You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by km...@apache.org on 2014/07/24 01:01:30 UTC
git commit: KNOX-349: Knox API for Topology Management. Adds default
admin topology to install and negative tests.
Repository: knox
Updated Branches:
refs/heads/master 5169480b3 -> 1a67f33db
KNOX-349: Knox API for Topology Management. Adds default admin topology to install and negative tests.
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/1a67f33d
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/1a67f33d
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/1a67f33d
Branch: refs/heads/master
Commit: 1a67f33dbe3ce5ae609307c6808fd4ef769be0be
Parents: 5169480
Author: Kevin Minder <ke...@hortonworks.com>
Authored: Wed Jul 23 19:01:12 2014 -0400
Committer: Kevin Minder <ke...@hortonworks.com>
Committed: Wed Jul 23 19:01:12 2014 -0400
----------------------------------------------------------------------
gateway-release/home/conf/topologies/admin.xml | 102 +++++++++++++++++++
gateway-release/home/conf/users.ldif | 12 ++-
.../gateway/GatewayAdminTopologyFuncTest.java | 70 +++++++++++--
.../GatewayAdminTopologyFuncTest/users.ldif | 12 ++-
4 files changed, 184 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/1a67f33d/gateway-release/home/conf/topologies/admin.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/conf/topologies/admin.xml b/gateway-release/home/conf/topologies/admin.xml
new file mode 100644
index 0000000..b024c42
--- /dev/null
+++ b/gateway-release/home/conf/topologies/admin.xml
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<topology>
+
+ <gateway>
+
+ <provider>
+ <role>authentication</role>
+ <name>ShiroProvider</name>
+ <enabled>true</enabled>
+ <param>
+ <!--
+ session timeout in minutes, this is really idle timeout,
+ defaults to 30mins, if the property value is not defined,,
+ current client authentication would expire if client idles contiuosly for more than this value
+ -->
+ <name>sessionTimeout</name>
+ <value>30</value>
+ </param>
+ <param>
+ <name>main.ldapRealm</name>
+ <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+ </param>
+ <param>
+ <name>main.ldapRealm.userDnTemplate</name>
+ <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>
+ </param>
+ <param>
+ <name>main.ldapRealm.contextFactory.url</name>
+ <value>ldap://localhost:33389</value>
+ </param>
+ <param>
+ <name>main.ldapRealm.contextFactory.authenticationMechanism</name>
+ <value>simple</value>
+ </param>
+ <param>
+ <name>urls./**</name>
+ <value>authcBasic</value>
+ </param>
+ </provider>
+
+ <provider>
+ <role>authorization</role>
+ <name>AclsAuthz</name>
+ <enabled>true</enabled>
+ <param>
+ <name>knox.acl</name>
+ <value>admin;*;*</value>
+ </param>
+ </provider>
+
+ <provider>
+ <role>identity-assertion</role>
+ <name>Pseudo</name>
+ <enabled>true</enabled>
+ </provider>
+
+ <!--
+ Defines rules for mapping host names internal to a Hadoop cluster to externally accessible host names.
+ For example, a hadoop service running in AWS may return a response that includes URLs containing the
+ some AWS internal host name. If the client needs to make a subsequent request to the host identified
+ in those URLs they need to be mapped to external host names that the client Knox can use to connect.
+
+ If the external hostname and internal host names are same turn of this provider by setting the value of
+ enabled parameter as false.
+
+ The name parameter specifies the external host names in a comma separated list.
+ The value parameter specifies corresponding internal host names in a comma separated list.
+
+ Note that when you are using Sandbox, the external hostname needs to be localhost, as seen in out
+ of box sandbox.xml. This is because Sandbox uses port mapping to allow clients to connect to the
+ Hadoop services using localhost. In real clusters, external host names would almost never be localhost.
+ -->
+ <provider>
+ <role>hostmap</role>
+ <name>static</name>
+ <enabled>true</enabled>
+ <param><name>localhost</name><value>sandbox,sandbox.hortonworks.com</value></param>
+ </provider>
+
+ </gateway>
+
+ <service>
+ <role>KNOX</role>
+ </service>
+
+</topology>
http://git-wip-us.apache.org/repos/asf/knox/blob/1a67f33d/gateway-release/home/conf/users.ldif
----------------------------------------------------------------------
diff --git a/gateway-release/home/conf/users.ldif b/gateway-release/home/conf/users.ldif
index e23503a..f5afe6d 100644
--- a/gateway-release/home/conf/users.ldif
+++ b/gateway-release/home/conf/users.ldif
@@ -40,4 +40,14 @@ objectclass:inetOrgPerson
cn: Guest
sn: User
uid: guest
-userPassword:guest-password
\ No newline at end of file
+userPassword:guest-password
+
+dn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
+objectclass:top
+objectclass:person
+objectclass:organizationalPerson
+objectclass:inetOrgPerson
+cn: Admin
+sn: Admin
+uid: admin
+userPassword:admin-password
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/1a67f33d/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest.java
----------------------------------------------------------------------
diff --git a/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest.java b/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest.java
index 7d1b723..613700e 100644
--- a/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest.java
+++ b/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest.java
@@ -17,6 +17,7 @@
*/
package org.apache.hadoop.gateway;
+import com.jayway.restassured.http.ContentType;
import com.jayway.restassured.response.ResponseBody;
import com.mycila.xmltool.XMLDoc;
import com.mycila.xmltool.XMLTag;
@@ -27,8 +28,6 @@ import org.apache.hadoop.gateway.services.DefaultGatewayServices;
import org.apache.hadoop.gateway.services.ServiceLifecycleException;
import org.apache.http.HttpStatus;
import org.apache.log4j.Appender;
-import org.eclipse.jetty.util.ajax.JSON;
-import org.glassfish.jersey.server.JSONP;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.AfterClass;
@@ -51,8 +50,6 @@ import java.util.UUID;
import static com.jayway.restassured.RestAssured.*;
import static org.hamcrest.CoreMatchers.*;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertThat;
public class GatewayAdminTopologyFuncTest {
@@ -209,7 +206,14 @@ public class GatewayAdminTopologyFuncTest {
.addTag( "param" )
.addTag( "name" ).addText( "urls./**" )
.addTag( "value" ).addText( "authcBasic" ).gotoParent().gotoParent()
- .addTag( "provider" )
+ .addTag("provider")
+ .addTag( "role" ).addText( "authorization" )
+ .addTag( "name" ).addText( "AclsAuthz" )
+ .addTag( "enabled" ).addText( "true" )
+ .addTag("param")
+ .addTag("name").addText("knox.acl")
+ .addTag("value").addText("admin;*;*").gotoParent().gotoParent()
+ .addTag("provider")
.addTag( "role" ).addText( "identity-assertion" )
.addTag( "enabled" ).addText( "true" )
.addTag( "name" ).addText( "Pseudo" ).gotoParent()
@@ -256,11 +260,11 @@ public class GatewayAdminTopologyFuncTest {
@Test
public void testTopologyCollection() throws ClassNotFoundException {
- String username = "guest";
- String password = "guest-password";
+ String username = "admin";
+ String password = "admin-password";
String serviceUrl = clusterUrl + "/api/v1/topologies";
String href = given()
- .log().all()
+ //.log().all()
.auth().preemptive().basic(username, password)
.expect()
//.log().all()
@@ -289,8 +293,8 @@ public class GatewayAdminTopologyFuncTest {
@Test
public void testTopologyObject() throws ClassNotFoundException {
- String username = "guest";
- String password = "guest-password";
+ String username = "admin";
+ String password = "admin-password";
String serviceUrl = clusterUrl + "/api/v1/topologies";
String href = given()
//.log().all()
@@ -326,4 +330,50 @@ public class GatewayAdminTopologyFuncTest {
}
+ @Test
+ public void testPositiveAuthorization() throws ClassNotFoundException{
+
+
+ String adminUser = "admin";
+ String adminPass = "admin-password";
+ String url = clusterUrl + "/api/v1/topologies";
+
+ given()
+ //.log().all()
+ .auth().preemptive().basic(adminUser, adminPass)
+ .expect()
+ //.log().all()
+ .statusCode(HttpStatus.SC_OK)
+ .contentType(ContentType.JSON)
+ .body("name[0]", not(nullValue()))
+ .body("name[1]", not(nullValue()))
+ .body("uri[0]", not(nullValue()))
+ .body("uri[1]", not(nullValue()))
+ .body("href[0]", not(nullValue()))
+ .body("href[1]", not(nullValue()))
+ .body("timestamp[0]", not(nullValue()))
+ .body("timestamp[1]", not(nullValue()))
+ .get(url);
+
+ }
+
+ @Test
+ public void testNegativeAuthorization() throws ClassNotFoundException{
+
+ String guestUser = "guest";
+ String guestPass = "guest-password";
+ String url = clusterUrl + "/api/v1/topologies";
+
+ given()
+ //.log().all()
+ .auth().basic(guestUser, guestPass)
+ .expect()
+ //.log().all()
+ .statusCode(HttpStatus.SC_FORBIDDEN)
+ .get(url);
+
+
+
+ }
+
}
http://git-wip-us.apache.org/repos/asf/knox/blob/1a67f33d/gateway-test/src/test/resources/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest/users.ldif
----------------------------------------------------------------------
diff --git a/gateway-test/src/test/resources/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest/users.ldif b/gateway-test/src/test/resources/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest/users.ldif
index b982cb3..c7bff35 100644
--- a/gateway-test/src/test/resources/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest/users.ldif
+++ b/gateway-test/src/test/resources/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest/users.ldif
@@ -39,4 +39,14 @@ objectclass:inetOrgPerson
cn: Guest
sn: User
uid: guest
-userPassword:guest-password
\ No newline at end of file
+userPassword:guest-password
+
+dn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
+objectclass:top
+objectclass:person
+objectclass:organizationalPerson
+objectclass:inetOrgPerson
+cn: Admin
+sn: Admin
+uid: admin
+userPassword:admin-password
\ No newline at end of file