Apache
/
druid
mirror of https://github.com/apache/druid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix authorization check in supervisor history API (#5460)

This commit is contained in:
Jonathan Wei 2018-03-02 14:03:07 -08:00 committed by GitHub
parent 969a12f6ca
commit b63f1c0e45
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 88 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
indexing-service/src/main/java/io/druid/indexing/overlord/supervisor/SupervisorResource.java
View File

@ -235,7 +235,7 @@ public class SupervisorResource
} }
} }
); );
return Response.ok(supervisorHistory).build(); return Response.ok(authorizedSupervisorHistory).build();
} }
} }
); );

89
indexing-service/src/test/java/io/druid/indexing/overlord/supervisor/SupervisorResourceTest.java
View File

@ -28,9 +28,13 @@ import com.google.common.collect.Maps;
import io.druid.indexing.overlord.DataSourceMetadata; import io.druid.indexing.overlord.DataSourceMetadata;
import io.druid.indexing.overlord.TaskMaster; import io.druid.indexing.overlord.TaskMaster;
import io.druid.java.util.common.DateTimes; import io.druid.java.util.common.DateTimes;
import io.druid.server.security.Access;
import io.druid.server.security.Action;
import io.druid.server.security.AuthConfig; import io.druid.server.security.AuthConfig;
import io.druid.server.security.AuthTestUtils;
import io.druid.server.security.AuthenticationResult; import io.druid.server.security.AuthenticationResult;
import io.druid.server.security.Authorizer;
import io.druid.server.security.AuthorizerMapper;
import io.druid.server.security.Resource;
import org.easymock.Capture; import org.easymock.Capture;
import org.easymock.EasyMock; import org.easymock.EasyMock;
import org.easymock.EasyMockRunner; import org.easymock.EasyMockRunner;
@ -64,7 +68,34 @@ public class SupervisorResourceTest extends EasyMockSupport
@Before @Before
public void setUp() throws Exception public void setUp() throws Exception
{ {
supervisorResource = new SupervisorResource(taskMaster, new AuthConfig(), AuthTestUtils.TEST_AUTHORIZER_MAPPER); supervisorResource = new SupervisorResource(
taskMaster,
new AuthConfig(),
new AuthorizerMapper(null) {
@Override
public Authorizer getAuthorizer(String name)
{
return new Authorizer()
{
@Override
public Access authorize(
AuthenticationResult authenticationResult, Resource resource, Action action
)
{
if (authenticationResult.getIdentity().equals("druid")) {
return Access.OK;
} else {
if (resource.getName().equals("datasource2")) {
return new Access(false, "not authorized.");
} else {
return Access.OK;
}
}
}
};
}
}
);
} }
@Test @Test
@ -303,6 +334,60 @@ public class SupervisorResourceTest extends EasyMockSupport
Assert.assertEquals(503, response.getStatus()); Assert.assertEquals(503, response.getStatus());
} }
@Test
public void testSpecGetAllHistoryWithAuthFailureFiltering() throws Exception
{
Map<String, List<VersionedSupervisorSpec>> history = Maps.newHashMap();
history.put("id1", null);
history.put("id2", null);
EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager)).times(2);
EasyMock.expect(supervisorManager.getSupervisorHistory()).andReturn(history);
SupervisorSpec spec1 = new TestSupervisorSpec("id1", null) {
@Override
public List<String> getDataSources()
{
return Lists.newArrayList("datasource1");
}
};
SupervisorSpec spec2 = new TestSupervisorSpec("id2", null) {
@Override
public List<String> getDataSources()
{
return Lists.newArrayList("datasource2");
}
};
EasyMock.expect(supervisorManager.getSupervisorSpec("id1")).andReturn(Optional.of(spec1)).atLeastOnce();
EasyMock.expect(supervisorManager.getSupervisorSpec("id2")).andReturn(Optional.of(spec2)).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(
new AuthenticationResult("wronguser", "druid", null)
).atLeastOnce();
request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
EasyMock.expectLastCall().anyTimes();
replayAll();
Response response = supervisorResource.specGetAllHistory(request);
Map<String, List<VersionedSupervisorSpec>> filteredHistory = Maps.newHashMap();
filteredHistory.put("id1", null);
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(filteredHistory, response.getEntity());
resetAll();
EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.<SupervisorManager>absent());
replayAll();
response = supervisorResource.specGetAllHistory(request);
verifyAll();
Assert.assertEquals(503, response.getStatus());
}
@Test @Test
public void testSpecGetHistory() throws Exception public void testSpecGetHistory() throws Exception
{ {