This is an automated email from the ASF dual-hosted git repository. pdallig pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push: new 2afa0ddd20 [ZEPPELIN-5750] Add tests for NoteAuth and polish up NoteAuth (#4378) 2afa0ddd20 is described below commit 2afa0ddd20dc33a4eedce31b1d69afb6bd52c9b4 Author: Philipp Dallig <philipp.dal...@gmail.com> AuthorDate: Thu Jun 9 15:30:23 2022 +0200 [ZEPPELIN-5750] Add tests for NoteAuth and polish up NoteAuth (#4378) --- .../org/apache/zeppelin/rest/NotebookRestApi.java | 4 +- .../service/ShiroAuthenticationServiceTest.java | 13 +- .../zeppelin/notebook/AuthorizationService.java | 20 ++- .../org/apache/zeppelin/notebook/NoteAuth.java | 39 +++--- .../org/apache/zeppelin/notebook/Notebook.java | 2 +- .../notebook/NotebookAuthorizationInfoSaving.java | 7 +- .../org/apache/zeppelin/notebook/Paragraph.java | 2 +- .../org/apache/zeppelin/notebook/NoteAuthTest.java | 153 +++++++++++++++++++++ 8 files changed, 197 insertions(+), 43 deletions(-) diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java index 88004f480b..305b5588cd 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java @@ -295,7 +295,7 @@ public class NotebookRestApi extends AbstractRestApi { authorizationService.getReaders(noteId), authorizationService.getRunners(noteId), authorizationService.getWriters(noteId)); AuthenticationInfo subject = new AuthenticationInfo(authenticationService.getPrincipal()); - authorizationService.saveNoteAuth(noteId, subject); + authorizationService.saveNoteAuth(); notebookServer.broadcastNote(note); notebookServer.broadcastNoteList(subject, userAndRoles); return new JsonResponse<>(Status.OK).build(); @@ -353,7 +353,7 @@ public class NotebookRestApi extends AbstractRestApi { /** * Save a revision for the a note - * + * * @param message * @param noteId * @return diff --git a/zeppelin-server/src/test/java/org/apache/zeppelin/service/ShiroAuthenticationServiceTest.java b/zeppelin-server/src/test/java/org/apache/zeppelin/service/ShiroAuthenticationServiceTest.java index 5ce009ae20..47af1131ab 100644 --- a/zeppelin-server/src/test/java/org/apache/zeppelin/service/ShiroAuthenticationServiceTest.java +++ b/zeppelin-server/src/test/java/org/apache/zeppelin/service/ShiroAuthenticationServiceTest.java @@ -26,7 +26,6 @@ import java.util.HashSet; import java.util.Set; import org.apache.shiro.mgt.DefaultSecurityManager; -import org.apache.shiro.subject.SimplePrincipalCollection; import org.apache.shiro.util.LifecycleUtils; import org.apache.shiro.util.ThreadContext; import org.apache.zeppelin.conf.ZeppelinConfiguration; @@ -80,15 +79,15 @@ public class ShiroAuthenticationServiceTest { KnoxJwtRealm realm = spy(new KnoxJwtRealm()); LifecycleUtils.init(realm); - Set<String> testRoles = new HashSet<String>(){{ - add("role1"); - add("role2"); - }}; + Set<String> testRoles = new HashSet<String>(); + testRoles.add("role1"); + testRoles.add("role2"); + when(realm.mapGroupPrincipals("test")).thenReturn(testRoles); - + DefaultSecurityManager securityManager = new DefaultSecurityManager(realm); ThreadContext.bind(securityManager); - + Set<String> roles = shiroSecurityService.getAssociatedRoles(); assertEquals(testRoles, roles); } diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/AuthorizationService.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/AuthorizationService.java index 6cb7c071f5..2b50ec01a5 100644 --- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/AuthorizationService.java +++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/AuthorizationService.java @@ -64,17 +64,17 @@ public class AuthorizationService implements ClusterEventListener { // init notesAuth by reading notebook-authorization.json NotebookAuthorizationInfoSaving authorizationInfoSaving = configStorage.loadNotebookAuthorization(); if (authorizationInfoSaving != null) { - for (Map.Entry<String, Map<String, Set<String>>> entry : authorizationInfoSaving.authInfo.entrySet()) { + for (Map.Entry<String, Map<String, Set<String>>> entry : authorizationInfoSaving.getAuthInfo().entrySet()) { String noteId = entry.getKey(); Map<String, Set<String>> permissions = entry.getValue(); - notesAuth.put(noteId, new NoteAuth(noteId, permissions)); + notesAuth.put(noteId, new NoteAuth(noteId, permissions, conf)); } } // initialize NoteAuth for the notes without permission set explicitly. for (String noteId : noteManager.getNotesInfo().keySet()) { if (!notesAuth.containsKey(noteId)) { - notesAuth.put(noteId, new NoteAuth(noteId)); + notesAuth.put(noteId, new NoteAuth(noteId, conf)); } } } catch (IOException e) { @@ -89,28 +89,26 @@ public class AuthorizationService implements ClusterEventListener { * @param subject * @throws IOException */ - public void createNoteAuth(String noteId, AuthenticationInfo subject) throws IOException { - NoteAuth noteAuth = new NoteAuth(noteId, subject); + public void createNoteAuth(String noteId, AuthenticationInfo subject) { + NoteAuth noteAuth = new NoteAuth(noteId, subject, conf); this.notesAuth.put(noteId, noteAuth); } - public void cloneNoteMeta(String noteId, String sourceNoteId, AuthenticationInfo subject) throws IOException { - NoteAuth noteAuth = new NoteAuth(noteId, subject); + public void cloneNoteMeta(String noteId, String sourceNoteId, AuthenticationInfo subject) { + NoteAuth noteAuth = new NoteAuth(noteId, subject, conf); this.notesAuth.put(noteId, noteAuth); } /** * Persistent NoteAuth * - * @param noteId - * @param subject * @throws IOException */ - public void saveNoteAuth(String noteId, AuthenticationInfo subject) throws IOException { + public void saveNoteAuth() throws IOException { configStorage.save(new NotebookAuthorizationInfoSaving(this.notesAuth)); } - public void removeNoteAuth(String noteId) throws IOException { + public void removeNoteAuth(String noteId) { this.notesAuth.remove(noteId); } diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/NoteAuth.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/NoteAuth.java index 7023b790f6..1840046b36 100644 --- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/NoteAuth.java +++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/NoteAuth.java @@ -17,8 +17,6 @@ package org.apache.zeppelin.notebook; -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; import org.apache.zeppelin.conf.ZeppelinConfiguration; import org.apache.zeppelin.user.AuthenticationInfo; @@ -33,25 +31,35 @@ import java.util.Set; */ public class NoteAuth { - private static Gson gson = new GsonBuilder().setPrettyPrinting().create(); + private final String noteId; + private final ZeppelinConfiguration zconf; - private String noteId; private Set<String> readers = new HashSet<>(); private Set<String> writers = new HashSet<>(); private Set<String> runners = new HashSet<>(); private Set<String> owners = new HashSet<>(); - public NoteAuth(String noteId) { - this(noteId, AuthenticationInfo.ANONYMOUS); + public NoteAuth(String noteId, ZeppelinConfiguration zconf) { + this(noteId, AuthenticationInfo.ANONYMOUS, zconf); } - public NoteAuth(String noteId, AuthenticationInfo subject) { + public NoteAuth(String noteId, AuthenticationInfo subject, ZeppelinConfiguration zconf) { this.noteId = noteId; + this.zconf = zconf; initPermissions(subject); } - public NoteAuth(String noteId, Map<String, Set<String>> permissions) { + /** + * Creates a NoteAuth from a map loaded from notebook-authorization.json. At this point it is not possible to distinguish + * between a user and a group string, so checkCaseAndConvert must not be used. + * + * @param noteId + * @param permissions + * @param zconf + */ + public NoteAuth(String noteId, Map<String, Set<String>> permissions, ZeppelinConfiguration zconf) { this.noteId = noteId; + this.zconf = zconf; this.readers = permissions.getOrDefault("readers", new HashSet<>()); this.writers = permissions.getOrDefault("writers", new HashSet<>()); this.runners = permissions.getOrDefault("runners", new HashSet<>()); @@ -61,7 +69,7 @@ public class NoteAuth { // used when creating new note public void initPermissions(AuthenticationInfo subject) { if (!AuthenticationInfo.isAnonymous(subject)) { - if (ZeppelinConfiguration.create().isNotebookPublic()) { + if (zconf.isNotebookPublic()) { // add current user to owners - can be public this.owners.add(checkCaseAndConvert(subject.getUser())); } else { @@ -114,7 +122,7 @@ public class NoteAuth { * If case conversion is enforced, then change entity names to lower case */ private Set<String> checkCaseAndConvert(Set<String> entities) { - if (ZeppelinConfiguration.create().isUsernameForceLowerCase()) { + if (zconf.isUsernameForceLowerCase()) { Set<String> set2 = new HashSet<>(); for (String name : entities) { set2.add(name.toLowerCase()); @@ -126,7 +134,7 @@ public class NoteAuth { } private String checkCaseAndConvert(String entity) { - if (ZeppelinConfiguration.create().isUsernameForceLowerCase()) { + if (zconf.isUsernameForceLowerCase()) { return entity.toLowerCase(); } else { return entity; @@ -141,13 +149,4 @@ public class NoteAuth { map.put("owners", owners); return map; } - - public String toJson() { - return gson.toJson(this); - } - - public static NoteAuth fromJson(String json) { - return gson.fromJson(json, NoteAuth.class); - } - } diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Notebook.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Notebook.java index ad285cce81..1081c4df03 100644 --- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Notebook.java +++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Notebook.java @@ -246,7 +246,7 @@ public class Notebook { noteManager.addNote(note, subject); // init noteMeta authorizationService.createNoteAuth(note.getId(), subject); - authorizationService.saveNoteAuth(note.getId(), subject); + authorizationService.saveNoteAuth(); if (save) { noteManager.saveNote(note, subject); } diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/NotebookAuthorizationInfoSaving.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/NotebookAuthorizationInfoSaving.java index 338a0f2356..6440fa4a97 100644 --- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/NotebookAuthorizationInfoSaving.java +++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/NotebookAuthorizationInfoSaving.java @@ -32,7 +32,7 @@ public class NotebookAuthorizationInfoSaving implements JsonSerializable { private static final Gson gson = new GsonBuilder().setPrettyPrinting().create(); - public Map<String, Map<String, Set<String>>> authInfo; + private final Map<String, Map<String, Set<String>>> authInfo; public NotebookAuthorizationInfoSaving(Map<String, NoteAuth> notesAuth) { this.authInfo = new HashMap<>(); @@ -41,6 +41,11 @@ public class NotebookAuthorizationInfoSaving implements JsonSerializable { } } + public Map<String, Map<String, Set<String>>> getAuthInfo() { + return authInfo; + } + + @Override public String toJson() { return gson.toJson(this); } diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Paragraph.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Paragraph.java index bf7b02f0b6..2fd7b1668c 100644 --- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Paragraph.java +++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Paragraph.java @@ -408,7 +408,7 @@ public class Paragraph extends JobWithProgressPoller<InterpreterResult> implemen } this.interpreter = getBindedInterpreter(); if (this.interpreter == null) { - LOGGER.error("Can not find interpreter name " + intpText); + LOGGER.error("Can not find interpreter name {}", intpText); throw new RuntimeException("Can not find interpreter for " + intpText); } LOGGER.info("Run paragraph [paragraph_id: {}, interpreter: {}, note_id: {}, user: {}]", diff --git a/zeppelin-zengine/src/test/java/org/apache/zeppelin/notebook/NoteAuthTest.java b/zeppelin-zengine/src/test/java/org/apache/zeppelin/notebook/NoteAuthTest.java new file mode 100644 index 0000000000..9536e21c3a --- /dev/null +++ b/zeppelin-zengine/src/test/java/org/apache/zeppelin/notebook/NoteAuthTest.java @@ -0,0 +1,153 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.zeppelin.notebook; + +import org.apache.zeppelin.conf.ZeppelinConfiguration; +import org.apache.zeppelin.user.AuthenticationInfo; +import org.junit.Test; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + +public class NoteAuthTest { + private ZeppelinConfiguration conf = mock(ZeppelinConfiguration.class); + + @Test + public void testAnonymous() { + NoteAuth auth = new NoteAuth("note1", conf); + assertEquals(0, auth.getOwners().size()); + assertEquals(0, auth.getReaders().size()); + assertEquals(0, auth.getRunners().size()); + assertEquals(0, auth.getWriters().size()); + } + + @Test + public void testPublicNotes() { + + when(conf.isNotebookPublic()).thenReturn(true); + + NoteAuth auth = new NoteAuth("note1", new AuthenticationInfo("TestUser"), conf); + assertEquals("note1", auth.getNoteId()); + assertEquals(1, auth.getOwners().size()); + assertTrue(auth.getOwners().contains("TestUser")); + + assertEquals(0, auth.getReaders().size()); + assertEquals(0, auth.getRunners().size()); + assertEquals(0, auth.getWriters().size()); + + /* + * simple Map check + */ + assertEquals(4, auth.toMap().size()); + assertTrue(auth.toMap().get("owners").contains("TestUser")); + assertTrue(auth.toMap().get("readers").isEmpty()); + assertTrue(auth.toMap().get("runners").isEmpty()); + assertTrue(auth.toMap().get("writers").isEmpty()); + } + + @Test + public void testNoPublicNotes() { + + when(conf.isNotebookPublic()).thenReturn(false); + + NoteAuth auth = new NoteAuth("note1", new AuthenticationInfo("TestUser"), conf); + assertEquals(1, auth.getOwners().size()); + assertTrue(auth.getOwners().contains("TestUser")); + + assertEquals(1, auth.getReaders().size()); + assertTrue(auth.getReaders().contains("TestUser")); + + assertEquals(1, auth.getRunners().size()); + assertTrue(auth.getRunners().contains("TestUser")); + + assertEquals(1, auth.getWriters().size()); + assertTrue(auth.getWriters().contains("TestUser")); + + /* + * simple Map check + */ + assertEquals(4, auth.toMap().size()); + assertTrue(auth.toMap().get("owners").contains("TestUser")); + assertTrue(auth.toMap().get("readers").contains("TestUser")); + assertTrue(auth.toMap().get("runners").contains("TestUser")); + assertTrue(auth.toMap().get("writers").contains("TestUser")); + } + + @Test + public void testFoceLowerCaseUsers() { + + when(conf.isNotebookPublic()).thenReturn(false); + when(conf.isUsernameForceLowerCase()).thenReturn(true); + + NoteAuth auth = new NoteAuth("note1", new AuthenticationInfo("TestUser"), conf); + assertEquals(1, auth.getOwners().size()); + assertTrue(auth.getOwners().contains("testuser")); + + assertEquals(1, auth.getReaders().size()); + assertTrue(auth.getReaders().contains("testuser")); + + assertEquals(1, auth.getRunners().size()); + assertTrue(auth.getRunners().contains("testuser")); + + assertEquals(1, auth.getWriters().size()); + assertTrue(auth.getWriters().contains("testuser")); + } + + @Test + public void testMapConstructor() { + when(conf.isNotebookPublic()).thenReturn(false); + + NoteAuth auth = new NoteAuth("note1", getTestMap("TestUser", "TestGroup"), conf); + assertEquals(2, auth.getOwners().size()); + assertTrue(auth.getOwners().contains("TestUser")); + assertTrue(auth.getOwners().contains("TestGroup")); + + assertEquals(2, auth.getReaders().size()); + assertTrue(auth.getReaders().contains("TestUser")); + assertTrue(auth.getRunners().contains("TestGroup")); + + assertEquals(2, auth.getRunners().size()); + assertTrue(auth.getRunners().contains("TestUser")); + assertTrue(auth.getRunners().contains("TestGroup")); + + assertEquals(2, auth.getWriters().size()); + assertTrue(auth.getWriters().contains("TestUser")); + assertTrue(auth.getWriters().contains("TestGroup")); + } + + private static Map<String, Set<String>> getTestMap(String user, String group) { + Map<String, Set<String>> map = new HashMap<>(); + Set<String> readers = new HashSet<String>(); + readers.add(user); + readers.add(group); + Set<String> writers = new HashSet<String>(readers); + Set<String> runners = new HashSet<String>(readers); + Set<String> owners = new HashSet<String>(readers); + map.put("readers", readers); + map.put("writers", writers); + map.put("runners", runners); + map.put("owners", owners); + return map; + } +}