Search in sources :

Example 16 with AuthorizationEnforcementModule

use of co.cask.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class LevelDBFileStreamAdminTest method init.

@BeforeClass
public static void init() throws Exception {
    CConfiguration cConf = CConfiguration.create();
    cConf.set(Constants.CFG_LOCAL_DATA_DIR, tmpFolder.newFolder().getAbsolutePath());
    addCConfProperties(cConf);
    Injector injector = Guice.createInjector(new ConfigModule(cConf), new NonCustomLocationUnitTestModule().getModule(), new SystemDatasetRuntimeModule().getInMemoryModules(), new DataSetsModules().getInMemoryModules(), new DataFabricLevelDBModule(), new TransactionMetricsModule(), new DiscoveryRuntimeModule().getInMemoryModules(), new ExploreClientModule(), new ViewAdminModules().getInMemoryModules(), new AuditModule().getInMemoryModules(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getNoOpModule(), Modules.override(new StreamAdminModules().getStandaloneModules()).with(new AbstractModule() {

        @Override
        protected void configure() {
            bind(StreamMetaStore.class).to(InMemoryStreamMetaStore.class);
            bind(NotificationFeedManager.class).to(NoOpNotificationFeedManager.class);
            bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
            bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
            bind(NamespaceQueryAdmin.class).to(SimpleNamespaceQueryAdmin.class);
        }
    }));
    streamAdmin = injector.getInstance(StreamAdmin.class);
    txManager = injector.getInstance(TransactionManager.class);
    fileWriterFactory = injector.getInstance(StreamFileWriterFactory.class);
    streamCoordinatorClient = injector.getInstance(StreamCoordinatorClient.class);
    inMemoryAuditPublisher = injector.getInstance(InMemoryAuditPublisher.class);
    authorizer = injector.getInstance(AuthorizerInstantiator.class).get();
    ownerAdmin = injector.getInstance(OwnerAdmin.class);
    streamCoordinatorClient.startAndWait();
    setupNamespaces(injector.getInstance(NamespacedLocationFactory.class));
    txManager.startAndWait();
}
Also used : ConfigModule(co.cask.cdap.common.guice.ConfigModule) UGIProvider(co.cask.cdap.security.impersonation.UGIProvider) UnsupportedUGIProvider(co.cask.cdap.security.impersonation.UnsupportedUGIProvider) NamespacedLocationFactory(co.cask.cdap.common.namespace.NamespacedLocationFactory) DataFabricLevelDBModule(co.cask.cdap.data.runtime.DataFabricLevelDBModule) TransactionMetricsModule(co.cask.cdap.data.runtime.TransactionMetricsModule) ViewAdminModules(co.cask.cdap.data.view.ViewAdminModules) Injector(com.google.inject.Injector) InMemoryStreamMetaStore(co.cask.cdap.data.stream.service.InMemoryStreamMetaStore) StreamMetaStore(co.cask.cdap.data.stream.service.StreamMetaStore) NamespaceQueryAdmin(co.cask.cdap.common.namespace.NamespaceQueryAdmin) SimpleNamespaceQueryAdmin(co.cask.cdap.common.namespace.SimpleNamespaceQueryAdmin) SystemDatasetRuntimeModule(co.cask.cdap.data.runtime.SystemDatasetRuntimeModule) DiscoveryRuntimeModule(co.cask.cdap.common.guice.DiscoveryRuntimeModule) NotificationFeedManager(co.cask.cdap.notifications.feeds.NotificationFeedManager) NoOpNotificationFeedManager(co.cask.cdap.notifications.feeds.service.NoOpNotificationFeedManager) AuthenticationContextModules(co.cask.cdap.security.auth.context.AuthenticationContextModules) DataSetsModules(co.cask.cdap.data.runtime.DataSetsModules) DefaultOwnerAdmin(co.cask.cdap.security.impersonation.DefaultOwnerAdmin) OwnerAdmin(co.cask.cdap.security.impersonation.OwnerAdmin) StreamCoordinatorClient(co.cask.cdap.data.stream.StreamCoordinatorClient) NonCustomLocationUnitTestModule(co.cask.cdap.common.guice.NonCustomLocationUnitTestModule) CConfiguration(co.cask.cdap.common.conf.CConfiguration) AuthorizationTestModule(co.cask.cdap.security.authorization.AuthorizationTestModule) AbstractModule(com.google.inject.AbstractModule) StreamAdminModules(co.cask.cdap.data.stream.StreamAdminModules) StreamAdmin(co.cask.cdap.data2.transaction.stream.StreamAdmin) StreamFileWriterFactory(co.cask.cdap.data.stream.StreamFileWriterFactory) InMemoryAuditPublisher(co.cask.cdap.data2.audit.InMemoryAuditPublisher) ExploreClientModule(co.cask.cdap.explore.guice.ExploreClientModule) TransactionManager(org.apache.tephra.TransactionManager) AuditModule(co.cask.cdap.data2.audit.AuditModule) AuthorizationEnforcementModule(co.cask.cdap.security.authorization.AuthorizationEnforcementModule) BeforeClass(org.junit.BeforeClass)

Example 17 with AuthorizationEnforcementModule

use of co.cask.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class DatasetOpExecutorServiceTest method setUp.

@Before
public void setUp() throws Exception {
    Configuration hConf = new Configuration();
    CConfiguration cConf = CConfiguration.create();
    File datasetDir = new File(TMP_FOLDER.newFolder(), "datasetUser");
    Assert.assertTrue(datasetDir.mkdirs());
    cConf.set(Constants.Dataset.Manager.OUTPUT_DIR, datasetDir.getAbsolutePath());
    cConf.set(Constants.Service.MASTER_SERVICES_BIND_ADDRESS, "localhost");
    cConf.set(Constants.Dataset.Executor.ADDRESS, "localhost");
    cConf.setInt(Constants.Dataset.Executor.PORT, Networks.getRandomPort());
    Injector injector = Guice.createInjector(new ConfigModule(cConf, hConf), new IOModule(), new ZKClientModule(), new KafkaClientModule(), new DiscoveryRuntimeModule().getInMemoryModules(), new NonCustomLocationUnitTestModule().getModule(), new DataFabricModules().getInMemoryModules(), new DataSetsModules().getStandaloneModules(), new DataSetServiceModules().getInMemoryModules(), new TransactionMetricsModule(), new ExploreClientModule(), new NamespaceClientRuntimeModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
            bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
        }
    });
    txManager = injector.getInstance(TransactionManager.class);
    txManager.startAndWait();
    managerService = injector.getInstance(DatasetService.class);
    managerService.startAndWait();
    dsFramework = injector.getInstance(DatasetFramework.class);
    // find host
    DiscoveryServiceClient discoveryClient = injector.getInstance(DiscoveryServiceClient.class);
    endpointStrategy = new RandomEndpointStrategy(discoveryClient.discover(Constants.Service.DATASET_MANAGER));
    namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
    namespaceAdmin.create(NamespaceMeta.DEFAULT);
    namespaceAdmin.create(new NamespaceMeta.Builder().setName(bob.getParent()).build());
}
Also used : IOModule(co.cask.cdap.common.guice.IOModule) NamespaceClientRuntimeModule(co.cask.cdap.common.namespace.guice.NamespaceClientRuntimeModule) DataSetServiceModules(co.cask.cdap.data.runtime.DataSetServiceModules) DiscoveryServiceClient(org.apache.twill.discovery.DiscoveryServiceClient) CConfiguration(co.cask.cdap.common.conf.CConfiguration) Configuration(org.apache.hadoop.conf.Configuration) ConfigModule(co.cask.cdap.common.guice.ConfigModule) DatasetService(co.cask.cdap.data2.datafabric.dataset.service.DatasetService) TransactionMetricsModule(co.cask.cdap.data.runtime.TransactionMetricsModule) DatasetFramework(co.cask.cdap.data2.dataset2.DatasetFramework) ZKClientModule(co.cask.cdap.common.guice.ZKClientModule) Injector(com.google.inject.Injector) KafkaClientModule(co.cask.cdap.common.guice.KafkaClientModule) NamespaceMeta(co.cask.cdap.proto.NamespaceMeta) DiscoveryRuntimeModule(co.cask.cdap.common.guice.DiscoveryRuntimeModule) UnsupportedUGIProvider(co.cask.cdap.security.impersonation.UnsupportedUGIProvider) AuthenticationContextModules(co.cask.cdap.security.auth.context.AuthenticationContextModules) DataSetsModules(co.cask.cdap.data.runtime.DataSetsModules) NamespaceAdmin(co.cask.cdap.common.namespace.NamespaceAdmin) NonCustomLocationUnitTestModule(co.cask.cdap.common.guice.NonCustomLocationUnitTestModule) DefaultOwnerAdmin(co.cask.cdap.security.impersonation.DefaultOwnerAdmin) CConfiguration(co.cask.cdap.common.conf.CConfiguration) AuthorizationTestModule(co.cask.cdap.security.authorization.AuthorizationTestModule) AbstractModule(com.google.inject.AbstractModule) ExploreClientModule(co.cask.cdap.explore.guice.ExploreClientModule) TransactionManager(org.apache.tephra.TransactionManager) File(java.io.File) DataFabricModules(co.cask.cdap.data.runtime.DataFabricModules) AuthorizationEnforcementModule(co.cask.cdap.security.authorization.AuthorizationEnforcementModule) RandomEndpointStrategy(co.cask.cdap.common.discovery.RandomEndpointStrategy) Before(org.junit.Before)

Example 18 with AuthorizationEnforcementModule

use of co.cask.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class DatasetServiceTestBase method initializeAndStartService.

protected static void initializeAndStartService(CConfiguration cConf) throws Exception {
    // TODO: this whole method is a mess. Streamline it!
    injector = Guice.createInjector(new ConfigModule(cConf), new DiscoveryRuntimeModule().getInMemoryModules(), new NonCustomLocationUnitTestModule().getModule(), new NamespaceClientRuntimeModule().getInMemoryModules(), new SystemDatasetRuntimeModule().getInMemoryModules(), new TransactionInMemoryModule(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(MetricsCollectionService.class).to(NoOpMetricsCollectionService.class).in(Singleton.class);
            install(new FactoryModuleBuilder().implement(DatasetDefinitionRegistry.class, DefaultDatasetDefinitionRegistry.class).build(DatasetDefinitionRegistryFactory.class));
            // through the injector, we only need RemoteDatasetFramework in these tests
            bind(RemoteDatasetFramework.class);
            bind(OwnerStore.class).to(InMemoryOwnerStore.class);
            bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
        }
    });
    AuthorizationEnforcer authEnforcer = injector.getInstance(AuthorizationEnforcer.class);
    AuthenticationContext authenticationContext = injector.getInstance(AuthenticationContext.class);
    DiscoveryService discoveryService = injector.getInstance(DiscoveryService.class);
    discoveryServiceClient = injector.getInstance(DiscoveryServiceClient.class);
    dsFramework = injector.getInstance(RemoteDatasetFramework.class);
    // Tx Manager to support working with datasets
    txManager = injector.getInstance(TransactionManager.class);
    txManager.startAndWait();
    TransactionSystemClient txSystemClient = injector.getInstance(TransactionSystemClient.class);
    TransactionSystemClientService txSystemClientService = new DelegatingTransactionSystemClientService(txSystemClient);
    NamespacedLocationFactory namespacedLocationFactory = injector.getInstance(NamespacedLocationFactory.class);
    SystemDatasetInstantiatorFactory datasetInstantiatorFactory = new SystemDatasetInstantiatorFactory(locationFactory, dsFramework, cConf);
    // ok to pass null, since the impersonator won't actually be called, if kerberos security is not enabled
    Impersonator impersonator = new DefaultImpersonator(cConf, null);
    DatasetAdminService datasetAdminService = new DatasetAdminService(dsFramework, cConf, locationFactory, datasetInstantiatorFactory, new NoOpMetadataStore(), impersonator);
    ImmutableSet<HttpHandler> handlers = ImmutableSet.<HttpHandler>of(new DatasetAdminOpHTTPHandler(datasetAdminService));
    MetricsCollectionService metricsCollectionService = injector.getInstance(MetricsCollectionService.class);
    opExecutorService = new DatasetOpExecutorService(cConf, discoveryService, metricsCollectionService, handlers);
    opExecutorService.startAndWait();
    Map<String, DatasetModule> defaultModules = injector.getInstance(Key.get(new TypeLiteral<Map<String, DatasetModule>>() {
    }, Constants.Dataset.Manager.DefaultDatasetModules.class));
    ImmutableMap<String, DatasetModule> modules = ImmutableMap.<String, DatasetModule>builder().putAll(defaultModules).putAll(DatasetMetaTableUtil.getModules()).build();
    registryFactory = injector.getInstance(DatasetDefinitionRegistryFactory.class);
    inMemoryDatasetFramework = new InMemoryDatasetFramework(registryFactory, modules);
    DiscoveryExploreClient exploreClient = new DiscoveryExploreClient(discoveryServiceClient, authenticationContext);
    ExploreFacade exploreFacade = new ExploreFacade(exploreClient, cConf);
    namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
    namespaceAdmin.create(NamespaceMeta.DEFAULT);
    ownerAdmin = injector.getInstance(OwnerAdmin.class);
    NamespaceQueryAdmin namespaceQueryAdmin = injector.getInstance(NamespaceQueryAdmin.class);
    TransactionExecutorFactory txExecutorFactory = new DynamicTransactionExecutorFactory(txSystemClient);
    DatasetTypeManager typeManager = new DatasetTypeManager(cConf, locationFactory, txSystemClientService, txExecutorFactory, inMemoryDatasetFramework, impersonator);
    DatasetOpExecutor opExecutor = new InMemoryDatasetOpExecutor(dsFramework);
    DatasetInstanceManager instanceManager = new DatasetInstanceManager(txSystemClientService, txExecutorFactory, inMemoryDatasetFramework);
    DatasetTypeService noAuthTypeService = new DefaultDatasetTypeService(typeManager, namespaceAdmin, namespacedLocationFactory, cConf, impersonator, txSystemClientService, inMemoryDatasetFramework, defaultModules);
    DatasetTypeService typeService = new AuthorizationDatasetTypeService(noAuthTypeService, authEnforcer, authenticationContext);
    instanceService = new DatasetInstanceService(typeService, noAuthTypeService, instanceManager, opExecutor, exploreFacade, namespaceQueryAdmin, ownerAdmin, authEnforcer, authenticationContext);
    service = new DatasetService(cConf, discoveryService, discoveryServiceClient, metricsCollectionService, opExecutor, new HashSet<DatasetMetricsReporter>(), typeService, instanceService);
    // Start dataset service, wait for it to be discoverable
    service.startAndWait();
    waitForService(Constants.Service.DATASET_EXECUTOR);
    waitForService(Constants.Service.DATASET_MANAGER);
    // this usually happens while creating a namespace, however not doing that in data fabric tests
    Locations.mkdirsIfNotExists(namespacedLocationFactory.get(NamespaceId.DEFAULT));
}
Also used : RemoteDatasetFramework(co.cask.cdap.data2.datafabric.dataset.RemoteDatasetFramework) InMemoryDatasetOpExecutor(co.cask.cdap.data2.datafabric.dataset.service.executor.InMemoryDatasetOpExecutor) AuthenticationContext(co.cask.cdap.security.spi.authentication.AuthenticationContext) DiscoveryServiceClient(org.apache.twill.discovery.DiscoveryServiceClient) DatasetAdminOpHTTPHandler(co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetAdminOpHTTPHandler) TransactionInMemoryModule(org.apache.tephra.runtime.TransactionInMemoryModule) AuthorizationEnforcer(co.cask.cdap.security.spi.authorization.AuthorizationEnforcer) NamespacedLocationFactory(co.cask.cdap.common.namespace.NamespacedLocationFactory) NoOpMetricsCollectionService(co.cask.cdap.common.metrics.NoOpMetricsCollectionService) ExploreFacade(co.cask.cdap.explore.client.ExploreFacade) DynamicTransactionExecutorFactory(co.cask.cdap.data.runtime.DynamicTransactionExecutorFactory) TransactionExecutorFactory(co.cask.cdap.data2.transaction.TransactionExecutorFactory) NoOpMetadataStore(co.cask.cdap.data2.metadata.store.NoOpMetadataStore) DatasetDefinitionRegistryFactory(co.cask.cdap.data2.dataset2.DatasetDefinitionRegistryFactory) SystemDatasetRuntimeModule(co.cask.cdap.data.runtime.SystemDatasetRuntimeModule) DiscoveryRuntimeModule(co.cask.cdap.common.guice.DiscoveryRuntimeModule) InMemoryDatasetFramework(co.cask.cdap.data2.dataset2.InMemoryDatasetFramework) HashSet(java.util.HashSet) HttpHandler(co.cask.http.HttpHandler) DatasetInstanceManager(co.cask.cdap.data2.datafabric.dataset.instance.DatasetInstanceManager) MetricsCollectionService(co.cask.cdap.api.metrics.MetricsCollectionService) NoOpMetricsCollectionService(co.cask.cdap.common.metrics.NoOpMetricsCollectionService) AuthenticationContextModules(co.cask.cdap.security.auth.context.AuthenticationContextModules) DefaultOwnerAdmin(co.cask.cdap.security.impersonation.DefaultOwnerAdmin) OwnerAdmin(co.cask.cdap.security.impersonation.OwnerAdmin) NamespaceAdmin(co.cask.cdap.common.namespace.NamespaceAdmin) NonCustomLocationUnitTestModule(co.cask.cdap.common.guice.NonCustomLocationUnitTestModule) DatasetTypeManager(co.cask.cdap.data2.datafabric.dataset.type.DatasetTypeManager) TransactionManager(org.apache.tephra.TransactionManager) AuthorizationEnforcementModule(co.cask.cdap.security.authorization.AuthorizationEnforcementModule) DelegatingTransactionSystemClientService(co.cask.cdap.data2.transaction.DelegatingTransactionSystemClientService) NamespaceClientRuntimeModule(co.cask.cdap.common.namespace.guice.NamespaceClientRuntimeModule) ConfigModule(co.cask.cdap.common.guice.ConfigModule) FactoryModuleBuilder(com.google.inject.assistedinject.FactoryModuleBuilder) DynamicTransactionExecutorFactory(co.cask.cdap.data.runtime.DynamicTransactionExecutorFactory) DatasetModule(co.cask.cdap.api.dataset.module.DatasetModule) TransactionSystemClient(org.apache.tephra.TransactionSystemClient) DiscoveryExploreClient(co.cask.cdap.explore.client.DiscoveryExploreClient) SystemDatasetInstantiatorFactory(co.cask.cdap.data.dataset.SystemDatasetInstantiatorFactory) TypeLiteral(com.google.inject.TypeLiteral) NamespaceQueryAdmin(co.cask.cdap.common.namespace.NamespaceQueryAdmin) TransactionSystemClientService(co.cask.cdap.data2.transaction.TransactionSystemClientService) DelegatingTransactionSystemClientService(co.cask.cdap.data2.transaction.DelegatingTransactionSystemClientService) DiscoveryService(org.apache.twill.discovery.DiscoveryService) DatasetAdminService(co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetAdminService) DatasetOpExecutor(co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetOpExecutor) InMemoryDatasetOpExecutor(co.cask.cdap.data2.datafabric.dataset.service.executor.InMemoryDatasetOpExecutor) AuthorizationTestModule(co.cask.cdap.security.authorization.AuthorizationTestModule) Impersonator(co.cask.cdap.security.impersonation.Impersonator) DefaultImpersonator(co.cask.cdap.security.impersonation.DefaultImpersonator) DefaultImpersonator(co.cask.cdap.security.impersonation.DefaultImpersonator) InMemoryOwnerStore(co.cask.cdap.security.impersonation.InMemoryOwnerStore) OwnerStore(co.cask.cdap.security.impersonation.OwnerStore) AbstractModule(com.google.inject.AbstractModule) DatasetOpExecutorService(co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetOpExecutorService)

Example 19 with AuthorizationEnforcementModule

use of co.cask.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class HBaseQueueDebugger method createInjector.

private static Injector createInjector(boolean disableAuthorization) throws Exception {
    CConfiguration cConf = CConfiguration.create();
    if (disableAuthorization && cConf.getBoolean(Constants.Security.Authorization.ENABLED)) {
        System.out.println(String.format("Disabling authorization for %s.", HBaseQueueDebugger.class.getSimpleName()));
        cConf.setBoolean(Constants.Security.Authorization.ENABLED, false);
    }
    // Note: login has to happen before any objects that need Kerberos credentials are instantiated.
    SecurityUtil.loginForMasterService(cConf);
    return Guice.createInjector(new ConfigModule(cConf, HBaseConfiguration.create()), new IOModule(), new ZKClientModule(), new LocationRuntimeModule().getDistributedModules(), new DiscoveryRuntimeModule().getDistributedModules(), new ViewAdminModules().getDistributedModules(), new StreamAdminModules().getDistributedModules(), new NotificationFeedClientModule(), new TwillModule(), new ExploreClientModule(), new DataFabricModules(HBaseQueueDebugger.class.getName()).getDistributedModules(), new ServiceStoreModules().getDistributedModules(), new DataSetsModules().getDistributedModules(), new AppFabricServiceRuntimeModule().getDistributedModules(), new ProgramRunnerRuntimeModule().getDistributedModules(), new SystemDatasetRuntimeModule().getDistributedModules(), new NotificationServiceRuntimeModule().getDistributedModules(), new MetricsClientRuntimeModule().getDistributedModules(), new MetricsStoreModule(), new KafkaClientModule(), new NamespaceStoreModule().getDistributedModules(), new AuthorizationModule(), new AuthorizationEnforcementModule().getMasterModule(), new SecureStoreModules().getDistributedModules(), new MessagingClientModule(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(QueueClientFactory.class).to(HBaseQueueClientFactory.class).in(Singleton.class);
            bind(QueueAdmin.class).to(HBaseQueueAdmin.class).in(Singleton.class);
            bind(HBaseTableUtil.class).toProvider(HBaseTableUtilFactory.class);
            bind(Store.class).annotatedWith(Names.named("defaultStore")).to(DefaultStore.class).in(Singleton.class);
            // This is needed because the LocalApplicationManager
            // expects a dsframework injection named datasetMDS
            bind(DatasetFramework.class).annotatedWith(Names.named("datasetMDS")).to(DatasetFramework.class).in(Singleton.class);
        }
    });
}
Also used : IOModule(co.cask.cdap.common.guice.IOModule) MessagingClientModule(co.cask.cdap.messaging.guice.MessagingClientModule) MetricsStoreModule(co.cask.cdap.metrics.guice.MetricsStoreModule) ConfigModule(co.cask.cdap.common.guice.ConfigModule) NamespaceStoreModule(co.cask.cdap.store.guice.NamespaceStoreModule) NotificationServiceRuntimeModule(co.cask.cdap.notifications.guice.NotificationServiceRuntimeModule) MetricsClientRuntimeModule(co.cask.cdap.metrics.guice.MetricsClientRuntimeModule) ViewAdminModules(co.cask.cdap.data.view.ViewAdminModules) ZKClientModule(co.cask.cdap.common.guice.ZKClientModule) KafkaClientModule(co.cask.cdap.common.guice.KafkaClientModule) HBaseTableUtilFactory(co.cask.cdap.data2.util.hbase.HBaseTableUtilFactory) SystemDatasetRuntimeModule(co.cask.cdap.data.runtime.SystemDatasetRuntimeModule) DiscoveryRuntimeModule(co.cask.cdap.common.guice.DiscoveryRuntimeModule) AuthorizationModule(co.cask.cdap.app.guice.AuthorizationModule) TwillModule(co.cask.cdap.app.guice.TwillModule) DataSetsModules(co.cask.cdap.data.runtime.DataSetsModules) SecureStoreModules(co.cask.cdap.security.guice.SecureStoreModules) LocationRuntimeModule(co.cask.cdap.common.guice.LocationRuntimeModule) CConfiguration(co.cask.cdap.common.conf.CConfiguration) AbstractModule(com.google.inject.AbstractModule) StreamAdminModules(co.cask.cdap.data.stream.StreamAdminModules) HBaseQueueAdmin(co.cask.cdap.data2.transaction.queue.hbase.HBaseQueueAdmin) QueueAdmin(co.cask.cdap.data2.transaction.queue.QueueAdmin) ProgramRunnerRuntimeModule(co.cask.cdap.app.guice.ProgramRunnerRuntimeModule) ExploreClientModule(co.cask.cdap.explore.guice.ExploreClientModule) Singleton(com.google.inject.Singleton) NotificationFeedClientModule(co.cask.cdap.notifications.feeds.client.NotificationFeedClientModule) HBaseQueueClientFactory(co.cask.cdap.data2.transaction.queue.hbase.HBaseQueueClientFactory) QueueClientFactory(co.cask.cdap.data2.queue.QueueClientFactory) DataFabricModules(co.cask.cdap.data.runtime.DataFabricModules) ServiceStoreModules(co.cask.cdap.app.guice.ServiceStoreModules) AppFabricServiceRuntimeModule(co.cask.cdap.app.guice.AppFabricServiceRuntimeModule) AuthorizationEnforcementModule(co.cask.cdap.security.authorization.AuthorizationEnforcementModule)

Example 20 with AuthorizationEnforcementModule

use of co.cask.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class JobQueueDebugger method createInjector.

private static Injector createInjector() throws Exception {
    CConfiguration cConf = CConfiguration.create();
    if (cConf.getBoolean(Constants.Security.Authorization.ENABLED)) {
        System.out.println(String.format("Disabling authorization for %s.", JobQueueDebugger.class.getSimpleName()));
        cConf.setBoolean(Constants.Security.Authorization.ENABLED, false);
    }
    // Note: login has to happen before any objects that need Kerberos credentials are instantiated.
    SecurityUtil.loginForMasterService(cConf);
    return Guice.createInjector(new ConfigModule(cConf, HBaseConfiguration.create()), new IOModule(), new ZKClientModule(), new LocationRuntimeModule().getDistributedModules(), new DiscoveryRuntimeModule().getDistributedModules(), new ViewAdminModules().getDistributedModules(), new StreamAdminModules().getDistributedModules(), new NotificationFeedClientModule(), new TwillModule(), new ExploreClientModule(), new DataFabricModules().getDistributedModules(), new ServiceStoreModules().getDistributedModules(), new DataSetsModules().getDistributedModules(), new AppFabricServiceRuntimeModule().getDistributedModules(), new ProgramRunnerRuntimeModule().getDistributedModules(), new SystemDatasetRuntimeModule().getDistributedModules(), new NotificationServiceRuntimeModule().getDistributedModules(), new MetricsClientRuntimeModule().getDistributedModules(), new MetricsStoreModule(), new KafkaClientModule(), new NamespaceStoreModule().getDistributedModules(), new AuthorizationModule(), new AuthorizationEnforcementModule().getMasterModule(), new SecureStoreModules().getDistributedModules(), new MessagingClientModule(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(HBaseTableUtil.class).toProvider(HBaseTableUtilFactory.class);
            bind(Store.class).annotatedWith(Names.named("defaultStore")).to(DefaultStore.class).in(Singleton.class);
            // This is needed because the LocalApplicationManager
            // expects a dsframework injection named datasetMDS
            bind(DatasetFramework.class).annotatedWith(Names.named("datasetMDS")).to(DatasetFramework.class).in(Singleton.class);
        }
    });
}
Also used : IOModule(co.cask.cdap.common.guice.IOModule) MessagingClientModule(co.cask.cdap.messaging.guice.MessagingClientModule) MetricsStoreModule(co.cask.cdap.metrics.guice.MetricsStoreModule) ConfigModule(co.cask.cdap.common.guice.ConfigModule) NamespaceStoreModule(co.cask.cdap.store.guice.NamespaceStoreModule) NotificationServiceRuntimeModule(co.cask.cdap.notifications.guice.NotificationServiceRuntimeModule) MetricsClientRuntimeModule(co.cask.cdap.metrics.guice.MetricsClientRuntimeModule) ViewAdminModules(co.cask.cdap.data.view.ViewAdminModules) ZKClientModule(co.cask.cdap.common.guice.ZKClientModule) KafkaClientModule(co.cask.cdap.common.guice.KafkaClientModule) HBaseTableUtilFactory(co.cask.cdap.data2.util.hbase.HBaseTableUtilFactory) SystemDatasetRuntimeModule(co.cask.cdap.data.runtime.SystemDatasetRuntimeModule) DiscoveryRuntimeModule(co.cask.cdap.common.guice.DiscoveryRuntimeModule) AuthorizationModule(co.cask.cdap.app.guice.AuthorizationModule) TwillModule(co.cask.cdap.app.guice.TwillModule) DataSetsModules(co.cask.cdap.data.runtime.DataSetsModules) SecureStoreModules(co.cask.cdap.security.guice.SecureStoreModules) LocationRuntimeModule(co.cask.cdap.common.guice.LocationRuntimeModule) CConfiguration(co.cask.cdap.common.conf.CConfiguration) AbstractModule(com.google.inject.AbstractModule) StreamAdminModules(co.cask.cdap.data.stream.StreamAdminModules) ProgramRunnerRuntimeModule(co.cask.cdap.app.guice.ProgramRunnerRuntimeModule) ExploreClientModule(co.cask.cdap.explore.guice.ExploreClientModule) Singleton(com.google.inject.Singleton) NotificationFeedClientModule(co.cask.cdap.notifications.feeds.client.NotificationFeedClientModule) DataFabricModules(co.cask.cdap.data.runtime.DataFabricModules) ServiceStoreModules(co.cask.cdap.app.guice.ServiceStoreModules) AppFabricServiceRuntimeModule(co.cask.cdap.app.guice.AppFabricServiceRuntimeModule) AuthorizationEnforcementModule(co.cask.cdap.security.authorization.AuthorizationEnforcementModule)

Aggregations

AuthorizationEnforcementModule (co.cask.cdap.security.authorization.AuthorizationEnforcementModule)59 ConfigModule (co.cask.cdap.common.guice.ConfigModule)58 DataSetsModules (co.cask.cdap.data.runtime.DataSetsModules)56 AuthenticationContextModules (co.cask.cdap.security.auth.context.AuthenticationContextModules)52 AuthorizationTestModule (co.cask.cdap.security.authorization.AuthorizationTestModule)50 AbstractModule (com.google.inject.AbstractModule)50 DiscoveryRuntimeModule (co.cask.cdap.common.guice.DiscoveryRuntimeModule)46 NonCustomLocationUnitTestModule (co.cask.cdap.common.guice.NonCustomLocationUnitTestModule)40 UnsupportedUGIProvider (co.cask.cdap.security.impersonation.UnsupportedUGIProvider)37 BeforeClass (org.junit.BeforeClass)37 DataFabricModules (co.cask.cdap.data.runtime.DataFabricModules)35 DefaultOwnerAdmin (co.cask.cdap.security.impersonation.DefaultOwnerAdmin)35 CConfiguration (co.cask.cdap.common.conf.CConfiguration)34 ExploreClientModule (co.cask.cdap.explore.guice.ExploreClientModule)32 Injector (com.google.inject.Injector)32 SystemDatasetRuntimeModule (co.cask.cdap.data.runtime.SystemDatasetRuntimeModule)29 TransactionManager (org.apache.tephra.TransactionManager)27 TransactionMetricsModule (co.cask.cdap.data.runtime.TransactionMetricsModule)25 ViewAdminModules (co.cask.cdap.data.view.ViewAdminModules)25 OwnerAdmin (co.cask.cdap.security.impersonation.OwnerAdmin)24