Search in sources :

Example 11 with AuthorizationManager

use of com.yahoo.pulsar.broker.authorization.AuthorizationManager in project pulsar by yahoo.

the class AuthorizationTest method simple.

@Test
void simple() throws Exception {
    AuthorizationManager auth = pulsar.getBrokerService().getAuthorizationManager();
    assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), false);
    admin.clusters().createCluster("c1", new ClusterData());
    admin.properties().createProperty("p1", new PropertyAdmin(Lists.newArrayList("role1"), Sets.newHashSet("c1")));
    waitForChange();
    admin.namespaces().createNamespace("p1/c1/ns1");
    waitForChange();
    assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), false);
    admin.namespaces().grantPermissionOnNamespace("p1/c1/ns1", "my-role", EnumSet.of(AuthAction.produce));
    waitForChange();
    assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
    assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
    admin.persistentTopics().grantPermission("persistent://p1/c1/ns1/ds2", "other-role", EnumSet.of(AuthAction.consume));
    waitForChange();
    assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds2"), "other-role"), true);
    assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
    assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds2"), "other-role"), false);
    assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds2"), "other-role"), true);
    assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds2"), "no-access-role"), false);
    assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "no-access-role"), false);
    admin.namespaces().grantPermissionOnNamespace("p1/c1/ns1", "my-role", EnumSet.allOf(AuthAction.class));
    waitForChange();
    assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
    assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
    admin.namespaces().deleteNamespace("p1/c1/ns1");
    admin.properties().deleteProperty("p1");
    admin.clusters().deleteCluster("c1");
}
Also used : ClusterData(com.yahoo.pulsar.common.policies.data.ClusterData) PropertyAdmin(com.yahoo.pulsar.common.policies.data.PropertyAdmin) AuthorizationManager(com.yahoo.pulsar.broker.authorization.AuthorizationManager) AuthAction(com.yahoo.pulsar.common.policies.data.AuthAction) Test(org.testng.annotations.Test)

Aggregations

AuthorizationManager (com.yahoo.pulsar.broker.authorization.AuthorizationManager)11 Test (org.testng.annotations.Test)8 ByteBuf (io.netty.buffer.ByteBuf)7 CommandError (com.yahoo.pulsar.common.api.proto.PulsarApi.CommandError)4 ConfigurationCacheService (com.yahoo.pulsar.broker.cache.ConfigurationCacheService)3 AuthAction (com.yahoo.pulsar.common.policies.data.AuthAction)3 AuthenticationService (com.yahoo.pulsar.broker.authentication.AuthenticationService)2 PersistentTopic (com.yahoo.pulsar.broker.service.persistent.PersistentTopic)2 CommandProducerSuccess (com.yahoo.pulsar.common.api.proto.PulsarApi.CommandProducerSuccess)2 CommandSuccess (com.yahoo.pulsar.common.api.proto.PulsarApi.CommandSuccess)2 ClusterData (com.yahoo.pulsar.common.policies.data.ClusterData)2 PropertyAdmin (com.yahoo.pulsar.common.policies.data.PropertyAdmin)2 PulsarServerException (com.yahoo.pulsar.broker.PulsarServerException)1 ServiceConfiguration (com.yahoo.pulsar.broker.ServiceConfiguration)1 MockedPulsarServiceBaseTest (com.yahoo.pulsar.broker.auth.MockedPulsarServiceBaseTest)1 DestinationName (com.yahoo.pulsar.common.naming.DestinationName)1 Policies (com.yahoo.pulsar.common.policies.data.Policies)1 GlobalZooKeeperCache (com.yahoo.pulsar.zookeeper.GlobalZooKeeperCache)1 IOException (java.io.IOException)1