Search in sources :

Example 21 with PropertyAdmin

use of com.yahoo.pulsar.common.policies.data.PropertyAdmin in project pulsar by yahoo.

the class BrokerServiceLookupTest method testMultipleBrokerDifferentClusterLookup.

/**
     * Usecase: Redirection due to different cluster 
     * 1. Broker1 runs on cluster: "use" and Broker2 runs on cluster: "use2" 
     * 2. Broker1 receives "use2" cluster request => Broker1 reads "/clusters" from global-zookkeeper and
     * redirects request to Broker2 whch serves "use2"
     * 3. Broker2 receives redirect request and own namespace bundle
     * 
     * @throws Exception
     */
@Test
public void testMultipleBrokerDifferentClusterLookup() throws Exception {
    log.info("-- Starting {} test --", methodName);
    /**** start broker-2 ****/
    final String newCluster = "use2";
    final String property = "my-property2";
    ServiceConfiguration conf2 = new ServiceConfiguration();
    conf2.setBrokerServicePort(PortManager.nextFreePort());
    conf2.setBrokerServicePortTls(PortManager.nextFreePort());
    conf2.setWebServicePort(PortManager.nextFreePort());
    conf2.setWebServicePortTls(PortManager.nextFreePort());
    conf2.setAdvertisedAddress("localhost");
    // Broker2 serves newCluster
    conf2.setClusterName(newCluster);
    String broker2ServiceUrl = "pulsar://localhost:" + conf2.getBrokerServicePort();
    admin.clusters().createCluster(newCluster, new ClusterData("http://127.0.0.1:" + BROKER_WEBSERVICE_PORT, null, broker2ServiceUrl, null));
    admin.properties().createProperty(property, new PropertyAdmin(Lists.newArrayList("appid1", "appid2"), Sets.newHashSet(newCluster)));
    admin.namespaces().createNamespace(property + "/" + newCluster + "/my-ns");
    PulsarService pulsar2 = startBroker(conf2);
    pulsar.getLoadManager().writeLoadReportOnZookeeper();
    pulsar2.getLoadManager().writeLoadReportOnZookeeper();
    URI brokerServiceUrl = new URI(broker2ServiceUrl);
    PulsarClient pulsarClient2 = PulsarClient.create(brokerServiceUrl.toString(), new ClientConfiguration());
    // enable authorization: so, broker can validate cluster and redirect if finds different cluster
    pulsar.getConfiguration().setAuthorizationEnabled(true);
    // restart broker with authorization enabled: it initialize AuthorizationManager
    stopBroker();
    startBroker();
    LoadManager loadManager2 = spy(pulsar2.getLoadManager());
    Field loadManagerField = NamespaceService.class.getDeclaredField("loadManager");
    loadManagerField.setAccessible(true);
    // mock: return Broker2 as a Least-loaded broker when leader receies request
    doReturn(true).when(loadManager2).isCentralized();
    SimpleResourceUnit resourceUnit = new SimpleResourceUnit(pulsar2.getWebServiceAddress(), null);
    doReturn(resourceUnit).when(loadManager2).getLeastLoaded(any(ServiceUnitId.class));
    loadManagerField.set(pulsar.getNamespaceService(), loadManager2);
    /**** started broker-2 ****/
    // load namespace-bundle by calling Broker2
    Consumer consumer = pulsarClient.subscribe("persistent://my-property2/use2/my-ns/my-topic1", "my-subscriber-name", new ConsumerConfiguration());
    Producer producer = pulsarClient2.createProducer("persistent://my-property2/use2/my-ns/my-topic1", new ProducerConfiguration());
    for (int i = 0; i < 10; i++) {
        String message = "my-message-" + i;
        producer.send(message.getBytes());
    }
    Message msg = null;
    Set<String> messageSet = Sets.newHashSet();
    for (int i = 0; i < 10; i++) {
        msg = consumer.receive(5, TimeUnit.SECONDS);
        String receivedMessage = new String(msg.getData());
        log.debug("Received message: [{}]", receivedMessage);
        String expectedMessage = "my-message-" + i;
        testMessageOrderAndDuplicates(messageSet, receivedMessage, expectedMessage);
    }
    // Acknowledge the consumption of all messages at once
    consumer.acknowledgeCumulative(msg);
    consumer.close();
    producer.close();
    // disable authorization 
    pulsar.getConfiguration().setAuthorizationEnabled(false);
    pulsarClient2.close();
    pulsar2.close();
    loadManager2 = null;
}
Also used : LoadManager(com.yahoo.pulsar.broker.loadbalance.LoadManager) URI(java.net.URI) Field(java.lang.reflect.Field) ClusterData(com.yahoo.pulsar.common.policies.data.ClusterData) SimpleResourceUnit(com.yahoo.pulsar.broker.loadbalance.impl.SimpleResourceUnit) ServiceConfiguration(com.yahoo.pulsar.broker.ServiceConfiguration) PropertyAdmin(com.yahoo.pulsar.common.policies.data.PropertyAdmin) PulsarService(com.yahoo.pulsar.broker.PulsarService) ServiceUnitId(com.yahoo.pulsar.common.naming.ServiceUnitId) Test(org.testng.annotations.Test)

Example 22 with PropertyAdmin

use of com.yahoo.pulsar.common.policies.data.PropertyAdmin in project pulsar by yahoo.

the class NamespacesTest method setup.

@Override
@BeforeMethod
public void setup() throws Exception {
    super.internalSetup();
    namespaces = spy(new Namespaces());
    namespaces.setServletContext(new MockServletContext());
    namespaces.setPulsar(pulsar);
    doReturn(mockZookKeeper).when(namespaces).globalZk();
    doReturn(mockZookKeeper).when(namespaces).localZk();
    doReturn(pulsar.getConfigurationCache().propertiesCache()).when(namespaces).propertiesCache();
    doReturn(pulsar.getConfigurationCache().policiesCache()).when(namespaces).policiesCache();
    doReturn(false).when(namespaces).isRequestHttps();
    doReturn("test").when(namespaces).clientAppId();
    doReturn(Sets.newTreeSet(Lists.newArrayList("use", "usw", "usc", "global"))).when(namespaces).clusters();
    doNothing().when(namespaces).validateAdminAccessOnProperty("my-property");
    doNothing().when(namespaces).validateAdminAccessOnProperty("other-property");
    doNothing().when(namespaces).validateAdminAccessOnProperty("new-property");
    admin.clusters().createCluster("use", new ClusterData("http://broker-use.com:" + BROKER_WEBSERVICE_PORT));
    admin.clusters().createCluster("usw", new ClusterData("http://broker-usw.com:" + BROKER_WEBSERVICE_PORT));
    admin.clusters().createCluster("usc", new ClusterData("http://broker-usc.com:" + BROKER_WEBSERVICE_PORT));
    admin.properties().createProperty(this.testProperty, new PropertyAdmin(Lists.newArrayList("role1", "role2"), Sets.newHashSet("use", "usc", "usw")));
    createTestNamespaces(this.testProperty, this.testLocalNamespaces, new BundlesData());
    createGlobalTestNamespaces(this.testProperty, this.testGlobalNamespaces.get(0).getLocalName(), new BundlesData());
    nsSvc = pulsar.getNamespaceService();
}
Also used : ClusterData(com.yahoo.pulsar.common.policies.data.ClusterData) PropertyAdmin(com.yahoo.pulsar.common.policies.data.PropertyAdmin) BundlesData(com.yahoo.pulsar.common.policies.data.BundlesData) BeforeMethod(org.testng.annotations.BeforeMethod)

Example 23 with PropertyAdmin

use of com.yahoo.pulsar.common.policies.data.PropertyAdmin in project pulsar by yahoo.

the class AuthorizationTest method simple.

@Test
void simple() throws Exception {
    AuthorizationManager auth = pulsar.getBrokerService().getAuthorizationManager();
    assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), false);
    admin.clusters().createCluster("c1", new ClusterData());
    admin.properties().createProperty("p1", new PropertyAdmin(Lists.newArrayList("role1"), Sets.newHashSet("c1")));
    waitForChange();
    admin.namespaces().createNamespace("p1/c1/ns1");
    waitForChange();
    assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), false);
    admin.namespaces().grantPermissionOnNamespace("p1/c1/ns1", "my-role", EnumSet.of(AuthAction.produce));
    waitForChange();
    assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
    assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
    admin.persistentTopics().grantPermission("persistent://p1/c1/ns1/ds2", "other-role", EnumSet.of(AuthAction.consume));
    waitForChange();
    assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds2"), "other-role"), true);
    assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
    assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds2"), "other-role"), false);
    assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds2"), "other-role"), true);
    assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds2"), "no-access-role"), false);
    assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "no-access-role"), false);
    admin.namespaces().grantPermissionOnNamespace("p1/c1/ns1", "my-role", EnumSet.allOf(AuthAction.class));
    waitForChange();
    assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
    assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
    admin.namespaces().deleteNamespace("p1/c1/ns1");
    admin.properties().deleteProperty("p1");
    admin.clusters().deleteCluster("c1");
}
Also used : ClusterData(com.yahoo.pulsar.common.policies.data.ClusterData) PropertyAdmin(com.yahoo.pulsar.common.policies.data.PropertyAdmin) AuthorizationManager(com.yahoo.pulsar.broker.authorization.AuthorizationManager) AuthAction(com.yahoo.pulsar.common.policies.data.AuthAction) Test(org.testng.annotations.Test)

Example 24 with PropertyAdmin

use of com.yahoo.pulsar.common.policies.data.PropertyAdmin in project pulsar by yahoo.

the class AdminTest method properties.

@Test
void properties() throws Exception {
    assertEquals(properties.getProperties(), Lists.newArrayList());
    verify(properties, times(1)).validateSuperUserAccess();
    Set<String> allowedClusters = Sets.newHashSet();
    PropertyAdmin propertyAdmin = new PropertyAdmin(Lists.newArrayList("role1", "role2"), allowedClusters);
    properties.createProperty("test-property", propertyAdmin);
    verify(properties, times(2)).validateSuperUserAccess();
    assertEquals(properties.getProperties(), Lists.newArrayList("test-property"));
    verify(properties, times(3)).validateSuperUserAccess();
    assertEquals(properties.getPropertyAdmin("test-property"), propertyAdmin);
    verify(properties, times(4)).validateSuperUserAccess();
    PropertyAdmin newPropertyAdmin = new PropertyAdmin(Lists.newArrayList("role1", "other-role"), allowedClusters);
    properties.updateProperty("test-property", newPropertyAdmin);
    verify(properties, times(5)).validateSuperUserAccess();
    // Wait for updateProperty to take effect
    Thread.sleep(100);
    assertEquals(properties.getPropertyAdmin("test-property"), newPropertyAdmin);
    assertNotSame(properties.getPropertyAdmin("test-property"), propertyAdmin);
    verify(properties, times(7)).validateSuperUserAccess();
    // Check creating existing property
    try {
        properties.createProperty("test-property", propertyAdmin);
        fail("should have failed");
    } catch (RestException e) {
        assertEquals(e.getResponse().getStatus(), Status.CONFLICT.getStatusCode());
    }
    // Check non-existing property
    try {
        properties.getPropertyAdmin("non-existing");
        fail("should have failed");
    } catch (RestException e) {
        assertEquals(e.getResponse().getStatus(), Status.NOT_FOUND.getStatusCode());
    }
    try {
        properties.updateProperty("xxx-non-existing", newPropertyAdmin);
        fail("should have failed");
    } catch (RestException e) {
        assertEquals(e.getResponse().getStatus(), Status.NOT_FOUND.getStatusCode());
    }
    // Check deleting non-existing property
    try {
        properties.deleteProperty("non-existing");
        fail("should have failed");
    } catch (RestException e) {
        assertEquals(e.getResponse().getStatus(), Status.NOT_FOUND.getStatusCode());
    }
    // Test zk failures
    mockZookKeeper.failNow(Code.SESSIONEXPIRED);
    try {
        properties.getProperties();
        fail("should have failed");
    } catch (RestException e) {
        assertEquals(e.getResponse().getStatus(), Status.INTERNAL_SERVER_ERROR.getStatusCode());
    }
    mockZookKeeper.failNow(Code.SESSIONEXPIRED);
    try {
        properties.getPropertyAdmin("my-property");
        fail("should have failed");
    } catch (RestException e) {
        assertEquals(e.getResponse().getStatus(), Status.INTERNAL_SERVER_ERROR.getStatusCode());
    }
    mockZookKeeper.failNow(Code.SESSIONEXPIRED);
    try {
        properties.updateProperty("my-property", newPropertyAdmin);
        fail("should have failed");
    } catch (RestException e) {
        assertEquals(e.getResponse().getStatus(), Status.INTERNAL_SERVER_ERROR.getStatusCode());
    }
    mockZookKeeper.failNow(Code.SESSIONEXPIRED);
    try {
        properties.createProperty("test", propertyAdmin);
        fail("should have failed");
    } catch (RestException e) {
        assertEquals(e.getResponse().getStatus(), Status.INTERNAL_SERVER_ERROR.getStatusCode());
    }
    mockZookKeeper.failNow(Code.SESSIONEXPIRED);
    try {
        properties.deleteProperty("my-property");
        fail("should have failed");
    } catch (RestException e) {
        assertEquals(e.getResponse().getStatus(), Status.INTERNAL_SERVER_ERROR.getStatusCode());
    }
    properties.createProperty("error-property", propertyAdmin);
    mockZookKeeper.failAfter(2, Code.SESSIONEXPIRED);
    try {
        properties.deleteProperty("error-property");
        fail("should have failed");
    } catch (RestException e) {
        assertEquals(e.getResponse().getStatus(), Status.INTERNAL_SERVER_ERROR.getStatusCode());
    }
    properties.deleteProperty("test-property");
    properties.deleteProperty("error-property");
    assertEquals(properties.getProperties(), Lists.newArrayList());
    // Create a namespace to test deleting a non-empty property
    clusters.createCluster("use", new ClusterData());
    newPropertyAdmin = new PropertyAdmin(Lists.newArrayList("role1", "other-role"), Sets.newHashSet("use"));
    properties.createProperty("my-property", newPropertyAdmin);
    namespaces.createNamespace("my-property", "use", "my-namespace", new BundlesData());
    try {
        properties.deleteProperty("my-property");
        fail("should have failed");
    } catch (RestException e) {
    // Ok
    }
    // Check name validation
    try {
        properties.createProperty("test&", propertyAdmin);
        fail("should have failed");
    } catch (RestException e) {
        assertEquals(e.getResponse().getStatus(), Status.PRECONDITION_FAILED.getStatusCode());
    }
    namespaces.deleteNamespace("my-property", "use", "my-namespace", false);
    properties.deleteProperty("my-property");
}
Also used : ClusterData(com.yahoo.pulsar.common.policies.data.ClusterData) PropertyAdmin(com.yahoo.pulsar.common.policies.data.PropertyAdmin) RestException(com.yahoo.pulsar.broker.web.RestException) BundlesData(com.yahoo.pulsar.common.policies.data.BundlesData) Test(org.testng.annotations.Test) MockedPulsarServiceBaseTest(com.yahoo.pulsar.broker.auth.MockedPulsarServiceBaseTest)

Example 25 with PropertyAdmin

use of com.yahoo.pulsar.common.policies.data.PropertyAdmin in project pulsar by yahoo.

the class AdminTest method persistentTopics.

@Test
void persistentTopics() throws Exception {
    final String property = "prop-xyz";
    final String cluster = "use";
    final String namespace = "ns";
    final String destination = "ds1";
    Policies policies = new Policies();
    doReturn(policies).when(resourceQuotas).getNamespacePolicies(property, cluster, namespace);
    doReturn("client-id").when(resourceQuotas).clientAppId();
    // create policies
    PropertyAdmin admin = new PropertyAdmin();
    admin.getAllowedClusters().add(cluster);
    ZkUtils.createFullPathOptimistic(mockZookKeeper, PulsarWebResource.path("policies", property, cluster, namespace), ObjectMapperFactory.getThreadLocal().writeValueAsBytes(new Policies()), ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
    List<String> list = persistentTopics.getList(property, cluster, namespace);
    assertTrue(list.isEmpty());
    // create destination
    persistentTopics.createPartitionedTopic(property, cluster, namespace, destination, 5, false);
    CountDownLatch notificationLatch = new CountDownLatch(2);
    configurationCache.policiesCache().registerListener((path, data, stat) -> {
        notificationLatch.countDown();
    });
    // grant permission
    final Set<AuthAction> actions = Sets.newHashSet(AuthAction.produce);
    final String role = "test-role";
    persistentTopics.grantPermissionsOnDestination(property, cluster, namespace, destination, role, actions);
    // verify permission
    Map<String, Set<AuthAction>> permission = persistentTopics.getPermissionsOnDestination(property, cluster, namespace, destination);
    assertEquals(permission.get(role), actions);
    // remove permission
    persistentTopics.revokePermissionsOnDestination(property, cluster, namespace, destination, role);
    // Wait for cache to be updated
    notificationLatch.await();
    // verify removed permission
    permission = persistentTopics.getPermissionsOnDestination(property, cluster, namespace, destination);
    assertTrue(permission.isEmpty());
}
Also used : Policies(com.yahoo.pulsar.common.policies.data.Policies) Set(java.util.Set) PropertyAdmin(com.yahoo.pulsar.common.policies.data.PropertyAdmin) CountDownLatch(java.util.concurrent.CountDownLatch) AuthAction(com.yahoo.pulsar.common.policies.data.AuthAction) Test(org.testng.annotations.Test) MockedPulsarServiceBaseTest(com.yahoo.pulsar.broker.auth.MockedPulsarServiceBaseTest)

Aggregations

PropertyAdmin (com.yahoo.pulsar.common.policies.data.PropertyAdmin)26 ClusterData (com.yahoo.pulsar.common.policies.data.ClusterData)15 Test (org.testng.annotations.Test)14 MockedPulsarServiceBaseTest (com.yahoo.pulsar.broker.auth.MockedPulsarServiceBaseTest)9 RestException (com.yahoo.pulsar.broker.web.RestException)5 PulsarAdmin (com.yahoo.pulsar.client.admin.PulsarAdmin)5 PulsarAdminException (com.yahoo.pulsar.client.admin.PulsarAdminException)5 PulsarService (com.yahoo.pulsar.broker.PulsarService)4 ServiceConfiguration (com.yahoo.pulsar.broker.ServiceConfiguration)4 AuthAction (com.yahoo.pulsar.common.policies.data.AuthAction)4 URL (java.net.URL)4 KeeperException (org.apache.zookeeper.KeeperException)4 PreconditionFailedException (com.yahoo.pulsar.client.admin.PulsarAdminException.PreconditionFailedException)3 Authentication (com.yahoo.pulsar.client.api.Authentication)3 Policies (com.yahoo.pulsar.common.policies.data.Policies)3 LocalBookkeeperEnsemble (com.yahoo.pulsar.zookeeper.LocalBookkeeperEnsemble)3 BeforeMethod (org.testng.annotations.BeforeMethod)3 PulsarServerException (com.yahoo.pulsar.broker.PulsarServerException)2 AuthorizationManager (com.yahoo.pulsar.broker.authorization.AuthorizationManager)2 ConflictException (com.yahoo.pulsar.client.admin.PulsarAdminException.ConflictException)2