Examples with AuthorizationEnforcementModule co.cask.cdap.security.authorization.AuthorizationEnforcementModule used on opensource projects

Search in sources :

Example 31 with AuthorizationEnforcementModule

use of co.cask.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class InMemoryExploreServiceTest method start.

@BeforeClass
public static void start() throws Exception {
    CConfiguration configuration = CConfiguration.create();
    Configuration hConf = new Configuration();
    configuration.set(Constants.CFG_DATA_INMEMORY_PERSISTENCE, Constants.InMemoryPersistenceType.MEMORY.name());
    configuration.set(Constants.Explore.LOCAL_DATA_DIR, tmpFolder.newFolder().getAbsolutePath());
    Injector injector = Guice.createInjector(new ConfigModule(configuration, hConf), new IOModule(), new DiscoveryRuntimeModule().getInMemoryModules(), new NonCustomLocationUnitTestModule().getModule(), new DataFabricModules().getInMemoryModules(), new DataSetsModules().getStandaloneModules(), new DataSetServiceModules().getInMemoryModules(), new MetricsClientRuntimeModule().getInMemoryModules(), new ExploreRuntimeModule().getInMemoryModules(), new ExploreClientModule(), new ViewAdminModules().getInMemoryModules(), new StreamAdminModules().getInMemoryModules(), new NamespaceClientRuntimeModule().getInMemoryModules(), new NamespaceStoreModule().getStandaloneModules(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(NotificationFeedManager.class).to(NoOpNotificationFeedManager.class);
            bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
            bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
        }
    });
    transactionManager = injector.getInstance(TransactionManager.class);
    transactionManager.startAndWait();
    dsOpService = injector.getInstance(DatasetOpExecutor.class);
    dsOpService.startAndWait();
    datasetService = injector.getInstance(DatasetService.class);
    datasetService.startAndWait();
    exploreService = injector.getInstance(ExploreService.class);
    exploreService.startAndWait();
    namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
}
Also used : IOModule(co.cask.cdap.common.guice.IOModule) NamespaceClientRuntimeModule(co.cask.cdap.common.namespace.guice.NamespaceClientRuntimeModule) DataSetServiceModules(co.cask.cdap.data.runtime.DataSetServiceModules) CConfiguration(co.cask.cdap.common.conf.CConfiguration) Configuration(org.apache.hadoop.conf.Configuration) ConfigModule(co.cask.cdap.common.guice.ConfigModule) NamespaceStoreModule(co.cask.cdap.store.guice.NamespaceStoreModule) DatasetService(co.cask.cdap.data2.datafabric.dataset.service.DatasetService) MetricsClientRuntimeModule(co.cask.cdap.metrics.guice.MetricsClientRuntimeModule) ViewAdminModules(co.cask.cdap.data.view.ViewAdminModules) Injector(com.google.inject.Injector) DiscoveryRuntimeModule(co.cask.cdap.common.guice.DiscoveryRuntimeModule) UnsupportedUGIProvider(co.cask.cdap.security.impersonation.UnsupportedUGIProvider) AuthenticationContextModules(co.cask.cdap.security.auth.context.AuthenticationContextModules) DataSetsModules(co.cask.cdap.data.runtime.DataSetsModules) NamespaceAdmin(co.cask.cdap.common.namespace.NamespaceAdmin) ExploreRuntimeModule(co.cask.cdap.explore.guice.ExploreRuntimeModule) DatasetOpExecutor(co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetOpExecutor) NonCustomLocationUnitTestModule(co.cask.cdap.common.guice.NonCustomLocationUnitTestModule) DefaultOwnerAdmin(co.cask.cdap.security.impersonation.DefaultOwnerAdmin) CConfiguration(co.cask.cdap.common.conf.CConfiguration) AuthorizationTestModule(co.cask.cdap.security.authorization.AuthorizationTestModule) AbstractModule(com.google.inject.AbstractModule) StreamAdminModules(co.cask.cdap.data.stream.StreamAdminModules) ExploreClientModule(co.cask.cdap.explore.guice.ExploreClientModule) TransactionManager(org.apache.tephra.TransactionManager) NoOpNotificationFeedManager(co.cask.cdap.notifications.feeds.service.NoOpNotificationFeedManager) DataFabricModules(co.cask.cdap.data.runtime.DataFabricModules) AuthorizationEnforcementModule(co.cask.cdap.security.authorization.AuthorizationEnforcementModule) BeforeClass(org.junit.BeforeClass)

Example 32 with AuthorizationEnforcementModule

use of co.cask.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class DatasetBasedTimeScheduleStoreTest method beforeClass.

@BeforeClass
public static void beforeClass() throws Exception {
    CConfiguration conf = CConfiguration.create();
    conf.set(Constants.CFG_LOCAL_DATA_DIR, TEMP_FOLDER.newFolder("data").getAbsolutePath());
    injector = Guice.createInjector(new ConfigModule(conf), new NonCustomLocationUnitTestModule().getModule(), new DiscoveryRuntimeModule().getInMemoryModules(), new MetricsClientRuntimeModule().getInMemoryModules(), new DataFabricModules().getInMemoryModules(), new DataSetsModules().getStandaloneModules(), new DataSetServiceModules().getInMemoryModules(), new ExploreClientModule(), new NamespaceClientRuntimeModule().getInMemoryModules(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
            bind(OwnerAdmin.class).to(NoOpOwnerAdmin.class);
        }
    });
    txService = injector.getInstance(TransactionManager.class);
    txService.startAndWait();
    dsOpsService = injector.getInstance(DatasetOpExecutor.class);
    dsOpsService.startAndWait();
    dsService = injector.getInstance(DatasetService.class);
    dsService.startAndWait();
    dsFramework = injector.getInstance(DatasetFramework.class);
    factory = injector.getInstance(TransactionExecutorFactory.class);
}
Also used : NamespaceClientRuntimeModule(co.cask.cdap.common.namespace.guice.NamespaceClientRuntimeModule) DataSetServiceModules(co.cask.cdap.data.runtime.DataSetServiceModules) ConfigModule(co.cask.cdap.common.guice.ConfigModule) AuthenticationContextModules(co.cask.cdap.security.auth.context.AuthenticationContextModules) DataSetsModules(co.cask.cdap.data.runtime.DataSetsModules) UGIProvider(co.cask.cdap.security.impersonation.UGIProvider) UnsupportedUGIProvider(co.cask.cdap.security.impersonation.UnsupportedUGIProvider) OwnerAdmin(co.cask.cdap.security.impersonation.OwnerAdmin) NoOpOwnerAdmin(co.cask.cdap.security.impersonation.NoOpOwnerAdmin) DatasetService(co.cask.cdap.data2.datafabric.dataset.service.DatasetService) DatasetOpExecutor(co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetOpExecutor) NonCustomLocationUnitTestModule(co.cask.cdap.common.guice.NonCustomLocationUnitTestModule) MetricsClientRuntimeModule(co.cask.cdap.metrics.guice.MetricsClientRuntimeModule) CConfiguration(co.cask.cdap.common.conf.CConfiguration) AuthorizationTestModule(co.cask.cdap.security.authorization.AuthorizationTestModule) AbstractModule(com.google.inject.AbstractModule) TransactionExecutorFactory(org.apache.tephra.TransactionExecutorFactory) DatasetFramework(co.cask.cdap.data2.dataset2.DatasetFramework) ExploreClientModule(co.cask.cdap.explore.guice.ExploreClientModule) TransactionManager(org.apache.tephra.TransactionManager) DiscoveryRuntimeModule(co.cask.cdap.common.guice.DiscoveryRuntimeModule) DataFabricModules(co.cask.cdap.data.runtime.DataFabricModules) AuthorizationEnforcementModule(co.cask.cdap.security.authorization.AuthorizationEnforcementModule) BeforeClass(org.junit.BeforeClass)

Example 33 with AuthorizationEnforcementModule

use of co.cask.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class DistributedProgramRunnableModule method getCoreModules.

private List<Module> getCoreModules(final ProgramId programId, String txClientId) {
    return new ArrayList<>(Arrays.<Module>asList(new ConfigModule(cConf, hConf), new IOModule(), new ZKClientModule(), new KafkaClientModule(), new MetricsClientRuntimeModule().getDistributedModules(), new MessagingClientModule(), new LocationRuntimeModule().getDistributedModules(), new LoggingModules().getDistributedModules(), new DiscoveryRuntimeModule().getDistributedModules(), new DataFabricModules(txClientId).getDistributedModules(), new DataSetsModules().getDistributedModules(), new ViewAdminModules().getDistributedModules(), new StreamAdminModules().getDistributedModules(), new NotificationFeedClientModule(), new AuditModule().getDistributedModules(), new NamespaceClientRuntimeModule().getDistributedModules(), new AuthorizationEnforcementModule().getDistributedModules(), new SecureStoreModules().getDistributedModules(), new AbstractModule() {

        @Override
        protected void configure() {
            // For Binding queue stuff
            bind(QueueReaderFactory.class).in(Scopes.SINGLETON);
            // For binding DataSet transaction stuff
            install(new DataFabricFacadeModule());
            bind(ProgramStateWriter.class).to(MessagingProgramStateWriter.class);
            bind(RuntimeStore.class).to(RemoteRuntimeStore.class);
            // For binding StreamWriter
            install(createStreamFactoryModule());
            // don't need to perform any impersonation from within user programs
            bind(UGIProvider.class).to(CurrentUGIProvider.class).in(Scopes.SINGLETON);
            // bind PrivilegesManager to a remote implementation, so it does not need to instantiate the authorizer
            bind(PrivilegesManager.class).to(RemotePrivilegesManager.class);
            bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
            // Bind ProgramId to the passed in instance programId so that we can retrieve it back later when needed.
            // For example see ProgramDiscoveryExploreClient.
            // Also binding to instance is fine here as the programId is guaranteed to not change throughout the
            // lifecycle of this program runnable
            bind(ProgramId.class).toInstance(programId);
            // bind explore client to ProgramDiscoveryExploreClient which is aware of the programId
            bind(ExploreClient.class).to(ProgramDiscoveryExploreClient.class).in(Scopes.SINGLETON);
            // Bind the ArtifactManager implementation
            install(new FactoryModuleBuilder().implement(ArtifactManager.class, RemoteArtifactManager.class).build(ArtifactManagerFactory.class));
            // Bind the PluginFinder implementation
            bind(PluginFinder.class).to(RemotePluginFinder.class);
        }
    }));
}
Also used : IOModule(co.cask.cdap.common.guice.IOModule) MessagingClientModule(co.cask.cdap.messaging.guice.MessagingClientModule) NamespaceClientRuntimeModule(co.cask.cdap.common.namespace.guice.NamespaceClientRuntimeModule) ProgramDiscoveryExploreClient(co.cask.cdap.explore.client.ProgramDiscoveryExploreClient) ConfigModule(co.cask.cdap.common.guice.ConfigModule) FactoryModuleBuilder(com.google.inject.assistedinject.FactoryModuleBuilder) ArtifactManagerFactory(co.cask.cdap.internal.app.runtime.artifact.ArtifactManagerFactory) ArrayList(java.util.ArrayList) RuntimeStore(co.cask.cdap.app.store.RuntimeStore) RemoteRuntimeStore(co.cask.cdap.internal.app.store.remote.RemoteRuntimeStore) MetricsClientRuntimeModule(co.cask.cdap.metrics.guice.MetricsClientRuntimeModule) ViewAdminModules(co.cask.cdap.data.view.ViewAdminModules) ZKClientModule(co.cask.cdap.common.guice.ZKClientModule) MessagingProgramStateWriter(co.cask.cdap.internal.app.program.MessagingProgramStateWriter) ProgramStateWriter(co.cask.cdap.app.runtime.ProgramStateWriter) KafkaClientModule(co.cask.cdap.common.guice.KafkaClientModule) RemotePluginFinder(co.cask.cdap.internal.app.runtime.artifact.RemotePluginFinder) PluginFinder(co.cask.cdap.internal.app.runtime.artifact.PluginFinder) CurrentUGIProvider(co.cask.cdap.security.impersonation.CurrentUGIProvider) DiscoveryRuntimeModule(co.cask.cdap.common.guice.DiscoveryRuntimeModule) DataSetsModules(co.cask.cdap.data.runtime.DataSetsModules) SecureStoreModules(co.cask.cdap.security.guice.SecureStoreModules) DefaultOwnerAdmin(co.cask.cdap.security.impersonation.DefaultOwnerAdmin) OwnerAdmin(co.cask.cdap.security.impersonation.OwnerAdmin) LocationRuntimeModule(co.cask.cdap.common.guice.LocationRuntimeModule) PrivilegesManager(co.cask.cdap.security.spi.authorization.PrivilegesManager) RemotePrivilegesManager(co.cask.cdap.security.authorization.RemotePrivilegesManager) ProgramId(co.cask.cdap.proto.id.ProgramId) LoggingModules(co.cask.cdap.logging.guice.LoggingModules) AbstractModule(com.google.inject.AbstractModule) StreamAdminModules(co.cask.cdap.data.stream.StreamAdminModules) NotificationFeedClientModule(co.cask.cdap.notifications.feeds.client.NotificationFeedClientModule) QueueReaderFactory(co.cask.cdap.internal.app.queue.QueueReaderFactory) AuditModule(co.cask.cdap.data2.audit.AuditModule) DataFabricModules(co.cask.cdap.data.runtime.DataFabricModules) AuthorizationEnforcementModule(co.cask.cdap.security.authorization.AuthorizationEnforcementModule)

Example 34 with AuthorizationEnforcementModule

use of co.cask.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class ConfiguratorTest method setup.

@BeforeClass
public static void setup() throws IOException {
    conf = CConfiguration.create();
    conf.set(Constants.CFG_LOCAL_DATA_DIR, TMP_FOLDER.newFolder().getAbsolutePath());
    Injector injector = Guice.createInjector(new ConfigModule(conf), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getNoOpModule());
    authorizer = injector.getInstance(AuthorizerInstantiator.class).get();
    authEnforcer = injector.getInstance(AuthorizationEnforcer.class);
    authenticationContext = injector.getInstance(AuthenticationContext.class);
}
Also used : AuthenticationContext(co.cask.cdap.security.spi.authentication.AuthenticationContext) Injector(com.google.inject.Injector) ConfigModule(co.cask.cdap.common.guice.ConfigModule) AuthenticationContextModules(co.cask.cdap.security.auth.context.AuthenticationContextModules) AuthorizationEnforcer(co.cask.cdap.security.spi.authorization.AuthorizationEnforcer) AuthorizationTestModule(co.cask.cdap.security.authorization.AuthorizationTestModule) AuthorizationEnforcementModule(co.cask.cdap.security.authorization.AuthorizationEnforcementModule) BeforeClass(org.junit.BeforeClass)

Example 35 with AuthorizationEnforcementModule

use of co.cask.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class TransactionServiceTest method createTxService.

static TransactionService createTxService(String zkConnectionString, int txServicePort, Configuration hConf, final File outPath) {
    final CConfiguration cConf = CConfiguration.create();
    // tests should use the current user for HDFS
    cConf.set(Constants.CFG_HDFS_USER, System.getProperty("user.name"));
    cConf.set(Constants.Zookeeper.QUORUM, zkConnectionString);
    cConf.set(Constants.CFG_LOCAL_DATA_DIR, outPath.getAbsolutePath());
    cConf.set(TxConstants.Service.CFG_DATA_TX_BIND_PORT, Integer.toString(txServicePort));
    // we want persisting for this test
    cConf.setBoolean(TxConstants.Manager.CFG_DO_PERSIST, true);
    cConf.setBoolean(TxConstants.TransactionPruning.PRUNE_ENABLE, false);
    final Injector injector = Guice.createInjector(new ConfigModule(cConf, hConf), new NonCustomLocationUnitTestModule().getModule(), new ZKClientModule(), new DiscoveryRuntimeModule().getDistributedModules(), new TransactionMetricsModule(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(NamespaceQueryAdmin.class).to(SimpleNamespaceQueryAdmin.class);
            bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
            bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
        }
    }, new DataFabricModules().getDistributedModules(), new SystemDatasetRuntimeModule().getInMemoryModules(), new DataSetsModules().getInMemoryModules(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getNoOpModule());
    injector.getInstance(ZKClientService.class).startAndWait();
    return injector.getInstance(TransactionService.class);
}
Also used : UnsupportedUGIProvider(co.cask.cdap.security.impersonation.UnsupportedUGIProvider) ConfigModule(co.cask.cdap.common.guice.ConfigModule) AuthenticationContextModules(co.cask.cdap.security.auth.context.AuthenticationContextModules) DataSetsModules(co.cask.cdap.data.runtime.DataSetsModules) NonCustomLocationUnitTestModule(co.cask.cdap.common.guice.NonCustomLocationUnitTestModule) DefaultOwnerAdmin(co.cask.cdap.security.impersonation.DefaultOwnerAdmin) CConfiguration(co.cask.cdap.common.conf.CConfiguration) AuthorizationTestModule(co.cask.cdap.security.authorization.AuthorizationTestModule) TransactionMetricsModule(co.cask.cdap.data.runtime.TransactionMetricsModule) AbstractModule(com.google.inject.AbstractModule) ZKClientModule(co.cask.cdap.common.guice.ZKClientModule) ZKClientService(org.apache.twill.zookeeper.ZKClientService) Injector(com.google.inject.Injector) SimpleNamespaceQueryAdmin(co.cask.cdap.common.namespace.SimpleNamespaceQueryAdmin) SystemDatasetRuntimeModule(co.cask.cdap.data.runtime.SystemDatasetRuntimeModule) DiscoveryRuntimeModule(co.cask.cdap.common.guice.DiscoveryRuntimeModule) DataFabricModules(co.cask.cdap.data.runtime.DataFabricModules) AuthorizationEnforcementModule(co.cask.cdap.security.authorization.AuthorizationEnforcementModule)

Aggregations

AuthorizationEnforcementModule (co.cask.cdap.security.authorization.AuthorizationEnforcementModule)59 ConfigModule (co.cask.cdap.common.guice.ConfigModule)58 DataSetsModules (co.cask.cdap.data.runtime.DataSetsModules)56 AuthenticationContextModules (co.cask.cdap.security.auth.context.AuthenticationContextModules)52 AuthorizationTestModule (co.cask.cdap.security.authorization.AuthorizationTestModule)50 AbstractModule (com.google.inject.AbstractModule)50 DiscoveryRuntimeModule (co.cask.cdap.common.guice.DiscoveryRuntimeModule)46 NonCustomLocationUnitTestModule (co.cask.cdap.common.guice.NonCustomLocationUnitTestModule)40 UnsupportedUGIProvider (co.cask.cdap.security.impersonation.UnsupportedUGIProvider)37 BeforeClass (org.junit.BeforeClass)37 DataFabricModules (co.cask.cdap.data.runtime.DataFabricModules)35 DefaultOwnerAdmin (co.cask.cdap.security.impersonation.DefaultOwnerAdmin)35 CConfiguration (co.cask.cdap.common.conf.CConfiguration)34 ExploreClientModule (co.cask.cdap.explore.guice.ExploreClientModule)32 Injector (com.google.inject.Injector)32 SystemDatasetRuntimeModule (co.cask.cdap.data.runtime.SystemDatasetRuntimeModule)29 TransactionManager (org.apache.tephra.TransactionManager)27 TransactionMetricsModule (co.cask.cdap.data.runtime.TransactionMetricsModule)25 ViewAdminModules (co.cask.cdap.data.view.ViewAdminModules)25 OwnerAdmin (co.cask.cdap.security.impersonation.OwnerAdmin)24
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial