Java Code Examples for org.apache.pulsar.broker.ServiceConfiguration#setSuperUserRoles()

The following examples show how to use org.apache.pulsar.broker.ServiceConfiguration#setSuperUserRoles() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: BrokerAdminClientTlsAuthTest.java    From pulsar with Apache License 2.0 6 votes vote down vote up
private void buildConf(ServiceConfiguration conf) {
    conf.setLoadBalancerEnabled(true);
    conf.setTlsCertificateFilePath(getTLSFile("broker.cert"));
    conf.setTlsKeyFilePath(getTLSFile("broker.key-pk8"));
    conf.setTlsTrustCertsFilePath(getTLSFile("ca.cert"));
    conf.setAuthenticationEnabled(true);
    conf.setSuperUserRoles(ImmutableSet.of("superproxy", "broker.pulsar.apache.org"));
    conf.setAuthenticationProviders(
            ImmutableSet.of("org.apache.pulsar.broker.authentication.AuthenticationProviderTls"));
    conf.setAuthorizationEnabled(true);
    conf.setBrokerClientTlsEnabled(true);
    String str = String.format("tlsCertFile:%s,tlsKeyFile:%s", getTLSFile("broker.cert"), getTLSFile("broker.key-pk8"));
    conf.setBrokerClientAuthenticationParameters(str);
    conf.setBrokerClientAuthenticationPlugin("org.apache.pulsar.client.impl.auth.AuthenticationTls");
    conf.setBrokerClientTrustCertsFilePath(getTLSFile("ca.cert"));
    conf.setTlsAllowInsecureConnection(true);
}
 
Example 2
Source File: PulsarClientTest.java    From java-specialagent with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void beforeClass() throws Exception {
  if (!isJdkSupported)
    return;

  bkEnsemble = new LocalBookkeeperEnsemble(3, ZOOKEEPER_PORT, TestUtil::nextFreePort);
  bkEnsemble.start();

  final int brokerWebServicePort = TestUtil.nextFreePort();
  final int brokerServicePort = TestUtil.nextFreePort();

  final ServiceConfiguration config = new ServiceConfiguration();
  config.setClusterName(CLUSTER_NAME);
  final Set<String> superUsers = Sets.newHashSet("superUser");
  config.setSuperUserRoles(superUsers);
  config.setWebServicePort(brokerWebServicePort);
  config.setZookeeperServers("127.0.0.1" + ":" + ZOOKEEPER_PORT);
  config.setBrokerServicePort(brokerServicePort);
  config.setLoadManagerClassName(SimpleLoadManagerImpl.class.getName());
  config.setTlsAllowInsecureConnection(true);
  config.setAdvertisedAddress("localhost");

  pulsarService = new PulsarService(config);
  pulsarService.start();

  try (final PulsarAdmin admin = pulsarService.getAdminClient()) {
    final ClusterData clusterData = new ClusterData(pulsarService.getBrokerServiceUrl());
    admin.clusters().createCluster(CLUSTER_NAME, clusterData);

    final TenantInfo propAdmin = new TenantInfo();
    propAdmin.getAdminRoles().add("superUser");
    propAdmin.setAllowedClusters(Sets.newHashSet(Lists.newArrayList(CLUSTER_NAME)));

    admin.tenants().createTenant("public", propAdmin);
    admin.namespaces().createNamespace("public/default", Sets.newHashSet(CLUSTER_NAME));
  }
}
 
Example 3
Source File: PulsarFunctionsITest.java    From java-specialagent with Apache License 2.0 4 votes vote down vote up
static void start() throws Exception {
  // Start local bookkeeper ensemble
  final LocalBookkeeperEnsemble bkEnsemble = new LocalBookkeeperEnsemble(3, ZOOKEEPER_PORT,TestUtil::nextFreePort);
  bkEnsemble.start();

  final String brokerServiceUrl = "http://127.0.0.1:" + brokerWebServicePort;

  final ServiceConfiguration config = spy(new ServiceConfiguration());
  config.setClusterName(CLUSTER_NAME);
  final Set<String> superUsers = Sets.newHashSet("superUser");
  config.setSuperUserRoles(superUsers);
  config.setWebServicePort(Optional.of(brokerWebServicePort));
  config.setZookeeperServers("127.0.0.1" + ":" + ZOOKEEPER_PORT);
  config.setBrokerServicePort(Optional.of(brokerServicePort));
  config.setLoadManagerClassName(SimpleLoadManagerImpl.class.getName());
  config.setTlsAllowInsecureConnection(true);
  config.setAdvertisedAddress("localhost");

  config.setAuthenticationEnabled(false);
  config.setAuthorizationEnabled(false);

  config.setBrokerClientTlsEnabled(false);
  config.setAllowAutoTopicCreationType("non-partitioned");

  final WorkerService functionsWorkerService = createPulsarFunctionWorker(config);
  final URL urlTls = new URL(brokerServiceUrl);
  final Optional<WorkerService> functionWorkerService = Optional.of(functionsWorkerService);
  try (final PulsarService pulsar = new PulsarService(config, functionWorkerService)) {
    pulsar.start();
    try (final PulsarAdmin admin = PulsarAdmin.builder().serviceHttpUrl(brokerServiceUrl).allowTlsInsecureConnection(true).build()) {
      // update cluster metadata
      final ClusterData clusterData = new ClusterData(urlTls.toString());
      admin.clusters().updateCluster(config.getClusterName(), clusterData);

      final TenantInfo propAdmin = new TenantInfo();
      propAdmin.getAdminRoles().add("superUser");
      propAdmin.setAllowedClusters(Sets.newHashSet(CLUSTER_NAME));
      admin.tenants().updateTenant(tenant, propAdmin);

      final String jarFilePathUrl = Utils.FILE + ":" + ExclamationFunction.class.getProtectionDomain().getCodeSource().getLocation().getPath();

      final ClientBuilder clientBuilder = PulsarClient.builder().serviceUrl(workerConfig.getPulsarServiceUrl());
      try (final PulsarClient pulsarClient = clientBuilder.build()) {
        testE2EPulsarFunction(jarFilePathUrl, admin, pulsarClient);
      }
    }
  }
}
 
Example 4
Source File: PulsarFunctionsITest.java    From java-specialagent with Apache License 2.0 4 votes vote down vote up
static void start() throws Exception {
  // Start local bookkeeper ensemble
  final LocalBookkeeperEnsemble bkEnsemble = new LocalBookkeeperEnsemble(3, ZOOKEEPER_PORT, TestUtil::nextFreePort);
  bkEnsemble.start();

  final String brokerServiceUrl = "http://127.0.0.1:" + brokerWebServicePort;

  final ServiceConfiguration config = new ServiceConfiguration();
  config.setClusterName(CLUSTER_NAME);
  final Set<String> superUsers = Sets.newHashSet("superUser");
  config.setSuperUserRoles(superUsers);

  config.setZookeeperServers("127.0.0.1" + ":" + ZOOKEEPER_PORT);
  config.setLoadManagerClassName(SimpleLoadManagerImpl.class.getName());
  config.setWebServicePort(brokerWebServicePort);
  config.setBrokerServicePort(brokerServicePort);

  config.setAuthenticationEnabled(false);
  config.setTlsEnabled(false);
  config.setTlsAllowInsecureConnection(true);
  config.setAdvertisedAddress("localhost");

  final WorkerService functionsWorkerService = createPulsarFunctionWorker(config);
  final URL urlTls = new URL(brokerServiceUrl);
  final Optional<WorkerService> functionWorkerService = Optional.of(functionsWorkerService);
  try (final PulsarService pulsar = new PulsarService(config, functionWorkerService)) {
    pulsar.start();
    try (final PulsarAdmin admin = PulsarAdmin.builder().serviceHttpUrl(brokerServiceUrl).allowTlsInsecureConnection(true).build()) {
      // update cluster metadata
      final ClusterData clusterData = new ClusterData(urlTls.toString());
      admin.clusters().updateCluster(config.getClusterName(), clusterData);

      final ClientBuilder clientBuilder = PulsarClient.builder().serviceUrl(workerConfig.getPulsarServiceUrl());
      try (final PulsarClient pulsarClient = clientBuilder.build()) {
        final TenantInfo propAdmin = new TenantInfo();
        propAdmin.getAdminRoles().add("superUser");
        propAdmin.setAllowedClusters(Sets.newHashSet(CLUSTER_NAME));
        admin.tenants().updateTenant(tenant, propAdmin);

        testPulsarFunction(admin, pulsarClient);
      }
    }
  }
}
 
Example 5
Source File: WebSocketWebResourceTest.java    From pulsar with Apache License 2.0 4 votes vote down vote up
@BeforeMethod
public void setup(Method method) throws Exception {
    MockitoAnnotations.initMocks(this);

    ServiceConfiguration config = new ServiceConfiguration();
    config.setSuperUserRoles(Sets.newHashSet(SUPER_USER));
    if ("testAuthenticationDisabled".equals(method.getName())) {
        config.setAuthenticationEnabled(false);
        config.setAuthorizationEnabled(false);
    } else {
        config.setAuthenticationEnabled(true);
        config.setAuthorizationEnabled(true);
    }

    AuthenticationService authnService = mock(AuthenticationService.class);
    if ("testSuperUserAccess".equals(method.getName())) {
        when(authnService.authenticateHttpRequest(any(HttpServletRequest.class))).thenReturn(SUPER_USER);
    } else if ("testUnauthorizedUserAccess".equals(method.getName())) {
        when(authnService.authenticateHttpRequest(any(HttpServletRequest.class))).thenReturn(UNAUTHORIZED_USER);
    } else if ("testBlankUserAccess".equals(method.getName())) {
        when(authnService.authenticateHttpRequest(any(HttpServletRequest.class))).thenReturn("");
    } else if ("testUnauthenticatedUserAccess".equals(method.getName())) {
        when(authnService.authenticateHttpRequest(any(HttpServletRequest.class)))
                .thenThrow(new AuthenticationException());
    } else {
        when(authnService.authenticateHttpRequest(any(HttpServletRequest.class))).thenReturn(AUTHORIZED_USER);
    }

    AuthorizationService authzService = mock(AuthorizationService.class);
    when(authzService.canLookup(any(TopicName.class), eq(SUPER_USER), any(AuthenticationDataSource.class)))
            .thenReturn(true);
    when(authzService.canLookup(any(TopicName.class), eq(AUTHORIZED_USER), any(AuthenticationDataSource.class)))
            .thenReturn(true);
    when(authzService.canLookup(any(TopicName.class), eq(UNAUTHORIZED_USER), any(AuthenticationDataSource.class)))
            .thenReturn(false);
    when(authzService.canLookup(any(TopicName.class), eq(""), any(AuthenticationDataSource.class)))
            .thenReturn(false);

    WebSocketService socketService = mock(WebSocketService.class);
    when(socketService.getConfig()).thenReturn(config);
    when(socketService.isAuthorizationEnabled()).thenReturn(config.isAuthorizationEnabled());
    when(socketService.getAuthenticationService()).thenReturn(authnService);
    when(socketService.getAuthorizationService()).thenReturn(authzService);

    // Mock WebSocketWebResource
    doReturn(mock(AuthenticationDataHttps.class)).when(webResource).authData();

    // Mock ServletContext
    when(servletContext.getAttribute(anyString())).thenReturn(socketService);

    // Mock UriInfo
    when(uri.getRequestUri()).thenReturn(null);

    topicName = TopicName.get("persistent://tenant/cluster/ns/dest");
}
 
Example 6
Source File: WebServiceTest.java    From pulsar with Apache License 2.0 4 votes vote down vote up
private void setupEnv(boolean enableFilter, String minApiVersion, boolean allowUnversionedClients,
        boolean enableTls, boolean enableAuth, boolean allowInsecure) throws Exception {
    Set<String> providers = new HashSet<>();
    providers.add("org.apache.pulsar.broker.authentication.AuthenticationProviderTls");

    Set<String> roles = new HashSet<>();
    roles.add("client");

    ServiceConfiguration config = new ServiceConfiguration();
    config.setAdvertisedAddress("localhost");
    config.setBrokerServicePort(Optional.of(0));
    config.setWebServicePort(Optional.of(0));
    if (enableTls) {
        config.setWebServicePortTls(Optional.of(0));
    }
    config.setClientLibraryVersionCheckEnabled(enableFilter);
    config.setAuthenticationEnabled(enableAuth);
    config.setAuthenticationProviders(providers);
    config.setAuthorizationEnabled(false);
    config.setSuperUserRoles(roles);
    config.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
    config.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
    config.setTlsAllowInsecureConnection(allowInsecure);
    config.setTlsTrustCertsFilePath(allowInsecure ? "" : TLS_CLIENT_CERT_FILE_PATH);
    config.setClusterName("local");
    config.setAdvertisedAddress("localhost"); // TLS certificate expects localhost
    config.setZookeeperServers("localhost:2181");
    config.setHttpMaxRequestSize(10 * 1024);
    pulsar = spy(new PulsarService(config));
    doReturn(zkFactory).when(pulsar).getZooKeeperClientFactory();
    doReturn(new MockedBookKeeperClientFactory()).when(pulsar).newBookKeeperClientFactory();
    pulsar.start();

    try {
        pulsar.getZkClient().delete("/minApiVersion", -1);
    } catch (Exception ex) {
    }
    pulsar.getZkClient().create("/minApiVersion", minApiVersion.getBytes(), null, CreateMode.PERSISTENT);

    String BROKER_URL_BASE = "http://localhost:" + pulsar.getListenPortHTTP().get();
    String BROKER_URL_BASE_TLS = "https://localhost:" + pulsar.getListenPortHTTPS().orElse(-1);
    String serviceUrl = BROKER_URL_BASE;

    PulsarAdminBuilder adminBuilder = PulsarAdmin.builder();
    if (enableTls && enableAuth) {
        serviceUrl = BROKER_URL_BASE_TLS;

        Map<String, String> authParams = new HashMap<>();
        authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
        authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);

        adminBuilder.authentication(AuthenticationTls.class.getName(), authParams).allowTlsInsecureConnection(true);
    }

    BROKER_LOOKUP_URL = BROKER_URL_BASE
            + "/lookup/v2/destination/persistent/my-property/local/my-namespace/my-topic";
    BROKER_LOOKUP_URL_TLS = BROKER_URL_BASE_TLS
            + "/lookup/v2/destination/persistent/my-property/local/my-namespace/my-topic";

    PulsarAdmin pulsarAdmin = adminBuilder.serviceHttpUrl(serviceUrl).build();

    try {
        pulsarAdmin.clusters().createCluster(config.getClusterName(),
                new ClusterData(pulsar.getSafeWebServiceAddress()));
    } catch (ConflictException ce) {
        // This is OK.
    } finally {
        pulsarAdmin.close();
    }
}