Apache
/
druid
mirror of https://github.com/apache/druid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
druid/integration-tests-ex/tools
History
Paul Rogers f4dcc52dac
Redesign QueryContext class (#13071) 
We introduce two new configuration keys that refine the query context security model controlled by druid.auth.authorizeQueryContextParams. When that value is set to true then two other configuration options become available:

druid.auth.unsecuredContextKeys: The set of query context keys that do not require a security check. Use this for the "white-list" of key to allow. All other keys go through the existing context key security checks.
druid.auth.securedContextKeys: The set of query context keys that do require a security check. Use this when you want to allow all but a specific set of keys: only these keys go through the existing context key security checks.
Both are set using JSON list format:

druid.auth.securedContextKeys=["secretKey1", "secretKey2"]
You generally set one or the other values. If both are set, unsecuredContextKeys acts as exceptions to securedContextKeys.

In addition, Druid defines two query context keys which always bypass checks because Druid uses them internally:

sqlQueryId
sqlStringifyArrays
 		2022-10-15 11:02:11 +05:30
..
src/main Redesign QueryContext class (#13071) 2022-10-15 11:02:11 +05:30
README.md Add the new integration test framework (#12368) 2022-08-24 17:03:23 +05:30
pom.xml Suppress false CVEs (#13026) 2022-09-06 11:46:56 +05:30

README.md

Testing Tools

it-tools is a copy of extensions-core/testing-tools (module name druid-testing-tools.)

The testing tools are added to the Druid test Docker image. The druid-testing-tools module defines most such additions. However, integration-tests defines a custom node role which also must be added to the image. integration-tests uses a different mechanism to do that addition.

Here, we want a single extension for all the testing gizmos. This is a direct copy of the druid-testing-tools extension, along with a copy of the custom node role from integration-tests.

The reason this is a copy, rather than fixing up druid-testing-tools is that the existing integration-tests must continue to run and it is very difficult to change or test them. (Which is the reason for this parallel approach.) To keep backward compatibility, and to avoid changing integration-tests, we keep the prior approach and make copies here for the new approach.

The names should never clash: it-tools is only ever used within the docker-test project, and the druid-testing-tools is not included as a dependency.

Over time, once integration-tests are converted, then the druid-testing-tools module can be deprecated in favor of this one.