You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by am...@apache.org on 2022/04/21 16:57:50 UTC
[knox] branch master updated: KNOX-2735 Add support for group info inclusion in tokens to the KnoxShell client (#561)
This is an automated email from the ASF dual-hosted git repository.
amagyar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new c16d59799 KNOX-2735 Add support for group info inclusion in tokens to the KnoxShell client (#561)
c16d59799 is described below
commit c16d597996990ba3afe443c2aebea54cd925a1c9
Author: Attila Magyar <m....@gmail.com>
AuthorDate: Thu Apr 21 18:57:45 2022 +0200
KNOX-2735 Add support for group info inclusion in tokens to the KnoxShell client (#561)
---
.../apache/knox/gateway/shell/knox/token/Get.java | 10 ++++++-
.../knox/gateway/shell/knox/token/Token.java | 18 +++++++++--
.../knox/gateway/shell/knox/token/TokenTest.java | 35 +++++++++++++---------
3 files changed, 46 insertions(+), 17 deletions(-)
diff --git a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/knox/token/Get.java b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/knox/token/Get.java
index ef996e6ab..31968b49a 100644
--- a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/knox/token/Get.java
+++ b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/knox/token/Get.java
@@ -20,8 +20,11 @@ package org.apache.knox.gateway.shell.knox.token;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
+import java.util.Collections;
+import java.util.List;
import java.util.concurrent.Callable;
+import org.apache.http.NameValuePair;
import org.apache.knox.gateway.shell.AbstractRequest;
import org.apache.knox.gateway.shell.BasicResponse;
import org.apache.knox.gateway.shell.KnoxSession;
@@ -37,13 +40,18 @@ import org.apache.knox.gateway.shell.KnoxShellException;
public class Get {
public static class Request extends AbstractRequest<Response> {
Request(KnoxSession session) {
- this(session, null);
+ this(session, null, Collections.emptyList());
}
Request(KnoxSession session, String doAsUser) {
+ this(session, doAsUser, Collections.emptyList());
+ }
+
+ Request(KnoxSession session, String doAsUser, List<NameValuePair> queryParameters) {
super(session, doAsUser);
try {
URIBuilder uri = uri(Token.SERVICE_PATH);
+ uri.addParameters(queryParameters);
requestURI = uri.build();
} catch (URISyntaxException e) {
throw new KnoxShellException(e);
diff --git a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/knox/token/Token.java b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/knox/token/Token.java
index 0fccfc8e1..5912caf15 100644
--- a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/knox/token/Token.java
+++ b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/knox/token/Token.java
@@ -17,10 +17,16 @@
*/
package org.apache.knox.gateway.shell.knox.token;
+import org.apache.http.NameValuePair;
+import org.apache.http.message.BasicNameValuePair;
import org.apache.knox.gateway.shell.KnoxSession;
-public class Token {
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+public class Token {
+ private static final String KNOX_TOKEN_INCLUDE_GROUPS = "knox.token.include.groups";
static String SERVICE_PATH = "/knoxtoken/api/v1/token";
public static Get.Request get(final KnoxSession session) {
@@ -28,7 +34,15 @@ public class Token {
}
public static Get.Request get(final KnoxSession session, final String doAsUser) {
- return new Get.Request(session, doAsUser);
+ return new Get.Request(session, doAsUser, Collections.emptyList());
+ }
+
+ public static Get.Request get(final KnoxSession session, final String doAsUser, boolean includeGroupsInToken) {
+ List<NameValuePair> queryParamss = new ArrayList<>();
+ if (includeGroupsInToken) {
+ queryParamss.add(new BasicNameValuePair(KNOX_TOKEN_INCLUDE_GROUPS, "true"));
+ }
+ return new Get.Request(session, doAsUser, queryParamss);
}
public static Renew.Request renew(final KnoxSession session, final String token) {
diff --git a/gateway-shell/src/test/java/org/apache/knox/gateway/shell/knox/token/TokenTest.java b/gateway-shell/src/test/java/org/apache/knox/gateway/shell/knox/token/TokenTest.java
index b3474722c..f653adc38 100644
--- a/gateway-shell/src/test/java/org/apache/knox/gateway/shell/knox/token/TokenTest.java
+++ b/gateway-shell/src/test/java/org/apache/knox/gateway/shell/knox/token/TokenTest.java
@@ -26,6 +26,7 @@ import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpEntity;
@@ -42,24 +43,28 @@ public class TokenTest {
@Test
public void testTokenWithNoDoAs() {
- testToken(false, null);
+ testToken(false, null, false);
}
@Test
public void testTokenWithNullDoAs() {
- testToken(true, null);
+ testToken(true, null, false);
}
@Test
public void testTokenWithEmptyDoAs() {
- testToken(true, "");
+ testToken(true, "", false);
}
@Test
public void testTokenWithDoAs() {
- testToken(true, "userA");
+ testToken(true, "userA", false);
}
+ @Test
+ public void testTokenWithDoAsAndIncludeGroups() {
+ testToken(true, "userA", true);
+ }
@Test
public void testTokenRenewalWithNoDoAs() throws Exception {
@@ -101,15 +106,19 @@ public class TokenTest {
testRevokeToken(true, "userA");
}
-
- private void testToken(boolean setDoAsUser, String doAsUser) {
+ private void testToken(boolean setDoAsUser, String doAsUser, boolean includeGroupsInToken) {
KnoxSession knoxSession = createMock(KnoxSession.class);
expect(knoxSession.base()).andReturn("http://localhost/base").atLeastOnce();
replay(knoxSession);
- Get.Request request = (setDoAsUser)
- ? Token.get(knoxSession, doAsUser)
- : Token.get(knoxSession);
+ Get.Request request;
+ if (!includeGroupsInToken) {
+ request = (setDoAsUser)
+ ? Token.get(knoxSession, doAsUser)
+ : Token.get(knoxSession);
+ } else {
+ request = Token.get(knoxSession, setDoAsUser ? doAsUser : null, true);
+ }
if (setDoAsUser) {
assertEquals(doAsUser, request.getDoAsUser());
@@ -117,11 +126,9 @@ public class TokenTest {
assertNull(request.getDoAsUser());
}
- if (setDoAsUser && StringUtils.isNotEmpty(doAsUser)) {
- assertEquals("http://localhost/base/knoxtoken/api/v1/token?doAs=" + doAsUser, request.getRequestURI().toString());
- } else {
- assertEquals("http://localhost/base/knoxtoken/api/v1/token", request.getRequestURI().toString());
- }
+ assertTrue(request.getRequestURI().toString().startsWith("http://localhost/base/knoxtoken/api/v1/token"));
+ assertEquals(setDoAsUser && StringUtils.isNotEmpty(doAsUser), request.getRequestURI().toString().contains("doAs=" + doAsUser));
+ assertEquals(includeGroupsInToken, request.getRequestURI().toString().contains("knox.token.include.groups=true"));
assertSame(knoxSession, request.getSession());