From b685fa23e7e4d76396dd5c672d57e93acbad8771 Mon Sep 17 00:00:00 2001 From: mukesh-ctds Date: Thu, 28 Mar 2024 17:24:49 +0530 Subject: [PATCH] Deleted test classes --- .../broker/admin/NamespaceAuthZTest.java | 163 --------- .../pulsar/broker/admin/TopicAuthZTest.java | 345 ------------------ 2 files changed, 508 deletions(-) delete mode 100644 pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/NamespaceAuthZTest.java delete mode 100644 pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/TopicAuthZTest.java diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/NamespaceAuthZTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/NamespaceAuthZTest.java deleted file mode 100644 index ce0b925614c55..0000000000000 --- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/NamespaceAuthZTest.java +++ /dev/null @@ -1,163 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.pulsar.broker.admin; - -import io.jsonwebtoken.Jwts; -import lombok.Cleanup; -import lombok.SneakyThrows; -import org.apache.pulsar.client.admin.PulsarAdmin; -import org.apache.pulsar.client.admin.PulsarAdminException; -import org.apache.pulsar.client.impl.auth.AuthenticationToken; -import org.apache.pulsar.common.policies.data.AuthAction; -import org.apache.pulsar.common.policies.data.TenantInfo; -import org.apache.pulsar.security.MockedPulsarStandalone; -import org.testng.Assert; -import org.testng.annotations.AfterClass; -import org.testng.annotations.BeforeClass; -import org.testng.annotations.Test; -import java.util.HashMap; -import java.util.Map; -import java.util.Set; -import java.util.UUID; - -@Test(groups = "broker-admin") -public class NamespaceAuthZTest extends MockedPulsarStandalone { - - private PulsarAdmin superUserAdmin; - - private PulsarAdmin tenantManagerAdmin; - - private static final String TENANT_ADMIN_SUBJECT = UUID.randomUUID().toString(); - private static final String TENANT_ADMIN_TOKEN = Jwts.builder() - .claim("sub", TENANT_ADMIN_SUBJECT).signWith(SECRET_KEY).compact(); - - @SneakyThrows - @BeforeClass - public void before() { - configureTokenAuthentication(); - configureDefaultAuthorization(); - start(); - this.superUserAdmin =PulsarAdmin.builder() - .serviceHttpUrl(getPulsarService().getWebServiceAddress()) - .authentication(new AuthenticationToken(SUPER_USER_TOKEN)) - .build(); - final TenantInfo tenantInfo = superUserAdmin.tenants().getTenantInfo("public"); - tenantInfo.getAdminRoles().add(TENANT_ADMIN_SUBJECT); - superUserAdmin.tenants().updateTenant("public", tenantInfo); - this.tenantManagerAdmin = PulsarAdmin.builder() - .serviceHttpUrl(getPulsarService().getWebServiceAddress()) - .authentication(new AuthenticationToken(TENANT_ADMIN_TOKEN)) - .build(); - } - - - @SneakyThrows - @AfterClass - public void after() { - if (superUserAdmin != null) { - superUserAdmin.close(); - } - if (tenantManagerAdmin != null) { - tenantManagerAdmin.close(); - } - close(); - } - - - @SneakyThrows - @Test - public void testProperties() { - final String random = UUID.randomUUID().toString(); - final String namespace = "public/default"; - final String topic = "persistent://public/default/" + random; - final String subject = UUID.randomUUID().toString(); - final String token = Jwts.builder() - .claim("sub", subject).signWith(SECRET_KEY).compact(); - superUserAdmin.topics().createNonPartitionedTopic(topic); - - @Cleanup - final PulsarAdmin subAdmin = PulsarAdmin.builder() - .serviceHttpUrl(getPulsarService().getWebServiceAddress()) - .authentication(new AuthenticationToken(token)) - .build(); - // test superuser - Map properties = new HashMap<>(); - properties.put("key1", "value1"); - superUserAdmin.namespaces().setProperties(namespace, properties); - superUserAdmin.namespaces().setProperty(namespace, "key2", "value2"); - superUserAdmin.namespaces().getProperties(namespace); - superUserAdmin.namespaces().getProperty(namespace, "key2"); - superUserAdmin.namespaces().removeProperty(namespace, "key2"); - superUserAdmin.namespaces().clearProperties(namespace); - - // test tenant manager - tenantManagerAdmin.namespaces().setProperties(namespace, properties); - tenantManagerAdmin.namespaces().setProperty(namespace, "key2", "value2"); - tenantManagerAdmin.namespaces().getProperties(namespace); - tenantManagerAdmin.namespaces().getProperty(namespace, "key2"); - tenantManagerAdmin.namespaces().removeProperty(namespace, "key2"); - tenantManagerAdmin.namespaces().clearProperties(namespace); - - // test nobody - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.namespaces().setProperties(namespace, properties)); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.namespaces().setProperty(namespace, "key2", "value2")); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.namespaces().getProperties(namespace)); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.namespaces().getProperty(namespace, "key2")); - - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.namespaces().removeProperty(namespace, "key2")); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.namespaces().clearProperties(namespace)); - - for (AuthAction action : AuthAction.values()) { - superUserAdmin.namespaces().grantPermissionOnNamespace(namespace, subject, Set.of(action)); - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.namespaces().setProperties(namespace, properties)); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.namespaces().setProperty(namespace, "key2", "value2")); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.namespaces().getProperties(namespace)); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.namespaces().getProperty(namespace, "key2")); - - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.namespaces().removeProperty(namespace, "key2")); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.namespaces().clearProperties(namespace)); - - superUserAdmin.namespaces().revokePermissionsOnNamespace(namespace, subject); - } - superUserAdmin.topics().delete(topic, true); - } -} diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/TopicAuthZTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/TopicAuthZTest.java deleted file mode 100644 index e23f9bbaf9b30..0000000000000 --- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/TopicAuthZTest.java +++ /dev/null @@ -1,345 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.pulsar.broker.admin; - -import io.jsonwebtoken.Jwts; -import lombok.Cleanup; -import lombok.SneakyThrows; -import org.apache.pulsar.client.admin.PulsarAdmin; -import org.apache.pulsar.client.admin.PulsarAdminException; -import org.apache.pulsar.client.api.MessageId; -import org.apache.pulsar.client.impl.auth.AuthenticationToken; -import org.apache.pulsar.common.naming.TopicName; -import org.apache.pulsar.common.policies.data.AuthAction; -import org.apache.pulsar.common.policies.data.TenantInfo; -import org.apache.pulsar.security.MockedPulsarStandalone; -import org.testng.Assert; -import org.testng.annotations.AfterClass; -import org.testng.annotations.BeforeClass; -import org.testng.annotations.Test; -import java.util.HashMap; -import java.util.Map; -import java.util.Optional; -import java.util.Set; -import java.util.UUID; -import java.util.concurrent.atomic.AtomicInteger; - -@Test(groups = "broker-admin") -public class TopicAuthZTest extends MockedPulsarStandalone { - - private PulsarAdmin superUserAdmin; - - private PulsarAdmin tenantManagerAdmin; - - private static final String TENANT_ADMIN_SUBJECT = UUID.randomUUID().toString(); - private static final String TENANT_ADMIN_TOKEN = Jwts.builder() - .claim("sub", TENANT_ADMIN_SUBJECT).signWith(SECRET_KEY).compact(); - - @SneakyThrows - @BeforeClass - public void before() { - configureTokenAuthentication(); - configureDefaultAuthorization(); - start(); - this.superUserAdmin =PulsarAdmin.builder() - .serviceHttpUrl(getPulsarService().getWebServiceAddress()) - .authentication(new AuthenticationToken(SUPER_USER_TOKEN)) - .build(); - final TenantInfo tenantInfo = superUserAdmin.tenants().getTenantInfo("public"); - tenantInfo.getAdminRoles().add(TENANT_ADMIN_SUBJECT); - superUserAdmin.tenants().updateTenant("public", tenantInfo); - this.tenantManagerAdmin = PulsarAdmin.builder() - .serviceHttpUrl(getPulsarService().getWebServiceAddress()) - .authentication(new AuthenticationToken(TENANT_ADMIN_TOKEN)) - .build(); - } - - - @SneakyThrows - @AfterClass - public void after() { - if (superUserAdmin != null) { - superUserAdmin.close(); - } - if (tenantManagerAdmin != null) { - tenantManagerAdmin.close(); - } - close(); - } - - - @SneakyThrows - @Test - public void testUnloadAndCompactAndTrim() { - final String random = UUID.randomUUID().toString(); - final String topic = "persistent://public/default/" + random; - final String subject = UUID.randomUUID().toString(); - final String token = Jwts.builder() - .claim("sub", subject).signWith(SECRET_KEY).compact(); - superUserAdmin.topics().createPartitionedTopic(topic, 2); - - @Cleanup - final PulsarAdmin subAdmin = PulsarAdmin.builder() - .serviceHttpUrl(getPulsarService().getWebServiceAddress()) - .authentication(new AuthenticationToken(token)) - .build(); - // test superuser - superUserAdmin.topics().unload(topic); - superUserAdmin.topics().triggerCompaction(topic); - superUserAdmin.topics().trimTopic(TopicName.get(topic).getPartition(0).getLocalName()); - superUserAdmin.topicPolicies().getSchemaCompatibilityStrategy(topic, false); - - // test tenant manager - tenantManagerAdmin.topics().unload(topic); - tenantManagerAdmin.topics().triggerCompaction(topic); - tenantManagerAdmin.topics().trimTopic(TopicName.get(topic).getPartition(0).getLocalName()); - tenantManagerAdmin.topicPolicies().getSchemaCompatibilityStrategy(topic, false); - - // test nobody - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().unload(topic)); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().triggerCompaction(topic)); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().trimTopic(TopicName.get(topic).getPartition(0).getLocalName())); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topicPolicies().getSchemaCompatibilityStrategy(topic, false)); - - // Test only super/admin can do the operation, other auth are not permitted. - for (AuthAction action : AuthAction.values()) { - superUserAdmin.topics().grantPermission(topic, subject, Set.of(action)); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().unload(topic)); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().triggerCompaction(topic)); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().trimTopic(topic)); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topicPolicies().getSchemaCompatibilityStrategy(topic, false)); - - superUserAdmin.topics().revokePermissions(topic, subject); - } - superUserAdmin.topics().deletePartitionedTopic(topic, true); - } - - @Test - @SneakyThrows - public void testGetManagedLedgerInfo() { - final String random = UUID.randomUUID().toString(); - final String topic = "persistent://public/default/" + random; - final String subject = UUID.randomUUID().toString(); - final String token = Jwts.builder() - .claim("sub", subject).signWith(SECRET_KEY).compact(); - superUserAdmin.topics().createPartitionedTopic(topic, 2); - - @Cleanup - final PulsarAdmin subAdmin = PulsarAdmin.builder() - .serviceHttpUrl(getPulsarService().getWebServiceAddress()) - .authentication(new AuthenticationToken(token)) - .build(); - // test superuser - superUserAdmin.topics().getInternalInfo(topic); - - // test tenant manager - tenantManagerAdmin.topics().getInternalInfo(topic); - - // test nobody - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().getInternalInfo(topic)); - - for (AuthAction action : AuthAction.values()) { - superUserAdmin.topics().grantPermission(topic, subject, Set.of(action)); - if (action == AuthAction.produce || action == AuthAction.consume) { - subAdmin.topics().getInternalInfo(topic); - } else { - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().getInternalInfo(topic)); - } - superUserAdmin.topics().revokePermissions(topic, subject); - } - superUserAdmin.topics().deletePartitionedTopic(topic, true); - } - - @Test - @SneakyThrows - public void testGetPartitionedStatsAndInternalStats() { - final String random = UUID.randomUUID().toString(); - final String topic = "persistent://public/default/" + random; - final String subject = UUID.randomUUID().toString(); - final String token = Jwts.builder() - .claim("sub", subject).signWith(SECRET_KEY).compact(); - superUserAdmin.topics().createPartitionedTopic(topic, 2); - - @Cleanup - final PulsarAdmin subAdmin = PulsarAdmin.builder() - .serviceHttpUrl(getPulsarService().getWebServiceAddress()) - .authentication(new AuthenticationToken(token)) - .build(); - // test superuser - superUserAdmin.topics().getPartitionedStats(topic, false); - superUserAdmin.topics().getPartitionedInternalStats(topic); - - // test tenant manager - tenantManagerAdmin.topics().getPartitionedStats(topic, false); - tenantManagerAdmin.topics().getPartitionedInternalStats(topic); - - // test nobody - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().getPartitionedStats(topic, false)); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().getPartitionedInternalStats(topic)); - - for (AuthAction action : AuthAction.values()) { - superUserAdmin.topics().grantPermission(topic, subject, Set.of(action)); - if (action == AuthAction.produce || action == AuthAction.consume) { - subAdmin.topics().getPartitionedStats(topic, false); - subAdmin.topics().getPartitionedInternalStats(topic); - } else { - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().getPartitionedStats(topic, false)); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().getPartitionedInternalStats(topic)); - } - superUserAdmin.topics().revokePermissions(topic, subject); - } - superUserAdmin.topics().deletePartitionedTopic(topic, true); - } - - @Test - @SneakyThrows - public void testCreateSubscriptionAndUpdateSubscriptionPropertiesAndAnalyzeSubscriptionBacklog() { - final String random = UUID.randomUUID().toString(); - final String topic = "persistent://public/default/" + random; - final String subject = UUID.randomUUID().toString(); - final String token = Jwts.builder() - .claim("sub", subject).signWith(SECRET_KEY).compact(); - superUserAdmin.topics().createPartitionedTopic(topic, 2); - AtomicInteger suffix = new AtomicInteger(1); - @Cleanup - final PulsarAdmin subAdmin = PulsarAdmin.builder() - .serviceHttpUrl(getPulsarService().getWebServiceAddress()) - .authentication(new AuthenticationToken(token)) - .build(); - // - superUserAdmin.topics().createSubscription(topic, "test-sub" + suffix.incrementAndGet(), MessageId.earliest); - - // test tenant manager - tenantManagerAdmin.topics().createSubscription(topic, "test-sub" + suffix.incrementAndGet(), MessageId.earliest); - - // test nobody - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().createSubscription(topic, "test-sub" + suffix.incrementAndGet(), MessageId.earliest)); - - for (AuthAction action : AuthAction.values()) { - superUserAdmin.topics().grantPermission(topic, subject, Set.of(action)); - if (action == AuthAction.consume) { - subAdmin.topics().createSubscription(topic, "test-sub" + suffix.incrementAndGet(), MessageId.earliest); - } else { - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().createSubscription(topic, "test-sub" + suffix.incrementAndGet(), MessageId.earliest)); - } - superUserAdmin.topics().revokePermissions(topic, subject); - } - // test UpdateSubscriptionProperties - Map properties = new HashMap<>(); - superUserAdmin.topics().createSubscription(topic, "test-sub", MessageId.earliest); - // test superuser - superUserAdmin.topics().updateSubscriptionProperties(topic, "test-sub" , properties); - superUserAdmin.topics().getSubscriptionProperties(topic, "test-sub"); - superUserAdmin.topics().analyzeSubscriptionBacklog(TopicName.get(topic).getPartition(0).getLocalName(), "test-sub", Optional.empty()); - - // test tenant manager - tenantManagerAdmin.topics().updateSubscriptionProperties(topic, "test-sub" , properties); - tenantManagerAdmin.topics().getSubscriptionProperties(topic, "test-sub"); - tenantManagerAdmin.topics().analyzeSubscriptionBacklog(TopicName.get(topic).getPartition(0).getLocalName(), "test-sub", Optional.empty()); - - // test nobody - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().updateSubscriptionProperties(topic, "test-sub", properties)); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().getSubscriptionProperties(topic, "test-sub")); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().analyzeSubscriptionBacklog(TopicName.get(topic).getPartition(0).getLocalName(), "test-sub", Optional.empty())); - - for (AuthAction action : AuthAction.values()) { - superUserAdmin.topics().grantPermission(topic, subject, Set.of(action)); - if (action == AuthAction.consume) { - subAdmin.topics().updateSubscriptionProperties(topic, "test-sub", properties); - subAdmin.topics().getSubscriptionProperties(topic, "test-sub"); - subAdmin.topics().analyzeSubscriptionBacklog(TopicName.get(topic).getPartition(0).getLocalName(), "test-sub", Optional.empty()); - } else { - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().updateSubscriptionProperties(topic, "test-sub", properties)); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().getSubscriptionProperties(topic, "test-sub")); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().analyzeSubscriptionBacklog(TopicName.get(topic).getPartition(0).getLocalName(), "test-sub", Optional.empty())); - } - superUserAdmin.topics().revokePermissions(topic, subject); - } - superUserAdmin.topics().deletePartitionedTopic(topic, true); - } - - @Test - @SneakyThrows - public void testCreateMissingPartition() { - final String random = UUID.randomUUID().toString(); - final String topic = "persistent://public/default/" + random; - final String subject = UUID.randomUUID().toString(); - final String token = Jwts.builder() - .claim("sub", subject).signWith(SECRET_KEY).compact(); - superUserAdmin.topics().createPartitionedTopic(topic, 2); - AtomicInteger suffix = new AtomicInteger(1); - @Cleanup - final PulsarAdmin subAdmin = PulsarAdmin.builder() - .serviceHttpUrl(getPulsarService().getWebServiceAddress()) - .authentication(new AuthenticationToken(token)) - .build(); - // - superUserAdmin.topics().createMissedPartitions(topic); - - // test tenant manager - tenantManagerAdmin.topics().createMissedPartitions(topic); - - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().createMissedPartitions(topic)); - - for (AuthAction action : AuthAction.values()) { - superUserAdmin.topics().grantPermission(topic, subject, Set.of(action)); - Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, - () -> subAdmin.topics().createMissedPartitions(topic)); - superUserAdmin.topics().revokePermissions(topic, subject); - } - superUserAdmin.topics().deletePartitionedTopic(topic, true); - } -}