@Override public void run(Nimbus.Iface nimbus) throws Exception { nimbus.activate(name); LOG.info("Activated topology: {}", name); } });
public static void verifyIncorrectJaasConf(ThriftServer server, Map<String, Object> conf, String jaas, Class<? extends Exception> expectedException) { Map<String, Object> badConf = new HashMap<>(conf); badConf.put("java.security.auth.login.config", jaas); try (NimbusClient client = new NimbusClient(badConf, "localhost", server.getPort(), NIMBUS_TIMEOUT)) { client.getClient().activate("bad_auth_test_topology"); fail("An exception should have been thrown trying to connect."); } catch (Exception e) { LOG.info("Got Exception...", e); assert (Utils.exceptionCauseIsInstanceOf(expectedException, e)); } }
@Test public void simpleAuthTest() throws Exception { Nimbus.Iface impl = mock(Nimbus.Iface.class); withServer(SimpleTransportPlugin.class, impl, (ThriftServer server, Map<String, Object> conf) -> { try (NimbusClient client = new NimbusClient(conf, "localhost", server.getPort(), NIMBUS_TIMEOUT)) { client.getClient().activate("security_auth_test_topology"); } //Verify digest is rejected... Map<String, Object> badConf = new HashMap<>(conf); badConf.put(Config.STORM_THRIFT_TRANSPORT_PLUGIN, DigestSaslTransportPlugin.class.getName()); badConf.put("java.security.auth.login.config", DIGEST_JAAS_CONF); badConf.put(Config.STORM_NIMBUS_RETRY_TIMES, 0); try (NimbusClient client = new NimbusClient(badConf, "localhost", server.getPort(), NIMBUS_TIMEOUT)) { client.getClient().activate("bad_security_auth_test_topology"); fail("An exception should have been thrown trying to connect."); } catch (Exception te) { LOG.info("Got Exception...", te); assert (Utils.exceptionCauseIsInstanceOf(TTransportException.class, te)); } }); verify(impl).activate("security_auth_test_topology"); verify(impl, never()).activate("bad_security_auth_test_topology"); }
user.set(new ReqContext(ReqContext.context())); return null; }).when(impl).activate(anyString()); client.getClient().activate("bad_auth_test_topology"); fail("We should not be able to connect without a token..."); } catch (Exception e) { verify(impl, times(2)).activate("topo-bob"); verify(impl, times(3)).activate("topo-alice"); verify(impl, never()).activate("bad_auth_test_topology"); LOG.info("\n\n\t\tworkerTokenDigestAuthTest - END\n\n");
user.set(new ReqContext(ReqContext.context())); return null; }).when(impl).activate(anyString()); (ThriftServer server, Map<String, Object> conf) -> { try (NimbusClient client = new NimbusClient(conf, "localhost", server.getPort(), NIMBUS_TIMEOUT)) { client.getClient().activate("security_auth_test_topology"); badTransport.put(Config.STORM_THRIFT_TRANSPORT_PLUGIN, SimpleTransportPlugin.class.getName()); try (NimbusClient client = new NimbusClient(badTransport, "localhost", server.getPort(), NIMBUS_TIMEOUT)) { client.getClient().activate("bad_security_auth_test_topology"); fail("An exception should have been thrown trying to connect."); } catch (Exception te) { verifyIncorrectJaasConf(server, conf, MISSING_CLIENT, IOException.class); }); verify(impl).activate("security_auth_test_topology"); verify(impl, never()).activate("bad_auth_test_topology");
/** * putTopologyActivate. * @param client client * @param id id * @return putTopologyActivate * @throws TException TException */ public static Map<String, Object> putTopologyActivate(Nimbus.Iface client, String id) throws TException { GetInfoOptions getInfoOptions = new GetInfoOptions(); getInfoOptions.set_num_err_choice(NumErrorsChoice.NONE); TopologyInfo topologyInfo = client.getTopologyInfoWithOpts(id, getInfoOptions); client.activate(topologyInfo.get_name()); return getTopologyOpResponse(id, "activate"); }
public static void tryConnectAs(Map<String, Object> conf, ThriftServer server, Subject subject, String topoId) throws PrivilegedActionException { Subject.doAs(subject, (PrivilegedExceptionAction<Void>) () -> { try (NimbusClient client = new NimbusClient(conf, "localhost", server.getPort(), NIMBUS_TIMEOUT)) { client.getClient().activate(topoId); //Yes this should be a topo name, but it makes this simpler... } return null; }); }