Search in sources :

Example 11 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class SupervisorResourceFilterTest method setExpectations.

private void setExpectations(String path, String requestMethod, String datasource, Action expectedAction, boolean userHasAccess) {
    expect(containerRequest.getPathSegments()).andReturn(getPathSegments(path)).anyTimes();
    expect(containerRequest.getMethod()).andReturn(requestMethod).anyTimes();
    SupervisorSpec supervisorSpec = EasyMock.createMock(SupervisorSpec.class);
    expect(supervisorSpec.getDataSources()).andReturn(Collections.singletonList(datasource)).anyTimes();
    expect(supervisorManager.getSupervisorSpec(datasource)).andReturn(Optional.of(supervisorSpec)).atLeastOnce();
    HttpServletRequest servletRequest = EasyMock.createMock(HttpServletRequest.class);
    expect(servletRequest.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).anyTimes();
    expect(servletRequest.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).anyTimes();
    servletRequest.setAttribute(isA(String.class), anyObject());
    final String authorizerName = "authorizer";
    AuthenticationResult authResult = EasyMock.createMock(AuthenticationResult.class);
    expect(authResult.getAuthorizerName()).andReturn(authorizerName).anyTimes();
    Authorizer authorizer = EasyMock.createMock(Authorizer.class);
    expect(authorizer.authorize(authResult, new Resource(datasource, ResourceType.DATASOURCE), expectedAction)).andReturn(new Access(userHasAccess)).anyTimes();
    expect(authorizerMapper.getAuthorizer(authorizerName)).andReturn(authorizer).atLeastOnce();
    expect(servletRequest.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(authResult).atLeastOnce();
    resourceFilter.setReq(servletRequest);
    mocksToVerify = Arrays.asList(authorizerMapper, supervisorSpec, supervisorManager, servletRequest, authorizer, authResult, containerRequest);
    replayMocks();
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Authorizer(org.apache.druid.server.security.Authorizer) Resource(org.apache.druid.server.security.Resource) Access(org.apache.druid.server.security.Access) SupervisorSpec(org.apache.druid.indexing.overlord.supervisor.SupervisorSpec) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult)

Example 12 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class SupervisorResourceTest method testSpecGetAllHistoryWithPartialAuthorization.

@Test
public void testSpecGetAllHistoryWithPartialAuthorization() {
    List<VersionedSupervisorSpec> versions1 = ImmutableList.of(new VersionedSupervisorSpec(new TestSupervisorSpec("id1", null, Collections.singletonList("datasource1")), "v1"), new VersionedSupervisorSpec(new TestSupervisorSpec("id1", null, Collections.singletonList("datasource1")), "v2"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, Collections.singletonList("datasource1")), "tombstone"));
    List<VersionedSupervisorSpec> versions2 = ImmutableList.of(new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v1"), new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v2"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, Collections.singletonList("datasource2")), "tombstone"));
    List<VersionedSupervisorSpec> versions3 = ImmutableList.of(new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v1"), new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v2"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, Collections.singletonList("datasource2")), "tombstone"), new VersionedSupervisorSpec(new TestSupervisorSpec("id3", null, Collections.singletonList("datasource3")), "v1"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, Collections.singletonList("datasource3")), "tombstone"));
    List<VersionedSupervisorSpec> versions4 = ImmutableList.of(new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v1"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, null), "tombstone"), new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v2"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, null), "tombstone"), new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v3"));
    Map<String, List<VersionedSupervisorSpec>> history = new HashMap<>();
    history.put("id1", versions1);
    history.put("id2", versions2);
    history.put("id3", versions3);
    history.put("id4", versions4);
    EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager)).times(2);
    EasyMock.expect(supervisorManager.getSupervisorHistory()).andReturn(history);
    EasyMock.expect(supervisorManager.getSupervisorSpec("id1")).andReturn(Optional.of(SPEC1)).atLeastOnce();
    EasyMock.expect(supervisorManager.getSupervisorSpec("id2")).andReturn(Optional.of(SPEC2)).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(new AuthenticationResult("wronguser", "druid", null, null)).atLeastOnce();
    request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
    EasyMock.expectLastCall().anyTimes();
    replayAll();
    Response response = supervisorResource.specGetAllHistory(request);
    Map<String, List<VersionedSupervisorSpec>> filteredHistory = new HashMap<>();
    filteredHistory.put("id1", versions1);
    filteredHistory.put("id3", ImmutableList.of(new VersionedSupervisorSpec(new TestSupervisorSpec("id3", null, Collections.singletonList("datasource3")), "v1"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, Collections.singletonList("datasource3")), "tombstone")));
    filteredHistory.put("id4", ImmutableList.of(new VersionedSupervisorSpec(new NoopSupervisorSpec(null, null), "tombstone"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, null), "tombstone")));
    Assert.assertEquals(200, response.getStatus());
    Assert.assertEquals(filteredHistory, response.getEntity());
    resetAll();
    EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.absent());
    replayAll();
    response = supervisorResource.specGetAllHistory(request);
    verifyAll();
    Assert.assertEquals(503, response.getStatus());
}
Also used : Response(javax.ws.rs.core.Response) HashMap(java.util.HashMap) ImmutableList(com.google.common.collect.ImmutableList) List(java.util.List) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Example 13 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class SupervisorResourceTest method testSpecGetAllSystem.

@Test
public void testSpecGetAllSystem() {
    SupervisorStateManager.State state1 = SupervisorStateManager.BasicState.RUNNING;
    SupervisorStateManager.State state2 = SupervisorStateManager.BasicState.SUSPENDED;
    EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager));
    EasyMock.expect(supervisorManager.getSupervisorIds()).andReturn(SUPERVISOR_IDS).atLeastOnce();
    EasyMock.expect(supervisorManager.getSupervisorSpec("id1")).andReturn(Optional.of(SPEC1)).anyTimes();
    EasyMock.expect(supervisorManager.getSupervisorSpec("id2")).andReturn(Optional.of(SPEC2)).anyTimes();
    EasyMock.expect(supervisorManager.getSupervisorState("id1")).andReturn(Optional.of(state1)).anyTimes();
    EasyMock.expect(supervisorManager.getSupervisorState("id2")).andReturn(Optional.of(state2)).anyTimes();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(new AuthenticationResult("druid", "druid", null, null)).atLeastOnce();
    request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
    EasyMock.expectLastCall().anyTimes();
    replayAll();
    Response response = supervisorResource.specGetAll(null, null, "", request);
    verifyAll();
    Assert.assertEquals(200, response.getStatus());
    List<SupervisorStatus> specs = (List<SupervisorStatus>) response.getEntity();
    specs.sort(Comparator.comparing(SupervisorStatus::getId));
    Assert.assertEquals(2, specs.size());
    SupervisorStatus spec = specs.get(0);
    Assert.assertEquals("id1", spec.getId());
    Assert.assertEquals("RUNNING", spec.getState());
    Assert.assertEquals("RUNNING", spec.getDetailedState());
    Assert.assertEquals(true, spec.isHealthy());
    Assert.assertEquals("{\"type\":\"SupervisorResourceTest$TestSupervisorSpec\"}", spec.getSpecString());
    Assert.assertEquals("test", spec.getType());
    Assert.assertEquals("dummy", spec.getSource());
    Assert.assertEquals(false, spec.isSuspended());
}
Also used : Response(javax.ws.rs.core.Response) ImmutableList(com.google.common.collect.ImmutableList) List(java.util.List) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Example 14 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class SupervisorResourceTest method testSuspendAllWithPartialAuthorization.

@Test
public void testSuspendAllWithPartialAuthorization() {
    EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager));
    EasyMock.expect(supervisorManager.getSupervisorIds()).andReturn(SUPERVISOR_IDS).atLeastOnce();
    EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC1.getId())).andReturn(Optional.of(SPEC1));
    EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC2.getId())).andReturn(Optional.of(SPEC2));
    EasyMock.expect(supervisorManager.suspendOrResumeSupervisor(SPEC1.getId(), true)).andReturn(true);
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(new AuthenticationResult("notDruid", "druid", null, null)).atLeastOnce();
    request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
    EasyMock.expectLastCall().anyTimes();
    replayAll();
    Response response = supervisorResource.suspendAll(request);
    Assert.assertEquals(200, response.getStatus());
    Assert.assertEquals(ImmutableMap.of("status", "success"), response.getEntity());
    verifyAll();
}
Also used : Response(javax.ws.rs.core.Response) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Example 15 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class SupervisorResourceTest method testSpecGetHistory.

@Test
public void testSpecGetHistory() {
    List<VersionedSupervisorSpec> versions1 = ImmutableList.of(new VersionedSupervisorSpec(new TestSupervisorSpec("id1", null, Collections.singletonList("datasource1")), "v1"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, Collections.singletonList("datasource1")), "tombstone"), new VersionedSupervisorSpec(new TestSupervisorSpec("id1", null, Collections.singletonList("datasource1")), "v2"));
    List<VersionedSupervisorSpec> versions2 = ImmutableList.of(new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v1"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, Collections.singletonList("datasource2")), "tombstone"), new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v2"));
    EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager)).times(3);
    EasyMock.expect(supervisorManager.getSupervisorHistoryForId("id1")).andReturn(versions1).times(1);
    EasyMock.expect(supervisorManager.getSupervisorHistoryForId("id2")).andReturn(versions2).times(1);
    EasyMock.expect(supervisorManager.getSupervisorHistoryForId("id3")).andReturn(Collections.emptyList()).times(1);
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(new AuthenticationResult("druid", "druid", null, null)).atLeastOnce();
    request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
    EasyMock.expectLastCall().anyTimes();
    replayAll();
    Response response = supervisorResource.specGetHistory(request, "id1");
    Assert.assertEquals(200, response.getStatus());
    Assert.assertEquals(versions1, response.getEntity());
    response = supervisorResource.specGetHistory(request, "id2");
    Assert.assertEquals(200, response.getStatus());
    Assert.assertEquals(versions2, response.getEntity());
    response = supervisorResource.specGetHistory(request, "id3");
    Assert.assertEquals(404, response.getStatus());
    resetAll();
    EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.absent());
    replayAll();
    response = supervisorResource.specGetHistory(request, "id1");
    verifyAll();
    Assert.assertEquals(503, response.getStatus());
}
Also used : Response(javax.ws.rs.core.Response) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Aggregations

AuthenticationResult (org.apache.druid.server.security.AuthenticationResult)58 Test (org.junit.Test)40 Response (javax.ws.rs.core.Response)25 Access (org.apache.druid.server.security.Access)17 HttpServletRequest (javax.servlet.http.HttpServletRequest)16 Resource (org.apache.druid.server.security.Resource)12 HashMap (java.util.HashMap)10 List (java.util.List)10 AuthConfig (org.apache.druid.server.security.AuthConfig)10 Authorizer (org.apache.druid.server.security.Authorizer)10 ImmutableList (com.google.common.collect.ImmutableList)9 Map (java.util.Map)9 HttpServletResponse (javax.servlet.http.HttpServletResponse)8 AuthorizerMapper (org.apache.druid.server.security.AuthorizerMapper)8 FilterChain (javax.servlet.FilterChain)7 Action (org.apache.druid.server.security.Action)7 ArrayList (java.util.ArrayList)6 Set (java.util.Set)6 TreeMap (java.util.TreeMap)6 DefaultObjectMapper (org.apache.druid.jackson.DefaultObjectMapper)6