Examples with AuthorizationEnforcementModule co.cask.cdap.security.authorization.AuthorizationEnforcementModule used on opensource projects

Example 41 with AuthorizationEnforcementModule

use of co.cask.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class MDSViewStoreTest method init.

@BeforeClass
public static void init() throws Exception {
    Injector injector = Guice.createInjector(new ConfigModule(CConfiguration.create(), new Configuration()), new DataSetServiceModules().getInMemoryModules(), new DataSetsModules().getStandaloneModules(), new DataFabricModules().getInMemoryModules(), new DiscoveryRuntimeModule().getInMemoryModules(), new NamespaceClientRuntimeModule().getInMemoryModules(), new LocationRuntimeModule().getInMemoryModules(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(AbstractNamespaceClient.class).to(InMemoryNamespaceClient.class);
            bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
            bind(MetricsCollectionService.class).to(NoOpMetricsCollectionService.class).in(Singleton.class);
            bind(ExploreClient.class).to(MockExploreClient.class);
            bind(ViewStore.class).to(MDSViewStore.class).in(Scopes.SINGLETON);
            bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
        }
    });
    viewStore = injector.getInstance(ViewStore.class);
    transactionManager = injector.getInstance(TransactionManager.class);
    transactionManager.startAndWait();
    datasetService = injector.getInstance(DatasetService.class);
    datasetService.startAndWait();
}

Example 42 with AuthorizationEnforcementModule

use of co.cask.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class RemoteDatasetFrameworkTest method before.

@Before
public void before() throws Exception {
    cConf.set(Constants.Service.MASTER_SERVICES_BIND_ADDRESS, "localhost");
    cConf.setBoolean(Constants.Dangerous.UNRECOVERABLE_RESET, true);
    Configuration txConf = HBaseConfiguration.create();
    CConfigurationUtil.copyTxProperties(cConf, txConf);
    // ok to pass null, since the impersonator won't actually be called, if kerberos security is not enabled
    Impersonator impersonator = new DefaultImpersonator(cConf, null);
    // TODO: Refactor to use injector for everything
    Injector injector = Guice.createInjector(new ConfigModule(cConf, txConf), new DiscoveryRuntimeModule().getInMemoryModules(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule(), new TransactionInMemoryModule(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(MetricsCollectionService.class).to(NoOpMetricsCollectionService.class).in(Singleton.class);
            install(new FactoryModuleBuilder().implement(DatasetDefinitionRegistry.class, DefaultDatasetDefinitionRegistry.class).build(DatasetDefinitionRegistryFactory.class));
            // through the injector, we only need RemoteDatasetFramework in these tests
            bind(RemoteDatasetFramework.class);
        }
    });
    // Tx Manager to support working with datasets
    txManager = new TransactionManager(txConf);
    txManager.startAndWait();
    InMemoryTxSystemClient txSystemClient = new InMemoryTxSystemClient(txManager);
    TransactionSystemClientService txSystemClientService = new DelegatingTransactionSystemClientService(txSystemClient);
    DiscoveryService discoveryService = injector.getInstance(DiscoveryService.class);
    DiscoveryServiceClient discoveryServiceClient = injector.getInstance(DiscoveryServiceClient.class);
    MetricsCollectionService metricsCollectionService = injector.getInstance(MetricsCollectionService.class);
    AuthenticationContext authenticationContext = injector.getInstance(AuthenticationContext.class);
    framework = new RemoteDatasetFramework(cConf, discoveryServiceClient, registryFactory, authenticationContext);
    SystemDatasetInstantiatorFactory datasetInstantiatorFactory = new SystemDatasetInstantiatorFactory(locationFactory, framework, cConf);
    DatasetAdminService datasetAdminService = new DatasetAdminService(framework, cConf, locationFactory, datasetInstantiatorFactory, new NoOpMetadataStore(), impersonator);
    ImmutableSet<HttpHandler> handlers = ImmutableSet.<HttpHandler>of(new DatasetAdminOpHTTPHandler(datasetAdminService));
    opExecutorService = new DatasetOpExecutorService(cConf, discoveryService, metricsCollectionService, handlers);
    opExecutorService.startAndWait();
    ImmutableMap<String, DatasetModule> modules = ImmutableMap.<String, DatasetModule>builder().put("memoryTable", new InMemoryTableModule()).put("core", new CoreDatasetsModule()).putAll(DatasetMetaTableUtil.getModules()).build();
    InMemoryDatasetFramework mdsFramework = new InMemoryDatasetFramework(registryFactory, modules);
    DiscoveryExploreClient exploreClient = new DiscoveryExploreClient(discoveryServiceClient, authenticationContext);
    ExploreFacade exploreFacade = new ExploreFacade(exploreClient, cConf);
    TransactionExecutorFactory txExecutorFactory = new DynamicTransactionExecutorFactory(txSystemClient);
    AuthorizationEnforcer authorizationEnforcer = injector.getInstance(AuthorizationEnforcer.class);
    DatasetTypeManager typeManager = new DatasetTypeManager(cConf, locationFactory, txSystemClientService, txExecutorFactory, mdsFramework, impersonator);
    DatasetInstanceManager instanceManager = new DatasetInstanceManager(txSystemClientService, txExecutorFactory, mdsFramework);
    DatasetTypeService noAuthTypeService = new DefaultDatasetTypeService(typeManager, namespaceQueryAdmin, namespacedLocationFactory, cConf, impersonator, txSystemClientService, mdsFramework, DEFAULT_MODULES);
    DatasetTypeService typeService = new AuthorizationDatasetTypeService(noAuthTypeService, authorizationEnforcer, authenticationContext);
    DatasetOpExecutor opExecutor = new LocalDatasetOpExecutor(cConf, discoveryServiceClient, opExecutorService, authenticationContext);
    DatasetInstanceService instanceService = new DatasetInstanceService(typeService, noAuthTypeService, instanceManager, opExecutor, exploreFacade, namespaceQueryAdmin, ownerAdmin, authorizationEnforcer, authenticationContext);
    instanceService.setAuditPublisher(inMemoryAuditPublisher);
    service = new DatasetService(cConf, discoveryService, discoveryServiceClient, metricsCollectionService, new InMemoryDatasetOpExecutor(framework), new HashSet<DatasetMetricsReporter>(), typeService, instanceService);
    // Start dataset service, wait for it to be discoverable
    service.startAndWait();
    EndpointStrategy endpointStrategy = new RandomEndpointStrategy(discoveryServiceClient.discover(Constants.Service.DATASET_MANAGER));
    Preconditions.checkNotNull(endpointStrategy.pick(5, TimeUnit.SECONDS), "%s service is not up after 5 seconds", service);
    createNamespace(NamespaceId.SYSTEM);
    createNamespace(NAMESPACE_ID);
}

Example 43 with AuthorizationEnforcementModule

use of co.cask.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class TestBase method initialize.

@BeforeClass
public static void initialize() throws Exception {
    if (nestedStartCount++ > 0) {
        return;
    }
    File localDataDir = TMP_FOLDER.newFolder();
    cConf = createCConf(localDataDir);
    org.apache.hadoop.conf.Configuration hConf = new org.apache.hadoop.conf.Configuration();
    hConf.addResource("mapred-site-local.xml");
    hConf.reloadConfiguration();
    hConf.set(Constants.CFG_LOCAL_DATA_DIR, localDataDir.getAbsolutePath());
    hConf.set(Constants.AppFabric.OUTPUT_DIR, cConf.get(Constants.AppFabric.OUTPUT_DIR));
    hConf.set("hadoop.tmp.dir", new File(localDataDir, cConf.get(Constants.AppFabric.TEMP_DIR)).getAbsolutePath());
    // Windows specific requirements
    if (OSDetector.isWindows()) {
        File tmpDir = TMP_FOLDER.newFolder();
        File binDir = new File(tmpDir, "bin");
        Assert.assertTrue(binDir.mkdirs());
        copyTempFile("hadoop.dll", tmpDir);
        copyTempFile("winutils.exe", binDir);
        System.setProperty("hadoop.home.dir", tmpDir.getAbsolutePath());
        System.load(new File(tmpDir, "hadoop.dll").getAbsolutePath());
    }
    Injector injector = Guice.createInjector(createDataFabricModule(), new TransactionExecutorModule(), new DataSetsModules().getStandaloneModules(), new DataSetServiceModules().getInMemoryModules(), new ConfigModule(cConf, hConf), new IOModule(), new LocationRuntimeModule().getInMemoryModules(), new DiscoveryRuntimeModule().getInMemoryModules(), new AppFabricServiceRuntimeModule().getInMemoryModules(), new ServiceStoreModules().getInMemoryModules(), new InMemoryProgramRunnerModule(LocalStreamWriter.class), new SecureStoreModules().getInMemoryModules(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(StreamHandler.class).in(Scopes.SINGLETON);
            bind(StreamFetchHandler.class).in(Scopes.SINGLETON);
            bind(StreamViewHttpHandler.class).in(Scopes.SINGLETON);
            bind(StreamFileJanitorService.class).to(LocalStreamFileJanitorService.class).in(Scopes.SINGLETON);
            bind(StreamWriterSizeCollector.class).to(BasicStreamWriterSizeCollector.class).in(Scopes.SINGLETON);
            bind(StreamCoordinatorClient.class).to(InMemoryStreamCoordinatorClient.class).in(Scopes.SINGLETON);
            bind(MetricsManager.class).toProvider(MetricsManagerProvider.class);
        }
    }, // todo: do we need handler?
    new MetricsHandlerModule(), new MetricsClientRuntimeModule().getInMemoryModules(), new LoggingModules().getInMemoryModules(), new LogReaderRuntimeModules().getInMemoryModules(), new ExploreRuntimeModule().getInMemoryModules(), new ExploreClientModule(), new NotificationFeedServiceRuntimeModule().getInMemoryModules(), new NotificationServiceRuntimeModule().getInMemoryModules(), new NamespaceStoreModule().getStandaloneModules(), new AuthorizationModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new MessagingServerRuntimeModule().getInMemoryModules(), new PreviewHttpModule(), new AbstractModule() {

        @Override
        @SuppressWarnings("deprecation")
        protected void configure() {
            install(new FactoryModuleBuilder().implement(ApplicationManager.class, DefaultApplicationManager.class).build(ApplicationManagerFactory.class));
            install(new FactoryModuleBuilder().implement(ArtifactManager.class, DefaultArtifactManager.class).build(ArtifactManagerFactory.class));
            install(new FactoryModuleBuilder().implement(StreamManager.class, DefaultStreamManager.class).build(StreamManagerFactory.class));
            bind(TemporaryFolder.class).toInstance(TMP_FOLDER);
            bind(AuthorizationHandler.class).in(Scopes.SINGLETON);
        }
    });
    messagingService = injector.getInstance(MessagingService.class);
    if (messagingService instanceof Service) {
        ((Service) messagingService).startAndWait();
    }
    txService = injector.getInstance(TransactionManager.class);
    txService.startAndWait();
    dsOpService = injector.getInstance(DatasetOpExecutor.class);
    dsOpService.startAndWait();
    datasetService = injector.getInstance(DatasetService.class);
    datasetService.startAndWait();
    metricsQueryService = injector.getInstance(MetricsQueryService.class);
    metricsQueryService.startAndWait();
    metricsCollectionService = injector.getInstance(MetricsCollectionService.class);
    metricsCollectionService.startAndWait();
    programLifecycleService = injector.getInstance(ProgramLifecycleService.class);
    programLifecycleService.startAndWait();
    programNotificationSubscriberService = injector.getInstance(ProgramNotificationSubscriberService.class);
    programNotificationSubscriberService.startAndWait();
    scheduler = injector.getInstance(Scheduler.class);
    if (scheduler instanceof Service) {
        ((Service) scheduler).startAndWait();
    }
    if (scheduler instanceof CoreSchedulerService) {
        ((CoreSchedulerService) scheduler).waitUntilFunctional(10, TimeUnit.SECONDS);
    }
    if (cConf.getBoolean(Constants.Explore.EXPLORE_ENABLED)) {
        exploreExecutorService = injector.getInstance(ExploreExecutorService.class);
        exploreExecutorService.startAndWait();
        // wait for explore service to be discoverable
        DiscoveryServiceClient discoveryService = injector.getInstance(DiscoveryServiceClient.class);
        EndpointStrategy endpointStrategy = new RandomEndpointStrategy(discoveryService.discover(Constants.Service.EXPLORE_HTTP_USER_SERVICE));
        Preconditions.checkNotNull(endpointStrategy.pick(5, TimeUnit.SECONDS), "%s service is not up after 5 seconds", Constants.Service.EXPLORE_HTTP_USER_SERVICE);
        exploreClient = injector.getInstance(ExploreClient.class);
    }
    streamCoordinatorClient = injector.getInstance(StreamCoordinatorClient.class);
    streamCoordinatorClient.startAndWait();
    programScheduler = injector.getInstance(Scheduler.class);
    if (programScheduler instanceof Service) {
        ((Service) programScheduler).startAndWait();
    }
    testManager = injector.getInstance(UnitTestManager.class);
    metricsManager = injector.getInstance(MetricsManager.class);
    authorizerInstantiator = injector.getInstance(AuthorizerInstantiator.class);
    // This is needed so the logged-in user can successfully create the default namespace
    if (cConf.getBoolean(Constants.Security.Authorization.ENABLED)) {
        String user = System.getProperty("user.name");
        SecurityRequestContext.setUserId(user);
        InstanceId instance = new InstanceId(cConf.get(Constants.INSTANCE_NAME));
        Principal principal = new Principal(user, Principal.PrincipalType.USER);
        authorizerInstantiator.get().grant(Authorizable.fromEntityId(instance), principal, ImmutableSet.of(Action.ADMIN));
        authorizerInstantiator.get().grant(Authorizable.fromEntityId(NamespaceId.DEFAULT), principal, ImmutableSet.of(Action.ADMIN));
    }
    namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
    if (firstInit) {
        // only create the default namespace on first test. if multiple tests are run in the same JVM,
        // then any time after the first time, the default namespace already exists. That is because
        // the namespaceAdmin.delete(Id.Namespace.DEFAULT) in finish() only clears the default namespace
        // but does not remove it entirely
        namespaceAdmin.create(NamespaceMeta.DEFAULT);
    }
    secureStore = injector.getInstance(SecureStore.class);
    secureStoreManager = injector.getInstance(SecureStoreManager.class);
    messagingContext = new MultiThreadMessagingContext(messagingService);
    firstInit = false;
    previewManager = injector.getInstance(PreviewManager.class);
}

Example 44 with AuthorizationEnforcementModule

use of co.cask.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class MetricsSuiteTestBase method startMetricsService.

public static Injector startMetricsService(CConfiguration conf) {
    Injector injector = Guice.createInjector(Modules.override(new ConfigModule(conf), new NonCustomLocationUnitTestModule().getModule(), new DiscoveryRuntimeModule().getInMemoryModules(), new MetricsHandlerModule(), new MetricsClientRuntimeModule().getInMemoryModules(), new DataFabricModules().getInMemoryModules(), new DataSetsModules().getStandaloneModules(), new DataSetServiceModules().getInMemoryModules(), new ExploreClientModule(), new NamespaceClientRuntimeModule().getInMemoryModules(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule()).with(new AbstractModule() {

        @Override
        protected void configure() {
            bind(LogReader.class).to(MockLogReader.class).in(Scopes.SINGLETON);
            bind(Store.class).to(DefaultStore.class);
            bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
            bind(OwnerAdmin.class).to(NoOpOwnerAdmin.class);
        }
    }));
    transactionManager = injector.getInstance(TransactionManager.class);
    transactionManager.startAndWait();
    dsOpService = injector.getInstance(DatasetOpExecutor.class);
    dsOpService.startAndWait();
    datasetService = injector.getInstance(DatasetService.class);
    datasetService.startAndWait();
    metrics = injector.getInstance(MetricsQueryService.class);
    metrics.startAndWait();
    collectionService = injector.getInstance(MetricsCollectionService.class);
    collectionService.startAndWait();
    logReader = injector.getInstance(LogReader.class);
    // initialize the dataset instantiator
    DiscoveryServiceClient discoveryClient = injector.getInstance(DiscoveryServiceClient.class);
    EndpointStrategy metricsEndPoints = new RandomEndpointStrategy(discoveryClient.discover(Constants.Service.METRICS));
    Discoverable discoverable = metricsEndPoints.pick(1L, TimeUnit.SECONDS);
    Assert.assertNotNull("Could not discover metrics service", discoverable);
    port = discoverable.getSocketAddress().getPort();
    return injector;
}

Example 45 with AuthorizationEnforcementModule

use of co.cask.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class TestFileLogging method setUpContext.

@BeforeClass
public static void setUpContext() throws Exception {
    Configuration hConf = HBaseConfiguration.create();
    final CConfiguration cConf = CConfiguration.create();
    cConf.set(Constants.CFG_LOCAL_DATA_DIR, TMP_FOLDER.newFolder().getAbsolutePath());
    cConf.setInt(LoggingConfiguration.LOG_MAX_FILE_SIZE_BYTES, 20 * 1024);
    String logBaseDir = cConf.get(LoggingConfiguration.LOG_BASE_DIR) + "/" + TestFileLogging.class.getSimpleName();
    cConf.set(LoggingConfiguration.LOG_BASE_DIR, logBaseDir);
    injector = Guice.createInjector(new ConfigModule(cConf, hConf), new NonCustomLocationUnitTestModule().getModule(), new TransactionModules().getInMemoryModules(), new LoggingModules().getInMemoryModules(), new DataSetsModules().getInMemoryModules(), new SystemDatasetRuntimeModule().getInMemoryModules(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getNoOpModule(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(MetricsCollectionService.class).to(NoOpMetricsCollectionService.class);
            bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
            bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
            bind(NamespaceQueryAdmin.class).to(SimpleNamespaceQueryAdmin.class);
        }
    });
    txManager = injector.getInstance(TransactionManager.class);
    txManager.startAndWait();
    LogAppender appender = injector.getInstance(LocalLogAppender.class);
    new LogAppenderInitializer(appender).initialize("TestFileLogging");
    Logger logger = LoggerFactory.getLogger("TestFileLogging");
    LoggingTester loggingTester = new LoggingTester();
    loggingTester.generateLogs(logger, new FlowletLoggingContext("TFL_NS_1", "APP_1", "FLOW_1", "FLOWLET_1", "RUN1", "INSTANCE1"));
    appender.stop();
}