use of org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClientService in project knox by apache.
the class RemoteConfigurationMonitorTest method testZooKeeperConfigMonitorSASLNodesExistWithAcceptableACL.
@Test
public void testZooKeeperConfigMonitorSASLNodesExistWithAcceptableACL() throws Exception {
final String configMonitorName = "zkConfigClient";
final String alias = "zkPass";
// Setup the base GatewayConfig mock
GatewayConfig gc = EasyMock.createNiceMock(GatewayConfig.class);
EasyMock.expect(gc.getGatewayProvidersConfigDir()).andReturn(providersDir.getAbsolutePath()).anyTimes();
EasyMock.expect(gc.getGatewayDescriptorsDir()).andReturn(descriptorsDir.getAbsolutePath()).anyTimes();
EasyMock.expect(gc.getRemoteRegistryConfigurationNames()).andReturn(Collections.singletonList(configMonitorName)).anyTimes();
final String registryConfig = GatewayConfig.REMOTE_CONFIG_REGISTRY_TYPE + "=" + ZooKeeperClientService.TYPE + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_ADDRESS + "=" + zkCluster.getConnectString() + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_PRINCIPAL + "=" + ZK_USERNAME + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_AUTH_TYPE + "=Digest;" + GatewayConfig.REMOTE_CONFIG_REGISTRY_CREDENTIAL_ALIAS + "=" + alias;
EasyMock.expect(gc.getRemoteRegistryConfiguration(configMonitorName)).andReturn(registryConfig).anyTimes();
EasyMock.expect(gc.getRemoteConfigurationMonitorClientName()).andReturn(configMonitorName).anyTimes();
EasyMock.replay(gc);
AliasService aliasService = EasyMock.createNiceMock(AliasService.class);
EasyMock.expect(aliasService.getPasswordFromAliasForGateway(alias)).andReturn(ZK_PASSWORD.toCharArray()).anyTimes();
EasyMock.replay(aliasService);
RemoteConfigurationRegistryClientService clientService = (new ZooKeeperClientServiceProvider()).newInstance();
clientService.setAliasService(aliasService);
clientService.init(gc, Collections.emptyMap());
clientService.start();
RemoteConfigurationMonitorFactory.setClientService(clientService);
RemoteConfigurationMonitor cm = RemoteConfigurationMonitorFactory.get(gc);
assertNotNull("Failed to load RemoteConfigurationMonitor", cm);
List<ACL> acls = Arrays.asList(ANY_AUTHENTICATED_USER_ALL);
client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX);
client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX_CONFIG);
client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX_PROVIDERS);
client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX_DESCRIPTORS);
// Check that the config nodes really do exist (the monitor will NOT create them if they're present)
assertNotNull(client.checkExists().forPath(PATH_KNOX));
assertNotNull(client.checkExists().forPath(PATH_KNOX_CONFIG));
assertNotNull(client.checkExists().forPath(PATH_KNOX_PROVIDERS));
assertNotNull(client.checkExists().forPath(PATH_KNOX_DESCRIPTORS));
try {
cm.start();
} catch (Exception e) {
fail("Failed to start monitor: " + e.getMessage());
}
// Test auth violation
clientService.get(configMonitorName).createEntry("/auth_test/child_node/test1");
assertNull("Creation should have been prevented since write access is not granted to the test client.", client.checkExists().forPath("/auth_test/child_node/test1"));
assertTrue("Creation should have been prevented since write access is not granted to the test client.", client.getChildren().forPath("/auth_test/child_node").isEmpty());
// Validate the expected ACLs on the Knox config znodes (make sure the monitor didn't change them)
List<ACL> expectedACLs = Collections.singletonList(SASL_TESTUSER_ALL);
validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX));
validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_CONFIG));
validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_PROVIDERS));
validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_DESCRIPTORS));
}
Aggregations