Search in sources :

Example 1 with FrontendConfig

use of com.github.ambry.config.FrontendConfig in project ambry by linkedin.

the class AmbrySecurityServiceTest method postProcessQuotaManagerTest.

/**
 * {@link AmbrySecurityService#postProcessRequest(RestRequest, Callback)})} should throw RestServiceException if rate
 * is more than expected. RestServiceErrorCode.TooManyRequests is expected in this case.
 */
@Test
public void postProcessQuotaManagerTest() throws Exception {
    HostLevelThrottler quotaManager = Mockito.mock(HostLevelThrottler.class);
    AmbrySecurityService ambrySecurityService = new AmbrySecurityService(new FrontendConfig(new VerifiableProperties(new Properties())), new FrontendMetrics(new MetricRegistry()), URL_SIGNING_SERVICE_FACTORY.getUrlSigningService(), quotaManager, QUOTA_MANAGER);
    // Everything should be good.
    Mockito.when(quotaManager.shouldThrottle(any())).thenReturn(false);
    for (int i = 0; i < 100; i++) {
        for (RestMethod restMethod : RestMethod.values()) {
            RestRequest restRequest = createRestRequest(restMethod, "/", null);
            ambrySecurityService.postProcessRequest(restRequest).get();
        }
    }
    // Requests should be denied.
    Mockito.when(quotaManager.shouldThrottle(any())).thenReturn(true);
    for (RestMethod restMethod : RestMethod.values()) {
        RestRequest restRequest = createRestRequest(restMethod, "/", null);
        try {
            ambrySecurityService.postProcessRequest(restRequest).get();
            Assert.fail("Should have failed.");
        } catch (Exception e) {
            Assert.assertEquals("Exception should be TooManyRequests", RestServiceErrorCode.TooManyRequests, ((RestServiceException) e.getCause()).getErrorCode());
        }
    }
}
Also used : RestServiceException(com.github.ambry.rest.RestServiceException) FrontendConfig(com.github.ambry.config.FrontendConfig) MockRestRequest(com.github.ambry.rest.MockRestRequest) RestRequest(com.github.ambry.rest.RestRequest) VerifiableProperties(com.github.ambry.config.VerifiableProperties) HostLevelThrottler(com.github.ambry.commons.HostLevelThrottler) MetricRegistry(com.codahale.metrics.MetricRegistry) BlobProperties(com.github.ambry.messageformat.BlobProperties) Properties(java.util.Properties) VerifiableProperties(com.github.ambry.config.VerifiableProperties) URISyntaxException(java.net.URISyntaxException) JSONException(org.json.JSONException) RestServiceException(com.github.ambry.rest.RestServiceException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IOException(java.io.IOException) ExecutionException(java.util.concurrent.ExecutionException) RestMethod(com.github.ambry.rest.RestMethod) Test(org.junit.Test)

Example 2 with FrontendConfig

use of com.github.ambry.config.FrontendConfig in project ambry by linkedin.

the class AmbrySecurityServiceTest method preProcessRequestTest.

/**
 * Tests for {@link AmbrySecurityService#preProcessRequest(RestRequest, Callback)}
 * @throws Exception
 */
@Test
public void preProcessRequestTest() throws Exception {
    RestMethod[] methods = new RestMethod[] { RestMethod.POST, RestMethod.GET, RestMethod.DELETE, RestMethod.HEAD, RestMethod.OPTIONS, RestMethod.PUT };
    for (RestMethod restMethod : methods) {
        // add a header that is prohibited
        JSONObject headers = new JSONObject();
        headers.put(RestUtils.InternalKeys.KEEP_ALIVE_ON_ERROR_HINT, true);
        RestRequest restRequest = createRestRequest(restMethod, "/", headers);
        try {
            securityService.preProcessRequest(restRequest).get(1, TimeUnit.SECONDS);
            Assert.fail("Should have failed because the request contains a prohibited header: " + RestUtils.InternalKeys.KEEP_ALIVE_ON_ERROR_HINT);
        } catch (ExecutionException e) {
            RestServiceException rse = (RestServiceException) Utils.getRootCause(e);
            Assert.assertEquals("Should be a bad request", RestServiceErrorCode.BadRequest, rse.getErrorCode());
        }
    }
    // verify request args regarding to tracking is set accordingly
    RestRequest restRequest = createRestRequest(RestMethod.GET, "/", null);
    securityService.preProcessRequest(restRequest).get();
    Assert.assertTrue("The arg with key: ambry-internal-keys-send-tracking-info should be set to true", (Boolean) restRequest.getArgs().get(RestUtils.InternalKeys.SEND_TRACKING_INFO));
    Properties properties = new Properties();
    properties.setProperty("frontend.attach.tracking.info", "false");
    FrontendConfig frontendConfig = new FrontendConfig(new VerifiableProperties(properties));
    SecurityService securityServiceWithTrackingDisabled = new AmbrySecurityService(frontendConfig, new FrontendMetrics(new MetricRegistry()), URL_SIGNING_SERVICE_FACTORY.getUrlSigningService(), hostLevelThrottler, QUOTA_MANAGER);
    restRequest = createRestRequest(RestMethod.GET, "/", null);
    securityServiceWithTrackingDisabled.preProcessRequest(restRequest);
    Assert.assertFalse("The arg with key: ambry-internal-keys-send-tracking-info should be set to false", (Boolean) restRequest.getArgs().get(RestUtils.InternalKeys.SEND_TRACKING_INFO));
}
Also used : VerifiableProperties(com.github.ambry.config.VerifiableProperties) MetricRegistry(com.codahale.metrics.MetricRegistry) BlobProperties(com.github.ambry.messageformat.BlobProperties) Properties(java.util.Properties) VerifiableProperties(com.github.ambry.config.VerifiableProperties) RestServiceException(com.github.ambry.rest.RestServiceException) FrontendConfig(com.github.ambry.config.FrontendConfig) MockRestRequest(com.github.ambry.rest.MockRestRequest) RestRequest(com.github.ambry.rest.RestRequest) JSONObject(org.json.JSONObject) ExecutionException(java.util.concurrent.ExecutionException) RestMethod(com.github.ambry.rest.RestMethod) Test(org.junit.Test)

Example 3 with FrontendConfig

use of com.github.ambry.config.FrontendConfig in project ambry by linkedin.

the class PostBlobHandlerTest method initPostBlobHandler.

// helpers
// general
/**
 * Initates a {@link PostBlobHandler}
 * @param properties the properties to use to init the {@link PostBlobHandler}
 */
private void initPostBlobHandler(Properties properties) {
    VerifiableProperties verifiableProperties = new VerifiableProperties(properties);
    frontendConfig = new FrontendConfig(verifiableProperties);
    postBlobHandler = new PostBlobHandler(securityServiceFactory.getSecurityService(), idConverterFactory.getIdConverter(), idSigningService, router, injector, time, frontendConfig, metrics, CLUSTER_NAME, QUOTA_MANAGER);
}
Also used : FrontendConfig(com.github.ambry.config.FrontendConfig) VerifiableProperties(com.github.ambry.config.VerifiableProperties)

Example 4 with FrontendConfig

use of com.github.ambry.config.FrontendConfig in project ambry by linkedin.

the class NamedBlobPutHandlerTest method initNamedBlobPutHandler.

/**
 * Initates a {@link NamedBlobPutHandler}
 * @param properties the properties to use to init the {@link NamedBlobPutHandler}
 */
private void initNamedBlobPutHandler(Properties properties) {
    VerifiableProperties verifiableProperties = new VerifiableProperties(properties);
    frontendConfig = new FrontendConfig(verifiableProperties);
    namedBlobPutHandler = new NamedBlobPutHandler(securityServiceFactory.getSecurityService(), idConverterFactory.getIdConverter(), idSigningService, router, injector, frontendConfig, metrics, CLUSTER_NAME, QuotaTestUtils.createDummyQuotaManager());
}
Also used : FrontendConfig(com.github.ambry.config.FrontendConfig) VerifiableProperties(com.github.ambry.config.VerifiableProperties)

Example 5 with FrontendConfig

use of com.github.ambry.config.FrontendConfig in project ambry by linkedin.

the class FrontendTestUrlSigningServiceFactory method injectAccountAndContainerForPutAndVerify.

/**
 * Puts blobs and verify injected target {@link Account} and {@link Container}.
 * @param container the {@link Container} to use.
 * @param shouldAllowServiceIdBasedPut {@code true} if PUT requests with serviceId parsed as {@link Account} name is
 *                                                 allowed; {@code false} otherwise.
 * @throws Exception
 */
private void injectAccountAndContainerForPutAndVerify(Container container, boolean shouldAllowServiceIdBasedPut) throws Exception {
    configProps.setProperty("frontend.allow.service.id.based.post.request", String.valueOf(shouldAllowServiceIdBasedPut));
    verifiableProperties = new VerifiableProperties(configProps);
    frontendConfig = new FrontendConfig(verifiableProperties);
    accountAndContainerInjector = new AccountAndContainerInjector(accountService, frontendMetrics, frontendConfig);
    ambryBlobStorageService = getAmbryBlobStorageService();
    ambryBlobStorageService.start();
    populateAccountService();
    // should succeed when serviceId-based PUT requests are allowed.
    postBlobAndVerifyWithAccountAndContainer(null, null, "serviceId", !container.isCacheable(), shouldAllowServiceIdBasedPut ? InMemAccountService.UNKNOWN_ACCOUNT : null, shouldAllowServiceIdBasedPut ? (container.isCacheable() ? Container.DEFAULT_PUBLIC_CONTAINER : Container.DEFAULT_PRIVATE_CONTAINER) : null, shouldAllowServiceIdBasedPut ? null : RestServiceErrorCode.BadRequest);
    // should fail, because accountName needs to be specified.
    postBlobAndVerifyWithAccountAndContainer(null, "dummyContainerName", "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
    // should fail, because account name from serviceId could not be located in account service.
    postBlobAndVerifyWithAccountAndContainer(null, Container.UNKNOWN_CONTAINER_NAME, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidContainer);
    // should fail, because accountName needs to be specified.
    postBlobAndVerifyWithAccountAndContainer(null, refContainer.getName(), "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
    // should fail, because accountName is not allowed.
    postBlobAndVerifyWithAccountAndContainer(Account.UNKNOWN_ACCOUNT_NAME, null, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should fail, because accountName is not allowed.
    postBlobAndVerifyWithAccountAndContainer(Account.UNKNOWN_ACCOUNT_NAME, "dummyContainerName", "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should fail, because accountName is not allowed.
    postBlobAndVerifyWithAccountAndContainer(Account.UNKNOWN_ACCOUNT_NAME, Container.UNKNOWN_CONTAINER_NAME, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should fail, because accountName is not allowed.
    postBlobAndVerifyWithAccountAndContainer(Account.UNKNOWN_ACCOUNT_NAME, refContainer.getName(), "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should fail, because container name needs to be specified
    postBlobAndVerifyWithAccountAndContainer(refAccount.getName(), null, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
    // should fail, because containerName does not exist.
    postBlobAndVerifyWithAccountAndContainer(refAccount.getName(), "dummyContainerName", "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidContainer);
    // should fail, because containerName is not allowed.
    postBlobAndVerifyWithAccountAndContainer(refAccount.getName(), Container.UNKNOWN_CONTAINER_NAME, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidContainer);
    // should succeed.
    String blobIdStr = postBlobAndVerifyWithAccountAndContainer(refAccount.getName(), refContainer.getName(), "serviceId", !container.isCacheable(), refAccount, refContainer, null);
    // should succeed.
    verifyAccountAndContainerFromBlobId(blobIdStr, refAccount, refContainer, null);
    // should fail, because containerName needs to be specified.
    postBlobAndVerifyWithAccountAndContainer("dummyAccountName", null, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
    // should fail, because accountName does not exist.
    postBlobAndVerifyWithAccountAndContainer("dummyAccountName", "dummyContainerName", "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should fail, because container name is now allowed.
    postBlobAndVerifyWithAccountAndContainer("dummyAccountName", Container.UNKNOWN_CONTAINER_NAME, "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidContainer);
    // should fail, because accountName does not exist.
    postBlobAndVerifyWithAccountAndContainer("dummyAccountName", refContainer.getName(), "serviceId", !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should fail, because accountName implicitly set by serviceId is not allowed.
    postBlobAndVerifyWithAccountAndContainer(null, null, Account.UNKNOWN_ACCOUNT_NAME, !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should fail, because accountName implicitly set by serviceId is not allowed.
    postBlobAndVerifyWithAccountAndContainer(null, "dummyContainerName", Account.UNKNOWN_ACCOUNT_NAME, !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should fail, because accountName implicitly set by serviceId is not allowed.
    postBlobAndVerifyWithAccountAndContainer(null, Container.UNKNOWN_CONTAINER_NAME, Account.UNKNOWN_ACCOUNT_NAME, !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should fail, because accountName implicitly set by serviceId is not allowed.
    postBlobAndVerifyWithAccountAndContainer(null, refContainer.getName(), Account.UNKNOWN_ACCOUNT_NAME, !container.isCacheable(), null, null, RestServiceErrorCode.InvalidAccount);
    // should succeed if the serviceId-based PUT requests are allowed, but this is a special case that account is
    // created without the legacy containers for public and private put.
    postBlobAndVerifyWithAccountAndContainer(null, null, refAccount.getName(), !container.isCacheable(), shouldAllowServiceIdBasedPut ? refAccount : null, shouldAllowServiceIdBasedPut ? (container.isCacheable() ? refDefaultPublicContainer : refDefaultPrivateContainer) : null, shouldAllowServiceIdBasedPut ? null : RestServiceErrorCode.BadRequest);
    // should fail, because accountName needs to be specified.
    postBlobAndVerifyWithAccountAndContainer(null, "dummyContainerName", refAccount.getName(), !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
    // should fail, because accountName implicitly set by serviceId does not have the default container.
    postBlobAndVerifyWithAccountAndContainer(null, Container.UNKNOWN_CONTAINER_NAME, refAccount.getName(), !container.isCacheable(), null, null, RestServiceErrorCode.InvalidContainer);
    // should fail, because accountName needs to be specified.
    postBlobAndVerifyWithAccountAndContainer(null, refContainer.getName(), refAccount.getName(), !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
    Container legacyContainerForPublicBlob = new ContainerBuilder(Container.DEFAULT_PUBLIC_CONTAINER_ID, "containerForLegacyPublicPut", Container.ContainerStatus.ACTIVE, "This is a container for putting legacy public blob", false, false, false, false, refAccount.getId()).build();
    Container legacyContainerForPrivateBlob = new ContainerBuilder(Container.DEFAULT_PRIVATE_CONTAINER_ID, "containerForLegacyPrivatePut", Container.ContainerStatus.ACTIVE, "This is a container for putting legacy private blob", false, false, true, false, refAccount.getId()).build();
    Account accountWithTwoDefaultContainers = new AccountBuilder(refAccount).addOrUpdateContainer(legacyContainerForPrivateBlob).addOrUpdateContainer(legacyContainerForPublicBlob).build();
    accountService.updateAccounts(Collections.singletonList(accountWithTwoDefaultContainers));
    if (!container.isCacheable()) {
        // should succeed if serviceId-based PUT requests are allowed.
        postBlobAndVerifyWithAccountAndContainer(null, null, accountWithTwoDefaultContainers.getName(), !container.isCacheable(), shouldAllowServiceIdBasedPut ? accountWithTwoDefaultContainers : null, shouldAllowServiceIdBasedPut ? accountWithTwoDefaultContainers.getContainerById(Container.DEFAULT_PRIVATE_CONTAINER_ID) : null, shouldAllowServiceIdBasedPut ? null : RestServiceErrorCode.BadRequest);
        // should fail, because accountName needs to be specified.
        postBlobAndVerifyWithAccountAndContainer(null, "dummyContainerName", accountWithTwoDefaultContainers.getName(), !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
    } else {
        // should succeed if serviceId-based PUT requests are allowed.
        postBlobAndVerifyWithAccountAndContainer(null, null, accountWithTwoDefaultContainers.getName(), !container.isCacheable(), shouldAllowServiceIdBasedPut ? accountWithTwoDefaultContainers : null, shouldAllowServiceIdBasedPut ? accountWithTwoDefaultContainers.getContainerById(Container.DEFAULT_PUBLIC_CONTAINER_ID) : null, shouldAllowServiceIdBasedPut ? null : RestServiceErrorCode.BadRequest);
        // should fail, because accountName needs to be specified.
        postBlobAndVerifyWithAccountAndContainer(null, "dummyContainerName", accountWithTwoDefaultContainers.getName(), !container.isCacheable(), null, null, RestServiceErrorCode.MissingArgs);
    }
}
Also used : FrontendConfig(com.github.ambry.config.FrontendConfig) Account(com.github.ambry.account.Account) Container(com.github.ambry.account.Container) ContainerBuilder(com.github.ambry.account.ContainerBuilder) VerifiableProperties(com.github.ambry.config.VerifiableProperties) AccountBuilder(com.github.ambry.account.AccountBuilder)

Aggregations

FrontendConfig (com.github.ambry.config.FrontendConfig)7 VerifiableProperties (com.github.ambry.config.VerifiableProperties)7 MetricRegistry (com.codahale.metrics.MetricRegistry)2 Account (com.github.ambry.account.Account)2 AccountBuilder (com.github.ambry.account.AccountBuilder)2 Container (com.github.ambry.account.Container)2 ContainerBuilder (com.github.ambry.account.ContainerBuilder)2 BlobProperties (com.github.ambry.messageformat.BlobProperties)2 MockRestRequest (com.github.ambry.rest.MockRestRequest)2 RestMethod (com.github.ambry.rest.RestMethod)2 RestRequest (com.github.ambry.rest.RestRequest)2 RestServiceException (com.github.ambry.rest.RestServiceException)2 Properties (java.util.Properties)2 ExecutionException (java.util.concurrent.ExecutionException)2 Test (org.junit.Test)2 HostLevelThrottler (com.github.ambry.commons.HostLevelThrottler)1 IOException (java.io.IOException)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 URISyntaxException (java.net.URISyntaxException)1 JSONException (org.json.JSONException)1