You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by el...@apache.org on 2015/01/23 00:22:35 UTC
[3/3] accumulo git commit: ACCUMULO-3452 Use expected exception in IT.

ACCUMULO-3452 Use expected exception in IT.

Christopher recommended that the ExpectedException JUnit rule
could be used instead of the "expected" argument on the Test annotation
to provide better assertions.


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/7e61f976
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/7e61f976
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/7e61f976

Branch: refs/heads/master
Commit: 7e61f976b96dc7fbd3d43a7275168778f3dc3d2e
Parents: a139e7a
Author: Josh Elser <el...@apache.org>
Authored: Thu Jan 22 14:24:00 2015 -0500
Committer: Josh Elser <el...@apache.org>
Committed: Thu Jan 22 18:22:01 2015 -0500

----------------------------------------------------------------------
 .../org/apache/accumulo/proxy/ProxyServer.java  |  3 +-
 .../test/functional/KerberosProxyIT.java        | 49 +++++++++++++++++++-
 2 files changed, 49 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/7e61f976/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java
----------------------------------------------------------------------
diff --git a/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java b/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java
index 8499044..7f636d2 100644
--- a/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java
+++ b/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java
@@ -123,6 +123,7 @@ import com.google.common.cache.RemovalNotification;
 public class ProxyServer implements AccumuloProxy.Iface {
 
   public static final Logger logger = Logger.getLogger(ProxyServer.class);
+  public static final String RPC_ACCUMULO_PRINCIPAL_MISMATCH_MSG = "RPC principal did not match requested Accumulo principal";
   protected Instance instance;
 
   protected Class<? extends AuthenticationToken> tokenClass;
@@ -1542,7 +1543,7 @@ public class ProxyServer implements AccumuloProxy.Iface {
       String remoteUser = UGIAssumingProcessor.rpcPrincipal();
       if (null == remoteUser || !remoteUser.equals(principal)) {
         logger.error("Denying login from user " + remoteUser + " who attempted to log in as " + principal);
-        throw new org.apache.accumulo.proxy.thrift.AccumuloSecurityException("RPC principal did not match requested Accumulo principal");
+        throw new org.apache.accumulo.proxy.thrift.AccumuloSecurityException(RPC_ACCUMULO_PRINCIPAL_MISMATCH_MSG);
       }
     }
 

http://git-wip-us.apache.org/repos/asf/accumulo/blob/7e61f976/test/src/test/java/org/apache/accumulo/test/functional/KerberosProxyIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/KerberosProxyIT.java b/test/src/test/java/org/apache/accumulo/test/functional/KerberosProxyIT.java
index e4c46d6..60d07fa 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/KerberosProxyIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/KerberosProxyIT.java
@@ -42,6 +42,7 @@ import org.apache.accumulo.harness.TestingKdc;
 import org.apache.accumulo.minicluster.impl.MiniAccumuloClusterImpl;
 import org.apache.accumulo.minicluster.impl.MiniAccumuloConfigImpl;
 import org.apache.accumulo.proxy.Proxy;
+import org.apache.accumulo.proxy.ProxyServer;
 import org.apache.accumulo.proxy.thrift.AccumuloProxy;
 import org.apache.accumulo.proxy.thrift.AccumuloProxy.Client;
 import org.apache.accumulo.proxy.thrift.AccumuloSecurityException;
@@ -60,11 +61,15 @@ import org.apache.thrift.protocol.TCompactProtocol;
 import org.apache.thrift.transport.TSaslClientTransport;
 import org.apache.thrift.transport.TSocket;
 import org.apache.thrift.transport.TTransportException;
+import org.hamcrest.Description;
+import org.hamcrest.TypeSafeMatcher;
 import org.junit.After;
 import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
+import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.ExpectedException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -74,6 +79,9 @@ import org.slf4j.LoggerFactory;
 public class KerberosProxyIT extends AccumuloIT {
   private static final Logger log = LoggerFactory.getLogger(KerberosProxyIT.class);
 
+  @Rule
+  public ExpectedException thrown = ExpectedException.none();
+
   private static TestingKdc kdc;
   private static String krbEnabledForITs = null;
   private static File proxyKeytab;
@@ -284,7 +292,7 @@ public class KerberosProxyIT extends AccumuloIT {
     ugiTransport.close();
   }
 
-  @Test(expected = AccumuloSecurityException.class)
+  @Test
   public void testDisallowedClientForImpersonation() throws Exception {
     String user = testName.getMethodName();
     File keytab = new File(kdc.getKeytabDir(), user + ".keytab");
@@ -296,6 +304,16 @@ public class KerberosProxyIT extends AccumuloIT {
 
     log.info("Logged in as " + ugi);
 
+    // Expect an AccumuloSecurityException
+    thrown.expect(AccumuloSecurityException.class);
+    // Error msg would look like:
+    //
+    // org.apache.accumulo.core.client.AccumuloSecurityException: Error BAD_CREDENTIALS for user Principal in credentials object should match kerberos
+    // principal.
+    // Expected 'proxy/hw10447.local@EXAMPLE.COM' but was 'testDisallowedClientForImpersonation@EXAMPLE.COM' - Username or Password is Invalid)
+    thrown.expect(new ThriftExceptionMatchesPattern(".*Error BAD_CREDENTIALS.*"));
+    thrown.expect(new ThriftExceptionMatchesPattern(".*Expected '" + proxyPrincipal + "' but was '" + kdc.qualifyUser(user) + "'.*"));
+
     TSocket socket = new TSocket(hostname, proxyPort);
     log.info("Connecting to proxy with server primary '" + proxyPrimary + "' running on " + hostname);
 
@@ -321,8 +339,12 @@ public class KerberosProxyIT extends AccumuloIT {
     }
   }
 
-  @Test(expected = AccumuloSecurityException.class)
+  @Test
   public void testMismatchPrincipals() throws Exception {
+    // Should get an AccumuloSecurityException and the given message
+    thrown.expect(AccumuloSecurityException.class);
+    thrown.expect(new ThriftExceptionMatchesPattern(ProxyServer.RPC_ACCUMULO_PRINCIPAL_MISMATCH_MSG));
+
     // Make a new user
     String user = testName.getMethodName();
     File keytab = new File(kdc.getKeytabDir(), user + ".keytab");
@@ -359,4 +381,27 @@ public class KerberosProxyIT extends AccumuloIT {
       }
     }
   }
+
+  private static class ThriftExceptionMatchesPattern extends TypeSafeMatcher<AccumuloSecurityException> {
+    private String pattern;
+
+    public ThriftExceptionMatchesPattern(String pattern) {
+      this.pattern = pattern;
+    }
+
+    @Override
+    protected boolean matchesSafely(AccumuloSecurityException item) {
+      return item.isSetMsg() && item.msg.matches(pattern);
+    }
+
+    @Override
+    public void describeTo(Description description) {
+      description.appendText("matches pattern ").appendValue(pattern);
+    }
+
+    @Override
+    protected void describeMismatchSafely(AccumuloSecurityException item, Description mismatchDescription) {
+      mismatchDescription.appendText("does not match");
+    }
+  }
 }