You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@iotdb.apache.org by ge...@apache.org on 2020/12/15 10:17:50 UTC
[iotdb] 01/01: add test.
This is an automated email from the ASF dual-hosted git repository.
geniuspig pushed a commit to branch refactor_auth_test
in repository https://gitbox.apache.org/repos/asf/iotdb.git
commit c1ce1230c808852746f8b6d6d7a8297a7cf81080
Author: Boris <96...@qq.com>
AuthorDate: Tue Dec 15 18:17:25 2020 +0800
add test.
---
.../org/apache/iotdb/db/auth/AuthException.java | 5 -
.../iotdb/db/auth/authorizer/BasicAuthorizer.java | 2 +-
.../db/auth/authorizer/LocalFileAuthorizer.java | 2 +-
.../iotdb/db/auth/authorizer/OpenIdAuthorizer.java | 10 +-
.../apache/iotdb/db/auth/AuthorityCheckerTest.java | 133 ++++++++++
.../{ => authorizer}/LocalFileAuthorizerTest.java | 295 ++++++++++-----------
.../db/auth/authorizer/OpenIdAuthorizerTest.java | 103 ++++---
.../iotdb/db/auth/entity/PathPrivilegeTest.java} | 42 ++-
.../org/apache/iotdb/db/auth/entity/RoleTest.java} | 43 ++-
.../org/apache/iotdb/db/auth/entity/UserTest.java | 46 ++++
.../auth/{ => role}/LocalFileRoleAccessorTest.java | 13 +-
.../auth/{ => role}/LocalFileRoleManagerTest.java | 45 ++--
.../auth/{ => user}/LocalFileUserAccessorTest.java | 13 +-
.../auth/{ => user}/LocalFileUserManagerTest.java | 69 ++---
.../apache/iotdb/session/IoTDBSessionSimpleIT.java | 28 ++
15 files changed, 536 insertions(+), 313 deletions(-)
diff --git a/server/src/main/java/org/apache/iotdb/db/auth/AuthException.java b/server/src/main/java/org/apache/iotdb/db/auth/AuthException.java
index c066de4..1410855 100644
--- a/server/src/main/java/org/apache/iotdb/db/auth/AuthException.java
+++ b/server/src/main/java/org/apache/iotdb/db/auth/AuthException.java
@@ -37,9 +37,4 @@ public class AuthException extends Exception {
super(cause);
}
- protected AuthException(String message, Throwable cause, boolean enableSuppression,
- boolean writableStackTrace) {
- super(message, cause, enableSuppression, writableStackTrace);
- }
-
}
diff --git a/server/src/main/java/org/apache/iotdb/db/auth/authorizer/BasicAuthorizer.java b/server/src/main/java/org/apache/iotdb/db/auth/authorizer/BasicAuthorizer.java
index d162a04..68d0bed 100644
--- a/server/src/main/java/org/apache/iotdb/db/auth/authorizer/BasicAuthorizer.java
+++ b/server/src/main/java/org/apache/iotdb/db/auth/authorizer/BasicAuthorizer.java
@@ -81,7 +81,7 @@ public abstract class BasicAuthorizer implements IAuthorizer, IService {
private static IAuthorizer instance;
static {
- Class<BasicAuthorizer> c = null;
+ Class<BasicAuthorizer> c;
try {
c = (Class<BasicAuthorizer>) Class.forName(IoTDBDescriptor.getInstance().getConfig().getAuthorizerProvider());
logger.info("Authorizer provider class: {}", IoTDBDescriptor.getInstance().getConfig().getAuthorizerProvider());
diff --git a/server/src/main/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizer.java b/server/src/main/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizer.java
index b040fcf..93636b4 100644
--- a/server/src/main/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizer.java
+++ b/server/src/main/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizer.java
@@ -28,7 +28,7 @@ import org.apache.iotdb.db.conf.IoTDBDescriptor;
public class LocalFileAuthorizer extends BasicAuthorizer {
- private static IoTDBConfig config = IoTDBDescriptor.getInstance().getConfig();
+ private static final IoTDBConfig config = IoTDBDescriptor.getInstance().getConfig();
public LocalFileAuthorizer() throws AuthException {
super(new LocalFileUserManager(config.getSystemDir() + File.separator + "users"),
diff --git a/server/src/main/java/org/apache/iotdb/db/auth/authorizer/OpenIdAuthorizer.java b/server/src/main/java/org/apache/iotdb/db/auth/authorizer/OpenIdAuthorizer.java
index c2d6f55..9b1070e 100644
--- a/server/src/main/java/org/apache/iotdb/db/auth/authorizer/OpenIdAuthorizer.java
+++ b/server/src/main/java/org/apache/iotdb/db/auth/authorizer/OpenIdAuthorizer.java
@@ -59,12 +59,12 @@ public class OpenIdAuthorizer extends BasicAuthorizer {
public static final String IOTDB_ADMIN_ROLE_NAME = "iotdb_admin";
public static final String OPENID_USER_PREFIX = "openid-";
- private static IoTDBConfig config = IoTDBDescriptor.getInstance().getConfig();
+ private static final IoTDBConfig config = IoTDBDescriptor.getInstance().getConfig();
- private RSAPublicKey providerKey;
+ private final RSAPublicKey providerKey;
/** Stores all claims to the respective user */
- private Map<String, Claims> loggedClaims = new HashMap<>();
+ private final Map<String, Claims> loggedClaims = new HashMap<>();
public OpenIdAuthorizer() throws AuthException, ParseException, IOException, URISyntaxException {
this(config.getOpenIdProviderUrl());
@@ -82,10 +82,10 @@ public class OpenIdAuthorizer extends BasicAuthorizer {
}
OpenIdAuthorizer(String providerUrl) throws AuthException, URISyntaxException, ParseException, IOException {
- this(getJWKfromProvider(providerUrl));
+ this(getJWKFromProvider(providerUrl));
}
- private static JSONObject getJWKfromProvider(String providerUrl) throws URISyntaxException, IOException, ParseException, AuthException {
+ private static JSONObject getJWKFromProvider(String providerUrl) throws URISyntaxException, IOException, ParseException, AuthException {
if (providerUrl == null) {
throw new IllegalArgumentException("OpenID Connect Provider URI must be given!");
}
diff --git a/server/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java b/server/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java
new file mode 100644
index 0000000..7017712
--- /dev/null
+++ b/server/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java
@@ -0,0 +1,133 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.iotdb.db.auth;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+import org.apache.iotdb.db.auth.authorizer.BasicAuthorizer;
+import org.apache.iotdb.db.auth.authorizer.IAuthorizer;
+import org.apache.iotdb.db.auth.entity.PathPrivilege;
+import org.apache.iotdb.db.auth.entity.User;
+import org.apache.iotdb.db.exception.metadata.IllegalPathException;
+import org.apache.iotdb.db.metadata.PartialPath;
+import org.apache.iotdb.db.qp.logical.Operator.OperatorType;
+import org.apache.iotdb.db.utils.EnvironmentUtils;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+public class AuthorityCheckerTest {
+
+ IAuthorizer authorizer;
+ User user;
+ String nodeName = "root.laptop.d1";
+ String roleName = "role";
+
+
+ @Before
+ public void setUp() throws Exception {
+ EnvironmentUtils.envSetUp();
+ authorizer = BasicAuthorizer.getInstance();
+ user = new User("user", "password");
+ }
+
+ @After
+ public void tearDown() throws Exception {
+ EnvironmentUtils.cleanEnv();
+ }
+
+ @Test
+ public void test() throws AuthException, IllegalPathException {
+ authorizer.createUser(user.getName(), user.getPassword());
+ authorizer.grantPrivilegeToUser(user.getName(), nodeName, 1);
+ PathPrivilege pathPrivilege = new PathPrivilege();
+ Set<Integer> set = new HashSet<>();
+ set.add(1);
+ pathPrivilege.setPrivileges(set);
+
+ Assert.assertTrue(
+ AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.INSERT, user.getName()));
+
+ Assert.assertTrue(AuthorityChecker.check("root", null, null, null));
+
+ Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.CREATE_ROLE, user.getName()));
+
+ Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.QUERY, user.getName()));
+
+ Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.UPDATE, user.getName()));
+
+ Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.DROP_INDEX, user.getName()));
+
+ Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.UNION, user.getName()));
+
+ Assert.assertFalse(AuthorityChecker.check(user.getName(), new ArrayList<>(),
+ OperatorType.INSERT, user.getName()));
+
+ Assert.assertTrue(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.MODIFY_PASSWORD, user.getName()));
+
+ Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.GRANT_USER_PRIVILEGE, user.getName()));
+
+ Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.GRANT_ROLE_PRIVILEGE, user.getName()));
+
+ Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.REVOKE_USER_PRIVILEGE, user.getName()));
+
+ Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.REVOKE_ROLE_PRIVILEGE, user.getName()));
+
+ Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.REVOKE_ROLE_PRIVILEGE, user.getName()));
+
+ Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.GRANT_USER_ROLE, user.getName()));
+
+ Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.DELETE_USER, user.getName()));
+
+ Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.DELETE_ROLE, user.getName()));
+
+ Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.LIST_ROLE, user.getName()));
+
+ Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.LIST_USER, user.getName()));
+
+ Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.SET_STORAGE_GROUP, user.getName()));
+
+ Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.CREATE_TIMESERIES, user.getName()));
+
+ Assert.assertFalse(AuthorityChecker.check(user.getName(), Collections.singletonList(new PartialPath(nodeName)),
+ OperatorType.DELETE_TIMESERIES, user.getName()));
+ }
+}
diff --git a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileAuthorizerTest.java b/server/src/test/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizerTest.java
similarity index 52%
rename from server/src/test/java/org/apache/iotdb/db/auth/LocalFileAuthorizerTest.java
rename to server/src/test/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizerTest.java
index 485bb5b..50b940c 100644
--- a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileAuthorizerTest.java
+++ b/server/src/test/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizerTest.java
@@ -16,29 +16,37 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.iotdb.db.auth;
+package org.apache.iotdb.db.auth.authorizer;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
+import java.util.HashMap;
import java.util.List;
import java.util.Set;
-import org.apache.iotdb.db.auth.authorizer.IAuthorizer;
-import org.apache.iotdb.db.auth.authorizer.BasicAuthorizer;
+import org.apache.iotdb.db.auth.AuthException;
+import org.apache.iotdb.db.auth.entity.Role;
import org.apache.iotdb.db.auth.entity.User;
import org.apache.iotdb.db.conf.IoTDBConstant;
import org.apache.iotdb.db.utils.EnvironmentUtils;
import org.junit.After;
+import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
public class LocalFileAuthorizerTest {
+ IAuthorizer authorizer;
+ User user;
+ String nodeName = "root.laptop.d1";
+ String roleName = "role";
+
@Before
public void setUp() throws Exception {
EnvironmentUtils.envSetUp();
+ authorizer = BasicAuthorizer.getInstance();
+ user = new User("user", "password");
}
@After
@@ -47,68 +55,38 @@ public class LocalFileAuthorizerTest {
}
@Test
- public void testAuthorizer() throws AuthException {
-
- IAuthorizer authorizer = BasicAuthorizer.getInstance();
- /*
- * login
- */
- try {
- authorizer.login("root", "root");
- } catch (AuthException e) {
- e.printStackTrace();
- fail(e.getMessage());
- }
+ public void testLogin() throws AuthException {
+ Assert.assertTrue(authorizer.login("root", "root"));
+ Assert.assertFalse(authorizer.login("root", "error"));
+ }
- try {
- authorizer.login("root", "error");
- } catch (AuthException e) {
- assertEquals("The username or the password is not correct", e.getMessage());
- }
- /*
- * create user,delete user
- */
- User user = new User("user", "password");
- try {
- authorizer.createUser(user.getName(), user.getPassword());
- } catch (AuthException e) {
- e.printStackTrace();
- fail(e.getMessage());
- }
+ @Test
+ public void createAndDeleteUser() throws AuthException {
+ authorizer.createUser(user.getName(), user.getPassword());
try {
authorizer.createUser(user.getName(), user.getPassword());
} catch (AuthException e) {
assertEquals("User user already exists", e.getMessage());
}
- try {
- authorizer.login(user.getName(), user.getPassword());
- } catch (AuthException e) {
- e.printStackTrace();
- fail(e.getMessage());
- }
- try {
- authorizer.deleteUser(user.getName());
- } catch (AuthException e) {
- e.printStackTrace();
- fail(e.getMessage());
- }
+ Assert.assertTrue(authorizer.login(user.getName(), user.getPassword()));
+ authorizer.deleteUser(user.getName());
try {
authorizer.deleteUser(user.getName());
} catch (AuthException e) {
assertEquals("User user does not exist", e.getMessage());
}
- /*
- * permission for user
- */
- String nodeName = "root.laptop.d1";
try {
- authorizer.createUser(user.getName(), user.getPassword());
- authorizer.grantPrivilegeToUser(user.getName(), nodeName, 1);
+ authorizer.deleteUser("root");
} catch (AuthException e) {
- e.printStackTrace();
- fail(e.getMessage());
+ assertEquals("Default administrator cannot be deleted", e.getMessage());
}
+ }
+
+ @Test
+ public void testUserPermission() throws AuthException {
+ authorizer.createUser(user.getName(), user.getPassword());
+ authorizer.grantPrivilegeToUser(user.getName(), nodeName, 1);
try {
authorizer.grantPrivilegeToUser(user.getName(), nodeName, 1);
} catch (AuthException e) {
@@ -119,85 +97,78 @@ public class LocalFileAuthorizerTest {
} catch (AuthException e) {
assertEquals("No such user error", e.getMessage());
}
+
try {
- authorizer.revokePrivilegeFromUser(user.getName(), nodeName, 1);
+ authorizer.grantPrivilegeToUser("root", nodeName, 1);
} catch (AuthException e) {
- e.printStackTrace();
- fail(e.getMessage());
+ Assert.assertEquals("Invalid operation, administrator already has all privileges", e.getMessage());
}
+
+ try {
+ authorizer.grantPrivilegeToUser(user.getName(), nodeName, 100);
+ } catch (AuthException e) {
+ assertEquals("Invalid privilegeId 100", e.getMessage());
+ }
+
+ authorizer.revokePrivilegeFromUser(user.getName(), nodeName, 1);
try {
authorizer.revokePrivilegeFromUser(user.getName(), nodeName, 1);
} catch (AuthException e) {
assertEquals("User user does not have INSERT_TIMESERIES on root.laptop.d1", e.getMessage());
}
+
+ try {
+ authorizer.revokePrivilegeFromUser(user.getName(), nodeName, 100);
+ } catch(AuthException e) {
+ assertEquals("Invalid privilegeId 100", e.getMessage());
+ }
+
try {
authorizer.deleteUser(user.getName());
authorizer.revokePrivilegeFromUser(user.getName(), nodeName, 1);
} catch (AuthException e) {
assertEquals("No such user user", e.getMessage());
}
- /*
- * role
- */
- String roleName = "role";
+
try {
- authorizer.createRole(roleName);
+ authorizer.revokePrivilegeFromUser("root", "root", 1);
} catch (AuthException e) {
- e.printStackTrace();
- fail(e.getMessage());
+ Assert.assertEquals("Invalid operation, administrator must have all privileges", e.getMessage());
}
+ }
+
+ @Test
+ public void testCreateAndDeleteRole() throws AuthException {
+ authorizer.createRole(roleName);
try {
authorizer.createRole(roleName);
} catch (AuthException e) {
assertEquals("Role role already exists", e.getMessage());
}
-
- try {
- authorizer.deleteRole(roleName);
- } catch (AuthException e) {
- e.printStackTrace();
- fail(e.getMessage());
- }
+ authorizer.deleteRole(roleName);
try {
authorizer.deleteRole(roleName);
} catch (AuthException e) {
assertEquals("Role role does not exist", e.getMessage());
}
- /*
- * role permission
- */
- try {
- authorizer.createRole(roleName);
- authorizer.grantPrivilegeToRole(roleName, nodeName, 1);
- } catch (AuthException e) {
- e.printStackTrace();
- fail(e.getMessage());
- }
+ }
+ @Test
+ public void testRolePermission() throws AuthException {
+ authorizer.createRole(roleName);
+ authorizer.grantPrivilegeToRole(roleName, nodeName, 1);
try {
authorizer.grantPrivilegeToRole(roleName, nodeName, 1);
} catch (AuthException e) {
assertEquals("Role role already has INSERT_TIMESERIES on root.laptop.d1", e.getMessage());
}
-
- try {
- authorizer.revokePrivilegeFromRole(roleName, nodeName, 1);
- } catch (AuthException e1) {
- fail(e1.getMessage());
- }
+ authorizer.revokePrivilegeFromRole(roleName, nodeName, 1);
try {
authorizer.revokePrivilegeFromRole(roleName, nodeName, 1);
} catch (AuthException e) {
assertEquals("Role role does not have INSERT_TIMESERIES on root.laptop.d1", e.getMessage());
}
-
- try {
- authorizer.deleteRole(roleName);
- } catch (AuthException e) {
- e.printStackTrace();
- fail(e.getMessage());
- }
-
+ authorizer.deleteRole(roleName);
try {
authorizer.revokePrivilegeFromRole(roleName, nodeName, 1);
} catch (AuthException e) {
@@ -208,70 +179,73 @@ public class LocalFileAuthorizerTest {
} catch (AuthException e) {
assertEquals("No such role role", e.getMessage());
}
+ }
+
+ @Test
+ public void testUserRole() throws AuthException {
+ authorizer.createUser(user.getName(), user.getPassword());
+ authorizer.createRole(roleName);
+ authorizer.grantRoleToUser(roleName, user.getName());
+ authorizer.grantPrivilegeToUser(user.getName(), nodeName, 1);
+ authorizer.grantPrivilegeToRole(roleName, nodeName, 2);
+ authorizer.grantPrivilegeToRole(roleName, nodeName, 3);
+
+ // a user can get all role permissions.
+ Set<Integer> permissions = authorizer.getPrivileges(user.getName(), nodeName);
+ assertEquals(3, permissions.size());
+ assertTrue(permissions.contains(1));
+ assertTrue(permissions.contains(2));
+ assertTrue(permissions.contains(3));
+ assertFalse(permissions.contains(4));
- /*
- * user role
- */
try {
- authorizer.createUser(user.getName(), user.getPassword());
- authorizer.createRole(roleName);
authorizer.grantRoleToUser(roleName, user.getName());
- } catch (AuthException e) {
- e.printStackTrace();
- fail(e.getMessage());
- }
- try {
- authorizer.grantPrivilegeToUser(user.getName(), nodeName, 1);
- authorizer.grantPrivilegeToRole(roleName, nodeName, 2);
- authorizer.grantPrivilegeToRole(roleName, nodeName, 3);
- } catch (AuthException e) {
- e.printStackTrace();
- fail(e.getMessage());
- }
- try {
- Set<Integer> permisssions = authorizer.getPrivileges(user.getName(), nodeName);
- assertEquals(3, permisssions.size());
- assertTrue(permisssions.contains(1));
- assertTrue(permisssions.contains(2));
- assertTrue(permisssions.contains(3));
- assertFalse(permisssions.contains(4));
- } catch (AuthException e) {
- e.printStackTrace();
- fail(e.getMessage());
- }
- try {
- authorizer.revokeRoleFromUser(roleName, user.getName());
- Set<Integer> permisssions = authorizer.getPrivileges(user.getName(), nodeName);
- assertEquals(1, permisssions.size());
- assertTrue(permisssions.contains(1));
- assertFalse(permisssions.contains(2));
- } catch (AuthException e) {
- e.printStackTrace();
- fail(e.getMessage());
- }
- try {
- authorizer.checkUserPrivileges(user.getName(), nodeName, 1);
- } catch (AuthException e) {
- fail(e.getMessage());
- }
- try {
- authorizer.checkUserPrivileges(user.getName(), nodeName, 2);
- } catch (AuthException e) {
- fail(e.getMessage());
- }
- try {
- authorizer.updateUserPassword(user.getName(), "newPassword");
- authorizer.login(user.getName(), "newPassword");
- } catch (AuthException e) {
- e.printStackTrace();
- fail(e.getMessage());
- }
+ } catch(AuthException e) {
+ Assert.assertEquals("User user already has role role", e.getMessage());
+ }
+ // revoke a role from a user, the user will lose all role's permission
+ authorizer.revokeRoleFromUser(roleName, user.getName());
+ Set<Integer> revokeRolePermissions = authorizer.getPrivileges(user.getName(), nodeName);
+ assertEquals(1, revokeRolePermissions.size());
+ assertTrue(revokeRolePermissions.contains(1));
+ assertFalse(revokeRolePermissions.contains(2));
+
+ //check the users' permission again
+ Assert.assertTrue(authorizer.checkUserPrivileges(user.getName(), nodeName, 1));
+ Assert.assertFalse(authorizer.checkUserPrivileges(user.getName(), nodeName, 2));
+
try {
- authorizer.deleteUser(user.getName());
- authorizer.deleteRole(roleName);
+ authorizer.grantRoleToUser("role1", user.getName());
} catch (AuthException e) {
- e.printStackTrace();
+ Assert.assertEquals("No such role : role1", e.getMessage());
}
+
+ }
+
+ @Test
+ public void testUpdatePassword() throws AuthException {
+ authorizer.createUser(user.getName(), user.getPassword());
+ authorizer.updateUserPassword(user.getName(), "newPassword");
+ Assert.assertTrue(authorizer.login(user.getName(), "newPassword"));
+ }
+
+ @Test
+ public void testUserWaterMark() throws AuthException {
+ authorizer.setUserUseWaterMark("root", true);
+ assertTrue(authorizer.getAllUserWaterMarkStatus().get("root"));
+ Assert.assertTrue(authorizer.isUserUseWaterMark("root"));
+ }
+
+ @Test
+ public void testGetAllUsersAndRoles() throws AuthException {
+ authorizer.createUser("user0", "user");
+ authorizer.createUser("user1", "user1");
+ authorizer.createUser("user2", "user2");
+ authorizer.createRole("role0");
+ authorizer.createRole("role1");
+ authorizer.createRole("role2");
+ Assert.assertEquals(4, authorizer.getAllUsers().size());
+ Assert.assertEquals(3, authorizer.getAllRoles().size());
}
@Test
@@ -334,4 +308,25 @@ public class LocalFileAuthorizerTest {
}
}
}
+
+ @Test
+ public void testReplaceAllUsers() throws AuthException {
+ IAuthorizer authorizer = BasicAuthorizer.getInstance();
+ Assert.assertEquals("root", authorizer.listAllUsers().get(0));
+ User user = new User("user", "user");
+ HashMap<String, User> users = new HashMap<>();
+ users.put("user", user);
+ authorizer.replaceAllUsers(users);
+ Assert.assertEquals("user", authorizer.listAllUsers().get(1));
+ }
+
+ @Test
+ public void testReplaceAllRole() throws AuthException {
+ IAuthorizer authorizer = BasicAuthorizer.getInstance();
+ Role role = new Role("role");
+ HashMap<String, Role> roles = new HashMap<>();
+ roles.put("role", role);
+ authorizer.replaceAllRoles(roles);
+ Assert.assertEquals("role", authorizer.listAllRoles().get(0));
+ }
}
diff --git a/server/src/test/java/org/apache/iotdb/db/auth/authorizer/OpenIdAuthorizerTest.java b/server/src/test/java/org/apache/iotdb/db/auth/authorizer/OpenIdAuthorizerTest.java
index aa373ca..f0bde26 100644
--- a/server/src/test/java/org/apache/iotdb/db/auth/authorizer/OpenIdAuthorizerTest.java
+++ b/server/src/test/java/org/apache/iotdb/db/auth/authorizer/OpenIdAuthorizerTest.java
@@ -20,7 +20,10 @@ package org.apache.iotdb.db.auth.authorizer;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.util.JSONObjectUtils;
+import net.minidev.json.JSONObject;
import org.apache.iotdb.db.auth.AuthException;
+import org.apache.iotdb.db.conf.IoTDBConfig;
+import org.apache.iotdb.db.conf.IoTDBDescriptor;
import org.junit.Ignore;
import org.junit.Test;
@@ -32,49 +35,63 @@ import static org.junit.Assert.assertTrue;
public class OpenIdAuthorizerTest {
- private static final String OPEN_ID_PUBLIC_JWK = "{\"kty\":\"RSA\",\"x5t#S256\":\"TZFbbj6HsRU28HYvrcVnDs03KreV3DE24-Cxb9EPdS4\",\"e\":\"AQAB\",\"use\":\"sig\",\"x5t\":\"l_N2UlC_a624iu5eYFypnB1Wr20\",\"kid\":\"q1-Wm0ozQ5O0mQH8-SJap2ZcN4MmucWwnQWKYxZJ4ow\",\"x5c\":[\"MIICmTCCAYECBgFyRdXW2DANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVJb1REQjAeFw0yMDA1MjQwODM3MjJaFw0zMDA1MjQwODM5MDJaMBAxDjAMBgNVBAMMBUlvVERCMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozDCZTVc9946VvhZ6E\\/OP8Yx6tJe0i9GR2Q9jR9S3jQo [...]
+ private static final String OPEN_ID_PUBLIC_JWK = "{\"kty\":\"RSA\",\"x5t#S256\":\"TZFbbj6HsRU28HYvrcVnDs03KreV3DE24-Cxb9EPdS4\",\"e\":\"AQAB\",\"use\":\"sig\",\"x5t\":\"l_N2UlC_a624iu5eYFypnB1Wr20\",\"kid\":\"q1-Wm0ozQ5O0mQH8-SJap2ZcN4MmucWwnQWKYxZJ4ow\",\"x5c\":[\"MIICmTCCAYECBgFyRdXW2DANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVJb1REQjAeFw0yMDA1MjQwODM3MjJaFw0zMDA1MjQwODM5MDJaMBAxDjAMBgNVBAMMBUlvVERCMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozDCZTVc9946VvhZ6E\\/OP8Yx6tJe0i9GR2Q9jR9S3jQoo0 [...]
+ private static final IoTDBConfig config = IoTDBDescriptor.getInstance().getConfig();
+
+ @Test
+ public void loginWithJWT() throws AuthException, ParseException, URISyntaxException {
+ String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxMS1XbTBvelE1TzBtUUg4LVNKYXAyWmNONE1tdWNXd25RV0tZeFpKNG93In0.eyJleHAiOjE1OTAzMTcxNzYsImlhdCI6MTU5MDMxNjg3NiwianRpIjoiY2MyNWQ3MDAtYjc5NC00OTA4LTg0OGUtOTRhNzYzNmM5YzQxIiwiaXNzIjoiaHR0cDovL2F1dGguZGVtby5wcmFnbWF0aWNpbmR1c3RyaWVzLmRlL2F1dGgvcmVhbG1zL0lvVERCIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6Ijg2YWRmNGIzLWE4ZTUtNDc1NC1iNWEwLTQ4OGI0OWY0M2VkMiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImlvdGRiIiwic2Vzc2lvbl9zdGF0ZSI6Ijk0ZmI5NGZjLTg3YTMtNDg4Ny [...]
+
+ OpenIdAuthorizer authorizer = new OpenIdAuthorizer(JSONObjectUtils.parse(OPEN_ID_PUBLIC_JWK));
+ boolean login = authorizer.login(jwt, null);
+
+ assertTrue(login);
+ }
+
+ @Test
+ public void isAdmin_hasAccess()
+ throws AuthException, ParseException {
+ // IOTDB_ADMIN = true
+ String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxMS1XbTBvelE1TzBtUUg4LVNKYXAyWmNONE1tdWNXd25RV0tZeFpKNG93In0.eyJleHAiOjE1OTAzMjM5MjgsImlhdCI6MTU5MDMyMzYyOCwianRpIjoiZGQ5ZDZhNmItZjgzOC00Mjk3LTg5YWUtMjdlZTgxNzVhMThiIiwiaXNzIjoiaHR0cDovL2F1dGguZGVtby5wcmFnbWF0aWNpbmR1c3RyaWVzLmRlL2F1dGgvcmVhbG1zL0lvVERCIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6ImJhMzJlNDcxLWM3NzItNGIzMy04ZGE2LTZmZThhY2RhMDA3MyIsInR5cCI6IkJlYXJlciIsImF6cCI6ImlvdGRiIiwic2Vzc2lvbl9zdGF0ZSI6IjViZDRhNmM5LTBmYzItNGIxMy [...]
+
+ OpenIdAuthorizer authorizer = new OpenIdAuthorizer(JSONObjectUtils.parse(OPEN_ID_PUBLIC_JWK));
+ boolean admin = authorizer.isAdmin(jwt);
+
+ assertTrue(admin);
+ }
+
+ @Test
+ public void isAdmin_noAdminClaim()
+ throws AuthException, ParseException {
+ // IOTDB_ADMIN = false
+ String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxMS1XbTBvelE1TzBtUUg4LVNKYXAyWmNONE1tdWNXd25RV0tZeFpKNG93In0.eyJleHAiOjE1OTAzMTcxNzYsImlhdCI6MTU5MDMxNjg3NiwianRpIjoiY2MyNWQ3MDAtYjc5NC00OTA4LTg0OGUtOTRhNzYzNmM5YzQxIiwiaXNzIjoiaHR0cDovL2F1dGguZGVtby5wcmFnbWF0aWNpbmR1c3RyaWVzLmRlL2F1dGgvcmVhbG1zL0lvVERCIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6Ijg2YWRmNGIzLWE4ZTUtNDc1NC1iNWEwLTQ4OGI0OWY0M2VkMiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImlvdGRiIiwic2Vzc2lvbl9zdGF0ZSI6Ijk0ZmI5NGZjLTg3YTMtNDg4Ny [...]
+
+ OpenIdAuthorizer authorizer = new OpenIdAuthorizer(JSONObjectUtils.parse(OPEN_ID_PUBLIC_JWK));
+ boolean admin = authorizer.isAdmin(jwt);
+
+ assertFalse(admin);
+ }
+
+ /**
+ * Can be run manually as long as the site below is active...
+ */
+ @Test
+ @Ignore("We have to find a way to test this against a defined OIDC Provider")
+ public void fetchMetadata()
+ throws ParseException, IOException, URISyntaxException, AuthException {
+ OpenIdAuthorizer openIdAuthorizer = new OpenIdAuthorizer(
+ "https://auth.demo.pragmaticindustries.de/auth/realms/IoTDB/");
+ boolean login = openIdAuthorizer.login(
+ "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxMS1XbTBvelE1TzBtUUg4LVNKYXAyWmNONE1tdWNXd25RV0tZeFpKNG93In0.eyJleHAiOjE1OTAzMTcxNzYsImlhdCI6MTU5MDMxNjg3NiwianRpIjoiY2MyNWQ3MDAtYjc5NC00OTA4LTg0OGUtOTRhNzYzNmM5YzQxIiwiaXNzIjoiaHR0cDovL2F1dGguZGVtby5wcmFnbWF0aWNpbmR1c3RyaWVzLmRlL2F1dGgvcmVhbG1zL0lvVERCIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6Ijg2YWRmNGIzLWE4ZTUtNDc1NC1iNWEwLTQ4OGI0OWY0M2VkMiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImlvdGRiIiwic2Vzc2lvbl9zdGF0ZSI6Ijk0ZmI5NGZjLTg3YTMtNDg4Ny04M2Q3LWE [...]
+ "");
+ assertTrue(login);
+ config.setOpenIdProviderUrl("https://auth.demo.pragmaticindustries.de/auth/realms/IoTDB/");
+ OpenIdAuthorizer openIdAuthorizer1 = new OpenIdAuthorizer();
+ login = openIdAuthorizer1.login(
+ "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxMS1XbTBvelE1TzBtUUg4LVNKYXAyWmNONE1tdWNXd25RV0tZeFpKNG93In0.eyJleHAiOjE1OTAzMTcxNzYsImlhdCI6MTU5MDMxNjg3NiwianRpIjoiY2MyNWQ3MDAtYjc5NC00OTA4LTg0OGUtOTRhNzYzNmM5YzQxIiwiaXNzIjoiaHR0cDovL2F1dGguZGVtby5wcmFnbWF0aWNpbmR1c3RyaWVzLmRlL2F1dGgvcmVhbG1zL0lvVERCIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6Ijg2YWRmNGIzLWE4ZTUtNDc1NC1iNWEwLTQ4OGI0OWY0M2VkMiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImlvdGRiIiwic2Vzc2lvbl9zdGF0ZSI6Ijk0ZmI5NGZjLTg3YTMtNDg4Ny04M2Q3LWE [...]
+ "");
+ assertTrue(login);
+ }
- @Test
- public void loginWithJWT() throws AuthException, ParseException, IOException, URISyntaxException {
- String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxMS1XbTBvelE1TzBtUUg4LVNKYXAyWmNONE1tdWNXd25RV0tZeFpKNG93In0.eyJleHAiOjE1OTAzMTcxNzYsImlhdCI6MTU5MDMxNjg3NiwianRpIjoiY2MyNWQ3MDAtYjc5NC00OTA4LTg0OGUtOTRhNzYzNmM5YzQxIiwiaXNzIjoiaHR0cDovL2F1dGguZGVtby5wcmFnbWF0aWNpbmR1c3RyaWVzLmRlL2F1dGgvcmVhbG1zL0lvVERCIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6Ijg2YWRmNGIzLWE4ZTUtNDc1NC1iNWEwLTQ4OGI0OWY0M2VkMiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImlvdGRiIiwic2Vzc2lvbl9zdGF0ZSI6Ijk0ZmI5NGZjLTg3YTMtND [...]
- OpenIdAuthorizer authorizer = new OpenIdAuthorizer(JSONObjectUtils.parse(OPEN_ID_PUBLIC_JWK));
- boolean login = authorizer.login(jwt, null);
-
- assertTrue(login);
- }
-
- @Test
- public void isAdmin_hasAccess() throws AuthException, ParseException, IOException, URISyntaxException {
- // IOTDB_ADMIN = true
- String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxMS1XbTBvelE1TzBtUUg4LVNKYXAyWmNONE1tdWNXd25RV0tZeFpKNG93In0.eyJleHAiOjE1OTAzMjM5MjgsImlhdCI6MTU5MDMyMzYyOCwianRpIjoiZGQ5ZDZhNmItZjgzOC00Mjk3LTg5YWUtMjdlZTgxNzVhMThiIiwiaXNzIjoiaHR0cDovL2F1dGguZGVtby5wcmFnbWF0aWNpbmR1c3RyaWVzLmRlL2F1dGgvcmVhbG1zL0lvVERCIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6ImJhMzJlNDcxLWM3NzItNGIzMy04ZGE2LTZmZThhY2RhMDA3MyIsInR5cCI6IkJlYXJlciIsImF6cCI6ImlvdGRiIiwic2Vzc2lvbl9zdGF0ZSI6IjViZDRhNmM5LTBmYzItNG [...]
-
- OpenIdAuthorizer authorizer = new OpenIdAuthorizer(JSONObjectUtils.parse(OPEN_ID_PUBLIC_JWK));
- boolean admin = authorizer.isAdmin(jwt);
-
- assertTrue(admin);
- }
-
- @Test
- public void isAdmin_noAdminClaim() throws AuthException, ParseException, IOException, URISyntaxException {
- // IOTDB_ADMIN = false
- String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxMS1XbTBvelE1TzBtUUg4LVNKYXAyWmNONE1tdWNXd25RV0tZeFpKNG93In0.eyJleHAiOjE1OTAzMTcxNzYsImlhdCI6MTU5MDMxNjg3NiwianRpIjoiY2MyNWQ3MDAtYjc5NC00OTA4LTg0OGUtOTRhNzYzNmM5YzQxIiwiaXNzIjoiaHR0cDovL2F1dGguZGVtby5wcmFnbWF0aWNpbmR1c3RyaWVzLmRlL2F1dGgvcmVhbG1zL0lvVERCIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6Ijg2YWRmNGIzLWE4ZTUtNDc1NC1iNWEwLTQ4OGI0OWY0M2VkMiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImlvdGRiIiwic2Vzc2lvbl9zdGF0ZSI6Ijk0ZmI5NGZjLTg3YTMtND [...]
-
- OpenIdAuthorizer authorizer = new OpenIdAuthorizer(JSONObjectUtils.parse(OPEN_ID_PUBLIC_JWK));
- boolean admin = authorizer.isAdmin(jwt);
-
- assertFalse(admin);
- }
-
- /**
- * Can be run manually as long as the site below is active...
- */
- @Test
- @Ignore("We have to find a way to test this against a defined OIDC Provider")
- public void fetchMetadata() throws ParseException, IOException, URISyntaxException, AuthException {
- OpenIdAuthorizer openIdAuthorizer = new OpenIdAuthorizer("https://auth.demo.pragmaticindustries.de/auth/realms/IoTDB/");
- final boolean login = openIdAuthorizer.login("eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxMS1XbTBvelE1TzBtUUg4LVNKYXAyWmNONE1tdWNXd25RV0tZeFpKNG93In0.eyJleHAiOjE1OTAzMTcxNzYsImlhdCI6MTU5MDMxNjg3NiwianRpIjoiY2MyNWQ3MDAtYjc5NC00OTA4LTg0OGUtOTRhNzYzNmM5YzQxIiwiaXNzIjoiaHR0cDovL2F1dGguZGVtby5wcmFnbWF0aWNpbmR1c3RyaWVzLmRlL2F1dGgvcmVhbG1zL0lvVERCIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6Ijg2YWRmNGIzLWE4ZTUtNDc1NC1iNWEwLTQ4OGI0OWY0M2VkMiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImlvdGRiIiwic2Vzc2lvbl [...]
-
- assertTrue(login);
- }
}
\ No newline at end of file
diff --git a/server/src/main/java/org/apache/iotdb/db/auth/AuthException.java b/server/src/test/java/org/apache/iotdb/db/auth/entity/PathPrivilegeTest.java
similarity index 50%
copy from server/src/main/java/org/apache/iotdb/db/auth/AuthException.java
copy to server/src/test/java/org/apache/iotdb/db/auth/entity/PathPrivilegeTest.java
index c066de4..5ae49d8 100644
--- a/server/src/main/java/org/apache/iotdb/db/auth/AuthException.java
+++ b/server/src/test/java/org/apache/iotdb/db/auth/entity/PathPrivilegeTest.java
@@ -16,30 +16,28 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.iotdb.db.auth;
+package org.apache.iotdb.db.auth.entity;
-/**
- * The exception for authority model.
- */
-public class AuthException extends Exception {
-
- private static final long serialVersionUID = 5091102941209301301L;
-
- public AuthException(String message) {
- super(message);
- }
+import java.util.HashSet;
+import java.util.Set;
+import org.junit.Assert;
+import org.junit.Test;
- public AuthException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public AuthException(Throwable cause) {
- super(cause);
- }
+public class PathPrivilegeTest {
- protected AuthException(String message, Throwable cause, boolean enableSuppression,
- boolean writableStackTrace) {
- super(message, cause, enableSuppression, writableStackTrace);
+ @Test
+ public void testPathPrivilege() {
+ PathPrivilege pathPrivilege = new PathPrivilege();
+ pathPrivilege.setPath("root.ln");
+ Set<Integer> set = new HashSet<>();
+ set.add(1);
+ pathPrivilege.setPrivileges(set);
+ Assert.assertEquals("root.ln : INSERT_TIMESERIES", pathPrivilege.toString());
+ PathPrivilege pathPrivilege1 = new PathPrivilege();
+ pathPrivilege1.setPath("root.sg");
+ pathPrivilege1.setPrivileges(set);
+ Assert.assertNotEquals(pathPrivilege, pathPrivilege1);
+ pathPrivilege.deserialize(pathPrivilege1.serialize());
+ Assert.assertEquals("root.sg : INSERT_TIMESERIES", pathPrivilege.toString());
}
-
}
diff --git a/server/src/main/java/org/apache/iotdb/db/auth/AuthException.java b/server/src/test/java/org/apache/iotdb/db/auth/entity/RoleTest.java
similarity index 50%
copy from server/src/main/java/org/apache/iotdb/db/auth/AuthException.java
copy to server/src/test/java/org/apache/iotdb/db/auth/entity/RoleTest.java
index c066de4..058ff1e 100644
--- a/server/src/main/java/org/apache/iotdb/db/auth/AuthException.java
+++ b/server/src/test/java/org/apache/iotdb/db/auth/entity/RoleTest.java
@@ -16,30 +16,29 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.iotdb.db.auth;
+package org.apache.iotdb.db.auth.entity;
-/**
- * The exception for authority model.
- */
-public class AuthException extends Exception {
-
- private static final long serialVersionUID = 5091102941209301301L;
-
- public AuthException(String message) {
- super(message);
- }
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+import org.junit.Assert;
+import org.junit.Test;
- public AuthException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public AuthException(Throwable cause) {
- super(cause);
- }
+public class RoleTest {
- protected AuthException(String message, Throwable cause, boolean enableSuppression,
- boolean writableStackTrace) {
- super(message, cause, enableSuppression, writableStackTrace);
+ @Test
+ public void testRole() {
+ Role role = new Role("role");
+ PathPrivilege pathPrivilege = new PathPrivilege("root.ln");
+ role.setPrivilegeList(Collections.singletonList(pathPrivilege));
+ Set<Integer> set = new HashSet<>();
+ set.add(1);
+ role.setPrivileges("root.ln", set);
+ Assert.assertEquals("Role{name='role', privilegeList=[root.ln : INSERT_TIMESERIES]}",
+ role.toString());
+ Role role1 = new Role("role1");
+ role1.deserialize(role.serialize());
+ Assert.assertEquals("Role{name='role', privilegeList=[root.ln : INSERT_TIMESERIES]}",
+ role1.toString());
}
-
}
diff --git a/server/src/test/java/org/apache/iotdb/db/auth/entity/UserTest.java b/server/src/test/java/org/apache/iotdb/db/auth/entity/UserTest.java
new file mode 100644
index 0000000..a43417e
--- /dev/null
+++ b/server/src/test/java/org/apache/iotdb/db/auth/entity/UserTest.java
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.iotdb.db.auth.entity;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class UserTest {
+
+ @Test
+ public void testUser() {
+ User user = new User("user", "password");
+ PathPrivilege pathPrivilege = new PathPrivilege("root.ln");
+ user.setPrivilegeList(Collections.singletonList(pathPrivilege));
+ Set<Integer> set = new HashSet<>();
+ set.add(1);
+ user.setPrivileges("root.ln", set);
+ Assert.assertEquals(
+ "User{name='user', password='password', privilegeList=[root.ln : INSERT_TIMESERIES], roleList=[], useWaterMark=false, lastActiveTime=0}",
+ user.toString());
+ User user1 = new User("user1", "password1");
+ user1.deserialize(user.serialize());
+ Assert.assertEquals(
+ "User{name='user', password='password', privilegeList=[root.ln : INSERT_TIMESERIES], roleList=[], useWaterMark=false, lastActiveTime=0}",
+ user1.toString());
+ }
+}
diff --git a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileRoleAccessorTest.java b/server/src/test/java/org/apache/iotdb/db/auth/role/LocalFileRoleAccessorTest.java
similarity index 85%
rename from server/src/test/java/org/apache/iotdb/db/auth/LocalFileRoleAccessorTest.java
rename to server/src/test/java/org/apache/iotdb/db/auth/role/LocalFileRoleAccessorTest.java
index 29b8223..f983b68 100644
--- a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileRoleAccessorTest.java
+++ b/server/src/test/java/org/apache/iotdb/db/auth/role/LocalFileRoleAccessorTest.java
@@ -16,9 +16,12 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.iotdb.db.auth;
+package org.apache.iotdb.db.auth.role;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
import java.io.File;
import java.io.IOException;
@@ -74,12 +77,12 @@ public class LocalFileRoleAccessorTest {
Role loadedRole = accessor.loadRole(role.getName());
assertEquals(role, loadedRole);
}
- assertEquals(null, accessor.loadRole("not a role"));
+ assertNull(accessor.loadRole("not a role"));
// delete
- assertEquals(true, accessor.deleteRole(roles[roles.length - 1].getName()));
- assertEquals(false, accessor.deleteRole(roles[roles.length - 1].getName()));
- assertEquals(null, accessor.loadRole(roles[roles.length - 1].getName()));
+ assertTrue(accessor.deleteRole(roles[roles.length - 1].getName()));
+ assertFalse(accessor.deleteRole(roles[roles.length - 1].getName()));
+ assertNull(accessor.loadRole(roles[roles.length - 1].getName()));
// list
List<String> roleNames = accessor.listAllRoles();
diff --git a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileRoleManagerTest.java b/server/src/test/java/org/apache/iotdb/db/auth/role/LocalFileRoleManagerTest.java
similarity index 73%
rename from server/src/test/java/org/apache/iotdb/db/auth/LocalFileRoleManagerTest.java
rename to server/src/test/java/org/apache/iotdb/db/auth/role/LocalFileRoleManagerTest.java
index 9bb836f..db5891a 100644
--- a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileRoleManagerTest.java
+++ b/server/src/test/java/org/apache/iotdb/db/auth/role/LocalFileRoleManagerTest.java
@@ -16,16 +16,19 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.iotdb.db.auth;
+package org.apache.iotdb.db.auth.role;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
import java.io.File;
import java.util.List;
import org.apache.commons.io.FileUtils;
+import org.apache.iotdb.db.auth.AuthException;
import org.apache.iotdb.db.auth.entity.PathPrivilege;
import org.apache.iotdb.db.auth.entity.Role;
-import org.apache.iotdb.db.auth.role.LocalFileRoleManager;
import org.apache.iotdb.db.constant.TestConstant;
import org.apache.iotdb.db.utils.EnvironmentUtils;
import org.junit.After;
@@ -65,73 +68,73 @@ public class LocalFileRoleManagerTest {
// create
Role role = manager.getRole(roles[0].getName());
- assertEquals(null, role);
+ assertNull(role);
for (Role role1 : roles) {
- assertEquals(true, manager.createRole(role1.getName()));
+ assertTrue(manager.createRole(role1.getName()));
}
for (Role role1 : roles) {
role = manager.getRole(role1.getName());
assertEquals(role1.getName(), role.getName());
}
- assertEquals(false, manager.createRole(roles[0].getName()));
+ assertFalse(manager.createRole(roles[0].getName()));
boolean caught = false;
try {
manager.createRole("too");
} catch (AuthException e) {
caught = true;
}
- assertEquals(true, caught);
+ assertTrue(caught);
// delete
- assertEquals(false, manager.deleteRole("not a role"));
- assertEquals(true, manager.deleteRole(roles[roles.length - 1].getName()));
- assertEquals(null, manager.getRole(roles[roles.length - 1].getName()));
- assertEquals(false, manager.deleteRole(roles[roles.length - 1].getName()));
+ assertFalse(manager.deleteRole("not a role"));
+ assertTrue(manager.deleteRole(roles[roles.length - 1].getName()));
+ assertNull(manager.getRole(roles[roles.length - 1].getName()));
+ assertFalse(manager.deleteRole(roles[roles.length - 1].getName()));
// grant privilege
role = manager.getRole(roles[0].getName());
String path = "root.a.b.c";
int privilegeId = 0;
- assertEquals(false, role.hasPrivilege(path, privilegeId));
- assertEquals(true, manager.grantPrivilegeToRole(role.getName(), path, privilegeId));
- assertEquals(true, manager.grantPrivilegeToRole(role.getName(), path, privilegeId + 1));
- assertEquals(false, manager.grantPrivilegeToRole(role.getName(), path, privilegeId));
+ assertFalse(role.hasPrivilege(path, privilegeId));
+ assertTrue(manager.grantPrivilegeToRole(role.getName(), path, privilegeId));
+ assertTrue(manager.grantPrivilegeToRole(role.getName(), path, privilegeId + 1));
+ assertFalse(manager.grantPrivilegeToRole(role.getName(), path, privilegeId));
role = manager.getRole(roles[0].getName());
- assertEquals(true, role.hasPrivilege(path, privilegeId));
+ assertTrue(role.hasPrivilege(path, privilegeId));
caught = false;
try {
manager.grantPrivilegeToRole("not a role", path, privilegeId);
} catch (AuthException e) {
caught = true;
}
- assertEquals(true, caught);
+ assertTrue(caught);
caught = false;
try {
manager.grantPrivilegeToRole(role.getName(), path, -1);
} catch (AuthException e) {
caught = true;
}
- assertEquals(true, caught);
+ assertTrue(caught);
// revoke privilege
role = manager.getRole(roles[0].getName());
- assertEquals(true, manager.revokePrivilegeFromRole(role.getName(), path, privilegeId));
- assertEquals(false, manager.revokePrivilegeFromRole(role.getName(), path, privilegeId));
+ assertTrue(manager.revokePrivilegeFromRole(role.getName(), path, privilegeId));
+ assertFalse(manager.revokePrivilegeFromRole(role.getName(), path, privilegeId));
caught = false;
try {
manager.revokePrivilegeFromRole("not a role", path, privilegeId);
} catch (AuthException e) {
caught = true;
}
- assertEquals(true, caught);
+ assertTrue(caught);
caught = false;
try {
manager.revokePrivilegeFromRole(role.getName(), path, -1);
} catch (AuthException e) {
caught = true;
}
- assertEquals(true, caught);
+ assertTrue(caught);
// list roles
List<String> rolenames = manager.listAllRoles();
diff --git a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileUserAccessorTest.java b/server/src/test/java/org/apache/iotdb/db/auth/user/LocalFileUserAccessorTest.java
similarity index 89%
rename from server/src/test/java/org/apache/iotdb/db/auth/LocalFileUserAccessorTest.java
rename to server/src/test/java/org/apache/iotdb/db/auth/user/LocalFileUserAccessorTest.java
index 18c636e..11b8e11 100644
--- a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileUserAccessorTest.java
+++ b/server/src/test/java/org/apache/iotdb/db/auth/user/LocalFileUserAccessorTest.java
@@ -16,9 +16,12 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.iotdb.db.auth;
+package org.apache.iotdb.db.auth.user;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import java.io.File;
@@ -84,7 +87,7 @@ public class LocalFileUserAccessorTest {
fail(e.getMessage());
}
}
- assertEquals(null, accessor.loadUser("not a user"));
+ assertNull(accessor.loadUser("not a user"));
// list
List<String> usernames = accessor.listAllUsers();
@@ -94,8 +97,8 @@ public class LocalFileUserAccessorTest {
}
// delete
- assertEquals(false, accessor.deleteUser("not a user"));
- assertEquals(true, accessor.deleteUser(users[users.length - 1].getName()));
+ assertFalse(accessor.deleteUser("not a user"));
+ assertTrue(accessor.deleteUser(users[users.length - 1].getName()));
usernames = accessor.listAllUsers();
assertEquals(users.length - 1, usernames.size());
usernames.sort(null);
@@ -103,6 +106,6 @@ public class LocalFileUserAccessorTest {
assertEquals(users[i].getName(), usernames.get(i));
}
User nullUser = accessor.loadUser(users[users.length - 1].getName());
- assertEquals(null, nullUser);
+ assertNull(nullUser);
}
}
diff --git a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileUserManagerTest.java b/server/src/test/java/org/apache/iotdb/db/auth/user/LocalFileUserManagerTest.java
similarity index 70%
rename from server/src/test/java/org/apache/iotdb/db/auth/LocalFileUserManagerTest.java
rename to server/src/test/java/org/apache/iotdb/db/auth/user/LocalFileUserManagerTest.java
index 919c17c..7ef84f0 100644
--- a/server/src/test/java/org/apache/iotdb/db/auth/LocalFileUserManagerTest.java
+++ b/server/src/test/java/org/apache/iotdb/db/auth/user/LocalFileUserManagerTest.java
@@ -16,16 +16,19 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.iotdb.db.auth;
+package org.apache.iotdb.db.auth.user;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
import java.io.File;
import java.util.List;
import org.apache.commons.io.FileUtils;
+import org.apache.iotdb.db.auth.AuthException;
import org.apache.iotdb.db.auth.entity.PathPrivilege;
import org.apache.iotdb.db.auth.entity.User;
-import org.apache.iotdb.db.auth.user.LocalFileUserManager;
import org.apache.iotdb.db.conf.IoTDBConstant;
import org.apache.iotdb.db.constant.TestConstant;
import org.apache.iotdb.db.utils.AuthUtils;
@@ -68,9 +71,9 @@ public class LocalFileUserManagerTest {
// create
User user = manager.getUser(users[0].getName());
- assertEquals(null, user);
+ assertNull(user);
for (User user1 : users) {
- assertEquals(true, manager.createUser(user1.getName(), user1.getPassword()));
+ assertTrue(manager.createUser(user1.getName(), user1.getPassword()));
}
for (User user1 : users) {
user = manager.getUser(user1.getName());
@@ -78,77 +81,77 @@ public class LocalFileUserManagerTest {
assertEquals(AuthUtils.encryptPassword(user1.getPassword()), user.getPassword());
}
- assertEquals(false, manager.createUser(users[0].getName(), users[0].getPassword()));
+ assertFalse(manager.createUser(users[0].getName(), users[0].getPassword()));
boolean caught = false;
try {
manager.createUser("too", "short");
} catch (AuthException e) {
caught = true;
}
- assertEquals(true, caught);
+ assertTrue(caught);
caught = false;
try {
manager.createUser("short", "too");
} catch (AuthException e) {
caught = true;
}
- assertEquals(true, caught);
+ assertTrue(caught);
// delete
- assertEquals(false, manager.deleteUser("not a user"));
- assertEquals(true, manager.deleteUser(users[users.length - 1].getName()));
- assertEquals(null, manager.getUser(users[users.length - 1].getName()));
- assertEquals(false, manager.deleteUser(users[users.length - 1].getName()));
+ assertFalse(manager.deleteUser("not a user"));
+ assertTrue(manager.deleteUser(users[users.length - 1].getName()));
+ assertNull(manager.getUser(users[users.length - 1].getName()));
+ assertFalse(manager.deleteUser(users[users.length - 1].getName()));
// grant privilege
user = manager.getUser(users[0].getName());
String path = "root.a.b.c";
int privilegeId = 0;
- assertEquals(false, user.hasPrivilege(path, privilegeId));
- assertEquals(true, manager.grantPrivilegeToUser(user.getName(), path, privilegeId));
- assertEquals(true, manager.grantPrivilegeToUser(user.getName(), path, privilegeId + 1));
- assertEquals(false, manager.grantPrivilegeToUser(user.getName(), path, privilegeId));
+ assertFalse(user.hasPrivilege(path, privilegeId));
+ assertTrue(manager.grantPrivilegeToUser(user.getName(), path, privilegeId));
+ assertTrue(manager.grantPrivilegeToUser(user.getName(), path, privilegeId + 1));
+ assertFalse(manager.grantPrivilegeToUser(user.getName(), path, privilegeId));
user = manager.getUser(users[0].getName());
- assertEquals(true, user.hasPrivilege(path, privilegeId));
+ assertTrue(user.hasPrivilege(path, privilegeId));
caught = false;
try {
manager.grantPrivilegeToUser("not a user", path, privilegeId);
} catch (AuthException e) {
caught = true;
}
- assertEquals(true, caught);
+ assertTrue(caught);
caught = false;
try {
manager.grantPrivilegeToUser(user.getName(), path, -1);
} catch (AuthException e) {
caught = true;
}
- assertEquals(true, caught);
+ assertTrue(caught);
// revoke privilege
user = manager.getUser(users[0].getName());
- assertEquals(true, manager.revokePrivilegeFromUser(user.getName(), path, privilegeId));
- assertEquals(false, manager.revokePrivilegeFromUser(user.getName(), path, privilegeId));
+ assertTrue(manager.revokePrivilegeFromUser(user.getName(), path, privilegeId));
+ assertFalse(manager.revokePrivilegeFromUser(user.getName(), path, privilegeId));
caught = false;
try {
manager.revokePrivilegeFromUser("not a user", path, privilegeId);
} catch (AuthException e) {
caught = true;
}
- assertEquals(true, caught);
+ assertTrue(caught);
caught = false;
try {
manager.revokePrivilegeFromUser(user.getName(), path, -1);
} catch (AuthException e) {
caught = true;
}
- assertEquals(true, caught);
+ assertTrue(caught);
// update password
String newPassword = "newPassword";
String illegalPW = "new";
- assertEquals(true, manager.updateUserPassword(user.getName(), newPassword));
- assertEquals(false, manager.updateUserPassword(user.getName(), illegalPW));
+ assertTrue(manager.updateUserPassword(user.getName(), newPassword));
+ assertFalse(manager.updateUserPassword(user.getName(), illegalPW));
user = manager.getUser(user.getName());
assertEquals(AuthUtils.encryptPassword(newPassword), user.getPassword());
caught = false;
@@ -157,34 +160,34 @@ public class LocalFileUserManagerTest {
} catch (AuthException e) {
caught = true;
}
- assertEquals(true, caught);
+ assertTrue(caught);
// grant role
String roleName = "newrole";
- assertEquals(true, manager.grantRoleToUser(roleName, user.getName()));
- assertEquals(false, manager.grantRoleToUser(roleName, user.getName()));
+ assertTrue(manager.grantRoleToUser(roleName, user.getName()));
+ assertFalse(manager.grantRoleToUser(roleName, user.getName()));
user = manager.getUser(user.getName());
- assertEquals(true, user.hasRole(roleName));
+ assertTrue(user.hasRole(roleName));
caught = false;
try {
manager.grantRoleToUser("not a user", roleName);
} catch (AuthException e) {
caught = true;
}
- assertEquals(true, caught);
+ assertTrue(caught);
// revoke role
- assertEquals(true, manager.revokeRoleFromUser(roleName, user.getName()));
- assertEquals(false, manager.revokeRoleFromUser(roleName, user.getName()));
+ assertTrue(manager.revokeRoleFromUser(roleName, user.getName()));
+ assertFalse(manager.revokeRoleFromUser(roleName, user.getName()));
user = manager.getUser(user.getName());
- assertEquals(false, user.hasRole(roleName));
+ assertFalse(user.hasRole(roleName));
caught = false;
try {
manager.revokeRoleFromUser("not a user", roleName);
} catch (AuthException e) {
caught = true;
}
- assertEquals(true, caught);
+ assertTrue(caught);
// list users
List<String> usernames = manager.listAllUsers();
diff --git a/session/src/test/java/org/apache/iotdb/session/IoTDBSessionSimpleIT.java b/session/src/test/java/org/apache/iotdb/session/IoTDBSessionSimpleIT.java
index 09849c8..28fcf1e 100644
--- a/session/src/test/java/org/apache/iotdb/session/IoTDBSessionSimpleIT.java
+++ b/session/src/test/java/org/apache/iotdb/session/IoTDBSessionSimpleIT.java
@@ -24,6 +24,7 @@ import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
@@ -388,4 +389,31 @@ public class IoTDBSessionSimpleIT {
session.deleteStorageGroup(storageGroup);
session.close();
}
+
+ @Test
+ public void deleteData() throws StatementExecutionException, IoTDBConnectionException {
+ session = new Session("127.0.0.1", 6667, "root", "root");
+ session.open();
+ String device = "root.sg1.d1";
+ List<MeasurementSchema> schemaList = new ArrayList<>();
+ for (int i = 0; i < 3; i++) {
+ schemaList.add(new MeasurementSchema("s" + i, TSDataType.INT64));
+ }
+ Tablet tablet = new Tablet(device, schemaList, 1000);
+ while(tablet.rowSize < 10) {
+ tablet.addTimestamp(tablet.rowSize, tablet.rowSize);
+ for (int i = 0; i < 3; i++) {
+ tablet.addValue("s" + i, tablet.rowSize, (long) tablet.rowSize);
+ }
+ tablet.rowSize++;
+ }
+ session.insertTablet(tablet);
+ session.executeNonQueryStatement("flush");
+ session.deleteData(Collections.singletonList("root.sg1.d1.s1"), 4, 6);
+ SessionDataSet dataSet = session.executeQueryStatement("select s1 from root.sg1.d1 where time < 6 and time > 4");
+ while(dataSet.hasNext()) {
+ RowRecord record = dataSet.next();
+ System.out.println(record.toString());
+ }
+ }
}