use of com.yahoo.pulsar.common.policies.data.PropertyAdmin in project pulsar by yahoo.
the class BrokerServiceLookupTest method testMultipleBrokerDifferentClusterLookup.
/**
* Usecase: Redirection due to different cluster
* 1. Broker1 runs on cluster: "use" and Broker2 runs on cluster: "use2"
* 2. Broker1 receives "use2" cluster request => Broker1 reads "/clusters" from global-zookkeeper and
* redirects request to Broker2 whch serves "use2"
* 3. Broker2 receives redirect request and own namespace bundle
*
* @throws Exception
*/
@Test
public void testMultipleBrokerDifferentClusterLookup() throws Exception {
log.info("-- Starting {} test --", methodName);
/**** start broker-2 ****/
final String newCluster = "use2";
final String property = "my-property2";
ServiceConfiguration conf2 = new ServiceConfiguration();
conf2.setBrokerServicePort(PortManager.nextFreePort());
conf2.setBrokerServicePortTls(PortManager.nextFreePort());
conf2.setWebServicePort(PortManager.nextFreePort());
conf2.setWebServicePortTls(PortManager.nextFreePort());
conf2.setAdvertisedAddress("localhost");
// Broker2 serves newCluster
conf2.setClusterName(newCluster);
String broker2ServiceUrl = "pulsar://localhost:" + conf2.getBrokerServicePort();
admin.clusters().createCluster(newCluster, new ClusterData("http://127.0.0.1:" + BROKER_WEBSERVICE_PORT, null, broker2ServiceUrl, null));
admin.properties().createProperty(property, new PropertyAdmin(Lists.newArrayList("appid1", "appid2"), Sets.newHashSet(newCluster)));
admin.namespaces().createNamespace(property + "/" + newCluster + "/my-ns");
PulsarService pulsar2 = startBroker(conf2);
pulsar.getLoadManager().writeLoadReportOnZookeeper();
pulsar2.getLoadManager().writeLoadReportOnZookeeper();
URI brokerServiceUrl = new URI(broker2ServiceUrl);
PulsarClient pulsarClient2 = PulsarClient.create(brokerServiceUrl.toString(), new ClientConfiguration());
// enable authorization: so, broker can validate cluster and redirect if finds different cluster
pulsar.getConfiguration().setAuthorizationEnabled(true);
// restart broker with authorization enabled: it initialize AuthorizationManager
stopBroker();
startBroker();
LoadManager loadManager2 = spy(pulsar2.getLoadManager());
Field loadManagerField = NamespaceService.class.getDeclaredField("loadManager");
loadManagerField.setAccessible(true);
// mock: return Broker2 as a Least-loaded broker when leader receies request
doReturn(true).when(loadManager2).isCentralized();
SimpleResourceUnit resourceUnit = new SimpleResourceUnit(pulsar2.getWebServiceAddress(), null);
doReturn(resourceUnit).when(loadManager2).getLeastLoaded(any(ServiceUnitId.class));
loadManagerField.set(pulsar.getNamespaceService(), loadManager2);
/**** started broker-2 ****/
// load namespace-bundle by calling Broker2
Consumer consumer = pulsarClient.subscribe("persistent://my-property2/use2/my-ns/my-topic1", "my-subscriber-name", new ConsumerConfiguration());
Producer producer = pulsarClient2.createProducer("persistent://my-property2/use2/my-ns/my-topic1", new ProducerConfiguration());
for (int i = 0; i < 10; i++) {
String message = "my-message-" + i;
producer.send(message.getBytes());
}
Message msg = null;
Set<String> messageSet = Sets.newHashSet();
for (int i = 0; i < 10; i++) {
msg = consumer.receive(5, TimeUnit.SECONDS);
String receivedMessage = new String(msg.getData());
log.debug("Received message: [{}]", receivedMessage);
String expectedMessage = "my-message-" + i;
testMessageOrderAndDuplicates(messageSet, receivedMessage, expectedMessage);
}
// Acknowledge the consumption of all messages at once
consumer.acknowledgeCumulative(msg);
consumer.close();
producer.close();
// disable authorization
pulsar.getConfiguration().setAuthorizationEnabled(false);
pulsarClient2.close();
pulsar2.close();
loadManager2 = null;
}
use of com.yahoo.pulsar.common.policies.data.PropertyAdmin in project pulsar by yahoo.
the class NamespacesTest method setup.
@Override
@BeforeMethod
public void setup() throws Exception {
super.internalSetup();
namespaces = spy(new Namespaces());
namespaces.setServletContext(new MockServletContext());
namespaces.setPulsar(pulsar);
doReturn(mockZookKeeper).when(namespaces).globalZk();
doReturn(mockZookKeeper).when(namespaces).localZk();
doReturn(pulsar.getConfigurationCache().propertiesCache()).when(namespaces).propertiesCache();
doReturn(pulsar.getConfigurationCache().policiesCache()).when(namespaces).policiesCache();
doReturn(false).when(namespaces).isRequestHttps();
doReturn("test").when(namespaces).clientAppId();
doReturn(Sets.newTreeSet(Lists.newArrayList("use", "usw", "usc", "global"))).when(namespaces).clusters();
doNothing().when(namespaces).validateAdminAccessOnProperty("my-property");
doNothing().when(namespaces).validateAdminAccessOnProperty("other-property");
doNothing().when(namespaces).validateAdminAccessOnProperty("new-property");
admin.clusters().createCluster("use", new ClusterData("http://broker-use.com:" + BROKER_WEBSERVICE_PORT));
admin.clusters().createCluster("usw", new ClusterData("http://broker-usw.com:" + BROKER_WEBSERVICE_PORT));
admin.clusters().createCluster("usc", new ClusterData("http://broker-usc.com:" + BROKER_WEBSERVICE_PORT));
admin.properties().createProperty(this.testProperty, new PropertyAdmin(Lists.newArrayList("role1", "role2"), Sets.newHashSet("use", "usc", "usw")));
createTestNamespaces(this.testProperty, this.testLocalNamespaces, new BundlesData());
createGlobalTestNamespaces(this.testProperty, this.testGlobalNamespaces.get(0).getLocalName(), new BundlesData());
nsSvc = pulsar.getNamespaceService();
}
use of com.yahoo.pulsar.common.policies.data.PropertyAdmin in project pulsar by yahoo.
the class AuthorizationTest method simple.
@Test
void simple() throws Exception {
AuthorizationManager auth = pulsar.getBrokerService().getAuthorizationManager();
assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), false);
admin.clusters().createCluster("c1", new ClusterData());
admin.properties().createProperty("p1", new PropertyAdmin(Lists.newArrayList("role1"), Sets.newHashSet("c1")));
waitForChange();
admin.namespaces().createNamespace("p1/c1/ns1");
waitForChange();
assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), false);
admin.namespaces().grantPermissionOnNamespace("p1/c1/ns1", "my-role", EnumSet.of(AuthAction.produce));
waitForChange();
assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
admin.persistentTopics().grantPermission("persistent://p1/c1/ns1/ds2", "other-role", EnumSet.of(AuthAction.consume));
waitForChange();
assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds2"), "other-role"), true);
assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds2"), "other-role"), false);
assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds2"), "other-role"), true);
assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds2"), "no-access-role"), false);
assertEquals(auth.canLookup(DestinationName.get("persistent://p1/c1/ns1/ds1"), "no-access-role"), false);
admin.namespaces().grantPermissionOnNamespace("p1/c1/ns1", "my-role", EnumSet.allOf(AuthAction.class));
waitForChange();
assertEquals(auth.canProduce(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds1"), "my-role"), true);
admin.namespaces().deleteNamespace("p1/c1/ns1");
admin.properties().deleteProperty("p1");
admin.clusters().deleteCluster("c1");
}
use of com.yahoo.pulsar.common.policies.data.PropertyAdmin in project pulsar by yahoo.
the class AdminTest method properties.
@Test
void properties() throws Exception {
assertEquals(properties.getProperties(), Lists.newArrayList());
verify(properties, times(1)).validateSuperUserAccess();
Set<String> allowedClusters = Sets.newHashSet();
PropertyAdmin propertyAdmin = new PropertyAdmin(Lists.newArrayList("role1", "role2"), allowedClusters);
properties.createProperty("test-property", propertyAdmin);
verify(properties, times(2)).validateSuperUserAccess();
assertEquals(properties.getProperties(), Lists.newArrayList("test-property"));
verify(properties, times(3)).validateSuperUserAccess();
assertEquals(properties.getPropertyAdmin("test-property"), propertyAdmin);
verify(properties, times(4)).validateSuperUserAccess();
PropertyAdmin newPropertyAdmin = new PropertyAdmin(Lists.newArrayList("role1", "other-role"), allowedClusters);
properties.updateProperty("test-property", newPropertyAdmin);
verify(properties, times(5)).validateSuperUserAccess();
// Wait for updateProperty to take effect
Thread.sleep(100);
assertEquals(properties.getPropertyAdmin("test-property"), newPropertyAdmin);
assertNotSame(properties.getPropertyAdmin("test-property"), propertyAdmin);
verify(properties, times(7)).validateSuperUserAccess();
// Check creating existing property
try {
properties.createProperty("test-property", propertyAdmin);
fail("should have failed");
} catch (RestException e) {
assertEquals(e.getResponse().getStatus(), Status.CONFLICT.getStatusCode());
}
// Check non-existing property
try {
properties.getPropertyAdmin("non-existing");
fail("should have failed");
} catch (RestException e) {
assertEquals(e.getResponse().getStatus(), Status.NOT_FOUND.getStatusCode());
}
try {
properties.updateProperty("xxx-non-existing", newPropertyAdmin);
fail("should have failed");
} catch (RestException e) {
assertEquals(e.getResponse().getStatus(), Status.NOT_FOUND.getStatusCode());
}
// Check deleting non-existing property
try {
properties.deleteProperty("non-existing");
fail("should have failed");
} catch (RestException e) {
assertEquals(e.getResponse().getStatus(), Status.NOT_FOUND.getStatusCode());
}
// Test zk failures
mockZookKeeper.failNow(Code.SESSIONEXPIRED);
try {
properties.getProperties();
fail("should have failed");
} catch (RestException e) {
assertEquals(e.getResponse().getStatus(), Status.INTERNAL_SERVER_ERROR.getStatusCode());
}
mockZookKeeper.failNow(Code.SESSIONEXPIRED);
try {
properties.getPropertyAdmin("my-property");
fail("should have failed");
} catch (RestException e) {
assertEquals(e.getResponse().getStatus(), Status.INTERNAL_SERVER_ERROR.getStatusCode());
}
mockZookKeeper.failNow(Code.SESSIONEXPIRED);
try {
properties.updateProperty("my-property", newPropertyAdmin);
fail("should have failed");
} catch (RestException e) {
assertEquals(e.getResponse().getStatus(), Status.INTERNAL_SERVER_ERROR.getStatusCode());
}
mockZookKeeper.failNow(Code.SESSIONEXPIRED);
try {
properties.createProperty("test", propertyAdmin);
fail("should have failed");
} catch (RestException e) {
assertEquals(e.getResponse().getStatus(), Status.INTERNAL_SERVER_ERROR.getStatusCode());
}
mockZookKeeper.failNow(Code.SESSIONEXPIRED);
try {
properties.deleteProperty("my-property");
fail("should have failed");
} catch (RestException e) {
assertEquals(e.getResponse().getStatus(), Status.INTERNAL_SERVER_ERROR.getStatusCode());
}
properties.createProperty("error-property", propertyAdmin);
mockZookKeeper.failAfter(2, Code.SESSIONEXPIRED);
try {
properties.deleteProperty("error-property");
fail("should have failed");
} catch (RestException e) {
assertEquals(e.getResponse().getStatus(), Status.INTERNAL_SERVER_ERROR.getStatusCode());
}
properties.deleteProperty("test-property");
properties.deleteProperty("error-property");
assertEquals(properties.getProperties(), Lists.newArrayList());
// Create a namespace to test deleting a non-empty property
clusters.createCluster("use", new ClusterData());
newPropertyAdmin = new PropertyAdmin(Lists.newArrayList("role1", "other-role"), Sets.newHashSet("use"));
properties.createProperty("my-property", newPropertyAdmin);
namespaces.createNamespace("my-property", "use", "my-namespace", new BundlesData());
try {
properties.deleteProperty("my-property");
fail("should have failed");
} catch (RestException e) {
// Ok
}
// Check name validation
try {
properties.createProperty("test&", propertyAdmin);
fail("should have failed");
} catch (RestException e) {
assertEquals(e.getResponse().getStatus(), Status.PRECONDITION_FAILED.getStatusCode());
}
namespaces.deleteNamespace("my-property", "use", "my-namespace", false);
properties.deleteProperty("my-property");
}
use of com.yahoo.pulsar.common.policies.data.PropertyAdmin in project pulsar by yahoo.
the class AdminTest method persistentTopics.
@Test
void persistentTopics() throws Exception {
final String property = "prop-xyz";
final String cluster = "use";
final String namespace = "ns";
final String destination = "ds1";
Policies policies = new Policies();
doReturn(policies).when(resourceQuotas).getNamespacePolicies(property, cluster, namespace);
doReturn("client-id").when(resourceQuotas).clientAppId();
// create policies
PropertyAdmin admin = new PropertyAdmin();
admin.getAllowedClusters().add(cluster);
ZkUtils.createFullPathOptimistic(mockZookKeeper, PulsarWebResource.path("policies", property, cluster, namespace), ObjectMapperFactory.getThreadLocal().writeValueAsBytes(new Policies()), ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
List<String> list = persistentTopics.getList(property, cluster, namespace);
assertTrue(list.isEmpty());
// create destination
persistentTopics.createPartitionedTopic(property, cluster, namespace, destination, 5, false);
CountDownLatch notificationLatch = new CountDownLatch(2);
configurationCache.policiesCache().registerListener((path, data, stat) -> {
notificationLatch.countDown();
});
// grant permission
final Set<AuthAction> actions = Sets.newHashSet(AuthAction.produce);
final String role = "test-role";
persistentTopics.grantPermissionsOnDestination(property, cluster, namespace, destination, role, actions);
// verify permission
Map<String, Set<AuthAction>> permission = persistentTopics.getPermissionsOnDestination(property, cluster, namespace, destination);
assertEquals(permission.get(role), actions);
// remove permission
persistentTopics.revokePermissionsOnDestination(property, cluster, namespace, destination, role);
// Wait for cache to be updated
notificationLatch.await();
// verify removed permission
permission = persistentTopics.getPermissionsOnDestination(property, cluster, namespace, destination);
assertTrue(permission.isEmpty());
}
Aggregations