use of io.pravega.segmentstore.server.host.stat.AutoScalerConfig in project pravega by pravega.
the class TokenVerifierImplTest method testTokenVerifier.
@Test
public void testTokenVerifier() {
AutoScalerConfig config = AutoScalerConfig.builder().with(AutoScalerConfig.AUTH_ENABLED, false).with(AutoScalerConfig.TOKEN_SIGNING_KEY, "secret").build();
DelegationTokenVerifier tokenVerifier = new TokenVerifierImpl(config);
// Auth disabled. No token is checked.
tokenVerifier.verifyToken("xyz", null, READ);
// Auth enabled, error on null token
config = AutoScalerConfig.builder().with(AutoScalerConfig.AUTH_ENABLED, true).with(AutoScalerConfig.TOKEN_SIGNING_KEY, "secret").build();
tokenVerifier = new TokenVerifierImpl(config);
DelegationTokenVerifier finalTokenVerifier = tokenVerifier;
assertThrows(IllegalArgumentException.class, () -> {
finalTokenVerifier.verifyToken("xyz", null, READ);
});
Map<String, Object> claims = new HashMap();
claims.put("*", String.valueOf(READ_UPDATE));
String token = Jwts.builder().setSubject("segmentstoreresource").setAudience("segmentstore").setClaims(claims).signWith(SignatureAlgorithm.HS512, "secret".getBytes()).compact();
assertTrue("Wildcard check should pass", finalTokenVerifier.verifyToken("xyz", token, READ));
// Level mismatch test
claims = new HashMap<>();
claims.put("xyz", String.valueOf(READ));
token = Jwts.builder().setSubject("segmentstoreresource").setAudience("segmentstore").setClaims(claims).signWith(SignatureAlgorithm.HS512, "secret".getBytes()).compact();
assertFalse("Level check should fail", finalTokenVerifier.verifyToken("xyz", token, READ_UPDATE));
claims = new HashMap<>();
claims.put("xyz", String.valueOf(READ_UPDATE));
token = Jwts.builder().setSubject("segmentstoreresource").setAudience("segmentstore").setClaims(claims).signWith(SignatureAlgorithm.HS512, "secret".getBytes()).setExpiration(new Date()).compact();
assertFalse("Level check should fail", finalTokenVerifier.verifyToken("xyz", token, READ_UPDATE));
}
use of io.pravega.segmentstore.server.host.stat.AutoScalerConfig in project pravega by pravega.
the class ServiceStarter method start.
// endregion
// region Service Operation
public void start() throws Exception {
Exceptions.checkNotClosed(this.closed, this);
healthServiceManager = new HealthServiceManager(serviceConfig.getHealthCheckInterval());
healthServiceManager.start();
log.info("Initializing HealthService ...");
MetricsConfig metricsConfig = builderConfig.getConfig(MetricsConfig::builder);
if (metricsConfig.isEnableStatistics()) {
log.info("Initializing metrics provider ...");
MetricsProvider.initialize(metricsConfig);
statsProvider = MetricsProvider.getMetricsProvider();
statsProvider.start();
}
log.info("Initializing ZooKeeper Client ...");
this.zkClient = createZKClient();
log.info("Initializing Service Builder ...");
this.serviceBuilder.initialize();
log.info("Creating StreamSegmentService ...");
StreamSegmentStore service = this.serviceBuilder.createStreamSegmentService();
log.info("Creating TableStoreService ...");
TableStore tableStoreService = this.serviceBuilder.createTableStoreService();
log.info("Creating Segment Stats recorder ...");
autoScaleMonitor = new AutoScaleMonitor(service, builderConfig.getConfig(AutoScalerConfig::builder));
AutoScalerConfig autoScalerConfig = builderConfig.getConfig(AutoScalerConfig::builder);
TokenVerifierImpl tokenVerifier = null;
if (autoScalerConfig.isAuthEnabled()) {
tokenVerifier = new TokenVerifierImpl(autoScalerConfig.getTokenSigningKey());
}
// Log the configuration
log.info(serviceConfig.toString());
log.info(autoScalerConfig.toString());
this.listener = new PravegaConnectionListener(this.serviceConfig.isEnableTls(), this.serviceConfig.isEnableTlsReload(), this.serviceConfig.getListeningIPAddress(), this.serviceConfig.getListeningPort(), service, tableStoreService, autoScaleMonitor.getStatsRecorder(), autoScaleMonitor.getTableSegmentStatsRecorder(), tokenVerifier, this.serviceConfig.getCertFile(), this.serviceConfig.getKeyFile(), this.serviceConfig.isReplyWithStackTraceOnError(), serviceBuilder.getLowPriorityExecutor(), this.serviceConfig.getTlsProtocolVersion(), healthServiceManager);
this.listener.startListening();
log.info("PravegaConnectionListener started successfully.");
if (serviceConfig.isEnableAdminGateway()) {
this.adminListener = new AdminConnectionListener(this.serviceConfig.isEnableTls(), this.serviceConfig.isEnableTlsReload(), this.serviceConfig.getListeningIPAddress(), this.serviceConfig.getAdminGatewayPort(), service, tableStoreService, tokenVerifier, this.serviceConfig.getCertFile(), this.serviceConfig.getKeyFile(), this.serviceConfig.getTlsProtocolVersion(), healthServiceManager);
this.adminListener.startListening();
log.info("AdminConnectionListener started successfully.");
}
log.info("StreamSegmentService started.");
healthServiceManager.register(new ZKHealthContributor(zkClient));
healthServiceManager.register(new CacheManagerHealthContributor(serviceBuilder.getCacheManager()));
healthServiceManager.register(new SegmentContainerRegistryHealthContributor(serviceBuilder.getSegmentContainerRegistry()));
if (this.serviceConfig.isRestServerEnabled()) {
log.info("Initializing RESTServer ...");
List<Object> resources = new ArrayList<>();
resources.add(new HealthImpl(new AuthHandlerManager(serviceConfig.getRestServerConfig()), healthServiceManager.getEndpoint()));
MetricsProvider.getMetricsProvider().prometheusResource().ifPresent(resources::add);
restServer = new RESTServer(serviceConfig.getRestServerConfig(), Set.copyOf(resources));
restServer.startAsync();
restServer.awaitRunning();
}
}
Aggregations