Search in sources :

Example 1 with AuthenticationToken

use of org.apache.pulsar.client.impl.auth.AuthenticationToken in project pulsar by apache.

the class PulsarFunctionE2ESecurityTest method testAuthorization.

@Test
public void testAuthorization() throws Exception {
    String token1 = AuthTokenUtils.createToken(secretKey, SUBJECT, Optional.empty());
    String token2 = AuthTokenUtils.createToken(secretKey, "wrong-subject", Optional.empty());
    final String replNamespace = TENANT + "/" + NAMESPACE;
    final String sourceTopic = "persistent://" + replNamespace + "/my-topic1";
    final String sinkTopic = "persistent://" + replNamespace + "/output";
    final String propertyKey = "key";
    final String propertyValue = "value";
    final String functionName = "PulsarFunction-test";
    final String subscriptionName = "test-sub";
    // create user admin client
    AuthenticationToken authToken1 = new AuthenticationToken();
    authToken1.configure("token:" + token1);
    AuthenticationToken authToken2 = new AuthenticationToken();
    authToken2.configure("token:" + token2);
    try (PulsarAdmin admin1 = spy(PulsarAdmin.builder().serviceHttpUrl(brokerServiceUrl).authentication(authToken1).build());
        PulsarAdmin admin2 = spy(PulsarAdmin.builder().serviceHttpUrl(brokerServiceUrl).authentication(authToken2).build())) {
        String jarFilePathUrl = getPulsarApiExamplesJar().toURI().toString();
        FunctionConfig functionConfig = createFunctionConfig(TENANT, NAMESPACE, functionName, sourceTopic, sinkTopic, subscriptionName);
        // creating function should fail since admin1 doesn't have permissions granted yet
        try {
            admin1.functions().createFunctionWithUrl(functionConfig, jarFilePathUrl);
            fail("client admin shouldn't have permissions to create function");
        } catch (PulsarAdminException.NotAuthorizedException e) {
        }
        // grant permissions to admin1
        Set<AuthAction> actions = new HashSet<>();
        actions.add(AuthAction.functions);
        actions.add(AuthAction.produce);
        actions.add(AuthAction.consume);
        superUserAdmin.namespaces().grantPermissionOnNamespace(replNamespace, SUBJECT, actions);
        // user should be able to create function now
        admin1.functions().createFunctionWithUrl(functionConfig, jarFilePathUrl);
        // admin2 should still fail
        try {
            admin2.functions().createFunctionWithUrl(functionConfig, jarFilePathUrl);
            fail("client admin shouldn't have permissions to create function");
        } catch (PulsarAdminException.NotAuthorizedException e) {
        }
        // creating on another tenant should also fail
        try {
            admin2.functions().createFunctionWithUrl(createFunctionConfig(TENANT2, NAMESPACE, functionName, sourceTopic, sinkTopic, subscriptionName), jarFilePathUrl);
            fail("client admin shouldn't have permissions to create function");
        } catch (PulsarAdminException.NotAuthorizedException e) {
        }
        assertTrue(retryStrategically((test) -> {
            try {
                return admin1.functions().getFunctionStatus(TENANT, NAMESPACE, functionName).getNumRunning() == 1 && admin1.topics().getStats(sourceTopic).getSubscriptions().size() == 1;
            } catch (PulsarAdminException e) {
                return false;
            }
        }, 50, 150));
        // validate pulsar sink consumer has started on the topic
        assertEquals(admin1.topics().getStats(sourceTopic).getSubscriptions().size(), 1);
        // create a producer that creates a topic at broker
        try (Producer<String> producer = pulsarClient.newProducer(Schema.STRING).topic(sourceTopic).create();
            Consumer<String> consumer = pulsarClient.newConsumer(Schema.STRING).topic(sinkTopic).subscriptionName("sub").subscribe()) {
            int totalMsgs = 5;
            for (int i = 0; i < totalMsgs; i++) {
                String data = "my-message-" + i;
                producer.newMessage().property(propertyKey, propertyValue).value(data).send();
            }
            retryStrategically((test) -> {
                try {
                    SubscriptionStats subStats = admin1.topics().getStats(sourceTopic).getSubscriptions().get(subscriptionName);
                    return subStats.getUnackedMessages() == 0;
                } catch (PulsarAdminException e) {
                    return false;
                }
            }, 50, 150);
            Message<String> msg = consumer.receive(5, TimeUnit.SECONDS);
            String receivedPropertyValue = msg.getProperty(propertyKey);
            assertEquals(propertyValue, receivedPropertyValue);
            // validate pulsar-sink consumer has consumed all messages and delivered to Pulsar sink but unacked
            // messages
            // due to publish failure
            assertNotEquals(admin1.topics().getStats(sourceTopic).getSubscriptions().values().iterator().next().getUnackedMessages(), totalMsgs);
        }
        // test update functions
        functionConfig.setParallelism(2);
        // admin2 should still fail
        try {
            admin2.functions().updateFunctionWithUrl(functionConfig, jarFilePathUrl);
            fail("client admin shouldn't have permissions to update function");
        } catch (PulsarAdminException.NotAuthorizedException e) {
        }
        admin1.functions().updateFunctionWithUrl(functionConfig, jarFilePathUrl);
        assertTrue(retryStrategically((test) -> {
            try {
                return admin1.functions().getFunctionStatus(TENANT, NAMESPACE, functionName).getNumRunning() == 2;
            } catch (PulsarAdminException e) {
                return false;
            }
        }, 50, 150));
        // test getFunctionInfo
        try {
            admin2.functions().getFunction(TENANT, NAMESPACE, functionName);
            fail("client admin shouldn't have permissions to get function");
        } catch (PulsarAdminException.NotAuthorizedException e) {
        }
        admin1.functions().getFunction(TENANT, NAMESPACE, functionName);
        // test getFunctionInstanceStatus
        try {
            admin2.functions().getFunctionStatus(TENANT, NAMESPACE, functionName, 0);
            fail("client admin shouldn't have permissions to get function status");
        } catch (PulsarAdminException.NotAuthorizedException e) {
        }
        admin1.functions().getFunctionStatus(TENANT, NAMESPACE, functionName, 0);
        // test getFunctionStatus
        try {
            admin2.functions().getFunctionStatus(TENANT, NAMESPACE, functionName);
            fail("client admin shouldn't have permissions to get function status");
        } catch (PulsarAdminException.NotAuthorizedException e) {
        }
        admin1.functions().getFunctionStatus(TENANT, NAMESPACE, functionName);
        // test getFunctionStats
        try {
            admin2.functions().getFunctionStats(TENANT, NAMESPACE, functionName);
            fail("client admin shouldn't have permissions to get function stats");
        } catch (PulsarAdminException.NotAuthorizedException e) {
        }
        admin1.functions().getFunctionStats(TENANT, NAMESPACE, functionName);
        // test getFunctionInstanceStats
        try {
            admin2.functions().getFunctionStats(TENANT, NAMESPACE, functionName, 0);
            fail("client admin shouldn't have permissions to get function stats");
        } catch (PulsarAdminException.NotAuthorizedException e) {
        }
        admin1.functions().getFunctionStats(TENANT, NAMESPACE, functionName, 0);
        // test listFunctions
        try {
            admin2.functions().getFunctions(TENANT, NAMESPACE);
            fail("client admin shouldn't have permissions to list functions");
        } catch (PulsarAdminException.NotAuthorizedException e) {
        }
        admin1.functions().getFunctions(TENANT, NAMESPACE);
        // test triggerFunction
        try {
            admin2.functions().triggerFunction(TENANT, NAMESPACE, functionName, sourceTopic, "foo", null);
            fail("client admin shouldn't have permissions to trigger function");
        } catch (PulsarAdminException.NotAuthorizedException e) {
        }
        admin1.functions().triggerFunction(TENANT, NAMESPACE, functionName, sourceTopic, "foo", null);
        // test restartFunctionInstance
        try {
            admin2.functions().restartFunction(TENANT, NAMESPACE, functionName, 0);
            fail("client admin shouldn't have permissions to restart function instance");
        } catch (PulsarAdminException.NotAuthorizedException e) {
        }
        admin1.functions().restartFunction(TENANT, NAMESPACE, functionName, 0);
        // test restartFunctionInstances
        try {
            admin2.functions().restartFunction(TENANT, NAMESPACE, functionName);
            fail("client admin shouldn't have permissions to restart function");
        } catch (PulsarAdminException.NotAuthorizedException e) {
        }
        admin1.functions().restartFunction(TENANT, NAMESPACE, functionName);
        // test stopFunction instance
        try {
            admin2.functions().stopFunction(TENANT, NAMESPACE, functionName, 0);
            fail("client admin shouldn't have permissions to stop function");
        } catch (PulsarAdminException.NotAuthorizedException e) {
        }
        admin1.functions().stopFunction(TENANT, NAMESPACE, functionName, 0);
        // test stopFunction all instance
        try {
            admin2.functions().stopFunction(TENANT, NAMESPACE, functionName);
            fail("client admin shouldn't have permissions to restart function");
        } catch (PulsarAdminException.NotAuthorizedException e) {
        }
        admin1.functions().stopFunction(TENANT, NAMESPACE, functionName);
        // test startFunction instance
        try {
            admin2.functions().startFunction(TENANT, NAMESPACE, functionName);
            fail("client admin shouldn't have permissions to restart function");
        } catch (PulsarAdminException.NotAuthorizedException e) {
        }
        admin1.functions().restartFunction(TENANT, NAMESPACE, functionName);
        // test startFunction all instances
        try {
            admin2.functions().restartFunction(TENANT, NAMESPACE, functionName);
            fail("client admin shouldn't have permissions to restart function");
        } catch (PulsarAdminException.NotAuthorizedException e) {
        }
        admin1.functions().restartFunction(TENANT, NAMESPACE, functionName);
        // admin2 should still fail
        try {
            admin2.functions().deleteFunction(TENANT, NAMESPACE, functionName);
            fail("client admin shouldn't have permissions to delete function");
        } catch (PulsarAdminException.NotAuthorizedException e) {
        }
        try {
            admin1.functions().deleteFunction(TENANT, NAMESPACE, functionName);
        } catch (PulsarAdminException e) {
            // This happens because the request becomes outdated. Lets retry again
            admin1.functions().deleteFunction(TENANT, NAMESPACE, functionName);
        }
        assertTrue(retryStrategically((test) -> {
            try {
                TopicStats stats = admin1.topics().getStats(sourceTopic);
                boolean done = stats.getSubscriptions().size() == 0;
                if (!done) {
                    log.info("Topic subscription is not cleaned up yet : {}", stats);
                }
                return done;
            } catch (PulsarAdminException e) {
                return false;
            }
        }, 50, 150));
    }
}
Also used : FunctionConfig(org.apache.pulsar.common.functions.FunctionConfig) SubscriptionStats(org.apache.pulsar.common.policies.data.SubscriptionStats) URL(java.net.URL) AuthTokenUtils(org.apache.pulsar.broker.authentication.utils.AuthTokenUtils) ObjectMapperFactory(org.apache.pulsar.common.util.ObjectMapperFactory) Producer(org.apache.pulsar.client.api.Producer) LoggerFactory(org.slf4j.LoggerFactory) Test(org.testng.annotations.Test) ClusterData(org.apache.pulsar.common.policies.data.ClusterData) AfterMethod(org.testng.annotations.AfterMethod) AuthAction(org.apache.pulsar.common.policies.data.AuthAction) Map(java.util.Map) MockedPulsarServiceBaseTest.retryStrategically(org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest.retryStrategically) SignatureAlgorithm(io.jsonwebtoken.SignatureAlgorithm) FunctionConfig(org.apache.pulsar.common.functions.FunctionConfig) ThreadRuntimeFactoryConfig(org.apache.pulsar.functions.runtime.thread.ThreadRuntimeFactoryConfig) Method(java.lang.reflect.Method) Assert.assertNotEquals(org.testng.Assert.assertNotEquals) BeforeMethod(org.testng.annotations.BeforeMethod) Set(java.util.Set) Sets(com.google.common.collect.Sets) Consumer(org.apache.pulsar.client.api.Consumer) FutureUtil(org.apache.pulsar.common.util.FutureUtil) StringUtils.isNotBlank(org.apache.commons.lang3.StringUtils.isNotBlank) LocalBookkeeperEnsemble(org.apache.pulsar.zookeeper.LocalBookkeeperEnsemble) AuthenticationToken(org.apache.pulsar.client.impl.auth.AuthenticationToken) ServiceConfigurationUtils(org.apache.pulsar.broker.ServiceConfigurationUtils) PulsarAuthorizationProvider(org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider) ClientBuilder(org.apache.pulsar.client.api.ClientBuilder) Optional(java.util.Optional) PulsarFunctionE2ETest(org.apache.pulsar.io.PulsarFunctionE2ETest) SecretKey(javax.crypto.SecretKey) SimpleLoadManagerImpl(org.apache.pulsar.broker.loadbalance.impl.SimpleLoadManagerImpl) DataProvider(org.testng.annotations.DataProvider) TopicStats(org.apache.pulsar.common.policies.data.TopicStats) Assert.assertEquals(org.testng.Assert.assertEquals) PulsarFunctionLocalRunTest.getPulsarApiExamplesJar(org.apache.pulsar.functions.worker.PulsarFunctionLocalRunTest.getPulsarApiExamplesJar) PulsarAdmin(org.apache.pulsar.client.admin.PulsarAdmin) Message(org.apache.pulsar.client.api.Message) Mockito.spy(org.mockito.Mockito.spy) HashSet(java.util.HashSet) Lists(com.google.common.collect.Lists) ThreadRuntimeFactory(org.apache.pulsar.functions.runtime.thread.ThreadRuntimeFactory) PulsarClient(org.apache.pulsar.client.api.PulsarClient) TenantInfo(org.apache.pulsar.common.policies.data.TenantInfo) Properties(java.util.Properties) Logger(org.slf4j.Logger) AuthenticationProviderToken(org.apache.pulsar.broker.authentication.AuthenticationProviderToken) JAVA_INSTANCE_JAR_PROPERTY(org.apache.pulsar.functions.utils.functioncache.FunctionCacheEntry.JAVA_INSTANCE_JAR_PROPERTY) ServiceConfiguration(org.apache.pulsar.broker.ServiceConfiguration) PulsarAdminException(org.apache.pulsar.client.admin.PulsarAdminException) Assert.fail(org.testng.Assert.fail) PulsarService(org.apache.pulsar.broker.PulsarService) Schema(org.apache.pulsar.client.api.Schema) TimeUnit(java.util.concurrent.TimeUnit) Assert.assertTrue(org.testng.Assert.assertTrue) BrokerStats(org.apache.pulsar.client.admin.BrokerStats) Collections(java.util.Collections) AuthenticationToken(org.apache.pulsar.client.impl.auth.AuthenticationToken) SubscriptionStats(org.apache.pulsar.common.policies.data.SubscriptionStats) PulsarAdmin(org.apache.pulsar.client.admin.PulsarAdmin) AuthAction(org.apache.pulsar.common.policies.data.AuthAction) PulsarAdminException(org.apache.pulsar.client.admin.PulsarAdminException) TopicStats(org.apache.pulsar.common.policies.data.TopicStats) HashSet(java.util.HashSet) Test(org.testng.annotations.Test) PulsarFunctionE2ETest(org.apache.pulsar.io.PulsarFunctionE2ETest)

Example 2 with AuthenticationToken

use of org.apache.pulsar.client.impl.auth.AuthenticationToken in project mop by streamnative.

the class TokenAuthenticationConfig method afterSetup.

@Override
public void afterSetup() throws Exception {
    AuthenticationToken authToken = new AuthenticationToken();
    authToken.configure("token:" + token);
    pulsarClient = PulsarClient.builder().serviceUrl(brokerUrl.toString()).authentication(authToken).statsInterval(0, TimeUnit.SECONDS).build();
    admin = spy(PulsarAdmin.builder().serviceHttpUrl(brokerUrl.toString()).authentication(authToken).build());
}
Also used : AuthenticationToken(org.apache.pulsar.client.impl.auth.AuthenticationToken)

Example 3 with AuthenticationToken

use of org.apache.pulsar.client.impl.auth.AuthenticationToken in project pulsar by yahoo.

the class PulsarFunctionE2ESecurityTest method setup.

@BeforeMethod
void setup(Method method) throws Exception {
    log.info("--- Setting up method {} ---", method.getName());
    // Start local bookkeeper ensemble
    bkEnsemble = new LocalBookkeeperEnsemble(3, 0, () -> 0);
    bkEnsemble.start();
    config = spy(ServiceConfiguration.class);
    config.setClusterName("use");
    Set<String> superUsers = Sets.newHashSet(ADMIN_SUBJECT);
    config.setSuperUserRoles(superUsers);
    config.setWebServicePort(Optional.of(0));
    config.setZookeeperServers("127.0.0.1" + ":" + bkEnsemble.getZookeeperPort());
    config.setBrokerShutdownTimeoutMs(0L);
    config.setLoadBalancerOverrideBrokerNicSpeedGbps(Optional.of(1.0d));
    config.setBrokerServicePort(Optional.of(0));
    config.setLoadManagerClassName(SimpleLoadManagerImpl.class.getName());
    config.setAdvertisedAddress("localhost");
    config.setAllowAutoTopicCreationType("non-partitioned");
    Set<String> providers = new HashSet<>();
    providers.add(AuthenticationProviderToken.class.getName());
    config.setAuthenticationEnabled(true);
    config.setAuthenticationProviders(providers);
    config.setAuthorizationEnabled(true);
    config.setAuthorizationProvider(PulsarAuthorizationProvider.class.getName());
    config.setAnonymousUserRole(ANONYMOUS_ROLE);
    secretKey = AuthTokenUtils.createSecretKey(SignatureAlgorithm.HS256);
    Properties properties = new Properties();
    properties.setProperty("tokenSecretKey", AuthTokenUtils.encodeKeyBase64(secretKey));
    config.setProperties(properties);
    adminToken = AuthTokenUtils.createToken(secretKey, ADMIN_SUBJECT, Optional.empty());
    config.setBrokerClientAuthenticationPlugin(AuthenticationToken.class.getName());
    config.setBrokerClientAuthenticationParameters("token:" + adminToken);
    functionsWorkerService = createPulsarFunctionWorker(config);
    Optional<WorkerService> functionWorkerService = Optional.of(functionsWorkerService);
    pulsar = new PulsarService(config, workerConfig, functionWorkerService, (exitCode) -> {
    });
    pulsar.start();
    brokerServiceUrl = pulsar.getWebServiceAddress();
    brokerWebServiceUrl = new URL(brokerServiceUrl);
    AuthenticationToken authToken = new AuthenticationToken();
    authToken.configure("token:" + adminToken);
    superUserAdmin = spy(PulsarAdmin.builder().serviceHttpUrl(brokerServiceUrl).authentication(authToken).build());
    brokerStatsClient = superUserAdmin.brokerStats();
    primaryHost = pulsar.getWebServiceAddress();
    // update cluster metadata
    ClusterData clusterData = ClusterData.builder().serviceUrl(brokerWebServiceUrl.toString()).build();
    superUserAdmin.clusters().updateCluster(config.getClusterName(), clusterData);
    ClientBuilder clientBuilder = PulsarClient.builder().serviceUrl(this.workerConfig.getPulsarServiceUrl()).operationTimeout(1000, TimeUnit.MILLISECONDS);
    if (isNotBlank(workerConfig.getBrokerClientAuthenticationPlugin()) && isNotBlank(workerConfig.getBrokerClientAuthenticationParameters())) {
        clientBuilder.authentication(workerConfig.getBrokerClientAuthenticationPlugin(), workerConfig.getBrokerClientAuthenticationParameters());
    }
    if (pulsarClient != null) {
        pulsarClient.close();
    }
    pulsarClient = clientBuilder.build();
    TenantInfo propAdmin = TenantInfo.builder().adminRoles(Collections.singleton(ADMIN_SUBJECT)).allowedClusters(Collections.singleton("use")).build();
    superUserAdmin.tenants().updateTenant(TENANT, propAdmin);
    final String replNamespace = TENANT + "/" + NAMESPACE;
    superUserAdmin.namespaces().createNamespace(replNamespace);
    Set<String> clusters = Sets.newHashSet(Lists.newArrayList("use"));
    superUserAdmin.namespaces().setNamespaceReplicationClusters(replNamespace, clusters);
    // create another test tenant and namespace
    propAdmin = TenantInfo.builder().allowedClusters(Collections.singleton("use")).build();
    superUserAdmin.tenants().createTenant(TENANT2, propAdmin);
    superUserAdmin.namespaces().createNamespace(TENANT2 + "/" + NAMESPACE);
    while (!functionsWorkerService.getLeaderService().isLeader()) {
        Thread.sleep(1000);
    }
}
Also used : SubscriptionStats(org.apache.pulsar.common.policies.data.SubscriptionStats) URL(java.net.URL) AuthTokenUtils(org.apache.pulsar.broker.authentication.utils.AuthTokenUtils) ObjectMapperFactory(org.apache.pulsar.common.util.ObjectMapperFactory) Producer(org.apache.pulsar.client.api.Producer) LoggerFactory(org.slf4j.LoggerFactory) Test(org.testng.annotations.Test) ClusterData(org.apache.pulsar.common.policies.data.ClusterData) AfterMethod(org.testng.annotations.AfterMethod) AuthAction(org.apache.pulsar.common.policies.data.AuthAction) Map(java.util.Map) MockedPulsarServiceBaseTest.retryStrategically(org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest.retryStrategically) SignatureAlgorithm(io.jsonwebtoken.SignatureAlgorithm) FunctionConfig(org.apache.pulsar.common.functions.FunctionConfig) ThreadRuntimeFactoryConfig(org.apache.pulsar.functions.runtime.thread.ThreadRuntimeFactoryConfig) Method(java.lang.reflect.Method) Assert.assertNotEquals(org.testng.Assert.assertNotEquals) BeforeMethod(org.testng.annotations.BeforeMethod) Set(java.util.Set) Sets(com.google.common.collect.Sets) Consumer(org.apache.pulsar.client.api.Consumer) FutureUtil(org.apache.pulsar.common.util.FutureUtil) StringUtils.isNotBlank(org.apache.commons.lang3.StringUtils.isNotBlank) LocalBookkeeperEnsemble(org.apache.pulsar.zookeeper.LocalBookkeeperEnsemble) AuthenticationToken(org.apache.pulsar.client.impl.auth.AuthenticationToken) ServiceConfigurationUtils(org.apache.pulsar.broker.ServiceConfigurationUtils) PulsarAuthorizationProvider(org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider) ClientBuilder(org.apache.pulsar.client.api.ClientBuilder) Optional(java.util.Optional) PulsarFunctionE2ETest(org.apache.pulsar.io.PulsarFunctionE2ETest) SecretKey(javax.crypto.SecretKey) SimpleLoadManagerImpl(org.apache.pulsar.broker.loadbalance.impl.SimpleLoadManagerImpl) DataProvider(org.testng.annotations.DataProvider) TopicStats(org.apache.pulsar.common.policies.data.TopicStats) Assert.assertEquals(org.testng.Assert.assertEquals) PulsarFunctionLocalRunTest.getPulsarApiExamplesJar(org.apache.pulsar.functions.worker.PulsarFunctionLocalRunTest.getPulsarApiExamplesJar) PulsarAdmin(org.apache.pulsar.client.admin.PulsarAdmin) Message(org.apache.pulsar.client.api.Message) Mockito.spy(org.mockito.Mockito.spy) HashSet(java.util.HashSet) Lists(com.google.common.collect.Lists) ThreadRuntimeFactory(org.apache.pulsar.functions.runtime.thread.ThreadRuntimeFactory) PulsarClient(org.apache.pulsar.client.api.PulsarClient) TenantInfo(org.apache.pulsar.common.policies.data.TenantInfo) Properties(java.util.Properties) Logger(org.slf4j.Logger) AuthenticationProviderToken(org.apache.pulsar.broker.authentication.AuthenticationProviderToken) JAVA_INSTANCE_JAR_PROPERTY(org.apache.pulsar.functions.utils.functioncache.FunctionCacheEntry.JAVA_INSTANCE_JAR_PROPERTY) ServiceConfiguration(org.apache.pulsar.broker.ServiceConfiguration) PulsarAdminException(org.apache.pulsar.client.admin.PulsarAdminException) Assert.fail(org.testng.Assert.fail) PulsarService(org.apache.pulsar.broker.PulsarService) Schema(org.apache.pulsar.client.api.Schema) TimeUnit(java.util.concurrent.TimeUnit) Assert.assertTrue(org.testng.Assert.assertTrue) BrokerStats(org.apache.pulsar.client.admin.BrokerStats) Collections(java.util.Collections) AuthenticationToken(org.apache.pulsar.client.impl.auth.AuthenticationToken) AuthenticationProviderToken(org.apache.pulsar.broker.authentication.AuthenticationProviderToken) TenantInfo(org.apache.pulsar.common.policies.data.TenantInfo) Properties(java.util.Properties) LocalBookkeeperEnsemble(org.apache.pulsar.zookeeper.LocalBookkeeperEnsemble) URL(java.net.URL) ClusterData(org.apache.pulsar.common.policies.data.ClusterData) ServiceConfiguration(org.apache.pulsar.broker.ServiceConfiguration) SimpleLoadManagerImpl(org.apache.pulsar.broker.loadbalance.impl.SimpleLoadManagerImpl) PulsarService(org.apache.pulsar.broker.PulsarService) PulsarAuthorizationProvider(org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider) HashSet(java.util.HashSet) ClientBuilder(org.apache.pulsar.client.api.ClientBuilder) BeforeMethod(org.testng.annotations.BeforeMethod)

Example 4 with AuthenticationToken

use of org.apache.pulsar.client.impl.auth.AuthenticationToken in project pulsar by yahoo.

the class ClientConfigurationDataTest method testDoNotPrintSensitiveInfo.

@Test
public void testDoNotPrintSensitiveInfo() throws JsonProcessingException {
    ClientConfigurationData clientConfigurationData = new ClientConfigurationData();
    clientConfigurationData.setTlsTrustStorePassword("xxxx");
    clientConfigurationData.setSocks5ProxyPassword("yyyy");
    clientConfigurationData.setAuthentication(new AuthenticationToken("zzzz"));
    String s = w.writeValueAsString(clientConfigurationData);
    Assert.assertFalse(s.contains("Password"));
    Assert.assertFalse(s.contains("xxxx"));
    Assert.assertFalse(s.contains("yyyy"));
    Assert.assertFalse(s.contains("zzzz"));
}
Also used : AuthenticationToken(org.apache.pulsar.client.impl.auth.AuthenticationToken) Test(org.testng.annotations.Test)

Example 5 with AuthenticationToken

use of org.apache.pulsar.client.impl.auth.AuthenticationToken in project incubator-pulsar by apache.

the class ClearTextFunctionTokenAuthProviderTest method testClearTextAuth.

@Test
public void testClearTextAuth() throws Exception {
    ClearTextFunctionTokenAuthProvider clearTextFunctionTokenAuthProvider = new ClearTextFunctionTokenAuthProvider();
    Function.FunctionDetails funcDetails = Function.FunctionDetails.newBuilder().setTenant("test-tenant").setNamespace("test-ns").setName("test-func").build();
    Optional<FunctionAuthData> functionAuthData = clearTextFunctionTokenAuthProvider.cacheAuthData(funcDetails, new AuthenticationDataSource() {

        @Override
        public boolean hasDataFromCommand() {
            return true;
        }

        @Override
        public String getCommandData() {
            return "test-token";
        }
    });
    Assert.assertTrue(functionAuthData.isPresent());
    Assert.assertEquals(functionAuthData.get().getData(), "test-token".getBytes());
    AuthenticationConfig authenticationConfig = AuthenticationConfig.builder().build();
    clearTextFunctionTokenAuthProvider.configureAuthenticationConfig(authenticationConfig, functionAuthData);
    Assert.assertEquals(authenticationConfig.getClientAuthenticationPlugin(), AuthenticationToken.class.getName());
    Assert.assertEquals(authenticationConfig.getClientAuthenticationParameters(), "token:test-token");
    AuthenticationToken authenticationToken = new AuthenticationToken();
    authenticationToken.configure(authenticationConfig.getClientAuthenticationParameters());
    Assert.assertEquals(authenticationToken.getAuthData().getCommandData(), "test-token");
}
Also used : Function(org.apache.pulsar.functions.proto.Function) AuthenticationConfig(org.apache.pulsar.functions.instance.AuthenticationConfig) AuthenticationToken(org.apache.pulsar.client.impl.auth.AuthenticationToken) AuthenticationDataSource(org.apache.pulsar.broker.authentication.AuthenticationDataSource) Test(org.testng.annotations.Test)

Aggregations

AuthenticationToken (org.apache.pulsar.client.impl.auth.AuthenticationToken)12 Test (org.testng.annotations.Test)11 Lists (com.google.common.collect.Lists)6 Sets (com.google.common.collect.Sets)6 SignatureAlgorithm (io.jsonwebtoken.SignatureAlgorithm)6 Method (java.lang.reflect.Method)6 URL (java.net.URL)6 Collections (java.util.Collections)6 HashSet (java.util.HashSet)6 Map (java.util.Map)6 Optional (java.util.Optional)6 Properties (java.util.Properties)6 Set (java.util.Set)6 TimeUnit (java.util.concurrent.TimeUnit)6 SecretKey (javax.crypto.SecretKey)6 StringUtils.isNotBlank (org.apache.commons.lang3.StringUtils.isNotBlank)6 PulsarService (org.apache.pulsar.broker.PulsarService)6 ServiceConfiguration (org.apache.pulsar.broker.ServiceConfiguration)6 ServiceConfigurationUtils (org.apache.pulsar.broker.ServiceConfigurationUtils)6 MockedPulsarServiceBaseTest.retryStrategically (org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest.retryStrategically)6