Search in sources :

Example 21 with TenantInfoImpl

use of org.apache.pulsar.common.policies.data.TenantInfoImpl in project pulsar by apache.

the class AdminApiTlsAuthTest method testAuthorizedUserAsOriginalPrincipal.

@Test
public void testAuthorizedUserAsOriginalPrincipal() throws Exception {
    try (PulsarAdmin admin = buildAdminClient("admin")) {
        admin.tenants().createTenant("tenant1", new TenantInfoImpl(ImmutableSet.of("proxy", "user1"), ImmutableSet.of("test")));
        admin.namespaces().createNamespace("tenant1/ns1");
    }
    WebTarget root = buildWebClient("proxy");
    Assert.assertEquals(ImmutableSet.of("tenant1/ns1"), root.path("/admin/v2/namespaces").path("tenant1").request(MediaType.APPLICATION_JSON).header("X-Original-Principal", "user1").get(new GenericType<List<String>>() {
    }));
}
Also used : GenericType(javax.ws.rs.core.GenericType) PulsarAdmin(org.apache.pulsar.client.admin.PulsarAdmin) WebTarget(javax.ws.rs.client.WebTarget) TenantInfoImpl(org.apache.pulsar.common.policies.data.TenantInfoImpl) Test(org.testng.annotations.Test) MockedPulsarServiceBaseTest(org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest)

Example 22 with TenantInfoImpl

use of org.apache.pulsar.common.policies.data.TenantInfoImpl in project pulsar by apache.

the class AdminApiTlsAuthTest method testSuperProxyUserAndAdminCanListTenants.

@Test
public void testSuperProxyUserAndAdminCanListTenants() throws Exception {
    try (PulsarAdmin admin = buildAdminClient("admin")) {
        admin.tenants().createTenant("tenant1", new TenantInfoImpl(ImmutableSet.of("user1"), ImmutableSet.of("test")));
    }
    WebTarget root = buildWebClient("superproxy");
    Assert.assertEquals(ImmutableSet.of("tenant1"), root.path("/admin/v2/tenants").request(MediaType.APPLICATION_JSON).header("X-Original-Principal", "admin").get(new GenericType<List<String>>() {
    }));
}
Also used : GenericType(javax.ws.rs.core.GenericType) PulsarAdmin(org.apache.pulsar.client.admin.PulsarAdmin) WebTarget(javax.ws.rs.client.WebTarget) TenantInfoImpl(org.apache.pulsar.common.policies.data.TenantInfoImpl) Test(org.testng.annotations.Test) MockedPulsarServiceBaseTest(org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest)

Example 23 with TenantInfoImpl

use of org.apache.pulsar.common.policies.data.TenantInfoImpl in project pulsar by apache.

the class AdminApiTlsAuthTest method testSuperProxyUserAndNonAdminCannotListTenants.

@Test
public void testSuperProxyUserAndNonAdminCannotListTenants() throws Exception {
    try (PulsarAdmin admin = buildAdminClient("admin")) {
        admin.tenants().createTenant("tenant1", new TenantInfoImpl(ImmutableSet.of("proxy"), ImmutableSet.of("test")));
    }
    WebTarget root = buildWebClient("superproxy");
    try {
        root.path("/admin/v2/tenants").request(MediaType.APPLICATION_JSON).header("X-Original-Principal", "user1").get(new GenericType<List<String>>() {
        });
        Assert.fail("user1 should not be authorized");
    } catch (NotAuthorizedException e) {
    // expected
    }
}
Also used : PulsarAdmin(org.apache.pulsar.client.admin.PulsarAdmin) List(java.util.List) WebTarget(javax.ws.rs.client.WebTarget) NotAuthorizedException(javax.ws.rs.NotAuthorizedException) TenantInfoImpl(org.apache.pulsar.common.policies.data.TenantInfoImpl) Test(org.testng.annotations.Test) MockedPulsarServiceBaseTest(org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest)

Example 24 with TenantInfoImpl

use of org.apache.pulsar.common.policies.data.TenantInfoImpl in project pulsar by apache.

the class AdminApiTlsAuthTest method testAuthorizedUserAsOriginalPrincipalProxyIsSuperUser.

@Test
public void testAuthorizedUserAsOriginalPrincipalProxyIsSuperUser() throws Exception {
    try (PulsarAdmin admin = buildAdminClient("admin")) {
        admin.tenants().createTenant("tenant1", new TenantInfoImpl(ImmutableSet.of("user1"), ImmutableSet.of("test")));
        admin.namespaces().createNamespace("tenant1/ns1");
    }
    WebTarget root = buildWebClient("superproxy");
    Assert.assertEquals(ImmutableSet.of("tenant1/ns1"), root.path("/admin/v2/namespaces").path("tenant1").request(MediaType.APPLICATION_JSON).header("X-Original-Principal", "user1").get(new GenericType<List<String>>() {
    }));
}
Also used : GenericType(javax.ws.rs.core.GenericType) PulsarAdmin(org.apache.pulsar.client.admin.PulsarAdmin) WebTarget(javax.ws.rs.client.WebTarget) TenantInfoImpl(org.apache.pulsar.common.policies.data.TenantInfoImpl) Test(org.testng.annotations.Test) MockedPulsarServiceBaseTest(org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest)

Example 25 with TenantInfoImpl

use of org.apache.pulsar.common.policies.data.TenantInfoImpl in project pulsar by apache.

the class AdminApiTlsAuthTest method testProxyCannotSetOriginalPrincipalAsEmpty.

@Test
public void testProxyCannotSetOriginalPrincipalAsEmpty() throws Exception {
    try (PulsarAdmin admin = buildAdminClient("admin")) {
        admin.tenants().createTenant("tenant1", new TenantInfoImpl(ImmutableSet.of("user1"), ImmutableSet.of("test")));
        admin.namespaces().createNamespace("tenant1/ns1");
    }
    WebTarget root = buildWebClient("proxy");
    try {
        root.path("/admin/v2/namespaces").path("tenant1").request(MediaType.APPLICATION_JSON).header("X-Original-Principal", "").get(new GenericType<List<String>>() {
        });
        Assert.fail("Proxy shouldn't be able to set original principal.");
    } catch (NotAuthorizedException e) {
    // expected
    }
}
Also used : PulsarAdmin(org.apache.pulsar.client.admin.PulsarAdmin) List(java.util.List) WebTarget(javax.ws.rs.client.WebTarget) NotAuthorizedException(javax.ws.rs.NotAuthorizedException) TenantInfoImpl(org.apache.pulsar.common.policies.data.TenantInfoImpl) Test(org.testng.annotations.Test) MockedPulsarServiceBaseTest(org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest)

Aggregations

TenantInfoImpl (org.apache.pulsar.common.policies.data.TenantInfoImpl)690 Test (org.testng.annotations.Test)458 MockedPulsarServiceBaseTest (org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest)211 PulsarAdmin (org.apache.pulsar.client.admin.PulsarAdmin)146 BeforeMethod (org.testng.annotations.BeforeMethod)144 Cleanup (lombok.Cleanup)139 PulsarAdminException (org.apache.pulsar.client.admin.PulsarAdminException)136 PulsarClient (org.apache.pulsar.client.api.PulsarClient)91 PulsarClientException (org.apache.pulsar.client.api.PulsarClientException)72 HashSet (java.util.HashSet)55 HashMap (java.util.HashMap)49 ServiceConfiguration (org.apache.pulsar.broker.ServiceConfiguration)48 CompletableFuture (java.util.concurrent.CompletableFuture)41 List (java.util.List)38 PulsarService (org.apache.pulsar.broker.PulsarService)37 AuthAction (org.apache.pulsar.common.policies.data.AuthAction)36 ArrayList (java.util.ArrayList)33 WebTarget (javax.ws.rs.client.WebTarget)33 Policies (org.apache.pulsar.common.policies.data.Policies)33 ClusterData (org.apache.pulsar.common.policies.data.ClusterData)31