use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.
the class SupervisorResourceFilterTest method setExpectations.
private void setExpectations(String path, String requestMethod, String datasource, Action expectedAction, boolean userHasAccess) {
expect(containerRequest.getPathSegments()).andReturn(getPathSegments(path)).anyTimes();
expect(containerRequest.getMethod()).andReturn(requestMethod).anyTimes();
SupervisorSpec supervisorSpec = EasyMock.createMock(SupervisorSpec.class);
expect(supervisorSpec.getDataSources()).andReturn(Collections.singletonList(datasource)).anyTimes();
expect(supervisorManager.getSupervisorSpec(datasource)).andReturn(Optional.of(supervisorSpec)).atLeastOnce();
HttpServletRequest servletRequest = EasyMock.createMock(HttpServletRequest.class);
expect(servletRequest.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).anyTimes();
expect(servletRequest.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).anyTimes();
servletRequest.setAttribute(isA(String.class), anyObject());
final String authorizerName = "authorizer";
AuthenticationResult authResult = EasyMock.createMock(AuthenticationResult.class);
expect(authResult.getAuthorizerName()).andReturn(authorizerName).anyTimes();
Authorizer authorizer = EasyMock.createMock(Authorizer.class);
expect(authorizer.authorize(authResult, new Resource(datasource, ResourceType.DATASOURCE), expectedAction)).andReturn(new Access(userHasAccess)).anyTimes();
expect(authorizerMapper.getAuthorizer(authorizerName)).andReturn(authorizer).atLeastOnce();
expect(servletRequest.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(authResult).atLeastOnce();
resourceFilter.setReq(servletRequest);
mocksToVerify = Arrays.asList(authorizerMapper, supervisorSpec, supervisorManager, servletRequest, authorizer, authResult, containerRequest);
replayMocks();
}
use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.
the class SupervisorResourceTest method testSpecGetAllHistoryWithPartialAuthorization.
@Test
public void testSpecGetAllHistoryWithPartialAuthorization() {
List<VersionedSupervisorSpec> versions1 = ImmutableList.of(new VersionedSupervisorSpec(new TestSupervisorSpec("id1", null, Collections.singletonList("datasource1")), "v1"), new VersionedSupervisorSpec(new TestSupervisorSpec("id1", null, Collections.singletonList("datasource1")), "v2"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, Collections.singletonList("datasource1")), "tombstone"));
List<VersionedSupervisorSpec> versions2 = ImmutableList.of(new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v1"), new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v2"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, Collections.singletonList("datasource2")), "tombstone"));
List<VersionedSupervisorSpec> versions3 = ImmutableList.of(new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v1"), new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v2"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, Collections.singletonList("datasource2")), "tombstone"), new VersionedSupervisorSpec(new TestSupervisorSpec("id3", null, Collections.singletonList("datasource3")), "v1"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, Collections.singletonList("datasource3")), "tombstone"));
List<VersionedSupervisorSpec> versions4 = ImmutableList.of(new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v1"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, null), "tombstone"), new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v2"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, null), "tombstone"), new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v3"));
Map<String, List<VersionedSupervisorSpec>> history = new HashMap<>();
history.put("id1", versions1);
history.put("id2", versions2);
history.put("id3", versions3);
history.put("id4", versions4);
EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager)).times(2);
EasyMock.expect(supervisorManager.getSupervisorHistory()).andReturn(history);
EasyMock.expect(supervisorManager.getSupervisorSpec("id1")).andReturn(Optional.of(SPEC1)).atLeastOnce();
EasyMock.expect(supervisorManager.getSupervisorSpec("id2")).andReturn(Optional.of(SPEC2)).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(new AuthenticationResult("wronguser", "druid", null, null)).atLeastOnce();
request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
EasyMock.expectLastCall().anyTimes();
replayAll();
Response response = supervisorResource.specGetAllHistory(request);
Map<String, List<VersionedSupervisorSpec>> filteredHistory = new HashMap<>();
filteredHistory.put("id1", versions1);
filteredHistory.put("id3", ImmutableList.of(new VersionedSupervisorSpec(new TestSupervisorSpec("id3", null, Collections.singletonList("datasource3")), "v1"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, Collections.singletonList("datasource3")), "tombstone")));
filteredHistory.put("id4", ImmutableList.of(new VersionedSupervisorSpec(new NoopSupervisorSpec(null, null), "tombstone"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, null), "tombstone")));
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(filteredHistory, response.getEntity());
resetAll();
EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.absent());
replayAll();
response = supervisorResource.specGetAllHistory(request);
verifyAll();
Assert.assertEquals(503, response.getStatus());
}
use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.
the class SupervisorResourceTest method testSpecGetAllSystem.
@Test
public void testSpecGetAllSystem() {
SupervisorStateManager.State state1 = SupervisorStateManager.BasicState.RUNNING;
SupervisorStateManager.State state2 = SupervisorStateManager.BasicState.SUSPENDED;
EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager));
EasyMock.expect(supervisorManager.getSupervisorIds()).andReturn(SUPERVISOR_IDS).atLeastOnce();
EasyMock.expect(supervisorManager.getSupervisorSpec("id1")).andReturn(Optional.of(SPEC1)).anyTimes();
EasyMock.expect(supervisorManager.getSupervisorSpec("id2")).andReturn(Optional.of(SPEC2)).anyTimes();
EasyMock.expect(supervisorManager.getSupervisorState("id1")).andReturn(Optional.of(state1)).anyTimes();
EasyMock.expect(supervisorManager.getSupervisorState("id2")).andReturn(Optional.of(state2)).anyTimes();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(new AuthenticationResult("druid", "druid", null, null)).atLeastOnce();
request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
EasyMock.expectLastCall().anyTimes();
replayAll();
Response response = supervisorResource.specGetAll(null, null, "", request);
verifyAll();
Assert.assertEquals(200, response.getStatus());
List<SupervisorStatus> specs = (List<SupervisorStatus>) response.getEntity();
specs.sort(Comparator.comparing(SupervisorStatus::getId));
Assert.assertEquals(2, specs.size());
SupervisorStatus spec = specs.get(0);
Assert.assertEquals("id1", spec.getId());
Assert.assertEquals("RUNNING", spec.getState());
Assert.assertEquals("RUNNING", spec.getDetailedState());
Assert.assertEquals(true, spec.isHealthy());
Assert.assertEquals("{\"type\":\"SupervisorResourceTest$TestSupervisorSpec\"}", spec.getSpecString());
Assert.assertEquals("test", spec.getType());
Assert.assertEquals("dummy", spec.getSource());
Assert.assertEquals(false, spec.isSuspended());
}
use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.
the class SupervisorResourceTest method testSuspendAllWithPartialAuthorization.
@Test
public void testSuspendAllWithPartialAuthorization() {
EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager));
EasyMock.expect(supervisorManager.getSupervisorIds()).andReturn(SUPERVISOR_IDS).atLeastOnce();
EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC1.getId())).andReturn(Optional.of(SPEC1));
EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC2.getId())).andReturn(Optional.of(SPEC2));
EasyMock.expect(supervisorManager.suspendOrResumeSupervisor(SPEC1.getId(), true)).andReturn(true);
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(new AuthenticationResult("notDruid", "druid", null, null)).atLeastOnce();
request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
EasyMock.expectLastCall().anyTimes();
replayAll();
Response response = supervisorResource.suspendAll(request);
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(ImmutableMap.of("status", "success"), response.getEntity());
verifyAll();
}
use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.
the class SupervisorResourceTest method testSpecGetHistory.
@Test
public void testSpecGetHistory() {
List<VersionedSupervisorSpec> versions1 = ImmutableList.of(new VersionedSupervisorSpec(new TestSupervisorSpec("id1", null, Collections.singletonList("datasource1")), "v1"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, Collections.singletonList("datasource1")), "tombstone"), new VersionedSupervisorSpec(new TestSupervisorSpec("id1", null, Collections.singletonList("datasource1")), "v2"));
List<VersionedSupervisorSpec> versions2 = ImmutableList.of(new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v1"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, Collections.singletonList("datasource2")), "tombstone"), new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v2"));
EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager)).times(3);
EasyMock.expect(supervisorManager.getSupervisorHistoryForId("id1")).andReturn(versions1).times(1);
EasyMock.expect(supervisorManager.getSupervisorHistoryForId("id2")).andReturn(versions2).times(1);
EasyMock.expect(supervisorManager.getSupervisorHistoryForId("id3")).andReturn(Collections.emptyList()).times(1);
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(new AuthenticationResult("druid", "druid", null, null)).atLeastOnce();
request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
EasyMock.expectLastCall().anyTimes();
replayAll();
Response response = supervisorResource.specGetHistory(request, "id1");
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(versions1, response.getEntity());
response = supervisorResource.specGetHistory(request, "id2");
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(versions2, response.getEntity());
response = supervisorResource.specGetHistory(request, "id3");
Assert.assertEquals(404, response.getStatus());
resetAll();
EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.absent());
replayAll();
response = supervisorResource.specGetHistory(request, "id1");
verifyAll();
Assert.assertEquals(503, response.getStatus());
}
Aggregations