Example 1 with AuthorizationManager
use of com.yahoo.pulsar.broker.authorization.AuthorizationManager in project pulsar by yahoo.
the class ProxyAuthorizationTest method test.
@Test
public void test() throws Exception {
AuthorizationManager auth = service.getAuthorizationManager();
assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), false);
admin.clusters().createCluster("c1", new ClusterData());
admin.properties().createProperty("p1", new PropertyAdmin(Lists.newArrayList("role1"), Sets.newHashSet("c1")));
waitForChange();
admin.namespaces().createNamespace("p1/c1/ns1");
waitForChange();
assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), false);
admin.namespaces().grantPermissionOnNamespace("p1/c1/ns1", "my-role", EnumSet.of(AuthAction.produce));
waitForChange();
assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
admin.persistentTopics().grantPermission("persistent://p1/c1/ns1/ds2", "other-role", EnumSet.of(AuthAction.consume));
waitForChange();
assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds2"), "other-role"), true);
assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds2"), "other-role"), false);
assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds2"), "other-role"), true);
assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds2"), "no-access-role"), false);
assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "no-access-role"), false);
admin.namespaces().grantPermissionOnNamespace("p1/c1/ns1", "my-role", EnumSet.allOf(AuthAction.class));
waitForChange();
assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
admin.namespaces().deleteNamespace("p1/c1/ns1");
admin.properties().deleteProperty("p1");
admin.clusters().deleteCluster("c1");
}
Also used :
ClusterData(com.yahoo.pulsar.common.policies.data.ClusterData)
PropertyAdmin(com.yahoo.pulsar.common.policies.data.PropertyAdmin)
AuthorizationManager(com.yahoo.pulsar.broker.authorization.AuthorizationManager)
AuthAction(com.yahoo.pulsar.common.policies.data.AuthAction)
MockedPulsarServiceBaseTest(com.yahoo.pulsar.broker.auth.MockedPulsarServiceBaseTest)
Test(org.testng.annotations.Test)
Example 2 with AuthorizationManager
use of com.yahoo.pulsar.broker.authorization.AuthorizationManager in project pulsar by yahoo.
the class ServerCnxTest method testProducerCommandWithAuthorizationNegative.
public void testProducerCommandWithAuthorizationNegative() throws Exception {
AuthorizationManager authorizationManager = mock(AuthorizationManager.class);
doReturn(CompletableFuture.completedFuture(false)).when(authorizationManager).canProduceAsync(Mockito.any(), Mockito.any());
doReturn(authorizationManager).when(brokerService).getAuthorizationManager();
doReturn(true).when(brokerService).isAuthenticationEnabled();
doReturn(true).when(brokerService).isAuthorizationEnabled();
doReturn("prod1").when(brokerService).generateUniqueProducerName();
resetChannel();
setChannelConnected();
ByteBuf clientCommand = Commands.newProducer(successTopicName, 1, /* producer id */
1, /* request id */
null);
channel.writeInbound(clientCommand);
assertTrue(getResponse() instanceof CommandError);
channel.finish();
}
Also used :
AuthorizationManager(com.yahoo.pulsar.broker.authorization.AuthorizationManager)
CommandError(com.yahoo.pulsar.common.api.proto.PulsarApi.CommandError)
ByteBuf(io.netty.buffer.ByteBuf)
Example 3 with AuthorizationManager
use of com.yahoo.pulsar.broker.authorization.AuthorizationManager in project pulsar by yahoo.
the class ServerCnxTest method testSubscribeCommandWithAuthorizationPositive.
@Test(timeOut = 30000)
public void testSubscribeCommandWithAuthorizationPositive() throws Exception {
AuthorizationManager authorizationManager = mock(AuthorizationManager.class);
doReturn(CompletableFuture.completedFuture(true)).when(authorizationManager).canConsumeAsync(Mockito.any(), Mockito.any());
doReturn(authorizationManager).when(brokerService).getAuthorizationManager();
doReturn(true).when(brokerService).isAuthenticationEnabled();
doReturn(true).when(brokerService).isAuthorizationEnabled();
resetChannel();
setChannelConnected();
// test SUBSCRIBE on topic and cursor creation success
ByteBuf clientCommand = //
Commands.newSubscribe(//
successTopicName, successSubName, 1, /* consumer id */
1, /* request id */
SubType.Exclusive, 0, "test");
channel.writeInbound(clientCommand);
assertTrue(getResponse() instanceof CommandSuccess);
channel.finish();
}
Also used :
CommandSuccess(com.yahoo.pulsar.common.api.proto.PulsarApi.CommandSuccess)
AuthorizationManager(com.yahoo.pulsar.broker.authorization.AuthorizationManager)
ByteBuf(io.netty.buffer.ByteBuf)
Test(org.testng.annotations.Test)
Example 4 with AuthorizationManager
use of com.yahoo.pulsar.broker.authorization.AuthorizationManager in project pulsar by yahoo.
the class ServerCnxTest method testClusterAccess.
@Test(timeOut = 30000)
public void testClusterAccess() throws Exception {
AuthorizationManager authorizationManager = spy(new AuthorizationManager(svcConfig, configCacheService));
doReturn(authorizationManager).when(brokerService).getAuthorizationManager();
doReturn(true).when(brokerService).isAuthorizationEnabled();
doReturn(false).when(authorizationManager).isSuperUser(Mockito.anyString());
doReturn(CompletableFuture.completedFuture(true)).when(authorizationManager).checkPermission(any(DestinationName.class), Mockito.anyString(), any(AuthAction.class));
resetChannel();
setChannelConnected();
ByteBuf clientCommand = Commands.newProducer(successTopicName, 1, /* producer id */
1, /* request id */
"prod-name");
channel.writeInbound(clientCommand);
assertTrue(getResponse() instanceof CommandProducerSuccess);
resetChannel();
setChannelConnected();
clientCommand = Commands.newProducer(topicWithNonLocalCluster, 1, /* producer id */
1, /* request id */
"prod-name");
channel.writeInbound(clientCommand);
assertTrue(getResponse() instanceof CommandError);
}
Also used :
DestinationName(com.yahoo.pulsar.common.naming.DestinationName)
CommandProducerSuccess(com.yahoo.pulsar.common.api.proto.PulsarApi.CommandProducerSuccess)
AuthorizationManager(com.yahoo.pulsar.broker.authorization.AuthorizationManager)
CommandError(com.yahoo.pulsar.common.api.proto.PulsarApi.CommandError)
ByteBuf(io.netty.buffer.ByteBuf)
AuthAction(com.yahoo.pulsar.common.policies.data.AuthAction)
Test(org.testng.annotations.Test)
Example 5 with AuthorizationManager
use of com.yahoo.pulsar.broker.authorization.AuthorizationManager in project pulsar by yahoo.
the class WebSocketService method start.
public void start() throws PulsarServerException, PulsarClientException, MalformedURLException, ServletException, DeploymentException {
if (isNotBlank(config.getGlobalZookeeperServers())) {
this.globalZkCache = new GlobalZooKeeperCache(getZooKeeperClientFactory(), (int) config.getZooKeeperSessionTimeoutMillis(), config.getGlobalZookeeperServers(), this.orderedExecutor, this.executor);
try {
this.globalZkCache.start();
} catch (IOException e) {
throw new PulsarServerException(e);
}
this.configurationCacheService = new ConfigurationCacheService(getGlobalZkCache());
log.info("Global Zookeeper cache started");
}
// start authorizationManager
if (config.isAuthorizationEnabled()) {
if (configurationCacheService == null) {
throw new PulsarServerException("Failed to initialize authorization manager due to empty GlobalZookeeperServers");
}
authorizationManager = new AuthorizationManager(this.config, configurationCacheService);
}
// start authentication service
authenticationService = new AuthenticationService(this.config);
log.info("Pulsar WebSocket Service started");
}
Also used :
PulsarServerException(com.yahoo.pulsar.broker.PulsarServerException)
GlobalZooKeeperCache(com.yahoo.pulsar.zookeeper.GlobalZooKeeperCache)
ConfigurationCacheService(com.yahoo.pulsar.broker.cache.ConfigurationCacheService)
IOException(java.io.IOException)
AuthorizationManager(com.yahoo.pulsar.broker.authorization.AuthorizationManager)
AuthenticationService(com.yahoo.pulsar.broker.authentication.AuthenticationService)
Aggregations
AuthorizationManager (com.yahoo.pulsar.broker.authorization.AuthorizationManager)11
Test (org.testng.annotations.Test)8
ByteBuf (io.netty.buffer.ByteBuf)7
CommandError (com.yahoo.pulsar.common.api.proto.PulsarApi.CommandError)4
ConfigurationCacheService (com.yahoo.pulsar.broker.cache.ConfigurationCacheService)3
AuthAction (com.yahoo.pulsar.common.policies.data.AuthAction)3
AuthenticationService (com.yahoo.pulsar.broker.authentication.AuthenticationService)2
PersistentTopic (com.yahoo.pulsar.broker.service.persistent.PersistentTopic)2
CommandProducerSuccess (com.yahoo.pulsar.common.api.proto.PulsarApi.CommandProducerSuccess)2
CommandSuccess (com.yahoo.pulsar.common.api.proto.PulsarApi.CommandSuccess)2
ClusterData (com.yahoo.pulsar.common.policies.data.ClusterData)2
PropertyAdmin (com.yahoo.pulsar.common.policies.data.PropertyAdmin)2
PulsarServerException (com.yahoo.pulsar.broker.PulsarServerException)1
ServiceConfiguration (com.yahoo.pulsar.broker.ServiceConfiguration)1
MockedPulsarServiceBaseTest (com.yahoo.pulsar.broker.auth.MockedPulsarServiceBaseTest)1
DestinationName (com.yahoo.pulsar.common.naming.DestinationName)1
Policies (com.yahoo.pulsar.common.policies.data.Policies)1
GlobalZooKeeperCache (com.yahoo.pulsar.zookeeper.GlobalZooKeeperCache)1
IOException (java.io.IOException)1
