andReturn(this.query).anyTimes();
    expect(this.queryLogic1.getTransformer(this.query)).andReturn(this.transformer);
    expect(this.transformer.createResponse(this.resultsPage)).andReturn(this.baseResponse);
    expect(this.resultsPage.getResults()).andReturn(Arrays.asList((Object) "result1")).times(2);
    this.baseResponse.setHasResults(true);
    this.baseResponse.setPageNumber(pageNumber);
    expect(this.queryLogic1.getLogicName()).andReturn(queryLogicName);
    this.baseResponse.setLogicName(queryLogicName);
    this.baseResponse.setQueryId(queryId.toString());
    expect(this.runningQuery.getMetric()).andReturn(this.queryMetric);
    this.runningQuery.setActiveCall(false);
    expectLastCall();
    this.queryMetric.setProxyServers(eq(new ArrayList<>(0)));
    expect(this.responseObjectFactory.getEventQueryResponse()).andReturn(new DefaultEventQueryResponse());
    cache.unlock(queryId.toString());
    expect(this.transaction.getStatus()).andReturn(Status.STATUS_ACTIVE).anyTimes();
    this.transaction.commit();
    // Run the test
    PowerMock.replayAll();
    QueryExecutorBean subject = new QueryExecutorBean();
    setInternalState(subject, EJBContext.class, context);
    setInternalState(subject, AccumuloConnectionFactory.class, connectionFactory);
    setInternalState(subject, ResponseObjectFactory.class, responseObjectFactory);
    setInternalState(subject, CreatedQueryLogicCacheBean.class, qlCache);
    setInternalState(subject, QueryCache.class, cache);
    setInternalState(subject, ClosedQueryCache.class, closedCache);
    setInternalState(subject, Persister.class, persister);
    setInternalState(subject, QueryLogicFactoryImpl.class, queryLogicFactory);
    setInternalState(subject, QueryExpirationConfiguration.class, queryExpirationConf);
    setInternalState(subject, AuditBean.class, auditor);
    setInternalState(subject, QueryMetricsBean.class, metrics);
    setInternalState(subject, Multimap.class, traceInfos);
    setInternalState(subject, SecurityMarking.class, new ColumnVisibilitySecurityMarking());
    setInternalState(subject, QueryParameters.class, new QueryParametersImpl());
    setInternalState(subject, QueryMetricFactory.class, new QueryMetricFactoryImpl());
    setInternalState(connectionRequestBean, EJBContext.class, context);
    setInternalState(subject, AccumuloConnectionRequestBean.class, connectionRequestBean);
    BaseQueryResponse result1 = subject.createQueryAndNext(queryLogicName, queryParameters);
    PowerMock.verifyAll();
    // Verify results
    assertNotNull("Expected a non-null response", result1);
}
Also used : Set(java.util.Set) TreeSet(java.util.TreeSet) HashSet(java.util.HashSet) DefaultEventQueryResponse(datawave.webservice.result.DefaultEventQueryResponse) HashMap(java.util.HashMap) MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap) ArrayList(java.util.ArrayList) QueryUncaughtExceptionHandler(datawave.webservice.query.util.QueryUncaughtExceptionHandler) QueryMetric(datawave.microservice.querymetric.QueryMetric) QueryPersistence(datawave.webservice.query.QueryPersistence) BaseQueryResponse(datawave.webservice.result.BaseQueryResponse) UUID(java.util.UUID) QueryMetricFactoryImpl(datawave.microservice.querymetric.QueryMetricFactoryImpl) SubjectIssuerDNPair(datawave.security.authorization.SubjectIssuerDNPair) MultivaluedMapImpl(org.jboss.resteasy.specimpl.MultivaluedMapImpl) QueryParameters(datawave.webservice.query.QueryParameters) BaseQueryLogic(datawave.webservice.query.logic.BaseQueryLogic) QueryLogic(datawave.webservice.query.logic.QueryLogic) QueryParametersImpl(datawave.webservice.query.QueryParametersImpl) Date(java.util.Date) ColumnVisibilitySecurityMarking(datawave.marking.ColumnVisibilitySecurityMarking) Collection(java.util.Collection) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 14 with ColumnVisibilitySecurityMarking

use of datawave.marking.ColumnVisibilitySecurityMarking in project datawave by NationalSecurityAgency.

the class ExtendedQueryExecutorBeanTest method testCreateQueryAndNext_HappyPath.

@SuppressWarnings({ "rawtypes", "unchecked" })
@Test
public void testCreateQueryAndNext_HappyPath() throws Exception {
    // Set local test input
    String queryLogicName = "queryLogicName";
    String query = "query";
    String queryName = "queryName";
    String queryVisibility = "A&B";
    long currentTime = System.currentTimeMillis();
    Date beginDate = new Date(currentTime - 5000);
    Date endDate = new Date(currentTime - 1000);
    String queryAuthorizations = "AUTH_1";
    Date expirationDate = new Date(currentTime + 999999);
    int pagesize = 10;
    int pageTimeout = -1;
    QueryPersistence persistenceMode = QueryPersistence.PERSISTENT;
    boolean trace = false;
    String userName = "userName";
    String userSid = "userSid";
    String userDN = "userdn";
    SubjectIssuerDNPair userDNpair = SubjectIssuerDNPair.of(userDN);
    List<String> dnList = Collections.singletonList(userDN);
    UUID queryId = UUID.randomUUID();
    long pageNumber = 0L;
    HashMap<String, Collection<String>> authsMap = new HashMap<>();
    authsMap.put("userdn", Arrays.asList(queryAuthorizations));
    MultivaluedMap<String, String> queryParameters = new MultivaluedMapImpl<>();
    queryParameters.putSingle(QueryParameters.QUERY_STRING, query);
    queryParameters.putSingle(QueryParameters.QUERY_NAME, queryName);
    queryParameters.putSingle(QueryParameters.QUERY_LOGIC_NAME, queryLogicName);
    queryParameters.putSingle(QueryParameters.QUERY_BEGIN, QueryParametersImpl.formatDate(beginDate));
    queryParameters.putSingle(QueryParameters.QUERY_END, QueryParametersImpl.formatDate(endDate));
    queryParameters.putSingle(QueryParameters.QUERY_EXPIRATION, QueryParametersImpl.formatDate(expirationDate));
    queryParameters.putSingle(QueryParameters.QUERY_AUTHORIZATIONS, queryAuthorizations);
    queryParameters.putSingle(QueryParameters.QUERY_PAGESIZE, String.valueOf(pagesize));
    queryParameters.putSingle(QueryParameters.QUERY_PAGETIMEOUT, String.valueOf(pageTimeout));
    queryParameters.putSingle(QueryParameters.QUERY_PERSISTENCE, persistenceMode.name());
    queryParameters.putSingle(QueryParameters.QUERY_TRACE, String.valueOf(trace));
    queryParameters.putSingle(ColumnVisibilitySecurityMarking.VISIBILITY_MARKING, queryVisibility);
    queryParameters.putSingle("valid", "param");
    ColumnVisibilitySecurityMarking marking = new ColumnVisibilitySecurityMarking();
    marking.validate(queryParameters);
    QueryParameters qp = new QueryParametersImpl();
    qp.validate(queryParameters);
    MultivaluedMap<String, String> op = new MultivaluedMapImpl<>();
    op.putAll(qp.getUnknownParameters(queryParameters));
    // op.putSingle(PrivateAuditConstants.AUDIT_TYPE, AuditType.NONE.name());
    op.putSingle(PrivateAuditConstants.LOGIC_CLASS, queryLogicName);
    op.putSingle(PrivateAuditConstants.COLUMN_VISIBILITY, queryVisibility);
    op.putSingle(PrivateAuditConstants.USER_DN, userDNpair.subjectDN());
    // Set expectations of the create logic
    queryLogic1.validate(queryParameters);
    expect(this.queryLogicFactory.getQueryLogic(queryLogicName, this.principal)).andReturn((QueryLogic) this.queryLogic1);
    expect(this.queryLogic1.getMaxPageSize()).andReturn(1000).times(2);
    expect(this.context.getCallerPrincipal()).andReturn(this.principal).anyTimes();
    expect(this.principal.getName()).andReturn(userName);
    expect(this.principal.getShortName()).andReturn(userSid);
    expect(this.principal.getUserDN()).andReturn(userDNpair);
    expect(this.principal.getDNs()).andReturn(new String[] { userDN });
    expect(this.principal.getProxyServers()).andReturn(new ArrayList<>(0)).anyTimes();
    expect(this.queryLogic1.containsDNWithAccess(Collections.singletonList(userDN))).andReturn(true);
    expect(this.queryLogic1.getAuditType(null)).andReturn(AuditType.NONE);
    expect(this.principal.getAuthorizations()).andReturn((Collection) Arrays.asList(Arrays.asList(queryAuthorizations)));
    expect(persister.create(eq(userDNpair.subjectDN()), eq(dnList), eq(marking), eq(queryLogicName), eq(qp), eq(op))).andReturn(this.query);
    expect(this.queryLogic1.getAuditType(this.query)).andReturn(AuditType.NONE);
    expect(this.queryLogic1.getConnectionPriority()).andReturn(Priority.NORMAL);
    expect(this.queryLogic1.getConnPoolName()).andReturn("connPool1");
    expect(this.connectionFactory.getTrackingMap(isA(StackTraceElement[].class))).andReturn(null);
    this.connectionRequestBean.requestBegin(queryId.toString());
    expect(this.connectionFactory.getConnection("connPool1", Priority.NORMAL, null)).andReturn(this.connector);
    this.connectionRequestBean.requestEnd(queryId.toString());
    expect(this.traceInfos.get(userSid)).andReturn(new ArrayList<>(0));
    expect(this.traceInfos.get(null)).andReturn(Arrays.asList(PatternWrapper.wrap("NONMATCHING_REGEX")));
    expect(this.qlCache.add(queryId.toString(), userSid, this.queryLogic1, this.connector)).andReturn(true);
    expect(this.queryLogic1.getCollectQueryMetrics()).andReturn(true);
    expect(this.principal.getPrimaryUser()).andReturn(dwUser);
    expect(this.dwUser.getAuths()).andReturn(Collections.singleton(queryAuthorizations));
    expect(this.principal.getProxiedUsers()).andReturn(Collections.singletonList(dwUser));
    expect(this.query.getOwner()).andReturn(userSid).anyTimes();
    expect(this.query.getId()).andReturn(queryId).anyTimes();
    expect(this.query.getQuery()).andReturn(queryName).anyTimes();
    expect(this.query.getQueryLogicName()).andReturn(queryLogicName).anyTimes();
    expect(this.query.getBeginDate()).andReturn(null).anyTimes();
    expect(this.query.getEndDate()).andReturn(null).anyTimes();
    expect(this.query.getColumnVisibility()).andReturn(null).anyTimes();
    expect(this.query.getQueryAuthorizations()).andReturn(queryAuthorizations).anyTimes();
    expect(this.query.getQueryName()).andReturn(null).anyTimes();
    expect(this.query.getPagesize()).andReturn(0).anyTimes();
    expect(this.query.getExpirationDate()).andReturn(null).anyTimes();
    expect(this.query.getParameters()).andReturn((Set) Collections.emptySet()).anyTimes();
    expect(this.query.getUncaughtExceptionHandler()).andReturn(new QueryUncaughtExceptionHandler()).anyTimes();
    this.metrics.updateMetric(isA(QueryMetric.class));
    PowerMock.expectLastCall().times(2);
    expect(this.query.getUserDN()).andReturn(userDN).anyTimes();
    expect(this.query.getDnList()).andReturn(dnList).anyTimes();
    expect(this.queryLogic1.getResultLimit(dnList)).andReturn(-1L);
    expect(this.queryLogic1.getMaxResults()).andReturn(-1L);
    expect(this.queryLogic1.initialize(eq(this.connector), eq(this.query), isA(Set.class))).andReturn(this.genericConfiguration);
    this.queryLogic1.setupQuery(this.genericConfiguration);
    expect(this.queryLogic1.getTransformIterator(this.query)).andReturn(this.transformIterator);
    cache.put(eq(queryId.toString()), isA(RunningQuery.class));
    expect(this.genericConfiguration.getQueryString()).andReturn(queryName).once();
    expect(this.qlCache.poll(queryId.toString())).andReturn(null);
    // Set expectations of the next logic
    expect(this.principal.getName()).andReturn(userName);
    expect(this.principal.getShortName()).andReturn(userSid);
    expect(this.context.getUserTransaction()).andReturn(this.transaction).anyTimes();
    this.transaction.begin();
    expect(this.cache.get(queryId.toString())).andReturn(this.runningQuery);
    expect(cache.lock(queryId.toString())).andReturn(true);
    expect(this.runningQuery.getSettings()).andReturn(this.query);
    expect(this.runningQuery.getConnection()).andReturn(this.connector);
    this.runningQuery.setActiveCall(true);
    expectLastCall();
    expect(this.runningQuery.getTraceInfo()).andReturn(this.traceInfo);
    expect(this.runningQuery.next()).andReturn(this.resultsPage);
    expect(this.runningQuery.getLastPageNumber()).andReturn(pageNumber);
    expect(this.runningQuery.getLogic()).andReturn((QueryLogic) this.queryLogic1).times(2);
    expect(this.runningQuery.getSettings()).andReturn(this.query).anyTimes();
    expect(this.queryLogic1.getTransformer(this.query)).andReturn(this.transformer);
    expect(this.transformer.createResponse(this.resultsPage)).andReturn(this.baseResponse);
    expect(this.resultsPage.getResults()).andReturn(Arrays.asList((Object) "result1")).times(2);
    this.baseResponse.setHasResults(true);
    this.baseResponse.setPageNumber(pageNumber);
    expect(this.queryLogic1.getLogicName()).andReturn(queryLogicName);
    this.baseResponse.setLogicName(queryLogicName);
    this.baseResponse.setQueryId(queryId.toString());
    expect(this.runningQuery.getMetric()).andReturn(this.queryMetric);
    this.runningQuery.setActiveCall(false);
    expectLastCall();
    this.queryMetric.setProxyServers(eq(new ArrayList<>(0)));
    expect(this.responseObjectFactory.getEventQueryResponse()).andReturn(new DefaultEventQueryResponse());
    cache.unlock(queryId.toString());
    expect(this.transaction.getStatus()).andReturn(Status.STATUS_ACTIVE).anyTimes();
    this.transaction.commit();
    // Run the test
    PowerMock.replayAll();
    QueryExecutorBean subject = new QueryExecutorBean();
    setInternalState(subject, EJBContext.class, context);
    setInternalState(subject, AccumuloConnectionFactory.class, connectionFactory);
    setInternalState(subject, ResponseObjectFactory.class, responseObjectFactory);
    setInternalState(subject, CreatedQueryLogicCacheBean.class, qlCache);
    setInternalState(subject, QueryCache.class, cache);
    setInternalState(subject, ClosedQueryCache.class, closedCache);
    setInternalState(subject, Persister.class, persister);
    setInternalState(subject, QueryLogicFactoryImpl.class, queryLogicFactory);
    setInternalState(subject, QueryExpirationConfiguration.class, queryExpirationConf);
    setInternalState(subject, AuditBean.class, auditor);
    setInternalState(subject, QueryMetricsBean.class, metrics);
    setInternalState(subject, Multimap.class, traceInfos);
    setInternalState(subject, SecurityMarking.class, new ColumnVisibilitySecurityMarking());
    setInternalState(subject, QueryParameters.class, new QueryParametersImpl());
    setInternalState(subject, QueryMetricFactory.class, new QueryMetricFactoryImpl());
    setInternalState(connectionRequestBean, EJBContext.class, context);
    setInternalState(subject, AccumuloConnectionRequestBean.class, connectionRequestBean);
    BaseQueryResponse result1 = subject.createQueryAndNext(queryLogicName, queryParameters);
    PowerMock.verifyAll();
    // Verify results
    assertNotNull("Expected a non-null response", result1);
}
Also used : Set(java.util.Set) TreeSet(java.util.TreeSet) HashSet(java.util.HashSet) DefaultEventQueryResponse(datawave.webservice.result.DefaultEventQueryResponse) HashMap(java.util.HashMap) MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap) ArrayList(java.util.ArrayList) QueryUncaughtExceptionHandler(datawave.webservice.query.util.QueryUncaughtExceptionHandler) QueryMetric(datawave.microservice.querymetric.QueryMetric) QueryPersistence(datawave.webservice.query.QueryPersistence) BaseQueryResponse(datawave.webservice.result.BaseQueryResponse) UUID(java.util.UUID) QueryMetricFactoryImpl(datawave.microservice.querymetric.QueryMetricFactoryImpl) SubjectIssuerDNPair(datawave.security.authorization.SubjectIssuerDNPair) MultivaluedMapImpl(org.jboss.resteasy.specimpl.MultivaluedMapImpl) QueryParameters(datawave.webservice.query.QueryParameters) BaseQueryLogic(datawave.webservice.query.logic.BaseQueryLogic) QueryLogic(datawave.webservice.query.logic.QueryLogic) QueryParametersImpl(datawave.webservice.query.QueryParametersImpl) Date(java.util.Date) ColumnVisibilitySecurityMarking(datawave.marking.ColumnVisibilitySecurityMarking) Collection(java.util.Collection) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 15 with ColumnVisibilitySecurityMarking

use of datawave.marking.ColumnVisibilitySecurityMarking in project datawave by NationalSecurityAgency.

the class ExtendedQueryExecutorBeanTest method testDefineQuery_userNotInAllowedDNs.

@Test
public void testDefineQuery_userNotInAllowedDNs() throws Exception {
    // Set local test input
    String queryLogicName = "queryLogicName";
    String query = "query";
    String queryName = "queryName";
    String queryVisibility = "A&B";
    long currentTime = System.currentTimeMillis();
    Date beginDate = new Date(currentTime - 5000);
    Date endDate = new Date(currentTime - 1000);
    String queryAuthorizations = "AUTH_1";
    Date expirationDate = new Date(currentTime + 9999);
    int pagesize = 1000;
    int pageTimeout = -1;
    Long maxResultsOverride = null;
    QueryPersistence persistenceMode = QueryPersistence.PERSISTENT;
    String parameters = null;
    boolean trace = false;
    // Set expectations
    MultivaluedMap<String, String> queryParameters = new MultivaluedMapImpl<>();
    queryParameters.putAll(QueryParametersImpl.paramsToMap(queryLogicName, query, queryName, queryVisibility, beginDate, endDate, queryAuthorizations, expirationDate, pagesize, pageTimeout, maxResultsOverride, persistenceMode, parameters, trace));
    ColumnVisibilitySecurityMarking marking = new ColumnVisibilitySecurityMarking();
    marking.validate(queryParameters);
    QueryParameters qp = new QueryParametersImpl();
    qp.validate(queryParameters);
    MultivaluedMap<String, String> op = new MultivaluedMapImpl<>();
    op.putAll(qp.getUnknownParameters(queryParameters));
    op.putSingle(PrivateAuditConstants.LOGIC_CLASS, queryLogicName);
    op.putSingle(PrivateAuditConstants.COLUMN_VISIBILITY, queryVisibility);
    expect(this.queryLogicFactory.getQueryLogic(queryLogicName, this.principal)).andReturn((QueryLogic) this.queryLogic1);
    expect(this.context.getCallerPrincipal()).andReturn(this.principal).anyTimes();
    queryLogic1.validate(queryParameters);
    expect(this.principal.getName()).andReturn("userName Full");
    expect(this.principal.getShortName()).andReturn("userName");
    expect(this.principal.getUserDN()).andReturn(SubjectIssuerDNPair.of("userDN"));
    expect(this.principal.getDNs()).andReturn(new String[] { "userDN" });
    expect(this.principal.getProxyServers()).andReturn(new ArrayList<>(0)).anyTimes();
    expect(this.queryLogic1.containsDNWithAccess(Collections.singletonList("userDN"))).andReturn(false);
    // Run the test
    PowerMock.replayAll();
    QueryExecutorBean subject = new QueryExecutorBean();
    setInternalState(subject, EJBContext.class, context);
    setInternalState(subject, QueryLogicFactory.class, queryLogicFactory);
    setInternalState(subject, QueryExpirationConfiguration.class, queryExpirationConf);
    setInternalState(subject, SecurityMarking.class, new ColumnVisibilitySecurityMarking());
    setInternalState(subject, QueryParameters.class, new QueryParametersImpl());
    setInternalState(subject, QueryMetricFactory.class, new QueryMetricFactoryImpl());
    Throwable result1 = null;
    try {
        subject.defineQuery(queryLogicName, queryParameters);
    } catch (DatawaveWebApplicationException e) {
        result1 = e.getCause();
    }
    PowerMock.verifyAll();
    // Verify results
    assertTrue("QueryException expected to have been thrown", result1 instanceof QueryException);
    assertEquals("Thrown exception expected to have been due to access denied", "401", ((QueryException) result1).getErrorCode());
    assertEquals("Thrown exception expected to detail reason for access denial", "None of the DNs used have access to this query logic: [userDN]", result1.getMessage());
}
Also used : ArrayList(java.util.ArrayList) MultivaluedMapImpl(org.jboss.resteasy.specimpl.MultivaluedMapImpl) QueryParameters(datawave.webservice.query.QueryParameters) QueryParametersImpl(datawave.webservice.query.QueryParametersImpl) Date(java.util.Date) ColumnVisibilitySecurityMarking(datawave.marking.ColumnVisibilitySecurityMarking) NoResultsQueryException(datawave.webservice.query.exception.NoResultsQueryException) QueryException(datawave.webservice.query.exception.QueryException) QueryPersistence(datawave.webservice.query.QueryPersistence) DatawaveWebApplicationException(datawave.webservice.common.exception.DatawaveWebApplicationException) QueryMetricFactoryImpl(datawave.microservice.querymetric.QueryMetricFactoryImpl) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Aggregations

ColumnVisibilitySecurityMarking (datawave.marking.ColumnVisibilitySecurityMarking)16 QueryMetricFactoryImpl (datawave.microservice.querymetric.QueryMetricFactoryImpl)16 QueryParametersImpl (datawave.webservice.query.QueryParametersImpl)16 QueryPersistence (datawave.webservice.query.QueryPersistence)15 Date (java.util.Date)15 MultivaluedMapImpl (org.jboss.resteasy.specimpl.MultivaluedMapImpl)15 Test (org.junit.Test)15 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)15 QueryParameters (datawave.webservice.query.QueryParameters)14 ArrayList (java.util.ArrayList)13 SubjectIssuerDNPair (datawave.security.authorization.SubjectIssuerDNPair)11 UUID (java.util.UUID)9 NoResultsQueryException (datawave.webservice.query.exception.NoResultsQueryException)8 DatawaveWebApplicationException (datawave.webservice.common.exception.DatawaveWebApplicationException)7 QueryException (datawave.webservice.query.exception.QueryException)7 Collection (java.util.Collection)7 HashMap (java.util.HashMap)6 HashSet (java.util.HashSet)6 Set (java.util.Set)6 TreeSet (java.util.TreeSet)6