Examples with TestingTrinoServer io.trino.server.testing.TestingTrinoServer used on opensource projects

Search in sources :

Example 1 with TestingTrinoServer

use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.

the class TestResourceSecurity method testInsecureAuthenticatorHttp.

@Test
public void testInsecureAuthenticatorHttp() throws Exception {
    try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().put("http-server.authentication.insecure.user-mapping.pattern", ALLOWED_USER_MAPPING_PATTERN).buildOrThrow()).build()) {
        server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.WITH_IMPERSONATION);
        HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
        assertInsecureAuthentication(httpServerInfo.getHttpUri());
    }
}
Also used : HttpServerInfo(io.airlift.http.server.HttpServerInfo) TestingTrinoServer(io.trino.server.testing.TestingTrinoServer) Test(org.testng.annotations.Test)

Example 2 with TestingTrinoServer

use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.

the class TestResourceSecurity method testMultiplePasswordAuthenticators.

@Test
public void testMultiplePasswordAuthenticators() throws Exception {
    try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("password-authenticator.config-files", passwordConfigDummy.toString()).put("http-server.authentication.type", "password").put("http-server.authentication.password.user-mapping.pattern", ALLOWED_USER_MAPPING_PATTERN).buildOrThrow()).build()) {
        server.getInstance(Key.get(PasswordAuthenticatorManager.class)).setAuthenticators(TestResourceSecurity::authenticate, TestResourceSecurity::authenticate2);
        server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.WITH_IMPERSONATION);
        HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
        assertAuthenticationDisabled(httpServerInfo.getHttpUri());
        assertPasswordAuthentication(httpServerInfo.getHttpsUri(), TEST_PASSWORD, TEST_PASSWORD2);
    }
}
Also used : HttpServerInfo(io.airlift.http.server.HttpServerInfo) TestingTrinoServer(io.trino.server.testing.TestingTrinoServer) Test(org.testng.annotations.Test)

Example 3 with TestingTrinoServer

use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.

the class TestResourceSecurity method testOAuth2Groups.

@Test(dataProvider = "groups")
public void testOAuth2Groups(Optional<Set<String>> groups) throws Exception {
    try (TokenServer tokenServer = new TokenServer(Optional.empty());
        TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("web-ui.enabled", "true").put("http-server.authentication.type", "oauth2").putAll(getOAuth2Properties(tokenServer)).put("http-server.authentication.oauth2.groups-field", GROUPS_CLAIM).buildOrThrow()).setAdditionalModule(oauth2Module(tokenServer)).build()) {
        server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.NO_IMPERSONATION);
        HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
        String accessToken = tokenServer.issueAccessToken(groups);
        OkHttpClient clientWithOAuthToken = client.newBuilder().authenticator((route, response) -> response.request().newBuilder().header(AUTHORIZATION, "Bearer " + accessToken).build()).build();
        assertAuthenticationAutomatic(httpServerInfo.getHttpsUri(), clientWithOAuthToken);
        try (Response response = clientWithOAuthToken.newCall(new Request.Builder().url(getLocation(httpServerInfo.getHttpsUri(), "/protocol/identity")).build()).execute()) {
            assertEquals(response.code(), SC_OK);
            assertEquals(response.header("user"), TEST_USER);
            assertEquals(response.header("principal"), TEST_USER);
            assertEquals(response.header("groups"), groups.map(TestResource::toHeader).orElse(""));
        }
        OkHttpClient clientWithOAuthCookie = client.newBuilder().cookieJar(new CookieJar() {

            @Override
            public void saveFromResponse(HttpUrl url, List<Cookie> cookies) {
            }

            @Override
            public List<Cookie> loadForRequest(HttpUrl url) {
                return ImmutableList.of(new Cookie.Builder().domain(httpServerInfo.getHttpsUri().getHost()).path(UI_LOCATION).name(OAUTH2_COOKIE).value(accessToken).httpOnly().secure().build());
            }
        }).build();
        try (Response response = clientWithOAuthCookie.newCall(new Request.Builder().url(getLocation(httpServerInfo.getHttpsUri(), "/ui/api/identity")).build()).execute()) {
            assertEquals(response.code(), SC_OK);
            assertEquals(response.header("user"), TEST_USER);
            assertEquals(response.header("principal"), TEST_USER);
            assertEquals(response.header("groups"), groups.map(TestResource::toHeader).orElse(""));
        }
    }
}
Also used : AccessDeniedException.denyReadSystemInformationAccess(io.trino.spi.security.AccessDeniedException.denyReadSystemInformationAccess) JsonProperty(com.fasterxml.jackson.annotation.JsonProperty) AccessControlManager(io.trino.security.AccessControlManager) ZonedDateTime(java.time.ZonedDateTime) NodeInfo(io.airlift.node.NodeInfo) Test(org.testng.annotations.Test) HttpServerConfig(io.airlift.http.server.HttpServerConfig) SystemSecurityContext(io.trino.spi.security.SystemSecurityContext) JwsHeader(io.jsonwebtoken.JwsHeader) HttpCookie(java.net.HttpCookie) Matcher(java.util.regex.Matcher) JwtBuilder(io.jsonwebtoken.JwtBuilder) Map(java.util.Map) Path(java.nio.file.Path) Assert.assertEquals(io.trino.testing.assertions.Assert.assertEquals) PemReader(io.airlift.security.pem.PemReader) CookieJar(okhttp3.CookieJar) Request(okhttp3.Request) HttpServlet(javax.servlet.http.HttpServlet) SET_COOKIE(javax.ws.rs.core.HttpHeaders.SET_COOKIE) JavaNetCookieJar(okhttp3.JavaNetCookieJar) Set(java.util.Set) PreparedStatementEncoder(io.trino.server.protocol.PreparedStatementEncoder) BasicPrincipal(io.trino.spi.security.BasicPrincipal) HttpServerInfo(io.airlift.http.server.HttpServerInfo) AccessControl(io.trino.security.AccessControl) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey) ProtocolConfig(io.trino.server.ProtocolConfig) AccessDeniedException(io.trino.spi.security.AccessDeniedException) NONCE(io.trino.server.security.oauth2.OAuth2Service.NONCE) GET(javax.ws.rs.GET) OkHttpUtil.setupSsl(io.trino.client.OkHttpUtil.setupSsl) MINUTES(java.util.concurrent.TimeUnit.MINUTES) LOCATION(javax.ws.rs.core.HttpHeaders.LOCATION) HttpServletRequest(javax.servlet.http.HttpServletRequest) Identity(io.trino.spi.security.Identity) Response(okhttp3.Response) SC_UNAUTHORIZED(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED) Resources(com.google.common.io.Resources) Files(java.nio.file.Files) IOException(java.io.IOException) Iterables.getOnlyElement(com.google.common.collect.Iterables.getOnlyElement) File(java.io.File) WWW_AUTHENTICATE(javax.ws.rs.core.HttpHeaders.WWW_AUTHENTICATE) OkHttpClient(okhttp3.OkHttpClient) ChronoUnit(java.time.temporal.ChronoUnit) Paths(java.nio.file.Paths) OAUTH2_COOKIE(io.trino.server.ui.OAuthWebUiCookie.OAUTH2_COOKIE) AllowAllSystemAccessControl(io.trino.plugin.base.security.AllowAllSystemAccessControl) Module(com.google.inject.Module) AUTHENTICATED_USER(io.trino.server.security.ResourceSecurity.AccessType.AUTHENTICATED_USER) Date(java.util.Date) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Key(com.google.inject.Key) AUTHORIZATION(com.google.common.net.HttpHeaders.AUTHORIZATION) SC_SEE_OTHER(javax.servlet.http.HttpServletResponse.SC_SEE_OTHER) URI(java.net.URI) WEB_UI(io.trino.server.security.ResourceSecurity.AccessType.WEB_UI) TestingTrinoServer(io.trino.server.testing.TestingTrinoServer) OptionalBinder.newOptionalBinder(com.google.inject.multibindings.OptionalBinder.newOptionalBinder) ImmutableSet(com.google.common.collect.ImmutableSet) Context(javax.ws.rs.core.Context) ImmutableMap(com.google.common.collect.ImmutableMap) BeforeClass(org.testng.annotations.BeforeClass) Assert.assertNotNull(org.testng.Assert.assertNotNull) Credentials(okhttp3.Credentials) Collectors(java.util.stream.Collectors) String.format(java.lang.String.format) Base64(java.util.Base64) List(java.util.List) HttpHeaders(javax.ws.rs.core.HttpHeaders) Principal(java.security.Principal) CookieManager(java.net.CookieManager) SC_OK(javax.servlet.http.HttpServletResponse.SC_OK) HttpUriBuilder.uriBuilderFrom(io.airlift.http.client.HttpUriBuilder.uriBuilderFrom) JaxrsBinder.jaxrsBinder(io.airlift.jaxrs.JaxrsBinder.jaxrsBinder) MetadataManager.createTestMetadataManager(io.trino.metadata.MetadataManager.createTestMetadataManager) Optional(java.util.Optional) MoreObjects.firstNonNull(com.google.common.base.MoreObjects.firstNonNull) Pattern(java.util.regex.Pattern) HttpUrl(okhttp3.HttpUrl) Instant.now(java.time.Instant.now) DataProvider(org.testng.annotations.DataProvider) JwtUtil.newJwtBuilder(io.trino.server.security.jwt.JwtUtil.newJwtBuilder) OAuth2Client(io.trino.server.security.oauth2.OAuth2Client) Headers(okhttp3.Headers) AtomicReference(java.util.concurrent.atomic.AtomicReference) Inject(javax.inject.Inject) Cookie(okhttp3.Cookie) ImmutableList(com.google.common.collect.ImmutableList) Objects.requireNonNull(java.util.Objects.requireNonNull) HttpRequestSessionContextFactory(io.trino.server.HttpRequestSessionContextFactory) UI_LOCATION(io.trino.server.ui.FormWebUiAuthenticationFilter.UI_LOCATION) TestingHttpServer(io.airlift.http.server.testing.TestingHttpServer) Keys.hmacShaKeyFor(io.jsonwebtoken.security.Keys.hmacShaKeyFor) AccessDeniedException.denyImpersonateUser(io.trino.spi.security.AccessDeniedException.denyImpersonateUser) UTF_8(java.nio.charset.StandardCharsets.UTF_8) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) HttpServletResponse(javax.servlet.http.HttpServletResponse) SC_FORBIDDEN(javax.servlet.http.HttpServletResponse.SC_FORBIDDEN) Assert.assertTrue(org.testng.Assert.assertTrue) TRINO_HEADERS(io.trino.client.ProtocolHeaders.TRINO_HEADERS) HttpCookie(java.net.HttpCookie) Cookie(okhttp3.Cookie) OkHttpClient(okhttp3.OkHttpClient) JwtBuilder(io.jsonwebtoken.JwtBuilder) JwtUtil.newJwtBuilder(io.trino.server.security.jwt.JwtUtil.newJwtBuilder) HttpUrl(okhttp3.HttpUrl) Response(okhttp3.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) List(java.util.List) ImmutableList(com.google.common.collect.ImmutableList) CookieJar(okhttp3.CookieJar) JavaNetCookieJar(okhttp3.JavaNetCookieJar) HttpServerInfo(io.airlift.http.server.HttpServerInfo) TestingTrinoServer(io.trino.server.testing.TestingTrinoServer) Test(org.testng.annotations.Test)

Example 4 with TestingTrinoServer

use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.

the class TestResourceSecurity method testInsecureAuthenticatorHttpsOnly.

@Test
public void testInsecureAuthenticatorHttpsOnly() throws Exception {
    try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("http-server.authentication.allow-insecure-over-http", "false").buildOrThrow()).build()) {
        server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.WITH_IMPERSONATION);
        HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
        assertAuthenticationDisabled(httpServerInfo.getHttpUri());
        assertInsecureAuthentication(httpServerInfo.getHttpsUri());
    }
}
Also used : HttpServerInfo(io.airlift.http.server.HttpServerInfo) TestingTrinoServer(io.trino.server.testing.TestingTrinoServer) Test(org.testng.annotations.Test)

Example 5 with TestingTrinoServer

use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.

the class TestWebUi method testCustomPrincipalField.

@Test
public void testCustomPrincipalField() throws Exception {
    String accessToken = createTokenBuilder().setSubject("unknown").addClaims(ImmutableMap.of("preferred_username", "test-user@email.com")).compact();
    TestingHttpServer jwkServer = createTestingJwkServer();
    jwkServer.start();
    try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(OAUTH2_PROPERTIES).put("http-server.authentication.oauth2.jwks-url", jwkServer.getBaseUrl().toString()).put("http-server.authentication.oauth2.principal-field", "preferred_username").put("http-server.authentication.oauth2.user-mapping.pattern", "(.*)@.*").buildOrThrow()).setAdditionalModule(binder -> {
        newOptionalBinder(binder, OAuth2Client.class).setBinding().toInstance(new OAuth2ClientStub(accessToken));
        jaxrsBinder(binder).bind(AuthenticatedIdentityCapturingFilter.class);
    }).build()) {
        HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
        assertAuth2Authentication(httpServerInfo, accessToken);
        Identity identity = server.getInstance(Key.get(AuthenticatedIdentityCapturingFilter.class)).getAuthenticatedIdentity();
        assertThat(identity.getUser()).isEqualTo("test-user");
        assertThat(identity.getPrincipal()).isEqualTo(Optional.of(new BasicPrincipal("test-user@email.com")));
    } finally {
        jwkServer.stop();
    }
}
Also used : ResourceSecurity(io.trino.server.security.ResourceSecurity) X_FORWARDED_PORT(com.google.common.net.HttpHeaders.X_FORWARDED_PORT) Date(java.util.Date) ZonedDateTime(java.time.ZonedDateTime) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Key(com.google.inject.Key) NodeInfo(io.airlift.node.NodeInfo) AUTHORIZATION(com.google.common.net.HttpHeaders.AUTHORIZATION) Test(org.testng.annotations.Test) ContainerRequestFilter(javax.ws.rs.container.ContainerRequestFilter) HttpServerConfig(io.airlift.http.server.HttpServerConfig) ContainerRequestContext(javax.ws.rs.container.ContainerRequestContext) JwsHeader(io.jsonwebtoken.JwsHeader) HttpCookie(java.net.HttpCookie) SC_SEE_OTHER(javax.servlet.http.HttpServletResponse.SC_SEE_OTHER) FormBody(okhttp3.FormBody) JwtBuilder(io.jsonwebtoken.JwtBuilder) DISABLED_LOCATION(io.trino.server.ui.FormWebUiAuthenticationFilter.DISABLED_LOCATION) URI(java.net.URI) WEB_UI(io.trino.server.security.ResourceSecurity.AccessType.WEB_UI) TestingTrinoServer(io.trino.server.testing.TestingTrinoServer) Path(java.nio.file.Path) X_FORWARDED_PROTO(com.google.common.net.HttpHeaders.X_FORWARDED_PROTO) OptionalBinder.newOptionalBinder(com.google.inject.multibindings.OptionalBinder.newOptionalBinder) Assert.assertEquals(io.trino.testing.assertions.Assert.assertEquals) PemReader(io.airlift.security.pem.PemReader) Request(okhttp3.Request) UNAUTHORIZED(javax.ws.rs.core.Response.Status.UNAUTHORIZED) ImmutableSet(com.google.common.collect.ImmutableSet) Context(javax.ws.rs.core.Context) HttpServlet(javax.servlet.http.HttpServlet) ImmutableMap(com.google.common.collect.ImmutableMap) JavaNetCookieJar(okhttp3.JavaNetCookieJar) BeforeClass(org.testng.annotations.BeforeClass) AUTHENTICATED_IDENTITY(io.trino.server.HttpRequestSessionContextFactory.AUTHENTICATED_IDENTITY) PreparedStatementEncoder(io.trino.server.protocol.PreparedStatementEncoder) GuardedBy(javax.annotation.concurrent.GuardedBy) BasicPrincipal(io.trino.spi.security.BasicPrincipal) Preconditions.checkState(com.google.common.base.Preconditions.checkState) UncheckedIOException(java.io.UncheckedIOException) SC_NOT_FOUND(javax.servlet.http.HttpServletResponse.SC_NOT_FOUND) Base64(java.util.Base64) HttpServerInfo(io.airlift.http.server.HttpServerInfo) HttpHeaders(javax.ws.rs.core.HttpHeaders) Principal(java.security.Principal) AccessControl(io.trino.security.AccessControl) PrivateKey(java.security.PrivateKey) CookieManager(java.net.CookieManager) SC_OK(javax.servlet.http.HttpServletResponse.SC_OK) HttpUriBuilder.uriBuilderFrom(io.airlift.http.client.HttpUriBuilder.uriBuilderFrom) JaxrsBinder.jaxrsBinder(io.airlift.jaxrs.JaxrsBinder.jaxrsBinder) MetadataManager.createTestMetadataManager(io.trino.metadata.MetadataManager.createTestMetadataManager) Optional(java.util.Optional) SecretKey(javax.crypto.SecretKey) Predicate.not(java.util.function.Predicate.not) ProtocolConfig(io.trino.server.ProtocolConfig) AccessDeniedException(io.trino.spi.security.AccessDeniedException) NONCE(io.trino.server.security.oauth2.OAuth2Service.NONCE) UI_LOGIN(io.trino.server.ui.FormWebUiAuthenticationFilter.UI_LOGIN) GET(javax.ws.rs.GET) JwtUtil.newJwtBuilder(io.trino.server.security.jwt.JwtUtil.newJwtBuilder) OAuth2Client(io.trino.server.security.oauth2.OAuth2Client) CALLBACK_ENDPOINT(io.trino.server.security.oauth2.OAuth2CallbackResource.CALLBACK_ENDPOINT) Hashing(com.google.common.hash.Hashing) OkHttpUtil.setupSsl(io.trino.client.OkHttpUtil.setupSsl) MINUTES(java.util.concurrent.TimeUnit.MINUTES) RequestBody(okhttp3.RequestBody) Inject(javax.inject.Inject) UI_LOGOUT(io.trino.server.ui.FormWebUiAuthenticationFilter.UI_LOGOUT) HttpServletRequest(javax.servlet.http.HttpServletRequest) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) Identity(io.trino.spi.security.Identity) Objects.requireNonNull(java.util.Objects.requireNonNull) Response(okhttp3.Response) HttpRequestSessionContextFactory(io.trino.server.HttpRequestSessionContextFactory) SC_UNAUTHORIZED(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED) TestingHttpServer(io.airlift.http.server.testing.TestingHttpServer) X_FORWARDED_HOST(com.google.common.net.HttpHeaders.X_FORWARDED_HOST) Keys.hmacShaKeyFor(io.jsonwebtoken.security.Keys.hmacShaKeyFor) LOGIN_FORM(io.trino.server.ui.FormWebUiAuthenticationFilter.LOGIN_FORM) Resources(com.google.common.io.Resources) Files(java.nio.file.Files) UTF_8(java.nio.charset.StandardCharsets.UTF_8) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) Iterables.getOnlyElement(com.google.common.collect.Iterables.getOnlyElement) File(java.io.File) PasswordAuthenticatorManager(io.trino.server.security.PasswordAuthenticatorManager) OkHttpClient(okhttp3.OkHttpClient) LOCATION(com.google.common.net.HttpHeaders.LOCATION) Paths(java.nio.file.Paths) Assert.assertTrue(org.testng.Assert.assertTrue) BasicPrincipal(io.trino.spi.security.BasicPrincipal) OAuth2Client(io.trino.server.security.oauth2.OAuth2Client) TestingHttpServer(io.airlift.http.server.testing.TestingHttpServer) Identity(io.trino.spi.security.Identity) HttpServerInfo(io.airlift.http.server.HttpServerInfo) TestingTrinoServer(io.trino.server.testing.TestingTrinoServer) Test(org.testng.annotations.Test)

Aggregations

TestingTrinoServer (io.trino.server.testing.TestingTrinoServer)41 Test (org.testng.annotations.Test)33 HttpServerInfo (io.airlift.http.server.HttpServerInfo)28 ImmutableMap (com.google.common.collect.ImmutableMap)16 ImmutableSet (com.google.common.collect.ImmutableSet)14 Iterables.getOnlyElement (com.google.common.collect.Iterables.getOnlyElement)14 Resources (com.google.common.io.Resources)14 AUTHORIZATION (com.google.common.net.HttpHeaders.AUTHORIZATION)14 Key (com.google.inject.Key)14 OptionalBinder.newOptionalBinder (com.google.inject.multibindings.OptionalBinder.newOptionalBinder)14 HttpUriBuilder.uriBuilderFrom (io.airlift.http.client.HttpUriBuilder.uriBuilderFrom)14 HttpServerConfig (io.airlift.http.server.HttpServerConfig)14 TestingHttpServer (io.airlift.http.server.testing.TestingHttpServer)14 JaxrsBinder.jaxrsBinder (io.airlift.jaxrs.JaxrsBinder.jaxrsBinder)14 NodeInfo (io.airlift.node.NodeInfo)14 PemReader (io.airlift.security.pem.PemReader)14 JwsHeader (io.jsonwebtoken.JwsHeader)14 JwtBuilder (io.jsonwebtoken.JwtBuilder)14 Keys.hmacShaKeyFor (io.jsonwebtoken.security.Keys.hmacShaKeyFor)14 OkHttpUtil.setupSsl (io.trino.client.OkHttpUtil.setupSsl)14
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial