use of com.github.ambry.config.FrontendConfig in project ambry by linkedin.
the class AmbrySecurityServiceTest method postProcessQuotaManagerTest.
/**
* {@link AmbrySecurityService#postProcessRequest(RestRequest, Callback)})} should throw RestServiceException if rate
* is more than expected. RestServiceErrorCode.TooManyRequests is expected in this case.
*/
@Test
public void postProcessQuotaManagerTest() throws Exception {
HostLevelThrottler quotaManager = Mockito.mock(HostLevelThrottler.class);
AmbrySecurityService ambrySecurityService = new AmbrySecurityService(new FrontendConfig(new VerifiableProperties(new Properties())), new FrontendMetrics(new MetricRegistry()), URL_SIGNING_SERVICE_FACTORY.getUrlSigningService(), quotaManager, QUOTA_MANAGER);
// Everything should be good.
Mockito.when(quotaManager.shouldThrottle(any())).thenReturn(false);
for (int i = 0; i < 100; i++) {
for (RestMethod restMethod : RestMethod.values()) {
RestRequest restRequest = createRestRequest(restMethod, "/", null);
ambrySecurityService.postProcessRequest(restRequest).get();
}
}
// Requests should be denied.
Mockito.when(quotaManager.shouldThrottle(any())).thenReturn(true);
for (RestMethod restMethod : RestMethod.values()) {
RestRequest restRequest = createRestRequest(restMethod, "/", null);
try {
ambrySecurityService.postProcessRequest(restRequest).get();
Assert.fail("Should have failed.");
} catch (Exception e) {
Assert.assertEquals("Exception should be TooManyRequests", RestServiceErrorCode.TooManyRequests, ((RestServiceException) e.getCause()).getErrorCode());
}
}
}
use of com.github.ambry.config.FrontendConfig in project ambry by linkedin.
the class AmbrySecurityServiceTest method preProcessRequestTest.
/**
* Tests for {@link AmbrySecurityService#preProcessRequest(RestRequest, Callback)}
* @throws Exception
*/
@Test
public void preProcessRequestTest() throws Exception {
RestMethod[] methods = new RestMethod[] { RestMethod.POST, RestMethod.GET, RestMethod.DELETE, RestMethod.HEAD, RestMethod.OPTIONS, RestMethod.PUT };
for (RestMethod restMethod : methods) {
// add a header that is prohibited
JSONObject headers = new JSONObject();
headers.put(RestUtils.InternalKeys.KEEP_ALIVE_ON_ERROR_HINT, true);
RestRequest restRequest = createRestRequest(restMethod, "/", headers);
try {
securityService.preProcessRequest(restRequest).get(1, TimeUnit.SECONDS);
Assert.fail("Should have failed because the request contains a prohibited header: " + RestUtils.InternalKeys.KEEP_ALIVE_ON_ERROR_HINT);
} catch (ExecutionException e) {
RestServiceException rse = (RestServiceException) Utils.getRootCause(e);
Assert.assertEquals("Should be a bad request", RestServiceErrorCode.BadRequest, rse.getErrorCode());
}
}
// verify request args regarding to tracking is set accordingly
RestRequest restRequest = createRestRequest(RestMethod.GET, "/", null);
securityService.preProcessRequest(restRequest).get();
Assert.assertTrue("The arg with key: ambry-internal-keys-send-tracking-info should be set to true", (Boolean) restRequest.getArgs().get(RestUtils.InternalKeys.SEND_TRACKING_INFO));
Properties properties = new Properties();
properties.setProperty("frontend.attach.tracking.info", "false");
FrontendConfig frontendConfig = new FrontendConfig(new VerifiableProperties(properties));
SecurityService securityServiceWithTrackingDisabled = new AmbrySecurityService(frontendConfig, new FrontendMetrics(new MetricRegistry()), URL_SIGNING_SERVICE_FACTORY.getUrlSigningService(), hostLevelThrottler, QUOTA_MANAGER);
restRequest = createRestRequest(RestMethod.GET, "/", null);
securityServiceWithTrackingDisabled.preProcessRequest(restRequest);
Assert.assertFalse("The arg with key: ambry-internal-keys-send-tracking-info should be set to false", (Boolean) restRequest.getArgs().get(RestUtils.InternalKeys.SEND_TRACKING_INFO));
}
use of com.github.ambry.config.FrontendConfig in project ambry by linkedin.
the class PostBlobHandlerTest method initPostBlobHandler.
// helpers
// general
/**
* Initates a {@link PostBlobHandler}
* @param properties the properties to use to init the {@link PostBlobHandler}
*/
private void initPostBlobHandler(Properties properties) {
VerifiableProperties verifiableProperties = new VerifiableProperties(properties);
frontendConfig = new FrontendConfig(verifiableProperties);
postBlobHandler = new PostBlobHandler(securityServiceFactory.getSecurityService(), idConverterFactory.getIdConverter(), idSigningService, router, injector, time, frontendConfig, metrics, CLUSTER_NAME, QUOTA_MANAGER);
}
use of com.github.ambry.config.FrontendConfig in project ambry by linkedin.
the class NamedBlobPutHandlerTest method initNamedBlobPutHandler.
/**
* Initates a {@link NamedBlobPutHandler}
* @param properties the properties to use to init the {@link NamedBlobPutHandler}
*/
private void initNamedBlobPutHandler(Properties properties) {
VerifiableProperties verifiableProperties = new VerifiableProperties(properties);
frontendConfig = new FrontendConfig(verifiableProperties);
namedBlobPutHandler = new NamedBlobPutHandler(securityServiceFactory.getSecurityService(), idConverterFactory.getIdConverter(), idSigningService, router, injector, frontendConfig, metrics, CLUSTER_NAME, QuotaTestUtils.createDummyQuotaManager());
}
use of com.github.ambry.config.FrontendConfig in project ambry by linkedin.
the class FrontendTestUrlSigningServiceFactory method injectAccountAndContainerForPutAndVerify.
/**
* Puts blobs and verify injected target {@link Account} and {@link Container}.
* @param container the {@link Container} to use.
* @param shouldAllowServiceIdBasedPut {@code true} if PUT requests with serviceId parsed as {@link Account} name is
* allowed; {@code false} otherwise.
* @throws Exception
*/
private void injectAccountAndContainerForPutAndVerify(Container container, boolean shouldAllowServiceIdBasedPut) throws Exception {
configProps.setProperty("frontend.allow.service.id.based.post.request", String.valueOf(shouldAllowServiceIdBasedPut));
verifiableProperties = new VerifiableProperties(configProps);
frontendConfig = new FrontendConfig(verifiableProperties);
accountAndContainerInjector = new AccountAndContainerInjector(accountService, frontendMetrics, frontendConfig);
ambryBlobStorageService = getAmbryBlobStorageService();
ambryBlobStorageService.start();
populateAccountService();
// should succeed when serviceId-based PUT requests are allowed.
postBlobAndVerifyWithAccountAndContainer(null, null, "serviceId", !container.isCacheable(), shouldAllowServiceIdBasedPut ? InMemAccountService.UNKNOWN_ACCOUNT : null, shouldAllowServiceIdBasedPut ? (container.isCacheable() ? Container.DEFAULT_PUBLIC_CONTAINER : Container.DEFAULT_PRIVATE_CONTAINER) : null, shouldAllowServiceIdBasedPut ? null : RestServiceErrorCode.BadRequest);
// should fail, because accountName needs to be specified.
postBlobAndVerifyWithAccountAndContainer(null, "dummyContainerName", "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
// should fail, because account name from serviceId could not be located in account service.
postBlobAndVerifyWithAccountAndContainer(null, Container.UNKNOWN_CONTAINER_NAME, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidContainer);
// should fail, because accountName needs to be specified.
postBlobAndVerifyWithAccountAndContainer(null, refContainer.getName(), "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
// should fail, because accountName is not allowed.
postBlobAndVerifyWithAccountAndContainer(Account.UNKNOWN_ACCOUNT_NAME, null, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
// should fail, because accountName is not allowed.
postBlobAndVerifyWithAccountAndContainer(Account.UNKNOWN_ACCOUNT_NAME, "dummyContainerName", "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
// should fail, because accountName is not allowed.
postBlobAndVerifyWithAccountAndContainer(Account.UNKNOWN_ACCOUNT_NAME, Container.UNKNOWN_CONTAINER_NAME, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
// should fail, because accountName is not allowed.
postBlobAndVerifyWithAccountAndContainer(Account.UNKNOWN_ACCOUNT_NAME, refContainer.getName(), "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
// should fail, because container name needs to be specified
postBlobAndVerifyWithAccountAndContainer(refAccount.getName(), null, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
// should fail, because containerName does not exist.
postBlobAndVerifyWithAccountAndContainer(refAccount.getName(), "dummyContainerName", "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidContainer);
// should fail, because containerName is not allowed.
postBlobAndVerifyWithAccountAndContainer(refAccount.getName(), Container.UNKNOWN_CONTAINER_NAME, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidContainer);
// should succeed.
String blobIdStr = postBlobAndVerifyWithAccountAndContainer(refAccount.getName(), refContainer.getName(), "serviceId", !container.isCacheable(), refAccount, refContainer, null);
// should succeed.
verifyAccountAndContainerFromBlobId(blobIdStr, refAccount, refContainer, null);
// should fail, because containerName needs to be specified.
postBlobAndVerifyWithAccountAndContainer("dummyAccountName", null, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
// should fail, because accountName does not exist.
postBlobAndVerifyWithAccountAndContainer("dummyAccountName", "dummyContainerName", "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
// should fail, because container name is now allowed.
postBlobAndVerifyWithAccountAndContainer("dummyAccountName", Container.UNKNOWN_CONTAINER_NAME, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidContainer);
// should fail, because accountName does not exist.
postBlobAndVerifyWithAccountAndContainer("dummyAccountName", refContainer.getName(), "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
// should fail, because accountName implicitly set by serviceId is not allowed.
postBlobAndVerifyWithAccountAndContainer(null, null, Account.UNKNOWN_ACCOUNT_NAME, !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
// should fail, because accountName implicitly set by serviceId is not allowed.
postBlobAndVerifyWithAccountAndContainer(null, "dummyContainerName", Account.UNKNOWN_ACCOUNT_NAME, !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
// should fail, because accountName implicitly set by serviceId is not allowed.
postBlobAndVerifyWithAccountAndContainer(null, Container.UNKNOWN_CONTAINER_NAME, Account.UNKNOWN_ACCOUNT_NAME, !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
// should fail, because accountName implicitly set by serviceId is not allowed.
postBlobAndVerifyWithAccountAndContainer(null, refContainer.getName(), Account.UNKNOWN_ACCOUNT_NAME, !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
// should succeed if the serviceId-based PUT requests are allowed, but this is a special case that account is
// created without the legacy containers for public and private put.
postBlobAndVerifyWithAccountAndContainer(null, null, refAccount.getName(), !container.isCacheable(), shouldAllowServiceIdBasedPut ? refAccount : null, shouldAllowServiceIdBasedPut ? (container.isCacheable() ? refDefaultPublicContainer : refDefaultPrivateContainer) : null, shouldAllowServiceIdBasedPut ? null : RestServiceErrorCode.BadRequest);
// should fail, because accountName needs to be specified.
postBlobAndVerifyWithAccountAndContainer(null, "dummyContainerName", refAccount.getName(), !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
// should fail, because accountName implicitly set by serviceId does not have the default container.
postBlobAndVerifyWithAccountAndContainer(null, Container.UNKNOWN_CONTAINER_NAME, refAccount.getName(), !container.isCacheable(), null, null, RestServiceErrorCode.InvalidContainer);
// should fail, because accountName needs to be specified.
postBlobAndVerifyWithAccountAndContainer(null, refContainer.getName(), refAccount.getName(), !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
Container legacyContainerForPublicBlob = new ContainerBuilder(Container.DEFAULT_PUBLIC_CONTAINER_ID, "containerForLegacyPublicPut", Container.ContainerStatus.ACTIVE, "This is a container for putting legacy public blob", false, false, false, false, refAccount.getId()).build();
Container legacyContainerForPrivateBlob = new ContainerBuilder(Container.DEFAULT_PRIVATE_CONTAINER_ID, "containerForLegacyPrivatePut", Container.ContainerStatus.ACTIVE, "This is a container for putting legacy private blob", false, false, true, false, refAccount.getId()).build();
Account accountWithTwoDefaultContainers = new AccountBuilder(refAccount).addOrUpdateContainer(legacyContainerForPrivateBlob).addOrUpdateContainer(legacyContainerForPublicBlob).build();
accountService.updateAccounts(Collections.singletonList(accountWithTwoDefaultContainers));
if (!container.isCacheable()) {
// should succeed if serviceId-based PUT requests are allowed.
postBlobAndVerifyWithAccountAndContainer(null, null, accountWithTwoDefaultContainers.getName(), !container.isCacheable(), shouldAllowServiceIdBasedPut ? accountWithTwoDefaultContainers : null, shouldAllowServiceIdBasedPut ? accountWithTwoDefaultContainers.getContainerById(Container.DEFAULT_PRIVATE_CONTAINER_ID) : null, shouldAllowServiceIdBasedPut ? null : RestServiceErrorCode.BadRequest);
// should fail, because accountName needs to be specified.
postBlobAndVerifyWithAccountAndContainer(null, "dummyContainerName", accountWithTwoDefaultContainers.getName(), !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
} else {
// should succeed if serviceId-based PUT requests are allowed.
postBlobAndVerifyWithAccountAndContainer(null, null, accountWithTwoDefaultContainers.getName(), !container.isCacheable(), shouldAllowServiceIdBasedPut ? accountWithTwoDefaultContainers : null, shouldAllowServiceIdBasedPut ? accountWithTwoDefaultContainers.getContainerById(Container.DEFAULT_PUBLIC_CONTAINER_ID) : null, shouldAllowServiceIdBasedPut ? null : RestServiceErrorCode.BadRequest);
// should fail, because accountName needs to be specified.
postBlobAndVerifyWithAccountAndContainer(null, "dummyContainerName", accountWithTwoDefaultContainers.getName(), !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
}
}
Aggregations