Example 11 with DefaultCredentials
use of io.pravega.shared.security.auth.DefaultCredentials in project pravega by pravega.
the class ReadWithReadPermissionsTest method writeThenReadDataBack.
@SneakyThrows
private void writeThenReadDataBack(Map<String, String> passwordInputFileEntries, boolean writeToInternalStreamsWithReadPermission) {
final String scopeName = "MarketData";
final String streamName = "StockPriceUpdates";
final String readerGroupName = "PriceChangeCalculator";
final String message = "SCRIP:DELL,EXCHANGE:NYSE,PRICE=100";
final String pwd = "secret-password";
// Setup the cluster and create the objects
@Cleanup final ClusterWrapper cluster = ClusterWrapper.builder().authEnabled(true).tokenSigningKeyBasis("secret").tokenTtlInSeconds(600).rgWritesWithReadPermEnabled(writeToInternalStreamsWithReadPermission).passwordAuthHandlerEntries(TestUtils.preparePasswordInputFileEntries(passwordInputFileEntries, pwd)).build();
cluster.start();
final ClientConfig writerClientConfig = ClientConfig.builder().controllerURI(URI.create(cluster.controllerUri())).credentials(new DefaultCredentials(pwd, "creator")).build();
TestUtils.createScopeAndStreams(writerClientConfig, scopeName, Arrays.asList(streamName));
TestUtils.writeDataToStream(scopeName, streamName, message, writerClientConfig);
// Now, read data back using the reader account.
ClientConfig readerClientConfig = ClientConfig.builder().controllerURI(URI.create(cluster.controllerUri())).credentials(new DefaultCredentials(pwd, "reader")).build();
String readMessage = TestUtils.readNextEventMessage(scopeName, streamName, readerClientConfig, readerGroupName);
log.info("Done reading event [{}]", readMessage);
assertEquals(message, readMessage);
}
Also used :
DefaultCredentials(io.pravega.shared.security.auth.DefaultCredentials)
ClusterWrapper(io.pravega.test.integration.demo.ClusterWrapper)
ClientConfig(io.pravega.client.ClientConfig)
Cleanup(lombok.Cleanup)
SneakyThrows(lombok.SneakyThrows)
Example 12 with DefaultCredentials
use of io.pravega.shared.security.auth.DefaultCredentials in project pravega by pravega.
the class ClusterWrapperTest method writeAndReadBackAMessageWithTlsAndAuthOn.
@Test
public void writeAndReadBackAMessageWithTlsAndAuthOn() {
String scopeName = "testScope";
String streamName = "testStream";
String readerGroupName = "testReaderGroup";
String testMessage = "test message";
String password = "secret-password";
final Map<String, String> passwordInputFileEntries = new HashMap<>();
passwordInputFileEntries.put("writer", "prn::*,READ_UPDATE");
passwordInputFileEntries.put("reader", String.join(";", "prn::/scope:testScope,READ", "prn::/scope:testScope/stream:testStream,READ", "prn::/scope:testScope/reader-group:testReaderGroup,READ"));
// Instantiate and run the cluster
@Cleanup ClusterWrapper cluster = ClusterWrapper.builder().authEnabled(true).passwordAuthHandlerEntries(TestUtils.preparePasswordInputFileEntries(passwordInputFileEntries, password)).tlsEnabled(true).tlsProtocolVersion(SecurityConfigDefaults.TLS_PROTOCOL_VERSION).tlsServerCertificatePath(TestUtils.pathToConfig() + SecurityConfigDefaults.TLS_SERVER_CERT_FILE_NAME).tlsServerKeyPath(TestUtils.pathToConfig() + SecurityConfigDefaults.TLS_SERVER_PRIVATE_KEY_FILE_NAME).tlsHostVerificationEnabled(false).build();
cluster.start();
// Write an event to the stream
final ClientConfig writerClientConfig = ClientConfig.builder().controllerURI(URI.create(cluster.controllerUri())).trustStore(TestUtils.pathToConfig() + SecurityConfigDefaults.TLS_SERVER_CERT_FILE_NAME).validateHostName(false).credentials(new DefaultCredentials(password, "writer")).build();
TestUtils.createScopeAndStreams(writerClientConfig, scopeName, Arrays.asList(streamName));
TestUtils.writeDataToStream(scopeName, streamName, testMessage, writerClientConfig);
// Read back the event from the stream and verify it is the same as what was written
final ClientConfig readerClientConfig = ClientConfig.builder().controllerURI(URI.create(cluster.controllerUri())).trustStore(TestUtils.pathToConfig() + SecurityConfigDefaults.TLS_SERVER_CERT_FILE_NAME).validateHostName(false).credentials(new DefaultCredentials(password, "reader")).build();
String readMessage = TestUtils.readNextEventMessage(scopeName, streamName, readerClientConfig, readerGroupName);
assertEquals(testMessage, readMessage);
}
Also used :
DefaultCredentials(io.pravega.shared.security.auth.DefaultCredentials)
HashMap(java.util.HashMap)
ClusterWrapper(io.pravega.test.integration.demo.ClusterWrapper)
ClientConfig(io.pravega.client.ClientConfig)
Cleanup(lombok.Cleanup)
Test(org.junit.Test)
Example 13 with DefaultCredentials
use of io.pravega.shared.security.auth.DefaultCredentials in project pravega by pravega.
the class BatchClientAuthTest method testListAndReadSegmentsWithInvalidClientCredentials.
@Test(timeout = 250000)
public void testListAndReadSegmentsWithInvalidClientCredentials() {
ClientConfig config = ClientConfig.builder().controllerURI(URI.create(this.controllerUri())).credentials(new DefaultCredentials("wrong-password", "admin")).build();
AssertExtensions.assertThrows("Auth exception did not occur.", () -> this.listAndReadSegmentsUsingBatchClient("testScope", "testBatchStream", config), e -> hasAuthenticationExceptionAsRootCause(e));
}
Also used :
DefaultCredentials(io.pravega.shared.security.auth.DefaultCredentials)
ClientConfig(io.pravega.client.ClientConfig)
Test(org.junit.Test)
Example 14 with DefaultCredentials
use of io.pravega.shared.security.auth.DefaultCredentials in project pravega by pravega.
the class DelegationTokenTest method testDelegationTokenGetsRenewedAfterExpiry.
/**
* This test verifies that a event stream reader continues to read events as a result of automatic delegation token
* renewal, after the initial delegation token it uses expires.
*
* We use an extraordinarily high test timeout and read timeouts to account for any inordinate delays that may be
* encountered in testing environments.
*/
@Test(timeout = 50000)
public void testDelegationTokenGetsRenewedAfterExpiry() throws InterruptedException {
// Delegation token renewal threshold is 5 seconds, so we are using 6 seconds as Token TTL so that token doesn't
// get renewed before each use.
ClusterWrapper pravegaCluster = ClusterWrapper.builder().authEnabled(true).tokenTtlInSeconds(6).build();
try {
pravegaCluster.start();
final String scope = "testscope";
final String streamName = "teststream";
final int numSegments = 1;
final ClientConfig clientConfig = ClientConfig.builder().controllerURI(URI.create(pravegaCluster.controllerUri())).credentials(new DefaultCredentials("1111_aaaa", "admin")).build();
log.debug("Done creating client config.");
createScopeStream(scope, streamName, numSegments, clientConfig);
@Cleanup final EventStreamClientFactory clientFactory = EventStreamClientFactory.withScope(scope, clientConfig);
// Perform writes on a separate thread.
Runnable runnable = () -> {
@Cleanup EventStreamWriter<String> writer = clientFactory.createEventWriter(streamName, new JavaSerializer<String>(), EventWriterConfig.builder().build());
for (int i = 0; i < 10; i++) {
String msg = "message: " + i;
writer.writeEvent(msg).join();
log.debug("Done writing message '{}' to stream '{} / {}'", msg, scope, streamName);
}
};
@Cleanup("interrupt") Thread writerThread = new Thread(runnable);
writerThread.start();
// Now, read the events from the stream.
String readerGroup = UUID.randomUUID().toString().replace("-", "");
ReaderGroupConfig readerGroupConfig = ReaderGroupConfig.builder().stream(Stream.of(scope, streamName)).disableAutomaticCheckpoints().build();
@Cleanup ReaderGroupManager readerGroupManager = ReaderGroupManager.withScope(scope, clientConfig);
readerGroupManager.createReaderGroup(readerGroup, readerGroupConfig);
@Cleanup EventStreamReader<String> reader = clientFactory.createReader("readerId", readerGroup, new JavaSerializer<String>(), ReaderConfig.builder().build());
int j = 0;
EventRead<String> event = null;
do {
event = reader.readNextEvent(2000);
if (event.getEvent() != null) {
log.info("Done reading event: {}", event.getEvent());
j++;
}
// We are keeping sleep time relatively large, just to make sure that the delegation token expires
// midway.
Thread.sleep(500);
} while (event.getEvent() != null);
// Assert that we end up reading 10 events even though delegation token must have expired midway.
//
// To look for evidence of delegation token renewal check the logs for the following message:
// - "Token is nearing expiry, so refreshing it"
assertSame(10, j);
} finally {
pravegaCluster.close();
}
}
Also used :
ReaderGroupConfig(io.pravega.client.stream.ReaderGroupConfig)
ReaderGroupManager(io.pravega.client.admin.ReaderGroupManager)
ClusterWrapper(io.pravega.test.integration.demo.ClusterWrapper)
EventStreamClientFactory(io.pravega.client.EventStreamClientFactory)
Cleanup(lombok.Cleanup)
JavaSerializer(io.pravega.client.stream.impl.JavaSerializer)
DefaultCredentials(io.pravega.shared.security.auth.DefaultCredentials)
EventStreamWriter(io.pravega.client.stream.EventStreamWriter)
ClientConfig(io.pravega.client.ClientConfig)
Test(org.junit.Test)
Example 15 with DefaultCredentials
use of io.pravega.shared.security.auth.DefaultCredentials in project pravega by pravega.
the class DelegationTokenTest method testBatchClientDelegationTokenRenewal.
/**
* This test verifies that a batch client continues to read events as a result of automatic delegation token
* renewal, after the initial delegation token it uses expires.
* <p>
* We use an extraordinarily high test timeout and read timeouts to account for any inordinate delays that may be
* encountered in testing environments.
*/
@Test(timeout = 50000)
public void testBatchClientDelegationTokenRenewal() throws InterruptedException {
// Delegation token renewal threshold is 5 seconds, so we are using 6 seconds as Token TTL so that token doesn't
// get renewed before each use.
@Cleanup ClusterWrapper pravegaCluster = ClusterWrapper.builder().authEnabled(true).tokenTtlInSeconds(6).build();
pravegaCluster.start();
final String scope = "testscope";
final String streamName = "teststream";
final ClientConfig clientConfig = ClientConfig.builder().controllerURI(URI.create(pravegaCluster.controllerUri())).credentials(new DefaultCredentials("1111_aaaa", "admin")).build();
log.debug("Done creating client config.");
// Create Scope and Stream.
createScopeStream(scope, streamName, 1, clientConfig);
// write ten Events.
writeTenEvents(scope, streamName, clientConfig);
// Now, read the events from the stream using Batch client.
@Cleanup BatchClientFactory batchClientFactory = BatchClientFactory.withScope(scope, clientConfig);
List<SegmentRange> segmentRanges = Lists.newArrayList(batchClientFactory.getSegments(Stream.of(scope, streamName), StreamCut.UNBOUNDED, StreamCut.UNBOUNDED).getIterator());
assertEquals("The number of segments in the stream is 1", 1, segmentRanges.size());
SegmentIterator<String> segmentIterator = batchClientFactory.readSegment(segmentRanges.get(0), new JavaSerializer<>());
int eventReadCount = 0;
while (segmentIterator.hasNext()) {
// We are keeping sleep time relatively large, just to make sure that the delegation token expires
// midway.
Thread.sleep(500);
String event = segmentIterator.next();
log.debug("Done reading event {}", event);
eventReadCount++;
}
// Assert that we end up reading 10 events even though delegation token must have expired midway.
//
// To look for evidence of delegation token renewal check the logs for the following message:
// - "Token is nearing expiry, so refreshing it"
assertEquals(10, eventReadCount);
}
Also used :
DefaultCredentials(io.pravega.shared.security.auth.DefaultCredentials)
SegmentRange(io.pravega.client.batch.SegmentRange)
ClusterWrapper(io.pravega.test.integration.demo.ClusterWrapper)
BatchClientFactory(io.pravega.client.BatchClientFactory)
ClientConfig(io.pravega.client.ClientConfig)
Cleanup(lombok.Cleanup)
Test(org.junit.Test)
Aggregations
DefaultCredentials (io.pravega.shared.security.auth.DefaultCredentials)27
ClientConfig (io.pravega.client.ClientConfig)17
Test (org.junit.Test)14
Cleanup (lombok.Cleanup)12
ClusterWrapper (io.pravega.test.integration.demo.ClusterWrapper)9
HashMap (java.util.HashMap)5
EventStreamClientFactory (io.pravega.client.EventStreamClientFactory)4
StreamManager (io.pravega.client.admin.StreamManager)4
ReaderGroupConfig (io.pravega.client.stream.ReaderGroupConfig)4
Stream (io.pravega.client.stream.Stream)4
StreamConfiguration (io.pravega.client.stream.StreamConfiguration)4
Credentials (io.pravega.shared.security.auth.Credentials)4
MoreCallCredentials (io.grpc.auth.MoreCallCredentials)3
NettyChannelBuilder (io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder)3
AdminCommandState (io.pravega.cli.admin.AdminCommandState)3
ReaderGroupManager (io.pravega.client.admin.ReaderGroupManager)3
PravegaCredentialsWrapper (io.pravega.client.control.impl.PravegaCredentialsWrapper)3
URI (java.net.URI)3
Properties (java.util.Properties)3
ImmutableMap (com.google.common.collect.ImmutableMap)2
