Skip to content

Commit

Permalink
Fix the tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@zymap
zymap committed Dec 15, 2020
1 parent e662769 commit 45cc622
Show file tree
Hide file tree
Showing 4 changed files with 52 additions and 16 deletions.
9 changes: 5 additions & 4 deletions pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/PackagesBase.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ private Void handleError(Throwable throwable, AsyncResponse asyncResponse) {
asyncResponse.resume(new RestException(Response.Status.NOT_FOUND, throwable.getMessage()));
} else if (throwable instanceof WebApplicationException) {
asyncResponse.resume(throwable);
}else {
} else {
asyncResponse.resume(new RestException(Response.Status.INTERNAL_SERVER_ERROR, throwable.getMessage()));
}
return null;
Expand Down Expand Up @@ -167,8 +167,9 @@ private CompletableFuture<Void> checkPermissions(String tenant, String namespace
if (config().isAuthenticationEnabled()) {
String role = clientAppId();
AuthenticationDataSource authenticationData = clientAuthData();
NamespaceName namespaceName;
try {
NamespaceName namespaceName = NamespaceName.get(tenant, namespace);
namespaceName = NamespaceName.get(tenant, namespace);
} catch (Exception e) {
future.completeExceptionally(e);
return future;
Expand All @@ -182,8 +183,8 @@ private CompletableFuture<Void> checkPermissions(String tenant, String namespace
if (hasPermission) {
future.complete(null);
} else {
future.completeExceptionally(new RestException(Response.Status.UNAUTHORIZED,
String.format("Role %s has not the 'package' permission to do the packages operations.", role)));
future.completeExceptionally(new RestException(Response.Status.UNAUTHORIZED, String.format(
"Role %s has not the 'package' permission to do the packages operations.", role)));
}
});
}
Expand Down
43 changes: 31 additions & 12 deletions ...src/test/java/org/apache/pulsar/tests/integration/auth/admin/PackagesOpsWithAuthTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
*/
package org.apache.pulsar.tests.integration.auth.admin;

import com.google.common.io.Files;
import lombok.Cleanup;
import lombok.extern.slf4j.Slf4j;
import org.apache.pulsar.broker.authentication.AuthenticationProviderToken;
Expand All @@ -30,14 +31,16 @@
import org.apache.pulsar.tests.integration.containers.ZKContainer;
import org.apache.pulsar.tests.integration.topologies.PulsarCluster;
import org.apache.pulsar.tests.integration.topologies.PulsarClusterSpec;
import org.apache.pulsar.tests.integration.utils.DockerUtils;
import org.elasticsearch.common.collect.Set;
import org.testcontainers.containers.Network;
import org.testcontainers.shaded.org.apache.commons.lang.RandomStringUtils;
import org.testcontainers.shaded.org.apache.commons.lang.StringUtils;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

import java.io.File;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
Expand All @@ -53,13 +56,16 @@
public class PackagesOpsWithAuthTest {

private static final String CLUSTER_PREFIX = "package-auth";
private static final String PRIVATE_KEY_PATH_INSIDE_CONTAINER = "/tmp/private.key";
private static final String PUBLIC_KEY_PATH_INSIDE_CONTAINER = "/tmp/public.key";

private static final String SUPER_USER_ROLE = "super-user";
private String superUserAuthToken;
private static final String PROXY_ROLE = "proxy";
private String proxyAuthToken;
private static final String REGULAR_USER_ROLE = "client";
private String clientAuthToken;
private File publicKeyFile;

private PulsarCluster pulsarCluster;
private PulsarContainer cmdContainer;
Expand All @@ -69,7 +75,8 @@ public void setup() throws Exception {
// Before starting the cluster, generate the secret key and the token
// Use Zk container to have 1 container available before starting the cluster
final String clusterName = String.format("%s-%s", CLUSTER_PREFIX, RandomStringUtils.randomAlphabetic(6));
cmdContainer = new ZKContainer<>(clusterName);
final String cliContainerName = String.format("%s-%s", "cli", RandomStringUtils.randomAlphabetic(6));
cmdContainer = new ZKContainer<>(cliContainerName);
cmdContainer
.withNetwork(Network.newNetwork())
.withNetworkAliases(ZKContainer.NAME)
Expand All @@ -85,6 +92,8 @@ public void setup() throws Exception {
.clusterName(clusterName)
.brokerEnvs(getBrokerSettingsEnvs())
.proxyEnvs(getProxySettingsEnvs())
.brokerMountFiles(Collections.singletonMap(publicKeyFile.toString(), PUBLIC_KEY_PATH_INSIDE_CONTAINER))
.proxyMountFiles(Collections.singletonMap(publicKeyFile.toString(), PUBLIC_KEY_PATH_INSIDE_CONTAINER))
.build();

pulsarCluster = PulsarCluster.forSpec(spec);
Expand All @@ -94,7 +103,7 @@ public void setup() throws Exception {
@AfterClass
public void teardown() {
if (cmdContainer != null) {
cmdContainer.close();
cmdContainer.stop();
}
if (pulsarCluster != null) {
pulsarCluster.stop();
Expand All @@ -112,6 +121,7 @@ private Map<String, String> getBrokerSettingsEnvs() {
envs.put("brokerClientAuthenticationParameters", String.format("token:%s", superUserAuthToken));
envs.put("authenticationRefreshCheckSeconds", "1");
envs.put("authenticateOriginalAuthData", "true");
envs.put("tokenPublicKey", "file://" + PUBLIC_KEY_PATH_INSIDE_CONTAINER);
return envs;
}

Expand All @@ -124,39 +134,48 @@ private Map<String, String> getProxySettingsEnvs() {
envs.put("brokerClientAuthenticationParameters", String.format("token:%s", proxyAuthToken));
envs.put("authenticationRefreshCheckSeconds", "1");
envs.put("forwardAuthorizationCredentials", "true");
envs.put("tokenPublicKey", "file://" + PUBLIC_KEY_PATH_INSIDE_CONTAINER);
return envs;
}

private void createKeysAndTokens(PulsarContainer container) throws Exception {
String secretKey = container
.execCmd(PulsarCluster.PULSAR_COMMAND_SCRIPT, "tokens", "create-secret-key", "--base64")
protected void createKeysAndTokens(PulsarContainer container) throws Exception {
container
.execCmd(PulsarCluster.PULSAR_COMMAND_SCRIPT, "tokens", "create-key-pair",
"--output-private-key", PRIVATE_KEY_PATH_INSIDE_CONTAINER,
"--output-public-key", PUBLIC_KEY_PATH_INSIDE_CONTAINER);

byte[] publicKeyBytes = DockerUtils
.runCommandWithRawOutput(container.getDockerClient(), container.getContainerId(),
"/bin/cat", PUBLIC_KEY_PATH_INSIDE_CONTAINER)
.getStdout();
log.info("Created secret key: {}", secretKey);

publicKeyFile = File.createTempFile("public-", ".key", new File("/tmp"));
Files.write(publicKeyBytes, publicKeyFile);

clientAuthToken = container
.execCmd(PulsarCluster.PULSAR_COMMAND_SCRIPT, "tokens", "create",
"--secret-key", "data:;base64," + secretKey,
"--private-key", "file://" + PRIVATE_KEY_PATH_INSIDE_CONTAINER,
"--subject", REGULAR_USER_ROLE)
.getStdout().trim();
log.info("Created client token: {}", clientAuthToken);

superUserAuthToken = container
.execCmd(PulsarCluster.PULSAR_COMMAND_SCRIPT, "tokens", "create",
"--secret-key", "data:;base64," + secretKey,
"--private-key", "file://" + PRIVATE_KEY_PATH_INSIDE_CONTAINER,
"--subject", SUPER_USER_ROLE)
.getStdout().trim();
log.info("Created super-user token: {}", superUserAuthToken);

proxyAuthToken = container
.execCmd(PulsarCluster.PULSAR_COMMAND_SCRIPT, "tokens", "create",
"--secret-key", "data:;base64," + secretKey,
"--private-key", "file://" + PRIVATE_KEY_PATH_INSIDE_CONTAINER,
"--subject", PROXY_ROLE)
.getStdout().trim();
log.info("Created proxy token: {}", proxyAuthToken);
}

@Test
public void testPackagesOps(boolean grantPermission) throws Exception {
public void testPackagesOps() throws Exception {
@Cleanup
PulsarAdmin superUserAdmin = PulsarAdmin.builder()
.serviceHttpUrl(pulsarCluster.getHttpServiceUrl())
Expand All @@ -174,7 +193,7 @@ public void testPackagesOps(boolean grantPermission) throws Exception {
List<String> packagesName = clientAdmin.packages().listPackages("function", "public/default");
fail("list package operation should fail because the client hasn't permission to do");
} catch (PulsarAdminException e) {
// expected exception
assertEquals(e.getStatusCode(), 401);
}

// grant package permission to the role
Expand Down
6 changes: 6 additions & 0 deletions ...tegration/src/test/java/org/apache/pulsar/tests/integration/topologies/PulsarCluster.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,9 @@ private PulsarCluster(PulsarClusterSpec spec) {
if (spec.proxyEnvs != null) {
spec.proxyEnvs.forEach(this.proxyContainer::withEnv);
}
if (spec.proxyMountFiles != null) {
spec.proxyMountFiles.forEach(this.proxyContainer::withFileSystemBind);
}

// create bookies
bookieContainers.putAll(
Expand Down Expand Up @@ -174,6 +177,9 @@ private PulsarCluster(PulsarClusterSpec spec) {
if (spec.brokerEnvs != null) {
brokerContainer.withEnv(spec.brokerEnvs);
}
if (spec.brokerMountFiles != null) {
spec.brokerMountFiles.forEach(brokerContainer::withFileSystemBind);
}
return brokerContainer;
}
));
Expand Down
10 changes: 10 additions & 0 deletions ...ation/src/test/java/org/apache/pulsar/tests/integration/topologies/PulsarClusterSpec.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,4 +142,14 @@ public class PulsarClusterSpec {
* Specify envs for broker.
*/
Map<String, String> brokerEnvs;

/**
* Specify mount files.
*/
Map<String, String> proxyMountFiles;

/**
* Specify mount files.
*/
Map<String, String> brokerMountFiles;
}

0 comments on commit 45cc622

Please sign in to comment.