aurora-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kevi...@apache.org
Subject [1/2] aurora git commit: Ignore all SessionKeys.
Date Wed, 21 Oct 2015 23:14:42 GMT
Repository: aurora
Updated Branches:
  refs/heads/master 5609fc230 -> 4eeec7a75


http://git-wip-us.apache.org/repos/asf/aurora/blob/4eeec7a7/src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java b/src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java
index f537f7a..2bfc2a7 100644
--- a/src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java
+++ b/src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java
@@ -29,10 +29,6 @@ import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Iterables;
 import com.google.common.collect.Sets;
 
-import org.apache.aurora.auth.CapabilityValidator;
-import org.apache.aurora.auth.CapabilityValidator.AuditCheck;
-import org.apache.aurora.auth.CapabilityValidator.Capability;
-import org.apache.aurora.auth.SessionValidator.AuthFailedException;
 import org.apache.aurora.common.testing.easymock.EasyMockTest;
 import org.apache.aurora.gen.AddInstancesConfig;
 import org.apache.aurora.gen.AssignedTask;
@@ -59,7 +55,6 @@ import org.apache.aurora.gen.JobUpdateSettings;
 import org.apache.aurora.gen.JobUpdateSummary;
 import org.apache.aurora.gen.LimitConstraint;
 import org.apache.aurora.gen.ListBackupsResult;
-import org.apache.aurora.gen.Lock;
 import org.apache.aurora.gen.LockKey;
 import org.apache.aurora.gen.MesosContainer;
 import org.apache.aurora.gen.PulseJobUpdateResult;
@@ -117,15 +112,11 @@ import org.easymock.IExpectationSetters;
 import org.junit.Before;
 import org.junit.Test;
 
-import static org.apache.aurora.auth.CapabilityValidator.Capability.ROOT;
-import static org.apache.aurora.auth.CapabilityValidator.Capability.UPDATE_COORDINATOR;
-import static org.apache.aurora.auth.SessionValidator.SessionContext;
 import static org.apache.aurora.gen.LockValidation.CHECKED;
 import static org.apache.aurora.gen.LockValidation.UNCHECKED;
 import static org.apache.aurora.gen.MaintenanceMode.DRAINING;
 import static org.apache.aurora.gen.MaintenanceMode.NONE;
 import static org.apache.aurora.gen.MaintenanceMode.SCHEDULED;
-import static org.apache.aurora.gen.ResponseCode.AUTH_FAILED;
 import static org.apache.aurora.gen.ResponseCode.INVALID_REQUEST;
 import static org.apache.aurora.gen.ResponseCode.LOCK_ERROR;
 import static org.apache.aurora.gen.ResponseCode.OK;
@@ -173,14 +164,12 @@ import static org.junit.Assert.fail;
 
 public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
-  private static final SessionKey SESSION = new SessionKey();
+  private static final SessionKey SESSION = null;
   private static final String AUDIT_MESSAGE = "message";
   private static final AuditData AUDIT = new AuditData(USER, Optional.of(AUDIT_MESSAGE));
 
   private StorageTestUtil storageUtil;
   private LockManager lockManager;
-  private CapabilityValidator userValidator;
-  private SessionContext context;
   private StorageBackup backup;
   private Recovery recovery;
   private MaintenanceController maintenance;
@@ -199,9 +188,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
     storageUtil = new StorageTestUtil(this);
     storageUtil.expectOperations();
     lockManager = createMock(LockManager.class);
-    userValidator = createMock(CapabilityValidator.class);
-    context = createMock(SessionContext.class);
-    setUpValidationExpectations();
     backup = createMock(StorageBackup.class);
     recovery = createMock(Recovery.class);
     maintenance = createMock(MaintenanceController.class);
@@ -218,7 +204,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
         new SchedulerThriftInterface(
             storageUtil.storage,
             lockManager,
-            userValidator,
             backup,
             recovery,
             cronJobManager,
@@ -255,11 +240,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
         });
   }
 
-  private void setUpValidationExpectations() throws Exception {
-    expect(userValidator.toString(SESSION)).andReturn(USER).anyTimes();
-    expect(context.getIdentity()).andReturn(USER).anyTimes();
-  }
-
   @Test
   public void testCreateJobNoLock() throws Exception {
     // Validate key is populated during sanitizing.
@@ -268,7 +248,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
     IJobConfiguration job = IJobConfiguration.build(makeProdJob());
     SanitizedConfiguration sanitized = SanitizedConfiguration.fromUnsanitized(job);
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     storageUtil.expectTaskFetch(Query.jobScoped(JOB_KEY).active());
     expectNoCronJob();
@@ -290,7 +269,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   public void testCreateJobWithLock() throws Exception {
     IJobConfiguration job = IJobConfiguration.build(makeProdJob());
     SanitizedConfiguration sanitized = SanitizedConfiguration.fromUnsanitized(job);
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.of(LOCK));
     storageUtil.expectTaskFetch(Query.jobScoped(JOB_KEY).active());
     expectNoCronJob();
@@ -311,7 +289,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   @Test
   public void testCreateJobFailsForCron() throws Exception {
     IJobConfiguration job = IJobConfiguration.build(makeProdJob().setCronSchedule(""));
-    expectAuth(ROLE, true);
 
     control.replay();
 
@@ -321,20 +298,8 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   }
 
   @Test
-  public void testCreateJobFailsAuth() throws Exception {
-    IJobConfiguration job = IJobConfiguration.build(makeJob());
-    expectAuth(ROLE, false);
-    control.replay();
-
-    assertResponse(
-        AUTH_FAILED,
-        thrift.createJob(job.newBuilder(), null, SESSION));
-  }
-
-  @Test
   public void testCreateJobFailsConfigCheck() throws Exception {
     IJobConfiguration job = IJobConfiguration.build(makeJob(null));
-    expectAuth(ROLE, true);
     control.replay();
 
     assertResponse(
@@ -345,7 +310,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   @Test
   public void testCreateJobFailsLockCheck() throws Exception {
     IJobConfiguration job = IJobConfiguration.build(makeJob());
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.of(LOCK));
     expectLastCall().andThrow(new LockException("Invalid lock"));
 
@@ -357,7 +321,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   @Test
   public void testCreateJobFailsJobExists() throws Exception {
     IJobConfiguration job = IJobConfiguration.build(makeJob());
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     storageUtil.expectTaskFetch(Query.jobScoped(JOB_KEY).active(), buildScheduledTask());
 
@@ -369,7 +332,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   @Test
   public void testCreateJobFailsCronJobExists() throws Exception {
     IJobConfiguration job = IJobConfiguration.build(makeJob());
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     storageUtil.expectTaskFetch(Query.jobScoped(JOB_KEY).active());
     expectCronJob();
@@ -384,7 +346,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
     IJobConfiguration job = IJobConfiguration.build(
         makeJob(defaultTask(true), MAX_TASKS_PER_JOB.get() + 1));
 
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     storageUtil.expectTaskFetch(Query.jobScoped(JOB_KEY).active());
     expectNoCronJob();
@@ -402,7 +363,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   public void testCreateJobFailsTaskIdLength() throws Exception {
     IJobConfiguration job = IJobConfiguration.build(makeJob());
     SanitizedConfiguration sanitized = SanitizedConfiguration.fromUnsanitized(job);
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     storageUtil.expectTaskFetch(Query.jobScoped(JOB_KEY).active());
     expectNoCronJob();
@@ -423,7 +383,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   public void testCreateJobFailsQuotaCheck() throws Exception {
     IJobConfiguration job = IJobConfiguration.build(makeProdJob());
     SanitizedConfiguration sanitized = SanitizedConfiguration.fromUnsanitized(job);
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     storageUtil.expectTaskFetch(Query.jobScoped(JOB_KEY).active());
     expectNoCronJob();
@@ -444,8 +403,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testCreateEmptyJob() throws Exception {
-    expectAuth(ROLE, true);
-
     control.replay();
 
     JobConfiguration job =
@@ -457,7 +414,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   public void testCreateJobFailsNoExecutorConfig() throws Exception {
     JobConfiguration job = makeJob();
     job.getTaskConfig().unsetExecutorConfig();
-    expectAuth(ROLE, true);
 
     control.replay();
 
@@ -471,7 +427,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   public void testCreateHomogeneousJobNoInstances() throws Exception {
     JobConfiguration job = makeJob();
     job.setInstanceCount(0);
-    expectAuth(ROLE, true);
 
     control.replay();
 
@@ -482,7 +437,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   public void testCreateJobNegativeInstanceCount() throws Exception {
     JobConfiguration job = makeJob();
     job.setInstanceCount(-1);
-    expectAuth(ROLE, true);
 
     control.replay();
 
@@ -491,8 +445,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testCreateJobNoResources() throws Exception {
-    expectAuth(ROLE, true);
-
     control.replay();
 
     TaskConfig task = productionTask();
@@ -504,8 +456,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testCreateJobBadCpu() throws Exception {
-    expectAuth(ROLE, true);
-
     control.replay();
 
     TaskConfig task = productionTask().setNumCpus(0.0);
@@ -514,8 +464,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testCreateJobBadRam() throws Exception {
-    expectAuth(ROLE, true);
-
     control.replay();
 
     TaskConfig task = productionTask().setRamMb(-123);
@@ -524,8 +472,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testCreateJobBadDisk() throws Exception {
-    expectAuth(ROLE, true);
-
     control.replay();
 
     TaskConfig task = productionTask().setDiskMb(0);
@@ -548,8 +494,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
         .setJobName(JOB_NAME);
     JobConfiguration job = makeJob(task);
 
-    expectAuth(ROLE, true);
-
     JobConfiguration sanitized = job.deepCopy();
     sanitized.getTaskConfig()
         .setJob(JOB_KEY.newBuilder())
@@ -583,8 +527,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testCreateUnauthorizedDedicatedJob() throws Exception {
-    expectAuth(ROLE, true);
-
     control.replay();
 
     TaskConfig task = nonProductionTask();
@@ -594,8 +536,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testLimitConstraintForDedicatedJob() throws Exception {
-    expectAuth(ROLE, true);
-
     control.replay();
 
     TaskConfig task = nonProductionTask();
@@ -605,8 +545,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testMultipleValueConstraintForDedicatedJob() throws Exception {
-    expectAuth(ROLE, true);
-
     control.replay();
 
     TaskConfig task = nonProductionTask();
@@ -644,7 +582,7 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   }
 
   private void expectTransitionsToKilling() {
-    expect(auditMessages.killedBy(USER)).andReturn(Optional.of("test"));
+    expect(auditMessages.killedByRemoteUser()).andReturn(Optional.of("test"));
     expect(stateManager.changeState(
         storageUtil.mutableStoreProvider,
         TASK_ID,
@@ -654,36 +592,8 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   }
 
   @Test
-  public void testUserKillTasks() throws Exception {
-    Query.Builder query = Query.unscoped().byJob(JOB_KEY).active();
-    expectAuth(ROOT, false);
-    expectAuth(ROLE, true);
-    storageUtil.expectTaskFetch(query, buildScheduledTask());
-    lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.of(LOCK));
-    expectTransitionsToKilling();
-
-    control.replay();
-
-    assertOkResponse(thrift.killTasks(query.get(), LOCK.newBuilder(), SESSION));
-  }
-
-  @Test
-  public void testAdminKillTasks() throws Exception {
-    Query.Builder query = Query.unscoped().byJob(JOB_KEY).active();
-    expectAuth(ROOT, true);
-    storageUtil.expectTaskFetch(query, buildScheduledTask());
-    lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
-    expectTransitionsToKilling();
-
-    control.replay();
-
-    assertOkResponse(thrift.killTasks(query.get(), null, SESSION));
-  }
-
-  @Test
   public void testKillByJobName() throws Exception {
     TaskQuery query = new TaskQuery().setJobName("job");
-    expectAuth(ROOT, true);
     storageUtil.expectTaskFetch(Query.arbitrary(query).active(), buildScheduledTask());
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     expectTransitionsToKilling();
@@ -696,7 +606,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   @Test
   public void testKillQueryActive() throws Exception {
     Query.Builder query = Query.unscoped().byJob(JOB_KEY);
-    expectAuth(ROOT, true);
     storageUtil.expectTaskFetch(query.active(), buildScheduledTask());
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     expectTransitionsToKilling();
@@ -712,8 +621,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
     IScheduledTask task2 = buildScheduledTask("job_bar", TASK_ID);
     ILockKey key2 = ILockKey.build(LockKey.job(
         JobKeys.from(ROLE, "devel", "job_bar").newBuilder()));
-    expectAuth(ROOT, false);
-    expectAuth(ROLE, true);
     storageUtil.expectTaskFetch(query, buildScheduledTask(), task2);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.of(LOCK));
     lockManager.validateIfLocked(key2, java.util.Optional.of(LOCK));
@@ -728,40 +635,8 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   public void testKillByTaskId() throws Exception {
     // A non-admin user may kill their own tasks when specified by task IDs.
     Query.Builder query = Query.taskScoped("taskid");
-    expectAuth(ROOT, false);
-    expectAuth(ImmutableSet.of(ROLE), true);
     // This query happens twice - once for authentication (without consistency) and once again
     // to perform the state change (within a write transaction).
-    storageUtil.expectTaskFetch(query.active(), buildScheduledTask()).times(2);
-    lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
-    expectTransitionsToKilling();
-
-    control.replay();
-
-    assertOkResponse(thrift.killTasks(query.get(), null, SESSION));
-  }
-
-  @Test
-  public void testKillByStatus() throws Exception {
-    // A non-admin user may not kill arbitrary tasks.
-    Query.Builder query = Query.statusScoped(ScheduleStatus.RUNNING);
-    expectAuth(ROOT, false);
-
-    control.replay();
-
-    assertResponse(AUTH_FAILED, thrift.killTasks(query.get(), null, SESSION));
-  }
-
-  @Test
-  public void testKillWithRoleSpecs() throws Exception {
-    // The query performed here is somewhat nonsensical, since we would not have any tasks owned by
-    // multiple roles.  However, that behavior is defined in the storage system.
-    Query.Builder query = Query.arbitrary(new TaskQuery()
-        .setRole("a")
-        .setJobKeys(ImmutableSet.of(JobKeys.from("b", "devel", "job").newBuilder())));
-
-    expectAuth(ROOT, false);
-    expectAuth(ImmutableSet.of("a", "b"), true);
     storageUtil.expectTaskFetch(query.active(), buildScheduledTask());
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     expectTransitionsToKilling();
@@ -772,17 +647,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   }
 
   @Test
-  public void testKillTasksAuthFailure() throws Exception {
-    Query.Builder query = Query.unscoped().byJob(JOB_KEY).active();
-    expectAuth(ROOT, false);
-    expectAuth(ROLE, false);
-
-    control.replay();
-
-    assertResponse(AUTH_FAILED, thrift.killTasks(query.get(), null, SESSION));
-  }
-
-  @Test
   public void testKillTasksInvalidJobName() throws Exception {
     TaskQuery query = new TaskQuery()
         .setOwner(ROLE_IDENTITY)
@@ -796,7 +660,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   @Test
   public void testKillNonExistentTasks() throws Exception {
     Query.Builder query = Query.unscoped().byJob(JOB_KEY).active();
-    expectAuth(ROOT, true);
     storageUtil.expectTaskFetch(query);
 
     control.replay();
@@ -807,37 +670,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   }
 
   @Test
-  public void testKillAuthenticatesQueryRole() throws Exception {
-    expectAuth(ROOT, false);
-    expectAuth(ImmutableSet.of("foo"), true);
-
-    Query.Builder query = Query.roleScoped("foo").active();
-
-    storageUtil.expectTaskFetch(query, buildScheduledTask());
-    lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
-    expectTransitionsToKilling();
-
-    control.replay();
-
-    assertOkResponse(thrift.killTasks(query.get(), null, SESSION));
-  }
-
-  @Test
-  public void testKillCronAuthenticatesQueryJobKeyRole() throws Exception {
-    expectAuth(ROOT, false);
-    IJobKey key = JobKeys.from("role", "env", "job");
-
-    Query.Builder query = Query.arbitrary(new TaskQuery().setJobKeys(
-        ImmutableSet.of(key.newBuilder())));
-
-    storageUtil.expectTaskFetch(query.active());
-    expectAuth(ImmutableSet.of("role"), true);
-
-    control.replay();
-    assertOkResponse(thrift.killTasks(query.get(), null, SESSION));
-  }
-
-  @Test
   public void testSetQuota() throws Exception {
     ResourceAggregate resourceAggregate = new ResourceAggregate()
         .setNumCpus(10)
@@ -875,7 +707,7 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   public void testForceTaskState() throws Exception {
     ScheduleStatus status = ScheduleStatus.FAILED;
 
-    expect(auditMessages.transitionedBy(USER)).andReturn(Optional.of("test"));
+    expect(auditMessages.transitionedBy()).andReturn(Optional.of("test"));
     expect(stateManager.changeState(
         storageUtil.mutableStoreProvider,
         TASK_ID,
@@ -883,15 +715,9 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
         ScheduleStatus.FAILED,
         Optional.of("test"))).andReturn(StateChangeResult.SUCCESS);
 
-    expectAuth(ROOT, true);
-    expectAuth(ROOT, false);
-
     control.replay();
 
     assertOkResponse(thrift.forceTaskState(TASK_ID, status, SESSION));
-    assertEquals(
-        response(AUTH_FAILED, Optional.absent(), AUTH_DENIED_MESSAGE),
-        thrift.forceTaskState(TASK_ID, status, SESSION));
   }
 
   @Test
@@ -956,25 +782,15 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   }
 
   @Test
-  public void testForceTaskStateAuthFailure() throws Exception {
-    expectAuth(ROOT, false);
-
-    control.replay();
-
-    assertResponse(AUTH_FAILED, thrift.forceTaskState("task", ScheduleStatus.FAILED, SESSION));
-  }
-
-  @Test
   public void testRestartShards() throws Exception {
     Set<Integer> shards = ImmutableSet.of(0);
 
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.of(LOCK));
     storageUtil.expectTaskFetch(
         Query.instanceScoped(JOB_KEY, shards).active(),
         buildScheduledTask());
 
-    expect(auditMessages.restartedBy(USER))
+    expect(auditMessages.restartedByRemoteUser())
         .andReturn(Optional.of("test"));
     expect(stateManager.changeState(
         storageUtil.mutableStoreProvider,
@@ -990,21 +806,9 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   }
 
   @Test
-  public void testRestartShardsAuthFailure() throws Exception {
-    expectAuth(ROLE, false);
-
-    control.replay();
-
-    assertResponse(
-        AUTH_FAILED,
-        thrift.restartShards(JOB_KEY.newBuilder(), ImmutableSet.of(0), null, SESSION));
-  }
-
-  @Test
   public void testRestartShardsLockCheckFails() throws Exception {
     Set<Integer> shards = ImmutableSet.of(1, 6);
 
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.of(LOCK));
     expectLastCall().andThrow(new LockException("test"));
 
@@ -1019,7 +823,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   public void testRestartShardsNotFoundTasksFailure() throws Exception {
     Set<Integer> shards = ImmutableSet.of(1, 6);
 
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.of(LOCK));
     storageUtil.expectTaskFetch(Query.instanceScoped(JOB_KEY, shards).active());
 
@@ -1032,7 +835,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testReplaceCronTemplate() throws Exception {
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     SanitizedConfiguration sanitized =
         SanitizedConfiguration.fromUnsanitized(IJobConfiguration.build(CRON_JOB));
@@ -1050,17 +852,7 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   }
 
   @Test
-  public void testReplaceCronTemplateFailedAuth() throws Exception {
-    expectAuth(ROLE, false);
-
-    control.replay();
-
-    assertResponse(AUTH_FAILED, thrift.replaceCronTemplate(CRON_JOB, null, SESSION));
-  }
-
-  @Test
   public void testReplaceCronTemplateFailedLockValidation() throws Exception {
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     expectLastCall().andThrow(new LockException("Failed lock."));
     control.replay();
@@ -1070,7 +862,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testReplaceCronTemplateDoesNotExist() throws Exception {
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     SanitizedConfiguration sanitized =
         SanitizedConfiguration.fromUnsanitized(IJobConfiguration.build(CRON_JOB));
@@ -1088,22 +879,13 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testStartCronJob() throws Exception {
-    expectAuth(ROLE, true);
     cronJobManager.startJobNow(JOB_KEY);
     control.replay();
     assertResponse(OK, thrift.startCronJob(JOB_KEY.newBuilder(), SESSION));
   }
 
   @Test
-  public void testStartCronJobFailsAuth() throws Exception {
-    expectAuth(ROLE, false);
-    control.replay();
-    assertResponse(AUTH_FAILED, thrift.startCronJob(JOB_KEY.newBuilder(), SESSION));
-  }
-
-  @Test
   public void testStartCronJobFailsInCronManager() throws Exception {
-    expectAuth(ROLE, true);
     cronJobManager.startJobNow(JOB_KEY);
     expectLastCall().andThrow(new CronException("failed"));
     control.replay();
@@ -1112,7 +894,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testScheduleCronCreatesJob() throws Exception {
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     SanitizedConfiguration sanitized =
         SanitizedConfiguration.fromUnsanitized(IJobConfiguration.build(CRON_JOB));
@@ -1130,7 +911,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testScheduleCronFailsCreationDueToExistingNonCron() throws Exception {
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     SanitizedConfiguration sanitized =
         SanitizedConfiguration.fromUnsanitized(IJobConfiguration.build(CRON_JOB));
@@ -1149,7 +929,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testScheduleCronUpdatesJob() throws Exception {
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     SanitizedConfiguration sanitized =
         SanitizedConfiguration.fromUnsanitized(IJobConfiguration.build(CRON_JOB));
@@ -1169,15 +948,7 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   }
 
   @Test
-  public void testUpdateScheduledCronJobFailedAuth() throws Exception {
-    expectAuth(ROLE, false);
-    control.replay();
-    assertResponse(AUTH_FAILED, thrift.scheduleCronJob(CRON_JOB, null, SESSION));
-  }
-
-  @Test
   public void testScheduleCronJobFailedTaskConfigValidation() throws Exception {
-    expectAuth(ROLE, true);
     control.replay();
     IJobConfiguration job = IJobConfiguration.build(makeJob(null));
     assertResponse(
@@ -1187,7 +958,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testScheduleCronJobFailsLockValidation() throws Exception {
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.of(LOCK));
     expectLastCall().andThrow(new LockException("Failed lock"));
     control.replay();
@@ -1196,7 +966,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testScheduleCronJobFailsWithNoCronSchedule() throws Exception {
-    expectAuth(ROLE, true);
     control.replay();
 
     assertEquals(
@@ -1206,7 +975,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testScheduleCronFailsQuotaCheck() throws Exception {
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     SanitizedConfiguration sanitized =
         SanitizedConfiguration.fromUnsanitized(IJobConfiguration.build(CRON_JOB));
@@ -1221,24 +989,16 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testDescheduleCronJob() throws Exception {
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     expect(cronJobManager.deleteJob(JOB_KEY)).andReturn(true);
-    control.replay();
-    assertResponse(OK, thrift.descheduleCronJob(CRON_JOB.getKey(), null, SESSION));
-  }
 
-  @Test
-  public void testDescheduleCronJobFailsAuth() throws Exception {
-    expectAuth(ROLE, false);
     control.replay();
-    assertResponse(AUTH_FAILED,
-        thrift.descheduleCronJob(CRON_JOB.getKey(), null, SESSION));
+
+    assertResponse(OK, thrift.descheduleCronJob(CRON_JOB.getKey(), null, SESSION));
   }
 
   @Test
   public void testDescheduleCronJobFailsLockValidation() throws Exception {
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     expectLastCall().andThrow(new LockException("Failed lock"));
     control.replay();
@@ -1247,7 +1007,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testDescheduleNotACron() throws Exception {
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     expect(cronJobManager.deleteJob(JOB_KEY)).andReturn(false);
     control.replay();
@@ -1451,8 +1210,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testUnauthorizedDedicatedJob() throws Exception {
-    expectAuth(ROLE, true);
-
     control.replay();
 
     TaskConfig task = nonProductionTask();
@@ -1542,7 +1299,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   @Test
   public void testAddInstances() throws Exception {
     ITaskConfig populatedTask = ITaskConfig.build(populatedTask());
-    expectAuth(ROLE, true);
     expectNoCronJob();
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.of(LOCK));
     storageUtil.expectTaskFetch(Query.jobScoped(JOB_KEY).active());
@@ -1566,7 +1322,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   public void testAddInstancesWithNullLock() throws Exception {
     ITaskConfig populatedTask = ITaskConfig.build(populatedTask());
     AddInstancesConfig config = createInstanceConfig(populatedTask.newBuilder());
-    expectAuth(ROLE, true);
     expectNoCronJob();
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.empty());
     storageUtil.expectTaskFetch(Query.jobScoped(JOB_KEY).active());
@@ -1584,19 +1339,8 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   }
 
   @Test
-  public void testAddInstancesFailsAuth() throws Exception {
-    AddInstancesConfig config = createInstanceConfig(defaultTask(true));
-    expectAuth(ROLE, false);
-
-    control.replay();
-
-    assertResponse(AUTH_FAILED, thrift.addInstances(config, LOCK.newBuilder(), SESSION));
-  }
-
-  @Test
   public void testAddInstancesFailsConfigCheck() throws Exception {
     AddInstancesConfig config = createInstanceConfig(defaultTask(true).setJobName(null));
-    expectAuth(ROLE, true);
 
     control.replay();
 
@@ -1606,7 +1350,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   @Test
   public void testAddInstancesFailsCronJob() throws Exception {
     AddInstancesConfig config = createInstanceConfig(defaultTask(true));
-    expectAuth(ROLE, true);
     expectCronJob();
 
     control.replay();
@@ -1617,7 +1360,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   @Test(expected = StorageException.class)
   public void testAddInstancesFailsWithNonTransient() throws Exception {
     AddInstancesConfig config = createInstanceConfig(defaultTask(true));
-    expectAuth(ROLE, true);
     expect(storageUtil.jobStore.fetchJob(JOB_KEY)).andThrow(new StorageException("no retry"));
 
     control.replay();
@@ -1628,7 +1370,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   @Test
   public void testAddInstancesLockCheckFails() throws Exception {
     AddInstancesConfig config = createInstanceConfig(defaultTask(true));
-    expectAuth(ROLE, true);
     expectNoCronJob();
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.of(LOCK));
     expectLastCall().andThrow(new LockException("Failed lock check."));
@@ -1642,7 +1383,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   public void testAddInstancesFailsTaskIdLength() throws Exception {
     ITaskConfig populatedTask = ITaskConfig.build(populatedTask());
     AddInstancesConfig config = createInstanceConfig(populatedTask.newBuilder());
-    expectAuth(ROLE, true);
     expectNoCronJob();
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.of(LOCK));
     storageUtil.expectTaskFetch(Query.jobScoped(JOB_KEY).active());
@@ -1662,7 +1402,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   public void testAddInstancesFailsQuotaCheck() throws Exception {
     ITaskConfig populatedTask = ITaskConfig.build(populatedTask());
     AddInstancesConfig config = createInstanceConfig(populatedTask.newBuilder());
-    expectAuth(ROLE, true);
     expectNoCronJob();
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.of(LOCK));
     storageUtil.expectTaskFetch(Query.jobScoped(JOB_KEY).active());
@@ -1679,7 +1418,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   public void testAddInstancesInstanceCollisionFailure() throws Exception {
     ITaskConfig populatedTask = ITaskConfig.build(populatedTask());
     AddInstancesConfig config = createInstanceConfig(populatedTask.newBuilder());
-    expectAuth(ROLE, true);
     expectNoCronJob();
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.of(LOCK));
     storageUtil.expectTaskFetch(Query.jobScoped(JOB_KEY).active());
@@ -1699,7 +1437,7 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testAcquireLock() throws Exception {
-    expectAuth(ROLE, true);
+    expectGetRemoteUser();
     expect(lockManager.acquireLock(LOCK_KEY, USER)).andReturn(LOCK);
 
     control.replay();
@@ -1708,24 +1446,9 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
     assertEquals(LOCK.newBuilder(), response.getResult().getAcquireLockResult().getLock());
   }
 
-  @Test(expected = IllegalArgumentException.class)
-  public void testAcquireLockInvalidKey() throws Exception {
-    control.replay();
-
-    thrift.acquireLock(LockKey.job(new JobKey()), SESSION);
-  }
-
-  @Test
-  public void testAcquireLockAuthFailed() throws Exception {
-    expectAuth(ROLE, false);
-    control.replay();
-
-    assertResponse(AUTH_FAILED, thrift.acquireLock(LOCK_KEY.newBuilder(), SESSION));
-  }
-
   @Test
   public void testAcquireLockFailed() throws Exception {
-    expectAuth(ROLE, true);
+    expectGetRemoteUser();
     expect(lockManager.acquireLock(LOCK_KEY, USER))
         .andThrow(new LockException("Failed"));
 
@@ -1736,7 +1459,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testReleaseLock() throws Exception {
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.of(LOCK));
     lockManager.releaseLock(LOCK);
 
@@ -1745,24 +1467,8 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
     assertOkResponse(thrift.releaseLock(LOCK.newBuilder(), CHECKED, SESSION));
   }
 
-  @Test(expected = IllegalArgumentException.class)
-  public void testReleaseLockInvalidKey() throws Exception {
-    control.replay();
-
-    thrift.releaseLock(new Lock().setKey(LockKey.job(new JobKey())), CHECKED, SESSION);
-  }
-
-  @Test
-  public void testReleaseLockAuthFailed() throws Exception {
-    expectAuth(ROLE, false);
-    control.replay();
-
-    assertResponse(AUTH_FAILED, thrift.releaseLock(LOCK.newBuilder(), CHECKED, SESSION));
-  }
-
   @Test
   public void testReleaseLockFailed() throws Exception {
-    expectAuth(ROLE, true);
     lockManager.validateIfLocked(LOCK_KEY, java.util.Optional.of(LOCK));
     expectLastCall().andThrow(new LockException("Failed"));
 
@@ -1773,7 +1479,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testReleaseLockUnchecked() throws Exception {
-    expectAuth(ROLE, true);
     lockManager.releaseLock(LOCK);
 
     control.replay();
@@ -1783,7 +1488,7 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testStartUpdate() throws Exception {
-    expectAuth(ROLE, true);
+    expectGetRemoteUser();
     expectNoCronJob();
 
     ITaskConfig newTask = buildTaskForJobUpdate(0).getAssignedTask().getTask();
@@ -1839,7 +1544,7 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testStartUpdateEmptyDesired() throws Exception {
-    expectAuth(ROLE, true);
+    expectGetRemoteUser();
     expectNoCronJob();
 
     ITaskConfig newTask = buildTaskForJobUpdate(0).getAssignedTask().getTask();
@@ -1991,18 +1696,8 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   }
 
   @Test
-  public void testStartUpdateFailsAuth() throws Exception {
-    JobUpdateRequest request = buildServiceJobUpdateRequest(populatedTask());
-    expectAuth(ROLE, false);
-
-    control.replay();
-    assertResponse(AUTH_FAILED, thrift.startJobUpdate(request, AUDIT_MESSAGE, SESSION));
-  }
-
-  @Test
   public void testStartUpdateFailsForCronJob() throws Exception {
     JobUpdateRequest request = buildServiceJobUpdateRequest(populatedTask());
-    expectAuth(ROLE, true);
     expectCronJob();
 
     control.replay();
@@ -2013,7 +1708,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   public void testStartUpdateFailsConfigValidation() throws Exception {
     JobUpdateRequest request =
         buildJobUpdateRequest(populatedTask().setIsService(true).setNumCpus(-1));
-    expectAuth(ROLE, true);
 
     control.replay();
     assertResponse(INVALID_REQUEST, thrift.startJobUpdate(request, AUDIT_MESSAGE, SESSION));
@@ -2021,7 +1715,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testStartNoopUpdate() throws Exception {
-    expectAuth(ROLE, true);
     expectNoCronJob();
     expect(uuidGenerator.createNew()).andReturn(UU_ID);
     ITaskConfig newTask = buildTaskForJobUpdate(0).getAssignedTask().getTask();
@@ -2045,7 +1738,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testStartUpdateInvalidScope() throws Exception {
-    expectAuth(ROLE, true);
     expectNoCronJob();
     expect(uuidGenerator.createNew()).andReturn(UU_ID);
 
@@ -2071,7 +1763,7 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
     // Test for regression of AURORA-1332: a scoped update should be allowed when unchanged
     // instances are included in the scope.
 
-    expectAuth(ROLE, true);
+    expectGetRemoteUser();
     expectNoCronJob();
     expect(uuidGenerator.createNew()).andReturn(UU_ID);
 
@@ -2109,7 +1801,7 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   public void testStartUpdateFailsInstanceCountCheck() throws Exception {
     JobUpdateRequest request = buildServiceJobUpdateRequest(populatedTask());
     request.setInstanceCount(4001);
-    expectAuth(ROLE, true);
+    expectGetRemoteUser();
     expectNoCronJob();
     expect(uuidGenerator.createNew()).andReturn(UU_ID);
     storageUtil.expectTaskFetch(Query.unscoped().byJob(JOB_KEY).active());
@@ -2123,7 +1815,7 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   @Test
   public void testStartUpdateFailsTaskIdLength() throws Exception {
     JobUpdateRequest request = buildServiceJobUpdateRequest(populatedTask());
-    expectAuth(ROLE, true);
+    expectGetRemoteUser();
     expectNoCronJob();
     expect(uuidGenerator.createNew()).andReturn(UU_ID);
     storageUtil.expectTaskFetch(Query.unscoped().byJob(JOB_KEY).active());
@@ -2140,7 +1832,7 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   @Test
   public void testStartUpdateFailsQuotaCheck() throws Exception {
     JobUpdateRequest request = buildServiceJobUpdateRequest(populatedTask());
-    expectAuth(ROLE, true);
+    expectGetRemoteUser();
     expectNoCronJob();
     expect(uuidGenerator.createNew()).andReturn(UU_ID);
 
@@ -2158,7 +1850,7 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testStartUpdateFailsInController() throws Exception {
-    expectAuth(ROLE, true);
+    expectGetRemoteUser();
     expectNoCronJob();
 
     IScheduledTask oldTask = buildTaskForJobUpdate(0, "old");
@@ -2186,7 +1878,7 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testPauseJobUpdateByCoordinator() throws Exception {
-    expectAuth(UPDATE_COORDINATOR, true);
+    expectGetRemoteUser();
     jobUpdateController.pause(UPDATE_KEY, AUDIT);
 
     control.replay();
@@ -2196,8 +1888,7 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testPauseJobUpdateByUser() throws Exception {
-    expectAuth(ROLE, true);
-    expectAuth(UPDATE_COORDINATOR, false);
+    expectGetRemoteUser();
     jobUpdateController.pause(UPDATE_KEY, AUDIT);
 
     control.replay();
@@ -2207,8 +1898,7 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test(expected = IllegalArgumentException.class)
   public void testPauseMessageTooLong() throws Exception {
-    expectAuth(ROLE, true);
-    expectAuth(UPDATE_COORDINATOR, false);
+    expectGetRemoteUser();
 
     control.replay();
 
@@ -2221,20 +1911,8 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   }
 
   @Test
-  public void testPauseJobUpdateFailsAuth() throws Exception {
-    expectAuth(UPDATE_COORDINATOR, false);
-    expectAuth(ROLE, false);
-
-    control.replay();
-
-    assertResponse(
-        AUTH_FAILED,
-        thrift.pauseJobUpdate(UPDATE_KEY.newBuilder(), AUDIT_MESSAGE, SESSION));
-  }
-
-  @Test
   public void testPauseJobUpdateFailsInController() throws Exception {
-    expectAuth(UPDATE_COORDINATOR, true);
+    expectGetRemoteUser();
     jobUpdateController.pause(UPDATE_KEY, AUDIT);
     expectLastCall().andThrow(new UpdateStateException("failed"));
 
@@ -2246,8 +1924,8 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   }
 
   @Test
-  public void testResumeJobUpdateByCoordinator() throws Exception {
-    expectAuth(UPDATE_COORDINATOR, true);
+  public void testResumeJobUpdate() throws Exception {
+    expectGetRemoteUser();
     jobUpdateController.resume(UPDATE_KEY, AUDIT);
 
     control.replay();
@@ -2256,31 +1934,8 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   }
 
   @Test
-  public void testResumeJobUpdateByUser() throws Exception {
-    expectAuth(ROLE, true);
-    expectAuth(UPDATE_COORDINATOR, false);
-    jobUpdateController.resume(UPDATE_KEY, AUDIT);
-
-    control.replay();
-
-    assertResponse(OK, thrift.resumeJobUpdate(UPDATE_KEY.newBuilder(), AUDIT_MESSAGE, SESSION));
-  }
-
-  @Test
-  public void testResumeJobUpdateFailsAuth() throws Exception {
-    expectAuth(UPDATE_COORDINATOR, false);
-    expectAuth(ROLE, false);
-
-    control.replay();
-
-    assertResponse(
-        AUTH_FAILED,
-        thrift.resumeJobUpdate(UPDATE_KEY.newBuilder(), AUDIT_MESSAGE, SESSION));
-  }
-
-  @Test
   public void testResumeJobUpdateFailsInController() throws Exception {
-    expectAuth(UPDATE_COORDINATOR, true);
+    expectGetRemoteUser();
     jobUpdateController.resume(UPDATE_KEY, AUDIT);
     expectLastCall().andThrow(new UpdateStateException("failed"));
 
@@ -2293,7 +1948,7 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testAbortJobUpdateByCoordinator() throws Exception {
-    expectAuth(UPDATE_COORDINATOR, true);
+    expectGetRemoteUser();
     jobUpdateController.abort(UPDATE_KEY, AUDIT);
 
     control.replay();
@@ -2303,8 +1958,7 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testAbortJobUpdateByUser() throws Exception {
-    expectAuth(ROLE, true);
-    expectAuth(UPDATE_COORDINATOR, false);
+    expectGetRemoteUser();
     jobUpdateController.abort(UPDATE_KEY, AUDIT);
 
     control.replay();
@@ -2313,20 +1967,8 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   }
 
   @Test
-  public void testAbortJobUpdateFailsAuth() throws Exception {
-    expectAuth(UPDATE_COORDINATOR, false);
-    expectAuth(ROLE, false);
-
-    control.replay();
-
-    assertResponse(
-        AUTH_FAILED,
-        thrift.abortJobUpdate(UPDATE_KEY.newBuilder(), AUDIT_MESSAGE, SESSION));
-  }
-
-  @Test
   public void testAbortJobUpdateFailsInController() throws Exception {
-    expectAuth(UPDATE_COORDINATOR, true);
+    expectGetRemoteUser();
     jobUpdateController.abort(UPDATE_KEY, AUDIT);
     expectLastCall().andThrow(new UpdateStateException("failed"));
 
@@ -2339,7 +1981,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testPulseJobUpdatePulsedAsCoordinator() throws Exception {
-    expectAuth(UPDATE_COORDINATOR, true);
     expect(jobUpdateController.pulse(UPDATE_KEY)).andReturn(JobUpdatePulseStatus.OK);
 
     control.replay();
@@ -2352,8 +1993,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testPulseJobUpdatePulsedAsUser() throws Exception {
-    expectAuth(UPDATE_COORDINATOR, false);
-    expectAuth(ROLE, true);
     expect(jobUpdateController.pulse(UPDATE_KEY)).andReturn(JobUpdatePulseStatus.OK);
 
     control.replay();
@@ -2365,7 +2004,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   @Test
   public void testPulseJobUpdateFails() throws Exception {
-    expectAuth(UPDATE_COORDINATOR, true);
     expect(jobUpdateController.pulse(UPDATE_KEY)).andThrow(new UpdateStateException("failure"));
 
     control.replay();
@@ -2374,16 +2012,6 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
   }
 
   @Test
-  public void testPulseJobUpdateFailsAuth() throws Exception {
-    expectAuth(UPDATE_COORDINATOR, false);
-    expectAuth(ROLE, false);
-
-    control.replay();
-
-    assertResponse(AUTH_FAILED, thrift.pulseJobUpdate(UPDATE_KEY.newBuilder(), SESSION));
-  }
-
-  @Test
   public void testGetJobUpdateSummaries() throws Exception {
     Response updateSummary = Responses.empty()
         .setResponseCode(OK)
@@ -2398,39 +2026,8 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
 
   private static final String AUTH_DENIED_MESSAGE = "Denied!";
 
-  private IExpectationSetters<?> expectAuth(Set<String> roles, boolean allowed)
-      throws AuthFailedException {
-
-    if (!allowed) {
-      return expect(userValidator.checkAuthenticated(SESSION, roles))
-          .andThrow(new AuthFailedException(AUTH_DENIED_MESSAGE));
-    } else {
-      return expect(userValidator.checkAuthenticated(SESSION, roles))
-          .andReturn(context);
-    }
-  }
-
-  private IExpectationSetters<?> expectAuth(String role, boolean allowed)
-      throws AuthFailedException {
-
-    return expectAuth(ImmutableSet.of(role), allowed);
-  }
-
-  private IExpectationSetters<?> expectAuth(Capability capability, boolean allowed)
-      throws AuthFailedException {
-
-    if (!allowed) {
-      return expect(userValidator.checkAuthorized(
-          eq(SESSION),
-          eq(capability),
-          anyObject(AuditCheck.class))
-      ).andThrow(new AuthFailedException(AUTH_DENIED_MESSAGE));
-    } else {
-      return expect(userValidator.checkAuthorized(
-          eq(SESSION),
-          eq(capability),
-          anyObject(AuditCheck.class))).andReturn(context);
-    }
+  private IExpectationSetters<String> expectGetRemoteUser() {
+    return expect(auditMessages.getRemoteUserName()).andReturn(USER);
   }
 
   private static TaskConfig populatedTask() {

http://git-wip-us.apache.org/repos/asf/aurora/blob/4eeec7a7/src/test/java/org/apache/aurora/scheduler/thrift/ThriftIT.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/aurora/scheduler/thrift/ThriftIT.java b/src/test/java/org/apache/aurora/scheduler/thrift/ThriftIT.java
index f06481b..63c20d1 100644
--- a/src/test/java/org/apache/aurora/scheduler/thrift/ThriftIT.java
+++ b/src/test/java/org/apache/aurora/scheduler/thrift/ThriftIT.java
@@ -13,27 +13,18 @@
  */
 package org.apache.aurora.scheduler.thrift;
 
-import java.util.Arrays;
-import java.util.Map;
 import java.util.Optional;
-import java.util.Set;
 
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
 import com.google.inject.AbstractModule;
 import com.google.inject.Guice;
 import com.google.inject.Injector;
 import com.google.inject.Provides;
 
-import org.apache.aurora.auth.CapabilityValidator;
-import org.apache.aurora.auth.CapabilityValidator.Capability;
-import org.apache.aurora.auth.SessionValidator;
 import org.apache.aurora.common.application.ShutdownRegistry;
 import org.apache.aurora.common.testing.easymock.EasyMockTest;
 import org.apache.aurora.gen.AuroraAdmin;
 import org.apache.aurora.gen.ResourceAggregate;
 import org.apache.aurora.gen.ServerInfo;
-import org.apache.aurora.gen.SessionKey;
 import org.apache.aurora.scheduler.TaskIdGenerator;
 import org.apache.aurora.scheduler.cron.CronJobManager;
 import org.apache.aurora.scheduler.cron.CronPredictor;
@@ -50,106 +41,33 @@ import org.apache.aurora.scheduler.storage.entities.IResourceAggregate;
 import org.apache.aurora.scheduler.storage.entities.IServerInfo;
 import org.apache.aurora.scheduler.storage.testing.StorageTestUtil;
 import org.apache.aurora.scheduler.thrift.aop.AnnotatedAuroraAdmin;
-import org.apache.aurora.scheduler.thrift.auth.ThriftAuthModule;
 import org.apache.aurora.scheduler.updater.JobUpdateController;
 import org.apache.shiro.subject.Subject;
 import org.junit.Before;
 import org.junit.Test;
 
-import static org.apache.aurora.auth.SessionValidator.SessionContext;
-import static org.apache.aurora.gen.ResponseCode.AUTH_FAILED;
 import static org.apache.aurora.gen.ResponseCode.OK;
-import static org.easymock.EasyMock.expectLastCall;
 import static org.junit.Assert.assertEquals;
 
 public class ThriftIT extends EasyMockTest {
 
   private static final String USER = "someuser";
-  private static final String ROOT_USER = "blue";
-  private static final String PROVISIONER_USER = "red";
   private static final IResourceAggregate QUOTA =
       IResourceAggregate.build(new ResourceAggregate(1, 1, 1));
 
-  private static final Map<Capability, String> CAPABILITIES =
-      ImmutableMap.of(Capability.ROOT, ROOT_USER, Capability.PROVISIONER, PROVISIONER_USER);
-
   private AuroraAdmin.Iface thrift;
   private StorageTestUtil storageTestUtil;
-  private SessionContext context;
   private QuotaManager quotaManager;
 
-  private final SessionValidator validator = new SessionValidator() {
-    @Override
-    public SessionContext checkAuthenticated(
-        SessionKey sessionKey,
-        Set<String> targetRoles) throws AuthFailedException {
-
-      for (String role : targetRoles) {
-        if (!Arrays.equals(role.getBytes(), sessionKey.getData())) {
-          throw new AuthFailedException("Injected");
-        }
-      }
-
-      return context;
-    }
-
-    @Override
-    public String toString(SessionKey sessionKey) {
-      return "test";
-    }
-  };
-
-  private static class CapabilityValidatorFake implements CapabilityValidator {
-    private final SessionValidator validator;
-
-    CapabilityValidatorFake(SessionValidator validator) {
-      this.validator = validator;
-    }
-
-    @Override
-    public SessionContext checkAuthorized(
-        SessionKey sessionKey,
-        Capability capability,
-        AuditCheck check)
-        throws AuthFailedException {
-
-      return validator.checkAuthenticated(
-          sessionKey,
-          ImmutableSet.of(CAPABILITIES.get(capability)));
-    }
-
-    @Override
-    public SessionContext checkAuthenticated(
-        SessionKey sessionKey,
-        Set<String> targetRoles)
-        throws AuthFailedException {
-
-      return validator.checkAuthenticated(sessionKey, targetRoles);
-    }
-
-    @Override
-    public String toString(SessionKey sessionKey) {
-      return validator.toString(sessionKey);
-    }
-  }
-
   @Before
   public void setUp() {
-    context = createMock(SessionContext.class);
     quotaManager = createMock(QuotaManager.class);
-    createThrift(CAPABILITIES);
+    createThrift();
   }
 
-  private void createThrift(Map<Capability, String> capabilities) {
+  private void createThrift() {
     Injector injector = Guice.createInjector(
         new ThriftModule(),
-        new ThriftAuthModule(capabilities, new AbstractModule() {
-          @Override
-          protected void configure() {
-            bind(SessionValidator.class).toInstance(validator);
-            bind(CapabilityValidator.class).toInstance(new CapabilityValidatorFake(validator));
-          }
-        }),
         new AbstractModule() {
           private <T> T bindMock(Class<T> clazz) {
             T mock = createMock(clazz);
@@ -186,26 +104,18 @@ public class ThriftIT extends EasyMockTest {
     thrift = injector.getInstance(AnnotatedAuroraAdmin.class);
   }
 
-  private void setQuota(String user, boolean allowed) throws Exception {
-    assertEquals(
-        allowed ? OK : AUTH_FAILED,
-        thrift.setQuota(USER, QUOTA.newBuilder(), new SessionKey().setData(user.getBytes()))
-            .getResponseCode());
-  }
-
   @Test
-  public void testProvisionAccess() throws Exception {
+  public void testSetQuota() throws Exception {
     storageTestUtil.expectOperations();
     quotaManager.saveQuota(
         USER,
         QUOTA,
         storageTestUtil.mutableStoreProvider);
-    expectLastCall().times(2);
 
     control.replay();
 
-    setQuota(ROOT_USER, true);
-    setQuota(PROVISIONER_USER, true);
-    setQuota("cletus", false);
+    assertEquals(
+        OK,
+        thrift.setQuota(USER, QUOTA.newBuilder(), null).getResponseCode());
   }
 }

http://git-wip-us.apache.org/repos/asf/aurora/blob/4eeec7a7/src/test/java/org/apache/aurora/scheduler/thrift/aop/AopModuleTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/aurora/scheduler/thrift/aop/AopModuleTest.java b/src/test/java/org/apache/aurora/scheduler/thrift/aop/AopModuleTest.java
index b940e82..dafcf25 100644
--- a/src/test/java/org/apache/aurora/scheduler/thrift/aop/AopModuleTest.java
+++ b/src/test/java/org/apache/aurora/scheduler/thrift/aop/AopModuleTest.java
@@ -21,7 +21,6 @@ import com.google.inject.CreationException;
 import com.google.inject.Guice;
 import com.google.inject.Injector;
 
-import org.apache.aurora.auth.CapabilityValidator;
 import org.apache.aurora.common.testing.easymock.EasyMockTest;
 import org.apache.aurora.gen.AuroraAdmin.Iface;
 import org.apache.aurora.gen.JobConfiguration;
@@ -39,18 +38,10 @@ import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertSame;
 
 public class AopModuleTest extends EasyMockTest {
-
-  private static final SessionKey SESSION_KEY = new SessionKey();
-
-  private CapabilityValidator capabilityValidator;
   private AnnotatedAuroraAdmin mockThrift;
 
   @Before
   public void setUp() throws Exception {
-    capabilityValidator = createMock(CapabilityValidator.class);
-    expect(capabilityValidator.toString(SESSION_KEY))
-        .andReturn("user")
-        .anyTimes();
     mockThrift = createMock(AnnotatedAuroraAdmin.class);
   }
 
@@ -59,7 +50,6 @@ public class AopModuleTest extends EasyMockTest {
         new AbstractModule() {
           @Override
           protected void configure() {
-            bind(CapabilityValidator.class).toInstance(capabilityValidator);
             bind(IServerInfo.class).toInstance(IServerInfo.build(new ServerInfo()));
             MockDecoratedThrift.bindForwardedMock(binder(), mockThrift);
           }
@@ -103,12 +93,12 @@ public class AopModuleTest extends EasyMockTest {
   private void assertCreateAllowed(Map<String, Boolean> toggledMethods) throws Exception {
     JobConfiguration job = new JobConfiguration();
     Response response = new Response();
-    expect(mockThrift.createJob(job, null, SESSION_KEY)).andReturn(response);
+    expect(mockThrift.createJob(job, null, null)).andReturn(response);
 
     control.replay();
 
     Iface thrift = getIface(toggledMethods);
-    assertSame(response, thrift.createJob(job, null, SESSION_KEY));
+    assertSame(response, thrift.createJob(job, null, null));
   }
 
   @Test

http://git-wip-us.apache.org/repos/asf/aurora/blob/4eeec7a7/src/test/java/org/apache/aurora/scheduler/thrift/aop/LoggingInterceptorTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/aurora/scheduler/thrift/aop/LoggingInterceptorTest.java b/src/test/java/org/apache/aurora/scheduler/thrift/aop/LoggingInterceptorTest.java
index 1bb3eae..f0caa8b 100644
--- a/src/test/java/org/apache/aurora/scheduler/thrift/aop/LoggingInterceptorTest.java
+++ b/src/test/java/org/apache/aurora/scheduler/thrift/aop/LoggingInterceptorTest.java
@@ -18,7 +18,6 @@ import java.util.concurrent.atomic.AtomicBoolean;
 import javax.annotation.Nullable;
 
 import org.aopalliance.intercept.MethodInvocation;
-import org.apache.aurora.auth.CapabilityValidator;
 import org.apache.aurora.common.testing.easymock.EasyMockTest;
 import org.apache.aurora.gen.JobConfiguration;
 import org.apache.aurora.gen.Response;
@@ -35,8 +34,6 @@ import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 
 public class LoggingInterceptorTest extends EasyMockTest {
-  private CapabilityValidator capabilityValidator;
-
   private MethodInvocation methodInvocation;
 
   private LoggingInterceptor loggingInterceptor;
@@ -64,9 +61,7 @@ public class LoggingInterceptorTest extends EasyMockTest {
 
   @Before
   public void setUp() throws Exception {
-    capabilityValidator = createMock(CapabilityValidator.class);
-
-    loggingInterceptor = new LoggingInterceptor(capabilityValidator);
+    loggingInterceptor = new LoggingInterceptor();
 
     methodInvocation = createMock(MethodInvocation.class);
   }
@@ -150,21 +145,4 @@ public class LoggingInterceptorTest extends EasyMockTest {
 
     assertSame(response, loggingInterceptor.invoke(methodInvocation));
   }
-
-  @Test
-  public void testInvokePrintsSessionKey() throws Throwable {
-    Response response = new Response();
-    SessionKey sessionKey = new SessionKey();
-
-    expect(methodInvocation.getMethod())
-        .andReturn(InterceptedClass.class.getDeclaredMethod("respond", SessionKey.class));
-    expect(methodInvocation.getArguments()).andReturn(new Object[] {sessionKey});
-    expect(methodInvocation.proceed()).andReturn(response);
-
-    expect(capabilityValidator.toString(sessionKey)).andReturn("session-key");
-
-    control.replay();
-
-    assertSame(response, loggingInterceptor.invoke(methodInvocation));
-  }
 }


Mime
View raw message