This is an automated email from the ASF dual-hosted git repository.
khowe pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/develop by this push:
new 5bef447 GEODE-6174: Test REST API with a secured cluster (#3255)
5bef447 is described below
commit 5bef4478c9651ed6d1e78b367a6af18ad703db85
Author: Kenneth Howe <kh...@pivotal.io>
AuthorDate: Mon Mar 4 08:47:41 2019 -0800
GEODE-6174: Test REST API with a secured cluster (#3255)
* GEODE-6174: Test REST API with a secured cluster
Add tests for the create region REST API with a SecurityManager on the
cluster.
- Test without credentails
- Authentication failure (bad user:password)
- Authenticated but not authorized
- Authenticated and Authorized
- Rework test assertions for recent changes in ClusterManagementResult
---
.../internal/rest/RegionManagementDunitTest.java | 4 +-
.../RegionManagementRestSecurityDUnitTest.java | 123 +++++++++++++++++++++
2 files changed, 125 insertions(+), 2 deletions(-)
diff --git
a/geode-assembly/src/distributedTest/java/org/apache/geode/management/internal/rest/RegionManagementDunitTest.java
b/geode-assembly/src/distributedTest/java/org/apache/geode/management/internal/rest/RegionManagementDunitTest.java
index b7dcff2..40a1913 100644
---
a/geode-assembly/src/distributedTest/java/org/apache/geode/management/internal/rest/RegionManagementDunitTest.java
+++
b/geode-assembly/src/distributedTest/java/org/apache/geode/management/internal/rest/RegionManagementDunitTest.java
@@ -143,7 +143,7 @@ public class RegionManagementDunitTest {
assertThat(result.isSuccessful()).isFalse();
}
- private static void verifyRegionPersisted(String regionName, String type) {
+ static void verifyRegionPersisted(String regionName, String type) {
CacheConfig cacheConfig =
ClusterStartupRule.getLocator().getConfigurationPersistenceService()
.getCacheConfig("cluster");
@@ -151,7 +151,7 @@ public class RegionManagementDunitTest {
assertThat(regionConfig.getType()).isEqualTo(type);
}
- private static void verifyRegionCreated(String regionName, String type) {
+ static void verifyRegionCreated(String regionName, String type) {
Cache cache = ClusterStartupRule.getCache();
Region region = cache.getRegion(regionName);
assertThat(region).isNotNull();
diff --git
a/geode-assembly/src/distributedTest/java/org/apache/geode/management/internal/rest/RegionManagementRestSecurityDUnitTest.java
b/geode-assembly/src/distributedTest/java/org/apache/geode/management/internal/rest/RegionManagementRestSecurityDUnitTest.java
new file mode 100644
index 0000000..9069829
--- /dev/null
+++
b/geode-assembly/src/distributedTest/java/org/apache/geode/management/internal/rest/RegionManagementRestSecurityDUnitTest.java
@@ -0,0 +1,123 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
contributor license
+ * agreements. See the NOTICE file distributed with this work for additional
information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache
License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express
+ * or implied. See the License for the specific language governing permissions
and limitations under
+ * the License.
+ */
+package org.apache.geode.management.internal.rest;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.util.Properties;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Test;
+
+import org.apache.geode.cache.configuration.RegionConfig;
+import org.apache.geode.examples.SimpleSecurityManager;
+import org.apache.geode.management.api.ClusterManagementResult;
+import org.apache.geode.test.dunit.rules.ClusterStartupRule;
+import org.apache.geode.test.dunit.rules.MemberVM;
+import org.apache.geode.test.junit.rules.GeodeDevRestClient;
+
+public class RegionManagementRestSecurityDUnitTest {
+ @ClassRule
+ public static ClusterStartupRule cluster = new ClusterStartupRule();
+
+ private static MemberVM locator, server;
+
+ private static GeodeDevRestClient restClient;
+
+ private static Properties config;
+
+ private static String json;
+
+ @BeforeClass
+ public static void beforeClass() throws Exception {
+ locator = cluster.startLocatorVM(0, l -> l.withHttpService()
+ .withSecurityManager(SimpleSecurityManager.class));
+
+ config = new Properties();
+ config.setProperty("security-username", "cluster");
+ config.setProperty("security-password", "cluster");
+
+ server = cluster.startServerVM(1, config, locator.getPort());
+ restClient =
+ new GeodeDevRestClient("/geode-management/v2", "localhost",
locator.getHttpPort(), false);
+
+ RegionConfig regionConfig = new RegionConfig();
+ regionConfig.setName("customers");
+ regionConfig.setType("REPLICATE");
+ ObjectMapper mapper = new ObjectMapper();
+ json = mapper.writeValueAsString(regionConfig);
+ }
+
+ @Test
+ public void createRegionWithoutCredentials_failsWithAuthenticationError()
throws Exception {
+ ClusterManagementResult result =
+ restClient.doPostAndAssert("/regions", json)
+ .hasStatusCode(401)
+ .getClusterManagementResult();
+
+ assertThat(result.isSuccessful()).isFalse();
+ assertThat(result.getStatusCode())
+ .isEqualTo(ClusterManagementResult.StatusCode.UNAUTHENTICATED);
+ assertThat(result.getStatusMessage()).contains("authentication is
required");
+ }
+
+ @Test
+ public void createRegionWithBadCredentials_failsWithAuthenticationError()
throws Exception {
+ ClusterManagementResult result =
+ restClient.doPostAndAssert("/regions", json, "baduser", "badpassword")
+ .hasStatusCode(401)
+ .getClusterManagementResult();
+
+ assertThat(result.isSuccessful()).isFalse();
+ assertThat(result.getStatusCode())
+ .isEqualTo(ClusterManagementResult.StatusCode.UNAUTHENTICATED);
+ assertThat(result.getStatusMessage()).contains("Authentication error");
+ }
+
+ @Test
+ public void createRegionNotAuthorized_failsWithAuthorizationError() throws
Exception {
+ ClusterManagementResult result =
+ restClient.doPostAndAssert("/regions", json, "notauthorized",
"notauthorized")
+ .hasStatusCode(403)
+ .getClusterManagementResult();
+
+ assertThat(result.isSuccessful()).isFalse();
+
assertThat(result.getStatusCode()).isEqualTo(ClusterManagementResult.StatusCode.UNAUTHORIZED);
+ assertThat(result.getStatusMessage()).contains("not authorized for
DATA:MANAGE");
+ }
+
+ @Test
+ public void createRegionWithCredentials_CreatesRegion() throws Exception {
+ ClusterManagementResult result =
+ restClient.doPostAndAssert("/regions", json, "datamanage",
"datamanage")
+ .hasStatusCode(201)
+ .getClusterManagementResult();
+
+ assertThat(result.isSuccessful()).isTrue();
+
assertThat(result.getStatusCode()).isEqualTo(ClusterManagementResult.StatusCode.OK);
+ assertThat(result.getMemberStatuses()).containsKeys("server-1").hasSize(1);
+
+ // make sure region is created
+ server.invoke(() ->
RegionManagementDunitTest.verifyRegionCreated("customers", "REPLICATE"));
+
+ // make sure region is persisted
+ locator.invoke(() ->
RegionManagementDunitTest.verifyRegionPersisted("customers", "REPLICATE"));
+
+ // verify that additional server can be started with the cluster
configuration
+ cluster.startServerVM(2, config, locator.getPort());
+ }
+}
