Conversation
| - ./environment-configs/router-custom-check-tls | ||
|
|
||
| druid-openldap: | ||
| image: osixia/openldap:1.4.0 |
There was a problem hiding this comment.
This uses MIT license. Do we need to add this to any license file or anything like that?
There was a problem hiding this comment.
Since this is only pulled while running the integration tests, I think it can be omitted, since it won't actually ever be included in a source/binary/docker distribution, which is what the license and notice files cover.
| -- See the License for the specific language governing permissions and | ||
| -- limitations under the License. | ||
|
|
||
| INSERT INTO druid_tasks (id, created_date, datasource, payload, status_payload, active) VALUES ('index_auth_test_2030-04-30T01:13:31.893Z', '2030-04-30T01:13:31.893Z', 'auth_test', '{\"id\":\"index_auth_test_2030-04-30T01:13:31.893Z\",\"created_date\":\"2030-04-30T01:13:31.893Z\",\"datasource\":\"auth_test\",\"active\":0}', '{\"id\":\"index_auth_test_2030-04-30T01:13:31.893Z\",\"status\":\"SUCCESS\",\"duration\":1}', 0); |
There was a problem hiding this comment.
This is same as security-sample-data.sql . There is a script file that is expecting a file with name {GROUP}-sample-data.sql. maybe can change logic specifically for security or ldap-security group tests to just look for the security-sample-data.sql instead?
There was a problem hiding this comment.
Hmm, I checked the test-data dir and it looks like the 3 files below (out of 5) are identical:
high-availability-sample-data.sql
query-retry-sample-data.sql
query-sample-data.sql
I'm not sure at this point how likely it is for these sample data sets to diverge in the future, but it seems like it might be reasonable to change the structure in a way such that the individual groups can specify directly what sample data they need preloaded (and those 3 files, and the security files, could be shared).
That said, I don't think it's a huge deal if we introduce another copy now.
There was a problem hiding this comment.
Left as is. Think fixing this otherwise would require a lot of code churn. If we're going to fix this, I think it should be in another pr.
| } | ||
|
|
||
| @Test | ||
| public void testSystemSchemaAccess() throws Exception |
There was a problem hiding this comment.
This test seems to be doing many things. Can we break it up into smaller tests?
There was a problem hiding this comment.
Similar comment for other examples in this test. It seems like each time the logger is used, that could be a separate test
There was a problem hiding this comment.
broke up a lot of the tests.
| -- See the License for the specific language governing permissions and | ||
| -- limitations under the License. | ||
|
|
||
| INSERT INTO druid_tasks (id, created_date, datasource, payload, status_payload, active) VALUES ('index_auth_test_2030-04-30T01:13:31.893Z', '2030-04-30T01:13:31.893Z', 'auth_test', '{\"id\":\"index_auth_test_2030-04-30T01:13:31.893Z\",\"created_date\":\"2030-04-30T01:13:31.893Z\",\"datasource\":\"auth_test\",\"active\":0}', '{\"id\":\"index_auth_test_2030-04-30T01:13:31.893Z\",\"status\":\"SUCCESS\",\"duration\":1}', 0); |
There was a problem hiding this comment.
Hmm, I checked the test-data dir and it looks like the 3 files below (out of 5) are identical:
high-availability-sample-data.sql
query-retry-sample-data.sql
query-sample-data.sql
I'm not sure at this point how likely it is for these sample data sets to diverge in the future, but it seems like it might be reasonable to change the structure in a way such that the individual groups can specify directly what sample data they need preloaded (and those 3 files, and the security files, could be shared).
That said, I don't think it's a huge deal if we introduce another copy now.
| objectClass: inetOrgPerson | ||
| loginShell: /bin/bash | ||
| homeDirectory: /home/admin | ||
| uidNumber: 14583100 |
There was a problem hiding this comment.
Can you add some comments to the file on how the uid/gid values here were determined? Could they ever change?
There was a problem hiding this comment.
Oh I think I just took it from some example I found. I think the can be whatever. To make this simpler let me just start from 1 instead.
| { | ||
| }; | ||
|
|
||
| private static final String SYSTEM_SCHEMA_SEGMENTS_RESULTS_RESOURCE = |
There was a problem hiding this comment.
These look identical to the ones in the abstract base class
| { | ||
| private static final Logger LOG = new Logger(ITBasicAuthLdapConfigurationTest.class); | ||
|
|
||
| private static final String LDAP_AUTHENTICATOR = "ldap"; |
There was a problem hiding this comment.
I think you could avoid some test redundancy if you added methods like getAuthenticatorName, getAuthorizerName, getExpectedAvaticaAuthError and had the basic/ldap tests provide implementations for those that returned these strings
* refactor * address review comments
4 participants
Description
Added integration tests for testing the druid-basic-security extension in ldap mode. Modeled heavily after the existing
ITBasicAuthConfigurationTest. Added new test groupldap-securityas we need specific common druid properties to be set in order configure druid to use ldap auth z/nbootstrap.ldifITBasicAuthConfigurationTestandITBasicAuthLdapConfigurationTestinto base classAbstractAuthConfigurationTest