xiangzihao
5 days ago
committed by
GitHub
23 changed files with 802 additions and 255 deletions
@ -0,0 +1,112 @@
|
||||
/* |
||||
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||
* contributor license agreements. See the NOTICE file distributed with |
||||
* this work for additional information regarding copyright ownership. |
||||
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||
* (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
*/ |
||||
|
||||
package org.apache.dolphinscheduler.api.test.cases; |
||||
|
||||
import org.apache.dolphinscheduler.api.test.core.DolphinScheduler; |
||||
import org.apache.dolphinscheduler.api.test.entity.GetUserInfoResponseData; |
||||
import org.apache.dolphinscheduler.api.test.entity.HttpResponse; |
||||
import org.apache.dolphinscheduler.api.test.entity.LoginResponseData; |
||||
import org.apache.dolphinscheduler.api.test.pages.LoginPage; |
||||
import org.apache.dolphinscheduler.api.test.pages.security.UserPage; |
||||
import org.apache.dolphinscheduler.api.test.utils.JSONUtils; |
||||
import org.apache.dolphinscheduler.common.enums.UserType; |
||||
|
||||
import lombok.extern.slf4j.Slf4j; |
||||
|
||||
import org.junit.jupiter.api.Assertions; |
||||
import org.junit.jupiter.api.Order; |
||||
import org.junit.jupiter.api.Test; |
||||
import org.junitpioneer.jupiter.DisableIfTestFails; |
||||
|
||||
@DolphinScheduler(composeFiles = "docker/ldap-login/docker-compose.yaml") |
||||
@Slf4j |
||||
@DisableIfTestFails |
||||
public class LdapLoginAPITest { |
||||
|
||||
private static String sessionId; |
||||
|
||||
@Test |
||||
@Order(10) |
||||
public void testAdminUserLoginSuccess() { |
||||
final String username = "admin_user01"; |
||||
|
||||
final String password = "123"; |
||||
|
||||
LoginPage loginPage = new LoginPage(); |
||||
HttpResponse loginHttpResponse = loginPage.login(username, password); |
||||
sessionId = |
||||
JSONUtils.convertValue(loginHttpResponse.getBody().getData(), LoginResponseData.class).getSessionId(); |
||||
UserPage userPage = new UserPage(); |
||||
HttpResponse getUserInfoHttpResponse = userPage.getUserInfo(sessionId); |
||||
GetUserInfoResponseData getUserInfoResponseData = |
||||
JSONUtils.convertValue(getUserInfoHttpResponse.getBody().getData(), GetUserInfoResponseData.class); |
||||
Assertions.assertEquals(username, getUserInfoResponseData.getUserName()); |
||||
Assertions.assertEquals(UserType.ADMIN_USER, getUserInfoResponseData.getUserType()); |
||||
} |
||||
|
||||
@Test |
||||
@Order(20) |
||||
public void testAdminUserFilterLoginSuccess() { |
||||
final String username = "admin_user03"; |
||||
|
||||
final String password = "123"; |
||||
|
||||
LoginPage loginPage = new LoginPage(); |
||||
HttpResponse loginHttpResponse = loginPage.login(username, password); |
||||
sessionId = |
||||
JSONUtils.convertValue(loginHttpResponse.getBody().getData(), LoginResponseData.class).getSessionId(); |
||||
UserPage userPage = new UserPage(); |
||||
HttpResponse getUserInfoHttpResponse = userPage.getUserInfo(sessionId); |
||||
GetUserInfoResponseData getUserInfoResponseData = |
||||
JSONUtils.convertValue(getUserInfoHttpResponse.getBody().getData(), GetUserInfoResponseData.class); |
||||
Assertions.assertEquals(username, getUserInfoResponseData.getUserName()); |
||||
Assertions.assertEquals(UserType.ADMIN_USER, getUserInfoResponseData.getUserType()); |
||||
} |
||||
|
||||
@Test |
||||
@Order(30) |
||||
public void testGeneralUserLoginSuccess() { |
||||
final String username = "general_user02"; |
||||
|
||||
final String password = "123"; |
||||
|
||||
LoginPage loginPage = new LoginPage(); |
||||
HttpResponse loginHttpResponse = loginPage.login(username, password); |
||||
sessionId = |
||||
JSONUtils.convertValue(loginHttpResponse.getBody().getData(), LoginResponseData.class).getSessionId(); |
||||
UserPage userPage = new UserPage(); |
||||
HttpResponse getUserInfoHttpResponse = userPage.getUserInfo(sessionId); |
||||
GetUserInfoResponseData getUserInfoResponseData = |
||||
JSONUtils.convertValue(getUserInfoHttpResponse.getBody().getData(), GetUserInfoResponseData.class); |
||||
Assertions.assertEquals(username, getUserInfoResponseData.getUserName()); |
||||
Assertions.assertEquals(UserType.GENERAL_USER, getUserInfoResponseData.getUserType()); |
||||
} |
||||
|
||||
@Test |
||||
@Order(40) |
||||
public void testGeneralUserLoginFailed() { |
||||
final String username = "general_user02"; |
||||
|
||||
final String password = "1"; |
||||
|
||||
LoginPage loginPage = new LoginPage(); |
||||
HttpResponse loginHttpResponse = loginPage.login(username, password); |
||||
Boolean loginResult = loginHttpResponse.getBody().getSuccess(); |
||||
Assertions.assertFalse(loginResult); |
||||
} |
||||
} |
@ -0,0 +1,48 @@
|
||||
/* |
||||
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||
* contributor license agreements. See the NOTICE file distributed with |
||||
* this work for additional information regarding copyright ownership. |
||||
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||
* (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
*/ |
||||
|
||||
package org.apache.dolphinscheduler.api.test.entity; |
||||
|
||||
import org.apache.dolphinscheduler.common.enums.UserType; |
||||
|
||||
import java.util.Date; |
||||
|
||||
import lombok.AllArgsConstructor; |
||||
import lombok.Data; |
||||
import lombok.NoArgsConstructor; |
||||
|
||||
@Data |
||||
@NoArgsConstructor |
||||
@AllArgsConstructor |
||||
public class GetUserInfoResponseData { |
||||
|
||||
private Integer id; |
||||
private String userName; |
||||
private String userPassword; |
||||
private String email; |
||||
private Integer phone; |
||||
private UserType userType; |
||||
private Integer tenantId; |
||||
private Integer state; |
||||
private String tenantCode; |
||||
private String queueName; |
||||
private String alertGroup; |
||||
private String queue; |
||||
private String timeZone; |
||||
private Date createTime; |
||||
private Date updateTime; |
||||
} |
@ -0,0 +1,37 @@
|
||||
/* |
||||
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||
* contributor license agreements. See the NOTICE file distributed with |
||||
* this work for additional information regarding copyright ownership. |
||||
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||
* (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
*/ |
||||
|
||||
package org.apache.dolphinscheduler.api.test.pages.security; |
||||
|
||||
import org.apache.dolphinscheduler.api.test.core.Constants; |
||||
import org.apache.dolphinscheduler.api.test.entity.HttpResponse; |
||||
import org.apache.dolphinscheduler.api.test.utils.RequestClient; |
||||
|
||||
import java.util.HashMap; |
||||
import java.util.Map; |
||||
|
||||
public class UserPage { |
||||
|
||||
public HttpResponse getUserInfo(String sessionId) { |
||||
Map<String, String> headers = new HashMap<>(); |
||||
headers.put(Constants.SESSION_ID_KEY, sessionId); |
||||
|
||||
RequestClient requestClient = new RequestClient(); |
||||
|
||||
return requestClient.get("/users/get-user-info", headers, new HashMap<>()); |
||||
} |
||||
} |
@ -0,0 +1,321 @@
|
||||
# |
||||
# Licensed to the Apache Software Foundation (ASF) under one or more |
||||
# contributor license agreements. See the NOTICE file distributed with |
||||
# this work for additional information regarding copyright ownership. |
||||
# The ASF licenses this file to You under the Apache License, Version 2.0 |
||||
# (the "License"); you may not use this file except in compliance with |
||||
# the License. You may obtain a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, |
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
# See the License for the specific language governing permissions and |
||||
# limitations under the License. |
||||
# |
||||
|
||||
spring: |
||||
profiles: |
||||
active: h2 |
||||
jackson: |
||||
time-zone: UTC |
||||
date-format: "yyyy-MM-dd HH:mm:ss" |
||||
banner: |
||||
charset: UTF-8 |
||||
location: classpath:standalone-banner.txt |
||||
sql: |
||||
init: |
||||
schema-locations: classpath:sql/dolphinscheduler_h2.sql |
||||
datasource: |
||||
driver-class-name: org.h2.Driver |
||||
url: jdbc:h2:mem:dolphinscheduler;MODE=MySQL;DB_CLOSE_DELAY=-1;DATABASE_TO_LOWER=true |
||||
username: sa |
||||
password: "" |
||||
quartz: |
||||
job-store-type: jdbc |
||||
jdbc: |
||||
initialize-schema: never |
||||
properties: |
||||
org.quartz.threadPool.threadPriority: 5 |
||||
org.quartz.jobStore.isClustered: true |
||||
org.quartz.jobStore.class: org.springframework.scheduling.quartz.LocalDataSourceJobStore |
||||
org.quartz.scheduler.instanceId: AUTO |
||||
org.quartz.jobStore.tablePrefix: QRTZ_ |
||||
org.quartz.jobStore.acquireTriggersWithinLock: true |
||||
org.quartz.scheduler.instanceName: DolphinScheduler |
||||
org.quartz.threadPool.class: org.quartz.simpl.SimpleThreadPool |
||||
org.quartz.jobStore.useProperties: false |
||||
org.quartz.threadPool.makeThreadsDaemons: true |
||||
org.quartz.threadPool.threadCount: 25 |
||||
org.quartz.jobStore.misfireThreshold: 60000 |
||||
org.quartz.scheduler.makeSchedulerThreadDaemon: true |
||||
org.quartz.jobStore.driverDelegateClass: org.quartz.impl.jdbcjobstore.StdJDBCDelegate |
||||
org.quartz.jobStore.clusterCheckinInterval: 5000 |
||||
org.quartz.scheduler.batchTriggerAcquisitionMaxCount: 1 |
||||
servlet: |
||||
multipart: |
||||
max-file-size: 1024MB |
||||
max-request-size: 1024MB |
||||
messages: |
||||
basename: i18n/messages |
||||
jpa: |
||||
hibernate: |
||||
ddl-auto: none |
||||
mvc: |
||||
pathmatch: |
||||
matching-strategy: ANT_PATH_MATCHER |
||||
cloud.discovery.client.composite-indicator.enabled: false |
||||
|
||||
mybatis-plus: |
||||
mapper-locations: classpath:org/apache/dolphinscheduler/dao/mapper/*Mapper.xml |
||||
type-aliases-package: org.apache.dolphinscheduler.dao.entity |
||||
configuration: |
||||
cache-enabled: false |
||||
call-setters-on-nulls: true |
||||
map-underscore-to-camel-case: true |
||||
jdbc-type-for-null: NULL |
||||
global-config: |
||||
db-config: |
||||
id-type: auto |
||||
banner: false |
||||
|
||||
registry: |
||||
type: jdbc |
||||
|
||||
security: |
||||
authentication: |
||||
# Authentication types (supported types: PASSWORD,LDAP,CASDOOR_SSO) |
||||
type: LDAP |
||||
# IF you set type `LDAP`, below config will be effective |
||||
ldap: |
||||
# ldap server config |
||||
url: ldap://openldap:1389/ |
||||
base-dn: ou=users,dc=example,dc=org |
||||
username: cn=admin,dc=example,dc=org |
||||
password: adminpassword |
||||
user: |
||||
# admin username when you use LDAP login |
||||
admin-username: admin_user01 |
||||
admin-user-filter: (&(cn={0})(sn=Bar3)) |
||||
identity-attribute: cn |
||||
email-attribute: uid |
||||
# action when ldap user is not exist (supported types: CREATE,DENY) |
||||
not-exist-action: CREATE |
||||
ssl: |
||||
enable: false |
||||
# jks file absolute path && password |
||||
trust-store: "/ldapkeystore.jks" |
||||
trust-store-password: "" |
||||
casdoor: |
||||
user: |
||||
admin: admin |
||||
oauth2: |
||||
enable: false |
||||
provider: |
||||
github: |
||||
authorizationUri: "https://github.com/login/oauth/authorize" |
||||
redirectUri: "http://localhost:12345/dolphinscheduler/redirect/login/oauth2" |
||||
clientId: "" |
||||
clientSecret: "" |
||||
tokenUri: "https://github.com/login/oauth/access_token" |
||||
userInfoUri: "https://api.github.com/user" |
||||
callbackUrl: "http://localhost:5173/login" |
||||
iconUri: "" |
||||
provider: github |
||||
gitee: |
||||
authorizationUri: "https://gitee.com/oauth/authorize" |
||||
redirectUri: "http://127.0.0.1:12345/dolphinscheduler/redirect/login/oauth2" |
||||
clientId: "" |
||||
clientSecret: "" |
||||
tokenUri: "https://gitee.com/oauth/token?grant_type=authorization_code" |
||||
userInfoUri: "https://gitee.com/api/v5/user" |
||||
callbackUrl: "http://127.0.0.1:5173/login" |
||||
iconUri: "" |
||||
provider: gitee |
||||
|
||||
casdoor: |
||||
# Your Casdoor server url |
||||
endpoint: http://localhost:8000 |
||||
client-id: "" |
||||
client-secret: "" |
||||
# The certificate may be multi-line, you can use `|-` for ease |
||||
certificate: "" |
||||
# Your organization name added in Casdoor |
||||
organization-name: built-in |
||||
# Your application name added in Casdoor |
||||
application-name: dolphinscheduler |
||||
# Doplhinscheduler login url |
||||
redirect-url: http://localhost:5173/login |
||||
|
||||
|
||||
|
||||
master: |
||||
listen-port: 5678 |
||||
# master heartbeat interval |
||||
max-heartbeat-interval: 10s |
||||
server-load-protection: |
||||
enabled: true |
||||
# Master max system cpu usage, when the master's system cpu usage is smaller then this value, master server can execute workflow. |
||||
max-system-cpu-usage-percentage-thresholds: 1 |
||||
# Master max jvm cpu usage, when the master's jvm cpu usage is smaller then this value, master server can execute workflow. |
||||
max-jvm-cpu-usage-percentage-thresholds: 0.9 |
||||
# Master max System memory usage , when the master's system memory usage is smaller then this value, master server can execute workflow. |
||||
max-system-memory-usage-percentage-thresholds: 0.9 |
||||
# Master max disk usage , when the master's disk usage is smaller then this value, master server can execute workflow. |
||||
max-disk-usage-percentage-thresholds: 0.9 |
||||
worker-load-balancer-configuration-properties: |
||||
# RANDOM, ROUND_ROBIN, FIXED_WEIGHTED_ROUND_ROBIN, DYNAMIC_WEIGHTED_ROUND_ROBIN |
||||
type: DYNAMIC_WEIGHTED_ROUND_ROBIN |
||||
# dynamic-weight-config-properties only used in DYNAMIC_WEIGHTED_ROUND_ROBIN, the weight of memory-usage, cpu-usage, task-thread-pool-usage should sum to 100. |
||||
dynamic-weight-config-properties: |
||||
memory-usage-weight: 30 |
||||
cpu-usage-weight: 30 |
||||
task-thread-pool-usage-weight: 40 |
||||
worker-group-refresh-interval: 10s |
||||
command-fetch-strategy: |
||||
type: ID_SLOT_BASED |
||||
config: |
||||
# The incremental id step |
||||
id-step: 1 |
||||
# master fetch command num |
||||
fetch-size: 10 |
||||
|
||||
worker: |
||||
# worker listener port |
||||
listen-port: 1234 |
||||
# worker execute thread number to limit task instances in parallel |
||||
exec-threads: 10 |
||||
# worker heartbeat interval |
||||
max-heartbeat-interval: 10s |
||||
# worker host weight to dispatch tasks, default value 100 |
||||
host-weight: 100 |
||||
server-load-protection: |
||||
enabled: true |
||||
# Worker max system cpu usage, when the worker's system cpu usage is smaller then this value, worker server can be dispatched tasks. |
||||
max-system-cpu-usage-percentage-thresholds: 1 |
||||
# Worker max jvm cpu usage, when the worker's jvm cpu usage is smaller then this value, worker server can be dispatched tasks. |
||||
max-jvm-cpu-usage-percentage-thresholds: 0.9 |
||||
# Worker max System memory usage , when the worker's system memory usage is smaller then this value, worker server can be dispatched tasks. |
||||
max-system-memory-usage-percentage-thresholds: 0.9 |
||||
# Worker max disk usage , when the worker's disk usage is smaller then this value, worker server can be dispatched tasks. |
||||
max-disk-usage-percentage-thresholds: 0.9 |
||||
task-execute-threads-full-policy: REJECT |
||||
tenant-config: |
||||
# tenant corresponds to the user of the system, which is used by the worker to submit the job. If system does not have this user, it will be automatically created after the parameter worker.tenant.auto.create is true. |
||||
auto-create-tenant-enabled: true |
||||
# Scenes to be used for distributed users. For example, users created by FreeIpa are stored in LDAP. This parameter only applies to Linux, When this parameter is true, worker.tenant.auto.create has no effect and will not automatically create tenants. |
||||
distributed-tenant: false |
||||
# If set true, will use worker bootstrap user as the tenant to execute task when the tenant is `default`; |
||||
default-tenant-enabled: true |
||||
|
||||
alert: |
||||
port: 50052 |
||||
# Mark each alert of alert server if late after x milliseconds as failed. |
||||
# Define value is (0 = infinite), and alert server would be waiting alert result. |
||||
wait-timeout: 0 |
||||
max-heartbeat-interval: 60s |
||||
# The maximum number of alerts that can be processed in parallel |
||||
sender-parallelism: 5 |
||||
|
||||
api: |
||||
audit-enable: false |
||||
# Traffic control, if you turn on this config, the maximum number of request/s will be limited. |
||||
# global max request number per second |
||||
# default tenant-level max request number |
||||
traffic-control: |
||||
global-switch: false |
||||
max-global-qps-rate: 300 |
||||
tenant-switch: false |
||||
default-tenant-qps-rate: 10 |
||||
#customize-tenant-qps-rate: |
||||
# eg. |
||||
#tenant1: 11 |
||||
#tenant2: 20 |
||||
python-gateway: |
||||
# Weather enable python gateway server or not. The default value is true. |
||||
enabled: true |
||||
# Authentication token for connection from python api to python gateway server. Should be changed the default value |
||||
# when you deploy in public network. |
||||
auth-token: jwUDzpLsNKEFER4*a8gruBH_GsAurNxU7A@Xc |
||||
# The address of Python gateway server start. Set its value to `0.0.0.0` if your Python API run in different |
||||
# between Python gateway server. It could be be specific to other address like `127.0.0.1` or `localhost` |
||||
gateway-server-address: 0.0.0.0 |
||||
# The port of Python gateway server start. Define which port you could connect to Python gateway server from |
||||
# Python API side. |
||||
gateway-server-port: 25333 |
||||
# The address of Python callback client. |
||||
python-address: 127.0.0.1 |
||||
# The port of Python callback client. |
||||
python-port: 25334 |
||||
# Close connection of socket server if no other request accept after x milliseconds. Define value is (0 = infinite), |
||||
# and socket server would never close even though no requests accept |
||||
connect-timeout: 0 |
||||
# Close each active connection of socket server if python program not active after x milliseconds. Define value is |
||||
# (0 = infinite), and socket server would never close even though no requests accept |
||||
read-timeout: 0 |
||||
|
||||
server: |
||||
port: 12345 |
||||
servlet: |
||||
session: |
||||
timeout: 120m |
||||
context-path: /dolphinscheduler/ |
||||
compression: |
||||
enabled: true |
||||
mime-types: text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json,application/xml |
||||
jetty: |
||||
max-http-form-post-size: 5000000 |
||||
accesslog: |
||||
enabled: true |
||||
custom-format: '%{client}a - %u %t "%r" %s %O %{ms}Tms' |
||||
|
||||
management: |
||||
endpoints: |
||||
web: |
||||
exposure: |
||||
include: health,metrics,prometheus |
||||
endpoint: |
||||
health: |
||||
enabled: true |
||||
show-details: always |
||||
health: |
||||
db: |
||||
enabled: true |
||||
defaults: |
||||
enabled: false |
||||
metrics: |
||||
tags: |
||||
application: ${spring.application.name} |
||||
|
||||
metrics: |
||||
enabled: true |
||||
|
||||
# Override by profile |
||||
--- |
||||
spring: |
||||
config: |
||||
activate: |
||||
on-profile: postgresql |
||||
quartz: |
||||
properties: |
||||
org.quartz.jobStore.driverDelegateClass: org.quartz.impl.jdbcjobstore.PostgreSQLDelegate |
||||
datasource: |
||||
driver-class-name: org.postgresql.Driver |
||||
url: jdbc:postgresql://127.0.0.1:5432/dolphinscheduler |
||||
username: root |
||||
password: root |
||||
|
||||
--- |
||||
spring: |
||||
config: |
||||
activate: |
||||
on-profile: mysql |
||||
sql: |
||||
init: |
||||
schema-locations: classpath:sql/dolphinscheduler_mysql.sql |
||||
datasource: |
||||
driver-class-name: com.mysql.cj.jdbc.Driver |
||||
url: jdbc:mysql://127.0.0.1:3306/dolphinscheduler?useUnicode=true&characterEncoding=UTF-8 |
||||
username: root |
||||
password: root |
@ -0,0 +1,63 @@
|
||||
# |
||||
# Licensed to the Apache Software Foundation (ASF) under one or more |
||||
# contributor license agreements. See the NOTICE file distributed with |
||||
# this work for additional information regarding copyright ownership. |
||||
# The ASF licenses this file to You under the Apache License, Version 2.0 |
||||
# (the "License"); you may not use this file except in compliance with |
||||
# the License. You may obtain a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, |
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
# See the License for the specific language governing permissions and |
||||
# limitations under the License. |
||||
# |
||||
|
||||
version: "3.8" |
||||
|
||||
services: |
||||
dolphinscheduler: |
||||
image: apache/dolphinscheduler-standalone-server:ci |
||||
environment: |
||||
WORKER_TENANT_AUTO_CREATE: 'true' |
||||
ports: |
||||
- "12345:12345" |
||||
volumes: |
||||
- ./application.yaml:/opt/dolphinscheduler/standalone-server/conf/application.yaml |
||||
networks: |
||||
- api-test |
||||
healthcheck: |
||||
test: [ "CMD", "curl", "http://localhost:12345/dolphinscheduler/actuator/health" ] |
||||
interval: 5s |
||||
timeout: 60s |
||||
retries: 120 |
||||
depends_on: |
||||
- openldap |
||||
openldap: |
||||
hostname: openldap |
||||
image: bitnami/openldap:2.6 |
||||
ports: |
||||
- '1389:1389' |
||||
- '1636:1636' |
||||
environment: |
||||
- LDAP_ADMIN_USERNAME=admin |
||||
- LDAP_ADMIN_PASSWORD=adminpassword |
||||
- LDAP_USERS=admin_user01,general_user02,admin_user03 |
||||
- LDAP_PASSWORDS=123,123,123 |
||||
- LDAP_ROOT=dc=example,dc=org |
||||
- LDAP_ADMIN_DN=cn=admin,dc=example,dc=org |
||||
networks: |
||||
- api-test |
||||
tty: true |
||||
stdin_open: true |
||||
restart: always |
||||
healthcheck: |
||||
test: ldapsearch -x -H 'ldap://127.0.0.1:1389' -D 'cn=admin,dc=example,dc=org' -w adminpassword -b 'ou=users,dc=example,dc=org' '(cn=admin_user01)' |
||||
interval: 5s |
||||
timeout: 60s |
||||
retries: 120 |
||||
|
||||
networks: |
||||
api-test: |
@ -0,0 +1,35 @@
|
||||
/* |
||||
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||
* contributor license agreements. See the NOTICE file distributed with |
||||
* this work for additional information regarding copyright ownership. |
||||
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||
* (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
*/ |
||||
|
||||
package org.apache.dolphinscheduler.api.dto; |
||||
|
||||
import org.apache.dolphinscheduler.common.enums.UserType; |
||||
|
||||
import lombok.AllArgsConstructor; |
||||
import lombok.Data; |
||||
import lombok.NoArgsConstructor; |
||||
|
||||
@Data |
||||
@NoArgsConstructor |
||||
@AllArgsConstructor |
||||
public class LdapLoginResult { |
||||
|
||||
private boolean success; |
||||
private String ldapEmail; |
||||
private UserType userType; |
||||
private String userName; |
||||
} |
@ -1,107 +0,0 @@
|
||||
/* |
||||
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||
* contributor license agreements. See the NOTICE file distributed with |
||||
* this work for additional information regarding copyright ownership. |
||||
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||
* (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
*/ |
||||
|
||||
package org.apache.dolphinscheduler.api.security.impl.ldap; |
||||
|
||||
import org.apache.dolphinscheduler.api.ApiApplicationServer; |
||||
import org.apache.dolphinscheduler.common.enums.ProfileType; |
||||
import org.apache.dolphinscheduler.common.enums.UserType; |
||||
|
||||
import java.lang.reflect.Field; |
||||
|
||||
import org.junit.jupiter.api.Assertions; |
||||
import org.junit.jupiter.api.BeforeEach; |
||||
import org.junit.jupiter.api.Disabled; |
||||
import org.junit.jupiter.api.Test; |
||||
import org.springframework.beans.factory.annotation.Autowired; |
||||
import org.springframework.beans.factory.config.AutowireCapableBeanFactory; |
||||
import org.springframework.boot.test.context.SpringBootTest; |
||||
import org.springframework.test.context.ActiveProfiles; |
||||
import org.springframework.test.context.TestPropertySource; |
||||
|
||||
@Disabled |
||||
@ActiveProfiles(ProfileType.H2) |
||||
@SpringBootTest(classes = ApiApplicationServer.class) |
||||
@TestPropertySource(properties = { |
||||
"security.authentication.type=LDAP", |
||||
"security.authentication.ldap.user.admin=read-only-admin", |
||||
"security.authentication.ldap.urls=ldap://ldap.forumsys.com:389/", |
||||
"security.authentication.ldap.base-dn=dc=example,dc=com", |
||||
"security.authentication.ldap.username=cn=read-only-admin,dc=example,dc=com", |
||||
"security.authentication.ldap.password=password", |
||||
"security.authentication.ldap.user.identity-attribute=uid", |
||||
"security.authentication.ldap.user.email-attribute=mail", |
||||
"security.authentication.ldap.user.not-exist-action=CREATE", |
||||
"security.authentication.ldap.ssl.enable=false", |
||||
"security.authentication.ldap.ssl.trust-store=", |
||||
"security.authentication.ldap.ssl.trust-store-password=", |
||||
}) |
||||
public class LdapServiceTest { |
||||
|
||||
@Autowired |
||||
protected AutowireCapableBeanFactory beanFactory; |
||||
|
||||
private LdapService ldapService; |
||||
|
||||
private final String username = "tesla"; |
||||
private final String correctPassword = "password"; |
||||
|
||||
@BeforeEach |
||||
public void setUp() { |
||||
ldapService = new LdapService(); |
||||
beanFactory.autowireBean(ldapService); |
||||
} |
||||
|
||||
@Test |
||||
public void getUserType() { |
||||
UserType userType = ldapService.getUserType("read-only-admin"); |
||||
Assertions.assertEquals(UserType.ADMIN_USER, userType); |
||||
} |
||||
|
||||
@Test |
||||
public void ldapLogin() throws NoSuchFieldException, IllegalAccessException { |
||||
changeSslEnable(false); |
||||
String email = ldapService.ldapLogin(username, correctPassword); |
||||
Assertions.assertEquals("tesla@ldap.forumsys.com", email); |
||||
} |
||||
|
||||
@Test |
||||
public void ldapLoginError() throws NoSuchFieldException, IllegalAccessException { |
||||
changeSslEnable(false); |
||||
String email2 = ldapService.ldapLogin(username, "error password"); |
||||
Assertions.assertNull(email2); |
||||
} |
||||
|
||||
@Test |
||||
public void ldapLoginSSL() throws NoSuchFieldException, IllegalAccessException { |
||||
changeSslEnable(true); |
||||
String email = ldapService.ldapLogin(username, correctPassword); |
||||
Assertions.assertNull(email); |
||||
} |
||||
|
||||
private void changeSslEnable(boolean sslEnable) throws NoSuchFieldException, IllegalAccessException { |
||||
Class<LdapService> ldapServiceClass = LdapService.class; |
||||
Field sslEnableField = ldapServiceClass.getDeclaredField("sslEnable"); |
||||
sslEnableField.setAccessible(true); |
||||
sslEnableField.set(ldapService, sslEnable); |
||||
if (sslEnable) { |
||||
Field trustStorePasswordField = ldapServiceClass.getDeclaredField("trustStorePassword"); |
||||
trustStorePasswordField.setAccessible(true); |
||||
trustStorePasswordField.set(ldapService, "trustStorePassword"); |
||||
} |
||||
} |
||||
} |
Loading…
Reference in new issue