Search in sources :

Example 6 with JsonWebToken

use of io.pravega.shared.security.token.JsonWebToken in project pravega by pravega.

the class AppendProcessor method setupAppend.

/**
 * Setup an append so that subsequent append calls can occur.
 * This requires validating that the segment exists.
 * The reply: AppendSetup indicates that appends may proceed and contains the eventNumber which they should proceed
 * from (in the event that this is a reconnect from a producer we have seen before)
 */
@Override
public void setupAppend(SetupAppend setupAppend) {
    String newSegment = setupAppend.getSegment();
    UUID writer = setupAppend.getWriterId();
    log.info("Setting up appends for writer: {} on segment: {}", writer, newSegment);
    if (this.tokenVerifier != null) {
        try {
            JsonWebToken token = tokenVerifier.verifyToken(newSegment, setupAppend.getDelegationToken(), AuthHandler.Permissions.READ_UPDATE);
            setupTokenExpiryTask(setupAppend, token);
        } catch (TokenException e) {
            handleException(setupAppend.getWriterId(), setupAppend.getRequestId(), newSegment, "Update Segment Attribute", e);
            return;
        }
    }
    // Get the last Event Number for this writer from the Store. This operation (cache=true) will automatically put
    // the value in the Store's cache so it's faster to access later.
    AttributeId writerAttributeId = AttributeId.fromUUID(writer);
    Futures.exceptionallyComposeExpecting(store.getAttributes(newSegment, Collections.singleton(writerAttributeId), true, TIMEOUT), e -> e instanceof StreamSegmentSealedException, () -> store.getAttributes(newSegment, Collections.singleton(writerAttributeId), false, TIMEOUT)).whenComplete((attributes, u) -> {
        try {
            if (u != null) {
                handleException(writer, setupAppend.getRequestId(), newSegment, "setting up append", u);
            } else {
                // Last event number stored according to Segment store.
                long eventNumber = attributes.getOrDefault(writerAttributeId, Attributes.NULL_ATTRIBUTE_VALUE);
                // Create a new WriterState object based on the attribute value for the last event number for the writer.
                // It should be noted that only one connection for a given segment writer is created by the client.
                // The event number sent by the AppendSetup command is an implicit ack, the writer acks all events
                // below the specified event number.
                WriterState current = this.writerStates.put(Pair.of(newSegment, writer), new WriterState(eventNumber));
                if (current != null) {
                    log.info("SetupAppend invoked again for writer {}. Last event number from store is {}. Prev writer state {}", writer, eventNumber, current);
                }
                connection.send(new AppendSetup(setupAppend.getRequestId(), newSegment, writer, eventNumber));
            }
        } catch (Throwable e) {
            handleException(writer, setupAppend.getRequestId(), newSegment, "handling setupAppend result", e);
        }
    });
}
Also used : Arrays(java.util.Arrays) StreamSegmentNotExistsException(io.pravega.segmentstore.contracts.StreamSegmentNotExistsException) TokenExpiredException(io.pravega.auth.TokenExpiredException) AuthHandler(io.pravega.auth.AuthHandler) LoggerFactory(org.slf4j.LoggerFactory) CREATION_TIME(io.pravega.segmentstore.contracts.Attributes.CREATION_TIME) AttributeUpdate(io.pravega.segmentstore.contracts.AttributeUpdate) StreamSegmentSealedException(io.pravega.segmentstore.contracts.StreamSegmentSealedException) TagLogger(io.pravega.common.tracing.TagLogger) Pair(org.apache.commons.lang3.tuple.Pair) Duration(java.time.Duration) SegmentStatsRecorder(io.pravega.segmentstore.server.host.stat.SegmentStatsRecorder) SegmentCreated(io.pravega.shared.protocol.netty.WireCommands.SegmentCreated) StreamSegmentStore(io.pravega.segmentstore.contracts.StreamSegmentStore) Attributes(io.pravega.segmentstore.contracts.Attributes) CancellationException(java.util.concurrent.CancellationException) NonNull(lombok.NonNull) AppendSetup(io.pravega.shared.protocol.netty.WireCommands.AppendSetup) Collection(java.util.Collection) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) ContainerNotFoundException(io.pravega.segmentstore.contracts.ContainerNotFoundException) UUID(java.util.UUID) StreamSegmentExistsException(io.pravega.segmentstore.contracts.StreamSegmentExistsException) Builder(lombok.Builder) BadOffsetException(io.pravega.segmentstore.contracts.BadOffsetException) DelegationTokenVerifier(io.pravega.segmentstore.server.host.delegationtoken.DelegationTokenVerifier) ATTRIBUTE_SEGMENT_TYPE(io.pravega.segmentstore.contracts.Attributes.ATTRIBUTE_SEGMENT_TYPE) DataAppended(io.pravega.shared.protocol.netty.WireCommands.DataAppended) SegmentIsSealed(io.pravega.shared.protocol.netty.WireCommands.SegmentIsSealed) Futures(io.pravega.common.concurrent.Futures) Getter(lombok.Getter) IllegalContainerStateException(io.pravega.segmentstore.server.IllegalContainerStateException) NoSuchSegment(io.pravega.shared.protocol.netty.WireCommands.NoSuchSegment) Exceptions(io.pravega.common.Exceptions) ConditionalCheckFailed(io.pravega.shared.protocol.netty.WireCommands.ConditionalCheckFailed) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) CompletableFuture(java.util.concurrent.CompletableFuture) BadAttributeUpdateException(io.pravega.segmentstore.contracts.BadAttributeUpdateException) Append(io.pravega.shared.protocol.netty.Append) DelegatingRequestProcessor(io.pravega.shared.protocol.netty.DelegatingRequestProcessor) CreateTransientSegment(io.pravega.shared.protocol.netty.WireCommands.CreateTransientSegment) JsonWebToken(io.pravega.shared.security.token.JsonWebToken) HashSet(java.util.HashSet) SetupAppend(io.pravega.shared.protocol.netty.WireCommands.SetupAppend) SegmentType(io.pravega.segmentstore.contracts.SegmentType) FailingRequestProcessor(io.pravega.shared.protocol.netty.FailingRequestProcessor) TokenException(io.pravega.auth.TokenException) ScheduledExecutorService(java.util.concurrent.ScheduledExecutorService) Hello(io.pravega.shared.protocol.netty.WireCommands.Hello) SegmentAlreadyExists(io.pravega.shared.protocol.netty.WireCommands.SegmentAlreadyExists) ByteBufWrapper(io.pravega.shared.protocol.netty.ByteBufWrapper) LoggerHelpers(io.pravega.common.LoggerHelpers) NameUtils(io.pravega.shared.NameUtils) EVENT_COUNT(io.pravega.segmentstore.contracts.Attributes.EVENT_COUNT) AttributeId(io.pravega.segmentstore.contracts.AttributeId) Throwables(com.google.common.base.Throwables) WireCommands(io.pravega.shared.protocol.netty.WireCommands) Timer(io.pravega.common.Timer) WrongHost(io.pravega.shared.protocol.netty.WireCommands.WrongHost) InvalidEventNumber(io.pravega.shared.protocol.netty.WireCommands.InvalidEventNumber) AttributeUpdateCollection(io.pravega.segmentstore.contracts.AttributeUpdateCollection) RequestProcessor(io.pravega.shared.protocol.netty.RequestProcessor) OperationUnsupported(io.pravega.shared.protocol.netty.WireCommands.OperationUnsupported) Preconditions(com.google.common.base.Preconditions) VisibleForTesting(com.google.common.annotations.VisibleForTesting) AttributeUpdateType(io.pravega.segmentstore.contracts.AttributeUpdateType) Collections(java.util.Collections) StreamSegmentSealedException(io.pravega.segmentstore.contracts.StreamSegmentSealedException) AttributeId(io.pravega.segmentstore.contracts.AttributeId) TokenException(io.pravega.auth.TokenException) UUID(java.util.UUID) JsonWebToken(io.pravega.shared.security.token.JsonWebToken) AppendSetup(io.pravega.shared.protocol.netty.WireCommands.AppendSetup)

Example 7 with JsonWebToken

use of io.pravega.shared.security.token.JsonWebToken in project pravega by pravega.

the class GrpcAuthHelper method retrieveMasterToken.

/**
 * Retrieves a master token for internal controller to segment store communication.
 *
 * @param tokenSigningKey Signing key for the JWT token.
 * @return A new master token which has highest privileges.
 */
public static String retrieveMasterToken(String tokenSigningKey) {
    Map<String, Object> customClaims = new HashMap<>();
    customClaims.put("*", String.valueOf(READ_UPDATE));
    return new JsonWebToken("segmentstoreresource", "segmentstore", tokenSigningKey.getBytes(), customClaims, null).toCompactString();
}
Also used : HashMap(java.util.HashMap) JsonWebToken(io.pravega.shared.security.token.JsonWebToken)

Example 8 with JsonWebToken

use of io.pravega.shared.security.token.JsonWebToken in project pravega by pravega.

the class AppendProcessorTest method testSetupTokenExpiryTaskClosesConnectionIfTokenHasExpired.

@Test
public void testSetupTokenExpiryTaskClosesConnectionIfTokenHasExpired() {
    // Arrange
    String streamSegmentName = "scope/stream/0.#epoch.0";
    UUID clientId = UUID.randomUUID();
    StreamSegmentStore mockStore = mock(StreamSegmentStore.class);
    ServerConnection mockConnection = mock(ServerConnection.class);
    @Cleanup("shutdown") ScheduledExecutorService executor = new InlineExecutor();
    @Cleanup AppendProcessor processor = AppendProcessor.defaultBuilder().store(mockStore).connection(new TrackedConnection(mockConnection)).tokenExpiryHandlerExecutor(executor).build();
    // Spy the actual Append Processor, so that we can have some of the methods return stubbed values.
    AppendProcessor mockProcessor = spy(processor);
    doReturn(true).when(mockProcessor).isSetupAppendCompleted(streamSegmentName, clientId);
    JsonWebToken token = new JsonWebToken("subject", "audience", "secret".getBytes(), Date.from(Instant.now().minusSeconds(5)), null);
    SetupAppend setupAppend = new SetupAppend(1, clientId, streamSegmentName, token.toCompactString());
    // Act
    mockProcessor.setupTokenExpiryTask(setupAppend, token).join();
    // Assert
    verify(mockConnection).close();
}
Also used : StreamSegmentStore(io.pravega.segmentstore.contracts.StreamSegmentStore) ScheduledExecutorService(java.util.concurrent.ScheduledExecutorService) InlineExecutor(io.pravega.test.common.InlineExecutor) SetupAppend(io.pravega.shared.protocol.netty.WireCommands.SetupAppend) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) UUID(java.util.UUID) Cleanup(lombok.Cleanup) JsonWebToken(io.pravega.shared.security.token.JsonWebToken) Test(org.junit.Test)

Example 9 with JsonWebToken

use of io.pravega.shared.security.token.JsonWebToken in project pravega by pravega.

the class AppendProcessorTest method testSetupTokenExpiryWhenConnectionSendThrowsException.

@Test
public void testSetupTokenExpiryWhenConnectionSendThrowsException() {
    // Arrange
    String streamSegmentName = "scope/stream/0.#epoch.0";
    UUID clientId = UUID.randomUUID();
    StreamSegmentStore mockStore = mock(StreamSegmentStore.class);
    ServerConnection mockConnection = mock(ServerConnection.class);
    @Cleanup("shutdown") ScheduledExecutorService executor = new InlineExecutor();
    @Cleanup AppendProcessor processor = AppendProcessor.defaultBuilder().store(mockStore).connection(new TrackedConnection(mockConnection)).tokenExpiryHandlerExecutor(executor).build();
    // Spy the actual Append Processor, so that we can have some of the methods return stubbed values.
    AppendProcessor mockProcessor = spy(processor);
    doReturn(true).when(mockProcessor).isSetupAppendCompleted(streamSegmentName, clientId);
    doThrow(new RuntimeException()).when(mockConnection).send(any());
    Date expiryDate = Date.from(Instant.now().plusMillis(300));
    JsonWebToken token = new JsonWebToken("subject", "audience", "secret".getBytes(), expiryDate, null);
    SetupAppend setupAppend = new SetupAppend(1, clientId, streamSegmentName, token.toCompactString());
    // Act
    mockProcessor.setupTokenExpiryTask(setupAppend, token).join();
}
Also used : ScheduledExecutorService(java.util.concurrent.ScheduledExecutorService) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Cleanup(lombok.Cleanup) JsonWebToken(io.pravega.shared.security.token.JsonWebToken) Date(java.util.Date) StreamSegmentStore(io.pravega.segmentstore.contracts.StreamSegmentStore) InlineExecutor(io.pravega.test.common.InlineExecutor) SetupAppend(io.pravega.shared.protocol.netty.WireCommands.SetupAppend) UUID(java.util.UUID) Test(org.junit.Test)

Aggregations

JsonWebToken (io.pravega.shared.security.token.JsonWebToken)9 StreamSegmentStore (io.pravega.segmentstore.contracts.StreamSegmentStore)4 SetupAppend (io.pravega.shared.protocol.netty.WireCommands.SetupAppend)4 UUID (java.util.UUID)4 Test (org.junit.Test)4 ScheduledExecutorService (java.util.concurrent.ScheduledExecutorService)3 Cleanup (lombok.Cleanup)3 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)3 VisibleForTesting (com.google.common.annotations.VisibleForTesting)2 AuthHandler (io.pravega.auth.AuthHandler)2 TokenException (io.pravega.auth.TokenException)2 TokenExpiredException (io.pravega.auth.TokenExpiredException)2 Exceptions (io.pravega.common.Exceptions)2 InlineExecutor (io.pravega.test.common.InlineExecutor)2 HashMap (java.util.HashMap)2 NonNull (lombok.NonNull)2 Preconditions (com.google.common.base.Preconditions)1 Strings (com.google.common.base.Strings)1 Throwables (com.google.common.base.Throwables)1 InvalidClaimException (io.pravega.auth.InvalidClaimException)1