You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by am...@apache.org on 2023/07/19 09:54:01 UTC

[knox] branch master updated: KNOX-2939 - Provider file configured with invalid syntax still gets created with few missing provider contents (#773)

This is an automated email from the ASF dual-hosted git repository.

amagyar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git


The following commit(s) were added to refs/heads/master by this push:
     new e74e0b293 KNOX-2939 - Provider file configured with invalid syntax still gets created with few missing provider contents (#773)
e74e0b293 is described below

commit e74e0b293127f7a43945c66eb1d3bdd4f0bf0891
Author: Attila Magyar <m....@gmail.com>
AuthorDate: Wed Jul 19 11:53:56 2023 +0200

    KNOX-2939 - Provider file configured with invalid syntax still gets created with few missing provider contents (#773)
---
 .../hadoop/xml/HadoopXmlResourceParser.java        |  2 +
 .../hadoop/xml/HadoopXmlResourceParserTest.java    |  8 ++++
 .../src/test/resources/testInvalidProvider.xml     | 43 ++++++++++++++++++++++
 3 files changed, 53 insertions(+)

diff --git a/gateway-topology-hadoop-xml/src/main/java/org/apache/knox/gateway/topology/hadoop/xml/HadoopXmlResourceParser.java b/gateway-topology-hadoop-xml/src/main/java/org/apache/knox/gateway/topology/hadoop/xml/HadoopXmlResourceParser.java
index ec31b2c9d..d00d358fc 100644
--- a/gateway-topology-hadoop-xml/src/main/java/org/apache/knox/gateway/topology/hadoop/xml/HadoopXmlResourceParser.java
+++ b/gateway-topology-hadoop-xml/src/main/java/org/apache/knox/gateway/topology/hadoop/xml/HadoopXmlResourceParser.java
@@ -238,6 +238,8 @@ public class HadoopXmlResourceParser implements AdvancedServiceDiscoveryConfigCh
         provider.setName(roleConfiguration.replace(CONFIG_NAME_PROVIDER_CONFIGS_NAME_PREFIX, ""));
       } else if (roleConfiguration.startsWith(CONFIG_NAME_PROVIDER_CONFIGS_ENABLED_PREFIX)) {
         provider.setEnabled(Boolean.valueOf(roleConfiguration.replace(CONFIG_NAME_PROVIDER_CONFIGS_ENABLED_PREFIX, "")));
+      } else {
+        throw new IllegalArgumentException("Invalid role configuration: " + roleConfiguration + " in provider: " + provider.getName());
       }
     }
     return provider;
diff --git a/gateway-topology-hadoop-xml/src/test/java/org/apache/knox/gateway/topology/hadoop/xml/HadoopXmlResourceParserTest.java b/gateway-topology-hadoop-xml/src/test/java/org/apache/knox/gateway/topology/hadoop/xml/HadoopXmlResourceParserTest.java
index dce2bff0c..1ee49cbcd 100644
--- a/gateway-topology-hadoop-xml/src/test/java/org/apache/knox/gateway/topology/hadoop/xml/HadoopXmlResourceParserTest.java
+++ b/gateway-topology-hadoop-xml/src/test/java/org/apache/knox/gateway/topology/hadoop/xml/HadoopXmlResourceParserTest.java
@@ -275,6 +275,14 @@ public class HadoopXmlResourceParserTest {
     assertService(descriptor, "HIVE", "1.0", Collections.singletonList("http://localhost:456"), expectedServiceParameters);
   }
 
+  @Test
+  public void testInvalidProviderConfig() {
+    String testConfigPath = this.getClass().getClassLoader().getResource("testInvalidProvider.xml").getPath();
+    HadoopXmlResourceParserResult parserResult = hadoopXmlResourceParser.parse(testConfigPath);
+    assertEquals(1, parserResult.getProviders().size());
+    assertNotNull(parserResult.getProviders().get("valid"));
+  }
+
   private void validateTopology2Descriptors(SimpleDescriptor descriptor, boolean nifiExpected) {
     assertTrue(descriptor.isReadOnly());
     assertEquals("topology2", descriptor.getName());
diff --git a/gateway-topology-hadoop-xml/src/test/resources/testInvalidProvider.xml b/gateway-topology-hadoop-xml/src/test/resources/testInvalidProvider.xml
new file mode 100644
index 000000000..bb1820049
--- /dev/null
+++ b/gateway-topology-hadoop-xml/src/test/resources/testInvalidProvider.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<configuration>
+    <property>
+        <name>providerConfigs:invalid1,invalid2</name>
+        <value>
+            authentication;::::::::authentication.name=ShiroProvider#
+            authentication.param.main.pamRealm=org.apache.knox.gateway.shirorealm.KnoxPamRealm#
+            authentication.param.main.pamRealm.service=login#
+            authentication.sessionTimeout=30#
+            authentication.urls./**=authcBasic#role=identity-assertion#identity-assertion.name=Default#
+            role=authorization#
+            authorization.name=XASecurePDPKnox##
+            authorization..dummy=false
+        </value>
+    </property>
+    <property>
+        <name>providerConfigs:valid</name>
+        <value>
+            authentication.name=ShiroProvider#
+            authentication.param.main.pamRealm=org.apache.knox.gateway.shirorealm.KnoxPamRealm#
+            authentication.param.main.pamRealm.service=login#
+            authentication.sessionTimeout=30#
+            authentication.urls./**=authcBasic#role=identity-assertion#identity-assertion.name=Default#
+            role=authorization#
+            authorization.name=XASecurePDPKnox#
+        </value>
+    </property>
+</configuration>
\ No newline at end of file