AclValidationTest.java

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.apache.falcon.regression.security;

import org.apache.commons.httpclient.HttpStatus;
import org.apache.falcon.regression.Entities.ClusterMerlin;
import org.apache.falcon.regression.Entities.FeedMerlin;
import org.apache.falcon.regression.Entities.ProcessMerlin;
import org.apache.falcon.regression.core.bundle.Bundle;
import org.apache.falcon.regression.core.enumsAndConstants.MerlinConstants;
import org.apache.falcon.regression.core.helpers.ColoHelper;
import org.apache.falcon.regression.core.response.ServiceResponse;
import org.apache.falcon.regression.core.util.AssertUtil;
import org.apache.falcon.regression.core.util.BundleUtil;
import org.apache.falcon.regression.core.util.HadoopUtil;
import org.apache.falcon.regression.core.util.OSUtil;
import org.apache.falcon.regression.testHelper.BaseTestClass;
import org.apache.hadoop.fs.FileSystem;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;


/**
 * Tests if ACL info is consistent with user submitting the entity.
 */
@Test(groups = "authorization")
public class AclValidationTest extends BaseTestClass {

    private ColoHelper cluster = servers.get(0);
    private FileSystem clusterFS = serverFS.get(0);
    private String baseTestDir = cleanAndGetTestDir();
    private String aggregateWorkflowDir = baseTestDir + "/aggregator";
    private String feedInputPath = baseTestDir + "/input" + MINUTE_DATE_PATTERN;

    private ClusterMerlin clusterMerlin;
    private FeedMerlin feedMerlin;
    private ProcessMerlin processMerlin;

    @BeforeClass(alwaysRun = true)
    public void uploadWorkflow() throws Exception {
        HadoopUtil.uploadDir(clusterFS, aggregateWorkflowDir, OSUtil.RESOURCES_OOZIE);
    }

    @BeforeMethod(alwaysRun = true)
    public void setup() throws Exception {
        Bundle bundle = BundleUtil.readELBundle();
        bundles[0] = new Bundle(bundle, cluster);
        bundles[0].generateUniqueBundle(this);
        bundles[0].setInputFeedDataPath(feedInputPath);
        bundles[0].setProcessWorkflow(aggregateWorkflowDir);
        clusterMerlin = bundles[0].getClusterElement();
        feedMerlin = new FeedMerlin(bundles[0].getInputFeedFromBundle());
        processMerlin = bundles[0].getProcessObject();
    }

    /**
     * Test a cluster's acl validations for different aclOwner and aclGroup.
     * @param aclOwner owner for the acl
     * @param aclGroup group for the acl
     * @throws Exception
     */
    @Test(dataProvider = "generateUserAndGroup")
    public void submitClusterBadAcl(String aclOwner, String aclGroup) throws Exception {
        clusterMerlin.setACL(aclOwner, aclGroup, "*");
        final ServiceResponse serviceResponse =
            prism.getClusterHelper().submitEntity(clusterMerlin.toString());
        AssertUtil.assertFailedWithStatus(serviceResponse, HttpStatus.SC_BAD_REQUEST,
            "Cluster's ACL owner should be same as submitting user");
    }

    /**
     * Test a feed's acl validations for different aclOwner and aclGroup.
     * @param aclOwner owner for the acl
     * @param aclGroup group for the acl
     * @throws Exception
     */
    @Test(dataProvider = "generateUserAndGroup")
    public void submitFeedBadAcl(String aclOwner, String aclGroup) throws Exception {
        bundles[0].submitClusters(prism);
        feedMerlin.setACL(aclOwner, aclGroup, "*");
        final ServiceResponse serviceResponse =
            prism.getFeedHelper().submitEntity(feedMerlin.toString());
        AssertUtil.assertFailedWithStatus(serviceResponse, HttpStatus.SC_BAD_REQUEST,
            "Feed's ACL owner should be same as submitting user");
    }

    /**
     * Test a process's acl validations for different aclOwner and aclGroup.
     * @param aclOwner owner for the acl
     * @param aclGroup group for the acl
     * @throws Exception
     */
    @Test(dataProvider = "generateUserAndGroup")
    public void submitProcessBadAcl(String aclOwner, String aclGroup) throws Exception {
        bundles[0].submitAndScheduleAllFeeds();
        processMerlin.setACL(aclOwner, aclGroup, "*");
        final ServiceResponse serviceResponse =
            prism.getProcessHelper().submitEntity(processMerlin.toString());
        AssertUtil.assertFailedWithStatus(serviceResponse, HttpStatus.SC_BAD_REQUEST,
            "Process's ACL owner should be same as submitting user");
    }

    @DataProvider(name = "generateUserAndGroup")
    public Object[][] generateUserAndGroup() {
        return new Object[][] {
            {MerlinConstants.CURRENT_USER_NAME, MerlinConstants.DIFFERENT_USER_GROUP},
            {MerlinConstants.CURRENT_USER_NAME, "nonexistinggroup"},
            {"nonexistinguser", MerlinConstants.CURRENT_USER_GROUP},
        };
    }

    @AfterMethod(alwaysRun = true)
    public void tearDown() {
        removeTestClassEntities();
    }
}