Search in sources :

Example 1 with SecureStoreManager

use of co.cask.cdap.api.security.store.SecureStoreManager in project cdap by caskdata.

the class MapReduceTaskContextProvider method createCacheLoader.

/**
   * Creates a {@link CacheLoader} for the task context cache.
   */
private CacheLoader<ContextCacheKey, BasicMapReduceTaskContext> createCacheLoader(final Injector injector) {
    final DiscoveryServiceClient discoveryServiceClient = injector.getInstance(DiscoveryServiceClient.class);
    final DatasetFramework datasetFramework = injector.getInstance(DatasetFramework.class);
    final SecureStore secureStore = injector.getInstance(SecureStore.class);
    final SecureStoreManager secureStoreManager = injector.getInstance(SecureStoreManager.class);
    final MessagingService messagingService = injector.getInstance(MessagingService.class);
    // Multiple instances of BasicMapReduceTaskContext can shares the same program.
    final AtomicReference<Program> programRef = new AtomicReference<>();
    return new CacheLoader<ContextCacheKey, BasicMapReduceTaskContext>() {

        @Override
        public BasicMapReduceTaskContext load(ContextCacheKey key) throws Exception {
            MapReduceContextConfig contextConfig = new MapReduceContextConfig(key.getConfiguration());
            MapReduceClassLoader classLoader = MapReduceClassLoader.getFromConfiguration(key.getConfiguration());
            Program program = programRef.get();
            if (program == null) {
                // Creation of program is relatively cheap, so just create and do compare and set.
                programRef.compareAndSet(null, createProgram(contextConfig, classLoader.getProgramClassLoader()));
                program = programRef.get();
            }
            WorkflowProgramInfo workflowInfo = contextConfig.getWorkflowProgramInfo();
            DatasetFramework programDatasetFramework = workflowInfo == null ? datasetFramework : NameMappedDatasetFramework.createFromWorkflowProgramInfo(datasetFramework, workflowInfo, program.getApplicationSpecification());
            // Setup dataset framework context, if required
            if (programDatasetFramework instanceof ProgramContextAware) {
                ProgramRunId programRunId = program.getId().run(ProgramRunners.getRunId(contextConfig.getProgramOptions()));
                ((ProgramContextAware) programDatasetFramework).setContext(new BasicProgramContext(programRunId));
            }
            MapReduceSpecification spec = program.getApplicationSpecification().getMapReduce().get(program.getName());
            MetricsCollectionService metricsCollectionService = null;
            MapReduceMetrics.TaskType taskType = null;
            String taskId = null;
            TaskAttemptID taskAttemptId = key.getTaskAttemptID();
            // from a org.apache.hadoop.io.RawComparator
            if (taskAttemptId != null) {
                taskId = taskAttemptId.getTaskID().toString();
                if (MapReduceMetrics.TaskType.hasType(taskAttemptId.getTaskType())) {
                    taskType = MapReduceMetrics.TaskType.from(taskAttemptId.getTaskType());
                    // if this is not for a mapper or a reducer, we don't need the metrics collection service
                    metricsCollectionService = injector.getInstance(MetricsCollectionService.class);
                }
            }
            CConfiguration cConf = injector.getInstance(CConfiguration.class);
            TransactionSystemClient txClient = injector.getInstance(TransactionSystemClient.class);
            return new BasicMapReduceTaskContext(program, contextConfig.getProgramOptions(), cConf, taskType, taskId, spec, workflowInfo, discoveryServiceClient, metricsCollectionService, txClient, contextConfig.getTx(), programDatasetFramework, classLoader.getPluginInstantiator(), contextConfig.getLocalizedResources(), secureStore, secureStoreManager, authorizationEnforcer, authenticationContext, messagingService);
        }
    };
}
Also used : DiscoveryServiceClient(org.apache.twill.discovery.DiscoveryServiceClient) TaskAttemptID(org.apache.hadoop.mapreduce.TaskAttemptID) DatasetFramework(co.cask.cdap.data2.dataset2.DatasetFramework) NameMappedDatasetFramework(co.cask.cdap.internal.app.runtime.workflow.NameMappedDatasetFramework) TransactionSystemClient(org.apache.tephra.TransactionSystemClient) SecureStoreManager(co.cask.cdap.api.security.store.SecureStoreManager) MapReduceMetrics(co.cask.cdap.app.metrics.MapReduceMetrics) Program(co.cask.cdap.app.program.Program) DefaultProgram(co.cask.cdap.app.program.DefaultProgram) MetricsCollectionService(co.cask.cdap.api.metrics.MetricsCollectionService) MapReduceSpecification(co.cask.cdap.api.mapreduce.MapReduceSpecification) AtomicReference(java.util.concurrent.atomic.AtomicReference) BasicProgramContext(co.cask.cdap.internal.app.runtime.BasicProgramContext) SecureStore(co.cask.cdap.api.security.store.SecureStore) CConfiguration(co.cask.cdap.common.conf.CConfiguration) MessagingService(co.cask.cdap.messaging.MessagingService) WorkflowProgramInfo(co.cask.cdap.internal.app.runtime.workflow.WorkflowProgramInfo) CacheLoader(com.google.common.cache.CacheLoader) ProgramRunId(co.cask.cdap.proto.id.ProgramRunId) ProgramContextAware(co.cask.cdap.data.ProgramContextAware)

Example 2 with SecureStoreManager

use of co.cask.cdap.api.security.store.SecureStoreManager in project cdap by caskdata.

the class DefaultSecureStoreServiceTest method setup.

@BeforeClass
public static void setup() throws Exception {
    SConfiguration sConf = SConfiguration.create();
    sConf.set(Constants.Security.Store.FILE_PASSWORD, "secret");
    final Injector injector = AppFabricTestHelper.getInjector(createCConf(), sConf, new AbstractModule() {

        @Override
        protected void configure() {
        // no overrides
        }
    });
    discoveryServiceClient = injector.getInstance(DiscoveryServiceClient.class);
    appFabricServer = injector.getInstance(AppFabricServer.class);
    appFabricServer.startAndWait();
    waitForService(Constants.Service.DATASET_MANAGER);
    secureStore = injector.getInstance(SecureStore.class);
    secureStoreManager = injector.getInstance(SecureStoreManager.class);
    authorizer = injector.getInstance(AuthorizerInstantiator.class).get();
    authorizer.grant(NamespaceId.DEFAULT, ALICE, Collections.singleton(Action.READ));
    Tasks.waitFor(true, new Callable<Boolean>() {

        @Override
        public Boolean call() throws Exception {
            return injector.getInstance(NamespaceAdmin.class).exists(NamespaceId.DEFAULT);
        }
    }, 5, TimeUnit.SECONDS);
    authorizer.revoke(NamespaceId.DEFAULT, ALICE, Collections.singleton(Action.READ));
}
Also used : DiscoveryServiceClient(org.apache.twill.discovery.DiscoveryServiceClient) Injector(com.google.inject.Injector) SConfiguration(co.cask.cdap.common.conf.SConfiguration) SecureStoreManager(co.cask.cdap.api.security.store.SecureStoreManager) SecureStore(co.cask.cdap.api.security.store.SecureStore) UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException) AbstractModule(com.google.inject.AbstractModule) BeforeClass(org.junit.BeforeClass)

Example 3 with SecureStoreManager

use of co.cask.cdap.api.security.store.SecureStoreManager in project cdap by caskdata.

the class TestBase method initialize.

@BeforeClass
public static void initialize() throws Exception {
    if (nestedStartCount++ > 0) {
        return;
    }
    File localDataDir = TMP_FOLDER.newFolder();
    cConf = createCConf(localDataDir);
    org.apache.hadoop.conf.Configuration hConf = new org.apache.hadoop.conf.Configuration();
    hConf.addResource("mapred-site-local.xml");
    hConf.reloadConfiguration();
    hConf.set(Constants.CFG_LOCAL_DATA_DIR, localDataDir.getAbsolutePath());
    hConf.set(Constants.AppFabric.OUTPUT_DIR, cConf.get(Constants.AppFabric.OUTPUT_DIR));
    hConf.set("hadoop.tmp.dir", new File(localDataDir, cConf.get(Constants.AppFabric.TEMP_DIR)).getAbsolutePath());
    // Windows specific requirements
    if (OSDetector.isWindows()) {
        File tmpDir = TMP_FOLDER.newFolder();
        File binDir = new File(tmpDir, "bin");
        Assert.assertTrue(binDir.mkdirs());
        copyTempFile("hadoop.dll", tmpDir);
        copyTempFile("winutils.exe", binDir);
        System.setProperty("hadoop.home.dir", tmpDir.getAbsolutePath());
        System.load(new File(tmpDir, "hadoop.dll").getAbsolutePath());
    }
    Injector injector = Guice.createInjector(createDataFabricModule(), new TransactionExecutorModule(), new DataSetsModules().getStandaloneModules(), new DataSetServiceModules().getInMemoryModules(), new ConfigModule(cConf, hConf), new IOModule(), new LocationRuntimeModule().getInMemoryModules(), new DiscoveryRuntimeModule().getInMemoryModules(), new AppFabricServiceRuntimeModule().getInMemoryModules(), new ServiceStoreModules().getInMemoryModules(), new InMemoryProgramRunnerModule(LocalStreamWriter.class), new SecureStoreModules().getInMemoryModules(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(StreamHandler.class).in(Scopes.SINGLETON);
            bind(StreamFetchHandler.class).in(Scopes.SINGLETON);
            bind(StreamViewHttpHandler.class).in(Scopes.SINGLETON);
            bind(StreamFileJanitorService.class).to(LocalStreamFileJanitorService.class).in(Scopes.SINGLETON);
            bind(StreamWriterSizeCollector.class).to(BasicStreamWriterSizeCollector.class).in(Scopes.SINGLETON);
            bind(StreamCoordinatorClient.class).to(InMemoryStreamCoordinatorClient.class).in(Scopes.SINGLETON);
            bind(MetricsManager.class).toProvider(MetricsManagerProvider.class);
        }
    }, // todo: do we need handler?
    new MetricsHandlerModule(), new MetricsClientRuntimeModule().getInMemoryModules(), new LoggingModules().getInMemoryModules(), new LogReaderRuntimeModules().getInMemoryModules(), new ExploreRuntimeModule().getInMemoryModules(), new ExploreClientModule(), new NotificationFeedServiceRuntimeModule().getInMemoryModules(), new NotificationServiceRuntimeModule().getInMemoryModules(), new NamespaceStoreModule().getStandaloneModules(), new AuthorizationModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new MessagingServerRuntimeModule().getInMemoryModules(), new PreviewHttpModule(), new AbstractModule() {

        @Override
        @SuppressWarnings("deprecation")
        protected void configure() {
            install(new FactoryModuleBuilder().implement(ApplicationManager.class, DefaultApplicationManager.class).build(ApplicationManagerFactory.class));
            install(new FactoryModuleBuilder().implement(ArtifactManager.class, DefaultArtifactManager.class).build(ArtifactManagerFactory.class));
            install(new FactoryModuleBuilder().implement(StreamManager.class, DefaultStreamManager.class).build(StreamManagerFactory.class));
            bind(TemporaryFolder.class).toInstance(TMP_FOLDER);
            bind(AuthorizationHandler.class).in(Scopes.SINGLETON);
        }
    });
    messagingService = injector.getInstance(MessagingService.class);
    if (messagingService instanceof Service) {
        ((Service) messagingService).startAndWait();
    }
    AuthorizationBootstrapper authorizationBootstrapper = injector.getInstance(AuthorizationBootstrapper.class);
    authorizationBootstrapper.run();
    txService = injector.getInstance(TransactionManager.class);
    txService.startAndWait();
    dsOpService = injector.getInstance(DatasetOpExecutor.class);
    dsOpService.startAndWait();
    datasetService = injector.getInstance(DatasetService.class);
    datasetService.startAndWait();
    metricsQueryService = injector.getInstance(MetricsQueryService.class);
    metricsQueryService.startAndWait();
    metricsCollectionService = injector.getInstance(MetricsCollectionService.class);
    metricsCollectionService.startAndWait();
    scheduler = injector.getInstance(Scheduler.class);
    if (scheduler instanceof Service) {
        ((Service) scheduler).startAndWait();
    }
    if (cConf.getBoolean(Constants.Explore.EXPLORE_ENABLED)) {
        exploreExecutorService = injector.getInstance(ExploreExecutorService.class);
        exploreExecutorService.startAndWait();
        // wait for explore service to be discoverable
        DiscoveryServiceClient discoveryService = injector.getInstance(DiscoveryServiceClient.class);
        EndpointStrategy endpointStrategy = new RandomEndpointStrategy(discoveryService.discover(Constants.Service.EXPLORE_HTTP_USER_SERVICE));
        Preconditions.checkNotNull(endpointStrategy.pick(5, TimeUnit.SECONDS), "%s service is not up after 5 seconds", Constants.Service.EXPLORE_HTTP_USER_SERVICE);
        exploreClient = injector.getInstance(ExploreClient.class);
    }
    streamCoordinatorClient = injector.getInstance(StreamCoordinatorClient.class);
    streamCoordinatorClient.startAndWait();
    programScheduler = injector.getInstance(Scheduler.class);
    if (programScheduler instanceof Service) {
        ((Service) programScheduler).startAndWait();
    }
    testManager = injector.getInstance(UnitTestManager.class);
    metricsManager = injector.getInstance(MetricsManager.class);
    authorizerInstantiator = injector.getInstance(AuthorizerInstantiator.class);
    // This is needed so the logged-in user can successfully create the default namespace
    if (cConf.getBoolean(Constants.Security.Authorization.ENABLED)) {
        String user = System.getProperty("user.name");
        SecurityRequestContext.setUserId(user);
        InstanceId instance = new InstanceId(cConf.get(Constants.INSTANCE_NAME));
        Principal principal = new Principal(user, Principal.PrincipalType.USER);
        authorizerInstantiator.get().grant(instance, principal, ImmutableSet.of(Action.ADMIN));
        authorizerInstantiator.get().grant(NamespaceId.DEFAULT, principal, ImmutableSet.of(Action.ADMIN));
    }
    namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
    if (firstInit) {
        // only create the default namespace on first test. if multiple tests are run in the same JVM,
        // then any time after the first time, the default namespace already exists. That is because
        // the namespaceAdmin.delete(Id.Namespace.DEFAULT) in finish() only clears the default namespace
        // but does not remove it entirely
        namespaceAdmin.create(NamespaceMeta.DEFAULT);
    }
    secureStore = injector.getInstance(SecureStore.class);
    secureStoreManager = injector.getInstance(SecureStoreManager.class);
    messagingContext = new MultiThreadMessagingContext(messagingService);
    firstInit = false;
    previewManager = injector.getInstance(PreviewManager.class);
}
Also used : DataSetServiceModules(co.cask.cdap.data.runtime.DataSetServiceModules) DefaultApplicationManager(co.cask.cdap.test.internal.DefaultApplicationManager) DiscoveryServiceClient(org.apache.twill.discovery.DiscoveryServiceClient) CConfiguration(co.cask.cdap.common.conf.CConfiguration) InMemoryProgramRunnerModule(co.cask.cdap.app.guice.InMemoryProgramRunnerModule) DatasetService(co.cask.cdap.data2.datafabric.dataset.service.DatasetService) MetricsClientRuntimeModule(co.cask.cdap.metrics.guice.MetricsClientRuntimeModule) PreviewManager(co.cask.cdap.app.preview.PreviewManager) RandomEndpointStrategy(co.cask.cdap.common.discovery.RandomEndpointStrategy) EndpointStrategy(co.cask.cdap.common.discovery.EndpointStrategy) Injector(com.google.inject.Injector) StreamWriterSizeCollector(co.cask.cdap.data.stream.service.StreamWriterSizeCollector) BasicStreamWriterSizeCollector(co.cask.cdap.data.stream.service.BasicStreamWriterSizeCollector) SecureStoreManager(co.cask.cdap.api.security.store.SecureStoreManager) DefaultArtifactManager(co.cask.cdap.test.internal.DefaultArtifactManager) DiscoveryRuntimeModule(co.cask.cdap.common.guice.DiscoveryRuntimeModule) AuthorizationModule(co.cask.cdap.app.guice.AuthorizationModule) DefaultApplicationManager(co.cask.cdap.test.internal.DefaultApplicationManager) MetricsCollectionService(co.cask.cdap.api.metrics.MetricsCollectionService) InstanceId(co.cask.cdap.proto.id.InstanceId) SecureStoreModules(co.cask.cdap.security.guice.SecureStoreModules) LocationRuntimeModule(co.cask.cdap.common.guice.LocationRuntimeModule) NamespaceAdmin(co.cask.cdap.common.namespace.NamespaceAdmin) ExploreRuntimeModule(co.cask.cdap.explore.guice.ExploreRuntimeModule) SecureStore(co.cask.cdap.api.security.store.SecureStore) AuthorizationBootstrapper(co.cask.cdap.security.authorization.AuthorizationBootstrapper) ExploreClientModule(co.cask.cdap.explore.guice.ExploreClientModule) TransactionManager(org.apache.tephra.TransactionManager) NotificationFeedServiceRuntimeModule(co.cask.cdap.notifications.feeds.guice.NotificationFeedServiceRuntimeModule) File(java.io.File) AppFabricServiceRuntimeModule(co.cask.cdap.app.guice.AppFabricServiceRuntimeModule) AuthorizationEnforcementModule(co.cask.cdap.security.authorization.AuthorizationEnforcementModule) IOModule(co.cask.cdap.common.guice.IOModule) ExploreClient(co.cask.cdap.explore.client.ExploreClient) ConfigModule(co.cask.cdap.common.guice.ConfigModule) FactoryModuleBuilder(com.google.inject.assistedinject.FactoryModuleBuilder) Scheduler(co.cask.cdap.scheduler.Scheduler) AuthorizerInstantiator(co.cask.cdap.security.authorization.AuthorizerInstantiator) NamespaceStoreModule(co.cask.cdap.store.guice.NamespaceStoreModule) PreviewHttpModule(co.cask.cdap.app.preview.PreviewHttpModule) MessagingServerRuntimeModule(co.cask.cdap.messaging.guice.MessagingServerRuntimeModule) MultiThreadMessagingContext(co.cask.cdap.internal.app.runtime.messaging.MultiThreadMessagingContext) NotificationServiceRuntimeModule(co.cask.cdap.notifications.guice.NotificationServiceRuntimeModule) TransactionExecutorModule(co.cask.cdap.data.runtime.TransactionExecutorModule) MetricsQueryService(co.cask.cdap.metrics.query.MetricsQueryService) DefaultStreamManager(co.cask.cdap.test.internal.DefaultStreamManager) LogReaderRuntimeModules(co.cask.cdap.logging.guice.LogReaderRuntimeModules) DataSetsModules(co.cask.cdap.data.runtime.DataSetsModules) StreamCoordinatorClient(co.cask.cdap.data.stream.StreamCoordinatorClient) InMemoryStreamCoordinatorClient(co.cask.cdap.data.stream.InMemoryStreamCoordinatorClient) MetricsCollectionService(co.cask.cdap.api.metrics.MetricsCollectionService) LocalStreamFileJanitorService(co.cask.cdap.data.stream.service.LocalStreamFileJanitorService) ExploreExecutorService(co.cask.cdap.explore.executor.ExploreExecutorService) Service(com.google.common.util.concurrent.Service) MessagingService(co.cask.cdap.messaging.MessagingService) MetricsQueryService(co.cask.cdap.metrics.query.MetricsQueryService) StreamFileJanitorService(co.cask.cdap.data.stream.service.StreamFileJanitorService) DatasetService(co.cask.cdap.data2.datafabric.dataset.service.DatasetService) DatasetOpExecutor(co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetOpExecutor) LocalStreamFileJanitorService(co.cask.cdap.data.stream.service.LocalStreamFileJanitorService) StreamFileJanitorService(co.cask.cdap.data.stream.service.StreamFileJanitorService) AbstractModule(com.google.inject.AbstractModule) LoggingModules(co.cask.cdap.logging.guice.LoggingModules) MessagingService(co.cask.cdap.messaging.MessagingService) DefaultArtifactManager(co.cask.cdap.test.internal.DefaultArtifactManager) MetricsHandlerModule(co.cask.cdap.metrics.guice.MetricsHandlerModule) LocalStreamWriter(co.cask.cdap.test.internal.LocalStreamWriter) DefaultStreamManager(co.cask.cdap.test.internal.DefaultStreamManager) ExploreExecutorService(co.cask.cdap.explore.executor.ExploreExecutorService) ServiceStoreModules(co.cask.cdap.app.guice.ServiceStoreModules) Principal(co.cask.cdap.proto.security.Principal) RandomEndpointStrategy(co.cask.cdap.common.discovery.RandomEndpointStrategy) BeforeClass(org.junit.BeforeClass)

Aggregations

SecureStore (co.cask.cdap.api.security.store.SecureStore)3 SecureStoreManager (co.cask.cdap.api.security.store.SecureStoreManager)3 MetricsCollectionService (co.cask.cdap.api.metrics.MetricsCollectionService)2 CConfiguration (co.cask.cdap.common.conf.CConfiguration)2 MessagingService (co.cask.cdap.messaging.MessagingService)2 DiscoveryServiceClient (org.apache.twill.discovery.DiscoveryServiceClient)2 MapReduceSpecification (co.cask.cdap.api.mapreduce.MapReduceSpecification)1 AppFabricServiceRuntimeModule (co.cask.cdap.app.guice.AppFabricServiceRuntimeModule)1 AuthorizationModule (co.cask.cdap.app.guice.AuthorizationModule)1 InMemoryProgramRunnerModule (co.cask.cdap.app.guice.InMemoryProgramRunnerModule)1 ServiceStoreModules (co.cask.cdap.app.guice.ServiceStoreModules)1 MapReduceMetrics (co.cask.cdap.app.metrics.MapReduceMetrics)1 PreviewHttpModule (co.cask.cdap.app.preview.PreviewHttpModule)1 PreviewManager (co.cask.cdap.app.preview.PreviewManager)1 DefaultProgram (co.cask.cdap.app.program.DefaultProgram)1 Program (co.cask.cdap.app.program.Program)1 SConfiguration (co.cask.cdap.common.conf.SConfiguration)1 EndpointStrategy (co.cask.cdap.common.discovery.EndpointStrategy)1 RandomEndpointStrategy (co.cask.cdap.common.discovery.RandomEndpointStrategy)1 ConfigModule (co.cask.cdap.common.guice.ConfigModule)1