Examples with KsqlSecurityContext io.confluent.ksql.security.KsqlSecurityContext used on opensource projects

Search in sources :

Example 6 with KsqlSecurityContext

use of io.confluent.ksql.security.KsqlSecurityContext in project ksql by confluentinc.

the class DefaultKsqlSecurityContextProviderTest method shouldCreateDefaultServiceContextIfUserPrincipalIsMissing.

@Test
public void shouldCreateDefaultServiceContextIfUserPrincipalIsMissing() {
    // Given:
    when(securityExtension.getUserContextProvider()).thenReturn(Optional.of(userContextProvider));
    when(apiSecurityContext.getPrincipal()).thenReturn(Optional.empty());
    // When:
    final KsqlSecurityContext ksqlSecurityContext = ksqlSecurityContextProvider.provide(apiSecurityContext);
    // Then:
    assertThat(ksqlSecurityContext.getUserPrincipal(), is(Optional.empty()));
    assertThat(ksqlSecurityContext.getServiceContext(), is(defaultServiceContext));
}
Also used : KsqlSecurityContext(io.confluent.ksql.security.KsqlSecurityContext) Test(org.junit.Test)

Example 7 with KsqlSecurityContext

use of io.confluent.ksql.security.KsqlSecurityContext in project ksql by confluentinc.

the class DefaultKsqlSecurityContextProviderTest method shouldCreateUserServiceContextIfUserContextProviderIsEnabled.

@Test
public void shouldCreateUserServiceContextIfUserContextProviderIsEnabled() {
    // Given:
    when(securityExtension.getUserContextProvider()).thenReturn(Optional.of(userContextProvider));
    // When:
    final KsqlSecurityContext ksqlSecurityContext = ksqlSecurityContextProvider.provide(apiSecurityContext);
    // Then:
    verify(userServiceContextFactory).create(eq(ksqlConfig), eq(Optional.empty()), any(), any(), any(), any(), any(), any());
    assertThat(ksqlSecurityContext.getUserPrincipal(), is(Optional.of(user1)));
    assertThat(ksqlSecurityContext.getServiceContext(), is(userServiceContext));
}
Also used : KsqlSecurityContext(io.confluent.ksql.security.KsqlSecurityContext) Test(org.junit.Test)

Example 8 with KsqlSecurityContext

use of io.confluent.ksql.security.KsqlSecurityContext in project ksql by confluentinc.

the class StreamedQueryResourceTest method setup.

@Before
public void setup() {
    when(serviceContext.getTopicClient()).thenReturn(mockKafkaTopicClient);
    query = PreparedStatement.of(PUSH_QUERY_STRING, mock(Query.class));
    invalid = PreparedStatement.of("sql", mock(Statement.class));
    when(mockStatementParser.parseSingleStatement(PUSH_QUERY_STRING)).thenReturn(invalid);
    final PreparedStatement<Statement> pullQueryStatement = PreparedStatement.of(PULL_QUERY_STRING, mock(Query.class));
    when(mockStatementParser.parseSingleStatement(PULL_QUERY_STRING)).thenReturn(pullQueryStatement);
    when(errorsHandler.accessDeniedFromKafkaResponse(any(Exception.class))).thenReturn(AUTHORIZATION_ERROR_RESPONSE);
    when(errorsHandler.generateResponse(exception.capture(), any())).thenReturn(EndpointResponse.failed(500));
    when(queryExecutor.handleStatement(any(), any(), any(), any(), any(), any(), any(), anyBoolean())).thenReturn(queryMetadataHolder);
    when(pullQueryResult.getPullQueryQueue()).thenReturn(pullQueryQueue);
    securityContext = new KsqlSecurityContext(Optional.empty(), serviceContext);
    testResource = new StreamedQueryResource(mockKsqlEngine, ksqlRestConfig, mockStatementParser, commandQueue, DISCONNECT_CHECK_INTERVAL, COMMAND_QUEUE_CATCHUP_TIMOEUT, activenessRegistrar, Optional.of(authorizationValidator), errorsHandler, denyListPropertyValidator, queryExecutor);
    testResource.configure(VALID_CONFIG);
}
Also used : KsqlSecurityContext(io.confluent.ksql.security.KsqlSecurityContext) Query(io.confluent.ksql.parser.tree.Query) ConfiguredStatement(io.confluent.ksql.statement.ConfiguredStatement) PreparedStatement(io.confluent.ksql.parser.KsqlParser.PreparedStatement) Statement(io.confluent.ksql.parser.tree.Statement) KsqlTopicAuthorizationException(io.confluent.ksql.exception.KsqlTopicAuthorizationException) KsqlRestException(io.confluent.ksql.rest.server.resources.KsqlRestException) KsqlException(io.confluent.ksql.util.KsqlException) IOException(java.io.IOException) TimeoutException(java.util.concurrent.TimeoutException) EOFException(java.io.EOFException) Before(org.junit.Before)

Example 9 with KsqlSecurityContext

use of io.confluent.ksql.security.KsqlSecurityContext in project ksql by confluentinc.

the class DistributingExecutorTest method shouldThrowServerExceptionIfServerServiceContextIsDeniedAuthorization.

@Test
public void shouldThrowServerExceptionIfServerServiceContextIsDeniedAuthorization() {
    // Given:
    final KsqlSecurityContext userSecurityContext = new KsqlSecurityContext(Optional.empty(), SandboxedServiceContext.create(TestServiceContext.create()));
    final PreparedStatement<Statement> preparedStatement = PreparedStatement.of("", new ListProperties(Optional.empty()));
    final ConfiguredStatement<Statement> configured = ConfiguredStatement.of(preparedStatement, SessionConfig.of(KSQL_CONFIG, ImmutableMap.of()));
    doNothing().when(authorizationValidator).checkAuthorization(eq(userSecurityContext), any(), any());
    doThrow(KsqlTopicAuthorizationException.class).when(authorizationValidator).checkAuthorization(ArgumentMatchers.argThat(securityContext -> securityContext.getServiceContext() == serviceContext), any(), any());
    // When:
    final Exception e = assertThrows(KsqlServerException.class, () -> distributor.execute(configured, executionContext, userSecurityContext));
    // Then:
    assertThat(e.getCause(), (is(instanceOf(KsqlTopicAuthorizationException.class))));
}
Also used : DataSource(io.confluent.ksql.metastore.model.DataSource) Query(io.confluent.ksql.parser.tree.Query) ArgumentMatchers(org.mockito.ArgumentMatchers) Matchers.isA(org.hamcrest.Matchers.isA) ColumnName(io.confluent.ksql.name.ColumnName) SourceName(io.confluent.ksql.name.SourceName) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) StatementExecutorResponse(io.confluent.ksql.rest.server.execution.StatementExecutorResponse) ServiceContext(io.confluent.ksql.services.ServiceContext) KsqlTopicAuthorizationException(io.confluent.ksql.exception.KsqlTopicAuthorizationException) CommandId(io.confluent.ksql.rest.entity.CommandId) InjectorChain(io.confluent.ksql.statement.InjectorChain) CommonCreateConfigs(io.confluent.ksql.properties.with.CommonCreateConfigs) StringLiteral(io.confluent.ksql.execution.expression.tree.StringLiteral) KsqlErrorMessage(io.confluent.ksql.rest.entity.KsqlErrorMessage) KsqlAuthorizationValidator(io.confluent.ksql.security.KsqlAuthorizationValidator) Mockito.doThrow(org.mockito.Mockito.doThrow) Duration(java.time.Duration) Mockito.doReturn(org.mockito.Mockito.doReturn) CommandStatus(io.confluent.ksql.rest.entity.CommandStatus) ImmutableMap(com.google.common.collect.ImmutableMap) Errors(io.confluent.ksql.rest.Errors) Mockito.doNothing(org.mockito.Mockito.doNothing) ConfiguredStatement(io.confluent.ksql.statement.ConfiguredStatement) KsqlConfig(io.confluent.ksql.util.KsqlConfig) LogicalSchema(io.confluent.ksql.schema.ksql.LogicalSchema) Matchers.instanceOf(org.hamcrest.Matchers.instanceOf) KsqlRestConfig(io.confluent.ksql.rest.server.KsqlRestConfig) TestServiceContext(io.confluent.ksql.services.TestServiceContext) KsqlExecutionContext(io.confluent.ksql.KsqlExecutionContext) ProducerFencedException(org.apache.kafka.common.errors.ProducerFencedException) Matchers.equalTo(org.hamcrest.Matchers.equalTo) Status(io.confluent.ksql.rest.entity.CommandStatus.Status) KsqlRestException(io.confluent.ksql.rest.server.resources.KsqlRestException) KsqlException(io.confluent.ksql.util.KsqlException) Optional(java.util.Optional) Matchers.is(org.hamcrest.Matchers.is) Statement(io.confluent.ksql.parser.tree.Statement) WarningEntity(io.confluent.ksql.rest.entity.WarningEntity) Matchers.containsString(org.hamcrest.Matchers.containsString) MockitoJUnitRunner(org.mockito.junit.MockitoJUnitRunner) Mockito.mock(org.mockito.Mockito.mock) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) Action(io.confluent.ksql.rest.entity.CommandId.Action) Mock(org.mockito.Mock) Assert.assertThrows(org.junit.Assert.assertThrows) RunWith(org.junit.runner.RunWith) HashMap(java.util.HashMap) KsqlSecurityContext(io.confluent.ksql.security.KsqlSecurityContext) Supplier(java.util.function.Supplier) ListProperties(io.confluent.ksql.parser.tree.ListProperties) SessionConfig(io.confluent.ksql.config.SessionConfig) CreateStream(io.confluent.ksql.parser.tree.CreateStream) ImmutableList(com.google.common.collect.ImmutableList) Injector(io.confluent.ksql.statement.Injector) MetaStore(io.confluent.ksql.metastore.MetaStore) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) InsertInto(io.confluent.ksql.parser.tree.InsertInto) Before(org.junit.Before) TimeoutException(org.apache.kafka.common.errors.TimeoutException) InOrder(org.mockito.InOrder) Producer(org.apache.kafka.clients.producer.Producer) Assert.assertTrue(org.junit.Assert.assertTrue) CommandStatusEntity(io.confluent.ksql.rest.entity.CommandStatusEntity) SandboxedServiceContext(io.confluent.ksql.services.SandboxedServiceContext) Mockito.times(org.mockito.Mockito.times) Test(org.junit.Test) Mockito.when(org.mockito.Mockito.when) Mockito.verify(org.mockito.Mockito.verify) Type(io.confluent.ksql.rest.entity.CommandId.Type) AtomicLong(java.util.concurrent.atomic.AtomicLong) Mockito(org.mockito.Mockito) Mockito.never(org.mockito.Mockito.never) CreateSourceProperties(io.confluent.ksql.parser.properties.with.CreateSourceProperties) KsqlServerException(io.confluent.ksql.util.KsqlServerException) TableElements(io.confluent.ksql.parser.tree.TableElements) DefaultErrorMessages(io.confluent.ksql.rest.DefaultErrorMessages) Assert.assertEquals(org.junit.Assert.assertEquals) PreparedStatement(io.confluent.ksql.parser.KsqlParser.PreparedStatement) KsqlTopicAuthorizationException(io.confluent.ksql.exception.KsqlTopicAuthorizationException) ListProperties(io.confluent.ksql.parser.tree.ListProperties) KsqlSecurityContext(io.confluent.ksql.security.KsqlSecurityContext) ConfiguredStatement(io.confluent.ksql.statement.ConfiguredStatement) Statement(io.confluent.ksql.parser.tree.Statement) PreparedStatement(io.confluent.ksql.parser.KsqlParser.PreparedStatement) KsqlTopicAuthorizationException(io.confluent.ksql.exception.KsqlTopicAuthorizationException) ProducerFencedException(org.apache.kafka.common.errors.ProducerFencedException) KsqlRestException(io.confluent.ksql.rest.server.resources.KsqlRestException) KsqlException(io.confluent.ksql.util.KsqlException) TimeoutException(org.apache.kafka.common.errors.TimeoutException) KsqlServerException(io.confluent.ksql.util.KsqlServerException) Test(org.junit.Test)

Example 10 with KsqlSecurityContext

use of io.confluent.ksql.security.KsqlSecurityContext in project ksql by confluentinc.

the class DistributingExecutorTest method setUp.

@Before
public void setUp() throws InterruptedException {
    scnCounter = new AtomicLong();
    when(schemaInjector.inject(any())).thenAnswer(inv -> inv.getArgument(0));
    when(topicInjector.inject(any())).thenAnswer(inv -> inv.getArgument(0));
    when(queue.enqueueCommand(any(), any(), any())).thenReturn(status);
    when(status.tryWaitForFinalStatus(any())).thenReturn(SUCCESS_STATUS);
    when(status.getCommandId()).thenReturn(CS_COMMAND);
    when(status.getCommandSequenceNumber()).thenAnswer(inv -> scnCounter.incrementAndGet());
    when(executionContext.getMetaStore()).thenReturn(metaStore);
    when(executionContext.createSandbox(any())).thenReturn(sandboxContext);
    when(commandRunnerWarning.get()).thenReturn("");
    serviceContext = SandboxedServiceContext.create(TestServiceContext.create());
    when(executionContext.getServiceContext()).thenReturn(serviceContext);
    when(validatedCommandFactory.create(any(), any())).thenReturn(command);
    when(queue.createTransactionalProducer()).thenReturn(transactionalProducer);
    securityContext = new KsqlSecurityContext(Optional.empty(), serviceContext);
    distributor = new DistributingExecutor(KSQL_CONFIG, queue, DURATION_10_MS, (ec, sc) -> InjectorChain.of(schemaInjector, topicInjector), Optional.of(authorizationValidator), validatedCommandFactory, errorHandler, commandRunnerWarning);
}
Also used : DataSource(io.confluent.ksql.metastore.model.DataSource) Query(io.confluent.ksql.parser.tree.Query) ArgumentMatchers(org.mockito.ArgumentMatchers) Matchers.isA(org.hamcrest.Matchers.isA) ColumnName(io.confluent.ksql.name.ColumnName) SourceName(io.confluent.ksql.name.SourceName) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) StatementExecutorResponse(io.confluent.ksql.rest.server.execution.StatementExecutorResponse) ServiceContext(io.confluent.ksql.services.ServiceContext) KsqlTopicAuthorizationException(io.confluent.ksql.exception.KsqlTopicAuthorizationException) CommandId(io.confluent.ksql.rest.entity.CommandId) InjectorChain(io.confluent.ksql.statement.InjectorChain) CommonCreateConfigs(io.confluent.ksql.properties.with.CommonCreateConfigs) StringLiteral(io.confluent.ksql.execution.expression.tree.StringLiteral) KsqlErrorMessage(io.confluent.ksql.rest.entity.KsqlErrorMessage) KsqlAuthorizationValidator(io.confluent.ksql.security.KsqlAuthorizationValidator) Mockito.doThrow(org.mockito.Mockito.doThrow) Duration(java.time.Duration) Mockito.doReturn(org.mockito.Mockito.doReturn) CommandStatus(io.confluent.ksql.rest.entity.CommandStatus) ImmutableMap(com.google.common.collect.ImmutableMap) Errors(io.confluent.ksql.rest.Errors) Mockito.doNothing(org.mockito.Mockito.doNothing) ConfiguredStatement(io.confluent.ksql.statement.ConfiguredStatement) KsqlConfig(io.confluent.ksql.util.KsqlConfig) LogicalSchema(io.confluent.ksql.schema.ksql.LogicalSchema) Matchers.instanceOf(org.hamcrest.Matchers.instanceOf) KsqlRestConfig(io.confluent.ksql.rest.server.KsqlRestConfig) TestServiceContext(io.confluent.ksql.services.TestServiceContext) KsqlExecutionContext(io.confluent.ksql.KsqlExecutionContext) ProducerFencedException(org.apache.kafka.common.errors.ProducerFencedException) Matchers.equalTo(org.hamcrest.Matchers.equalTo) Status(io.confluent.ksql.rest.entity.CommandStatus.Status) KsqlRestException(io.confluent.ksql.rest.server.resources.KsqlRestException) KsqlException(io.confluent.ksql.util.KsqlException) Optional(java.util.Optional) Matchers.is(org.hamcrest.Matchers.is) Statement(io.confluent.ksql.parser.tree.Statement) WarningEntity(io.confluent.ksql.rest.entity.WarningEntity) Matchers.containsString(org.hamcrest.Matchers.containsString) MockitoJUnitRunner(org.mockito.junit.MockitoJUnitRunner) Mockito.mock(org.mockito.Mockito.mock) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) Action(io.confluent.ksql.rest.entity.CommandId.Action) Mock(org.mockito.Mock) Assert.assertThrows(org.junit.Assert.assertThrows) RunWith(org.junit.runner.RunWith) HashMap(java.util.HashMap) KsqlSecurityContext(io.confluent.ksql.security.KsqlSecurityContext) Supplier(java.util.function.Supplier) ListProperties(io.confluent.ksql.parser.tree.ListProperties) SessionConfig(io.confluent.ksql.config.SessionConfig) CreateStream(io.confluent.ksql.parser.tree.CreateStream) ImmutableList(com.google.common.collect.ImmutableList) Injector(io.confluent.ksql.statement.Injector) MetaStore(io.confluent.ksql.metastore.MetaStore) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) InsertInto(io.confluent.ksql.parser.tree.InsertInto) Before(org.junit.Before) TimeoutException(org.apache.kafka.common.errors.TimeoutException) InOrder(org.mockito.InOrder) Producer(org.apache.kafka.clients.producer.Producer) Assert.assertTrue(org.junit.Assert.assertTrue) CommandStatusEntity(io.confluent.ksql.rest.entity.CommandStatusEntity) SandboxedServiceContext(io.confluent.ksql.services.SandboxedServiceContext) Mockito.times(org.mockito.Mockito.times) Test(org.junit.Test) Mockito.when(org.mockito.Mockito.when) Mockito.verify(org.mockito.Mockito.verify) Type(io.confluent.ksql.rest.entity.CommandId.Type) AtomicLong(java.util.concurrent.atomic.AtomicLong) Mockito(org.mockito.Mockito) Mockito.never(org.mockito.Mockito.never) CreateSourceProperties(io.confluent.ksql.parser.properties.with.CreateSourceProperties) KsqlServerException(io.confluent.ksql.util.KsqlServerException) TableElements(io.confluent.ksql.parser.tree.TableElements) DefaultErrorMessages(io.confluent.ksql.rest.DefaultErrorMessages) Assert.assertEquals(org.junit.Assert.assertEquals) PreparedStatement(io.confluent.ksql.parser.KsqlParser.PreparedStatement) AtomicLong(java.util.concurrent.atomic.AtomicLong) KsqlSecurityContext(io.confluent.ksql.security.KsqlSecurityContext) Before(org.junit.Before)

Aggregations

KsqlSecurityContext (io.confluent.ksql.security.KsqlSecurityContext)16 Statement (io.confluent.ksql.parser.tree.Statement)7 ConfiguredStatement (io.confluent.ksql.statement.ConfiguredStatement)7 KsqlException (io.confluent.ksql.util.KsqlException)7 Test (org.junit.Test)7 PreparedStatement (io.confluent.ksql.parser.KsqlParser.PreparedStatement)6 Before (org.junit.Before)6 SessionConfig (io.confluent.ksql.config.SessionConfig)4 KsqlTopicAuthorizationException (io.confluent.ksql.exception.KsqlTopicAuthorizationException)4 KsqlRestException (io.confluent.ksql.rest.server.resources.KsqlRestException)4 SandboxedServiceContext (io.confluent.ksql.services.SandboxedServiceContext)4 ServiceContext (io.confluent.ksql.services.ServiceContext)4 TestServiceContext (io.confluent.ksql.services.TestServiceContext)4 KsqlConfig (io.confluent.ksql.util.KsqlConfig)4 Optional (java.util.Optional)4 ImmutableList (com.google.common.collect.ImmutableList)3 ImmutableMap (com.google.common.collect.ImmutableMap)3 KsqlExecutionContext (io.confluent.ksql.KsqlExecutionContext)3 StringLiteral (io.confluent.ksql.execution.expression.tree.StringLiteral)3 DataSource (io.confluent.ksql.metastore.model.DataSource)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial