Search in sources :

Example 11 with RemoteConfigurationRegistryClientService

use of org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClientService in project knox by apache.

the class RemoteConfigurationMonitorTest method testZooKeeperConfigMonitorSASLNodesExistWithAcceptableACL.

@Test
public void testZooKeeperConfigMonitorSASLNodesExistWithAcceptableACL() throws Exception {
    final String configMonitorName = "zkConfigClient";
    final String alias = "zkPass";
    // Setup the base GatewayConfig mock
    GatewayConfig gc = EasyMock.createNiceMock(GatewayConfig.class);
    EasyMock.expect(gc.getGatewayProvidersConfigDir()).andReturn(providersDir.getAbsolutePath()).anyTimes();
    EasyMock.expect(gc.getGatewayDescriptorsDir()).andReturn(descriptorsDir.getAbsolutePath()).anyTimes();
    EasyMock.expect(gc.getRemoteRegistryConfigurationNames()).andReturn(Collections.singletonList(configMonitorName)).anyTimes();
    final String registryConfig = GatewayConfig.REMOTE_CONFIG_REGISTRY_TYPE + "=" + ZooKeeperClientService.TYPE + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_ADDRESS + "=" + zkCluster.getConnectString() + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_PRINCIPAL + "=" + ZK_USERNAME + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_AUTH_TYPE + "=Digest;" + GatewayConfig.REMOTE_CONFIG_REGISTRY_CREDENTIAL_ALIAS + "=" + alias;
    EasyMock.expect(gc.getRemoteRegistryConfiguration(configMonitorName)).andReturn(registryConfig).anyTimes();
    EasyMock.expect(gc.getRemoteConfigurationMonitorClientName()).andReturn(configMonitorName).anyTimes();
    EasyMock.replay(gc);
    AliasService aliasService = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(aliasService.getPasswordFromAliasForGateway(alias)).andReturn(ZK_PASSWORD.toCharArray()).anyTimes();
    EasyMock.replay(aliasService);
    RemoteConfigurationRegistryClientService clientService = (new ZooKeeperClientServiceProvider()).newInstance();
    clientService.setAliasService(aliasService);
    clientService.init(gc, Collections.emptyMap());
    clientService.start();
    RemoteConfigurationMonitorFactory.setClientService(clientService);
    RemoteConfigurationMonitor cm = RemoteConfigurationMonitorFactory.get(gc);
    assertNotNull("Failed to load RemoteConfigurationMonitor", cm);
    List<ACL> acls = Arrays.asList(ANY_AUTHENTICATED_USER_ALL);
    client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX);
    client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX_CONFIG);
    client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX_PROVIDERS);
    client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX_DESCRIPTORS);
    // Check that the config nodes really do exist (the monitor will NOT create them if they're present)
    assertNotNull(client.checkExists().forPath(PATH_KNOX));
    assertNotNull(client.checkExists().forPath(PATH_KNOX_CONFIG));
    assertNotNull(client.checkExists().forPath(PATH_KNOX_PROVIDERS));
    assertNotNull(client.checkExists().forPath(PATH_KNOX_DESCRIPTORS));
    try {
        cm.start();
    } catch (Exception e) {
        fail("Failed to start monitor: " + e.getMessage());
    }
    // Test auth violation
    clientService.get(configMonitorName).createEntry("/auth_test/child_node/test1");
    assertNull("Creation should have been prevented since write access is not granted to the test client.", client.checkExists().forPath("/auth_test/child_node/test1"));
    assertTrue("Creation should have been prevented since write access is not granted to the test client.", client.getChildren().forPath("/auth_test/child_node").isEmpty());
    // Validate the expected ACLs on the Knox config znodes (make sure the monitor didn't change them)
    List<ACL> expectedACLs = Collections.singletonList(SASL_TESTUSER_ALL);
    validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX));
    validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_CONFIG));
    validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_PROVIDERS));
    validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_DESCRIPTORS));
}
Also used : AliasService(org.apache.knox.gateway.services.security.AliasService) ZooKeeperClientServiceProvider(org.apache.knox.gateway.service.config.remote.zk.ZooKeeperClientServiceProvider) RemoteConfigurationRegistryClientService(org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClientService) ACL(org.apache.zookeeper.data.ACL) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) Test(org.junit.Test)

Aggregations

RemoteConfigurationRegistryClientService (org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClientService)11 Test (org.junit.Test)6 GatewayConfig (org.apache.knox.gateway.config.GatewayConfig)5 AliasService (org.apache.knox.gateway.services.security.AliasService)5 ZooKeeperClientServiceProvider (org.apache.knox.gateway.service.config.remote.zk.ZooKeeperClientServiceProvider)4 DefaultAliasService (org.apache.knox.gateway.services.security.impl.DefaultAliasService)3 DefaultTopologyService (org.apache.knox.gateway.services.topology.impl.DefaultTopologyService)3 ACL (org.apache.zookeeper.data.ACL)3 File (java.io.File)2 RemoteConfigurationRegistryClient (org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClient)2 DefaultMetricsService (org.apache.knox.gateway.services.metrics.impl.DefaultMetricsService)2 DefaultCryptoService (org.apache.knox.gateway.services.security.impl.DefaultCryptoService)2 DefaultKeystoreService (org.apache.knox.gateway.services.security.impl.DefaultKeystoreService)2 JettySSLService (org.apache.knox.gateway.services.security.impl.JettySSLService)2 CuratorFramework (org.apache.curator.framework.CuratorFramework)1 TestingCluster (org.apache.curator.test.TestingCluster)1 Configuration (org.apache.hadoop.conf.Configuration)1 GatewayConfigImpl (org.apache.knox.gateway.config.impl.GatewayConfigImpl)1 DefaultHostMapperService (org.apache.knox.gateway.services.hostmap.impl.DefaultHostMapperService)1 DefaultServiceDefinitionRegistry (org.apache.knox.gateway.services.registry.impl.DefaultServiceDefinitionRegistry)1