use of org.apache.pulsar.common.policies.data.TenantInfoImpl in project pulsar by apache.
the class AdminApiTlsAuthTest method testAuthorizedUserAsOriginalPrincipal.
@Test
public void testAuthorizedUserAsOriginalPrincipal() throws Exception {
try (PulsarAdmin admin = buildAdminClient("admin")) {
admin.tenants().createTenant("tenant1", new TenantInfoImpl(ImmutableSet.of("proxy", "user1"), ImmutableSet.of("test")));
admin.namespaces().createNamespace("tenant1/ns1");
}
WebTarget root = buildWebClient("proxy");
Assert.assertEquals(ImmutableSet.of("tenant1/ns1"), root.path("/admin/v2/namespaces").path("tenant1").request(MediaType.APPLICATION_JSON).header("X-Original-Principal", "user1").get(new GenericType<List<String>>() {
}));
}
use of org.apache.pulsar.common.policies.data.TenantInfoImpl in project pulsar by apache.
the class AdminApiTlsAuthTest method testSuperProxyUserAndAdminCanListTenants.
@Test
public void testSuperProxyUserAndAdminCanListTenants() throws Exception {
try (PulsarAdmin admin = buildAdminClient("admin")) {
admin.tenants().createTenant("tenant1", new TenantInfoImpl(ImmutableSet.of("user1"), ImmutableSet.of("test")));
}
WebTarget root = buildWebClient("superproxy");
Assert.assertEquals(ImmutableSet.of("tenant1"), root.path("/admin/v2/tenants").request(MediaType.APPLICATION_JSON).header("X-Original-Principal", "admin").get(new GenericType<List<String>>() {
}));
}
use of org.apache.pulsar.common.policies.data.TenantInfoImpl in project pulsar by apache.
the class AdminApiTlsAuthTest method testSuperProxyUserAndNonAdminCannotListTenants.
@Test
public void testSuperProxyUserAndNonAdminCannotListTenants() throws Exception {
try (PulsarAdmin admin = buildAdminClient("admin")) {
admin.tenants().createTenant("tenant1", new TenantInfoImpl(ImmutableSet.of("proxy"), ImmutableSet.of("test")));
}
WebTarget root = buildWebClient("superproxy");
try {
root.path("/admin/v2/tenants").request(MediaType.APPLICATION_JSON).header("X-Original-Principal", "user1").get(new GenericType<List<String>>() {
});
Assert.fail("user1 should not be authorized");
} catch (NotAuthorizedException e) {
// expected
}
}
use of org.apache.pulsar.common.policies.data.TenantInfoImpl in project pulsar by apache.
the class AdminApiTlsAuthTest method testAuthorizedUserAsOriginalPrincipalProxyIsSuperUser.
@Test
public void testAuthorizedUserAsOriginalPrincipalProxyIsSuperUser() throws Exception {
try (PulsarAdmin admin = buildAdminClient("admin")) {
admin.tenants().createTenant("tenant1", new TenantInfoImpl(ImmutableSet.of("user1"), ImmutableSet.of("test")));
admin.namespaces().createNamespace("tenant1/ns1");
}
WebTarget root = buildWebClient("superproxy");
Assert.assertEquals(ImmutableSet.of("tenant1/ns1"), root.path("/admin/v2/namespaces").path("tenant1").request(MediaType.APPLICATION_JSON).header("X-Original-Principal", "user1").get(new GenericType<List<String>>() {
}));
}
use of org.apache.pulsar.common.policies.data.TenantInfoImpl in project pulsar by apache.
the class AdminApiTlsAuthTest method testProxyCannotSetOriginalPrincipalAsEmpty.
@Test
public void testProxyCannotSetOriginalPrincipalAsEmpty() throws Exception {
try (PulsarAdmin admin = buildAdminClient("admin")) {
admin.tenants().createTenant("tenant1", new TenantInfoImpl(ImmutableSet.of("user1"), ImmutableSet.of("test")));
admin.namespaces().createNamespace("tenant1/ns1");
}
WebTarget root = buildWebClient("proxy");
try {
root.path("/admin/v2/namespaces").path("tenant1").request(MediaType.APPLICATION_JSON).header("X-Original-Principal", "").get(new GenericType<List<String>>() {
});
Assert.fail("Proxy shouldn't be able to set original principal.");
} catch (NotAuthorizedException e) {
// expected
}
}
Aggregations