Example 6 with HttpClient
use of org.apache.druid.java.util.http.client.HttpClient in project druid by druid-io.
the class ITTLSTest method makeCertlessClient.
private HttpClient makeCertlessClient() {
SSLContext certlessClientSSLContext = new TLSUtils.ClientSSLContextBuilder().setProtocol(sslClientConfig.getProtocol()).setTrustStoreType(sslClientConfig.getTrustStoreType()).setTrustStorePath(sslClientConfig.getTrustStorePath()).setTrustStoreAlgorithm(sslClientConfig.getTrustStoreAlgorithm()).setTrustStorePasswordProvider(sslClientConfig.getTrustStorePasswordProvider()).setCertificateChecker(certificateChecker).build();
final HttpClientConfig.Builder builder = getHttpClientConfigBuilder(certlessClientSSLContext);
final Lifecycle lifecycle = new Lifecycle();
HttpClient client = HttpClientInit.createClient(builder.build(), lifecycle);
HttpClient adminClient = new CredentialedHttpClient(new BasicCredentials("admin", "priest"), client);
return adminClient;
}
Also used :
CredentialedHttpClient(org.apache.druid.java.util.http.client.CredentialedHttpClient)
HttpClientConfig(org.apache.druid.java.util.http.client.HttpClientConfig)
DruidHttpClientConfig(org.apache.druid.guice.http.DruidHttpClientConfig)
TLSUtils(org.apache.druid.server.security.TLSUtils)
Lifecycle(org.apache.druid.java.util.common.lifecycle.Lifecycle)
HttpClient(org.apache.druid.java.util.http.client.HttpClient)
CredentialedHttpClient(org.apache.druid.java.util.http.client.CredentialedHttpClient)
SSLContext(javax.net.ssl.SSLContext)
BasicCredentials(org.apache.druid.java.util.http.client.auth.BasicCredentials)
Example 7 with HttpClient
use of org.apache.druid.java.util.http.client.HttpClient in project druid by druid-io.
the class ITTLSTest method checkAccessWithNoCert.
@Test
public void checkAccessWithNoCert() {
LOG.info("---------Testing TLS resource access without a certificate---------");
HttpClient certlessClient = makeCertlessClient();
checkFailedAccessNoCert(certlessClient, HttpMethod.GET, config.getCoordinatorTLSUrl());
checkFailedAccessNoCert(certlessClient, HttpMethod.GET, config.getOverlordTLSUrl());
checkFailedAccessNoCert(certlessClient, HttpMethod.GET, config.getBrokerTLSUrl());
checkFailedAccessNoCert(certlessClient, HttpMethod.GET, config.getHistoricalTLSUrl());
checkFailedAccessNoCert(certlessClient, HttpMethod.GET, config.getRouterTLSUrl());
checkFailedAccessNoCert(certlessClient, HttpMethod.GET, config.getPermissiveRouterTLSUrl());
makeRequest(certlessClient, HttpMethod.GET, config.getNoClientAuthRouterTLSUrl() + "/status", null);
}
Also used :
HttpClient(org.apache.druid.java.util.http.client.HttpClient)
CredentialedHttpClient(org.apache.druid.java.util.http.client.CredentialedHttpClient)
Test(org.testng.annotations.Test)
Example 8 with HttpClient
use of org.apache.druid.java.util.http.client.HttpClient in project druid by druid-io.
the class ITTLSTest method checkAccessWithExpiredCert.
@Test
public void checkAccessWithExpiredCert() {
LOG.info("---------Testing TLS resource access when client certificate has expired---------");
HttpClient expiredClient = makeCustomHttpClient("client_tls/expired_client.jks", "expired_client");
checkFailedAccessExpired(expiredClient, HttpMethod.GET, config.getCoordinatorTLSUrl());
checkFailedAccessExpired(expiredClient, HttpMethod.GET, config.getOverlordTLSUrl());
checkFailedAccessExpired(expiredClient, HttpMethod.GET, config.getBrokerTLSUrl());
checkFailedAccessExpired(expiredClient, HttpMethod.GET, config.getHistoricalTLSUrl());
checkFailedAccessExpired(expiredClient, HttpMethod.GET, config.getRouterTLSUrl());
checkFailedAccessExpired(expiredClient, HttpMethod.GET, config.getPermissiveRouterTLSUrl());
makeRequest(expiredClient, HttpMethod.GET, config.getNoClientAuthRouterTLSUrl() + "/status", null);
}
Also used :
HttpClient(org.apache.druid.java.util.http.client.HttpClient)
CredentialedHttpClient(org.apache.druid.java.util.http.client.CredentialedHttpClient)
Test(org.testng.annotations.Test)
Example 9 with HttpClient
use of org.apache.druid.java.util.http.client.HttpClient in project druid by druid-io.
the class ITTLSTest method testTLSNodeAccess.
@Test
public void testTLSNodeAccess() {
LOG.info("---------Testing resource access with TLS enabled---------");
HttpClient adminClient = new CredentialedHttpClient(new BasicCredentials("admin", "priest"), httpClient);
makeRequest(adminClient, HttpMethod.GET, config.getCoordinatorTLSUrl() + "/status", null);
makeRequest(adminClient, HttpMethod.GET, config.getOverlordTLSUrl() + "/status", null);
makeRequest(adminClient, HttpMethod.GET, config.getBrokerTLSUrl() + "/status", null);
makeRequest(adminClient, HttpMethod.GET, config.getHistoricalTLSUrl() + "/status", null);
makeRequest(adminClient, HttpMethod.GET, config.getRouterTLSUrl() + "/status", null);
makeRequest(adminClient, HttpMethod.GET, config.getPermissiveRouterTLSUrl() + "/status", null);
makeRequest(adminClient, HttpMethod.GET, config.getNoClientAuthRouterTLSUrl() + "/status", null);
}
Also used :
CredentialedHttpClient(org.apache.druid.java.util.http.client.CredentialedHttpClient)
HttpClient(org.apache.druid.java.util.http.client.HttpClient)
CredentialedHttpClient(org.apache.druid.java.util.http.client.CredentialedHttpClient)
BasicCredentials(org.apache.druid.java.util.http.client.auth.BasicCredentials)
Test(org.testng.annotations.Test)
Example 10 with HttpClient
use of org.apache.druid.java.util.http.client.HttpClient in project druid by druid-io.
the class ITTLSTest method checkAccessWithCustomCertificateChecks.
@Test
public void checkAccessWithCustomCertificateChecks() {
LOG.info("---------Testing TLS resource access with custom certificate checks---------");
HttpClient wrongHostnameClient = makeCustomHttpClient("client_tls/invalid_hostname_client.jks", "invalid_hostname_client", new ITTLSCertificateChecker());
checkFailedAccessWrongHostname(httpClient, HttpMethod.GET, config.getCustomCertCheckRouterTLSUrl());
makeRequest(wrongHostnameClient, HttpMethod.GET, config.getCustomCertCheckRouterTLSUrl() + "/status", null);
checkFailedAccess(wrongHostnameClient, HttpMethod.POST, config.getCustomCertCheckRouterTLSUrl() + "/druid/v2", "Custom cert check", ISE.class, "Error while making request to url[https://127.0.0.1:9091/druid/v2] status[400 Bad Request] content[{\"error\":\"Unknown exception\",\"errorMessage\":\"No content to map due to end-of-input", true);
makeRequest(wrongHostnameClient, HttpMethod.GET, config.getCustomCertCheckRouterTLSUrl() + "/druid/coordinator/v1/leader", null);
}
Also used :
HttpClient(org.apache.druid.java.util.http.client.HttpClient)
CredentialedHttpClient(org.apache.druid.java.util.http.client.CredentialedHttpClient)
ITTLSCertificateChecker(org.apache.druid.testing.utils.ITTLSCertificateChecker)
Test(org.testng.annotations.Test)
Aggregations
HttpClient (org.apache.druid.java.util.http.client.HttpClient)36
Test (org.junit.Test)16
CredentialedHttpClient (org.apache.druid.java.util.http.client.CredentialedHttpClient)15
ArrayList (java.util.ArrayList)10
Test (org.testng.annotations.Test)10
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)9
List (java.util.List)9
CuratorFramework (org.apache.curator.framework.CuratorFramework)9
ZkPathsConfig (org.apache.druid.server.initialization.ZkPathsConfig)9
ImmutableList (com.google.common.collect.ImmutableList)8
ScheduledExecutorService (java.util.concurrent.ScheduledExecutorService)8
AtomicReference (java.util.concurrent.atomic.AtomicReference)8
DruidNodeDiscoveryProvider (org.apache.druid.discovery.DruidNodeDiscoveryProvider)8
TaskRunnerListener (org.apache.druid.indexing.overlord.TaskRunnerListener)8
TaskStorage (org.apache.druid.indexing.overlord.TaskStorage)8
HttpRemoteTaskRunnerConfig (org.apache.druid.indexing.overlord.config.HttpRemoteTaskRunnerConfig)8
Worker (org.apache.druid.indexing.worker.Worker)8
IndexerZkConfig (org.apache.druid.server.initialization.IndexerZkConfig)8
DiscoveryDruidNode (org.apache.druid.discovery.DiscoveryDruidNode)7
WorkerNodeService (org.apache.druid.discovery.WorkerNodeService)7
