You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/03/31 16:19:28 UTC

[GitHub] [pulsar] sursingh commented on a change in pull request #13339: [Issue 10816][Proxy] Refresh client auth token

sursingh commented on a change in pull request #13339:
URL: https://github.com/apache/pulsar/pull/13339#discussion_r839797205



##########
File path: pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithJwtAuthorizationTest.java
##########
@@ -363,6 +374,72 @@ public void testProxyAuthorizationWithPrefixSubscriptionAuthMode() throws Except
         log.info("-- Exiting {} test --", methodName);
     }
 
+    @Test
+    void testRefreshClientToken() throws Exception {
+        log.info("-- Starting {} test --", methodName);
+
+        startProxy();
+        createAdminClient();
+
+        @SuppressWarnings("unchecked")
+        Supplier<String> tokenSupplier = Mockito.mock(Supplier.class);
+        when(tokenSupplier.get()).thenAnswer(answer -> createClientJwtToken(Duration.ofSeconds(1)));
+
+        PulsarClient proxyClient = PulsarClient.builder()
+                .serviceUrl(proxyService.getServiceUrl()).statsInterval(0, TimeUnit.SECONDS)
+                .authentication(AuthenticationFactory.token(tokenSupplier))
+                .operationTimeout(1000, TimeUnit.MILLISECONDS)
+                .build();
+
+        String namespaceName = "my-property/proxy-authorization/my-ns";
+        admin.clusters().createCluster("proxy-authorization", ClusterData.builder().serviceUrl(brokerUrl.toString()).build());
+        admin.tenants().createTenant("my-property",
+                new TenantInfoImpl(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet("proxy-authorization")));
+        admin.namespaces().createNamespace(namespaceName);
+
+        admin.namespaces().grantPermissionOnNamespace(namespaceName, CLIENT_ROLE,
+                Sets.newHashSet(AuthAction.consume, AuthAction.produce));
+        log.info("-- Admin permissions {} ---", admin.namespaces().getPermissions(namespaceName));
+
+        Producer<byte[]> producer = proxyClient.newProducer(Schema.BYTES)
+                .topic("persistent://my-property/proxy-authorization/my-ns/my-topic1").create();
+
+        final int msgs = 10;
+        for (int i = 0; i < msgs; i++) {
+            String message = "my-message-" + i;
+            producer.send(message.getBytes());
+        }
+
+        //noinspection unchecked
+        clearInvocations(tokenSupplier);
+        Thread.sleep(3000);
+        verify(tokenSupplier, atLeastOnce()).get();

Review comment:
       I don't think this test is correct. It is passing for us, even without the associated fix.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org