use of org.apache.druid.server.security.Resource in project druid by druid-io.
the class OverlordResourceTest method setUp.
@Before
public void setUp() {
taskRunner = EasyMock.createMock(TaskRunner.class);
configManager = EasyMock.createMock(JacksonConfigManager.class);
provisioningStrategy = EasyMock.createMock(ProvisioningStrategy.class);
taskMaster = EasyMock.createStrictMock(TaskMaster.class);
taskStorageQueryAdapter = EasyMock.createStrictMock(TaskStorageQueryAdapter.class);
indexerMetadataStorageAdapter = EasyMock.createStrictMock(IndexerMetadataStorageAdapter.class);
req = EasyMock.createStrictMock(HttpServletRequest.class);
workerTaskRunnerQueryAdapter = EasyMock.createStrictMock(WorkerTaskRunnerQueryAdapter.class);
EasyMock.expect(taskMaster.getTaskRunner()).andReturn(Optional.of(taskRunner)).anyTimes();
AuthorizerMapper authMapper = new AuthorizerMapper(null) {
@Override
public Authorizer getAuthorizer(String name) {
return new Authorizer() {
@Override
public Access authorize(AuthenticationResult authenticationResult, Resource resource, Action action) {
final String username = authenticationResult.getIdentity();
switch(resource.getName()) {
case "allow":
return new Access(true);
case Datasources.WIKIPEDIA:
// Only "Wiki Reader" can read "wikipedia"
return new Access(action == Action.READ && Users.WIKI_READER.equals(username));
case Datasources.BUZZFEED:
// Only "Buzz Reader" can read "buzzfeed"
return new Access(action == Action.READ && Users.BUZZ_READER.equals(username));
default:
return new Access(false);
}
}
};
}
};
overlordResource = new OverlordResource(taskMaster, taskStorageQueryAdapter, indexerMetadataStorageAdapter, null, configManager, null, authMapper, workerTaskRunnerQueryAdapter, provisioningStrategy);
}
use of org.apache.druid.server.security.Resource in project druid by druid-io.
the class QueryResourceTest method testSecuredQuery.
@Test
public void testSecuredQuery() throws Exception {
EasyMock.expect(testServletRequest.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).anyTimes();
EasyMock.expect(testServletRequest.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).anyTimes();
EasyMock.expect(testServletRequest.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(AUTHENTICATION_RESULT).anyTimes();
testServletRequest.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, false);
EasyMock.expectLastCall().times(1);
testServletRequest.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
EasyMock.expectLastCall().times(1);
EasyMock.replay(testServletRequest);
AuthorizerMapper authMapper = new AuthorizerMapper(null) {
@Override
public Authorizer getAuthorizer(String name) {
return new Authorizer() {
@Override
public Access authorize(AuthenticationResult authenticationResult, Resource resource, Action action) {
if (resource.getName().equals("allow")) {
return new Access(true);
} else {
return new Access(false);
}
}
};
}
};
queryResource = new QueryResource(new QueryLifecycleFactory(WAREHOUSE, TEST_SEGMENT_WALKER, new DefaultGenericQueryMetricsFactory(), new NoopServiceEmitter(), testRequestLogger, new AuthConfig(), authMapper, Suppliers.ofInstance(new DefaultQueryConfig(ImmutableMap.of()))), jsonMapper, smileMapper, queryScheduler, new AuthConfig(), authMapper, ResponseContextConfig.newConfig(true), DRUID_NODE);
try {
queryResource.doPost(new ByteArrayInputStream(SIMPLE_TIMESERIES_QUERY.getBytes(StandardCharsets.UTF_8)), null, /*pretty*/
testServletRequest);
Assert.fail("doPost did not throw ForbiddenException for an unauthorized query");
} catch (ForbiddenException e) {
}
Response response = queryResource.doPost(new ByteArrayInputStream("{\"queryType\":\"timeBoundary\", \"dataSource\":\"allow\"}".getBytes(StandardCharsets.UTF_8)), null, /*pretty*/
testServletRequest);
final ByteArrayOutputStream baos = new ByteArrayOutputStream();
((StreamingOutput) response.getEntity()).write(baos);
final List<Result<TimeBoundaryResultValue>> responses = jsonMapper.readValue(baos.toByteArray(), new TypeReference<List<Result<TimeBoundaryResultValue>>>() {
});
Assert.assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
Assert.assertEquals(0, responses.size());
Assert.assertEquals(1, testRequestLogger.getNativeQuerylogs().size());
Assert.assertEquals(true, testRequestLogger.getNativeQuerylogs().get(0).getQueryStats().getStats().get("success"));
Assert.assertEquals("druid", testRequestLogger.getNativeQuerylogs().get(0).getQueryStats().getStats().get("identity"));
}
use of org.apache.druid.server.security.Resource in project druid by druid-io.
the class ResourceFilterTestHelper method setUpMockExpectations.
public void setUpMockExpectations(String requestPath, boolean authCheckResult, String requestMethod) {
EasyMock.expect(request.getPath()).andReturn(requestPath).anyTimes();
EasyMock.expect(request.getPathSegments()).andReturn(ImmutableList.copyOf(Iterables.transform(Arrays.asList(requestPath.split("/")), new Function<String, PathSegment>() {
@Override
public PathSegment apply(final String input) {
return new PathSegment() {
@Override
public String getPath() {
return input;
}
@Override
public MultivaluedMap<String, String> getMatrixParameters() {
return null;
}
};
}
}))).anyTimes();
EasyMock.expect(request.getMethod()).andReturn(requestMethod).anyTimes();
EasyMock.expect(req.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).anyTimes();
EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).anyTimes();
AuthenticationResult authenticationResult = new AuthenticationResult("druid", "druid", null, null);
EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(authenticationResult).atLeastOnce();
req.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, authCheckResult);
EasyMock.expectLastCall().anyTimes();
EasyMock.expect(authorizerMapper.getAuthorizer(EasyMock.anyString())).andReturn(new Authorizer() {
@Override
public Access authorize(AuthenticationResult authenticationResult1, Resource resource, Action action) {
return new Access(authCheckResult);
}
}).atLeastOnce();
}
use of org.apache.druid.server.security.Resource in project druid by druid-io.
the class DruidPlannerResourceAnalyzeTest method testSubquery.
@Test
public void testSubquery() {
final String sql = "SELECT COUNT(*)\n" + "FROM (\n" + " SELECT DISTINCT dim2\n" + " FROM druid.foo\n" + " WHERE SUBSTRING(dim2, 1, 1) IN (\n" + " SELECT SUBSTRING(dim1, 1, 1) FROM druid.numfoo WHERE dim1 IS NOT NULL\n" + " )\n" + ")";
Set<ResourceAction> requiredResources = analyzeResources(PLANNER_CONFIG_DEFAULT, sql, CalciteTests.REGULAR_USER_AUTH_RESULT);
Assert.assertEquals(ImmutableSet.of(new ResourceAction(new Resource("foo", ResourceType.DATASOURCE), Action.READ), new ResourceAction(new Resource("numfoo", ResourceType.DATASOURCE), Action.READ)), requiredResources);
}
use of org.apache.druid.server.security.Resource in project druid by druid-io.
the class DruidPlannerResourceAnalyzeTest method testSubqueryView.
@Test
public void testSubqueryView() {
final String sql = "SELECT COUNT(*)\n" + "FROM (\n" + " SELECT DISTINCT dim2\n" + " FROM druid.foo\n" + " WHERE SUBSTRING(dim2, 1, 1) IN (\n" + " SELECT SUBSTRING(dim1, 1, 1) FROM view.cview WHERE dim2 IS NOT NULL\n" + " )\n" + ")";
Set<ResourceAction> requiredResources = analyzeResources(PLANNER_CONFIG_DEFAULT, sql, CalciteTests.REGULAR_USER_AUTH_RESULT);
Assert.assertEquals(ImmutableSet.of(new ResourceAction(new Resource("foo", ResourceType.DATASOURCE), Action.READ), new ResourceAction(new Resource("cview", ResourceType.VIEW), Action.READ)), requiredResources);
}
Aggregations