knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kmin...@apache.org
Subject git commit: KNOX-349: Knox API for Topology Management. Adds default admin topology to install and negative tests.
Date Wed, 23 Jul 2014 23:01:30 GMT
Repository: knox
Updated Branches:
  refs/heads/master 5169480b3 -> 1a67f33db


KNOX-349: Knox API for Topology Management. Adds default admin topology to install and negative
tests.


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/1a67f33d
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/1a67f33d
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/1a67f33d

Branch: refs/heads/master
Commit: 1a67f33dbe3ce5ae609307c6808fd4ef769be0be
Parents: 5169480
Author: Kevin Minder <kevin.minder@hortonworks.com>
Authored: Wed Jul 23 19:01:12 2014 -0400
Committer: Kevin Minder <kevin.minder@hortonworks.com>
Committed: Wed Jul 23 19:01:12 2014 -0400

----------------------------------------------------------------------
 gateway-release/home/conf/topologies/admin.xml  | 102 +++++++++++++++++++
 gateway-release/home/conf/users.ldif            |  12 ++-
 .../gateway/GatewayAdminTopologyFuncTest.java   |  70 +++++++++++--
 .../GatewayAdminTopologyFuncTest/users.ldif     |  12 ++-
 4 files changed, 184 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/1a67f33d/gateway-release/home/conf/topologies/admin.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/conf/topologies/admin.xml b/gateway-release/home/conf/topologies/admin.xml
new file mode 100644
index 0000000..b024c42
--- /dev/null
+++ b/gateway-release/home/conf/topologies/admin.xml
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<topology>
+
+    <gateway>
+
+        <provider>
+            <role>authentication</role>
+            <name>ShiroProvider</name>
+            <enabled>true</enabled>
+            <param>
+                <!-- 
+                session timeout in minutes,  this is really idle timeout,
+                defaults to 30mins, if the property value is not defined,, 
+                current client authentication would expire if client idles contiuosly for
more than this value
+                -->
+                <name>sessionTimeout</name>
+                <value>30</value>
+            </param>
+            <param>
+                <name>main.ldapRealm</name>
+                <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+            </param>
+            <param>
+                <name>main.ldapRealm.userDnTemplate</name>
+                <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>
+            </param>
+            <param>
+                <name>main.ldapRealm.contextFactory.url</name>
+                <value>ldap://localhost:33389</value>
+            </param>
+            <param>
+                <name>main.ldapRealm.contextFactory.authenticationMechanism</name>
+                <value>simple</value>
+            </param>
+            <param>
+                <name>urls./**</name>
+                <value>authcBasic</value>
+            </param>
+        </provider>
+
+        <provider>
+            <role>authorization</role>
+            <name>AclsAuthz</name>
+            <enabled>true</enabled>
+            <param>
+                <name>knox.acl</name>
+                <value>admin;*;*</value>
+            </param>
+        </provider>
+
+        <provider>
+            <role>identity-assertion</role>
+            <name>Pseudo</name>
+            <enabled>true</enabled>
+        </provider>
+
+        <!--
+        Defines rules for mapping host names internal to a Hadoop cluster to externally accessible
host names.
+        For example, a hadoop service running in AWS may return a response that includes
URLs containing the
+        some AWS internal host name.  If the client needs to make a subsequent request to
the host identified
+        in those URLs they need to be mapped to external host names that the client Knox
can use to connect.
+
+        If the external hostname and internal host names are same turn of this provider by
setting the value of
+        enabled parameter as false.
+
+        The name parameter specifies the external host names in a comma separated list.
+        The value parameter specifies corresponding internal host names in a comma separated
list.
+
+        Note that when you are using Sandbox, the external hostname needs to be localhost,
as seen in out
+        of box sandbox.xml.  This is because Sandbox uses port mapping to allow clients to
connect to the
+        Hadoop services using localhost.  In real clusters, external host names would almost
never be localhost.
+        -->
+        <provider>
+            <role>hostmap</role>
+            <name>static</name>
+            <enabled>true</enabled>
+            <param><name>localhost</name><value>sandbox,sandbox.hortonworks.com</value></param>
+        </provider>
+
+    </gateway>
+
+    <service>
+        <role>KNOX</role>
+    </service>
+
+</topology>

http://git-wip-us.apache.org/repos/asf/knox/blob/1a67f33d/gateway-release/home/conf/users.ldif
----------------------------------------------------------------------
diff --git a/gateway-release/home/conf/users.ldif b/gateway-release/home/conf/users.ldif
index e23503a..f5afe6d 100644
--- a/gateway-release/home/conf/users.ldif
+++ b/gateway-release/home/conf/users.ldif
@@ -40,4 +40,14 @@ objectclass:inetOrgPerson
 cn: Guest
 sn: User
 uid: guest
-userPassword:guest-password
\ No newline at end of file
+userPassword:guest-password
+
+dn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
+objectclass:top
+objectclass:person
+objectclass:organizationalPerson
+objectclass:inetOrgPerson
+cn: Admin
+sn: Admin
+uid: admin
+userPassword:admin-password
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/1a67f33d/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest.java
----------------------------------------------------------------------
diff --git a/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest.java
b/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest.java
index 7d1b723..613700e 100644
--- a/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest.java
+++ b/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest.java
@@ -17,6 +17,7 @@
  */
 package org.apache.hadoop.gateway;
 
+import com.jayway.restassured.http.ContentType;
 import com.jayway.restassured.response.ResponseBody;
 import com.mycila.xmltool.XMLDoc;
 import com.mycila.xmltool.XMLTag;
@@ -27,8 +28,6 @@ import org.apache.hadoop.gateway.services.DefaultGatewayServices;
 import org.apache.hadoop.gateway.services.ServiceLifecycleException;
 import org.apache.http.HttpStatus;
 import org.apache.log4j.Appender;
-import org.eclipse.jetty.util.ajax.JSON;
-import org.glassfish.jersey.server.JSONP;
 import org.hamcrest.MatcherAssert;
 import org.hamcrest.Matchers;
 import org.junit.AfterClass;
@@ -51,8 +50,6 @@ import java.util.UUID;
 
 import static com.jayway.restassured.RestAssured.*;
 import static org.hamcrest.CoreMatchers.*;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertThat;
 
 public class GatewayAdminTopologyFuncTest {
@@ -209,7 +206,14 @@ public class GatewayAdminTopologyFuncTest {
         .addTag( "param" )
         .addTag( "name" ).addText( "urls./**" )
         .addTag( "value" ).addText( "authcBasic" ).gotoParent().gotoParent()
-        .addTag( "provider" )
+        .addTag("provider")
+        .addTag( "role" ).addText( "authorization" )
+        .addTag( "name" ).addText( "AclsAuthz" )
+        .addTag( "enabled" ).addText( "true" )
+        .addTag("param")
+        .addTag("name").addText("knox.acl")
+        .addTag("value").addText("admin;*;*").gotoParent().gotoParent()
+        .addTag("provider")
         .addTag( "role" ).addText( "identity-assertion" )
         .addTag( "enabled" ).addText( "true" )
         .addTag( "name" ).addText( "Pseudo" ).gotoParent()
@@ -256,11 +260,11 @@ public class GatewayAdminTopologyFuncTest {
   @Test
   public void testTopologyCollection() throws ClassNotFoundException {
 
-    String username = "guest";
-    String password = "guest-password";
+    String username = "admin";
+    String password = "admin-password";
     String serviceUrl =  clusterUrl + "/api/v1/topologies";
     String href = given()
-        .log().all()
+        //.log().all()
         .auth().preemptive().basic(username, password)
         .expect()
         //.log().all()
@@ -289,8 +293,8 @@ public class GatewayAdminTopologyFuncTest {
   @Test
   public void testTopologyObject() throws ClassNotFoundException {
 
-    String username = "guest";
-    String password = "guest-password";
+    String username = "admin";
+    String password = "admin-password";
     String serviceUrl =  clusterUrl + "/api/v1/topologies";
     String href = given()
         //.log().all()
@@ -326,4 +330,50 @@ public class GatewayAdminTopologyFuncTest {
 
   }
 
+  @Test
+  public void testPositiveAuthorization() throws ClassNotFoundException{
+
+
+    String adminUser = "admin";
+    String adminPass = "admin-password";
+    String url =  clusterUrl + "/api/v1/topologies";
+
+    given()
+        //.log().all()
+        .auth().preemptive().basic(adminUser, adminPass)
+        .expect()
+        //.log().all()
+        .statusCode(HttpStatus.SC_OK)
+        .contentType(ContentType.JSON)
+        .body("name[0]", not(nullValue()))
+        .body("name[1]", not(nullValue()))
+        .body("uri[0]", not(nullValue()))
+        .body("uri[1]", not(nullValue()))
+        .body("href[0]", not(nullValue()))
+        .body("href[1]", not(nullValue()))
+        .body("timestamp[0]", not(nullValue()))
+        .body("timestamp[1]", not(nullValue()))
+        .get(url);
+
+  }
+
+  @Test
+  public void testNegativeAuthorization() throws ClassNotFoundException{
+
+    String guestUser = "guest";
+    String guestPass = "guest-password";
+    String url =  clusterUrl + "/api/v1/topologies";
+
+    given()
+        //.log().all()
+        .auth().basic(guestUser, guestPass)
+        .expect()
+        //.log().all()
+        .statusCode(HttpStatus.SC_FORBIDDEN)
+        .get(url);
+
+
+
+  }
+
 }

http://git-wip-us.apache.org/repos/asf/knox/blob/1a67f33d/gateway-test/src/test/resources/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest/users.ldif
----------------------------------------------------------------------
diff --git a/gateway-test/src/test/resources/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest/users.ldif
b/gateway-test/src/test/resources/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest/users.ldif
index b982cb3..c7bff35 100644
--- a/gateway-test/src/test/resources/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest/users.ldif
+++ b/gateway-test/src/test/resources/org/apache/hadoop/gateway/GatewayAdminTopologyFuncTest/users.ldif
@@ -39,4 +39,14 @@ objectclass:inetOrgPerson
 cn: Guest
 sn: User
 uid: guest
-userPassword:guest-password
\ No newline at end of file
+userPassword:guest-password
+
+dn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
+objectclass:top
+objectclass:person
+objectclass:organizationalPerson
+objectclass:inetOrgPerson
+cn: Admin
+sn: Admin
+uid: admin
+userPassword:admin-password
\ No newline at end of file


Mime
View raw message