Example 6 with TestingTrinoServer
use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.
the class TestWebUi method testOAuth2Authenticator.
@Test
public void testOAuth2Authenticator() throws Exception {
String accessToken = createTokenBuilder().compact();
TestingHttpServer jwkServer = createTestingJwkServer();
jwkServer.start();
try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(OAUTH2_PROPERTIES).put("http-server.authentication.oauth2.jwks-url", jwkServer.getBaseUrl().toString()).buildOrThrow()).setAdditionalModule(binder -> newOptionalBinder(binder, OAuth2Client.class).setBinding().toInstance(new OAuth2ClientStub(accessToken))).build()) {
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
assertAuth2Authentication(httpServerInfo, accessToken);
} finally {
jwkServer.stop();
}
}
Also used :
ResourceSecurity(io.trino.server.security.ResourceSecurity)
X_FORWARDED_PORT(com.google.common.net.HttpHeaders.X_FORWARDED_PORT)
Date(java.util.Date)
ZonedDateTime(java.time.ZonedDateTime)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
Key(com.google.inject.Key)
NodeInfo(io.airlift.node.NodeInfo)
AUTHORIZATION(com.google.common.net.HttpHeaders.AUTHORIZATION)
Test(org.testng.annotations.Test)
ContainerRequestFilter(javax.ws.rs.container.ContainerRequestFilter)
HttpServerConfig(io.airlift.http.server.HttpServerConfig)
ContainerRequestContext(javax.ws.rs.container.ContainerRequestContext)
JwsHeader(io.jsonwebtoken.JwsHeader)
HttpCookie(java.net.HttpCookie)
SC_SEE_OTHER(javax.servlet.http.HttpServletResponse.SC_SEE_OTHER)
FormBody(okhttp3.FormBody)
JwtBuilder(io.jsonwebtoken.JwtBuilder)
DISABLED_LOCATION(io.trino.server.ui.FormWebUiAuthenticationFilter.DISABLED_LOCATION)
URI(java.net.URI)
WEB_UI(io.trino.server.security.ResourceSecurity.AccessType.WEB_UI)
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
Path(java.nio.file.Path)
X_FORWARDED_PROTO(com.google.common.net.HttpHeaders.X_FORWARDED_PROTO)
OptionalBinder.newOptionalBinder(com.google.inject.multibindings.OptionalBinder.newOptionalBinder)
Assert.assertEquals(io.trino.testing.assertions.Assert.assertEquals)
PemReader(io.airlift.security.pem.PemReader)
Request(okhttp3.Request)
UNAUTHORIZED(javax.ws.rs.core.Response.Status.UNAUTHORIZED)
ImmutableSet(com.google.common.collect.ImmutableSet)
Context(javax.ws.rs.core.Context)
HttpServlet(javax.servlet.http.HttpServlet)
ImmutableMap(com.google.common.collect.ImmutableMap)
JavaNetCookieJar(okhttp3.JavaNetCookieJar)
BeforeClass(org.testng.annotations.BeforeClass)
AUTHENTICATED_IDENTITY(io.trino.server.HttpRequestSessionContextFactory.AUTHENTICATED_IDENTITY)
PreparedStatementEncoder(io.trino.server.protocol.PreparedStatementEncoder)
GuardedBy(javax.annotation.concurrent.GuardedBy)
BasicPrincipal(io.trino.spi.security.BasicPrincipal)
Preconditions.checkState(com.google.common.base.Preconditions.checkState)
UncheckedIOException(java.io.UncheckedIOException)
SC_NOT_FOUND(javax.servlet.http.HttpServletResponse.SC_NOT_FOUND)
Base64(java.util.Base64)
HttpServerInfo(io.airlift.http.server.HttpServerInfo)
HttpHeaders(javax.ws.rs.core.HttpHeaders)
Principal(java.security.Principal)
AccessControl(io.trino.security.AccessControl)
PrivateKey(java.security.PrivateKey)
CookieManager(java.net.CookieManager)
SC_OK(javax.servlet.http.HttpServletResponse.SC_OK)
HttpUriBuilder.uriBuilderFrom(io.airlift.http.client.HttpUriBuilder.uriBuilderFrom)
JaxrsBinder.jaxrsBinder(io.airlift.jaxrs.JaxrsBinder.jaxrsBinder)
MetadataManager.createTestMetadataManager(io.trino.metadata.MetadataManager.createTestMetadataManager)
Optional(java.util.Optional)
SecretKey(javax.crypto.SecretKey)
Predicate.not(java.util.function.Predicate.not)
ProtocolConfig(io.trino.server.ProtocolConfig)
AccessDeniedException(io.trino.spi.security.AccessDeniedException)
NONCE(io.trino.server.security.oauth2.OAuth2Service.NONCE)
UI_LOGIN(io.trino.server.ui.FormWebUiAuthenticationFilter.UI_LOGIN)
GET(javax.ws.rs.GET)
JwtUtil.newJwtBuilder(io.trino.server.security.jwt.JwtUtil.newJwtBuilder)
OAuth2Client(io.trino.server.security.oauth2.OAuth2Client)
CALLBACK_ENDPOINT(io.trino.server.security.oauth2.OAuth2CallbackResource.CALLBACK_ENDPOINT)
Hashing(com.google.common.hash.Hashing)
OkHttpUtil.setupSsl(io.trino.client.OkHttpUtil.setupSsl)
MINUTES(java.util.concurrent.TimeUnit.MINUTES)
RequestBody(okhttp3.RequestBody)
Inject(javax.inject.Inject)
UI_LOGOUT(io.trino.server.ui.FormWebUiAuthenticationFilter.UI_LOGOUT)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy)
Identity(io.trino.spi.security.Identity)
Objects.requireNonNull(java.util.Objects.requireNonNull)
Response(okhttp3.Response)
HttpRequestSessionContextFactory(io.trino.server.HttpRequestSessionContextFactory)
SC_UNAUTHORIZED(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED)
TestingHttpServer(io.airlift.http.server.testing.TestingHttpServer)
X_FORWARDED_HOST(com.google.common.net.HttpHeaders.X_FORWARDED_HOST)
Keys.hmacShaKeyFor(io.jsonwebtoken.security.Keys.hmacShaKeyFor)
LOGIN_FORM(io.trino.server.ui.FormWebUiAuthenticationFilter.LOGIN_FORM)
Resources(com.google.common.io.Resources)
Files(java.nio.file.Files)
UTF_8(java.nio.charset.StandardCharsets.UTF_8)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
IOException(java.io.IOException)
Iterables.getOnlyElement(com.google.common.collect.Iterables.getOnlyElement)
File(java.io.File)
PasswordAuthenticatorManager(io.trino.server.security.PasswordAuthenticatorManager)
OkHttpClient(okhttp3.OkHttpClient)
LOCATION(com.google.common.net.HttpHeaders.LOCATION)
Paths(java.nio.file.Paths)
Assert.assertTrue(org.testng.Assert.assertTrue)
TestingHttpServer(io.airlift.http.server.testing.TestingHttpServer)
HttpServerInfo(io.airlift.http.server.HttpServerInfo)
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
Test(org.testng.annotations.Test)
Example 7 with TestingTrinoServer
use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.
the class TestWebUi method testCertAuthenticator.
@Test
public void testCertAuthenticator() throws Exception {
try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("http-server.authentication.type", "certificate").put("http-server.https.truststore.path", LOCALHOST_KEYSTORE).put("http-server.https.truststore.key", "").buildOrThrow()).build()) {
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
String nodeId = server.getInstance(Key.get(NodeInfo.class)).getNodeId();
testLogIn(httpServerInfo.getHttpUri(), FORM_LOGIN_USER, TEST_PASSWORD, false);
testNeverAuthorized(httpServerInfo.getHttpsUri(), client);
OkHttpClient.Builder clientBuilder = client.newBuilder();
setupSsl(clientBuilder, Optional.of(LOCALHOST_KEYSTORE), Optional.empty(), Optional.empty(), Optional.of(LOCALHOST_KEYSTORE), Optional.empty(), Optional.empty());
OkHttpClient clientWithCert = clientBuilder.build();
testAlwaysAuthorized(httpServerInfo.getHttpsUri(), clientWithCert, nodeId);
}
}
Also used :
OkHttpClient(okhttp3.OkHttpClient)
HttpServerInfo(io.airlift.http.server.HttpServerInfo)
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
Test(org.testng.annotations.Test)
Example 8 with TestingTrinoServer
use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.
the class TestWebUi method testDisabled.
@Test
public void testDisabled() throws Exception {
try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("web-ui.enabled", "false").buildOrThrow()).build()) {
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
testDisabled(httpServerInfo.getHttpUri());
testDisabled(httpServerInfo.getHttpsUri());
}
}
Also used :
HttpServerInfo(io.airlift.http.server.HttpServerInfo)
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
Test(org.testng.annotations.Test)
Example 9 with TestingTrinoServer
use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.
the class TestResourceSecurity method testPasswordAuthenticator.
@Test
public void testPasswordAuthenticator() throws Exception {
try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("password-authenticator.config-files", passwordConfigDummy.toString()).put("http-server.authentication.type", "password").put("http-server.authentication.password.user-mapping.pattern", ALLOWED_USER_MAPPING_PATTERN).buildOrThrow()).build()) {
server.getInstance(Key.get(PasswordAuthenticatorManager.class)).setAuthenticators(TestResourceSecurity::authenticate);
server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.WITH_IMPERSONATION);
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
assertAuthenticationDisabled(httpServerInfo.getHttpUri());
assertPasswordAuthentication(httpServerInfo.getHttpsUri());
}
}
Also used :
HttpServerInfo(io.airlift.http.server.HttpServerInfo)
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
Test(org.testng.annotations.Test)
Example 10 with TestingTrinoServer
use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.
the class TestResourceSecurity method testFixedManagerAuthenticatorHttps.
@Test
public void testFixedManagerAuthenticatorHttps() throws Exception {
try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("password-authenticator.config-files", passwordConfigDummy.toString()).put("http-server.authentication.type", "password").put("http-server.authentication.allow-insecure-over-http", "true").put("management.user", MANAGEMENT_USER).put("management.user.https-enabled", "true").buildOrThrow()).build()) {
server.getInstance(Key.get(PasswordAuthenticatorManager.class)).setAuthenticators(TestResourceSecurity::authenticate);
server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.WITH_IMPERSONATION);
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
assertFixedManagementUser(httpServerInfo.getHttpUri(), true);
assertFixedManagementUser(httpServerInfo.getHttpsUri(), false);
}
}
Also used :
HttpServerInfo(io.airlift.http.server.HttpServerInfo)
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
Test(org.testng.annotations.Test)
Aggregations
TestingTrinoServer (io.trino.server.testing.TestingTrinoServer)41
Test (org.testng.annotations.Test)33
HttpServerInfo (io.airlift.http.server.HttpServerInfo)28
ImmutableMap (com.google.common.collect.ImmutableMap)16
ImmutableSet (com.google.common.collect.ImmutableSet)14
Iterables.getOnlyElement (com.google.common.collect.Iterables.getOnlyElement)14
Resources (com.google.common.io.Resources)14
AUTHORIZATION (com.google.common.net.HttpHeaders.AUTHORIZATION)14
Key (com.google.inject.Key)14
OptionalBinder.newOptionalBinder (com.google.inject.multibindings.OptionalBinder.newOptionalBinder)14
HttpUriBuilder.uriBuilderFrom (io.airlift.http.client.HttpUriBuilder.uriBuilderFrom)14
HttpServerConfig (io.airlift.http.server.HttpServerConfig)14
TestingHttpServer (io.airlift.http.server.testing.TestingHttpServer)14
JaxrsBinder.jaxrsBinder (io.airlift.jaxrs.JaxrsBinder.jaxrsBinder)14
NodeInfo (io.airlift.node.NodeInfo)14
PemReader (io.airlift.security.pem.PemReader)14
JwsHeader (io.jsonwebtoken.JwsHeader)14
JwtBuilder (io.jsonwebtoken.JwtBuilder)14
Keys.hmacShaKeyFor (io.jsonwebtoken.security.Keys.hmacShaKeyFor)14
OkHttpUtil.setupSsl (io.trino.client.OkHttpUtil.setupSsl)14
