[improve][broker] Test AuthorizationService to cover proxyRoles behavior #19845
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
michaeljmarshall
added
area/test
doc-not-needed
michaeljmarshall
requested review from
Technoboy-,
codelipenghui,
coderzc,
hangc0276,
lhotari,
mattisonchao and
nodece
michaeljmarshall
added a commit
to datastax/pulsar
that referenced
this pull request
Apr 13, 2023
…ior (apache#19845) Relates to: apache#19455 apache#19830 ### Motivation When I added the requirement for the proxy to use a role in the `proxyRoles` set, I didn't add a test that checked the negative case. This new test was first added in apache#19830 with one small difference. The goal of this test is to ensure that authorization of the client role and the original role is handled correctly. ### Modifications * Add new test class named `AuthorizationServiceTest`. We use `pass.proxy` and `fail.proxy` as proxy roles to simulate cases where the proxy's role passes and fails authorization, which is always possible. * Add new mock authorization provider named `MockAuthorizationProvider`. The logic is to let any role that starts with `pass` be considered authorized. ### Verifying this change This is a new test. It simply verifies the existing behavior to prevent future regressions. ### Documentation - [x] `doc-not-needed` ### Matching PR in forked repository PR in forked repository: Skipping forked test since the new tests pass locally and there are no other modifications. (cherry picked from commit c6de57c)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Relates to: #19455 #19830
Motivation
When I added the requirement for the proxy to use a role in the
proxyRolesset, I didn't add a test that checked the negative case. This new test was first added in #19830 with one small difference. The goal of this test is to ensure that authorization of the client role and the original role is handled correctly.Modifications
AuthorizationServiceTest. We usepass.proxyandfail.proxyas proxy roles to simulate cases where the proxy's role passes and fails authorization, which is always possible.MockAuthorizationProvider. The logic is to let any role that starts withpassbe considered authorized.Verifying this change
This is a new test. It simply verifies the existing behavior to prevent future regressions.
Documentation
doc-not-neededMatching PR in forked repository
PR in forked repository: Skipping forked test since the new tests pass locally and there are no other modifications.