Examples with FrontendConfig com.github.ambry.config.FrontendConfig used on opensource projects

Example 1 with FrontendConfig

use of com.github.ambry.config.FrontendConfig in project ambry by linkedin.

the class AmbrySecurityServiceTest method postProcessQuotaManagerTest.

/**
 * {@link AmbrySecurityService#postProcessRequest(RestRequest, Callback)})} should throw RestServiceException if rate
 * is more than expected. RestServiceErrorCode.TooManyRequests is expected in this case.
 */
@Test
public void postProcessQuotaManagerTest() throws Exception {
    HostLevelThrottler quotaManager = Mockito.mock(HostLevelThrottler.class);
    AmbrySecurityService ambrySecurityService = new AmbrySecurityService(new FrontendConfig(new VerifiableProperties(new Properties())), new FrontendMetrics(new MetricRegistry()), URL_SIGNING_SERVICE_FACTORY.getUrlSigningService(), quotaManager, QUOTA_MANAGER);
    // Everything should be good.
    Mockito.when(quotaManager.shouldThrottle(any())).thenReturn(false);
    for (int i = 0; i < 100; i++) {
        for (RestMethod restMethod : RestMethod.values()) {
            RestRequest restRequest = createRestRequest(restMethod, "/", null);
            ambrySecurityService.postProcessRequest(restRequest).get();
        }
    }
    // Requests should be denied.
    Mockito.when(quotaManager.shouldThrottle(any())).thenReturn(true);
    for (RestMethod restMethod : RestMethod.values()) {
        RestRequest restRequest = createRestRequest(restMethod, "/", null);
        try {
            ambrySecurityService.postProcessRequest(restRequest).get();
            Assert.fail("Should have failed.");
        } catch (Exception e) {
            Assert.assertEquals("Exception should be TooManyRequests", RestServiceErrorCode.TooManyRequests, ((RestServiceException) e.getCause()).getErrorCode());
        }
    }
}

Example 2 with FrontendConfig

use of com.github.ambry.config.FrontendConfig in project ambry by linkedin.

the class AmbrySecurityServiceTest method preProcessRequestTest.

/**
 * Tests for {@link AmbrySecurityService#preProcessRequest(RestRequest, Callback)}
 * @throws Exception
 */
@Test
public void preProcessRequestTest() throws Exception {
    RestMethod[] methods = new RestMethod[] { RestMethod.POST, RestMethod.GET, RestMethod.DELETE, RestMethod.HEAD, RestMethod.OPTIONS, RestMethod.PUT };
    for (RestMethod restMethod : methods) {
        // add a header that is prohibited
        JSONObject headers = new JSONObject();
        headers.put(RestUtils.InternalKeys.KEEP_ALIVE_ON_ERROR_HINT, true);
        RestRequest restRequest = createRestRequest(restMethod, "/", headers);
        try {
            securityService.preProcessRequest(restRequest).get(1, TimeUnit.SECONDS);
            Assert.fail("Should have failed because the request contains a prohibited header: " + RestUtils.InternalKeys.KEEP_ALIVE_ON_ERROR_HINT);
        } catch (ExecutionException e) {
            RestServiceException rse = (RestServiceException) Utils.getRootCause(e);
            Assert.assertEquals("Should be a bad request", RestServiceErrorCode.BadRequest, rse.getErrorCode());
        }
    }
    // verify request args regarding to tracking is set accordingly
    RestRequest restRequest = createRestRequest(RestMethod.GET, "/", null);
    securityService.preProcessRequest(restRequest).get();
    Assert.assertTrue("The arg with key: ambry-internal-keys-send-tracking-info should be set to true", (Boolean) restRequest.getArgs().get(RestUtils.InternalKeys.SEND_TRACKING_INFO));
    Properties properties = new Properties();
    properties.setProperty("frontend.attach.tracking.info", "false");
    FrontendConfig frontendConfig = new FrontendConfig(new VerifiableProperties(properties));
    SecurityService securityServiceWithTrackingDisabled = new AmbrySecurityService(frontendConfig, new FrontendMetrics(new MetricRegistry()), URL_SIGNING_SERVICE_FACTORY.getUrlSigningService(), hostLevelThrottler, QUOTA_MANAGER);
    restRequest = createRestRequest(RestMethod.GET, "/", null);
    securityServiceWithTrackingDisabled.preProcessRequest(restRequest);
    Assert.assertFalse("The arg with key: ambry-internal-keys-send-tracking-info should be set to false", (Boolean) restRequest.getArgs().get(RestUtils.InternalKeys.SEND_TRACKING_INFO));
}

Example 3 with FrontendConfig

use of com.github.ambry.config.FrontendConfig in project ambry by linkedin.

the class PostBlobHandlerTest method initPostBlobHandler.

// helpers
// general
/**
 * Initates a {@link PostBlobHandler}
 * @param properties the properties to use to init the {@link PostBlobHandler}
 */
private void initPostBlobHandler(Properties properties) {
    VerifiableProperties verifiableProperties = new VerifiableProperties(properties);
    frontendConfig = new FrontendConfig(verifiableProperties);
    postBlobHandler = new PostBlobHandler(securityServiceFactory.getSecurityService(), idConverterFactory.getIdConverter(), idSigningService, router, injector, time, frontendConfig, metrics, CLUSTER_NAME, QUOTA_MANAGER);
}

Example 4 with FrontendConfig

use of com.github.ambry.config.FrontendConfig in project ambry by linkedin.

the class NamedBlobPutHandlerTest method initNamedBlobPutHandler.

/**
 * Initates a {@link NamedBlobPutHandler}
 * @param properties the properties to use to init the {@link NamedBlobPutHandler}
 */
private void initNamedBlobPutHandler(Properties properties) {
    VerifiableProperties verifiableProperties = new VerifiableProperties(properties);
    frontendConfig = new FrontendConfig(verifiableProperties);
    namedBlobPutHandler = new NamedBlobPutHandler(securityServiceFactory.getSecurityService(), idConverterFactory.getIdConverter(), idSigningService, router, injector, frontendConfig, metrics, CLUSTER_NAME, QuotaTestUtils.createDummyQuotaManager());
}

Example 5 with FrontendConfig

use of com.github.ambry.config.FrontendConfig in project ambry by linkedin.

the class FrontendTestUrlSigningServiceFactory method injectAccountAndContainerForPutAndVerify.

/**
 * Puts blobs and verify injected target {@link Account} and {@link Container}.
 * @param container the {@link Container} to use.
 * @param shouldAllowServiceIdBasedPut {@code true} if PUT requests with serviceId parsed as {@link Account} name is
 *                                                 allowed; {@code false} otherwise.
 * @throws Exception
 */
private void injectAccountAndContainerForPutAndVerify(Container container, boolean shouldAllowServiceIdBasedPut) throws Exception {
    configProps.setProperty("frontend.allow.service.id.based.post.request", String.valueOf(shouldAllowServiceIdBasedPut));
    verifiableProperties = new VerifiableProperties(configProps);
    frontendConfig = new FrontendConfig(verifiableProperties);
    accountAndContainerInjector = new AccountAndContainerInjector(accountService, frontendMetrics, frontendConfig);
    ambryBlobStorageService = getAmbryBlobStorageService();
    ambryBlobStorageService.start();
    populateAccountService();
    // should succeed when serviceId-based PUT requests are allowed.
    postBlobAndVerifyWithAccountAndContainer(null, null, "serviceId", !container.isCacheable(), shouldAllowServiceIdBasedPut ? InMemAccountService.UNKNOWN_ACCOUNT : null, shouldAllowServiceIdBasedPut ? (container.isCacheable() ? Container.DEFAULT_PUBLIC_CONTAINER : Container.DEFAULT_PRIVATE_CONTAINER) : null, shouldAllowServiceIdBasedPut ? null : RestServiceErrorCode.BadRequest);
    // should fail, because accountName needs to be specified.
    postBlobAndVerifyWithAccountAndContainer(null, "dummyContainerName", "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
    // should fail, because account name from serviceId could not be located in account service.
    postBlobAndVerifyWithAccountAndContainer(null, Container.UNKNOWN_CONTAINER_NAME, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidContainer);
    // should fail, because accountName needs to be specified.
    postBlobAndVerifyWithAccountAndContainer(null, refContainer.getName(), "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
    // should fail, because accountName is not allowed.
    postBlobAndVerifyWithAccountAndContainer(Account.UNKNOWN_ACCOUNT_NAME, null, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should fail, because accountName is not allowed.
    postBlobAndVerifyWithAccountAndContainer(Account.UNKNOWN_ACCOUNT_NAME, "dummyContainerName", "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should fail, because accountName is not allowed.
    postBlobAndVerifyWithAccountAndContainer(Account.UNKNOWN_ACCOUNT_NAME, Container.UNKNOWN_CONTAINER_NAME, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should fail, because accountName is not allowed.
    postBlobAndVerifyWithAccountAndContainer(Account.UNKNOWN_ACCOUNT_NAME, refContainer.getName(), "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should fail, because container name needs to be specified
    postBlobAndVerifyWithAccountAndContainer(refAccount.getName(), null, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
    // should fail, because containerName does not exist.
    postBlobAndVerifyWithAccountAndContainer(refAccount.getName(), "dummyContainerName", "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidContainer);
    // should fail, because containerName is not allowed.
    postBlobAndVerifyWithAccountAndContainer(refAccount.getName(), Container.UNKNOWN_CONTAINER_NAME, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidContainer);
    // should succeed.
    String blobIdStr = postBlobAndVerifyWithAccountAndContainer(refAccount.getName(), refContainer.getName(), "serviceId", !container.isCacheable(), refAccount, refContainer, null);
    // should succeed.
    verifyAccountAndContainerFromBlobId(blobIdStr, refAccount, refContainer, null);
    // should fail, because containerName needs to be specified.
    postBlobAndVerifyWithAccountAndContainer("dummyAccountName", null, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
    // should fail, because accountName does not exist.
    postBlobAndVerifyWithAccountAndContainer("dummyAccountName", "dummyContainerName", "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should fail, because container name is now allowed.
    postBlobAndVerifyWithAccountAndContainer("dummyAccountName", Container.UNKNOWN_CONTAINER_NAME, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidContainer);
    // should fail, because accountName does not exist.
    postBlobAndVerifyWithAccountAndContainer("dummyAccountName", refContainer.getName(), "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should fail, because accountName implicitly set by serviceId is not allowed.
    postBlobAndVerifyWithAccountAndContainer(null, null, Account.UNKNOWN_ACCOUNT_NAME, !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should fail, because accountName implicitly set by serviceId is not allowed.
    postBlobAndVerifyWithAccountAndContainer(null, "dummyContainerName", Account.UNKNOWN_ACCOUNT_NAME, !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should fail, because accountName implicitly set by serviceId is not allowed.
    postBlobAndVerifyWithAccountAndContainer(null, Container.UNKNOWN_CONTAINER_NAME, Account.UNKNOWN_ACCOUNT_NAME, !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should fail, because accountName implicitly set by serviceId is not allowed.
    postBlobAndVerifyWithAccountAndContainer(null, refContainer.getName(), Account.UNKNOWN_ACCOUNT_NAME, !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should succeed if the serviceId-based PUT requests are allowed, but this is a special case that account is
    // created without the legacy containers for public and private put.
    postBlobAndVerifyWithAccountAndContainer(null, null, refAccount.getName(), !container.isCacheable(), shouldAllowServiceIdBasedPut ? refAccount : null, shouldAllowServiceIdBasedPut ? (container.isCacheable() ? refDefaultPublicContainer : refDefaultPrivateContainer) : null, shouldAllowServiceIdBasedPut ? null : RestServiceErrorCode.BadRequest);
    // should fail, because accountName needs to be specified.
    postBlobAndVerifyWithAccountAndContainer(null, "dummyContainerName", refAccount.getName(), !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
    // should fail, because accountName implicitly set by serviceId does not have the default container.
    postBlobAndVerifyWithAccountAndContainer(null, Container.UNKNOWN_CONTAINER_NAME, refAccount.getName(), !container.isCacheable(), null, null, RestServiceErrorCode.InvalidContainer);
    // should fail, because accountName needs to be specified.
    postBlobAndVerifyWithAccountAndContainer(null, refContainer.getName(), refAccount.getName(), !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
    Container legacyContainerForPublicBlob = new ContainerBuilder(Container.DEFAULT_PUBLIC_CONTAINER_ID, "containerForLegacyPublicPut", Container.ContainerStatus.ACTIVE, "This is a container for putting legacy public blob", false, false, false, false, refAccount.getId()).build();
    Container legacyContainerForPrivateBlob = new ContainerBuilder(Container.DEFAULT_PRIVATE_CONTAINER_ID, "containerForLegacyPrivatePut", Container.ContainerStatus.ACTIVE, "This is a container for putting legacy private blob", false, false, true, false, refAccount.getId()).build();
    Account accountWithTwoDefaultContainers = new AccountBuilder(refAccount).addOrUpdateContainer(legacyContainerForPrivateBlob).addOrUpdateContainer(legacyContainerForPublicBlob).build();
    accountService.updateAccounts(Collections.singletonList(accountWithTwoDefaultContainers));
    if (!container.isCacheable()) {
        // should succeed if serviceId-based PUT requests are allowed.
        postBlobAndVerifyWithAccountAndContainer(null, null, accountWithTwoDefaultContainers.getName(), !container.isCacheable(), shouldAllowServiceIdBasedPut ? accountWithTwoDefaultContainers : null, shouldAllowServiceIdBasedPut ? accountWithTwoDefaultContainers.getContainerById(Container.DEFAULT_PRIVATE_CONTAINER_ID) : null, shouldAllowServiceIdBasedPut ? null : RestServiceErrorCode.BadRequest);
        // should fail, because accountName needs to be specified.
        postBlobAndVerifyWithAccountAndContainer(null, "dummyContainerName", accountWithTwoDefaultContainers.getName(), !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
    } else {
        // should succeed if serviceId-based PUT requests are allowed.
        postBlobAndVerifyWithAccountAndContainer(null, null, accountWithTwoDefaultContainers.getName(), !container.isCacheable(), shouldAllowServiceIdBasedPut ? accountWithTwoDefaultContainers : null, shouldAllowServiceIdBasedPut ? accountWithTwoDefaultContainers.getContainerById(Container.DEFAULT_PUBLIC_CONTAINER_ID) : null, shouldAllowServiceIdBasedPut ? null : RestServiceErrorCode.BadRequest);
        // should fail, because accountName needs to be specified.
        postBlobAndVerifyWithAccountAndContainer(null, "dummyContainerName", accountWithTwoDefaultContainers.getName(), !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
    }
}