You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by mm...@apache.org on 2019/05/17 05:57:13 UTC
[pulsar] branch master updated: [Issue 3475][pulsar-client] Add
cluster checking before operating tenants with it (#3476)
This is an automated email from the ASF dual-hosted git repository.
mmerli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 4eaff7a [Issue 3475][pulsar-client] Add cluster checking before operating tenants with it (#3476)
4eaff7a is described below
commit 4eaff7a97a6c62dcf55f06067a75ea3fffaf7d2c
Author: Fangbin Sun <su...@gmail.com>
AuthorDate: Fri May 17 13:57:09 2019 +0800
[Issue 3475][pulsar-client] Add cluster checking before operating tenants with it (#3476)
* Add cluster checking before operating tenants with it.
* Check on server side and add a unit test for this part of changes
* Fix some unit tests to pass this change
* Fix some unit tests to pass this change
* Fix NPE when TenantInfo is null
* Fix a unit test to pass this change
---
.../pulsar/broker/admin/impl/TenantsBase.java | 31 +++++++++++++++++--
.../apache/pulsar/broker/admin/AdminApiTest2.java | 35 ++++++++++++++++++++--
.../pulsar/broker/admin/AdminApiTlsAuthTest.java | 5 ++++
.../broker/admin/BrokerAdminClientTlsAuthTest.java | 33 ++++----------------
.../pulsar/broker/admin/PersistentTopicsTest.java | 1 +
.../api/AuthenticatedProducerConsumerTest.java | 6 ++++
.../AuthenticationTlsHostnameVerificationTest.java | 3 ++
.../api/AuthorizationProducerConsumerTest.java | 7 +++++
.../pulsar/client/impl/TopicsConsumerImplTest.java | 3 ++
.../proxy/server/AuthedAdminProxyHandlerTest.java | 3 ++
.../server/ProxyWithAuthorizationNegTest.java | 3 ++
.../proxy/server/ProxyWithAuthorizationTest.java | 9 ++++++
.../server/ProxyWithoutServiceDiscoveryTest.java | 3 ++
.../SuperUserAuthedAdminProxyHandlerTest.java | 3 ++
14 files changed, 114 insertions(+), 31 deletions(-)
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/TenantsBase.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/TenantsBase.java
index ee137f6..d89018e 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/TenantsBase.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/TenantsBase.java
@@ -19,6 +19,8 @@
package org.apache.pulsar.broker.admin.impl;
import java.util.List;
+import java.util.Set;
+import java.util.stream.Collectors;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
@@ -84,10 +86,12 @@ public class TenantsBase extends AdminResource {
@ApiOperation(value = "Create a new tenant.", notes = "This operation requires Pulsar super-user privileges.")
@ApiResponses(value = { @ApiResponse(code = 403, message = "The requester doesn't have admin permissions"),
@ApiResponse(code = 409, message = "Tenant already exists"),
- @ApiResponse(code = 412, message = "Tenant name is not valid") })
+ @ApiResponse(code = 412, message = "Tenant name is not valid"),
+ @ApiResponse(code = 412, message = "Clusters do not exist") })
public void createTenant(@PathParam("tenant") String tenant, TenantInfo config) {
validateSuperUserAccess();
validatePoliciesReadOnlyAccess();
+ validateClusters(config);
try {
NamedEntity.checkName(tenant);
@@ -113,10 +117,12 @@ public class TenantsBase extends AdminResource {
@ApiOperation(value = "Update the admins for a tenant.", notes = "This operation requires Pulsar super-user privileges.")
@ApiResponses(value = { @ApiResponse(code = 403, message = "The requester doesn't have admin permissions"),
@ApiResponse(code = 404, message = "Tenant does not exist"),
- @ApiResponse(code = 409, message = "Tenant already exists") })
+ @ApiResponse(code = 409, message = "Tenant already exists"),
+ @ApiResponse(code = 412, message = "Clusters do not exist") })
public void updateTenant(@PathParam("tenant") String tenant, TenantInfo newTenantAdmin) {
validateSuperUserAccess();
validatePoliciesReadOnlyAccess();
+ validateClusters(newTenantAdmin);
Stat nodeStat = new Stat();
try {
@@ -202,5 +208,26 @@ public class TenantsBase extends AdminResource {
}
}
+ private void validateClusters(TenantInfo info) {
+ List<String> nonexistentClusters;
+ try {
+ if (info == null) {
+ info = new TenantInfo();
+ }
+ Set<String> availableClusters = clustersListCache().get();
+ Set<String> allowedClusters = info.getAllowedClusters();
+ nonexistentClusters = allowedClusters.stream()
+ .filter(cluster -> !availableClusters.contains(cluster))
+ .collect(Collectors.toList());
+ } catch (Exception e) {
+ log.error("[{}] Failed to get available clusters", clientAppId(), e);
+ throw new RestException(e);
+ }
+ if (nonexistentClusters.size() > 0) {
+ log.warn("[{}] Failed to validate due to clusters {} do not exist", clientAppId(), nonexistentClusters);
+ throw new RestException(Status.PRECONDITION_FAILED, "Clusters do not exist");
+ }
+ }
+
private static final Logger log = LoggerFactory.getLogger(TenantsBase.class);
}
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest2.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest2.java
index 5194940..5c39eec 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest2.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest2.java
@@ -38,6 +38,7 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
+import javax.ws.rs.core.Response.Status;
import org.apache.bookkeeper.mledger.impl.ManagedCursorImpl;
import org.apache.bookkeeper.mledger.impl.ManagedLedgerImpl;
@@ -817,14 +818,44 @@ public class AdminApiTest2 extends MockedPulsarServiceBaseTest {
admin.tenants().createTenant("prop xyz", tenantInfo);
fail("Should have failed");
} catch (PulsarAdminException e) {
- // Expected
+ assertEquals(e.getStatusCode(), Status.PRECONDITION_FAILED.getStatusCode());
}
try {
admin.tenants().createTenant("prop&xyz", tenantInfo);
fail("Should have failed");
} catch (PulsarAdminException e) {
- // Expected
+ assertEquals(e.getStatusCode(), Status.PRECONDITION_FAILED.getStatusCode());
+ }
+ }
+
+ @Test
+ public void testTenantWithNonexistentClusters() throws Exception {
+ // Check non-existing cluster
+ assertTrue(!admin.clusters().getClusters().contains("cluster-non-existing"));
+
+ Set<String> allowedClusters = Sets.newHashSet("cluster-non-existing");
+ TenantInfo tenantInfo = new TenantInfo(Sets.newHashSet("role1", "role2"), allowedClusters);
+
+ // If we try to create tenant with nonexistent clusters, it should fail immediately
+ try {
+ admin.tenants().createTenant("test-tenant", tenantInfo);
+ fail("Should have failed");
+ } catch (PulsarAdminException e) {
+ assertEquals(e.getStatusCode(), Status.PRECONDITION_FAILED.getStatusCode());
+ }
+
+ assertTrue(!admin.tenants().getTenants().contains("test-tenant"));
+
+ // Check existing tenant
+ assertTrue(admin.tenants().getTenants().contains("prop-xyz"));
+
+ // If we try to update existing tenant with nonexistent clusters, it should fail immediately
+ try {
+ admin.tenants().updateTenant("prop-xyz", tenantInfo);
+ fail("Should have failed");
+ } catch (PulsarAdminException e) {
+ assertEquals(e.getStatusCode(), Status.PRECONDITION_FAILED.getStatusCode());
}
}
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java
index 2508776..e6623e5 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java
@@ -29,6 +29,7 @@ import org.apache.pulsar.client.api.Producer;
import org.apache.pulsar.client.api.PulsarClient;
import org.apache.pulsar.client.api.Schema;
import org.apache.pulsar.common.policies.data.AuthAction;
+import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.apache.pulsar.common.util.SecurityUtility;
import org.glassfish.jersey.client.ClientConfig;
@@ -80,6 +81,10 @@ public class AdminApiTlsAuthTest extends MockedPulsarServiceBaseTest {
conf.setBrokerClientTlsEnabled(true);
super.internalSetup();
+
+ PulsarAdmin admin = buildAdminClient("admin");
+ admin.clusters().createCluster("test", new ClusterData(brokerUrl.toString()));
+ admin.close();
}
@AfterMethod
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/BrokerAdminClientTlsAuthTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/BrokerAdminClientTlsAuthTest.java
index 505b994..a9cea1f 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/BrokerAdminClientTlsAuthTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/BrokerAdminClientTlsAuthTest.java
@@ -19,48 +19,26 @@
package org.apache.pulsar.broker.admin;
import com.google.common.collect.ImmutableSet;
-
-import java.util.List;
-
-import static org.testng.Assert.fail;
-
-import java.lang.reflect.Method;
-import java.security.cert.X509Certificate;
-import javax.net.ssl.SSLContext;
-import javax.ws.rs.NotAuthorizedException;
-import javax.ws.rs.client.Client;
-import javax.ws.rs.client.ClientBuilder;
-import javax.ws.rs.client.WebTarget;
-import javax.ws.rs.core.GenericType;
-import javax.ws.rs.core.MediaType;
-
import lombok.extern.slf4j.Slf4j;
-
import org.apache.bookkeeper.test.PortManager;
-import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.pulsar.broker.PulsarService;
import org.apache.pulsar.broker.ServiceConfiguration;
import org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.admin.PulsarAdminException;
-import org.apache.pulsar.client.admin.internal.JacksonConfigurator;
import org.apache.pulsar.common.policies.data.AuthAction;
-import org.apache.pulsar.common.policies.data.AuthPolicies;
import org.apache.pulsar.common.policies.data.BundlesData;
+import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.Policies;
import org.apache.pulsar.common.policies.data.TenantInfo;
-import org.apache.pulsar.common.util.SecurityUtility;
-
-import org.glassfish.jersey.client.ClientConfig;
-import org.glassfish.jersey.client.ClientProperties;
-import org.glassfish.jersey.jackson.JacksonFeature;
-import org.glassfish.jersey.media.multipart.MultiPartFeature;
-
-import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
+import java.lang.reflect.Method;
+
+import static org.testng.Assert.fail;
+
@Slf4j
public class BrokerAdminClientTlsAuthTest extends MockedPulsarServiceBaseTest {
protected String methodName;
@@ -143,6 +121,7 @@ public class BrokerAdminClientTlsAuthTest extends MockedPulsarServiceBaseTest {
/***** Broker 2 Started *****/
try (PulsarAdmin admin = buildAdminClient("superproxy")) {
+ admin.clusters().createCluster("test", new ClusterData(brokerUrl.toString()));
admin.tenants().createTenant("tenant",
new TenantInfo(ImmutableSet.of("admin"),
ImmutableSet.of("test")));
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/PersistentTopicsTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/PersistentTopicsTest.java
index 7900786..e75078f 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/PersistentTopicsTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/PersistentTopicsTest.java
@@ -79,6 +79,7 @@ public class PersistentTopicsTest extends MockedPulsarServiceBaseTest {
doNothing().when(persistentTopics).validateAdminAccessForTenant(this.testTenant);
doReturn(mock(AuthenticationDataHttps.class)).when(persistentTopics).clientAuthData();
admin.clusters().createCluster("use", new ClusterData("http://broker-use.com:" + BROKER_WEBSERVICE_PORT));
+ admin.clusters().createCluster("test", new ClusterData("http://broker-use.com:" + BROKER_WEBSERVICE_PORT));
admin.tenants().createTenant(this.testTenant,
new TenantInfo(Sets.newHashSet("role1", "role2"), Sets.newHashSet(testLocalCluster, "test")));
admin.namespaces().createNamespace(testTenant + "/" + testNamespace, Sets.newHashSet(testLocalCluster, "test"));
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticatedProducerConsumerTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticatedProducerConsumerTest.java
index ef8765b..af1281e 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticatedProducerConsumerTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticatedProducerConsumerTest.java
@@ -169,6 +169,8 @@ public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase {
authTls.configure(authParams);
internalSetup(authTls);
+ admin.clusters().createCluster("test", new ClusterData(brokerUrl.toString()));
+
admin.tenants().createTenant("my-property",
new TenantInfo(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet("test")));
admin.namespaces().createNamespace("my-property/my-ns", Sets.newHashSet("test"));
@@ -185,6 +187,8 @@ public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase {
authPassword.configure("{\"userId\":\"superUser\",\"password\":\"supepass\"}");
internalSetup(authPassword);
+ admin.clusters().createCluster("test", new ClusterData(brokerUrl.toString()));
+
admin.tenants().createTenant("my-property",
new TenantInfo(Sets.newHashSet(), Sets.newHashSet("test")));
admin.namespaces().createNamespace("my-property/my-ns", Sets.newHashSet("test"));
@@ -201,6 +205,8 @@ public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase {
authPassword.configure("{\"userId\":\"superUser2\",\"password\":\"superpassword\"}");
internalSetup(authPassword);
+ admin.clusters().createCluster("test", new ClusterData(brokerUrl.toString()));
+
admin.tenants().createTenant("my-property",
new TenantInfo(Sets.newHashSet(), Sets.newHashSet("test")));
admin.namespaces().createNamespace("my-property/my-ns", Sets.newHashSet("test"));
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticationTlsHostnameVerificationTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticationTlsHostnameVerificationTest.java
index a2ae4c1..27f0c61 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticationTlsHostnameVerificationTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticationTlsHostnameVerificationTest.java
@@ -34,6 +34,7 @@ import org.apache.pulsar.broker.authentication.AuthenticationProviderBasic;
import org.apache.pulsar.broker.authentication.AuthenticationProviderTls;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.impl.auth.AuthenticationTls;
+import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -115,6 +116,8 @@ public class AuthenticationTlsHostnameVerificationTest extends ProducerConsumerB
.authentication(authTls).enableTls(true).enableTlsHostnameVerification(hostnameVerificationEnabled)
.build();
+ admin.clusters().createCluster("test", new ClusterData(brokerUrl.toString()));
+
admin.tenants().createTenant("my-property",
new TenantInfo(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet("test")));
admin.namespaces().createNamespace("my-property/my-ns", Sets.newHashSet("test"));
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthorizationProducerConsumerTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthorizationProducerConsumerTest.java
index d8fbc91..91cec49 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthorizationProducerConsumerTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthorizationProducerConsumerTest.java
@@ -45,6 +45,7 @@ import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.common.naming.NamespaceName;
import org.apache.pulsar.common.naming.TopicName;
import org.apache.pulsar.common.policies.data.AuthAction;
+import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -117,6 +118,8 @@ public class AuthorizationProducerConsumerTest extends ProducerConsumerBase {
PulsarClient pulsarClientInvalidRole = PulsarClient.builder().serviceUrl(lookupUrl)
.authentication(authenticationInvalidRole).build();
+ admin.clusters().createCluster("test", new ClusterData(brokerUrl.toString()));
+
admin.tenants().createTenant("my-property",
new TenantInfo(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet("test")));
admin.namespaces().createNamespace("my-property/my-ns", Sets.newHashSet("test"));
@@ -180,6 +183,8 @@ public class AuthorizationProducerConsumerTest extends ProducerConsumerBase {
Authentication authentication = new ClientAuthentication(subscriptionRole);
+ superAdmin.clusters().createCluster("test", new ClusterData(brokerUrl.toString()));
+
superAdmin.tenants().createTenant("my-property",
new TenantInfo(Sets.newHashSet(tenantRole), Sets.newHashSet("test")));
superAdmin.namespaces().createNamespace(namespace, Sets.newHashSet("test"));
@@ -261,6 +266,8 @@ public class AuthorizationProducerConsumerTest extends ProducerConsumerBase {
pulsarClient = PulsarClient.builder().serviceUrl(lookupUrl).authentication(authentication).build();
+ admin.clusters().createCluster("test", new ClusterData(brokerUrl.toString()));
+
admin.tenants().createTenant("prop-prefix",
new TenantInfo(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet("test")));
admin.namespaces().createNamespace("prop-prefix/ns", Sets.newHashSet("test"));
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/impl/TopicsConsumerImplTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/impl/TopicsConsumerImplTest.java
index 6ff41b2..433544e 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/impl/TopicsConsumerImplTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/impl/TopicsConsumerImplTest.java
@@ -50,6 +50,7 @@ import org.apache.pulsar.client.api.Producer;
import org.apache.pulsar.client.api.ProducerConsumerBase;
import org.apache.pulsar.client.api.PulsarClientException;
import org.apache.pulsar.client.api.SubscriptionType;
+import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -780,6 +781,8 @@ public class TopicsConsumerImplTest extends ProducerConsumerBase {
final String topicName = "persistent://" + namespace + "/expiry";
final String subName = "expiredSub";
+ admin.clusters().createCluster("use", new ClusterData(brokerUrl.toString()));
+
admin.tenants().createTenant("prop", new TenantInfo(null, Sets.newHashSet("use")));
admin.namespaces().createNamespace(namespace);
diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/AuthedAdminProxyHandlerTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/AuthedAdminProxyHandlerTest.java
index 231099e..7faf848 100644
--- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/AuthedAdminProxyHandlerTest.java
+++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/AuthedAdminProxyHandlerTest.java
@@ -32,6 +32,7 @@ import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.client.impl.auth.AuthenticationTls;
import org.apache.pulsar.common.configuration.PulsarConfigurationLoader;
+import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.apache.pulsar.policies.data.loadbalancer.LoadManagerReport;
import org.apache.pulsar.policies.data.loadbalancer.LoadReport;
@@ -151,6 +152,8 @@ public class AuthedAdminProxyHandlerTest extends MockedPulsarServiceBaseTest {
// expected
}
+ brokerAdmin.clusters().createCluster(configClusterName, new ClusterData(brokerUrl.toString()));
+
brokerAdmin.tenants().createTenant("tenant1",
new TenantInfo(ImmutableSet.of("user1"),
ImmutableSet.of(configClusterName)));
diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationNegTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationNegTest.java
index 9aa23dd..d1df946 100644
--- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationNegTest.java
+++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationNegTest.java
@@ -40,6 +40,7 @@ import org.apache.pulsar.client.api.Schema;
import org.apache.pulsar.client.impl.auth.AuthenticationTls;
import org.apache.pulsar.common.configuration.PulsarConfigurationLoader;
import org.apache.pulsar.common.policies.data.AuthAction;
+import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.mockito.Mockito;
import org.slf4j.Logger;
@@ -164,6 +165,8 @@ public class ProxyWithAuthorizationNegTest extends ProducerConsumerBase {
String namespaceName = "my-property/proxy-authorization-neg/my-ns";
+ admin.clusters().createCluster("proxy-authorization-neg", new ClusterData(brokerUrl.toString()));
+
admin.tenants().createTenant("my-property",
new TenantInfo(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet("proxy-authorization-neg")));
admin.namespaces().createNamespace(namespaceName);
diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationTest.java
index 7182c0e..dd1da64 100644
--- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationTest.java
+++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationTest.java
@@ -42,6 +42,7 @@ import org.apache.pulsar.client.api.Schema;
import org.apache.pulsar.client.impl.auth.AuthenticationTls;
import org.apache.pulsar.common.configuration.PulsarConfigurationLoader;
import org.apache.pulsar.common.policies.data.AuthAction;
+import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.mockito.Mockito;
import org.slf4j.Logger;
@@ -229,6 +230,8 @@ public class ProxyWithAuthorizationTest extends ProducerConsumerBase {
String namespaceName = "my-property/proxy-authorization/my-ns";
+ admin.clusters().createCluster("proxy-authorization", new ClusterData(brokerUrl.toString()));
+
admin.tenants().createTenant("my-property",
new TenantInfo(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet("proxy-authorization")));
admin.namespaces().createNamespace(namespaceName);
@@ -281,6 +284,8 @@ public class ProxyWithAuthorizationTest extends ProducerConsumerBase {
String namespaceName = "my-property/proxy-authorization/my-ns";
+ admin.clusters().createCluster("proxy-authorization", new ClusterData(brokerUrl.toString()));
+
admin.tenants().createTenant("my-property",
new TenantInfo(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet("proxy-authorization")));
admin.namespaces().createNamespace(namespaceName);
@@ -331,6 +336,8 @@ public class ProxyWithAuthorizationTest extends ProducerConsumerBase {
String namespaceName = "my-property/proxy-authorization/my-ns";
+ admin.clusters().createCluster("proxy-authorization", new ClusterData(brokerUrl.toString()));
+
admin.tenants().createTenant("my-property",
new TenantInfo(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet("proxy-authorization")));
admin.namespaces().createNamespace(namespaceName);
@@ -366,6 +373,8 @@ public class ProxyWithAuthorizationTest extends ProducerConsumerBase {
String namespaceName = "my-property/proxy-authorization/my-ns";
createAdminClient();
+ admin.clusters().createCluster("proxy-authorization", new ClusterData(brokerUrl.toString()));
+
admin.tenants().createTenant("my-property",
new TenantInfo(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet("proxy-authorization")));
admin.namespaces().createNamespace(namespaceName);
diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java
index db78adb..78d0f0e 100644
--- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java
+++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java
@@ -38,6 +38,7 @@ import org.apache.pulsar.client.api.PulsarClient;
import org.apache.pulsar.client.api.Schema;
import org.apache.pulsar.client.impl.auth.AuthenticationTls;
import org.apache.pulsar.common.configuration.PulsarConfigurationLoader;
+import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.mockito.Mockito;
import org.slf4j.Logger;
@@ -158,6 +159,8 @@ public class ProxyWithoutServiceDiscoveryTest extends ProducerConsumerBase {
// create a client which connects to proxy over tls and pass authData
PulsarClient proxyClient = createPulsarClient(authTls, proxyServiceUrl);
+ admin.clusters().createCluster("without-service-discovery", new ClusterData(brokerUrl.toString()));
+
admin.tenants().createTenant("my-property", new TenantInfo(Sets.newHashSet("appid1", "appid2"),
Sets.newHashSet("without-service-discovery")));
admin.namespaces().createNamespace("my-property/without-service-discovery/my-ns");
diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/SuperUserAuthedAdminProxyHandlerTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/SuperUserAuthedAdminProxyHandlerTest.java
index c29e6ab..0f4c4dd 100644
--- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/SuperUserAuthedAdminProxyHandlerTest.java
+++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/SuperUserAuthedAdminProxyHandlerTest.java
@@ -32,6 +32,7 @@ import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.client.impl.auth.AuthenticationTls;
import org.apache.pulsar.common.configuration.PulsarConfigurationLoader;
+import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.policies.data.loadbalancer.LoadManagerReport;
import org.apache.pulsar.policies.data.loadbalancer.LoadReport;
import org.eclipse.jetty.servlet.ServletHolder;
@@ -133,6 +134,7 @@ public class SuperUserAuthedAdminProxyHandlerTest extends MockedPulsarServiceBas
@Test
public void testAuthenticatedProxyAsAdmin() throws Exception {
try (PulsarAdmin adminAdmin = getAdminClient("admin")) {
+ adminAdmin.clusters().createCluster(configClusterName, new ClusterData(brokerUrl.toString()));
adminAdmin.tenants().createTenant("tenant1",
new TenantInfo(ImmutableSet.of("randoUser"),
ImmutableSet.of(configClusterName)));
@@ -150,6 +152,7 @@ public class SuperUserAuthedAdminProxyHandlerTest extends MockedPulsarServiceBas
} catch (PulsarAdminException.NotAuthorizedException e) {
// expected
}
+ adminAdmin.clusters().createCluster(configClusterName, new ClusterData(brokerUrl.toString()));
adminAdmin.tenants().createTenant("tenant1",
new TenantInfo(ImmutableSet.of("unknownUser"),
ImmutableSet.of(configClusterName)));