Search in sources :

Example 6 with AuthorizationService

use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.

the class AuthorizationProducerConsumerTest method testGrantPermission.

@Test
public void testGrantPermission() throws Exception {
    log.info("-- Starting {} test --", methodName);
    conf.setAuthorizationProvider(TestAuthorizationProviderWithGrantPermission.class.getName());
    setup();
    AuthorizationService authorizationService = new AuthorizationService(conf, null);
    TopicName topicName = TopicName.get("persistent://prop/cluster/ns/t1");
    String role = "test-role";
    Assert.assertFalse(authorizationService.canProduce(topicName, role, null));
    Assert.assertFalse(authorizationService.canConsume(topicName, role, null, "sub1"));
    authorizationService.grantPermissionAsync(topicName, null, role, "auth-json").get();
    Assert.assertTrue(authorizationService.canProduce(topicName, role, null));
    Assert.assertTrue(authorizationService.canConsume(topicName, role, null, "sub1"));
    log.info("-- Exiting {} test --", methodName);
}
Also used : AuthorizationService(org.apache.pulsar.broker.authorization.AuthorizationService) TopicName(org.apache.pulsar.common.naming.TopicName) Test(org.testng.annotations.Test)

Example 7 with AuthorizationService

use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.

the class AuthorizationProducerConsumerTest method testAuthData.

@Test
public void testAuthData() throws Exception {
    log.info("-- Starting {} test --", methodName);
    conf.setAuthorizationProvider(TestAuthorizationProviderWithGrantPermission.class.getName());
    setup();
    AuthorizationService authorizationService = new AuthorizationService(conf, null);
    TopicName topicName = TopicName.get("persistent://prop/cluster/ns/t1");
    String role = "test-role";
    authorizationService.grantPermissionAsync(topicName, null, role, "auth-json").get();
    Assert.assertEquals(TestAuthorizationProviderWithGrantPermission.authDataJson, "auth-json");
    Assert.assertTrue(authorizationService.canProduce(topicName, role, new AuthenticationDataCommand("prod-auth")));
    Assert.assertEquals(TestAuthorizationProviderWithGrantPermission.authenticationData.getCommandData(), "prod-auth");
    Assert.assertTrue(authorizationService.canConsume(topicName, role, new AuthenticationDataCommand("cons-auth"), "sub1"));
    Assert.assertEquals(TestAuthorizationProviderWithGrantPermission.authenticationData.getCommandData(), "cons-auth");
    log.info("-- Exiting {} test --", methodName);
}
Also used : AuthenticationDataCommand(org.apache.pulsar.broker.authentication.AuthenticationDataCommand) AuthorizationService(org.apache.pulsar.broker.authorization.AuthorizationService) TopicName(org.apache.pulsar.common.naming.TopicName) Test(org.testng.annotations.Test)

Example 8 with AuthorizationService

use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.

the class DiscoveryService method start.

/**
 * Starts discovery service by initializing zookkeeper and server
 * @throws Exception
 */
public void start() throws Exception {
    discoveryProvider = new BrokerDiscoveryProvider(this.config, getZooKeeperClientFactory());
    this.configurationCacheService = new ConfigurationCacheService(discoveryProvider.globalZkCache);
    ServiceConfiguration serviceConfiguration = PulsarConfigurationLoader.convertFrom(config);
    authenticationService = new AuthenticationService(serviceConfiguration);
    authorizationService = new AuthorizationService(serviceConfiguration, configurationCacheService);
    startServer();
}
Also used : ServiceConfiguration(org.apache.pulsar.broker.ServiceConfiguration) AuthorizationService(org.apache.pulsar.broker.authorization.AuthorizationService) ConfigurationCacheService(org.apache.pulsar.broker.cache.ConfigurationCacheService) AuthenticationService(org.apache.pulsar.broker.authentication.AuthenticationService)

Example 9 with AuthorizationService

use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.

the class ProxyAuthorizationTest method test.

@Test
public void test() throws Exception {
    AuthorizationService auth = service.getAuthorizationService();
    assertEquals(auth.canLookup(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", null), false);
    admin.clusters().createCluster(configClusterName, new ClusterData());
    admin.properties().createProperty("p1", new PropertyAdmin(Lists.newArrayList("role1"), Sets.newHashSet("c1")));
    waitForChange();
    admin.namespaces().createNamespace("p1/c1/ns1");
    waitForChange();
    assertEquals(auth.canLookup(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", null), false);
    admin.namespaces().grantPermissionOnNamespace("p1/c1/ns1", "my-role", EnumSet.of(AuthAction.produce));
    waitForChange();
    assertEquals(auth.canLookup(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", null), true);
    assertEquals(auth.canProduce(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", null), true);
    admin.persistentTopics().grantPermission("persistent://p1/c1/ns1/ds2", "other-role", EnumSet.of(AuthAction.consume));
    waitForChange();
    assertEquals(auth.canLookup(TopicName.get("persistent://p1/c1/ns1/ds2"), "other-role", null), true);
    assertEquals(auth.canProduce(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", null), true);
    assertEquals(auth.canProduce(TopicName.get("persistent://p1/c1/ns1/ds2"), "other-role", null), false);
    assertEquals(auth.canConsume(TopicName.get("persistent://p1/c1/ns1/ds2"), "other-role", null, null), true);
    assertEquals(auth.canConsume(TopicName.get("persistent://p1/c1/ns1/ds2"), "no-access-role", null, null), false);
    assertEquals(auth.canLookup(TopicName.get("persistent://p1/c1/ns1/ds1"), "no-access-role", null), false);
    admin.namespaces().grantPermissionOnNamespace("p1/c1/ns1", "my-role", EnumSet.allOf(AuthAction.class));
    waitForChange();
    assertEquals(auth.canProduce(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", null), true);
    assertEquals(auth.canConsume(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", null, null), true);
    admin.namespaces().deleteNamespace("p1/c1/ns1");
    admin.properties().deleteProperty("p1");
    admin.clusters().deleteCluster("c1");
}
Also used : ClusterData(org.apache.pulsar.common.policies.data.ClusterData) PropertyAdmin(org.apache.pulsar.common.policies.data.PropertyAdmin) AuthorizationService(org.apache.pulsar.broker.authorization.AuthorizationService) AuthAction(org.apache.pulsar.common.policies.data.AuthAction) Test(org.testng.annotations.Test) MockedPulsarServiceBaseTest(org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest)

Example 10 with AuthorizationService

use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.

the class ServerCnxTest method testClusterAccess.

@Test(timeOut = 30000)
public void testClusterAccess() throws Exception {
    svcConfig.setAuthorizationEnabled(true);
    AuthorizationService authorizationService = spy(new AuthorizationService(svcConfig, configCacheService));
    Field providerField = AuthorizationService.class.getDeclaredField("provider");
    providerField.setAccessible(true);
    PulsarAuthorizationProvider authorizationProvider = spy(new PulsarAuthorizationProvider(svcConfig, configCacheService));
    providerField.set(authorizationService, authorizationProvider);
    doReturn(authorizationService).when(brokerService).getAuthorizationService();
    doReturn(true).when(brokerService).isAuthorizationEnabled();
    doReturn(false).when(authorizationProvider).isSuperUser(Mockito.anyString());
    doReturn(CompletableFuture.completedFuture(true)).when(authorizationProvider).checkPermission(any(TopicName.class), Mockito.anyString(), any(AuthAction.class));
    resetChannel();
    setChannelConnected();
    ByteBuf clientCommand = Commands.newProducer(successTopicName, 1, /* producer id */
    1, /* request id */
    "prod-name", Collections.emptyMap());
    channel.writeInbound(clientCommand);
    assertTrue(getResponse() instanceof CommandProducerSuccess);
    resetChannel();
    setChannelConnected();
    clientCommand = Commands.newProducer(topicWithNonLocalCluster, 1, /* producer id */
    1, /* request id */
    "prod-name", Collections.emptyMap());
    channel.writeInbound(clientCommand);
    assertTrue(getResponse() instanceof CommandError);
}
Also used : Field(java.lang.reflect.Field) AuthorizationService(org.apache.pulsar.broker.authorization.AuthorizationService) CommandProducerSuccess(org.apache.pulsar.common.api.proto.PulsarApi.CommandProducerSuccess) PulsarAuthorizationProvider(org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider) CommandError(org.apache.pulsar.common.api.proto.PulsarApi.CommandError) ByteBuf(io.netty.buffer.ByteBuf) TopicName(org.apache.pulsar.common.naming.TopicName) AuthAction(org.apache.pulsar.common.policies.data.AuthAction) Test(org.testng.annotations.Test)

Aggregations

AuthorizationService (org.apache.pulsar.broker.authorization.AuthorizationService)14 Test (org.testng.annotations.Test)10 ByteBuf (io.netty.buffer.ByteBuf)7 ConfigurationCacheService (org.apache.pulsar.broker.cache.ConfigurationCacheService)4 CommandError (org.apache.pulsar.common.api.proto.PulsarApi.CommandError)4 Field (java.lang.reflect.Field)3 AuthenticationService (org.apache.pulsar.broker.authentication.AuthenticationService)3 PulsarAuthorizationProvider (org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider)3 TopicName (org.apache.pulsar.common.naming.TopicName)3 AuthAction (org.apache.pulsar.common.policies.data.AuthAction)3 ServiceConfiguration (org.apache.pulsar.broker.ServiceConfiguration)2 PersistentTopic (org.apache.pulsar.broker.service.persistent.PersistentTopic)2 CommandProducerSuccess (org.apache.pulsar.common.api.proto.PulsarApi.CommandProducerSuccess)2 CommandSuccess (org.apache.pulsar.common.api.proto.PulsarApi.CommandSuccess)2 ClusterData (org.apache.pulsar.common.policies.data.ClusterData)2 PropertyAdmin (org.apache.pulsar.common.policies.data.PropertyAdmin)2 ServerBootstrap (io.netty.bootstrap.ServerBootstrap)1 AdaptiveRecvByteBufAllocator (io.netty.channel.AdaptiveRecvByteBufAllocator)1 IOException (java.io.IOException)1 PulsarServerException (org.apache.pulsar.broker.PulsarServerException)1