You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by mm...@apache.org on 2019/01/09 15:35:03 UTC
[pulsar] branch master updated: Test for namespace delete with TLS
authorization (#3340)
This is an automated email from the ASF dual-hosted git repository.
mmerli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 4f9771a Test for namespace delete with TLS authorization (#3340)
4f9771a is described below
commit 4f9771a89bd991b2f0a20fcb85ed6196f9b17673
Author: Ivan Kelly <iv...@apache.org>
AuthorDate: Wed Jan 9 16:34:57 2019 +0100
Test for namespace delete with TLS authorization (#3340)
Add a test for deleting namespaces when TLS authorization is
enabled. This is effectly testing brokerClient* configuration also.
Issue: #2880
---
.../pulsar/broker/admin/AdminApiTlsAuthTest.java | 49 ++++++++++++++++++++++
.../authentication/tls-http/user1.cert.pem | 26 ++++++++++++
.../authentication/tls-http/user1.key-pk8.pem | 28 +++++++++++++
3 files changed, 103 insertions(+)
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java
index b4e2a91..2dfcac2 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java
@@ -38,6 +38,10 @@ import org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.client.admin.internal.JacksonConfigurator;
+import org.apache.pulsar.client.api.Producer;
+import org.apache.pulsar.client.api.PulsarClient;
+import org.apache.pulsar.client.api.Schema;
+import org.apache.pulsar.common.policies.data.AuthAction;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.apache.pulsar.common.util.SecurityUtility;
@@ -46,6 +50,8 @@ import org.glassfish.jersey.client.ClientProperties;
import org.glassfish.jersey.jackson.JacksonFeature;
import org.glassfish.jersey.media.multipart.MultiPartFeature;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
@@ -53,6 +59,8 @@ import org.testng.annotations.Test;
@Slf4j
public class AdminApiTlsAuthTest extends MockedPulsarServiceBaseTest {
+ private static final Logger log = LoggerFactory.getLogger(AdminApiTlsAuthTest.class);
+
private static String getTLSFile(String name) {
return String.format("./src/test/resources/authentication/tls-http/%s.pem", name);
}
@@ -71,6 +79,12 @@ public class AdminApiTlsAuthTest extends MockedPulsarServiceBaseTest {
conf.setProxyRoles(ImmutableSet.of("proxy", "superproxy"));
conf.setAuthorizationEnabled(true);
+ conf.setBrokerClientAuthenticationPlugin("org.apache.pulsar.client.impl.auth.AuthenticationTls");
+ conf.setBrokerClientAuthenticationParameters(
+ String.format("tlsCertFile:%s,tlsKeyFile:%s", getTLSFile("admin.cert"), getTLSFile("admin.key-pk8")));
+ conf.setBrokerClientTrustCertsFilePath(getTLSFile("ca.cert"));
+ conf.setBrokerClientTlsEnabled(true);
+
super.internalSetup();
}
@@ -112,6 +126,16 @@ public class AdminApiTlsAuthTest extends MockedPulsarServiceBaseTest {
.tlsTrustCertsFilePath(getTLSFile("ca.cert")).build();
}
+ PulsarClient buildClient(String user) throws Exception {
+ return PulsarClient.builder()
+ .serviceUrl("pulsar+ssl://localhost:" + BROKER_PORT_TLS)
+ .enableTlsHostnameVerification(false)
+ .authentication("org.apache.pulsar.client.impl.auth.AuthenticationTls",
+ String.format("tlsCertFile:%s,tlsKeyFile:%s",
+ getTLSFile(user + ".cert"), getTLSFile(user + ".key-pk8")))
+ .tlsTrustCertsFilePath(getTLSFile("ca.cert")).build();
+ }
+
@Test
public void testSuperUserCanListTenants() throws Exception {
try (PulsarAdmin admin = buildAdminClient("admin")) {
@@ -318,4 +342,29 @@ public class AdminApiTlsAuthTest extends MockedPulsarServiceBaseTest {
// expected
}
}
+
+ // For https://github.com/apache/pulsar/issues/2880
+ @Test
+ public void testDeleteNamespace() throws Exception {
+ try (PulsarAdmin admin = buildAdminClient("admin")) {
+ log.info("Creating tenant");
+ admin.tenants().createTenant("tenant1",
+ new TenantInfo(ImmutableSet.of("admin"), ImmutableSet.of("test")));
+ log.info("Creating namespace, and granting perms to user1");
+ admin.namespaces().createNamespace("tenant1/ns1", ImmutableSet.of("test"));
+ admin.namespaces().grantPermissionOnNamespace("tenant1/ns1", "user1", ImmutableSet.of(AuthAction.produce));
+
+ log.info("user1 produces some messages");
+ try (PulsarClient client = buildClient("user1");
+ Producer<String> producer = client.newProducer(Schema.STRING).topic("tenant1/ns1/foobar").create()) {
+ producer.send("foobar");
+ }
+
+ log.info("Deleting the topic");
+ admin.topics().delete("tenant1/ns1/foobar", true);
+
+ log.info("Deleting namespace");
+ admin.namespaces().deleteNamespace("tenant1/ns1");
+ }
+ }
}
diff --git a/pulsar-broker/src/test/resources/authentication/tls-http/user1.cert.pem b/pulsar-broker/src/test/resources/authentication/tls-http/user1.cert.pem
new file mode 100644
index 0000000..072f286
--- /dev/null
+++ b/pulsar-broker/src/test/resources/authentication/tls-http/user1.cert.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEZTCCAk2gAwIBAgICEAUwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGZm9v
+YmFyMCAXDTE4MDYyNzA4NDAyNVoYDzIyOTIwNDExMDg0MDI1WjAQMQ4wDAYDVQQD
+DAV1c2VyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5iqgr4PUUZ
+AW9MDGP5cBaSJALSPV63m6M/IoovrMWJ9CGtcQfZTUHwDorIlXgQ6H/KufmsHW0Y
+OQbChLSTDB14D0jSMtyv6+ibSoE1ZEl2SbB1miLd0P5AS9YmzzEW2+bx0zJORLYD
+PzJ1Nh3/kQlRs04IECki291WZiVRzX2JRoL7kMtOAoKJqQfsT14Oi9EAw39VhLeB
+uc/Mx6Jsutq/YdXakoZtQbfZka2MMfLXgMDLIPDqbU+09q7au2dq8RjGzrWnxnOX
+o/XQssrIbwzJJYASBsgAAtnAw7bPzCX6+cL6PZVRyiEZov0HKXyRyvrbQ5hyEMuS
+3dHqoKt0fKMCAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF
+oDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBQ7NSD6lx6Vq38cEoD5l7FHs1Ej8DAfBgNVHSMEGDAW
+gBRXC+nLI+i/Rz5Qej9FfqEYQ50VJzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYw
+FAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4ICAQC+cU7ctY7o
+eTW+oHTq9EGJUMwW1fOww4QDrHtgZT4OYkO88zxQV2Cr050p8eaV5dHXZBf9/bRV
+7hPNV5+HpQhb9TZ9xK2WRZ2QV7a/UDyUnksVKGSK9tNZMZPueOEB19e4bIBcgnQa
+5i9sgZr93na7pFOY7lBQy6gfaOcnejYHmvVqIGaZBVH8rkEsGhhkJxy7qkpFNKgf
+PGiIRo9L0WYqDCSiaICeCiteJwIfjsUFJKF0YnpXZq1kFfQscnleg60MWZAXvacp
+tAciE51Ow60cqQWER66iwqnBSPD4l91SxAaGQAmalgCioGsYSbojXcOvRidhYJ2T
+3YwCpqlC0qC9D2ZmNoukb1a0Pi03MuSJwD/8v9eqwEW9dFAzdnWDzTZMN9CfdjVh
+2qiO5o5Si/X1Dmjdk2F/EM62YJQBAlkZBetFJ0o2QPGTSD+zrpfITIW8Pu+/5zcC
+MZdzyUf0p1GO2Kn7wmqPQjz59zABagmxCNks8HeqPnzmWuADMaggb0nOmrBACE2x
+b9XR6/xaXpwTRf0h5N3evivzUHo6XVw8A3gVUNoBm9Of3PlAsjM4I4SWFb6nrwYv
+RnI04c+R95Su1fMc2wky0PmW+iWRTaEN/cUdX1SF6jo1nRLELGcbMSGUI6UI8kff
+crvCz7uLu7Lr5/CKnEm2bSCZ4eIQpOs4nQ==
+-----END CERTIFICATE-----
diff --git a/pulsar-broker/src/test/resources/authentication/tls-http/user1.key-pk8.pem b/pulsar-broker/src/test/resources/authentication/tls-http/user1.key-pk8.pem
new file mode 100644
index 0000000..eec5c94
--- /dev/null
+++ b/pulsar-broker/src/test/resources/authentication/tls-http/user1.key-pk8.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDOYqoK+D1FGQFv
+TAxj+XAWkiQC0j1et5ujPyKKL6zFifQhrXEH2U1B8A6KyJV4EOh/yrn5rB1tGDkG
+woS0kwwdeA9I0jLcr+vom0qBNWRJdkmwdZoi3dD+QEvWJs8xFtvm8dMyTkS2Az8y
+dTYd/5EJUbNOCBApItvdVmYlUc19iUaC+5DLTgKCiakH7E9eDovRAMN/VYS3gbnP
+zMeibLrav2HV2pKGbUG32ZGtjDHy14DAyyDw6m1PtPau2rtnavEYxs61p8Zzl6P1
+0LLKyG8MySWAEgbIAALZwMO2z8wl+vnC+j2VUcohGaL9Byl8kcr620OYchDLkt3R
+6qCrdHyjAgMBAAECggEBAK8J8QvytAxJg/T/+7ZC1PTfp1kZNGGDuaV/o2ytuIul
+T//MGQQ+IY8d6Ud9jX9SX84agxalCiP/mkYIbgK0gF7x94yccfTH433ZTxw8yzye
+7SqS41JU7K7mmysaqTkKGSFK0gNlbFMud8f0rxxMJ5dOypMQtZwd63lSkLlwIqcn
+YhKcAdXM4WGv07MFdwAXvrK2trhBBkCA08ZzyVy4lWE+cVfEkwH6O8EdGchl7g4U
+LqIkYzufQWKdH9frt6N3qEV/qs0s1qipVzV07GaPpEdK/G5exJ7NjZaXJkHOuMbt
+7ae1zJBexW41/++fjzsWSYljvSEphjqwrGYrr+tMGNECgYEA+Sg1sHcYO4Bg16qG
+c8XM9g8DFL396X4MnMh+AFrDV8dbdz39x9fFtpKEfqaAZrG6I8fW3RkMLsJvJ4GI
+KDJNz2ezEMbNKlXE9UzvAsrdvWNWDGJvrDu0CbJg2wtBeVEBIUYetSdNHoEwY7ZJ
+QHnwbxYYrUFIJ34rI0SQ17/Z4vsCgYEA1A27jYTWr86JmvjQDUiJcJsbhpa/6OzZ
+n3KTu0n0oCvl7uvvjUfhlzmcq7kyY0oO1C5TQHLiqBaI5hXw+iYwnESLIn7BwhMX
+dcxglvXx95h1NqHYX9GnURl2QtrjmuY5yx+itfmZCRkRPO3c5e9uZyf01CeE4uwl
+hDNh0RrSXHkCgYBvlQhmXQ+nJhk4vI+2LXFbCOISWfvqo562YDu9oOg22Xsm7cZH
+x2QuHXPk3GBInXOFLqwVHHCOSFlLUgFOLykVp5VUABRFz1+Dk86+a2fetywEI9lr
+QtmgNhiWQHY0BIkDA8ogytcIwEaRgUNQ8sswlK68eK39sc1T4BMV7D+CHQKBgG3g
++8lWBwSsKgOCYBQx/P27caTo4mJosE99yG0o4jhI5ulJmiSEFbINqVAWM7TdQBfU
+NVFU9nuQybknr2l/dnrSzaG/Otk8mVBx6a7vnETm2/3GGV91PJS6c9wqnfu6xkGp
+j99piVH8ikEfI/KFgZi0TJnOLH6FTN9W3J3EnzJJAoGAE4ZLLi+2RP4ZYXI11CJC
+BSM1AEpqemgTUSidZyTiJJMGGrC7tyEba+4TIqeGgvD74p57XFbN7LOJWmnAiK8b
+BLhQqPgOCXqrna00GnNKKx7AzgYHqlq03tGlX858aH18rkSRVk3UhkTkGTSr3iQn
+aJeN/0HbpGr67bimf4bqlCY=
+-----END PRIVATE KEY-----