Skip to content

Commit 41d8df7

Browse files
author
Bobby Evans
committed
Merge pull request apache#61 from derekd/derekd-fix-nimbus-topoconf-autho
Correct authorization check in nimbus methods
2 parents 935e295 + 6da8a91 commit 41d8df7

File tree

2 files changed

+68
-9
lines changed

2 files changed

+68
-9
lines changed

storm-core/src/clj/backtype/storm/daemon/nimbus.clj

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -881,15 +881,15 @@
881881
(throw (InvalidTopologyException.
882882
(str "Topology name cannot contain any of the following: " (pr-str DISALLOWED-TOPOLOGY-NAME-STRS))))))
883883

884-
(defn- try-read-storm-conf [conf storm-id]
884+
(defn try-read-storm-conf [conf storm-id]
885885
(try-cause
886886
(read-storm-conf conf storm-id)
887887
(catch FileNotFoundException e
888888
(throw (NotAliveException. storm-id)))
889889
)
890890
)
891891

892-
(defn- try-read-storm-topology [conf storm-id]
892+
(defn try-read-storm-topology [conf storm-id]
893893
(try-cause
894894
(read-storm-topology conf storm-id)
895895
(catch FileNotFoundException e
@@ -1110,22 +1110,22 @@
11101110
(to-json (:conf nimbus)))
11111111

11121112
(^String getTopologyConf [this ^String id]
1113-
(check-authorization! nimbus nil nil "getTopologyConf")
11141113
(let [topology-conf (try-read-storm-conf conf id)
11151114
storm-name (topology-conf TOPOLOGY-NAME)]
1116-
(to-json conf)))
1115+
(check-authorization! nimbus storm-name topology-conf "getTopologyConf")
1116+
(to-json topology-conf)))
11171117

11181118
(^StormTopology getTopology [this ^String id]
1119-
(check-authorization! nimbus nil nil "getTopology")
11201119
(let [topology-conf (try-read-storm-conf conf id)
11211120
storm-name (topology-conf TOPOLOGY-NAME)]
1122-
(system-topology! conf (try-read-storm-topology conf id))))
1121+
(check-authorization! nimbus storm-name topology-conf "getTopology")
1122+
(system-topology! topology-conf (try-read-storm-topology conf id))))
11231123

11241124
(^StormTopology getUserTopology [this ^String id]
1125-
(check-authorization! nimbus nil nil "getUserTopology")
11261125
(let [topology-conf (try-read-storm-conf conf id)
11271126
storm-name (topology-conf TOPOLOGY-NAME)]
1128-
(try-read-storm-topology conf id)))
1127+
(check-authorization! nimbus storm-name topology-conf "getUserTopology")
1128+
(try-read-storm-topology topology-conf id)))
11291129

11301130
(^ClusterSummary getClusterInfo [this]
11311131
(check-authorization! nimbus nil nil "getClusterInfo")

storm-core/test/clj/backtype/storm/nimbus_test.clj

Lines changed: 60 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
(ns backtype.storm.nimbus-test
22
(:use [clojure test])
3+
(:require [backtype.storm [util :as util]])
34
(:require [backtype.storm.daemon [nimbus :as nimbus]])
4-
55
(:import [backtype.storm.testing TestWordCounter TestWordSpout TestGlobalCount TestAggregatesCounter])
66
(:import [backtype.storm.scheduler INimbus])
77
(:use [backtype.storm bootstrap testing])
@@ -875,6 +875,65 @@
875875
)
876876
)
877877

878+
(deftest test-nimbus-check-authorization-params
879+
(with-local-cluster [cluster
880+
:daemon-conf {NIMBUS-AUTHORIZER "backtype.storm.security.auth.authorizer.NoopAuthorizer"}]
881+
(let [nimbus (:nimbus cluster)
882+
topology-name "test-nimbus-check-autho-params"
883+
topology (thrift/mk-topology {} {})]
884+
; Fake good authorization as part of setup.
885+
(mocking [nimbus/check-authorization!]
886+
(submit-local-topology-with-opts nimbus topology-name {} topology
887+
(SubmitOptions. TopologyInitialStatus/INACTIVE)))
888+
(let [expected-name topology-name
889+
expected-conf {TOPOLOGY-NAME expected-name
890+
:foo :bar}]
891+
892+
(testing "getTopologyConf calls check-authorization! with the correct parameters."
893+
(let [expected-operation "getTopologyConf"]
894+
(stubbing [nimbus/check-authorization! nil
895+
nimbus/try-read-storm-conf expected-conf
896+
util/to-json nil]
897+
(try
898+
(.getTopologyConf nimbus "fake-id")
899+
(catch NotAliveException e)
900+
(finally
901+
(verify-first-call-args-for-indices
902+
nimbus/check-authorization!
903+
[1 2 3] expected-name expected-conf expected-operation)
904+
(verify-first-call-args-for util/to-json expected-conf))))))
905+
906+
(testing "getTopology calls check-authorization! with the correct parameters."
907+
(let [expected-operation "getTopology"]
908+
(stubbing [nimbus/check-authorization! nil
909+
nimbus/try-read-storm-conf expected-conf
910+
nimbus/try-read-storm-topology nil
911+
system-topology! nil]
912+
(try
913+
(.getTopology nimbus "fake-id")
914+
(catch NotAliveException e)
915+
(finally
916+
(verify-first-call-args-for-indices
917+
nimbus/check-authorization!
918+
[1 2 3] expected-name expected-conf expected-operation)
919+
(verify-first-call-args-for-indices
920+
system-topology! [0] expected-conf))))))
921+
922+
(testing "getUserTopology calls check-authorization with the correct parameters."
923+
(let [expected-operation "getUserTopology"]
924+
(stubbing [nimbus/check-authorization! nil
925+
nimbus/try-read-storm-conf expected-conf
926+
nimbus/try-read-storm-topology nil]
927+
(try
928+
(.getUserTopology nimbus "fake-id")
929+
(catch NotAliveException e)
930+
(finally
931+
(verify-first-call-args-for-indices
932+
nimbus/check-authorization!
933+
[1 2 3] expected-name expected-conf expected-operation)
934+
(verify-first-call-args-for-indices
935+
nimbus/try-read-storm-topology [0] expected-conf))))))))))
936+
878937
(deftest test-nimbus-iface-getTopology-methods-throw-correctly
879938
(with-local-cluster [cluster]
880939
(let [

0 commit comments

Comments
 (0)