Search in sources :

Example 1 with PulsarAuthorizationProvider

use of org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider in project incubator-pulsar by apache.

the class ServerCnxTest method testNonExistentTopic.

@Test(timeOut = 30000)
public void testNonExistentTopic() throws Exception {
    ZooKeeperDataCache<Policies> zkDataCache = mock(ZooKeeperDataCache.class);
    ConfigurationCacheService configCacheService = mock(ConfigurationCacheService.class);
    doReturn(configCacheService).when(pulsar).getConfigurationCache();
    doReturn(zkDataCache).when(configCacheService).policiesCache();
    doReturn(CompletableFuture.completedFuture(Optional.empty())).when(zkDataCache).getAsync(matches(".*nonexistent.*"));
    AuthorizationService authorizationService = spy(new AuthorizationService(svcConfig, configCacheService));
    doReturn(authorizationService).when(brokerService).getAuthorizationService();
    doReturn(true).when(brokerService).isAuthorizationEnabled();
    svcConfig.setAuthorizationEnabled(true);
    Field providerField = AuthorizationService.class.getDeclaredField("provider");
    providerField.setAccessible(true);
    PulsarAuthorizationProvider authorizationProvider = spy(new PulsarAuthorizationProvider(svcConfig, configCacheService));
    providerField.set(authorizationService, authorizationProvider);
    doReturn(false).when(authorizationProvider).isSuperUser(Mockito.anyString());
    // Test producer creation
    resetChannel();
    setChannelConnected();
    ByteBuf newProducerCmd = Commands.newProducer(nonExistentTopicName, 1, /* producer id */
    1, /* request id */
    "prod-name", Collections.emptyMap());
    channel.writeInbound(newProducerCmd);
    assertTrue(getResponse() instanceof CommandError);
    channel.finish();
    // Test consumer creation
    resetChannel();
    setChannelConnected();
    ByteBuf newSubscribeCmd = // 
    Commands.newSubscribe(// 
    nonExistentTopicName, successSubName, 1, /* consumer id */
    1, /* request id */
    SubType.Exclusive, 0, "test");
    channel.writeInbound(newSubscribeCmd);
    assertTrue(getResponse() instanceof CommandError);
}
Also used : Field(java.lang.reflect.Field) Policies(org.apache.pulsar.common.policies.data.Policies) AuthorizationService(org.apache.pulsar.broker.authorization.AuthorizationService) ConfigurationCacheService(org.apache.pulsar.broker.cache.ConfigurationCacheService) PulsarAuthorizationProvider(org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider) CommandError(org.apache.pulsar.common.api.proto.PulsarApi.CommandError) ByteBuf(io.netty.buffer.ByteBuf) Test(org.testng.annotations.Test)

Example 2 with PulsarAuthorizationProvider

use of org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider in project incubator-pulsar by apache.

the class ServerCnxTest method testClusterAccess.

@Test(timeOut = 30000)
public void testClusterAccess() throws Exception {
    svcConfig.setAuthorizationEnabled(true);
    AuthorizationService authorizationService = spy(new AuthorizationService(svcConfig, configCacheService));
    Field providerField = AuthorizationService.class.getDeclaredField("provider");
    providerField.setAccessible(true);
    PulsarAuthorizationProvider authorizationProvider = spy(new PulsarAuthorizationProvider(svcConfig, configCacheService));
    providerField.set(authorizationService, authorizationProvider);
    doReturn(authorizationService).when(brokerService).getAuthorizationService();
    doReturn(true).when(brokerService).isAuthorizationEnabled();
    doReturn(false).when(authorizationProvider).isSuperUser(Mockito.anyString());
    doReturn(CompletableFuture.completedFuture(true)).when(authorizationProvider).checkPermission(any(TopicName.class), Mockito.anyString(), any(AuthAction.class));
    resetChannel();
    setChannelConnected();
    ByteBuf clientCommand = Commands.newProducer(successTopicName, 1, /* producer id */
    1, /* request id */
    "prod-name", Collections.emptyMap());
    channel.writeInbound(clientCommand);
    assertTrue(getResponse() instanceof CommandProducerSuccess);
    resetChannel();
    setChannelConnected();
    clientCommand = Commands.newProducer(topicWithNonLocalCluster, 1, /* producer id */
    1, /* request id */
    "prod-name", Collections.emptyMap());
    channel.writeInbound(clientCommand);
    assertTrue(getResponse() instanceof CommandError);
}
Also used : Field(java.lang.reflect.Field) AuthorizationService(org.apache.pulsar.broker.authorization.AuthorizationService) CommandProducerSuccess(org.apache.pulsar.common.api.proto.PulsarApi.CommandProducerSuccess) PulsarAuthorizationProvider(org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider) CommandError(org.apache.pulsar.common.api.proto.PulsarApi.CommandError) ByteBuf(io.netty.buffer.ByteBuf) TopicName(org.apache.pulsar.common.naming.TopicName) AuthAction(org.apache.pulsar.common.policies.data.AuthAction) Test(org.testng.annotations.Test)

Example 3 with PulsarAuthorizationProvider

use of org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider in project incubator-pulsar by apache.

the class ServerCnxTest method testNonExistentTopicSuperUserAccess.

@Test(timeOut = 30000)
public void testNonExistentTopicSuperUserAccess() throws Exception {
    AuthorizationService authorizationService = spy(new AuthorizationService(svcConfig, configCacheService));
    doReturn(authorizationService).when(brokerService).getAuthorizationService();
    doReturn(true).when(brokerService).isAuthorizationEnabled();
    Field providerField = AuthorizationService.class.getDeclaredField("provider");
    providerField.setAccessible(true);
    PulsarAuthorizationProvider authorizationProvider = spy(new PulsarAuthorizationProvider(svcConfig, configCacheService));
    providerField.set(authorizationService, authorizationProvider);
    doReturn(true).when(authorizationProvider).isSuperUser(Mockito.anyString());
    // Test producer creation
    resetChannel();
    setChannelConnected();
    ByteBuf newProducerCmd = Commands.newProducer(nonExistentTopicName, 1, /* producer id */
    1, /* request id */
    "prod-name", Collections.emptyMap());
    channel.writeInbound(newProducerCmd);
    assertTrue(getResponse() instanceof CommandProducerSuccess);
    PersistentTopic topicRef = (PersistentTopic) brokerService.getTopicReference(nonExistentTopicName);
    assertNotNull(topicRef);
    assertEquals(topicRef.getProducers().size(), 1);
    channel.finish();
    // Test consumer creation
    resetChannel();
    setChannelConnected();
    ByteBuf newSubscribeCmd = // 
    Commands.newSubscribe(// 
    nonExistentTopicName, successSubName, 1, /* consumer id */
    1, /* request id */
    SubType.Exclusive, 0, "test");
    channel.writeInbound(newSubscribeCmd);
    topicRef = (PersistentTopic) brokerService.getTopicReference(nonExistentTopicName);
    assertNotNull(topicRef);
    assertTrue(topicRef.getSubscriptions().containsKey(successSubName));
    assertTrue(topicRef.getSubscription(successSubName).getDispatcher().isConsumerConnected());
    assertTrue(getResponse() instanceof CommandSuccess);
}
Also used : Field(java.lang.reflect.Field) AuthorizationService(org.apache.pulsar.broker.authorization.AuthorizationService) CommandSuccess(org.apache.pulsar.common.api.proto.PulsarApi.CommandSuccess) PersistentTopic(org.apache.pulsar.broker.service.persistent.PersistentTopic) CommandProducerSuccess(org.apache.pulsar.common.api.proto.PulsarApi.CommandProducerSuccess) PulsarAuthorizationProvider(org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider) ByteBuf(io.netty.buffer.ByteBuf) Test(org.testng.annotations.Test)

Aggregations

ByteBuf (io.netty.buffer.ByteBuf)3 Field (java.lang.reflect.Field)3 AuthorizationService (org.apache.pulsar.broker.authorization.AuthorizationService)3 PulsarAuthorizationProvider (org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider)3 Test (org.testng.annotations.Test)3 CommandError (org.apache.pulsar.common.api.proto.PulsarApi.CommandError)2 CommandProducerSuccess (org.apache.pulsar.common.api.proto.PulsarApi.CommandProducerSuccess)2 ConfigurationCacheService (org.apache.pulsar.broker.cache.ConfigurationCacheService)1 PersistentTopic (org.apache.pulsar.broker.service.persistent.PersistentTopic)1 CommandSuccess (org.apache.pulsar.common.api.proto.PulsarApi.CommandSuccess)1 TopicName (org.apache.pulsar.common.naming.TopicName)1 AuthAction (org.apache.pulsar.common.policies.data.AuthAction)1 Policies (org.apache.pulsar.common.policies.data.Policies)1