You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by am...@apache.org on 2022/04/21 16:57:50 UTC

[knox] branch master updated: KNOX-2735 Add support for group info inclusion in tokens to the KnoxShell client (#561)

This is an automated email from the ASF dual-hosted git repository.

amagyar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git


The following commit(s) were added to refs/heads/master by this push:
     new c16d59799 KNOX-2735 Add support for group info inclusion in tokens to the KnoxShell client (#561)
c16d59799 is described below

commit c16d597996990ba3afe443c2aebea54cd925a1c9
Author: Attila Magyar <m....@gmail.com>
AuthorDate: Thu Apr 21 18:57:45 2022 +0200

    KNOX-2735 Add support for group info inclusion in tokens to the KnoxShell client (#561)
---
 .../apache/knox/gateway/shell/knox/token/Get.java  | 10 ++++++-
 .../knox/gateway/shell/knox/token/Token.java       | 18 +++++++++--
 .../knox/gateway/shell/knox/token/TokenTest.java   | 35 +++++++++++++---------
 3 files changed, 46 insertions(+), 17 deletions(-)

diff --git a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/knox/token/Get.java b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/knox/token/Get.java
index ef996e6ab..31968b49a 100644
--- a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/knox/token/Get.java
+++ b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/knox/token/Get.java
@@ -20,8 +20,11 @@ package org.apache.knox.gateway.shell.knox.token;
 import java.io.IOException;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.util.Collections;
+import java.util.List;
 import java.util.concurrent.Callable;
 
+import org.apache.http.NameValuePair;
 import org.apache.knox.gateway.shell.AbstractRequest;
 import org.apache.knox.gateway.shell.BasicResponse;
 import org.apache.knox.gateway.shell.KnoxSession;
@@ -37,13 +40,18 @@ import org.apache.knox.gateway.shell.KnoxShellException;
 public class Get {
   public static class Request extends AbstractRequest<Response> {
     Request(KnoxSession session) {
-      this(session, null);
+      this(session, null, Collections.emptyList());
     }
 
     Request(KnoxSession session, String doAsUser) {
+      this(session, doAsUser, Collections.emptyList());
+    }
+
+    Request(KnoxSession session, String doAsUser, List<NameValuePair> queryParameters) {
       super(session, doAsUser);
       try {
         URIBuilder uri = uri(Token.SERVICE_PATH);
+        uri.addParameters(queryParameters);
         requestURI = uri.build();
       } catch (URISyntaxException e) {
         throw new KnoxShellException(e);
diff --git a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/knox/token/Token.java b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/knox/token/Token.java
index 0fccfc8e1..5912caf15 100644
--- a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/knox/token/Token.java
+++ b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/knox/token/Token.java
@@ -17,10 +17,16 @@
  */
 package org.apache.knox.gateway.shell.knox.token;
 
+import org.apache.http.NameValuePair;
+import org.apache.http.message.BasicNameValuePair;
 import org.apache.knox.gateway.shell.KnoxSession;
 
-public class Token {
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
 
+public class Token {
+  private static final String KNOX_TOKEN_INCLUDE_GROUPS = "knox.token.include.groups";
   static String SERVICE_PATH = "/knoxtoken/api/v1/token";
 
   public static Get.Request get(final KnoxSession session) {
@@ -28,7 +34,15 @@ public class Token {
   }
 
   public static Get.Request get(final KnoxSession session, final String doAsUser) {
-    return new Get.Request(session, doAsUser);
+    return new Get.Request(session, doAsUser, Collections.emptyList());
+  }
+
+  public static Get.Request get(final KnoxSession session, final String doAsUser, boolean includeGroupsInToken) {
+    List<NameValuePair> queryParamss = new ArrayList<>();
+    if (includeGroupsInToken) {
+      queryParamss.add(new BasicNameValuePair(KNOX_TOKEN_INCLUDE_GROUPS, "true"));
+    }
+    return new Get.Request(session, doAsUser, queryParamss);
   }
 
   public static Renew.Request renew(final KnoxSession session, final String token) {
diff --git a/gateway-shell/src/test/java/org/apache/knox/gateway/shell/knox/token/TokenTest.java b/gateway-shell/src/test/java/org/apache/knox/gateway/shell/knox/token/TokenTest.java
index b3474722c..f653adc38 100644
--- a/gateway-shell/src/test/java/org/apache/knox/gateway/shell/knox/token/TokenTest.java
+++ b/gateway-shell/src/test/java/org/apache/knox/gateway/shell/knox/token/TokenTest.java
@@ -26,6 +26,7 @@ import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
 
 import org.apache.commons.lang3.StringUtils;
 import org.apache.http.HttpEntity;
@@ -42,24 +43,28 @@ public class TokenTest {
 
   @Test
   public void testTokenWithNoDoAs() {
-    testToken(false, null);
+    testToken(false, null, false);
   }
 
   @Test
   public void testTokenWithNullDoAs() {
-    testToken(true, null);
+    testToken(true, null, false);
   }
 
   @Test
   public void testTokenWithEmptyDoAs() {
-    testToken(true, "");
+    testToken(true, "", false);
   }
 
   @Test
   public void testTokenWithDoAs() {
-    testToken(true, "userA");
+    testToken(true, "userA", false);
   }
 
+  @Test
+  public void testTokenWithDoAsAndIncludeGroups() {
+    testToken(true, "userA", true);
+  }
 
   @Test
   public void testTokenRenewalWithNoDoAs() throws Exception {
@@ -101,15 +106,19 @@ public class TokenTest {
     testRevokeToken(true, "userA");
   }
 
-
-  private void testToken(boolean setDoAsUser, String doAsUser) {
+  private void testToken(boolean setDoAsUser, String doAsUser, boolean includeGroupsInToken) {
     KnoxSession knoxSession = createMock(KnoxSession.class);
     expect(knoxSession.base()).andReturn("http://localhost/base").atLeastOnce();
     replay(knoxSession);
 
-    Get.Request request = (setDoAsUser)
-        ? Token.get(knoxSession, doAsUser)
-        : Token.get(knoxSession);
+    Get.Request request;
+    if (!includeGroupsInToken) {
+      request = (setDoAsUser)
+              ? Token.get(knoxSession, doAsUser)
+              : Token.get(knoxSession);
+    } else {
+      request = Token.get(knoxSession, setDoAsUser ? doAsUser : null, true);
+    }
 
     if (setDoAsUser) {
       assertEquals(doAsUser, request.getDoAsUser());
@@ -117,11 +126,9 @@ public class TokenTest {
       assertNull(request.getDoAsUser());
     }
 
-    if (setDoAsUser && StringUtils.isNotEmpty(doAsUser)) {
-      assertEquals("http://localhost/base/knoxtoken/api/v1/token?doAs=" + doAsUser, request.getRequestURI().toString());
-    } else {
-      assertEquals("http://localhost/base/knoxtoken/api/v1/token", request.getRequestURI().toString());
-    }
+    assertTrue(request.getRequestURI().toString().startsWith("http://localhost/base/knoxtoken/api/v1/token"));
+    assertEquals(setDoAsUser && StringUtils.isNotEmpty(doAsUser), request.getRequestURI().toString().contains("doAs=" + doAsUser));
+    assertEquals(includeGroupsInToken, request.getRequestURI().toString().contains("knox.token.include.groups=true"));
 
     assertSame(knoxSession, request.getSession());