Search in sources :

Example 1 with AuthorizationManager

use of com.yahoo.pulsar.broker.authorization.AuthorizationManager in project pulsar by yahoo.

the class ProxyAuthorizationTest method test.

@Test
public void test() throws Exception {
    AuthorizationManager auth = service.getAuthorizationManager();
    assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), false);
    admin.clusters().createCluster("c1", new ClusterData());
    admin.properties().createProperty("p1", new PropertyAdmin(Lists.newArrayList("role1"), Sets.newHashSet("c1")));
    waitForChange();
    admin.namespaces().createNamespace("p1/c1/ns1");
    waitForChange();
    assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), false);
    admin.namespaces().grantPermissionOnNamespace("p1/c1/ns1", "my-role", EnumSet.of(AuthAction.produce));
    waitForChange();
    assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
    assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
    admin.persistentTopics().grantPermission("persistent://p1/c1/ns1/ds2", "other-role", EnumSet.of(AuthAction.consume));
    waitForChange();
    assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds2"), "other-role"), true);
    assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
    assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds2"), "other-role"), false);
    assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds2"), "other-role"), true);
    assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds2"), "no-access-role"), false);
    assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "no-access-role"), false);
    admin.namespaces().grantPermissionOnNamespace("p1/c1/ns1", "my-role", EnumSet.allOf(AuthAction.class));
    waitForChange();
    assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
    assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
    admin.namespaces().deleteNamespace("p1/c1/ns1");
    admin.properties().deleteProperty("p1");
    admin.clusters().deleteCluster("c1");
}
Also used : ClusterData(com.yahoo.pulsar.common.policies.data.ClusterData) PropertyAdmin(com.yahoo.pulsar.common.policies.data.PropertyAdmin) AuthorizationManager(com.yahoo.pulsar.broker.authorization.AuthorizationManager) AuthAction(com.yahoo.pulsar.common.policies.data.AuthAction) MockedPulsarServiceBaseTest(com.yahoo.pulsar.broker.auth.MockedPulsarServiceBaseTest) Test(org.testng.annotations.Test)

Example 2 with AuthorizationManager

use of com.yahoo.pulsar.broker.authorization.AuthorizationManager in project pulsar by yahoo.

the class ServerCnxTest method testProducerCommandWithAuthorizationNegative.

public void testProducerCommandWithAuthorizationNegative() throws Exception {
    AuthorizationManager authorizationManager = mock(AuthorizationManager.class);
    doReturn(CompletableFuture.completedFuture(false)).when(authorizationManager).canProduceAsync(Mockito.any(), Mockito.any());
    doReturn(authorizationManager).when(brokerService).getAuthorizationManager();
    doReturn(true).when(brokerService).isAuthenticationEnabled();
    doReturn(true).when(brokerService).isAuthorizationEnabled();
    doReturn("prod1").when(brokerService).generateUniqueProducerName();
    resetChannel();
    setChannelConnected();
    ByteBuf clientCommand = Commands.newProducer(successTopicName, 1, /* producer id */
    1, /* request id */
    null);
    channel.writeInbound(clientCommand);
    assertTrue(getResponse() instanceof CommandError);
    channel.finish();
}
Also used : AuthorizationManager(com.yahoo.pulsar.broker.authorization.AuthorizationManager) CommandError(com.yahoo.pulsar.common.api.proto.PulsarApi.CommandError) ByteBuf(io.netty.buffer.ByteBuf)

Example 3 with AuthorizationManager

use of com.yahoo.pulsar.broker.authorization.AuthorizationManager in project pulsar by yahoo.

the class ServerCnxTest method testSubscribeCommandWithAuthorizationPositive.

@Test(timeOut = 30000)
public void testSubscribeCommandWithAuthorizationPositive() throws Exception {
    AuthorizationManager authorizationManager = mock(AuthorizationManager.class);
    doReturn(CompletableFuture.completedFuture(true)).when(authorizationManager).canConsumeAsync(Mockito.any(), Mockito.any());
    doReturn(authorizationManager).when(brokerService).getAuthorizationManager();
    doReturn(true).when(brokerService).isAuthenticationEnabled();
    doReturn(true).when(brokerService).isAuthorizationEnabled();
    resetChannel();
    setChannelConnected();
    // test SUBSCRIBE on topic and cursor creation success
    ByteBuf clientCommand = //
    Commands.newSubscribe(//
    successTopicName, successSubName, 1, /* consumer id */
    1, /* request id */
    SubType.Exclusive, 0, "test");
    channel.writeInbound(clientCommand);
    assertTrue(getResponse() instanceof CommandSuccess);
    channel.finish();
}
Also used : CommandSuccess(com.yahoo.pulsar.common.api.proto.PulsarApi.CommandSuccess) AuthorizationManager(com.yahoo.pulsar.broker.authorization.AuthorizationManager) ByteBuf(io.netty.buffer.ByteBuf) Test(org.testng.annotations.Test)

Example 4 with AuthorizationManager

use of com.yahoo.pulsar.broker.authorization.AuthorizationManager in project pulsar by yahoo.

the class ServerCnxTest method testClusterAccess.

@Test(timeOut = 30000)
public void testClusterAccess() throws Exception {
    AuthorizationManager authorizationManager = spy(new AuthorizationManager(svcConfig, configCacheService));
    doReturn(authorizationManager).when(brokerService).getAuthorizationManager();
    doReturn(true).when(brokerService).isAuthorizationEnabled();
    doReturn(false).when(authorizationManager).isSuperUser(Mockito.anyString());
    doReturn(CompletableFuture.completedFuture(true)).when(authorizationManager).checkPermission(any(DestinationName.class), Mockito.anyString(), any(AuthAction.class));
    resetChannel();
    setChannelConnected();
    ByteBuf clientCommand = Commands.newProducer(successTopicName, 1, /* producer id */
    1, /* request id */
    "prod-name");
    channel.writeInbound(clientCommand);
    assertTrue(getResponse() instanceof CommandProducerSuccess);
    resetChannel();
    setChannelConnected();
    clientCommand = Commands.newProducer(topicWithNonLocalCluster, 1, /* producer id */
    1, /* request id */
    "prod-name");
    channel.writeInbound(clientCommand);
    assertTrue(getResponse() instanceof CommandError);
}
Also used : DestinationName(com.yahoo.pulsar.common.naming.DestinationName) CommandProducerSuccess(com.yahoo.pulsar.common.api.proto.PulsarApi.CommandProducerSuccess) AuthorizationManager(com.yahoo.pulsar.broker.authorization.AuthorizationManager) CommandError(com.yahoo.pulsar.common.api.proto.PulsarApi.CommandError) ByteBuf(io.netty.buffer.ByteBuf) AuthAction(com.yahoo.pulsar.common.policies.data.AuthAction) Test(org.testng.annotations.Test)

Example 5 with AuthorizationManager

use of com.yahoo.pulsar.broker.authorization.AuthorizationManager in project pulsar by yahoo.

the class WebSocketService method start.

public void start() throws PulsarServerException, PulsarClientException, MalformedURLException, ServletException, DeploymentException {
    if (isNotBlank(config.getGlobalZookeeperServers())) {
        this.globalZkCache = new GlobalZooKeeperCache(getZooKeeperClientFactory(), (int) config.getZooKeeperSessionTimeoutMillis(), config.getGlobalZookeeperServers(), this.orderedExecutor, this.executor);
        try {
            this.globalZkCache.start();
        } catch (IOException e) {
            throw new PulsarServerException(e);
        }
        this.configurationCacheService = new ConfigurationCacheService(getGlobalZkCache());
        log.info("Global Zookeeper cache started");
    }
    // start authorizationManager
    if (config.isAuthorizationEnabled()) {
        if (configurationCacheService == null) {
            throw new PulsarServerException("Failed to initialize authorization manager due to empty GlobalZookeeperServers");
        }
        authorizationManager = new AuthorizationManager(this.config, configurationCacheService);
    }
    // start authentication service
    authenticationService = new AuthenticationService(this.config);
    log.info("Pulsar WebSocket Service started");
}
Also used : PulsarServerException(com.yahoo.pulsar.broker.PulsarServerException) GlobalZooKeeperCache(com.yahoo.pulsar.zookeeper.GlobalZooKeeperCache) ConfigurationCacheService(com.yahoo.pulsar.broker.cache.ConfigurationCacheService) IOException(java.io.IOException) AuthorizationManager(com.yahoo.pulsar.broker.authorization.AuthorizationManager) AuthenticationService(com.yahoo.pulsar.broker.authentication.AuthenticationService)

Aggregations

AuthorizationManager (com.yahoo.pulsar.broker.authorization.AuthorizationManager)11 Test (org.testng.annotations.Test)8 ByteBuf (io.netty.buffer.ByteBuf)7 CommandError (com.yahoo.pulsar.common.api.proto.PulsarApi.CommandError)4 ConfigurationCacheService (com.yahoo.pulsar.broker.cache.ConfigurationCacheService)3 AuthAction (com.yahoo.pulsar.common.policies.data.AuthAction)3 AuthenticationService (com.yahoo.pulsar.broker.authentication.AuthenticationService)2 PersistentTopic (com.yahoo.pulsar.broker.service.persistent.PersistentTopic)2 CommandProducerSuccess (com.yahoo.pulsar.common.api.proto.PulsarApi.CommandProducerSuccess)2 CommandSuccess (com.yahoo.pulsar.common.api.proto.PulsarApi.CommandSuccess)2 ClusterData (com.yahoo.pulsar.common.policies.data.ClusterData)2 PropertyAdmin (com.yahoo.pulsar.common.policies.data.PropertyAdmin)2 PulsarServerException (com.yahoo.pulsar.broker.PulsarServerException)1 ServiceConfiguration (com.yahoo.pulsar.broker.ServiceConfiguration)1 MockedPulsarServiceBaseTest (com.yahoo.pulsar.broker.auth.MockedPulsarServiceBaseTest)1 DestinationName (com.yahoo.pulsar.common.naming.DestinationName)1 Policies (com.yahoo.pulsar.common.policies.data.Policies)1 GlobalZooKeeperCache (com.yahoo.pulsar.zookeeper.GlobalZooKeeperCache)1 IOException (java.io.IOException)1