org.apache.solr.cloud.TestSolrCloudWithKerberosAlt.java Source code

Java tutorial

Introduction

Here is the source code for org.apache.solr.cloud.TestSolrCloudWithKerberosAlt.java

Source

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.solr.cloud;

import java.io.File;
import java.lang.invoke.MethodHandles;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.Properties;

import org.apache.commons.io.FileUtils;
import org.apache.lucene.index.TieredMergePolicy;
import org.apache.lucene.util.Constants;
import org.apache.lucene.util.LuceneTestCase;
import org.apache.solr.SolrTestCaseJ4;
import org.apache.solr.client.solrj.SolrQuery;
import org.apache.solr.client.solrj.embedded.JettyConfig;
import org.apache.solr.client.solrj.embedded.JettySolrRunner;
import org.apache.solr.client.solrj.impl.CloudSolrClient;
import org.apache.solr.client.solrj.request.CollectionAdminRequest;
import org.apache.solr.client.solrj.response.QueryResponse;
import org.apache.solr.common.SolrInputDocument;
import org.apache.solr.common.cloud.SolrZkClient;
import org.apache.solr.common.cloud.ZkStateReader;
import org.apache.solr.core.CoreDescriptor;
import org.apache.solr.index.TieredMergePolicyFactory;
import org.apache.solr.util.BadZookeeperThreadsFilter;
import org.apache.solr.util.RevertDefaultThreadHandlerRule;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.RuleChain;
import org.junit.rules.TestRule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.carrotsearch.randomizedtesting.annotations.ThreadLeakFilters;
import com.carrotsearch.randomizedtesting.rules.SystemPropertiesRestoreRule;

/**
 * Test 5 nodes Solr cluster with Kerberos plugin enabled.
 * This test is Ignored right now as Mini KDC has a known bug that
 * doesn't allow us to run multiple nodes on the same host.
 * https://issues.apache.org/jira/browse/HADOOP-9893
 */
@ThreadLeakFilters(defaultFilters = true, filters = { BadZookeeperThreadsFilter.class // Zookeeper login leaks TGT renewal threads
})

@LuceneTestCase.Slow
@LuceneTestCase.SuppressSysoutChecks(bugUrl = "Solr logs to JUL")
public class TestSolrCloudWithKerberosAlt extends LuceneTestCase {

    private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    protected final int NUM_SERVERS;
    protected final int NUM_SHARDS;
    protected final int REPLICATION_FACTOR;

    public TestSolrCloudWithKerberosAlt() {
        NUM_SERVERS = 1;
        NUM_SHARDS = 1;
        REPLICATION_FACTOR = 1;
    }

    private KerberosTestServices kerberosTestServices;

    @Rule
    public TestRule solrTestRules = RuleChain.outerRule(new SystemPropertiesRestoreRule());

    @ClassRule
    public static TestRule solrClassRules = RuleChain.outerRule(new SystemPropertiesRestoreRule())
            .around(new RevertDefaultThreadHandlerRule());

    @BeforeClass
    public static void betterNotBeJava9() {
        assumeFalse("FIXME: SOLR-8182: This test fails under Java 9", Constants.JRE_IS_MINIMUM_JAVA9);
    }

    @Override
    public void setUp() throws Exception {
        super.setUp();
        setupMiniKdc();
    }

    private void setupMiniKdc() throws Exception {
        System.setProperty("solr.jaas.debug", "true");
        String kdcDir = createTempDir() + File.separator + "minikdc";
        String solrClientPrincipal = "solr";
        File keytabFile = new File(kdcDir, "keytabs");
        kerberosTestServices = KerberosTestServices.builder().withKdc(new File(kdcDir))
                .withJaasConfiguration(solrClientPrincipal, keytabFile, "SolrClient").build();
        String solrServerPrincipal = "HTTP/127.0.0.1";
        kerberosTestServices.start();
        kerberosTestServices.getKdc().createPrincipal(keytabFile, solrServerPrincipal, solrClientPrincipal);

        String jaas = "SolrClient {\n" + " com.sun.security.auth.module.Krb5LoginModule required\n"
                + " useKeyTab=true\n" + " keyTab=\"" + keytabFile.getAbsolutePath() + "\"\n" + " storeKey=true\n"
                + " useTicketCache=false\n" + " doNotPrompt=true\n" + " debug=true\n" + " principal=\""
                + solrClientPrincipal + "\";\n" + "};";

        String jaasFilePath = kdcDir + File.separator + "jaas-client.conf";
        FileUtils.write(new File(jaasFilePath), jaas, StandardCharsets.UTF_8);
        System.setProperty("java.security.auth.login.config", jaasFilePath);
        System.setProperty("solr.kerberos.jaas.appname", "SolrClient"); // Get this app name from the jaas file
        System.setProperty("solr.kerberos.cookie.domain", "127.0.0.1");
        System.setProperty("solr.kerberos.principal", solrServerPrincipal);
        System.setProperty("solr.kerberos.keytab", keytabFile.getAbsolutePath());
        System.setProperty("authenticationPlugin", "org.apache.solr.security.KerberosPlugin");
        boolean enableDt = random().nextBoolean();
        log.info("Enable delegation token: " + enableDt);
        System.setProperty("solr.kerberos.delegation.token.enabled", new Boolean(enableDt).toString());
        // Extracts 127.0.0.1 from HTTP/127.0.0.1@EXAMPLE.COM
        System.setProperty("solr.kerberos.name.rules",
                "RULE:[1:$1@$0](.*EXAMPLE.COM)s/@.*//" + "\nRULE:[2:$2@$0](.*EXAMPLE.COM)s/@.*//" + "\nDEFAULT");

        // more debugging, if needed
        /*System.setProperty("sun.security.jgss.debug", "true");
        System.setProperty("sun.security.krb5.debug", "true");
        System.setProperty("sun.security.jgss.debug", "true");
        System.setProperty("java.security.debug", "logincontext,policy,scl,gssloginconfig");*/
    }

    @Test
    public void testBasics() throws Exception {
        testCollectionCreateSearchDelete();
        // sometimes run a second test e.g. to test collection create-delete-create scenario
        if (random().nextBoolean())
            testCollectionCreateSearchDelete();
    }

    protected void testCollectionCreateSearchDelete() throws Exception {
        String collectionName = "testkerberoscollection";

        MiniSolrCloudCluster miniCluster = new MiniSolrCloudCluster(NUM_SERVERS, createTempDir(),
                JettyConfig.builder().setContext("/solr").build());
        CloudSolrClient cloudSolrClient = miniCluster.getSolrClient();
        cloudSolrClient.setDefaultCollection(collectionName);

        try {
            assertNotNull(miniCluster.getZkServer());
            List<JettySolrRunner> jettys = miniCluster.getJettySolrRunners();
            assertEquals(NUM_SERVERS, jettys.size());
            for (JettySolrRunner jetty : jettys) {
                assertTrue(jetty.isRunning());
            }

            // create collection
            String configName = "solrCloudCollectionConfig";
            miniCluster.uploadConfigSet(SolrTestCaseJ4.TEST_PATH().resolve("collection1/conf"), configName);

            CollectionAdminRequest.Create createRequest = new CollectionAdminRequest.Create();
            createRequest.setCollectionName(collectionName);
            createRequest.setNumShards(NUM_SHARDS);
            createRequest.setReplicationFactor(REPLICATION_FACTOR);
            Properties properties = new Properties();
            properties.put(CoreDescriptor.CORE_CONFIG, "solrconfig-tlog.xml");
            properties.put("solr.tests.maxBufferedDocs", "100000");
            properties.put("solr.tests.ramBufferSizeMB", "100");
            // use non-test classes so RandomizedRunner isn't necessary
            if (random().nextBoolean()) {
                properties.put(SolrTestCaseJ4.SYSTEM_PROPERTY_SOLR_TESTS_MERGEPOLICY,
                        TieredMergePolicy.class.getName());
                properties.put(SolrTestCaseJ4.SYSTEM_PROPERTY_SOLR_TESTS_USEMERGEPOLICY, "true");
                properties.put(SolrTestCaseJ4.SYSTEM_PROPERTY_SOLR_TESTS_USEMERGEPOLICYFACTORY, "false");
            } else {
                properties.put(SolrTestCaseJ4.SYSTEM_PROPERTY_SOLR_TESTS_MERGEPOLICYFACTORY,
                        TieredMergePolicyFactory.class.getName());
                properties.put(SolrTestCaseJ4.SYSTEM_PROPERTY_SOLR_TESTS_USEMERGEPOLICYFACTORY, "true");
                properties.put(SolrTestCaseJ4.SYSTEM_PROPERTY_SOLR_TESTS_USEMERGEPOLICY, "false");
            }
            properties.put("solr.tests.mergeScheduler", "org.apache.lucene.index.ConcurrentMergeScheduler");
            properties.put("solr.directoryFactory", "solr.RAMDirectoryFactory");
            createRequest.setProperties(properties);

            createRequest.process(cloudSolrClient);

            try (SolrZkClient zkClient = new SolrZkClient(miniCluster.getZkServer().getZkAddress(),
                    AbstractZkTestCase.TIMEOUT, AbstractZkTestCase.TIMEOUT, null);
                    ZkStateReader zkStateReader = new ZkStateReader(zkClient)) {
                zkStateReader.createClusterStateWatchersAndUpdate();
                AbstractDistribZkTestBase.waitForRecoveriesToFinish(collectionName, zkStateReader, true, true, 330);

                // modify/query collection

                SolrInputDocument doc = new SolrInputDocument();
                doc.setField("id", "1");
                cloudSolrClient.add(doc);
                cloudSolrClient.commit();
                SolrQuery query = new SolrQuery();
                query.setQuery("*:*");
                QueryResponse rsp = cloudSolrClient.query(query);
                assertEquals(1, rsp.getResults().getNumFound());

                // delete the collection we created earlier
                CollectionAdminRequest.Delete deleteRequest = new CollectionAdminRequest.Delete();
                deleteRequest.setCollectionName(collectionName);
                deleteRequest.process(cloudSolrClient);

                AbstractDistribZkTestBase.waitForCollectionToDisappear(collectionName, zkStateReader, true, true,
                        330);
            }
        } finally {
            cloudSolrClient.close();
            miniCluster.shutdown();
        }
    }

    @Override
    public void tearDown() throws Exception {
        System.clearProperty("java.security.auth.login.config");
        System.clearProperty("cookie.domain");
        System.clearProperty("kerberos.principal");
        System.clearProperty("kerberos.keytab");
        System.clearProperty("authenticationPlugin");
        System.clearProperty("solr.kerberos.name.rules");
        System.clearProperty("solr.jaas.debug");
        kerberosTestServices.stop();
        super.tearDown();
    }
}