Example 11 with RemoteConfigurationRegistryClientService
use of org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClientService in project knox by apache.
the class RemoteConfigurationMonitorTest method testZooKeeperConfigMonitorSASLNodesExistWithAcceptableACL.
@Test
public void testZooKeeperConfigMonitorSASLNodesExistWithAcceptableACL() throws Exception {
final String configMonitorName = "zkConfigClient";
final String alias = "zkPass";
// Setup the base GatewayConfig mock
GatewayConfig gc = EasyMock.createNiceMock(GatewayConfig.class);
EasyMock.expect(gc.getGatewayProvidersConfigDir()).andReturn(providersDir.getAbsolutePath()).anyTimes();
EasyMock.expect(gc.getGatewayDescriptorsDir()).andReturn(descriptorsDir.getAbsolutePath()).anyTimes();
EasyMock.expect(gc.getRemoteRegistryConfigurationNames()).andReturn(Collections.singletonList(configMonitorName)).anyTimes();
final String registryConfig = GatewayConfig.REMOTE_CONFIG_REGISTRY_TYPE + "=" + ZooKeeperClientService.TYPE + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_ADDRESS + "=" + zkCluster.getConnectString() + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_PRINCIPAL + "=" + ZK_USERNAME + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_AUTH_TYPE + "=Digest;" + GatewayConfig.REMOTE_CONFIG_REGISTRY_CREDENTIAL_ALIAS + "=" + alias;
EasyMock.expect(gc.getRemoteRegistryConfiguration(configMonitorName)).andReturn(registryConfig).anyTimes();
EasyMock.expect(gc.getRemoteConfigurationMonitorClientName()).andReturn(configMonitorName).anyTimes();
EasyMock.replay(gc);
AliasService aliasService = EasyMock.createNiceMock(AliasService.class);
EasyMock.expect(aliasService.getPasswordFromAliasForGateway(alias)).andReturn(ZK_PASSWORD.toCharArray()).anyTimes();
EasyMock.replay(aliasService);
RemoteConfigurationRegistryClientService clientService = (new ZooKeeperClientServiceProvider()).newInstance();
clientService.setAliasService(aliasService);
clientService.init(gc, Collections.emptyMap());
clientService.start();
RemoteConfigurationMonitorFactory.setClientService(clientService);
RemoteConfigurationMonitor cm = RemoteConfigurationMonitorFactory.get(gc);
assertNotNull("Failed to load RemoteConfigurationMonitor", cm);
List<ACL> acls = Arrays.asList(ANY_AUTHENTICATED_USER_ALL);
client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX);
client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX_CONFIG);
client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX_PROVIDERS);
client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX_DESCRIPTORS);
// Check that the config nodes really do exist (the monitor will NOT create them if they're present)
assertNotNull(client.checkExists().forPath(PATH_KNOX));
assertNotNull(client.checkExists().forPath(PATH_KNOX_CONFIG));
assertNotNull(client.checkExists().forPath(PATH_KNOX_PROVIDERS));
assertNotNull(client.checkExists().forPath(PATH_KNOX_DESCRIPTORS));
try {
cm.start();
} catch (Exception e) {
fail("Failed to start monitor: " + e.getMessage());
}
// Test auth violation
clientService.get(configMonitorName).createEntry("/auth_test/child_node/test1");
assertNull("Creation should have been prevented since write access is not granted to the test client.", client.checkExists().forPath("/auth_test/child_node/test1"));
assertTrue("Creation should have been prevented since write access is not granted to the test client.", client.getChildren().forPath("/auth_test/child_node").isEmpty());
// Validate the expected ACLs on the Knox config znodes (make sure the monitor didn't change them)
List<ACL> expectedACLs = Collections.singletonList(SASL_TESTUSER_ALL);
validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX));
validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_CONFIG));
validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_PROVIDERS));
validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_DESCRIPTORS));
}
Also used :
AliasService(org.apache.knox.gateway.services.security.AliasService)
ZooKeeperClientServiceProvider(org.apache.knox.gateway.service.config.remote.zk.ZooKeeperClientServiceProvider)
RemoteConfigurationRegistryClientService(org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClientService)
ACL(org.apache.zookeeper.data.ACL)
GatewayConfig(org.apache.knox.gateway.config.GatewayConfig)
Test(org.junit.Test)
Aggregations
RemoteConfigurationRegistryClientService (org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClientService)11
Test (org.junit.Test)6
GatewayConfig (org.apache.knox.gateway.config.GatewayConfig)5
AliasService (org.apache.knox.gateway.services.security.AliasService)5
ZooKeeperClientServiceProvider (org.apache.knox.gateway.service.config.remote.zk.ZooKeeperClientServiceProvider)4
DefaultAliasService (org.apache.knox.gateway.services.security.impl.DefaultAliasService)3
DefaultTopologyService (org.apache.knox.gateway.services.topology.impl.DefaultTopologyService)3
ACL (org.apache.zookeeper.data.ACL)3
File (java.io.File)2
RemoteConfigurationRegistryClient (org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClient)2
DefaultMetricsService (org.apache.knox.gateway.services.metrics.impl.DefaultMetricsService)2
DefaultCryptoService (org.apache.knox.gateway.services.security.impl.DefaultCryptoService)2
DefaultKeystoreService (org.apache.knox.gateway.services.security.impl.DefaultKeystoreService)2
JettySSLService (org.apache.knox.gateway.services.security.impl.JettySSLService)2
CuratorFramework (org.apache.curator.framework.CuratorFramework)1
TestingCluster (org.apache.curator.test.TestingCluster)1
Configuration (org.apache.hadoop.conf.Configuration)1
GatewayConfigImpl (org.apache.knox.gateway.config.impl.GatewayConfigImpl)1
DefaultHostMapperService (org.apache.knox.gateway.services.hostmap.impl.DefaultHostMapperService)1
DefaultServiceDefinitionRegistry (org.apache.knox.gateway.services.registry.impl.DefaultServiceDefinitionRegistry)1
