Search in sources :

Example 36 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class OverlordResourceTest method expectAuthorizationTokenCheck.

private void expectAuthorizationTokenCheck(String username) {
    AuthenticationResult authenticationResult = new AuthenticationResult(username, "druid", null, null);
    EasyMock.expect(req.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).anyTimes();
    EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
    EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(authenticationResult).atLeastOnce();
    req.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, false);
    EasyMock.expectLastCall().anyTimes();
    req.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
    EasyMock.expectLastCall().anyTimes();
}
Also used : AuthenticationResult(org.apache.druid.server.security.AuthenticationResult)

Example 37 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class OverlordResourceTest method setUp.

@Before
public void setUp() {
    taskRunner = EasyMock.createMock(TaskRunner.class);
    configManager = EasyMock.createMock(JacksonConfigManager.class);
    provisioningStrategy = EasyMock.createMock(ProvisioningStrategy.class);
    taskMaster = EasyMock.createStrictMock(TaskMaster.class);
    taskStorageQueryAdapter = EasyMock.createStrictMock(TaskStorageQueryAdapter.class);
    indexerMetadataStorageAdapter = EasyMock.createStrictMock(IndexerMetadataStorageAdapter.class);
    req = EasyMock.createStrictMock(HttpServletRequest.class);
    workerTaskRunnerQueryAdapter = EasyMock.createStrictMock(WorkerTaskRunnerQueryAdapter.class);
    EasyMock.expect(taskMaster.getTaskRunner()).andReturn(Optional.of(taskRunner)).anyTimes();
    AuthorizerMapper authMapper = new AuthorizerMapper(null) {

        @Override
        public Authorizer getAuthorizer(String name) {
            return new Authorizer() {

                @Override
                public Access authorize(AuthenticationResult authenticationResult, Resource resource, Action action) {
                    final String username = authenticationResult.getIdentity();
                    switch(resource.getName()) {
                        case "allow":
                            return new Access(true);
                        case Datasources.WIKIPEDIA:
                            // Only "Wiki Reader" can read "wikipedia"
                            return new Access(action == Action.READ && Users.WIKI_READER.equals(username));
                        case Datasources.BUZZFEED:
                            // Only "Buzz Reader" can read "buzzfeed"
                            return new Access(action == Action.READ && Users.BUZZ_READER.equals(username));
                        default:
                            return new Access(false);
                    }
                }
            };
        }
    };
    overlordResource = new OverlordResource(taskMaster, taskStorageQueryAdapter, indexerMetadataStorageAdapter, null, configManager, null, authMapper, workerTaskRunnerQueryAdapter, provisioningStrategy);
}
Also used : IndexerMetadataStorageAdapter(org.apache.druid.indexing.overlord.IndexerMetadataStorageAdapter) Action(org.apache.druid.server.security.Action) JacksonConfigManager(org.apache.druid.common.config.JacksonConfigManager) Resource(org.apache.druid.server.security.Resource) Access(org.apache.druid.server.security.Access) TaskStorageQueryAdapter(org.apache.druid.indexing.overlord.TaskStorageQueryAdapter) TaskRunner(org.apache.druid.indexing.overlord.TaskRunner) WorkerTaskRunner(org.apache.druid.indexing.overlord.WorkerTaskRunner) ProvisioningStrategy(org.apache.druid.indexing.overlord.autoscaling.ProvisioningStrategy) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) HttpServletRequest(javax.servlet.http.HttpServletRequest) Authorizer(org.apache.druid.server.security.Authorizer) AuthorizerMapper(org.apache.druid.server.security.AuthorizerMapper) TaskMaster(org.apache.druid.indexing.overlord.TaskMaster) WorkerTaskRunnerQueryAdapter(org.apache.druid.indexing.overlord.WorkerTaskRunnerQueryAdapter) Before(org.junit.Before)

Example 38 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class SupervisorResourceTest method testSpecPost.

@Test
public void testSpecPost() {
    SupervisorSpec spec = new TestSupervisorSpec("my-id", null, null) {

        @Override
        public List<String> getDataSources() {
            return Collections.singletonList("datasource1");
        }
    };
    EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager));
    EasyMock.expect(supervisorManager.createOrUpdateAndStartSupervisor(spec)).andReturn(true);
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(new AuthenticationResult("druid", "druid", null, null)).atLeastOnce();
    request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
    EasyMock.expectLastCall().anyTimes();
    replayAll();
    Response response = supervisorResource.specPost(spec, request);
    verifyAll();
    Assert.assertEquals(200, response.getStatus());
    Assert.assertEquals(ImmutableMap.of("id", "my-id"), response.getEntity());
    resetAll();
    EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.absent());
    replayAll();
    response = supervisorResource.specPost(spec, request);
    verifyAll();
    Assert.assertEquals(503, response.getStatus());
}
Also used : Response(javax.ws.rs.core.Response) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Example 39 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class SupervisorResourceTest method testTerminateAllWithPartialAuthorization.

@Test
public void testTerminateAllWithPartialAuthorization() {
    EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager));
    EasyMock.expect(supervisorManager.getSupervisorIds()).andReturn(SUPERVISOR_IDS).atLeastOnce();
    EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC1.getId())).andReturn(Optional.of(SPEC1));
    EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC2.getId())).andReturn(Optional.of(SPEC2));
    EasyMock.expect(supervisorManager.stopAndRemoveSupervisor(SPEC1.getId())).andReturn(true);
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(new AuthenticationResult("notDruid", "druid", null, null)).atLeastOnce();
    request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
    EasyMock.expectLastCall().anyTimes();
    replayAll();
    Response response = supervisorResource.terminateAll(request);
    Assert.assertEquals(200, response.getStatus());
    Assert.assertEquals(ImmutableMap.of("status", "success"), response.getEntity());
    verifyAll();
}
Also used : Response(javax.ws.rs.core.Response) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Example 40 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class SupervisorResourceTest method testResumeAll.

@Test
public void testResumeAll() {
    EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager));
    EasyMock.expect(supervisorManager.getSupervisorIds()).andReturn(SUPERVISOR_IDS).atLeastOnce();
    EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC1.getId())).andReturn(Optional.of(SPEC1));
    EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC2.getId())).andReturn(Optional.of(SPEC2));
    EasyMock.expect(supervisorManager.suspendOrResumeSupervisor(SPEC1.getId(), false)).andReturn(true);
    EasyMock.expect(supervisorManager.suspendOrResumeSupervisor(SPEC2.getId(), false)).andReturn(true);
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(new AuthenticationResult("druid", "druid", null, null)).atLeastOnce();
    request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
    EasyMock.expectLastCall().anyTimes();
    replayAll();
    Response response = supervisorResource.resumeAll(request);
    Assert.assertEquals(200, response.getStatus());
    Assert.assertEquals(ImmutableMap.of("status", "success"), response.getEntity());
    verifyAll();
}
Also used : Response(javax.ws.rs.core.Response) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Aggregations

AuthenticationResult (org.apache.druid.server.security.AuthenticationResult)58 Test (org.junit.Test)40 Response (javax.ws.rs.core.Response)25 Access (org.apache.druid.server.security.Access)17 HttpServletRequest (javax.servlet.http.HttpServletRequest)16 Resource (org.apache.druid.server.security.Resource)12 HashMap (java.util.HashMap)10 List (java.util.List)10 AuthConfig (org.apache.druid.server.security.AuthConfig)10 Authorizer (org.apache.druid.server.security.Authorizer)10 ImmutableList (com.google.common.collect.ImmutableList)9 Map (java.util.Map)9 HttpServletResponse (javax.servlet.http.HttpServletResponse)8 AuthorizerMapper (org.apache.druid.server.security.AuthorizerMapper)8 FilterChain (javax.servlet.FilterChain)7 Action (org.apache.druid.server.security.Action)7 ArrayList (java.util.ArrayList)6 Set (java.util.Set)6 TreeMap (java.util.TreeMap)6 DefaultObjectMapper (org.apache.druid.jackson.DefaultObjectMapper)6