You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by gi...@apache.org on 2019/07/09 20:17:02 UTC
[incubator-druid] branch master updated: SupervisorManager: Add
authorization checks to bulk endpoints. (#8044)
This is an automated email from the ASF dual-hosted git repository.
gian pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-druid.git
The following commit(s) were added to refs/heads/master by this push:
new 338b8b3 SupervisorManager: Add authorization checks to bulk endpoints. (#8044)
338b8b3 is described below
commit 338b8b3fefb836d4adcb9c6dfcb8c1995293f86b
Author: Gian Merlino <gi...@gmail.com>
AuthorDate: Tue Jul 9 13:16:54 2019 -0700
SupervisorManager: Add authorization checks to bulk endpoints. (#8044)
The endpoints added in #6272 were missing authorization checks. This patch removes the bulk
methods from SupervisorManager, and instead has SupervisorResource run the full list through
filterAuthorizedSupervisorIds before calling resume/suspend/terminate one by one.
---
.../overlord/supervisor/SupervisorManager.java | 20 --
.../overlord/supervisor/SupervisorResource.java | 34 ++-
.../supervisor/SupervisorResourceTest.java | 270 ++++++++++++---------
.../server/security/AuthenticationResult.java | 2 +
4 files changed, 189 insertions(+), 137 deletions(-)
diff --git a/indexing-service/src/main/java/org/apache/druid/indexing/overlord/supervisor/SupervisorManager.java b/indexing-service/src/main/java/org/apache/druid/indexing/overlord/supervisor/SupervisorManager.java
index 5727c4e..4872f20 100644
--- a/indexing-service/src/main/java/org/apache/druid/indexing/overlord/supervisor/SupervisorManager.java
+++ b/indexing-service/src/main/java/org/apache/druid/indexing/overlord/supervisor/SupervisorManager.java
@@ -107,26 +107,6 @@ public class SupervisorManager
}
}
- public void stopAndRemoveAllSupervisors()
- {
- Preconditions.checkState(started, "SupervisorManager not started");
-
- synchronized (lock) {
- Preconditions.checkState(started, "SupervisorManager not started");
- supervisors.keySet().forEach(id -> possiblyStopAndRemoveSupervisorInternal(id, true));
- }
- }
-
- public void suspendOrResumeAllSupervisors(boolean suspend)
- {
- Preconditions.checkState(started, "SupervisorManager not started");
-
- synchronized (lock) {
- Preconditions.checkState(started, "SupervisorManager not started");
- supervisors.keySet().forEach(id -> possiblySuspendOrResumeSupervisorInternal(id, suspend));
- }
- }
-
@LifecycleStart
public void start()
{
diff --git a/indexing-service/src/main/java/org/apache/druid/indexing/overlord/supervisor/SupervisorResource.java b/indexing-service/src/main/java/org/apache/druid/indexing/overlord/supervisor/SupervisorResource.java
index e7e9daf..1762903 100644
--- a/indexing-service/src/main/java/org/apache/druid/indexing/overlord/supervisor/SupervisorResource.java
+++ b/indexing-service/src/main/java/org/apache/druid/indexing/overlord/supervisor/SupervisorResource.java
@@ -306,27 +306,36 @@ public class SupervisorResource
@POST
@Path("/suspendAll")
@Produces(MediaType.APPLICATION_JSON)
- public Response suspendAll()
+ public Response suspendAll(@Context final HttpServletRequest req)
{
- return suspendOrResumeAll(true);
+ return suspendOrResumeAll(req, true);
}
@POST
@Path("/resumeAll")
@Produces(MediaType.APPLICATION_JSON)
- public Response resumeAll()
+ public Response resumeAll(@Context final HttpServletRequest req)
{
- return suspendOrResumeAll(false);
+ return suspendOrResumeAll(req, false);
}
@POST
@Path("/terminateAll")
@Produces(MediaType.APPLICATION_JSON)
- public Response terminateAll()
+ public Response terminateAll(@Context final HttpServletRequest req)
{
return asLeaderWithSupervisorManager(
manager -> {
- manager.stopAndRemoveAllSupervisors();
+ Set<String> authorizedSupervisorIds = filterAuthorizedSupervisorIds(
+ req,
+ manager,
+ manager.getSupervisorIds()
+ );
+
+ for (final String supervisorId : authorizedSupervisorIds) {
+ manager.stopAndRemoveSupervisor(supervisorId);
+ }
+
return Response.ok(ImmutableMap.of("status", "success")).build();
}
);
@@ -473,11 +482,20 @@ public class SupervisorResource
);
}
- private Response suspendOrResumeAll(boolean suspend)
+ private Response suspendOrResumeAll(final HttpServletRequest req, final boolean suspend)
{
return asLeaderWithSupervisorManager(
manager -> {
- manager.suspendOrResumeAllSupervisors(suspend);
+ Set<String> authorizedSupervisorIds = filterAuthorizedSupervisorIds(
+ req,
+ manager,
+ manager.getSupervisorIds()
+ );
+
+ for (final String supervisorId : authorizedSupervisorIds) {
+ manager.suspendOrResumeSupervisor(supervisorId, suspend);
+ }
+
return Response.ok(ImmutableMap.of("status", "success")).build();
}
);
diff --git a/indexing-service/src/test/java/org/apache/druid/indexing/overlord/supervisor/SupervisorResourceTest.java b/indexing-service/src/test/java/org/apache/druid/indexing/overlord/supervisor/SupervisorResourceTest.java
index f6cb0080..ef477fe 100644
--- a/indexing-service/src/test/java/org/apache/druid/indexing/overlord/supervisor/SupervisorResourceTest.java
+++ b/indexing-service/src/test/java/org/apache/druid/indexing/overlord/supervisor/SupervisorResourceTest.java
@@ -53,6 +53,20 @@ import java.util.Set;
@RunWith(EasyMockRunner.class)
public class SupervisorResourceTest extends EasyMockSupport
{
+ private static final TestSupervisorSpec SPEC1 = new TestSupervisorSpec(
+ "id1",
+ null,
+ Collections.singletonList("datasource1")
+ );
+
+ private static final TestSupervisorSpec SPEC2 = new TestSupervisorSpec(
+ "id2",
+ null,
+ Collections.singletonList("datasource2")
+ );
+
+ private static final Set<String> SUPERVISOR_IDS = ImmutableSet.of(SPEC1.getId(), SPEC2.getId());
+
@Mock
private TaskMaster taskMaster;
@@ -133,30 +147,10 @@ public class SupervisorResourceTest extends EasyMockSupport
@Test
public void testSpecGetAll()
{
- Set<String> supervisorIds = ImmutableSet.of("id1", "id2");
- SupervisorSpec spec1 = new TestSupervisorSpec("id1", null, null)
- {
-
- @Override
- public List<String> getDataSources()
- {
- return Collections.singletonList("datasource1");
- }
- };
- SupervisorSpec spec2 = new TestSupervisorSpec("id2", null, null)
- {
-
- @Override
- public List<String> getDataSources()
- {
- return Collections.singletonList("datasource2");
- }
- };
-
EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager));
- EasyMock.expect(supervisorManager.getSupervisorIds()).andReturn(supervisorIds).atLeastOnce();
- EasyMock.expect(supervisorManager.getSupervisorSpec("id1")).andReturn(Optional.of(spec1));
- EasyMock.expect(supervisorManager.getSupervisorSpec("id2")).andReturn(Optional.of(spec2));
+ EasyMock.expect(supervisorManager.getSupervisorIds()).andReturn(SUPERVISOR_IDS).atLeastOnce();
+ EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC1.getId())).andReturn(Optional.of(SPEC1));
+ EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC2.getId())).andReturn(Optional.of(SPEC2));
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(
@@ -170,7 +164,7 @@ public class SupervisorResourceTest extends EasyMockSupport
verifyAll();
Assert.assertEquals(200, response.getStatus());
- Assert.assertEquals(supervisorIds, response.getEntity());
+ Assert.assertEquals(SUPERVISOR_IDS, response.getEntity());
resetAll();
EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.absent());
@@ -185,33 +179,13 @@ public class SupervisorResourceTest extends EasyMockSupport
@Test
public void testSpecGetAllFull()
{
- Set<String> supervisorIds = ImmutableSet.of("id1", "id2");
-
- SupervisorSpec spec1 = new TestSupervisorSpec("id1", null, null)
- {
-
- @Override
- public List<String> getDataSources()
- {
- return Collections.singletonList("datasource1");
- }
- };
- SupervisorSpec spec2 = new TestSupervisorSpec("id2", null, null)
- {
-
- @Override
- public List<String> getDataSources()
- {
- return Collections.singletonList("datasource2");
- }
- };
SupervisorStateManager.State state1 = SupervisorStateManager.BasicState.RUNNING;
SupervisorStateManager.State state2 = SupervisorStateManager.BasicState.SUSPENDED;
EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager));
- EasyMock.expect(supervisorManager.getSupervisorIds()).andReturn(supervisorIds).atLeastOnce();
- EasyMock.expect(supervisorManager.getSupervisorSpec("id1")).andReturn(Optional.of(spec1)).times(2);
- EasyMock.expect(supervisorManager.getSupervisorSpec("id2")).andReturn(Optional.of(spec2)).times(2);
+ EasyMock.expect(supervisorManager.getSupervisorIds()).andReturn(SUPERVISOR_IDS).atLeastOnce();
+ EasyMock.expect(supervisorManager.getSupervisorSpec("id1")).andReturn(Optional.of(SPEC1)).times(2);
+ EasyMock.expect(supervisorManager.getSupervisorSpec("id2")).andReturn(Optional.of(SPEC2)).times(2);
EasyMock.expect(supervisorManager.getSupervisorState("id1")).andReturn(Optional.of(state1)).times(1);
EasyMock.expect(supervisorManager.getSupervisorState("id2")).andReturn(Optional.of(state2)).times(1);
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
@@ -231,8 +205,8 @@ public class SupervisorResourceTest extends EasyMockSupport
Assert.assertTrue(
specs.stream()
.allMatch(spec ->
- ("id1".equals(spec.get("id")) && spec1.equals(spec.get("spec"))) ||
- ("id2".equals(spec.get("id")) && spec2.equals(spec.get("spec")))
+ ("id1".equals(spec.get("id")) && SPEC1.equals(spec.get("spec"))) ||
+ ("id2".equals(spec.get("id")) && SPEC2.equals(spec.get("spec")))
)
);
}
@@ -240,33 +214,13 @@ public class SupervisorResourceTest extends EasyMockSupport
@Test
public void testSpecGetState()
{
- Set<String> supervisorIds = ImmutableSet.of("id1", "id2");
- SupervisorSpec spec1 = new TestSupervisorSpec("id1", null, null)
- {
-
- @Override
- public List<String> getDataSources()
- {
- return Collections.singletonList("datasource1");
- }
- };
- SupervisorSpec spec2 = new TestSupervisorSpec("id2", null, null)
- {
-
- @Override
- public List<String> getDataSources()
- {
- return Collections.singletonList("datasource2");
- }
- };
-
SupervisorStateManager.State state1 = SupervisorStateManager.BasicState.RUNNING;
SupervisorStateManager.State state2 = SupervisorStateManager.BasicState.SUSPENDED;
EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager));
- EasyMock.expect(supervisorManager.getSupervisorIds()).andReturn(supervisorIds).atLeastOnce();
- EasyMock.expect(supervisorManager.getSupervisorSpec("id1")).andReturn(Optional.of(spec1)).times(1);
- EasyMock.expect(supervisorManager.getSupervisorSpec("id2")).andReturn(Optional.of(spec2)).times(1);
+ EasyMock.expect(supervisorManager.getSupervisorIds()).andReturn(SUPERVISOR_IDS).atLeastOnce();
+ EasyMock.expect(supervisorManager.getSupervisorSpec("id1")).andReturn(Optional.of(SPEC1)).times(1);
+ EasyMock.expect(supervisorManager.getSupervisorSpec("id2")).andReturn(Optional.of(SPEC2)).times(1);
EasyMock.expect(supervisorManager.getSupervisorState("id1")).andReturn(Optional.of(state1)).times(1);
EasyMock.expect(supervisorManager.getSupervisorState("id2")).andReturn(Optional.of(state2)).times(1);
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
@@ -285,19 +239,19 @@ public class SupervisorResourceTest extends EasyMockSupport
List<Map<String, Object>> states = (List<Map<String, Object>>) response.getEntity();
Assert.assertTrue(
states.stream()
- .allMatch(state -> {
- final String id = (String) state.get("id");
- if ("id1".equals(id)) {
- return state1.equals(state.get("state"))
- && state1.equals(state.get("detailedState"))
- && (Boolean) state.get("healthy") == state1.isHealthy();
- } else if ("id2".equals(id)) {
- return state2.equals(state.get("state"))
- && state2.equals(state.get("detailedState"))
- && (Boolean) state.get("healthy") == state2.isHealthy();
- }
- return false;
- })
+ .allMatch(state -> {
+ final String id = (String) state.get("id");
+ if ("id1".equals(id)) {
+ return state1.equals(state.get("state"))
+ && state1.equals(state.get("detailedState"))
+ && (Boolean) state.get("healthy") == state1.isHealthy();
+ } else if ("id2".equals(id)) {
+ return state2.equals(state.get("state"))
+ && state2.equals(state.get("detailedState"))
+ && (Boolean) state.get("healthy") == state2.isHealthy();
+ }
+ return false;
+ })
);
}
@@ -502,11 +456,46 @@ public class SupervisorResourceTest extends EasyMockSupport
public void testSuspendAll()
{
EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager));
- supervisorManager.suspendOrResumeAllSupervisors(true);
- EasyMock.expectLastCall();
+ EasyMock.expect(supervisorManager.getSupervisorIds()).andReturn(SUPERVISOR_IDS).atLeastOnce();
+ EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC1.getId())).andReturn(Optional.of(SPEC1));
+ EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC2.getId())).andReturn(Optional.of(SPEC2));
+ EasyMock.expect(supervisorManager.suspendOrResumeSupervisor(SPEC1.getId(), true)).andReturn(true);
+ EasyMock.expect(supervisorManager.suspendOrResumeSupervisor(SPEC2.getId(), true)).andReturn(true);
+
+ EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
+ EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
+ EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(
+ new AuthenticationResult("druid", "druid", null, null)
+ ).atLeastOnce();
+ request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
+ EasyMock.expectLastCall().anyTimes();
+ replayAll();
+
+ Response response = supervisorResource.suspendAll(request);
+ Assert.assertEquals(200, response.getStatus());
+ Assert.assertEquals(ImmutableMap.of("status", "success"), response.getEntity());
+ verifyAll();
+ }
+
+ @Test
+ public void testSuspendAllWithPartialAuthorization()
+ {
+ EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager));
+ EasyMock.expect(supervisorManager.getSupervisorIds()).andReturn(SUPERVISOR_IDS).atLeastOnce();
+ EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC1.getId())).andReturn(Optional.of(SPEC1));
+ EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC2.getId())).andReturn(Optional.of(SPEC2));
+ EasyMock.expect(supervisorManager.suspendOrResumeSupervisor(SPEC1.getId(), true)).andReturn(true);
+
+ EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
+ EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
+ EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(
+ new AuthenticationResult("notDruid", "druid", null, null)
+ ).atLeastOnce();
+ request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
+ EasyMock.expectLastCall().anyTimes();
replayAll();
- Response response = supervisorResource.suspendAll();
+ Response response = supervisorResource.suspendAll(request);
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(ImmutableMap.of("status", "success"), response.getEntity());
verifyAll();
@@ -516,11 +505,46 @@ public class SupervisorResourceTest extends EasyMockSupport
public void testResumeAll()
{
EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager));
- supervisorManager.suspendOrResumeAllSupervisors(false);
- EasyMock.expectLastCall();
+ EasyMock.expect(supervisorManager.getSupervisorIds()).andReturn(SUPERVISOR_IDS).atLeastOnce();
+ EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC1.getId())).andReturn(Optional.of(SPEC1));
+ EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC2.getId())).andReturn(Optional.of(SPEC2));
+ EasyMock.expect(supervisorManager.suspendOrResumeSupervisor(SPEC1.getId(), false)).andReturn(true);
+ EasyMock.expect(supervisorManager.suspendOrResumeSupervisor(SPEC2.getId(), false)).andReturn(true);
+
+ EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
+ EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
+ EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(
+ new AuthenticationResult("druid", "druid", null, null)
+ ).atLeastOnce();
+ request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
+ EasyMock.expectLastCall().anyTimes();
+ replayAll();
+
+ Response response = supervisorResource.resumeAll(request);
+ Assert.assertEquals(200, response.getStatus());
+ Assert.assertEquals(ImmutableMap.of("status", "success"), response.getEntity());
+ verifyAll();
+ }
+
+ @Test
+ public void testResumeAllWithPartialAuthorization()
+ {
+ EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager));
+ EasyMock.expect(supervisorManager.getSupervisorIds()).andReturn(SUPERVISOR_IDS).atLeastOnce();
+ EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC1.getId())).andReturn(Optional.of(SPEC1));
+ EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC2.getId())).andReturn(Optional.of(SPEC2));
+ EasyMock.expect(supervisorManager.suspendOrResumeSupervisor(SPEC1.getId(), false)).andReturn(true);
+
+ EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
+ EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
+ EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(
+ new AuthenticationResult("notDruid", "druid", null, null)
+ ).atLeastOnce();
+ request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
+ EasyMock.expectLastCall().anyTimes();
replayAll();
- Response response = supervisorResource.resumeAll();
+ Response response = supervisorResource.resumeAll(request);
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(ImmutableMap.of("status", "success"), response.getEntity());
verifyAll();
@@ -530,11 +554,46 @@ public class SupervisorResourceTest extends EasyMockSupport
public void testTerminateAll()
{
EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager));
- supervisorManager.stopAndRemoveAllSupervisors();
- EasyMock.expectLastCall();
+ EasyMock.expect(supervisorManager.getSupervisorIds()).andReturn(SUPERVISOR_IDS).atLeastOnce();
+ EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC1.getId())).andReturn(Optional.of(SPEC1));
+ EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC2.getId())).andReturn(Optional.of(SPEC2));
+ EasyMock.expect(supervisorManager.stopAndRemoveSupervisor(SPEC1.getId())).andReturn(true);
+ EasyMock.expect(supervisorManager.stopAndRemoveSupervisor(SPEC2.getId())).andReturn(true);
+
+ EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
+ EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
+ EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(
+ new AuthenticationResult("druid", "druid", null, null)
+ ).atLeastOnce();
+ request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
+ EasyMock.expectLastCall().anyTimes();
+ replayAll();
+
+ Response response = supervisorResource.terminateAll(request);
+ Assert.assertEquals(200, response.getStatus());
+ Assert.assertEquals(ImmutableMap.of("status", "success"), response.getEntity());
+ verifyAll();
+ }
+
+ @Test
+ public void testTerminateAllWithPartialAuthorization()
+ {
+ EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager));
+ EasyMock.expect(supervisorManager.getSupervisorIds()).andReturn(SUPERVISOR_IDS).atLeastOnce();
+ EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC1.getId())).andReturn(Optional.of(SPEC1));
+ EasyMock.expect(supervisorManager.getSupervisorSpec(SPEC2.getId())).andReturn(Optional.of(SPEC2));
+ EasyMock.expect(supervisorManager.stopAndRemoveSupervisor(SPEC1.getId())).andReturn(true);
+
+ EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
+ EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
+ EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(
+ new AuthenticationResult("notDruid", "druid", null, null)
+ ).atLeastOnce();
+ request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
+ EasyMock.expectLastCall().anyTimes();
replayAll();
- Response response = supervisorResource.terminateAll();
+ Response response = supervisorResource.terminateAll(request);
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(ImmutableMap.of("status", "success"), response.getEntity());
verifyAll();
@@ -604,10 +663,8 @@ public class SupervisorResourceTest extends EasyMockSupport
EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager)).times(2);
EasyMock.expect(supervisorManager.getSupervisorHistory()).andReturn(history);
- SupervisorSpec spec1 = new TestSupervisorSpec("id1", null, Collections.singletonList("datasource1"));
- SupervisorSpec spec2 = new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2"));
- EasyMock.expect(supervisorManager.getSupervisorSpec("id1")).andReturn(Optional.of(spec1)).atLeastOnce();
- EasyMock.expect(supervisorManager.getSupervisorSpec("id2")).andReturn(Optional.of(spec2)).atLeastOnce();
+ EasyMock.expect(supervisorManager.getSupervisorSpec("id1")).andReturn(Optional.of(SPEC1)).atLeastOnce();
+ EasyMock.expect(supervisorManager.getSupervisorSpec("id2")).andReturn(Optional.of(SPEC2)).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(
@@ -634,7 +691,7 @@ public class SupervisorResourceTest extends EasyMockSupport
}
@Test
- public void testSpecGetAllHistoryWithAuthFailureFiltering()
+ public void testSpecGetAllHistoryWithPartialAuthorization()
{
List<VersionedSupervisorSpec> versions1 = ImmutableList.of(
new VersionedSupervisorSpec(
@@ -717,10 +774,8 @@ public class SupervisorResourceTest extends EasyMockSupport
EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager)).times(2);
EasyMock.expect(supervisorManager.getSupervisorHistory()).andReturn(history);
- SupervisorSpec spec1 = new TestSupervisorSpec("id1", null, Collections.singletonList("datasource1"));
- SupervisorSpec spec2 = new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2"));
- EasyMock.expect(supervisorManager.getSupervisorSpec("id1")).andReturn(Optional.of(spec1)).atLeastOnce();
- EasyMock.expect(supervisorManager.getSupervisorSpec("id2")).andReturn(Optional.of(spec2)).atLeastOnce();
+ EasyMock.expect(supervisorManager.getSupervisorSpec("id1")).andReturn(Optional.of(SPEC1)).atLeastOnce();
+ EasyMock.expect(supervisorManager.getSupervisorSpec("id2")).andReturn(Optional.of(SPEC2)).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(
@@ -1020,12 +1075,9 @@ public class SupervisorResourceTest extends EasyMockSupport
NoopSupervisorSpec deserializedSpec = mapper.readValue(oldSpec, NoopSupervisorSpec.class);
Assert.assertEquals(expectedSpec, deserializedSpec);
- NoopSupervisorSpec spec1 = new NoopSupervisorSpec("abcd", Collections.singletonList("defg"));
- NoopSupervisorSpec spec2 = mapper.readValue(
- mapper.writeValueAsBytes(spec1),
- NoopSupervisorSpec.class
- );
- Assert.assertEquals(spec1, spec2);
+ NoopSupervisorSpec spec = new NoopSupervisorSpec("abcd", Collections.singletonList("defg"));
+ NoopSupervisorSpec specRoundTrip = mapper.readValue(mapper.writeValueAsBytes(spec), NoopSupervisorSpec.class);
+ Assert.assertEquals(spec, specRoundTrip);
}
private static class TestSupervisorSpec implements SupervisorSpec
diff --git a/server/src/main/java/org/apache/druid/server/security/AuthenticationResult.java b/server/src/main/java/org/apache/druid/server/security/AuthenticationResult.java
index 854aa5e..4e7a3da 100644
--- a/server/src/main/java/org/apache/druid/server/security/AuthenticationResult.java
+++ b/server/src/main/java/org/apache/druid/server/security/AuthenticationResult.java
@@ -76,11 +76,13 @@ public class AuthenticationResult
return authorizerName;
}
+ @Nullable
public Map<String, Object> getContext()
{
return context;
}
+ @Nullable
public String getAuthenticatedBy()
{
return authenticatedBy;
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org