def test_unredacted(self):
'''Do a sanity check to verify that the system behaves as expected when no redaction
rules are set. The expectation is the full query text will show up in the logs
and the web ui.
'''
if self.exploration_strategy() != 'exhaustive':
pytest.skip('runs only in exhaustive')
self.start_cluster_using_rules('')
email = '*****@*****.**'
self.execute_query_expect_success(
self.client,
"SELECT COUNT(*) FROM functional.alltypes WHERE string_col = '%s'"
% email)
# The query should also be found in the web ui.
self.assert_web_ui_contains(self.find_last_query_id(), email)
# Wait for the audit logs to be written. 5 seconds is an arbitrary value, typically
# only a second is needed.
sleep(5)
# The query should show up in both the audit and non-audit logs
assert_file_in_dir_contains(self.log_dir, email)
assert_file_in_dir_contains(self.audit_dir, email)
# The profile is encoded so the email won't be found.
assert_no_files_in_dir_contain(self.profile_dir, email)
# Since all the tests passed, the log dir shouldn't be of interest and can be
# deleted.
shutil.rmtree(self.tmp_dir)
def test_unredacted(self):
'''Do a sanity check to verify that the system behaves as expected when no redaction
rules are set. The expectation is the full query text will show up in the logs
and the web ui.
'''
self.start_cluster_using_rules('')
email = '*****@*****.**'
self.execute_query_expect_success(self.client,
"SELECT COUNT(*) FROM functional.alltypes WHERE string_col = '%s'" % email)
# The query should also be found in the web ui.
self.assert_web_ui_contains(self.find_last_query_id(), email)
# Wait for the audit logs to be written. 5 seconds is an arbitrary value, typically
# only a second is needed.
sleep(5)
# The query should show up in both the audit and non-audit logs
assert_file_in_dir_contains(self.log_dir, email)
assert_file_in_dir_contains(self.audit_dir, email)
# The profile is encoded so the email won't be found.
assert_no_files_in_dir_contain(self.profile_dir, email)
# Since all the tests passed, the log dir shouldn't be of interest and can be
# deleted.
shutil.rmtree(self.tmp_dir)
def assert_log_redaction(self, unredacted_value, redacted_value, expect_audit=True):
'''Asserts that the 'unredacted_value' is not present but the 'redacted_value' is.'''
# Logs should not contain the unredacted value.
assert_no_files_in_dir_contain(self.log_dir, unredacted_value)
assert_no_files_in_dir_contain(self.audit_dir, unredacted_value)
assert_no_files_in_dir_contain(self.profile_dir, unredacted_value)
# But the redacted value should be there except for the profile since that is
# encoded.
assert_file_in_dir_contains(self.log_dir, redacted_value)
if expect_audit:
assert_file_in_dir_contains(self.audit_dir, redacted_value)
def assert_log_redaction(self,
unredacted_value,
redacted_value,
expect_audit=True):
'''Asserts that the 'unredacted_value' is not present but the 'redacted_value' is.'''
# Logs should not contain the unredacted value.
assert_no_files_in_dir_contain(self.log_dir, unredacted_value)
assert_no_files_in_dir_contain(self.audit_dir, unredacted_value)
assert_no_files_in_dir_contain(self.profile_dir, unredacted_value)
# But the redacted value should be there except for the profile since that is
# encoded.
assert_file_in_dir_contains(self.log_dir, redacted_value)
if expect_audit:
assert_file_in_dir_contains(self.audit_dir, redacted_value)
def test_deprecated_flag_doesnt_show(self):
assert_no_files_in_dir_contain(
self.impala_log_dir, "authorization_policy_file " +
"flag is deprecated. Object Ownership feature is not supported")
def test_deprecated_flag_doesnt_show(self):
assert_no_files_in_dir_contain(
self.impala_log_dir, "Ignoring removed flag "
"authorization_policy_file")
def test_deprecated_flag_doesnt_show(self):
assert_no_files_in_dir_contain(self.impala_log_dir, "Ignoring removed flag "
"authorization_policy_file")