def test_unredacted(self):
'''Do a sanity check to verify that the system behaves as expected when no redaction
rules are set. The expectation is the full query text will show up in the logs
and the web ui.
'''
if self.exploration_strategy() != 'exhaustive':
pytest.skip('runs only in exhaustive')
self.start_cluster_using_rules('')
email = '*****@*****.**'
self.execute_query_expect_success(
self.client,
"SELECT COUNT(*) FROM functional.alltypes WHERE string_col = '%s'"
% email)
# The query should also be found in the web ui.
self.assert_web_ui_contains(self.find_last_query_id(), email)
# Wait for the audit logs to be written. 5 seconds is an arbitrary value, typically
# only a second is needed.
sleep(5)
# The query should show up in both the audit and non-audit logs
assert_file_in_dir_contains(self.log_dir, email)
assert_file_in_dir_contains(self.audit_dir, email)
# The profile is encoded so the email won't be found.
assert_no_files_in_dir_contain(self.profile_dir, email)
# Since all the tests passed, the log dir shouldn't be of interest and can be
# deleted.
shutil.rmtree(self.tmp_dir)
def test_nonexistent_path(self, unique_name):
# parse log file for expected exception
assert_file_in_dir_contains(
TestStartupFilesystemChecks.LOG_DIR,
"Invalid path specified for startup_filesystem_check_directories: "
+ "{0} does not exist.".format(
TestStartupFilesystemChecks.NONEXISTENT_PATH))
def test_nondirectory_path(self, unique_name):
# parse log file for expected exception
assert_file_in_dir_contains(
TestStartupFilesystemChecks.LOG_DIR,
"Invalid path specified for startup_filesystem_check_directories: "
+ "{0} is not a directory.".format(
TestStartupFilesystemChecks.NONDIRECTORY_PATH))
def test_unredacted(self):
'''Do a sanity check to verify that the system behaves as expected when no redaction
rules are set. The expectation is the full query text will show up in the logs
and the web ui.
'''
self.start_cluster_using_rules('')
email = '*****@*****.**'
self.execute_query_expect_success(self.client,
"SELECT COUNT(*) FROM functional.alltypes WHERE string_col = '%s'" % email)
# The query should also be found in the web ui.
self.assert_web_ui_contains(self.find_last_query_id(), email)
# Wait for the audit logs to be written. 5 seconds is an arbitrary value, typically
# only a second is needed.
sleep(5)
# The query should show up in both the audit and non-audit logs
assert_file_in_dir_contains(self.log_dir, email)
assert_file_in_dir_contains(self.audit_dir, email)
# The profile is encoded so the email won't be found.
assert_no_files_in_dir_contain(self.profile_dir, email)
# Since all the tests passed, the log dir shouldn't be of interest and can be
# deleted.
shutil.rmtree(self.tmp_dir)
def test_invalid_provider_flag(self, unique_name):
# parse log file for expected exception
assert_file_in_dir_contains(
TestAuthorizationProvider.LOG_DIR,
"InternalException: Could not parse "
"authorization_provider flag: {}".format(
TestAuthorizationProvider.BAD_FLAG))
def test_multiple_valid_dirs(self, unique_name):
valid_directories = TestStartupFilesystemChecks.MULTIPLE_VALID_DIRECTORIES.split(
",")
for valid_dir in valid_directories:
if len(valid_dir) == 0:
continue
# parse log file for expected log message showing success
assert_file_in_dir_contains(
TestStartupFilesystemChecks.LOG_DIR,
"Successfully listed {0}".format(valid_dir))
def assert_log_redaction(self, unredacted_value, redacted_value, expect_audit=True):
'''Asserts that the 'unredacted_value' is not present but the 'redacted_value' is.'''
# Logs should not contain the unredacted value.
assert_no_files_in_dir_contain(self.log_dir, unredacted_value)
assert_no_files_in_dir_contain(self.audit_dir, unredacted_value)
assert_no_files_in_dir_contain(self.profile_dir, unredacted_value)
# But the redacted value should be there except for the profile since that is
# encoded.
assert_file_in_dir_contains(self.log_dir, redacted_value)
if expect_audit:
assert_file_in_dir_contains(self.audit_dir, redacted_value)
def assert_log_redaction(self,
unredacted_value,
redacted_value,
expect_audit=True):
'''Asserts that the 'unredacted_value' is not present but the 'redacted_value' is.'''
# Logs should not contain the unredacted value.
assert_no_files_in_dir_contain(self.log_dir, unredacted_value)
assert_no_files_in_dir_contain(self.audit_dir, unredacted_value)
assert_no_files_in_dir_contain(self.profile_dir, unredacted_value)
# But the redacted value should be there except for the profile since that is
# encoded.
assert_file_in_dir_contains(self.log_dir, redacted_value)
if expect_audit:
assert_file_in_dir_contains(self.audit_dir, redacted_value)
def test_hook_instantiation_fail(self):
"""
Tests that failure to instantiate a QueryEventHook will prevent
successful daemon startup.
This is done by parsing the impala log file for a specific message
so is kind of brittle and maybe even prone to flakiness, depending
on how the log file is flushed.
"""
# parse log file for expected exception
assert_file_in_dir_contains(
TestHooksStartupFail.LOG_DIR2,
"Unable to instantiate query event hook class {0}".format(
TestHooksStartupFail.NONEXIST_HOOK))
def test_hook_startup_fail(self):
"""
Tests that exception during QueryEventHook.onImpalaStart will prevent
successful daemon startup.
This is done by parsing the impala log file for a specific message
so is kind of brittle and maybe even prone to flakiness, depending
on how the log file is flushed.
"""
# parse log file for expected exception
assert_file_in_dir_contains(
TestHooksStartupFail.LOG_DIR1,
"Exception during onImpalaStartup from "
"QueryEventHook class {0}".format(
TestHooksStartupFail.FAILING_HOOK))
def test_deprecated_flags(self):
assert_file_in_dir_contains(
self.impala_log_dir, "authorization_policy_file flag" +
" is deprecated. Object Ownership feature is not supported")
def test_deprecated_flags(self):
assert_file_in_dir_contains(
self.impala_log_dir, "Ignoring removed flag "
"authorization_policy_file")
def test_valid_subdirectory(self, unique_name):
# parse log file for expected log message showing success
assert_file_in_dir_contains(
TestStartupFilesystemChecks.LOG_DIR,
"Successfully listed {0}".format(
TestStartupFilesystemChecks.VALID_SUBDIRECTORY))
def test_deprecated_flags(self):
assert_file_in_dir_contains(self.impala_log_dir, "Ignoring removed flag "
"authorization_policy_file")
def test_invalid_provider_flag(self, unique_name):
# parse log file for expected exception
assert_file_in_dir_contains(TestAuthorizationProvider.LOG_DIR,
"InternalException: Could not parse "
"authorization_provider flag: {}"
.format(TestAuthorizationProvider.BAD_FLAG))
