You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@storm.apache.org by ka...@apache.org on 2016/08/16 14:07:58 UTC
[1/3] storm git commit: Port Test cases - STORM-1234, STORM-1240,
STORM-1251, STORM-1256
Repository: storm
Updated Branches:
refs/heads/master a1a952a4a -> da5c3acd7
Port Test cases - STORM-1234, STORM-1240, STORM-1251, STORM-1256
Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/45bf3ef9
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/45bf3ef9
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/45bf3ef9
Branch: refs/heads/master
Commit: 45bf3ef9f461770eaf342cdfb2d7b9c9a8963f1f
Parents: 2444393
Author: Abhishek Agarwal <ab...@appdynamics.com>
Authored: Fri Aug 12 16:03:10 2016 +0530
Committer: Abhishek Agarwal <ab...@appdynamics.com>
Committed: Fri Aug 12 16:03:10 2016 +0530
----------------------------------------------------------------------
.../auth/DefaultHttpCredentialsPlugin_test.clj | 75 ------
.../authorizer/DRPCSimpleACLAuthorizer_test.clj | 241 -------------------
.../serialization/SerializationFactory_test.clj | 54 -----
.../utils/ZookeeperServerCnxnFactory_test.clj | 35 ---
.../auth/DefaultHttpCredentialsPluginTest.java | 90 +++++++
.../authorizer/DRPCSimpleACLAuthorizerTest.java | 163 +++++++++++++
.../serialization/SerializationFactoryTest.java | 61 +++++
.../utils/ZookeeperServerCnxnFactoryTest.java | 39 +++
8 files changed, 353 insertions(+), 405 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/storm/blob/45bf3ef9/storm-core/test/clj/org/apache/storm/security/auth/DefaultHttpCredentialsPlugin_test.clj
----------------------------------------------------------------------
diff --git a/storm-core/test/clj/org/apache/storm/security/auth/DefaultHttpCredentialsPlugin_test.clj b/storm-core/test/clj/org/apache/storm/security/auth/DefaultHttpCredentialsPlugin_test.clj
deleted file mode 100644
index b8b8f61..0000000
--- a/storm-core/test/clj/org/apache/storm/security/auth/DefaultHttpCredentialsPlugin_test.clj
+++ /dev/null
@@ -1,75 +0,0 @@
-;; Licensed to the Apache Software Foundation (ASF) under one
-;; or more contributor license agreements. See the NOTICE file
-;; distributed with this work for additional information
-;; regarding copyright ownership. The ASF licenses this file
-;; to you under the Apache License, Version 2.0 (the
-;; "License"); you may not use this file except in compliance
-;; with the License. You may obtain a copy of the License at
-;;
-;; http://www.apache.org/licenses/LICENSE-2.0
-;;
-;; Unless required by applicable law or agreed to in writing, software
-;; distributed under the License is distributed on an "AS IS" BASIS,
-;; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-;; See the License for the specific language governing permissions and
-;; limitations under the License.
-(ns org.apache.storm.security.auth.DefaultHttpCredentialsPlugin-test
- (:use [clojure test])
- (:import [javax.security.auth Subject])
- (:import [javax.servlet.http HttpServletRequest])
- (:import [org.apache.storm.security.auth SingleUserPrincipal])
- (:import [org.mockito Mockito])
- (:import [org.apache.storm.security.auth DefaultHttpCredentialsPlugin
- ReqContext SingleUserPrincipal])
- )
-
-(deftest test-getUserName
- (let [handler (doto (DefaultHttpCredentialsPlugin.) (.prepare {}))]
- (testing "returns null when request is null"
- (is (nil? (.getUserName handler nil))))
-
- (testing "returns null when user principal is null"
- (let [req (Mockito/mock HttpServletRequest)]
- (is (nil? (.getUserName handler req)))))
-
- (testing "returns null when user is blank"
- (let [princ (SingleUserPrincipal. "")
- req (Mockito/mock HttpServletRequest)]
- (. (Mockito/when (. req getUserPrincipal))
- thenReturn princ)
- (is (nil? (.getUserName handler req)))))
-
- (testing "returns correct user from requests principal"
- (let [exp-name "Alice"
- princ (SingleUserPrincipal. exp-name)
- req (Mockito/mock HttpServletRequest)]
- (. (Mockito/when (. req getUserPrincipal))
- thenReturn princ)
- (is (.equals exp-name (.getUserName handler req)))))
-
- (testing "returns doAsUser from requests principal when Header has doAsUser param set"
- (try
- (let [exp-name "Alice"
- do-as-user-name "Bob"
- princ (SingleUserPrincipal. exp-name)
- req (Mockito/mock HttpServletRequest)
- _ (. (Mockito/when (. req getUserPrincipal))
- thenReturn princ)
- _ (. (Mockito/when (. req getHeader "doAsUser"))
- thenReturn do-as-user-name)
- context (.populateContext handler (ReqContext/context) req)]
- (is (= true (.isImpersonating context)))
- (is (.equals exp-name (.getName (.realPrincipal context))))
- (is (.equals do-as-user-name (.getName (.principal context)))))
- (finally
- (ReqContext/reset))))))
-
-(deftest test-populate-req-context-on-null-user
- (try
- (let [req (Mockito/mock HttpServletRequest)
- handler (doto (DefaultHttpCredentialsPlugin.) (.prepare {}))
- subj (Subject. false (set [(SingleUserPrincipal. "test")]) (set []) (set []))
- context (ReqContext. subj)]
- (is (= 0 (-> handler (.populateContext context req) (.subject) (.getPrincipals) (.size)))))
- (finally
- (ReqContext/reset))))
http://git-wip-us.apache.org/repos/asf/storm/blob/45bf3ef9/storm-core/test/clj/org/apache/storm/security/auth/authorizer/DRPCSimpleACLAuthorizer_test.clj
----------------------------------------------------------------------
diff --git a/storm-core/test/clj/org/apache/storm/security/auth/authorizer/DRPCSimpleACLAuthorizer_test.clj b/storm-core/test/clj/org/apache/storm/security/auth/authorizer/DRPCSimpleACLAuthorizer_test.clj
deleted file mode 100644
index 5cce73b..0000000
--- a/storm-core/test/clj/org/apache/storm/security/auth/authorizer/DRPCSimpleACLAuthorizer_test.clj
+++ /dev/null
@@ -1,241 +0,0 @@
-;; Licensed to the Apache Software Foundation (ASF) under one
-;; or more contributor license agreements. See the NOTICE file
-;; distributed with this work for additional information
-;; regarding copyright ownership. The ASF licenses this file
-;; to you under the Apache License, Version 2.0 (the
-;; "License"); you may not use this file except in compliance
-;; with the License. You may obtain a copy of the License at
-;;
-;; http://www.apache.org/licenses/LICENSE-2.0
-;;
-;; Unless required by applicable law or agreed to in writing, software
-;; distributed under the License is distributed on an "AS IS" BASIS,
-;; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-;; See the License for the specific language governing permissions and
-;; limitations under the License.
-(ns org.apache.storm.security.auth.authorizer.DRPCSimpleACLAuthorizer-test
- (:use [clojure test])
- (:import [org.mockito Mockito])
- (:import [org.apache.storm Config])
- (:import [org.apache.storm.security.auth ReqContext SingleUserPrincipal])
- (:import [org.apache.storm.security.auth.authorizer DRPCSimpleACLAuthorizer])
- (:use [org.apache.storm config])
- )
-
-(defn- mk-mock-context [user]
- (let [mock-context (Mockito/mock ReqContext)]
- (. (Mockito/when (.principal mock-context)) thenReturn
- (SingleUserPrincipal. user))
- mock-context))
-
-(let [function "jump"
- partial-function "partial"
- alice-context (mk-mock-context "alice")
- alice-kerb-context (mk-mock-context "alice@SOME.RELM")
- bob-context (mk-mock-context "bob")
- charlie-context (mk-mock-context "charlie")
- acl-file "drpc-simple-acl-test-scenario.yaml"
- strict-handler (doto (DRPCSimpleACLAuthorizer.)
- (.prepare {DRPC-AUTHORIZER-ACL-STRICT true
- DRPC-AUTHORIZER-ACL-FILENAME acl-file
- STORM-PRINCIPAL-TO-LOCAL-PLUGIN "org.apache.storm.security.auth.KerberosPrincipalToLocal"}))
- permissive-handler (doto (DRPCSimpleACLAuthorizer.)
- (.prepare {DRPC-AUTHORIZER-ACL-STRICT false
- DRPC-AUTHORIZER-ACL-FILENAME acl-file
- STORM-PRINCIPAL-TO-LOCAL-PLUGIN "org.apache.storm.security.auth.KerberosPrincipalToLocal"}))]
-
- (deftest test-partial-authorization
- (testing "deny execute to unauthorized user"
- (is (not
- (.permit strict-handler
- (ReqContext/context)
- "execute"
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY partial-function}))))
-
- (testing "allow execute to authorized kerb user for correct function"
- (is
- (.permit
- strict-handler
- alice-kerb-context
- "execute"
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY partial-function})))
-
- (testing "deny fetchRequest to unauthorized user for correct function"
- (is (not
- (.permit
- strict-handler
- alice-kerb-context
- "fetchRequest"
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY partial-function}))))
- )
-
- (deftest test-client-authorization-strict
- (testing "deny execute to unauthorized user"
- (is (not
- (.permit strict-handler
- (ReqContext/context)
- "execute"
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY function}))))
-
- (testing "deny execute to valid user for incorrect function"
- (is (not
- (.permit
- strict-handler
- alice-context
- "execute"
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY "wrongFunction"}))))
-
- (testing "allow execute to authorized kerb user for correct function"
- (is
- (.permit
- strict-handler
- alice-kerb-context
- "execute"
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY function})))
-
- (testing "allow execute to authorized user for correct function"
- (is
- (.permit
- strict-handler
- alice-context
- "execute"
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY function}))))
-
-
- (deftest test-client-authorization-permissive
- (testing "deny execute to unauthorized user for correct function"
- (is (not
- (.permit permissive-handler
- (ReqContext/context)
- "execute"
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY function}))))
-
- (testing "allow execute for user for incorrect function when permissive"
- (is
- (.permit permissive-handler
- alice-context
- "execute"
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY "wrongFunction"})))
-
- (testing "allow execute for user for incorrect function when permissive"
- (is
- (.permit permissive-handler
- alice-kerb-context
- "execute"
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY "wrongFunction"})))
-
- (testing "allow execute to authorized user for correct function"
- (is
- (.permit permissive-handler
- bob-context
- "execute"
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY function}))))
-
- (deftest test-invocation-authorization-strict
- (doseq [operation ["fetchRequest" "failRequest" "result"]]
-
- (testing (str "deny " operation
- " to unauthorized user for correct function")
- (is (not
- (.permit
- strict-handler
- alice-context
- operation
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY function})))
-
- (testing (str "deny " operation
- " to user for incorrect function when strict")
- (is (not
- (.permit
- strict-handler
- charlie-context
- operation
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY "wrongFunction"}))))
-
- (testing (str "allow " operation
- " to authorized user for correct function")
- (is
- (.permit
- strict-handler
- charlie-context
- operation
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY function}))))))
-
- (deftest test-invocation-authorization-permissive
- (doseq [operation ["fetchRequest" "failRequest" "result"]]
-
- (testing (str "deny " operation
- " to unauthorized user for correct function")
- (is (not
- (.permit
- permissive-handler
- bob-context
- operation
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY function}))))
-
- (testing (str "allow " operation
- " to user for incorrect function when permissive")
- (is
- (.permit
- permissive-handler
- charlie-context
- operation
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY "wrongFunction"})))
-
- (testing (str operation " is allowed for authorized user")
- (is
- (.permit
- permissive-handler
- charlie-context
- operation
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY function})))))
-
- (deftest test-deny-when-no-function-given
- (is (not
- (.permit strict-handler alice-context "execute" {})))
-
- (is (not
- (.permit
- strict-handler
- alice-context
- "execute"
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY nil})))
-
- (is (not
- (.permit permissive-handler bob-context "execute" {})))
-
- (is (not
- (.permit
- permissive-handler
- bob-context
- "execute"
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY nil}))))
-
- (deftest test-deny-when-invalid-user-given
- (is (not
- (.permit
- strict-handler
- (Mockito/mock ReqContext)
- "execute"
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY function})))
-
- (is (not
- (.permit
- strict-handler
- nil
- "execute"
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY function})))
-
- (is (not
- (.permit
- permissive-handler
- (Mockito/mock ReqContext)
- "execute"
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY function})))
-
- (is (not
- (.permit
- permissive-handler
- nil
- "execute"
- {DRPCSimpleACLAuthorizer/FUNCTION_KEY function})))))
http://git-wip-us.apache.org/repos/asf/storm/blob/45bf3ef9/storm-core/test/clj/org/apache/storm/serialization/SerializationFactory_test.clj
----------------------------------------------------------------------
diff --git a/storm-core/test/clj/org/apache/storm/serialization/SerializationFactory_test.clj b/storm-core/test/clj/org/apache/storm/serialization/SerializationFactory_test.clj
deleted file mode 100644
index 64c24ef..0000000
--- a/storm-core/test/clj/org/apache/storm/serialization/SerializationFactory_test.clj
+++ /dev/null
@@ -1,54 +0,0 @@
-;; Licensed to the Apache Software Foundation (ASF) under one
-;; or more contributor license agreements. See the NOTICE file
-;; distributed with this work for additional information
-;; regarding copyright ownership. The ASF licenses this file
-;; to you under the Apache License, Version 2.0 (the
-;; "License"); you may not use this file except in compliance
-;; with the License. You may obtain a copy of the License at
-;;
-;; http://www.apache.org/licenses/LICENSE-2.0
-;;
-;; Unless required by applicable law or agreed to in writing, software
-;; distributed under the License is distributed on an "AS IS" BASIS,
-;; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-;; See the License for the specific language governing permissions and
-;; limitations under the License.
-(ns org.apache.storm.serialization.SerializationFactory-test
- (:import [org.apache.storm Config])
- (:import [org.apache.storm.security.serialization BlowfishTupleSerializer])
- (:import [org.apache.storm.serialization SerializationFactory])
- (:import [org.apache.storm.utils ListDelegate Utils])
- (:use [org.apache.storm util config])
- (:use [clojure test])
-)
-
-
-(deftest test-registers-default-when-not-in-conf
- (let [conf (clojurify-structure (Utils/readDefaultConfig))
- klass-name (get conf Config/TOPOLOGY_TUPLE_SERIALIZER)
- configured-class (Class/forName klass-name)
- kryo (SerializationFactory/getKryo conf)]
- (is (= configured-class (.getClass (.getSerializer kryo ListDelegate))))
- )
-)
-
-(deftest test-throws-runtimeexception-when-no-such-class
- (let [conf (merge (clojurify-structure (Utils/readDefaultConfig))
- {Config/TOPOLOGY_TUPLE_SERIALIZER "null.this.class.does.not.exist"})]
- (is (thrown? RuntimeException
- (SerializationFactory/getKryo conf)))
- )
-)
-
-(deftest test-registeres-when-valid-class-name
- (let [arbitrary-class-name
- (String. "org.apache.storm.security.serialization.BlowfishTupleSerializer")
- serializer-class (Class/forName arbitrary-class-name)
- arbitrary-key "0123456789abcdef"
- conf (merge (clojurify-structure (Utils/readDefaultConfig))
- {Config/TOPOLOGY_TUPLE_SERIALIZER arbitrary-class-name
- BlowfishTupleSerializer/SECRET_KEY arbitrary-key})
- kryo (SerializationFactory/getKryo conf)]
- (is (= serializer-class (.getClass (.getSerializer kryo ListDelegate))))
- )
-)
http://git-wip-us.apache.org/repos/asf/storm/blob/45bf3ef9/storm-core/test/clj/org/apache/storm/utils/ZookeeperServerCnxnFactory_test.clj
----------------------------------------------------------------------
diff --git a/storm-core/test/clj/org/apache/storm/utils/ZookeeperServerCnxnFactory_test.clj b/storm-core/test/clj/org/apache/storm/utils/ZookeeperServerCnxnFactory_test.clj
deleted file mode 100644
index b0866ed..0000000
--- a/storm-core/test/clj/org/apache/storm/utils/ZookeeperServerCnxnFactory_test.clj
+++ /dev/null
@@ -1,35 +0,0 @@
-;; Licensed to the Apache Software Foundation (ASF) under one
-;; or more contributor license agreements. See the NOTICE file
-;; distributed with this work for additional information
-;; regarding copyright ownership. The ASF licenses this file
-;; to you under the Apache License, Version 2.0 (the
-;; "License"); you may not use this file except in compliance
-;; with the License. You may obtain a copy of the License at
-;;
-;; http://www.apache.org/licenses/LICENSE-2.0
-;;
-;; Unless required by applicable law or agreed to in writing, software
-;; distributed under the License is distributed on an "AS IS" BASIS,
-;; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-;; See the License for the specific language governing permissions and
-;; limitations under the License.
-(ns org.apache.storm.utils.ZookeeperServerCnxnFactory-test
- (:import [org.apache.storm.utils ZookeeperServerCnxnFactory])
- (:use [clojure test])
-)
-
-(deftest test-constructor-throws-runtimeexception-if-port-too-large
- (is (thrown? RuntimeException (ZookeeperServerCnxnFactory. 65536 42)))
-)
-
-(deftest test-factory
- (let [zkcf-negative (ZookeeperServerCnxnFactory. -42 42)
- next-port (+ (.port zkcf-negative) 1)
- arbitrary-max-clients 42
- zkcf-next (ZookeeperServerCnxnFactory. next-port arbitrary-max-clients)]
- ; Test handling negative port
- (is (not (nil? zkcf-negative)))
- ; Test max-clients is correctly set.
- (is (= (-> zkcf-next .factory .getMaxClientCnxnsPerHost) arbitrary-max-clients))
- )
-)
http://git-wip-us.apache.org/repos/asf/storm/blob/45bf3ef9/storm-core/test/jvm/org/apache/storm/security/auth/DefaultHttpCredentialsPluginTest.java
----------------------------------------------------------------------
diff --git a/storm-core/test/jvm/org/apache/storm/security/auth/DefaultHttpCredentialsPluginTest.java b/storm-core/test/jvm/org/apache/storm/security/auth/DefaultHttpCredentialsPluginTest.java
new file mode 100644
index 0000000..44db438
--- /dev/null
+++ b/storm-core/test/jvm/org/apache/storm/security/auth/DefaultHttpCredentialsPluginTest.java
@@ -0,0 +1,90 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.storm.security.auth;
+
+import com.google.common.collect.ImmutableSet;
+import org.junit.Assert;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+import javax.security.auth.Subject;
+import javax.servlet.http.HttpServletRequest;
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.HashSet;
+
+public class DefaultHttpCredentialsPluginTest {
+
+ @Test
+ public void test_getUserName() {
+ DefaultHttpCredentialsPlugin handler = new DefaultHttpCredentialsPlugin();
+ handler.prepare(new HashMap());
+
+ Assert.assertNull("returns null when request is null", handler.getUserName(null));
+
+ Assert.assertNull("returns null when user principal is null", handler.getUserName(Mockito.mock(
+ HttpServletRequest.class)));
+
+ HttpServletRequest mockRequest = Mockito.mock(HttpServletRequest.class);
+ Mockito.when(mockRequest.getUserPrincipal()).thenReturn(new SingleUserPrincipal(""));
+ Assert.assertNull("returns null when user is blank", handler.getUserName(mockRequest));
+
+ String expName = "Alice";
+ mockRequest = Mockito.mock(HttpServletRequest.class);
+ Mockito.when(mockRequest.getUserPrincipal()).thenReturn(new SingleUserPrincipal(expName));
+ Assert.assertEquals("returns correct user from requests principal", expName, handler.getUserName(mockRequest));
+
+ try {
+ String doAsUserName = "Bob";
+ mockRequest = Mockito.mock(HttpServletRequest.class);
+ Mockito.when(mockRequest.getUserPrincipal()).thenReturn(new SingleUserPrincipal(expName));
+ Mockito.when(mockRequest.getHeader("doAsUser")).thenReturn(doAsUserName);
+ ReqContext context = handler.populateContext(ReqContext.context(), mockRequest);
+
+ Assert.assertTrue(context.isImpersonating());
+ Assert.assertEquals(expName, context.realPrincipal().getName());
+ Assert.assertEquals(doAsUserName, context.principal().getName());
+ } finally {
+ ReqContext.reset();
+ }
+ }
+
+ @Test
+ public void test_populate_req_context_on_null_user() {
+ try {
+ DefaultHttpCredentialsPlugin handler = new DefaultHttpCredentialsPlugin();
+ handler.prepare(new HashMap());
+ Subject subject =
+ new Subject(false, ImmutableSet.<Principal>of(new SingleUserPrincipal("test")), new HashSet<>(), new HashSet<>());
+ ReqContext context = new ReqContext(subject);
+
+
+ Assert.assertEquals(0, handler
+ .populateContext(context, Mockito.mock(HttpServletRequest.class))
+ .subject()
+ .getPrincipals()
+ .size()
+
+ );
+ } finally {
+ ReqContext.reset();
+ }
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/storm/blob/45bf3ef9/storm-core/test/jvm/org/apache/storm/security/auth/authorizer/DRPCSimpleACLAuthorizerTest.java
----------------------------------------------------------------------
diff --git a/storm-core/test/jvm/org/apache/storm/security/auth/authorizer/DRPCSimpleACLAuthorizerTest.java b/storm-core/test/jvm/org/apache/storm/security/auth/authorizer/DRPCSimpleACLAuthorizerTest.java
new file mode 100644
index 0000000..dce065d
--- /dev/null
+++ b/storm-core/test/jvm/org/apache/storm/security/auth/authorizer/DRPCSimpleACLAuthorizerTest.java
@@ -0,0 +1,163 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.storm.security.auth.authorizer;
+
+import com.google.common.collect.ImmutableMap;
+import org.apache.storm.Config;
+import org.apache.storm.security.auth.IAuthorizer;
+import org.apache.storm.security.auth.KerberosPrincipalToLocal;
+import org.apache.storm.security.auth.ReqContext;
+import org.apache.storm.security.auth.SingleUserPrincipal;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class DRPCSimpleACLAuthorizerTest {
+
+ private static IAuthorizer strictHandler;
+ private static IAuthorizer permissiveHandler;
+ private static final String function = "jump";
+ private static final String partialFunction = "partial";
+ private static final String wrongFunction = "wrongFunction";
+ private static final String aclFile = "drpc-simple-acl-test-scenario.yaml";
+ private static final ReqContext aliceContext = makeMockContext("alice");
+ private static final ReqContext aliceKerbContext = makeMockContext("alice@SOME.RELM");
+ private static final ReqContext bobContext = makeMockContext("bob");
+ private static final ReqContext charlieContext = makeMockContext("charlie");
+
+
+
+ @BeforeClass public static void setup() {
+ strictHandler = new DRPCSimpleACLAuthorizer();
+ strictHandler.prepare(ImmutableMap
+ .of(Config.DRPC_AUTHORIZER_ACL_STRICT, true, Config.DRPC_AUTHORIZER_ACL_FILENAME, aclFile,
+ Config.STORM_PRINCIPAL_TO_LOCAL_PLUGIN, KerberosPrincipalToLocal.class.getName()));
+
+ permissiveHandler = new DRPCSimpleACLAuthorizer();
+ permissiveHandler.prepare(ImmutableMap
+ .of(Config.DRPC_AUTHORIZER_ACL_STRICT, false, Config.DRPC_AUTHORIZER_ACL_FILENAME, aclFile,
+ Config.STORM_PRINCIPAL_TO_LOCAL_PLUGIN, KerberosPrincipalToLocal.class.getName()));
+ }
+
+ @Test public void test_partial_authorization() {
+
+ Assert.assertFalse("Deny execute to unauthroized user",
+ isPermitted(strictHandler, ReqContext.context(), "execute", partialFunction));
+
+ Assert.assertTrue("Allow execute to authorized kerb user for correct function",
+ isPermitted(strictHandler, aliceKerbContext, "execute", partialFunction));
+
+ Assert.assertFalse("Deny fetchRequest to unauthorized user for correct function",
+ isPermitted(strictHandler, aliceKerbContext, "fetchRequest", partialFunction));
+ }
+
+ @Test public void test_client_authorization_strict() {
+
+ Assert.assertFalse("Deny execute to unauthroized user",
+ isPermitted(strictHandler, ReqContext.context(), "execute", function));
+
+ Assert.assertFalse("Deny execute to valid user for incorrect function",
+ isPermitted(strictHandler, aliceContext, "execute", wrongFunction));
+
+ Assert.assertTrue("Allow execute to authorized kerb user for correct function",
+ isPermitted(strictHandler, aliceKerbContext, "execute", function));
+
+ Assert.assertTrue("Allow execute to authorized user for correct function",
+ isPermitted(strictHandler, aliceContext, "execute", function));
+ }
+
+ @Test public void test_client_authorization_permissive() {
+
+ Assert.assertFalse("deny execute to unauthorized user for correct function",
+ isPermitted(permissiveHandler, ReqContext.context(), "execute", function));
+
+ Assert.assertTrue("allow execute for user for incorrect function when permissive",
+ isPermitted(permissiveHandler, aliceContext, "execute", wrongFunction));
+
+ Assert.assertTrue("allow execute for user for incorrect function when permissive",
+ isPermitted(permissiveHandler, aliceKerbContext, "execute", wrongFunction));
+
+ Assert.assertTrue("allow execute to authorized user for correct function",
+ isPermitted(permissiveHandler, bobContext, "execute", function));
+ }
+
+ @Test public void test_invocation_authorization_strict() {
+ for (String operation : new String[] {"fetchRequest", "failRequest", "result"}) {
+ Assert.assertFalse("Deny " + operation + " to unauthorized user for correct function",
+ isPermitted(strictHandler, aliceContext, operation, function));
+
+ Assert.assertFalse("Deny " + operation + " to user for incorrect function when strict",
+ isPermitted(strictHandler, charlieContext, operation, wrongFunction));
+
+ Assert.assertTrue("allow " + operation + " to authorized user for correct function",
+ isPermitted(strictHandler, charlieContext, operation, function));
+ }
+ }
+
+ @Test public void test_invocation_authorization_permissive() {
+ for (String operation : new String[] {"fetchRequest", "failRequest", "result"}) {
+ Assert.assertFalse("Deny " + operation + " to unauthorized user for correct function",
+ isPermitted(permissiveHandler, bobContext, operation, function));
+
+ Assert.assertTrue("Allow " + operation + " to user for incorrect function when permissive",
+ isPermitted(permissiveHandler, charlieContext, operation, wrongFunction));
+
+ Assert.assertTrue("allow " + operation + " to authorized user",
+ isPermitted(permissiveHandler, charlieContext, operation, function));
+ }
+ }
+
+ @Test public void test_deny_when_no_function_given() {
+ Assert.assertFalse(strictHandler.permit(aliceContext, "execute", new HashMap()));
+
+ Assert.assertFalse(isPermitted(strictHandler, aliceContext, "execute", null));
+
+ Assert.assertFalse(permissiveHandler.permit(bobContext, "execute", new HashMap()));
+
+ Assert.assertFalse(isPermitted(permissiveHandler, bobContext, "execute", null));
+ }
+
+ @Test public void test_deny_when_invalid_user_given() {
+ Assert.assertFalse(isPermitted(strictHandler, Mockito.mock(ReqContext.class), "execute", function));
+
+ Assert.assertFalse(isPermitted(strictHandler, null, "execute", function));
+
+ Assert.assertFalse(isPermitted(permissiveHandler, Mockito.mock(ReqContext.class), "execute", function));
+
+ Assert.assertFalse(isPermitted(permissiveHandler, null, "execute", function));
+
+ }
+
+
+ private static ReqContext makeMockContext(String user) {
+ ReqContext mockContext = Mockito.mock(ReqContext.class);
+ Mockito.when(mockContext.principal()).thenReturn(new SingleUserPrincipal(user));
+ return mockContext;
+ }
+
+ private boolean isPermitted(IAuthorizer authorizer, ReqContext context, String operation, String function) {
+ Map config = new HashMap();
+ config.put(DRPCSimpleACLAuthorizer.FUNCTION_KEY, function);
+ return authorizer.permit(context, operation, config);
+ }
+}
http://git-wip-us.apache.org/repos/asf/storm/blob/45bf3ef9/storm-core/test/jvm/org/apache/storm/serialization/SerializationFactoryTest.java
----------------------------------------------------------------------
diff --git a/storm-core/test/jvm/org/apache/storm/serialization/SerializationFactoryTest.java b/storm-core/test/jvm/org/apache/storm/serialization/SerializationFactoryTest.java
new file mode 100644
index 0000000..72fdf1b
--- /dev/null
+++ b/storm-core/test/jvm/org/apache/storm/serialization/SerializationFactoryTest.java
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.storm.serialization;
+
+import com.esotericsoftware.kryo.Kryo;
+import org.apache.storm.Config;
+import org.apache.storm.security.serialization.BlowfishTupleSerializer;
+import org.apache.storm.utils.ListDelegate;
+import org.apache.storm.utils.Utils;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.util.Map;
+
+public class SerializationFactoryTest {
+
+ @Test
+ public void test_registers_default_when_not_in_conf() throws ClassNotFoundException {
+ Map conf = Utils.readDefaultConfig();
+ String className = (String) conf.get(Config.TOPOLOGY_TUPLE_SERIALIZER);
+ Class configuredClass = Class.forName(className);
+ Kryo kryo = SerializationFactory.getKryo(conf);
+ Assert.assertEquals(configuredClass, kryo.getSerializer(ListDelegate.class).getClass());
+ }
+
+ @Test(expected = RuntimeException.class)
+ public void test_throws_runtimeexception_when_no_such_class() {
+ Map conf = Utils.readDefaultConfig();
+ conf.put(Config.TOPOLOGY_TUPLE_SERIALIZER, "null.this.class.does.not.exist");
+ SerializationFactory.getKryo(conf);
+ }
+
+ @Test
+ public void test_registers_when_valid_class_name() {
+ Class arbitraryClass = BlowfishTupleSerializer.class;
+ String secretKey = "0123456789abcdef";
+ Map conf = Utils.readDefaultConfig();
+ conf.put(Config.TOPOLOGY_TUPLE_SERIALIZER, arbitraryClass.getName());
+ conf.put(BlowfishTupleSerializer.SECRET_KEY, secretKey);
+ Kryo kryo = SerializationFactory.getKryo(conf);
+ Assert.assertEquals(arbitraryClass, kryo.getSerializer(ListDelegate.class).getClass());
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/storm/blob/45bf3ef9/storm-core/test/jvm/org/apache/storm/utils/ZookeeperServerCnxnFactoryTest.java
----------------------------------------------------------------------
diff --git a/storm-core/test/jvm/org/apache/storm/utils/ZookeeperServerCnxnFactoryTest.java b/storm-core/test/jvm/org/apache/storm/utils/ZookeeperServerCnxnFactoryTest.java
new file mode 100644
index 0000000..189e2b9
--- /dev/null
+++ b/storm-core/test/jvm/org/apache/storm/utils/ZookeeperServerCnxnFactoryTest.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.storm.utils;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class ZookeeperServerCnxnFactoryTest {
+
+ @Test(expected = RuntimeException.class)
+ public void test_Exception_In_Constructor_If_Port_Too_Large() {
+ new ZookeeperServerCnxnFactory(65536, 42);
+ }
+
+ @Test
+ public void testFactory() {
+ int arbitraryTestClients = 42;
+ ZookeeperServerCnxnFactory zkcfNegative = new ZookeeperServerCnxnFactory(-42, arbitraryTestClients);
+ int nextPort = zkcfNegative.port() + 1;
+ ZookeeperServerCnxnFactory zkcfNext = new ZookeeperServerCnxnFactory(nextPort, arbitraryTestClients);
+ Assert.assertEquals(zkcfNext.factory().getMaxClientCnxnsPerHost(), arbitraryTestClients);
+
+ }
+}
[3/3] storm git commit: add STORM-1234, STORM-1240, STORM-1251,
STORM-1256 to CHANGELOG
Posted by ka...@apache.org.
add STORM-1234, STORM-1240, STORM-1251, STORM-1256 to CHANGELOG
Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/da5c3acd
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/da5c3acd
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/da5c3acd
Branch: refs/heads/master
Commit: da5c3acd7e5123876566db6ddf2d8de2b4a3506e
Parents: 52ff5c9
Author: Jungtaek Lim <ka...@gmail.com>
Authored: Tue Aug 16 23:07:27 2016 +0900
Committer: Jungtaek Lim <ka...@gmail.com>
Committed: Tue Aug 16 23:07:27 2016 +0900
----------------------------------------------------------------------
CHANGELOG.md | 4 ++++
1 file changed, 4 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/storm/blob/da5c3acd/CHANGELOG.md
----------------------------------------------------------------------
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3714c68..c6cfa37 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,8 @@
## 2.0.0
+ * STORM-1256: port backtype.storm.utils.ZookeeperServerCnxnFactory-test to java
+ * STORM-1251: port backtype.storm.serialization.SerializationFactory-test to java
+ * STORM-1240: port backtype.storm.security.auth.authorizer.DRPCSimpleACLAuthorizer-test to java
+ * STORM-1234: port backtype.storm.security.auth.DefaultHttpCredentialsPlugin-test to java
* STORM-2037: debug operation should be whitelisted in SimpleAclAuthorizer.
* STORM-2036: Fix minor bug in RAS Tests
* STORM-2026: Inconsistency between (SpoutExecutor, BoltExecutor) and (spout-transfer-fn, bolt-transfer-fn) * STORM-1979: Storm Druid Connector implementation.
[2/3] storm git commit: Merge branch 'clj-test' of
https://github.com/abhishekagarwal87/storm into STORM-1234-1240-1251-1256
Posted by ka...@apache.org.
Merge branch 'clj-test' of https://github.com/abhishekagarwal87/storm into STORM-1234-1240-1251-1256
Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/52ff5c9f
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/52ff5c9f
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/52ff5c9f
Branch: refs/heads/master
Commit: 52ff5c9fdef41d7d440c0893e0228c859ffcd36f
Parents: a1a952a 45bf3ef
Author: Jungtaek Lim <ka...@gmail.com>
Authored: Tue Aug 16 22:44:26 2016 +0900
Committer: Jungtaek Lim <ka...@gmail.com>
Committed: Tue Aug 16 22:44:26 2016 +0900
----------------------------------------------------------------------
.../auth/DefaultHttpCredentialsPlugin_test.clj | 75 ------
.../authorizer/DRPCSimpleACLAuthorizer_test.clj | 241 -------------------
.../serialization/SerializationFactory_test.clj | 54 -----
.../utils/ZookeeperServerCnxnFactory_test.clj | 35 ---
.../auth/DefaultHttpCredentialsPluginTest.java | 90 +++++++
.../authorizer/DRPCSimpleACLAuthorizerTest.java | 163 +++++++++++++
.../serialization/SerializationFactoryTest.java | 61 +++++
.../utils/ZookeeperServerCnxnFactoryTest.java | 39 +++
8 files changed, 353 insertions(+), 405 deletions(-)
----------------------------------------------------------------------