Examples with AuthorizerInstantiator co.cask.cdap.security.authorization.AuthorizerInstantiator used on opensource projects

Search in sources :

Example 1 with AuthorizerInstantiator

use of co.cask.cdap.security.authorization.AuthorizerInstantiator in project cdap by caskdata.

the class TestBase method initialize.

@BeforeClass
public static void initialize() throws Exception {
    if (nestedStartCount++ > 0) {
        return;
    }
    File localDataDir = TMP_FOLDER.newFolder();
    cConf = createCConf(localDataDir);
    org.apache.hadoop.conf.Configuration hConf = new org.apache.hadoop.conf.Configuration();
    hConf.addResource("mapred-site-local.xml");
    hConf.reloadConfiguration();
    hConf.set(Constants.CFG_LOCAL_DATA_DIR, localDataDir.getAbsolutePath());
    hConf.set(Constants.AppFabric.OUTPUT_DIR, cConf.get(Constants.AppFabric.OUTPUT_DIR));
    hConf.set("hadoop.tmp.dir", new File(localDataDir, cConf.get(Constants.AppFabric.TEMP_DIR)).getAbsolutePath());
    // Windows specific requirements
    if (OSDetector.isWindows()) {
        File tmpDir = TMP_FOLDER.newFolder();
        File binDir = new File(tmpDir, "bin");
        Assert.assertTrue(binDir.mkdirs());
        copyTempFile("hadoop.dll", tmpDir);
        copyTempFile("winutils.exe", binDir);
        System.setProperty("hadoop.home.dir", tmpDir.getAbsolutePath());
        System.load(new File(tmpDir, "hadoop.dll").getAbsolutePath());
    }
    Injector injector = Guice.createInjector(createDataFabricModule(), new TransactionExecutorModule(), new DataSetsModules().getStandaloneModules(), new DataSetServiceModules().getInMemoryModules(), new ConfigModule(cConf, hConf), new IOModule(), new LocationRuntimeModule().getInMemoryModules(), new DiscoveryRuntimeModule().getInMemoryModules(), new AppFabricServiceRuntimeModule().getInMemoryModules(), new ServiceStoreModules().getInMemoryModules(), new InMemoryProgramRunnerModule(LocalStreamWriter.class), new SecureStoreModules().getInMemoryModules(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(StreamHandler.class).in(Scopes.SINGLETON);
            bind(StreamFetchHandler.class).in(Scopes.SINGLETON);
            bind(StreamViewHttpHandler.class).in(Scopes.SINGLETON);
            bind(StreamFileJanitorService.class).to(LocalStreamFileJanitorService.class).in(Scopes.SINGLETON);
            bind(StreamWriterSizeCollector.class).to(BasicStreamWriterSizeCollector.class).in(Scopes.SINGLETON);
            bind(StreamCoordinatorClient.class).to(InMemoryStreamCoordinatorClient.class).in(Scopes.SINGLETON);
            bind(MetricsManager.class).toProvider(MetricsManagerProvider.class);
        }
    }, // todo: do we need handler?
    new MetricsHandlerModule(), new MetricsClientRuntimeModule().getInMemoryModules(), new LoggingModules().getInMemoryModules(), new LogReaderRuntimeModules().getInMemoryModules(), new ExploreRuntimeModule().getInMemoryModules(), new ExploreClientModule(), new NotificationFeedServiceRuntimeModule().getInMemoryModules(), new NotificationServiceRuntimeModule().getInMemoryModules(), new NamespaceStoreModule().getStandaloneModules(), new AuthorizationModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new MessagingServerRuntimeModule().getInMemoryModules(), new PreviewHttpModule(), new AbstractModule() {

        @Override
        @SuppressWarnings("deprecation")
        protected void configure() {
            install(new FactoryModuleBuilder().implement(ApplicationManager.class, DefaultApplicationManager.class).build(ApplicationManagerFactory.class));
            install(new FactoryModuleBuilder().implement(ArtifactManager.class, DefaultArtifactManager.class).build(ArtifactManagerFactory.class));
            install(new FactoryModuleBuilder().implement(StreamManager.class, DefaultStreamManager.class).build(StreamManagerFactory.class));
            bind(TemporaryFolder.class).toInstance(TMP_FOLDER);
            bind(AuthorizationHandler.class).in(Scopes.SINGLETON);
        }
    });
    messagingService = injector.getInstance(MessagingService.class);
    if (messagingService instanceof Service) {
        ((Service) messagingService).startAndWait();
    }
    txService = injector.getInstance(TransactionManager.class);
    txService.startAndWait();
    dsOpService = injector.getInstance(DatasetOpExecutor.class);
    dsOpService.startAndWait();
    datasetService = injector.getInstance(DatasetService.class);
    datasetService.startAndWait();
    metricsQueryService = injector.getInstance(MetricsQueryService.class);
    metricsQueryService.startAndWait();
    metricsCollectionService = injector.getInstance(MetricsCollectionService.class);
    metricsCollectionService.startAndWait();
    programLifecycleService = injector.getInstance(ProgramLifecycleService.class);
    programLifecycleService.startAndWait();
    programNotificationSubscriberService = injector.getInstance(ProgramNotificationSubscriberService.class);
    programNotificationSubscriberService.startAndWait();
    scheduler = injector.getInstance(Scheduler.class);
    if (scheduler instanceof Service) {
        ((Service) scheduler).startAndWait();
    }
    if (scheduler instanceof CoreSchedulerService) {
        ((CoreSchedulerService) scheduler).waitUntilFunctional(10, TimeUnit.SECONDS);
    }
    if (cConf.getBoolean(Constants.Explore.EXPLORE_ENABLED)) {
        exploreExecutorService = injector.getInstance(ExploreExecutorService.class);
        exploreExecutorService.startAndWait();
        // wait for explore service to be discoverable
        DiscoveryServiceClient discoveryService = injector.getInstance(DiscoveryServiceClient.class);
        EndpointStrategy endpointStrategy = new RandomEndpointStrategy(discoveryService.discover(Constants.Service.EXPLORE_HTTP_USER_SERVICE));
        Preconditions.checkNotNull(endpointStrategy.pick(5, TimeUnit.SECONDS), "%s service is not up after 5 seconds", Constants.Service.EXPLORE_HTTP_USER_SERVICE);
        exploreClient = injector.getInstance(ExploreClient.class);
    }
    streamCoordinatorClient = injector.getInstance(StreamCoordinatorClient.class);
    streamCoordinatorClient.startAndWait();
    programScheduler = injector.getInstance(Scheduler.class);
    if (programScheduler instanceof Service) {
        ((Service) programScheduler).startAndWait();
    }
    testManager = injector.getInstance(UnitTestManager.class);
    metricsManager = injector.getInstance(MetricsManager.class);
    authorizerInstantiator = injector.getInstance(AuthorizerInstantiator.class);
    // This is needed so the logged-in user can successfully create the default namespace
    if (cConf.getBoolean(Constants.Security.Authorization.ENABLED)) {
        String user = System.getProperty("user.name");
        SecurityRequestContext.setUserId(user);
        InstanceId instance = new InstanceId(cConf.get(Constants.INSTANCE_NAME));
        Principal principal = new Principal(user, Principal.PrincipalType.USER);
        authorizerInstantiator.get().grant(Authorizable.fromEntityId(instance), principal, ImmutableSet.of(Action.ADMIN));
        authorizerInstantiator.get().grant(Authorizable.fromEntityId(NamespaceId.DEFAULT), principal, ImmutableSet.of(Action.ADMIN));
    }
    namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
    if (firstInit) {
        // only create the default namespace on first test. if multiple tests are run in the same JVM,
        // then any time after the first time, the default namespace already exists. That is because
        // the namespaceAdmin.delete(Id.Namespace.DEFAULT) in finish() only clears the default namespace
        // but does not remove it entirely
        namespaceAdmin.create(NamespaceMeta.DEFAULT);
    }
    secureStore = injector.getInstance(SecureStore.class);
    secureStoreManager = injector.getInstance(SecureStoreManager.class);
    messagingContext = new MultiThreadMessagingContext(messagingService);
    firstInit = false;
    previewManager = injector.getInstance(PreviewManager.class);
}
Also used : DataSetServiceModules(co.cask.cdap.data.runtime.DataSetServiceModules) DefaultApplicationManager(co.cask.cdap.test.internal.DefaultApplicationManager) DiscoveryServiceClient(org.apache.twill.discovery.DiscoveryServiceClient) CConfiguration(co.cask.cdap.common.conf.CConfiguration) InMemoryProgramRunnerModule(co.cask.cdap.app.guice.InMemoryProgramRunnerModule) DatasetService(co.cask.cdap.data2.datafabric.dataset.service.DatasetService) MetricsClientRuntimeModule(co.cask.cdap.metrics.guice.MetricsClientRuntimeModule) PreviewManager(co.cask.cdap.app.preview.PreviewManager) RandomEndpointStrategy(co.cask.cdap.common.discovery.RandomEndpointStrategy) EndpointStrategy(co.cask.cdap.common.discovery.EndpointStrategy) Injector(com.google.inject.Injector) StreamWriterSizeCollector(co.cask.cdap.data.stream.service.StreamWriterSizeCollector) BasicStreamWriterSizeCollector(co.cask.cdap.data.stream.service.BasicStreamWriterSizeCollector) CoreSchedulerService(co.cask.cdap.scheduler.CoreSchedulerService) SecureStoreManager(co.cask.cdap.api.security.store.SecureStoreManager) DefaultArtifactManager(co.cask.cdap.test.internal.DefaultArtifactManager) DiscoveryRuntimeModule(co.cask.cdap.common.guice.DiscoveryRuntimeModule) AuthorizationModule(co.cask.cdap.app.guice.AuthorizationModule) DefaultApplicationManager(co.cask.cdap.test.internal.DefaultApplicationManager) MetricsCollectionService(co.cask.cdap.api.metrics.MetricsCollectionService) InstanceId(co.cask.cdap.proto.id.InstanceId) SecureStoreModules(co.cask.cdap.security.guice.SecureStoreModules) LocationRuntimeModule(co.cask.cdap.common.guice.LocationRuntimeModule) NamespaceAdmin(co.cask.cdap.common.namespace.NamespaceAdmin) ExploreRuntimeModule(co.cask.cdap.explore.guice.ExploreRuntimeModule) SecureStore(co.cask.cdap.api.security.store.SecureStore) ExploreClientModule(co.cask.cdap.explore.guice.ExploreClientModule) TransactionManager(org.apache.tephra.TransactionManager) NotificationFeedServiceRuntimeModule(co.cask.cdap.notifications.feeds.guice.NotificationFeedServiceRuntimeModule) File(java.io.File) AppFabricServiceRuntimeModule(co.cask.cdap.app.guice.AppFabricServiceRuntimeModule) AuthorizationEnforcementModule(co.cask.cdap.security.authorization.AuthorizationEnforcementModule) IOModule(co.cask.cdap.common.guice.IOModule) ExploreClient(co.cask.cdap.explore.client.ExploreClient) ConfigModule(co.cask.cdap.common.guice.ConfigModule) FactoryModuleBuilder(com.google.inject.assistedinject.FactoryModuleBuilder) Scheduler(co.cask.cdap.scheduler.Scheduler) AuthorizerInstantiator(co.cask.cdap.security.authorization.AuthorizerInstantiator) NamespaceStoreModule(co.cask.cdap.store.guice.NamespaceStoreModule) PreviewHttpModule(co.cask.cdap.app.preview.PreviewHttpModule) MessagingServerRuntimeModule(co.cask.cdap.messaging.guice.MessagingServerRuntimeModule) MultiThreadMessagingContext(co.cask.cdap.internal.app.runtime.messaging.MultiThreadMessagingContext) ProgramNotificationSubscriberService(co.cask.cdap.internal.app.services.ProgramNotificationSubscriberService) NotificationServiceRuntimeModule(co.cask.cdap.notifications.guice.NotificationServiceRuntimeModule) TransactionExecutorModule(co.cask.cdap.data.runtime.TransactionExecutorModule) ProgramLifecycleService(co.cask.cdap.internal.app.services.ProgramLifecycleService) MetricsQueryService(co.cask.cdap.metrics.query.MetricsQueryService) DefaultStreamManager(co.cask.cdap.test.internal.DefaultStreamManager) LogReaderRuntimeModules(co.cask.cdap.logging.guice.LogReaderRuntimeModules) DataSetsModules(co.cask.cdap.data.runtime.DataSetsModules) StreamCoordinatorClient(co.cask.cdap.data.stream.StreamCoordinatorClient) InMemoryStreamCoordinatorClient(co.cask.cdap.data.stream.InMemoryStreamCoordinatorClient) MetricsCollectionService(co.cask.cdap.api.metrics.MetricsCollectionService) LocalStreamFileJanitorService(co.cask.cdap.data.stream.service.LocalStreamFileJanitorService) CoreSchedulerService(co.cask.cdap.scheduler.CoreSchedulerService) ExploreExecutorService(co.cask.cdap.explore.executor.ExploreExecutorService) Service(com.google.common.util.concurrent.Service) MessagingService(co.cask.cdap.messaging.MessagingService) MetricsQueryService(co.cask.cdap.metrics.query.MetricsQueryService) ProgramNotificationSubscriberService(co.cask.cdap.internal.app.services.ProgramNotificationSubscriberService) StreamFileJanitorService(co.cask.cdap.data.stream.service.StreamFileJanitorService) ProgramLifecycleService(co.cask.cdap.internal.app.services.ProgramLifecycleService) DatasetService(co.cask.cdap.data2.datafabric.dataset.service.DatasetService) DatasetOpExecutor(co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetOpExecutor) LocalStreamFileJanitorService(co.cask.cdap.data.stream.service.LocalStreamFileJanitorService) StreamFileJanitorService(co.cask.cdap.data.stream.service.StreamFileJanitorService) AbstractModule(com.google.inject.AbstractModule) LoggingModules(co.cask.cdap.logging.guice.LoggingModules) MessagingService(co.cask.cdap.messaging.MessagingService) DefaultArtifactManager(co.cask.cdap.test.internal.DefaultArtifactManager) MetricsHandlerModule(co.cask.cdap.metrics.guice.MetricsHandlerModule) LocalStreamWriter(co.cask.cdap.test.internal.LocalStreamWriter) DefaultStreamManager(co.cask.cdap.test.internal.DefaultStreamManager) ExploreExecutorService(co.cask.cdap.explore.executor.ExploreExecutorService) ServiceStoreModules(co.cask.cdap.app.guice.ServiceStoreModules) Principal(co.cask.cdap.proto.security.Principal) RandomEndpointStrategy(co.cask.cdap.common.discovery.RandomEndpointStrategy) BeforeClass(org.junit.BeforeClass)

Example 2 with AuthorizerInstantiator

use of co.cask.cdap.security.authorization.AuthorizerInstantiator in project cdap by caskdata.

the class PreviewRunnerModule method configure.

@Override
protected void configure() {
    bind(ArtifactRepository.class).toInstance(artifactRepository);
    expose(ArtifactRepository.class);
    bind(ArtifactStore.class).toInstance(artifactStore);
    expose(ArtifactStore.class);
    bind(AuthorizerInstantiator.class).toInstance(authorizerInstantiator);
    expose(AuthorizerInstantiator.class);
    bind(AuthorizationEnforcer.class).toInstance(authorizationEnforcer);
    expose(AuthorizationEnforcer.class);
    bind(PrivilegesManager.class).toInstance(privilegesManager);
    expose(PrivilegesManager.class);
    bind(StreamConsumerFactory.class).to(InMemoryStreamConsumerFactory.class).in(Scopes.SINGLETON);
    expose(StreamConsumerFactory.class);
    bind(StreamCoordinatorClient.class).toInstance(streamCoordinatorClient);
    expose(StreamCoordinatorClient.class);
    bind(PreferencesStore.class).toInstance(preferencesStore);
    // bind explore client to mock.
    bind(ExploreClient.class).to(MockExploreClient.class);
    expose(ExploreClient.class);
    bind(StorageProviderNamespaceAdmin.class).to(LocalStorageProviderNamespaceAdmin.class);
    bind(PipelineFactory.class).to(SynchronousPipelineFactory.class);
    install(new FactoryModuleBuilder().implement(new TypeLiteral<Manager<AppDeploymentInfo, ApplicationWithPrograms>>() {
    }, new TypeLiteral<PreviewApplicationManager<AppDeploymentInfo, ApplicationWithPrograms>>() {
    }).build(new TypeLiteral<ManagerFactory<AppDeploymentInfo, ApplicationWithPrograms>>() {
    }));
    bind(Store.class).to(DefaultStore.class);
    bind(RouteStore.class).to(LocalRouteStore.class).in(Scopes.SINGLETON);
    bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
    expose(UGIProvider.class);
    bind(RuntimeStore.class).to(DefaultStore.class);
    expose(RuntimeStore.class);
    // we don't delete namespaces in preview as we just delete preview directory when its done
    bind(NamespaceResourceDeleter.class).to(NoopNamespaceResourceDeleter.class).in(Scopes.SINGLETON);
    bind(NamespaceAdmin.class).to(DefaultNamespaceAdmin.class).in(Scopes.SINGLETON);
    bind(NamespaceQueryAdmin.class).to(DefaultNamespaceAdmin.class).in(Scopes.SINGLETON);
    expose(NamespaceAdmin.class);
    expose(NamespaceQueryAdmin.class);
    bind(PreviewRunner.class).to(DefaultPreviewRunner.class).in(Scopes.SINGLETON);
    expose(PreviewRunner.class);
    bind(PreviewStore.class).to(DefaultPreviewStore.class).in(Scopes.SINGLETON);
    bind(Scheduler.class).to(NoOpScheduler.class);
    bind(DataTracerFactory.class).to(DefaultDataTracerFactory.class);
    expose(DataTracerFactory.class);
    bind(OwnerStore.class).to(DefaultOwnerStore.class);
    expose(OwnerStore.class);
    bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
    expose(OwnerAdmin.class);
}
Also used : ExploreClient(co.cask.cdap.explore.client.ExploreClient) MockExploreClient(co.cask.cdap.explore.client.MockExploreClient) AuthorizerInstantiator(co.cask.cdap.security.authorization.AuthorizerInstantiator) SynchronousPipelineFactory(co.cask.cdap.internal.pipeline.SynchronousPipelineFactory) PipelineFactory(co.cask.cdap.pipeline.PipelineFactory) FactoryModuleBuilder(com.google.inject.assistedinject.FactoryModuleBuilder) Scheduler(co.cask.cdap.scheduler.Scheduler) NoOpScheduler(co.cask.cdap.scheduler.NoOpScheduler) UGIProvider(co.cask.cdap.security.impersonation.UGIProvider) UnsupportedUGIProvider(co.cask.cdap.security.impersonation.UnsupportedUGIProvider) RuntimeStore(co.cask.cdap.app.store.RuntimeStore) PreferencesStore(co.cask.cdap.config.PreferencesStore) DefaultPreviewStore(co.cask.cdap.internal.app.store.preview.DefaultPreviewStore) PreviewStore(co.cask.cdap.app.store.preview.PreviewStore) Store(co.cask.cdap.app.store.Store) LocalRouteStore(co.cask.cdap.route.store.LocalRouteStore) OwnerStore(co.cask.cdap.security.impersonation.OwnerStore) DefaultOwnerStore(co.cask.cdap.store.DefaultOwnerStore) RouteStore(co.cask.cdap.route.store.RouteStore) RuntimeStore(co.cask.cdap.app.store.RuntimeStore) DefaultStore(co.cask.cdap.internal.app.store.DefaultStore) ArtifactStore(co.cask.cdap.internal.app.runtime.artifact.ArtifactStore) AuthorizationEnforcer(co.cask.cdap.security.spi.authorization.AuthorizationEnforcer) PrivilegesManager(co.cask.cdap.security.spi.authorization.PrivilegesManager) Manager(co.cask.cdap.app.deploy.Manager) DefaultNamespaceAdmin(co.cask.cdap.internal.app.namespace.DefaultNamespaceAdmin) TypeLiteral(com.google.inject.TypeLiteral) AppDeploymentInfo(co.cask.cdap.internal.app.deploy.pipeline.AppDeploymentInfo) StorageProviderNamespaceAdmin(co.cask.cdap.internal.app.namespace.StorageProviderNamespaceAdmin) LocalStorageProviderNamespaceAdmin(co.cask.cdap.internal.app.namespace.LocalStorageProviderNamespaceAdmin) ApplicationWithPrograms(co.cask.cdap.internal.app.deploy.pipeline.ApplicationWithPrograms) PreferencesStore(co.cask.cdap.config.PreferencesStore) LocalRouteStore(co.cask.cdap.route.store.LocalRouteStore) NoopNamespaceResourceDeleter(co.cask.cdap.internal.app.namespace.NoopNamespaceResourceDeleter) DefaultPreviewStore(co.cask.cdap.internal.app.store.preview.DefaultPreviewStore) DefaultOwnerAdmin(co.cask.cdap.security.impersonation.DefaultOwnerAdmin) OwnerAdmin(co.cask.cdap.security.impersonation.OwnerAdmin) PrivilegesManager(co.cask.cdap.security.spi.authorization.PrivilegesManager) StreamCoordinatorClient(co.cask.cdap.data.stream.StreamCoordinatorClient) ArtifactRepository(co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository) OwnerStore(co.cask.cdap.security.impersonation.OwnerStore) DefaultOwnerStore(co.cask.cdap.store.DefaultOwnerStore) ArtifactStore(co.cask.cdap.internal.app.runtime.artifact.ArtifactStore) InMemoryStreamConsumerFactory(co.cask.cdap.data2.transaction.stream.inmemory.InMemoryStreamConsumerFactory) DefaultPreviewRunner(co.cask.cdap.internal.app.preview.DefaultPreviewRunner) DefaultDataTracerFactory(co.cask.cdap.internal.app.preview.DefaultDataTracerFactory)

Example 3 with AuthorizerInstantiator

use of co.cask.cdap.security.authorization.AuthorizerInstantiator in project cdap by caskdata.

the class AuthorizationHandlerTest method setUp.

@Before
public void setUp() throws Exception {
    CConfiguration conf = CConfiguration.create();
    conf.setBoolean(Constants.Security.Authorization.ENABLED, true);
    conf.setBoolean(Constants.Security.ENABLED, true);
    properties.setProperty("superusers", admin.getName());
    final InMemoryAuthorizer auth = new InMemoryAuthorizer();
    auth.initialize(FACTORY.create(properties));
    service = new CommonNettyHttpServiceBuilder(conf, getClass().getSimpleName()).setHttpHandlers(new AuthorizationHandler(auth, new AuthorizerInstantiator(conf, FACTORY) {

        @Override
        public Authorizer get() {
            return auth;
        }
    }, conf, auth, new MasterAuthenticationContext(), entityExistenceVerifier)).setChannelPipelineModifier(new ChannelPipelineModifier() {

        @Override
        public void modify(ChannelPipeline pipeline) {
            pipeline.addBefore("dispatcher", "usernamesetter", new TestUserNameSetter());
            pipeline.addAfter("usernamesetter", "authenticator", new AuthenticationChannelHandler());
        }
    }).build();
    service.start();
    client = new AuthorizationClient(ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(service.getBindAddress().getHostName()).setPort(service.getBindAddress().getPort()).setSSLEnabled(false).build()).build());
    System.setProperty(USERNAME_PROPERTY, admin.getName());
}
Also used : MasterAuthenticationContext(co.cask.cdap.security.auth.context.MasterAuthenticationContext) CommonNettyHttpServiceBuilder(co.cask.cdap.common.http.CommonNettyHttpServiceBuilder) AuthorizerInstantiator(co.cask.cdap.security.authorization.AuthorizerInstantiator) AuthenticationChannelHandler(co.cask.cdap.common.http.AuthenticationChannelHandler) CConfiguration(co.cask.cdap.common.conf.CConfiguration) ChannelPipeline(io.netty.channel.ChannelPipeline) InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer) InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer) Authorizer(co.cask.cdap.security.spi.authorization.Authorizer) AuthorizationClient(co.cask.cdap.client.AuthorizationClient) ChannelPipelineModifier(co.cask.http.ChannelPipelineModifier) Before(org.junit.Before)

Example 4 with AuthorizerInstantiator

use of co.cask.cdap.security.authorization.AuthorizerInstantiator in project cdap by caskdata.

the class AuthorizationHandlerTest method testDisabled.

private void testDisabled(CConfiguration cConf, FeatureDisabledException.Feature feature, String configSetting) throws Exception {
    final InMemoryAuthorizer authorizer = new InMemoryAuthorizer();
    NettyHttpService service = new CommonNettyHttpServiceBuilder(cConf, getClass().getSimpleName()).setHttpHandlers(new AuthorizationHandler(authorizer, new AuthorizerInstantiator(cConf, FACTORY) {

        @Override
        public Authorizer get() {
            return authorizer;
        }
    }, cConf, authorizer, new MasterAuthenticationContext(), entityExistenceVerifier)).build();
    service.start();
    try {
        final AuthorizationClient client = new AuthorizationClient(ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(service.getBindAddress().getHostName()).setPort(service.getBindAddress().getPort()).setSSLEnabled(false).build()).build());
        final NamespaceId ns1 = Ids.namespace("ns1");
        final Role admins = new Role("admins");
        // Test that the right exception is thrown when any Authorization REST API is called with authorization disabled
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.grant(Authorizable.fromEntityId(ns1), admin, ImmutableSet.of(Action.READ));
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.revoke(Authorizable.fromEntityId(ns1), admin, ImmutableSet.of(Action.READ));
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.revoke(Authorizable.fromEntityId(ns1));
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.listPrivileges(admin);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.addRoleToPrincipal(admins, admin);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.removeRoleFromPrincipal(admins, admin);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.createRole(admins);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.dropRole(admins);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.listAllRoles();
            }
        }, feature, configSetting);
    } finally {
        service.stop();
    }
}
Also used : MasterAuthenticationContext(co.cask.cdap.security.auth.context.MasterAuthenticationContext) CommonNettyHttpServiceBuilder(co.cask.cdap.common.http.CommonNettyHttpServiceBuilder) AuthorizerInstantiator(co.cask.cdap.security.authorization.AuthorizerInstantiator) FeatureDisabledException(co.cask.cdap.common.FeatureDisabledException) IOException(java.io.IOException) AlreadyExistsException(co.cask.cdap.security.spi.authorization.AlreadyExistsException) UnauthenticatedException(co.cask.cdap.common.UnauthenticatedException) NotFoundException(co.cask.cdap.common.NotFoundException) UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException) Role(co.cask.cdap.proto.security.Role) InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer) InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer) Authorizer(co.cask.cdap.security.spi.authorization.Authorizer) NettyHttpService(co.cask.http.NettyHttpService) AuthorizationClient(co.cask.cdap.client.AuthorizationClient) NamespaceId(co.cask.cdap.proto.id.NamespaceId)

Example 5 with AuthorizerInstantiator

use of co.cask.cdap.security.authorization.AuthorizerInstantiator in project cdap by caskdata.

the class SystemArtifactsAuthorizationTest method setup.

@BeforeClass
public static void setup() throws Exception {
    CConfiguration cConf = CConfiguration.create();
    cConf.set(Constants.CFG_LOCAL_DATA_DIR, TMP_FOLDER.newFolder().getAbsolutePath());
    cConf.setBoolean(Constants.Security.ENABLED, true);
    cConf.setBoolean(Constants.Security.KERBEROS_ENABLED, false);
    cConf.setBoolean(Constants.Security.Authorization.ENABLED, true);
    cConf.setInt(Constants.Security.Authorization.CACHE_MAX_ENTRIES, 0);
    Location deploymentJar = AppJarHelper.createDeploymentJar(new LocalLocationFactory(TMP_FOLDER.newFolder()), InMemoryAuthorizer.class);
    cConf.set(Constants.Security.Authorization.EXTENSION_JAR_PATH, deploymentJar.toURI().getPath());
    // Add a system artifact
    File systemArtifactsDir = TMP_FOLDER.newFolder();
    cConf.set(Constants.AppFabric.SYSTEM_ARTIFACTS_DIR, systemArtifactsDir.getAbsolutePath());
    createSystemArtifact(systemArtifactsDir);
    Injector injector = AppFabricTestHelper.getInjector(cConf);
    artifactRepository = injector.getInstance(ArtifactRepository.class);
    AuthorizerInstantiator instantiatorService = injector.getInstance(AuthorizerInstantiator.class);
    authorizer = instantiatorService.get();
    namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
}
Also used : Injector(com.google.inject.Injector) AuthorizerInstantiator(co.cask.cdap.security.authorization.AuthorizerInstantiator) NamespaceAdmin(co.cask.cdap.common.namespace.NamespaceAdmin) CConfiguration(co.cask.cdap.common.conf.CConfiguration) LocalLocationFactory(org.apache.twill.filesystem.LocalLocationFactory) File(java.io.File) Location(org.apache.twill.filesystem.Location) BeforeClass(org.junit.BeforeClass)

Aggregations

AuthorizerInstantiator (co.cask.cdap.security.authorization.AuthorizerInstantiator)5 CConfiguration (co.cask.cdap.common.conf.CConfiguration)3 AuthorizationClient (co.cask.cdap.client.AuthorizationClient)2 CommonNettyHttpServiceBuilder (co.cask.cdap.common.http.CommonNettyHttpServiceBuilder)2 NamespaceAdmin (co.cask.cdap.common.namespace.NamespaceAdmin)2 StreamCoordinatorClient (co.cask.cdap.data.stream.StreamCoordinatorClient)2 ExploreClient (co.cask.cdap.explore.client.ExploreClient)2 Scheduler (co.cask.cdap.scheduler.Scheduler)2 MasterAuthenticationContext (co.cask.cdap.security.auth.context.MasterAuthenticationContext)2 InMemoryAuthorizer (co.cask.cdap.security.authorization.InMemoryAuthorizer)2 Authorizer (co.cask.cdap.security.spi.authorization.Authorizer)2 Injector (com.google.inject.Injector)2 FactoryModuleBuilder (com.google.inject.assistedinject.FactoryModuleBuilder)2 File (java.io.File)2 BeforeClass (org.junit.BeforeClass)2 MetricsCollectionService (co.cask.cdap.api.metrics.MetricsCollectionService)1 SecureStore (co.cask.cdap.api.security.store.SecureStore)1 SecureStoreManager (co.cask.cdap.api.security.store.SecureStoreManager)1 Manager (co.cask.cdap.app.deploy.Manager)1 AppFabricServiceRuntimeModule (co.cask.cdap.app.guice.AppFabricServiceRuntimeModule)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial