Examples with TenantInfoImpl org.apache.pulsar.common.policies.data.TenantInfoImpl used on opensource projects

Search in sources :

Example 96 with TenantInfoImpl

use of org.apache.pulsar.common.policies.data.TenantInfoImpl in project pulsar by apache.

the class AuthenticatedProducerConsumerTest method testTlsSyncProducerAndConsumer.

@Test(dataProvider = "batch")
public void testTlsSyncProducerAndConsumer(int batchMessageDelayMs) throws Exception {
    log.info("-- Starting {} test --", methodName);
    Map<String, String> authParams = new HashMap<>();
    authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
    authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
    Authentication authTls = new AuthenticationTls();
    authTls.configure(authParams);
    internalSetup(authTls);
    admin.clusters().createCluster("test", ClusterData.builder().serviceUrl(pulsar.getWebServiceAddress()).build());
    admin.tenants().createTenant("my-property", new TenantInfoImpl(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet("test")));
    admin.namespaces().createNamespace("my-property/my-ns", Sets.newHashSet("test"));
    testSyncProducerAndConsumer(batchMessageDelayMs);
    log.info("-- Exiting {} test --", methodName);
}
Also used : AuthenticationTls(org.apache.pulsar.client.impl.auth.AuthenticationTls) HashMap(java.util.HashMap) TenantInfoImpl(org.apache.pulsar.common.policies.data.TenantInfoImpl) Test(org.testng.annotations.Test)

Example 97 with TenantInfoImpl

use of org.apache.pulsar.common.policies.data.TenantInfoImpl in project pulsar by apache.

the class AuthenticatedProducerConsumerTest method testDeleteAuthenticationPoliciesOfTopic.

@Test
public void testDeleteAuthenticationPoliciesOfTopic() throws Exception {
    Map<String, String> authParams = new HashMap<>();
    authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
    authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
    Authentication authTls = new AuthenticationTls();
    authTls.configure(authParams);
    internalSetup(authTls);
    admin.clusters().createCluster("test", ClusterData.builder().build());
    admin.tenants().createTenant("p1", new TenantInfoImpl(Collections.emptySet(), new HashSet<>(admin.clusters().getClusters())));
    admin.namespaces().createNamespace("p1/ns1");
    // test for non-partitioned topic
    String topic = "persistent://p1/ns1/topic";
    admin.topics().createNonPartitionedTopic(topic);
    admin.topics().grantPermission(topic, "test-user", EnumSet.of(AuthAction.consume));
    Awaitility.await().untilAsserted(() -> {
        assertTrue(pulsar.getPulsarResources().getNamespaceResources().getPolicies(NamespaceName.get("p1/ns1")).get().auth_policies.getTopicAuthentication().containsKey(topic));
    });
    admin.topics().delete(topic);
    Awaitility.await().untilAsserted(() -> {
        assertFalse(pulsar.getPulsarResources().getNamespaceResources().getPolicies(NamespaceName.get("p1/ns1")).get().auth_policies.getTopicAuthentication().containsKey(topic));
    });
    // test for partitioned topic
    String partitionedTopic = "persistent://p1/ns1/partitioned-topic";
    int numPartitions = 5;
    admin.topics().createPartitionedTopic(partitionedTopic, numPartitions);
    admin.topics().grantPermission(partitionedTopic, "test-user", EnumSet.of(AuthAction.consume));
    Awaitility.await().untilAsserted(() -> {
        assertTrue(pulsar.getPulsarResources().getNamespaceResources().getPolicies(NamespaceName.get("p1/ns1")).get().auth_policies.getTopicAuthentication().containsKey(partitionedTopic));
        for (int i = 0; i < numPartitions; i++) {
            assertTrue(pulsar.getPulsarResources().getNamespaceResources().getPolicies(NamespaceName.get("p1/ns1")).get().auth_policies.getTopicAuthentication().containsKey(TopicName.get(partitionedTopic).getPartition(i).toString()));
        }
    });
    admin.topics().deletePartitionedTopic("persistent://p1/ns1/partitioned-topic");
    Awaitility.await().untilAsserted(() -> {
        assertFalse(pulsar.getPulsarResources().getNamespaceResources().getPolicies(NamespaceName.get("p1/ns1")).get().auth_policies.getTopicAuthentication().containsKey(partitionedTopic));
        for (int i = 0; i < numPartitions; i++) {
            assertFalse(pulsar.getPulsarResources().getNamespaceResources().getPolicies(NamespaceName.get("p1/ns1")).get().auth_policies.getTopicAuthentication().containsKey(TopicName.get(partitionedTopic).getPartition(i).toString()));
        }
    });
    admin.namespaces().deleteNamespace("p1/ns1");
    admin.tenants().deleteTenant("p1");
    admin.clusters().deleteCluster("test");
}
Also used : AuthenticationTls(org.apache.pulsar.client.impl.auth.AuthenticationTls) HashMap(java.util.HashMap) TenantInfoImpl(org.apache.pulsar.common.policies.data.TenantInfoImpl) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 98 with TenantInfoImpl

use of org.apache.pulsar.common.policies.data.TenantInfoImpl in project pulsar by apache.

the class AuthenticationTlsHostnameVerificationTest method setupClient.

protected void setupClient() throws Exception {
    Map<String, String> authParams = new HashMap<>();
    authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
    authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
    Authentication authTls = new AuthenticationTls();
    authTls.configure(authParams);
    admin = spy(PulsarAdmin.builder().serviceHttpUrl(brokerUrlTls.toString()).tlsTrustCertsFilePath(TLS_MIM_TRUST_CERT_FILE_PATH).allowTlsInsecureConnection(true).authentication(authTls).build());
    replacePulsarClient(PulsarClient.builder().serviceUrl(pulsar.getBrokerServiceUrlTls()).statsInterval(0, TimeUnit.SECONDS).tlsTrustCertsFilePath(TLS_MIM_TRUST_CERT_FILE_PATH).allowTlsInsecureConnection(true).authentication(authTls).enableTls(true).enableTlsHostnameVerification(hostnameVerificationEnabled));
    admin.clusters().createCluster("test", ClusterData.builder().serviceUrl(brokerUrl.toString()).build());
    admin.tenants().createTenant("my-property", new TenantInfoImpl(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet("test")));
    admin.namespaces().createNamespace("my-property/my-ns", Sets.newHashSet("test"));
}
Also used : AuthenticationTls(org.apache.pulsar.client.impl.auth.AuthenticationTls) HashMap(java.util.HashMap) TenantInfoImpl(org.apache.pulsar.common.policies.data.TenantInfoImpl)

Example 99 with TenantInfoImpl

use of org.apache.pulsar.common.policies.data.TenantInfoImpl in project pulsar by apache.

the class AuthorizationProducerConsumerTest method testClearBacklogPermission.

@Test
public void testClearBacklogPermission() throws Exception {
    log.info("-- Starting {} test --", methodName);
    conf.setAuthorizationProvider(PulsarAuthorizationProvider.class.getName());
    setup();
    final String tenantRole = "tenant-role";
    final String subscriptionRole = "sub-role";
    final String subscriptionName = "sub1";
    final String namespace = "my-property/my-ns-sub-auth";
    final String topicName = "persistent://" + namespace + "/my-topic";
    Authentication adminAuthentication = new ClientAuthentication("superUser");
    clientAuthProviderSupportedRoles.add(subscriptionRole);
    @Cleanup PulsarAdmin superAdmin = spy(PulsarAdmin.builder().serviceHttpUrl(brokerUrl.toString()).authentication(adminAuthentication).build());
    Authentication tenantAdminAuthentication = new ClientAuthentication(tenantRole);
    @Cleanup PulsarAdmin tenantAdmin = spy(PulsarAdmin.builder().serviceHttpUrl(brokerUrl.toString()).authentication(tenantAdminAuthentication).build());
    Authentication subAdminAuthentication = new ClientAuthentication(subscriptionRole);
    @Cleanup PulsarAdmin sub1Admin = spy(PulsarAdmin.builder().serviceHttpUrl(brokerUrl.toString()).authentication(subAdminAuthentication).build());
    superAdmin.clusters().createCluster("test", ClusterData.builder().serviceUrl(brokerUrl.toString()).build());
    superAdmin.tenants().createTenant("my-property", new TenantInfoImpl(Sets.newHashSet(tenantRole), Sets.newHashSet("test")));
    superAdmin.namespaces().createNamespace(namespace, Sets.newHashSet("test"));
    superAdmin.topics().createPartitionedTopic(topicName, 1);
    assertEquals(tenantAdmin.topics().getPartitionedTopicList(namespace), Lists.newArrayList(topicName));
    // grant topic consume&produce authorization to the subscriptionRole
    superAdmin.topics().grantPermission(topicName, subscriptionRole, Sets.newHashSet(AuthAction.produce, AuthAction.consume));
    replacePulsarClient(PulsarClient.builder().serviceUrl(pulsar.getBrokerServiceUrl()).authentication(subAdminAuthentication));
    @Cleanup Producer<byte[]> batchProducer = pulsarClient.newProducer().topic(topicName).enableBatching(false).create();
    @Cleanup Consumer<byte[]> consumer = pulsarClient.newConsumer().topic(topicName).subscriptionInitialPosition(SubscriptionInitialPosition.Earliest).subscriptionName(subscriptionName).subscribe();
    CompletableFuture<MessageId> completableFuture = new CompletableFuture<>();
    for (int i = 0; i < 10; i++) {
        completableFuture = batchProducer.sendAsync("a".getBytes());
    }
    completableFuture.get();
    assertEquals(sub1Admin.topics().getStats(topicName + "-partition-0").getSubscriptions().get(subscriptionName).getMsgBacklog(), 10);
    // subscriptionRole doesn't have namespace-level authorization, so it will fail to clear backlog
    try {
        sub1Admin.topics().getPartitionedTopicList(namespace);
        fail("should have failed with authorization exception");
    } catch (Exception e) {
        assertTrue(e.getMessage().startsWith("Unauthorized to validateNamespaceOperation for operation [GET_TOPICS]"));
    }
    try {
        sub1Admin.namespaces().clearNamespaceBundleBacklog(namespace, "0x00000000_0xffffffff");
        fail("should have failed with authorization exception");
    } catch (Exception e) {
        assertTrue(e.getMessage().startsWith("Unauthorized to validateNamespaceOperation for operation [CLEAR_BACKLOG]"));
    }
    superAdmin.namespaces().grantPermissionOnNamespace(namespace, subscriptionRole, Sets.newHashSet(AuthAction.consume));
    // now, subscriptionRole have consume authorization on namespace, so it will successfully clear backlog
    assertEquals(sub1Admin.topics().getPartitionedTopicList(namespace), Lists.newArrayList(topicName));
    sub1Admin.namespaces().clearNamespaceBundleBacklog(namespace, "0x00000000_0xffffffff");
    assertEquals(sub1Admin.topics().getStats(topicName + "-partition-0").getSubscriptions().get(subscriptionName).getMsgBacklog(), 0);
    superAdmin.namespaces().revokePermissionsOnNamespace(namespace, subscriptionRole);
    superAdmin.namespaces().grantPermissionOnNamespace(namespace, subscriptionRole, Sets.newHashSet(AuthAction.produce));
    assertEquals(sub1Admin.topics().getPartitionedTopicList(namespace), Lists.newArrayList(topicName));
    log.info("-- Exiting {} test --", methodName);
}
Also used : PulsarAdmin(org.apache.pulsar.client.admin.PulsarAdmin) Cleanup(lombok.Cleanup) TenantInfoImpl(org.apache.pulsar.common.policies.data.TenantInfoImpl) AuthenticationException(javax.naming.AuthenticationException) RestException(org.apache.pulsar.common.util.RestException) IOException(java.io.IOException) ExecutionException(java.util.concurrent.ExecutionException) PulsarServerException(org.apache.pulsar.broker.PulsarServerException) CompletableFuture(java.util.concurrent.CompletableFuture) PulsarAuthorizationProvider(org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider) Test(org.testng.annotations.Test)

Example 100 with TenantInfoImpl

use of org.apache.pulsar.common.policies.data.TenantInfoImpl in project pulsar by apache.

the class AuthorizationProducerConsumerTest method testProducerAndConsumerAuthorization.

/**
 * It verifies plugable authorization service
 *
 * <pre>
 * 1. Client passes correct authorization plugin-name + correct auth role: SUCCESS
 * 2. Client passes correct authorization plugin-name + incorrect auth-role: FAIL
 * 3. Client passes incorrect authorization plugin-name + correct auth-role: FAIL
 * </pre>
 *
 * @throws Exception
 */
@Test
public void testProducerAndConsumerAuthorization() throws Exception {
    log.info("-- Starting {} test --", methodName);
    conf.setAuthorizationProvider(TestAuthorizationProvider.class.getName());
    setup();
    Authentication adminAuthentication = new ClientAuthentication("superUser");
    @Cleanup PulsarAdmin admin = spy(PulsarAdmin.builder().serviceHttpUrl(brokerUrl.toString()).authentication(adminAuthentication).build());
    String lookupUrl = pulsar.getBrokerServiceUrl();
    Authentication authentication = new ClientAuthentication(clientRole);
    Authentication authenticationInvalidRole = new ClientAuthentication("test-role");
    @Cleanup PulsarClient pulsarClient = PulsarClient.builder().serviceUrl(lookupUrl).authentication(authentication).operationTimeout(1000, TimeUnit.MILLISECONDS).build();
    @Cleanup PulsarClient pulsarClientInvalidRole = PulsarClient.builder().serviceUrl(lookupUrl).operationTimeout(1000, TimeUnit.MILLISECONDS).authentication(authenticationInvalidRole).build();
    admin.clusters().createCluster("test", ClusterData.builder().serviceUrl(brokerUrl.toString()).build());
    admin.tenants().createTenant("my-property", new TenantInfoImpl(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet("test")));
    admin.namespaces().createNamespace("my-property/my-ns", Sets.newHashSet("test"));
    // (1) Valid Producer and consumer creation
    Consumer<byte[]> consumer = pulsarClient.newConsumer().topic("persistent://my-property/my-ns/my-topic").subscriptionName("my-subscriber-name").subscribe();
    Producer<byte[]> producer = pulsarClient.newProducer().topic("persistent://my-property/my-ns/my-topic").create();
    consumer.close();
    producer.close();
    // (2) InValid user auth-role will be rejected by authorization service
    try {
        consumer = pulsarClientInvalidRole.newConsumer().topic("persistent://my-property/my-ns/my-topic").subscriptionName("my-subscriber-name").subscribe();
        Assert.fail("should have failed with authorization error");
    } catch (PulsarClientException.AuthorizationException pa) {
    // Ok
    }
    try {
        producer = pulsarClientInvalidRole.newProducer().topic("persistent://my-property/my-ns/my-topic").create();
        Assert.fail("should have failed with authorization error");
    } catch (PulsarClientException.AuthorizationException pa) {
    // Ok
    }
    log.info("-- Exiting {} test --", methodName);
}
Also used : PulsarAdmin(org.apache.pulsar.client.admin.PulsarAdmin) Cleanup(lombok.Cleanup) TenantInfoImpl(org.apache.pulsar.common.policies.data.TenantInfoImpl) Test(org.testng.annotations.Test)

Aggregations

TenantInfoImpl (org.apache.pulsar.common.policies.data.TenantInfoImpl)690 Test (org.testng.annotations.Test)458 MockedPulsarServiceBaseTest (org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest)211 PulsarAdmin (org.apache.pulsar.client.admin.PulsarAdmin)146 BeforeMethod (org.testng.annotations.BeforeMethod)144 Cleanup (lombok.Cleanup)139 PulsarAdminException (org.apache.pulsar.client.admin.PulsarAdminException)136 PulsarClient (org.apache.pulsar.client.api.PulsarClient)91 PulsarClientException (org.apache.pulsar.client.api.PulsarClientException)72 HashSet (java.util.HashSet)55 HashMap (java.util.HashMap)49 ServiceConfiguration (org.apache.pulsar.broker.ServiceConfiguration)48 CompletableFuture (java.util.concurrent.CompletableFuture)41 List (java.util.List)38 PulsarService (org.apache.pulsar.broker.PulsarService)37 AuthAction (org.apache.pulsar.common.policies.data.AuthAction)36 ArrayList (java.util.ArrayList)33 WebTarget (javax.ws.rs.client.WebTarget)33 Policies (org.apache.pulsar.common.policies.data.Policies)33 ClusterData (org.apache.pulsar.common.policies.data.ClusterData)31
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial