nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/leader/election/TestCuratorACLProviderFactory.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.nifi.controller.leader.election;

import java.util.HashMap;
import java.util.List;
import java.util.Map;

import org.apache.curator.framework.api.ACLProvider;
import org.apache.curator.framework.imps.DefaultACLProvider;
import org.apache.nifi.controller.cluster.ZooKeeperClientConfig;
import org.apache.nifi.util.NiFiProperties;
import org.apache.zookeeper.data.ACL;
import org.junit.Before;
import org.junit.Test;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;

public class TestCuratorACLProviderFactory {

    private volatile String propsFile = TestCuratorACLProviderFactory.class.getResource("/flowcontrollertest.nifi.properties").getFile();
    final Map<String, String> otherProps = new HashMap<>();

    @Before
    public void setup(){
        otherProps.put("nifi.zookeeper.connect.string", "local:1234");
        otherProps.put("nifi.zookeeper.root.node", "/nifi");
        otherProps.put("nifi.zookeeper.auth.type", "sasl");
        otherProps.put("nifi.kerberos.service.principal","nifi/host@REALM.COM");
    }

    @Test
    public void testSaslAuthSchemeNoHostNoRealm(){
        final NiFiProperties nifiProperties;
        final CuratorACLProviderFactory factory;
        otherProps.put("nifi.zookeeper.kerberos.removeHostFromPrincipal", "true");
        otherProps.put("nifi.zookeeper.kerberos.removeRealmFromPrincipal", "true");
        nifiProperties = NiFiProperties.createBasicNiFiProperties(propsFile, otherProps);
        factory = new CuratorACLProviderFactory();
        ZooKeeperClientConfig config = ZooKeeperClientConfig.createConfig(nifiProperties);
        ACLProvider provider = factory.create(config);
        assertFalse(provider instanceof DefaultACLProvider);
        List<ACL> acls = provider.getDefaultAcl();
        assertNotNull(acls);
        assertEquals(acls.get(0).getId().toString().trim(),"'sasl,'nifi");
    }

    @Test
    public void testSaslAuthSchemeHeadless(){
        final NiFiProperties nifiProperties;
        final CuratorACLProviderFactory factory;
        otherProps.put("nifi.zookeeper.kerberos.removeHostFromPrincipal", "true");
        otherProps.put("nifi.zookeeper.kerberos.removeRealmFromPrincipal", "true");
        otherProps.put("nifi.kerberos.service.principal","nifi@REALM.COM");
        nifiProperties = NiFiProperties.createBasicNiFiProperties(propsFile, otherProps);
        factory = new CuratorACLProviderFactory();
        ZooKeeperClientConfig config = ZooKeeperClientConfig.createConfig(nifiProperties);
        ACLProvider provider = factory.create(config);
        assertFalse(provider instanceof DefaultACLProvider);
        List<ACL> acls = provider.getDefaultAcl();
        assertNotNull(acls);
        assertEquals(acls.get(0).getId().toString().trim(),"'sasl,'nifi");
    }

    @Test
    public void testSaslAuthSchemeNoHostWithRealm(){

        final NiFiProperties nifiProperties;
        final CuratorACLProviderFactory factory;
        otherProps.put("nifi.zookeeper.kerberos.removeHostFromPrincipal", "true");
        otherProps.put("nifi.zookeeper.kerberos.removeRealmFromPrincipal", "false");
        nifiProperties = NiFiProperties.createBasicNiFiProperties(propsFile, otherProps);
        factory = new CuratorACLProviderFactory();
        ZooKeeperClientConfig config = ZooKeeperClientConfig.createConfig(nifiProperties);
        ACLProvider provider = factory.create(config);
        assertFalse(provider instanceof DefaultACLProvider);
        List<ACL> acls = provider.getDefaultAcl();
        assertNotNull(acls);
        assertEquals(acls.get(0).getId().toString().trim(),"'sasl,'nifi@REALM.COM");

    }

    @Test
    public void testSaslAuthSchemeWithHostNoRealm(){

        final NiFiProperties nifiProperties;
        final CuratorACLProviderFactory factory;
        otherProps.put("nifi.zookeeper.kerberos.removeHostFromPrincipal", "false");
        otherProps.put("nifi.zookeeper.kerberos.removeRealmFromPrincipal", "true");
        nifiProperties = NiFiProperties.createBasicNiFiProperties(propsFile, otherProps);
        factory = new CuratorACLProviderFactory();
        ZooKeeperClientConfig config = ZooKeeperClientConfig.createConfig(nifiProperties);
        ACLProvider provider = factory.create(config);
        assertFalse(provider instanceof DefaultACLProvider);
        List<ACL> acls = provider.getDefaultAcl();
        assertNotNull(acls);
        assertEquals(acls.get(0).getId().toString().trim(),"'sasl,'nifi/host");

    }

}