mirror of https://github.com/apache/druid.git
Fix coordinator->overlord proxy auth failure (#5039)
* Fix coordinator->overlord proxy auth failure * PR comment
This commit is contained in:
Jonathan Wei
Charles Allen
parent
7c8b14f18c
commit
13c0d88ffc
|
|
@ -29,6 +29,7 @@ import com.metamx.http.client.Request;
|
||||||
import com.metamx.http.client.response.StatusResponseHandler;
|
import com.metamx.http.client.response.StatusResponseHandler;
|
||||||
import com.metamx.http.client.response.StatusResponseHolder;
|
import com.metamx.http.client.response.StatusResponseHolder;
|
||||||
import io.druid.java.util.common.ISE;
|
import io.druid.java.util.common.ISE;
|
||||||
|
import io.druid.java.util.common.RE;
|
||||||
import io.druid.java.util.common.StringUtils;
|
import io.druid.java.util.common.StringUtils;
|
||||||
import io.druid.testing.IntegrationTestingConfig;
|
import io.druid.testing.IntegrationTestingConfig;
|
||||||
import io.druid.testing.guice.TestClient;
|
import io.druid.testing.guice.TestClient;
|
||||||
|
|
@ -155,6 +156,23 @@ public class CoordinatorResourceTestClient
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public HttpResponseStatus getProxiedOverlordScalingResponseStatus()
|
||||||
|
{
|
||||||
|
try {
|
||||||
|
StatusResponseHolder response = makeRequest(
|
||||||
|
HttpMethod.GET,
|
||||||
|
StringUtils.format(
|
||||||
|
"%s/druid/indexer/v1/scaling",
|
||||||
|
coordinator
|
||||||
|
)
|
||||||
|
);
|
||||||
|
return response.getStatus();
|
||||||
|
}
|
||||||
|
catch (Exception e) {
|
||||||
|
throw new RE(e, "Unable to get scaling status from [%s]", coordinator);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private StatusResponseHolder makeRequest(HttpMethod method, String url)
|
private StatusResponseHolder makeRequest(HttpMethod method, String url)
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,42 @@
|
||||||
|
/*
|
||||||
|
* Licensed to Metamarkets Group Inc. (Metamarkets) under one
|
||||||
|
* or more contributor license agreements. See the NOTICE file
|
||||||
|
* distributed with this work for additional information
|
||||||
|
* regarding copyright ownership. Metamarkets licenses this file
|
||||||
|
* to you under the Apache License, Version 2.0 (the
|
||||||
|
* "License"); you may not use this file except in compliance
|
||||||
|
* with the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package io.druid.tests.security;
|
||||||
|
|
||||||
|
import com.google.inject.Inject;
|
||||||
|
import io.druid.testing.clients.CoordinatorResourceTestClient;
|
||||||
|
import io.druid.testing.guice.DruidTestModuleFactory;
|
||||||
|
import org.jboss.netty.handler.codec.http.HttpResponseStatus;
|
||||||
|
import org.testng.Assert;
|
||||||
|
import org.testng.annotations.Guice;
|
||||||
|
import org.testng.annotations.Test;
|
||||||
|
|
||||||
|
@Guice(moduleFactory = DruidTestModuleFactory.class)
|
||||||
|
public class ITCoordinatorOverlordProxyAuthTest
|
||||||
|
{
|
||||||
|
@Inject
|
||||||
|
CoordinatorResourceTestClient coordinatorClient;
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testProxyAuth() throws Exception
|
||||||
|
{
|
||||||
|
HttpResponseStatus responseStatus = coordinatorClient.getProxiedOverlordScalingResponseStatus();
|
||||||
|
Assert.assertEquals(HttpResponseStatus.OK, responseStatus);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -24,9 +24,12 @@ import com.google.inject.Inject;
|
||||||
import io.druid.client.indexing.IndexingService;
|
import io.druid.client.indexing.IndexingService;
|
||||||
import io.druid.discovery.DruidLeaderClient;
|
import io.druid.discovery.DruidLeaderClient;
|
||||||
import io.druid.java.util.common.ISE;
|
import io.druid.java.util.common.ISE;
|
||||||
|
import io.druid.server.security.AuthConfig;
|
||||||
|
import org.eclipse.jetty.client.api.Request;
|
||||||
import org.eclipse.jetty.proxy.ProxyServlet;
|
import org.eclipse.jetty.proxy.ProxyServlet;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.net.URISyntaxException;
|
import java.net.URISyntaxException;
|
||||||
|
|
||||||
|
|
@ -66,4 +69,24 @@ public class OverlordProxyServlet extends ProxyServlet
|
||||||
throw Throwables.propagate(e);
|
throw Throwables.propagate(e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void sendProxyRequest(
|
||||||
|
HttpServletRequest clientRequest,
|
||||||
|
HttpServletResponse proxyResponse,
|
||||||
|
Request proxyRequest
|
||||||
|
)
|
||||||
|
{
|
||||||
|
// Since we can't see the request object on the remote side, we can't check whether the remote side actually
|
||||||
|
// performed an authorization check here, so always set this to true for the proxy servlet.
|
||||||
|
// If the remote node failed to perform an authorization check, PreResponseAuthorizationCheckFilter
|
||||||
|
// will log that on the remote node.
|
||||||
|
clientRequest.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
|
||||||
|
|
||||||
|
super.sendProxyRequest(
|
||||||
|
clientRequest,
|
||||||
|
proxyResponse,
|
||||||
|
proxyRequest
|
||||||
|
);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue