Examples with ClusterStateContext - org.apache.storm.cluster.ClusterStateContext

Example 6 with ClusterStateContext

use of org.apache.storm.cluster.ClusterStateContext in project storm by apache.

the class AuthTest method workerTokenDigestAuthTest.

@Test
public void workerTokenDigestAuthTest() throws Exception {
    LOG.info("\n\n\t\tworkerTokenDigestAuthTest - START\n\n");
    Nimbus.Iface impl = mock(Nimbus.Iface.class);
    final AtomicReference<ReqContext> user = new AtomicReference<>();
    doAnswer((invocation) -> {
        user.set(new ReqContext(ReqContext.context()));
        return null;
    }).when(impl).activate(anyString());
    Map<String, Object> extraConfs = new HashMap<>();
    // Let worker tokens work on insecure ZK...
    extraConfs.put("TESTING.ONLY.ENABLE.INSECURE.WORKER.TOKENS", true);
    try (InProcessZookeeper zk = new InProcessZookeeper()) {
        withServer(MISSING_CLIENT, DigestSaslTransportPlugin.class, impl, zk, extraConfs, (ThriftServer server, Map<String, Object> conf) -> {
            try (Time.SimulatedTime sim = new Time.SimulatedTime()) {
                conf.put(Config.STORM_NIMBUS_RETRY_TIMES, 0);
                // We cannot connect if there is no client section in the jaas conf...
                try (NimbusClient client = new NimbusClient(conf, "localhost", server.getPort(), NIMBUS_TIMEOUT)) {
                    client.getClient().activate("bad_auth_test_topology");
                    fail("We should not be able to connect without a token...");
                } catch (Exception e) {
                    assert (Utils.exceptionCauseIsInstanceOf(IOException.class, e));
                }
                // Now lets create a token and verify that we can connect...
                IStormClusterState state = ClusterUtils.mkStormClusterState(conf, new ClusterStateContext(DaemonType.NIMBUS, conf));
                WorkerTokenManager wtMan = new WorkerTokenManager(conf, state);
                Subject bob = testConnectWithTokenFor(wtMan, conf, server, "bob", "topo-bob");
                verifyUserIs(user, "bob");
                Time.advanceTimeSecs(TimeUnit.HOURS.toSeconds(12));
                // Alice has no digest jaas section at all...
                Subject alice = testConnectWithTokenFor(wtMan, conf, server, "alice", "topo-alice");
                verifyUserIs(user, "alice");
                Time.advanceTimeSecs(TimeUnit.HOURS.toSeconds(13));
                try {
                    tryConnectAs(conf, server, bob, "bad_auth_test_topology");
                    fail("We should not be able to connect with bad auth");
                } catch (Exception e) {
                    assert (Utils.exceptionCauseIsInstanceOf(TTransportException.class, e));
                }
                tryConnectAs(conf, server, alice, "topo-alice");
                verifyUserIs(user, "alice");
                // Now see if we can create a new token for bob and try again.
                bob = testConnectWithTokenFor(wtMan, conf, server, "bob", "topo-bob");
                verifyUserIs(user, "bob");
                tryConnectAs(conf, server, alice, "topo-alice");
                verifyUserIs(user, "alice");
            }
        });
    }
    verify(impl, times(2)).activate("topo-bob");
    verify(impl, times(3)).activate("topo-alice");
    verify(impl, never()).activate("bad_auth_test_topology");
    LOG.info("\n\n\t\tworkerTokenDigestAuthTest - END\n\n");
}

Also used : InProcessZookeeper(org.apache.storm.testing.InProcessZookeeper) HashMap(java.util.HashMap) AtomicReference(java.util.concurrent.atomic.AtomicReference) Time(org.apache.storm.utils.Time) NimbusClient(org.apache.storm.utils.NimbusClient) PrivilegedActionException(java.security.PrivilegedActionException) IOException(java.io.IOException) TTransportException(org.apache.storm.thrift.transport.TTransportException) Subject(javax.security.auth.Subject) WorkerTokenManager(org.apache.storm.security.auth.workertoken.WorkerTokenManager) Nimbus(org.apache.storm.generated.Nimbus) IStormClusterState(org.apache.storm.cluster.IStormClusterState) HashMap(java.util.HashMap) Map(java.util.Map) ClusterStateContext(org.apache.storm.cluster.ClusterStateContext) Test(org.junit.Test)

Aggregations

ClusterStateContext (org.apache.storm.cluster.ClusterStateContext)6 File (java.io.File)2 IOException (java.io.IOException)2 HashMap (java.util.HashMap)2 IStateStorage (org.apache.storm.cluster.IStateStorage)2 IStormClusterState (org.apache.storm.cluster.IStormClusterState)2 FileNotFoundException (java.io.FileNotFoundException)1 NoSuchFileException (java.nio.file.NoSuchFileException)1 PrivilegedActionException (java.security.PrivilegedActionException)1 Map (java.util.Map)1 Timer (java.util.Timer)1 AtomicReference (java.util.concurrent.atomic.AtomicReference)1 Subject (javax.security.auth.Subject)1 CuratorFramework (org.apache.curator.framework.CuratorFramework)1 DefaultWatcherCallBack (org.apache.storm.callback.DefaultWatcherCallBack)1 AuthorizationException (org.apache.storm.generated.AuthorizationException)1 Credentials (org.apache.storm.generated.Credentials)1 KeyAlreadyExistsException (org.apache.storm.generated.KeyAlreadyExistsException)1 KeyNotFoundException (org.apache.storm.generated.KeyNotFoundException)1 Nimbus (org.apache.storm.generated.Nimbus)1