Examples with PropertyAdmin com.yahoo.pulsar.common.policies.data.PropertyAdmin used on opensource projects

Search in sources :

Example 6 with PropertyAdmin

use of com.yahoo.pulsar.common.policies.data.PropertyAdmin in project pulsar by yahoo.

the class NamespacesTest method testGlobalNamespaceReplicationConfiguration.

@Test
public void testGlobalNamespaceReplicationConfiguration() throws Exception {
    assertEquals(namespaces.getNamespaceReplicationClusters(this.testGlobalNamespaces.get(0).getProperty(), this.testGlobalNamespaces.get(0).getCluster(), this.testGlobalNamespaces.get(0).getLocalName()), Lists.newArrayList());
    namespaces.setNamespaceReplicationClusters(this.testGlobalNamespaces.get(0).getProperty(), this.testGlobalNamespaces.get(0).getCluster(), this.testGlobalNamespaces.get(0).getLocalName(), Lists.newArrayList("use", "usw"));
    assertEquals(namespaces.getNamespaceReplicationClusters(this.testGlobalNamespaces.get(0).getProperty(), this.testGlobalNamespaces.get(0).getCluster(), this.testGlobalNamespaces.get(0).getLocalName()), Lists.newArrayList("use", "usw"));
    try {
        namespaces.setNamespaceReplicationClusters(this.testGlobalNamespaces.get(0).getProperty(), this.testGlobalNamespaces.get(0).getCluster(), this.testGlobalNamespaces.get(0).getLocalName(), Lists.newArrayList("use", "invalid-cluster"));
        fail("should have failed");
    } catch (RestException e) {
        assertEquals(e.getResponse().getStatus(), Status.FORBIDDEN.getStatusCode());
    }
    try {
        namespaces.setNamespaceReplicationClusters(this.testGlobalNamespaces.get(0).getProperty(), this.testGlobalNamespaces.get(0).getCluster(), this.testGlobalNamespaces.get(0).getLocalName(), Lists.newArrayList("use", "global"));
        fail("should have failed");
    } catch (RestException e) {
        // Ok, global should not be allowed in the list of replication clusters
        assertEquals(e.getResponse().getStatus(), Status.PRECONDITION_FAILED.getStatusCode());
    }
    try {
        namespaces.setNamespaceReplicationClusters(this.testProperty, "global", this.testGlobalNamespaces.get(0).getLocalName(), Lists.newArrayList("use", "invalid-cluster"));
        fail("should have failed");
    } catch (RestException e) {
        // Ok, invalid-cluster is an invalid cluster id
        assertEquals(e.getResponse().getStatus(), Status.FORBIDDEN.getStatusCode());
    }
    admin.properties().updateProperty(testProperty, new PropertyAdmin(Lists.newArrayList("role1", "role2"), Sets.newHashSet("use", "usc")));
    try {
        namespaces.setNamespaceReplicationClusters(this.testProperty, "global", this.testGlobalNamespaces.get(0).getLocalName(), Lists.newArrayList("use", "usw"));
        fail("should have failed");
    } catch (RestException e) {
        // Ok, usw was not configured in the list of allowed clusters
        assertEquals(e.getResponse().getStatus(), Status.FORBIDDEN.getStatusCode());
    }
    // Sometimes watcher event consumes scheduled exception, so set to always fail to ensure exception is
    // thrown for api call.
    mockZookKeeper.setAlwaysFail(Code.SESSIONEXPIRED);
    pulsar.getConfigurationCache().policiesCache().invalidate(AdminResource.path("policies", this.testProperty, "global", this.testGlobalNamespaces.get(0).getLocalName()));
    try {
        namespaces.setNamespaceReplicationClusters(this.testProperty, "global", this.testGlobalNamespaces.get(0).getLocalName(), Lists.newArrayList("use"));
        fail("should have failed");
    } catch (RestException e) {
        assertEquals(e.getResponse().getStatus(), Status.INTERNAL_SERVER_ERROR.getStatusCode());
    } finally {
        mockZookKeeper.unsetAlwaysFail();
    }
    mockZookKeeper.failNow(Code.BADVERSION);
    try {
        namespaces.setNamespaceReplicationClusters(this.testProperty, "global", this.testGlobalNamespaces.get(0).getLocalName(), Lists.newArrayList("use"));
        fail("should have failed");
    } catch (RestException e) {
        assertEquals(e.getResponse().getStatus(), Status.CONFLICT.getStatusCode());
    }
    try {
        namespaces.getNamespaceReplicationClusters(this.testProperty, "global", "non-existing-ns");
        fail("should have failed");
    } catch (RestException e) {
        assertEquals(e.getResponse().getStatus(), Status.NOT_FOUND.getStatusCode());
    }
    try {
        namespaces.setNamespaceReplicationClusters(this.testProperty, "global", "non-existing-ns", Lists.newArrayList("use"));
        fail("should have failed");
    } catch (RestException e) {
        assertEquals(e.getResponse().getStatus(), Status.NOT_FOUND.getStatusCode());
    }
    mockZookKeeper.failNow(Code.SESSIONEXPIRED);
    pulsar.getConfigurationCache().policiesCache().clear();
    // ensure the ZooKeeper read happens, bypassing the cache
    try {
        namespaces.getNamespaceReplicationClusters(this.testProperty, "global", this.testGlobalNamespaces.get(0).getLocalName());
        fail("should have failed");
    } catch (RestException e) {
        assertEquals(e.getResponse().getStatus(), 500);
    }
    try {
        namespaces.getNamespaceReplicationClusters(this.testProperty, this.testLocalCluster, this.testLocalNamespaces.get(0).getLocalName());
        fail("should have failed");
    } catch (RestException e) {
        assertEquals(e.getResponse().getStatus(), Status.PRECONDITION_FAILED.getStatusCode());
    }
    try {
        namespaces.setNamespaceReplicationClusters(this.testProperty, this.testLocalCluster, this.testLocalNamespaces.get(0).getLocalName(), Lists.newArrayList("use"));
        fail("should have failed");
    } catch (RestException e) {
        assertEquals(e.getResponse().getStatus(), Status.PRECONDITION_FAILED.getStatusCode());
    }
}
Also used : PropertyAdmin(com.yahoo.pulsar.common.policies.data.PropertyAdmin) RestException(com.yahoo.pulsar.broker.web.RestException) Test(org.testng.annotations.Test) MockedPulsarServiceBaseTest(com.yahoo.pulsar.broker.auth.MockedPulsarServiceBaseTest)

Example 7 with PropertyAdmin

use of com.yahoo.pulsar.common.policies.data.PropertyAdmin in project pulsar by yahoo.

the class PulsarWebResource method validateClusterForProperty.

protected void validateClusterForProperty(String property, String cluster) {
    PropertyAdmin propertyAdmin;
    try {
        propertyAdmin = pulsar().getConfigurationCache().propertiesCache().get(path("policies", property)).orElseThrow(() -> new RestException(Status.NOT_FOUND, "Property does not exist"));
    } catch (Exception e) {
        log.error("Failed to get property admin data for property");
        throw new RestException(e);
    }
    // Check if property is allowed on the cluster
    if (!propertyAdmin.getAllowedClusters().contains(cluster)) {
        String msg = String.format("Cluster [%s] is not in the list of allowed clusters list for property [%s]", cluster, property);
        log.info(msg);
        throw new RestException(Status.FORBIDDEN, msg);
    }
    log.info("Successfully validated clusters on property [{}]", property);
}
Also used : PropertyAdmin(com.yahoo.pulsar.common.policies.data.PropertyAdmin) KeeperException(org.apache.zookeeper.KeeperException) ExecutionException(java.util.concurrent.ExecutionException) WebApplicationException(javax.ws.rs.WebApplicationException)

Example 8 with PropertyAdmin

use of com.yahoo.pulsar.common.policies.data.PropertyAdmin in project pulsar by yahoo.

the class PulsarWebResource method validateAdminAccessOnProperty.

protected static void validateAdminAccessOnProperty(PulsarService pulsar, String clientAppId, String property) throws RestException, Exception {
    if (pulsar.getConfiguration().isAuthenticationEnabled() && pulsar.getConfiguration().isAuthorizationEnabled()) {
        log.debug("check admin access on property: {} - Authenticated: {} -- role: {}", property, (isClientAuthenticated(clientAppId)), clientAppId);
        if (!isClientAuthenticated(clientAppId)) {
            throw new RestException(Status.FORBIDDEN, "Need to authenticate to perform the request");
        }
        if (pulsar.getConfiguration().getSuperUserRoles().contains(clientAppId)) {
            // Super-user has access to configure all the policies
            log.debug("granting access to super-user {} on property {}", clientAppId, property);
        } else {
            PropertyAdmin propertyAdmin;
            try {
                propertyAdmin = pulsar.getConfigurationCache().propertiesCache().get(path("policies", property)).orElseThrow(() -> new RestException(Status.UNAUTHORIZED, "Property does not exist"));
            } catch (KeeperException.NoNodeException e) {
                log.warn("Failed to get property admin data for non existing property {}", property);
                throw new RestException(Status.UNAUTHORIZED, "Property does not exist");
            }
            if (!propertyAdmin.getAdminRoles().contains(clientAppId)) {
                throw new RestException(Status.UNAUTHORIZED, "Don't have permission to administrate resources on this property");
            }
            log.debug("Successfully authorized {} on property {}", clientAppId, property);
        }
    }
}
Also used : PropertyAdmin(com.yahoo.pulsar.common.policies.data.PropertyAdmin) KeeperException(org.apache.zookeeper.KeeperException)

Example 9 with PropertyAdmin

use of com.yahoo.pulsar.common.policies.data.PropertyAdmin in project pulsar by yahoo.

the class BacklogQuotaManagerTest method setup.

@BeforeMethod
void setup() throws Exception {
    try {
        // start local bookie and zookeeper
        bkEnsemble = new LocalBookkeeperEnsemble(3, ZOOKEEPER_PORT, 5001);
        bkEnsemble.start();
        // start pulsar service
        config = new ServiceConfiguration();
        config.setZookeeperServers("127.0.0.1" + ":" + ZOOKEEPER_PORT);
        config.setWebServicePort(BROKER_WEBSERVICE_PORT);
        config.setClusterName("usc");
        config.setBrokerServicePort(BROKER_SERVICE_PORT);
        config.setAuthorizationEnabled(false);
        config.setAuthenticationEnabled(false);
        config.setBacklogQuotaCheckIntervalInSeconds(TIME_TO_CHECK_BACKLOG_QUOTA);
        config.setManagedLedgerMaxEntriesPerLedger(5);
        config.setManagedLedgerMinLedgerRolloverTimeMinutes(0);
        pulsar = new PulsarService(config);
        pulsar.start();
        adminUrl = new URL("http://127.0.0.1" + ":" + BROKER_WEBSERVICE_PORT);
        admin = new PulsarAdmin(adminUrl, (Authentication) null);
        admin.clusters().createCluster("usc", new ClusterData(adminUrl.toString()));
        admin.properties().createProperty("prop", new PropertyAdmin(Lists.newArrayList("appid1"), Sets.newHashSet("usc")));
        admin.namespaces().createNamespace("prop/usc/ns-quota");
        admin.namespaces().createNamespace("prop/usc/quotahold");
        admin.namespaces().createNamespace("prop/usc/quotaholdasync");
    } catch (Throwable t) {
        LOG.error("Error setting up broker test", t);
        Assert.fail("Broker test setup failed");
    }
}
Also used : ClusterData(com.yahoo.pulsar.common.policies.data.ClusterData) ServiceConfiguration(com.yahoo.pulsar.broker.ServiceConfiguration) PulsarService(com.yahoo.pulsar.broker.PulsarService) PulsarAdmin(com.yahoo.pulsar.client.admin.PulsarAdmin) PropertyAdmin(com.yahoo.pulsar.common.policies.data.PropertyAdmin) Authentication(com.yahoo.pulsar.client.api.Authentication) LocalBookkeeperEnsemble(com.yahoo.pulsar.zookeeper.LocalBookkeeperEnsemble) URL(java.net.URL) BeforeMethod(org.testng.annotations.BeforeMethod)

Example 10 with PropertyAdmin

use of com.yahoo.pulsar.common.policies.data.PropertyAdmin in project pulsar by yahoo.

the class BrokerTestBase method baseSetup.

public void baseSetup() throws Exception {
    super.internalSetup();
    admin.clusters().createCluster("use", new ClusterData(brokerUrl.toString()));
    admin.properties().createProperty("prop", new PropertyAdmin(Lists.newArrayList("appid1"), Sets.newHashSet("use")));
    admin.namespaces().createNamespace("prop/use/ns-abc");
}
Also used : ClusterData(com.yahoo.pulsar.common.policies.data.ClusterData) PropertyAdmin(com.yahoo.pulsar.common.policies.data.PropertyAdmin)

Aggregations

PropertyAdmin (com.yahoo.pulsar.common.policies.data.PropertyAdmin)26 ClusterData (com.yahoo.pulsar.common.policies.data.ClusterData)15 Test (org.testng.annotations.Test)14 MockedPulsarServiceBaseTest (com.yahoo.pulsar.broker.auth.MockedPulsarServiceBaseTest)9 RestException (com.yahoo.pulsar.broker.web.RestException)5 PulsarAdmin (com.yahoo.pulsar.client.admin.PulsarAdmin)5 PulsarAdminException (com.yahoo.pulsar.client.admin.PulsarAdminException)5 PulsarService (com.yahoo.pulsar.broker.PulsarService)4 ServiceConfiguration (com.yahoo.pulsar.broker.ServiceConfiguration)4 AuthAction (com.yahoo.pulsar.common.policies.data.AuthAction)4 URL (java.net.URL)4 KeeperException (org.apache.zookeeper.KeeperException)4 PreconditionFailedException (com.yahoo.pulsar.client.admin.PulsarAdminException.PreconditionFailedException)3 Authentication (com.yahoo.pulsar.client.api.Authentication)3 Policies (com.yahoo.pulsar.common.policies.data.Policies)3 LocalBookkeeperEnsemble (com.yahoo.pulsar.zookeeper.LocalBookkeeperEnsemble)3 BeforeMethod (org.testng.annotations.BeforeMethod)3 PulsarServerException (com.yahoo.pulsar.broker.PulsarServerException)2 AuthorizationManager (com.yahoo.pulsar.broker.authorization.AuthorizationManager)2 ConflictException (com.yahoo.pulsar.client.admin.PulsarAdminException.ConflictException)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial