Revert "[improve][broker] Add test to verify authRole cannot change (a…

…pache#19430)" This reverts commit 3e90bc2.
hangc0276 · Mar 15, 2023 · e9dc26b · e9dc26b
1 parent bff1284
commit e9dc26b
Show file tree

Hide file tree

Showing 3 changed files with 0 additions and 224 deletions.
diff --git a/.../src/test/java/org/apache/pulsar/broker/auth/MockAlwaysExpiredAuthenticationProvider.java b/.../src/test/java/org/apache/pulsar/broker/auth/MockAlwaysExpiredAuthenticationProvider.java
diff --git a/...ker/src/test/java/org/apache/pulsar/broker/auth/MockAlwaysExpiredAuthenticationState.java b/...ker/src/test/java/org/apache/pulsar/broker/auth/MockAlwaysExpiredAuthenticationState.java
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/ServerCnxTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/ServerCnxTest.java
@@ -75,7 +75,6 @@
 import org.apache.bookkeeper.mledger.impl.PositionImpl;
 import org.apache.pulsar.broker.PulsarService;
 import org.apache.pulsar.broker.ServiceConfiguration;
-import org.apache.pulsar.broker.auth.MockAlwaysExpiredAuthenticationProvider;
 import org.apache.pulsar.broker.authentication.AuthenticationDataSubscription;
 import org.apache.pulsar.broker.auth.MockAuthenticationProvider;
 import org.apache.pulsar.broker.auth.MockMultiStageAuthenticationProvider;
@@ -482,110 +481,6 @@ public void testConnectCommandWithPassingOriginalPrincipal() throws Exception {
         channel.finish();
     }
 
-    public void testAuthChallengePrincipalChangeFails() throws Exception {
-        AuthenticationService authenticationService = mock(AuthenticationService.class);
-        AuthenticationProvider authenticationProvider = new MockAlwaysExpiredAuthenticationProvider();
-        String authMethodName = authenticationProvider.getAuthMethodName();
-
-        when(brokerService.getAuthenticationService()).thenReturn(authenticationService);
-        when(authenticationService.getAuthenticationProvider(authMethodName)).thenReturn(authenticationProvider);
-        svcConfig.setAuthenticationEnabled(true);
-
-        resetChannel();
-        assertTrue(channel.isActive());
-        assertEquals(serverCnx.getState(), State.Start);
-
-        ByteBuf clientCommand = Commands.newConnect(authMethodName, "pass.client", "");
-        channel.writeInbound(clientCommand);
-
-        Object responseConnected = getResponse();
-        assertTrue(responseConnected instanceof CommandConnected);
-        assertEquals(serverCnx.getState(), State.Connected);
-        assertEquals(serverCnx.getPrincipal(), "pass.client");
-        assertTrue(serverCnx.isActive());
-
-        // Trigger the ServerCnx to check if authentication is expired (it is because of our special implementation)
-        // and then force channel to run the task
-        serverCnx.refreshAuthenticationCredentials();
-        channel.runPendingTasks();
-        Object responseAuthChallenge1 = getResponse();
-        assertTrue(responseAuthChallenge1 instanceof CommandAuthChallenge);
-
-        // Respond with valid info that will both pass and be the same
-        ByteBuf authResponse1 = Commands.newAuthResponse(authMethodName, AuthData.of("pass.client".getBytes()), 1, "");
-        channel.writeInbound(authResponse1);
-
-        // Trigger the ServerCnx to check if authentication is expired again
-        serverCnx.refreshAuthenticationCredentials();
-        channel.runPendingTasks();
-        Object responseAuthChallenge2 = getResponse();
-        assertTrue(responseAuthChallenge2 instanceof CommandAuthChallenge);
-
-        // Respond with invalid info that will pass but have a different authRole
-        ByteBuf authResponse2 = Commands.newAuthResponse(authMethodName, AuthData.of("pass.client2".getBytes()), 1, "");
-        channel.writeInbound(authResponse2);
-
-        // Expect the connection to disconnect
-        Awaitility.await().atMost(10, TimeUnit.SECONDS).until(() -> !channel.isActive());
-
-        channel.finish();
-    }
-
-    public void testAuthChallengeOriginalPrincipalChangeFails() throws Exception {
-        AuthenticationService authenticationService = mock(AuthenticationService.class);
-        AuthenticationProvider authenticationProvider = new MockAlwaysExpiredAuthenticationProvider();
-        String authMethodName = authenticationProvider.getAuthMethodName();
-
-        when(brokerService.getAuthenticationService()).thenReturn(authenticationService);
-        when(authenticationService.getAuthenticationProvider(authMethodName)).thenReturn(authenticationProvider);
-        svcConfig.setAuthenticationEnabled(true);
-        svcConfig.setAuthenticateOriginalAuthData(true);
-        svcConfig.setProxyRoles(Collections.singleton("pass.proxy"));
-
-        resetChannel();
-        assertTrue(channel.isActive());
-        assertEquals(serverCnx.getState(), State.Start);
-
-        ByteBuf clientCommand = Commands.newConnect(authMethodName, "pass.proxy", 1, null,
-                null, "pass.client", "pass.client", authMethodName);
-        channel.writeInbound(clientCommand);
-
-        Object responseConnected = getResponse();
-        assertTrue(responseConnected instanceof CommandConnected);
-        assertEquals(serverCnx.getState(), State.Connected);
-        assertEquals(serverCnx.getAuthRole(), "pass.proxy");
-        // These are all taken without verifying the auth data
-        assertEquals(serverCnx.getPrincipal(), "pass.client");
-        assertEquals(serverCnx.getOriginalPrincipal(), "pass.client");
-        assertTrue(serverCnx.isActive());
-
-        // Trigger the ServerCnx to check if authentication is expired (it is because of our special implementation)
-        // and then force channel to run the task
-        serverCnx.refreshAuthenticationCredentials();
-        channel.runPendingTasks();
-        Object responseAuthChallenge1 = getResponse();
-        assertTrue(responseAuthChallenge1 instanceof CommandAuthChallenge);
-
-        // Respond with valid info that will both pass and be the same
-        ByteBuf authResponse1 = Commands.newAuthResponse(authMethodName, AuthData.of("pass.client".getBytes()), 1, "");
-        channel.writeInbound(authResponse1);
-
-        // Trigger the ServerCnx to check if authentication is expired again
-        serverCnx.refreshAuthenticationCredentials();
-        channel.runPendingTasks();
-        Object responseAuthChallenge2 = getResponse();
-        assertTrue(responseAuthChallenge2 instanceof CommandAuthChallenge);
-
-        // Respond with invalid info that will pass but have a different authRole
-        ByteBuf authResponse2 = Commands.newAuthResponse(authMethodName, AuthData.of("pass.client2".getBytes()), 1, "");
-        channel.writeInbound(authResponse2);
-
-        // Expect the connection to disconnect
-        Awaitility.await().atMost(10, TimeUnit.SECONDS).until(() -> !channel.isActive());
-
-        channel.finish();
-    }
-
     @Test(timeOut = 30000)
     public void testConnectCommandWithInvalidRoleCombinations() throws Exception {
         AuthenticationService authenticationService = mock(AuthenticationService.class);