use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.
the class AuthorizationProducerConsumerTest method testGrantPermission.
@Test
public void testGrantPermission() throws Exception {
log.info("-- Starting {} test --", methodName);
conf.setAuthorizationProvider(TestAuthorizationProviderWithGrantPermission.class.getName());
setup();
AuthorizationService authorizationService = new AuthorizationService(conf, null);
TopicName topicName = TopicName.get("persistent://prop/cluster/ns/t1");
String role = "test-role";
Assert.assertFalse(authorizationService.canProduce(topicName, role, null));
Assert.assertFalse(authorizationService.canConsume(topicName, role, null, "sub1"));
authorizationService.grantPermissionAsync(topicName, null, role, "auth-json").get();
Assert.assertTrue(authorizationService.canProduce(topicName, role, null));
Assert.assertTrue(authorizationService.canConsume(topicName, role, null, "sub1"));
log.info("-- Exiting {} test --", methodName);
}
use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.
the class AuthorizationProducerConsumerTest method testAuthData.
@Test
public void testAuthData() throws Exception {
log.info("-- Starting {} test --", methodName);
conf.setAuthorizationProvider(TestAuthorizationProviderWithGrantPermission.class.getName());
setup();
AuthorizationService authorizationService = new AuthorizationService(conf, null);
TopicName topicName = TopicName.get("persistent://prop/cluster/ns/t1");
String role = "test-role";
authorizationService.grantPermissionAsync(topicName, null, role, "auth-json").get();
Assert.assertEquals(TestAuthorizationProviderWithGrantPermission.authDataJson, "auth-json");
Assert.assertTrue(authorizationService.canProduce(topicName, role, new AuthenticationDataCommand("prod-auth")));
Assert.assertEquals(TestAuthorizationProviderWithGrantPermission.authenticationData.getCommandData(), "prod-auth");
Assert.assertTrue(authorizationService.canConsume(topicName, role, new AuthenticationDataCommand("cons-auth"), "sub1"));
Assert.assertEquals(TestAuthorizationProviderWithGrantPermission.authenticationData.getCommandData(), "cons-auth");
log.info("-- Exiting {} test --", methodName);
}
use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.
the class DiscoveryService method start.
/**
* Starts discovery service by initializing zookkeeper and server
* @throws Exception
*/
public void start() throws Exception {
discoveryProvider = new BrokerDiscoveryProvider(this.config, getZooKeeperClientFactory());
this.configurationCacheService = new ConfigurationCacheService(discoveryProvider.globalZkCache);
ServiceConfiguration serviceConfiguration = PulsarConfigurationLoader.convertFrom(config);
authenticationService = new AuthenticationService(serviceConfiguration);
authorizationService = new AuthorizationService(serviceConfiguration, configurationCacheService);
startServer();
}
use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.
the class ProxyAuthorizationTest method test.
@Test
public void test() throws Exception {
AuthorizationService auth = service.getAuthorizationService();
assertEquals(auth.canLookup(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", null), false);
admin.clusters().createCluster(configClusterName, new ClusterData());
admin.properties().createProperty("p1", new PropertyAdmin(Lists.newArrayList("role1"), Sets.newHashSet("c1")));
waitForChange();
admin.namespaces().createNamespace("p1/c1/ns1");
waitForChange();
assertEquals(auth.canLookup(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", null), false);
admin.namespaces().grantPermissionOnNamespace("p1/c1/ns1", "my-role", EnumSet.of(AuthAction.produce));
waitForChange();
assertEquals(auth.canLookup(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", null), true);
assertEquals(auth.canProduce(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", null), true);
admin.persistentTopics().grantPermission("persistent://p1/c1/ns1/ds2", "other-role", EnumSet.of(AuthAction.consume));
waitForChange();
assertEquals(auth.canLookup(TopicName.get("persistent://p1/c1/ns1/ds2"), "other-role", null), true);
assertEquals(auth.canProduce(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", null), true);
assertEquals(auth.canProduce(TopicName.get("persistent://p1/c1/ns1/ds2"), "other-role", null), false);
assertEquals(auth.canConsume(TopicName.get("persistent://p1/c1/ns1/ds2"), "other-role", null, null), true);
assertEquals(auth.canConsume(TopicName.get("persistent://p1/c1/ns1/ds2"), "no-access-role", null, null), false);
assertEquals(auth.canLookup(TopicName.get("persistent://p1/c1/ns1/ds1"), "no-access-role", null), false);
admin.namespaces().grantPermissionOnNamespace("p1/c1/ns1", "my-role", EnumSet.allOf(AuthAction.class));
waitForChange();
assertEquals(auth.canProduce(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", null), true);
assertEquals(auth.canConsume(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", null, null), true);
admin.namespaces().deleteNamespace("p1/c1/ns1");
admin.properties().deleteProperty("p1");
admin.clusters().deleteCluster("c1");
}
use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.
the class ServerCnxTest method testClusterAccess.
@Test(timeOut = 30000)
public void testClusterAccess() throws Exception {
svcConfig.setAuthorizationEnabled(true);
AuthorizationService authorizationService = spy(new AuthorizationService(svcConfig, configCacheService));
Field providerField = AuthorizationService.class.getDeclaredField("provider");
providerField.setAccessible(true);
PulsarAuthorizationProvider authorizationProvider = spy(new PulsarAuthorizationProvider(svcConfig, configCacheService));
providerField.set(authorizationService, authorizationProvider);
doReturn(authorizationService).when(brokerService).getAuthorizationService();
doReturn(true).when(brokerService).isAuthorizationEnabled();
doReturn(false).when(authorizationProvider).isSuperUser(Mockito.anyString());
doReturn(CompletableFuture.completedFuture(true)).when(authorizationProvider).checkPermission(any(TopicName.class), Mockito.anyString(), any(AuthAction.class));
resetChannel();
setChannelConnected();
ByteBuf clientCommand = Commands.newProducer(successTopicName, 1, /* producer id */
1, /* request id */
"prod-name", Collections.emptyMap());
channel.writeInbound(clientCommand);
assertTrue(getResponse() instanceof CommandProducerSuccess);
resetChannel();
setChannelConnected();
clientCommand = Commands.newProducer(topicWithNonLocalCluster, 1, /* producer id */
1, /* request id */
"prod-name", Collections.emptyMap());
channel.writeInbound(clientCommand);
assertTrue(getResponse() instanceof CommandError);
}
Aggregations