Search in sources :

Example 6 with AuthorizationEnforcer

use of co.cask.cdap.security.spi.authorization.AuthorizationEnforcer in project cdap by caskdata.

the class PreviewDatasetFramework method getDataset.

@Nullable
@Override
public <T extends Dataset> T getDataset(final DatasetId datasetInstanceId, final Map<String, String> arguments, @Nullable final ClassLoader classLoader, final DatasetClassLoaderProvider classLoaderProvider, @Nullable final Iterable<? extends EntityId> owners, final AccessType accessType) throws DatasetManagementException, IOException {
    Principal principal = authenticationContext.getPrincipal();
    try {
        AuthorizationEnforcer enforcer;
        final boolean isUserDataset = DatasetsUtil.isUserDataset(datasetInstanceId);
        // only for the datasets from the real space enforce the authorization.
        if (isUserDataset && actualDatasetFramework.hasInstance(datasetInstanceId)) {
            enforcer = authorizationEnforcer;
        } else {
            enforcer = NOOP_ENFORCER;
        }
        return DefaultDatasetRuntimeContext.execute(enforcer, NOOP_DATASET_ACCESS_RECORDER, principal, datasetInstanceId, null, new Callable<T>() {

            @Override
            public T call() throws Exception {
                if (isUserDataset && actualDatasetFramework.hasInstance(datasetInstanceId)) {
                    return actualDatasetFramework.getDataset(datasetInstanceId, arguments, classLoader, classLoaderProvider, owners, accessType);
                }
                return localDatasetFramework.getDataset(datasetInstanceId, arguments, classLoader, classLoaderProvider, owners, accessType);
            }
        });
    } catch (IOException | DatasetManagementException e) {
        throw e;
    } catch (Exception e) {
        throw new DatasetManagementException("Failed to create dataset instance: " + datasetInstanceId, e);
    }
}
Also used : DatasetManagementException(co.cask.cdap.api.dataset.DatasetManagementException) AuthorizationEnforcer(co.cask.cdap.security.spi.authorization.AuthorizationEnforcer) IOException(java.io.IOException) Principal(co.cask.cdap.proto.security.Principal) DatasetManagementException(co.cask.cdap.api.dataset.DatasetManagementException) IOException(java.io.IOException) Nullable(javax.annotation.Nullable)

Example 7 with AuthorizationEnforcer

use of co.cask.cdap.security.spi.authorization.AuthorizationEnforcer in project cdap by caskdata.

the class RemoteDatasetFrameworkTest method before.

@Before
public void before() throws Exception {
    cConf.set(Constants.Service.MASTER_SERVICES_BIND_ADDRESS, "localhost");
    cConf.setBoolean(Constants.Dangerous.UNRECOVERABLE_RESET, true);
    Configuration txConf = HBaseConfiguration.create();
    CConfigurationUtil.copyTxProperties(cConf, txConf);
    // ok to pass null, since the impersonator won't actually be called, if kerberos security is not enabled
    Impersonator impersonator = new DefaultImpersonator(cConf, null);
    // TODO: Refactor to use injector for everything
    Injector injector = Guice.createInjector(new ConfigModule(cConf, txConf), new DiscoveryRuntimeModule().getInMemoryModules(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule(), new TransactionInMemoryModule(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(MetricsCollectionService.class).to(NoOpMetricsCollectionService.class).in(Singleton.class);
            install(new FactoryModuleBuilder().implement(DatasetDefinitionRegistry.class, DefaultDatasetDefinitionRegistry.class).build(DatasetDefinitionRegistryFactory.class));
            // through the injector, we only need RemoteDatasetFramework in these tests
            bind(RemoteDatasetFramework.class);
        }
    });
    // Tx Manager to support working with datasets
    txManager = new TransactionManager(txConf);
    txManager.startAndWait();
    InMemoryTxSystemClient txSystemClient = new InMemoryTxSystemClient(txManager);
    TransactionSystemClientService txSystemClientService = new DelegatingTransactionSystemClientService(txSystemClient);
    DiscoveryService discoveryService = injector.getInstance(DiscoveryService.class);
    DiscoveryServiceClient discoveryServiceClient = injector.getInstance(DiscoveryServiceClient.class);
    MetricsCollectionService metricsCollectionService = injector.getInstance(MetricsCollectionService.class);
    AuthenticationContext authenticationContext = injector.getInstance(AuthenticationContext.class);
    framework = new RemoteDatasetFramework(cConf, discoveryServiceClient, registryFactory, authenticationContext);
    SystemDatasetInstantiatorFactory datasetInstantiatorFactory = new SystemDatasetInstantiatorFactory(locationFactory, framework, cConf);
    DatasetAdminService datasetAdminService = new DatasetAdminService(framework, cConf, locationFactory, datasetInstantiatorFactory, new NoOpMetadataStore(), impersonator);
    ImmutableSet<HttpHandler> handlers = ImmutableSet.<HttpHandler>of(new DatasetAdminOpHTTPHandler(datasetAdminService));
    opExecutorService = new DatasetOpExecutorService(cConf, discoveryService, metricsCollectionService, handlers);
    opExecutorService.startAndWait();
    ImmutableMap<String, DatasetModule> modules = ImmutableMap.<String, DatasetModule>builder().put("memoryTable", new InMemoryTableModule()).put("core", new CoreDatasetsModule()).putAll(DatasetMetaTableUtil.getModules()).build();
    InMemoryDatasetFramework mdsFramework = new InMemoryDatasetFramework(registryFactory, modules);
    DiscoveryExploreClient exploreClient = new DiscoveryExploreClient(discoveryServiceClient, authenticationContext);
    ExploreFacade exploreFacade = new ExploreFacade(exploreClient, cConf);
    TransactionExecutorFactory txExecutorFactory = new DynamicTransactionExecutorFactory(txSystemClient);
    AuthorizationEnforcer authorizationEnforcer = injector.getInstance(AuthorizationEnforcer.class);
    DatasetTypeManager typeManager = new DatasetTypeManager(cConf, locationFactory, txSystemClientService, txExecutorFactory, mdsFramework, impersonator);
    DatasetInstanceManager instanceManager = new DatasetInstanceManager(txSystemClientService, txExecutorFactory, mdsFramework);
    PrivilegesManager privilegesManager = injector.getInstance(PrivilegesManager.class);
    DatasetTypeService typeService = new DatasetTypeService(typeManager, namespaceQueryAdmin, namespacedLocationFactory, authorizationEnforcer, privilegesManager, authenticationContext, cConf, impersonator, txSystemClientService, mdsFramework, txExecutorFactory, DEFAULT_MODULES);
    DatasetOpExecutor opExecutor = new LocalDatasetOpExecutor(cConf, discoveryServiceClient, opExecutorService, authenticationContext);
    DatasetInstanceService instanceService = new DatasetInstanceService(typeService, instanceManager, opExecutor, exploreFacade, namespaceQueryAdmin, ownerAdmin, authorizationEnforcer, privilegesManager, authenticationContext);
    instanceService.setAuditPublisher(inMemoryAuditPublisher);
    service = new DatasetService(cConf, discoveryService, discoveryServiceClient, metricsCollectionService, new InMemoryDatasetOpExecutor(framework), new HashSet<DatasetMetricsReporter>(), typeService, instanceService);
    // Start dataset service, wait for it to be discoverable
    service.startAndWait();
    EndpointStrategy endpointStrategy = new RandomEndpointStrategy(discoveryServiceClient.discover(Constants.Service.DATASET_MANAGER));
    Preconditions.checkNotNull(endpointStrategy.pick(5, TimeUnit.SECONDS), "%s service is not up after 5 seconds", service);
    createNamespace(NamespaceId.SYSTEM);
    createNamespace(NAMESPACE_ID);
}
Also used : InMemoryDatasetOpExecutor(co.cask.cdap.data2.datafabric.dataset.service.executor.InMemoryDatasetOpExecutor) DiscoveryServiceClient(org.apache.twill.discovery.DiscoveryServiceClient) AuthenticationContext(co.cask.cdap.security.spi.authentication.AuthenticationContext) DatasetAdminOpHTTPHandler(co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetAdminOpHTTPHandler) Configuration(org.apache.hadoop.conf.Configuration) HBaseConfiguration(org.apache.hadoop.hbase.HBaseConfiguration) TransactionInMemoryModule(org.apache.tephra.runtime.TransactionInMemoryModule) DatasetService(co.cask.cdap.data2.datafabric.dataset.service.DatasetService) AuthorizationEnforcer(co.cask.cdap.security.spi.authorization.AuthorizationEnforcer) DatasetTypeService(co.cask.cdap.data2.datafabric.dataset.service.DatasetTypeService) ExploreFacade(co.cask.cdap.explore.client.ExploreFacade) DynamicTransactionExecutorFactory(co.cask.cdap.data.runtime.DynamicTransactionExecutorFactory) TransactionExecutorFactory(co.cask.cdap.data2.transaction.TransactionExecutorFactory) NoOpMetadataStore(co.cask.cdap.data2.metadata.store.NoOpMetadataStore) EndpointStrategy(co.cask.cdap.common.discovery.EndpointStrategy) RandomEndpointStrategy(co.cask.cdap.common.discovery.RandomEndpointStrategy) Injector(com.google.inject.Injector) DiscoveryRuntimeModule(co.cask.cdap.common.guice.DiscoveryRuntimeModule) InMemoryDatasetFramework(co.cask.cdap.data2.dataset2.InMemoryDatasetFramework) HashSet(java.util.HashSet) HttpHandler(co.cask.http.HttpHandler) DatasetInstanceManager(co.cask.cdap.data2.datafabric.dataset.instance.DatasetInstanceManager) MetricsCollectionService(co.cask.cdap.api.metrics.MetricsCollectionService) NoOpMetricsCollectionService(co.cask.cdap.common.metrics.NoOpMetricsCollectionService) AuthenticationContextModules(co.cask.cdap.security.auth.context.AuthenticationContextModules) PrivilegesManager(co.cask.cdap.security.spi.authorization.PrivilegesManager) DefaultDatasetDefinitionRegistry(co.cask.cdap.data2.dataset2.DefaultDatasetDefinitionRegistry) DatasetDefinitionRegistry(co.cask.cdap.api.dataset.module.DatasetDefinitionRegistry) InMemoryTxSystemClient(org.apache.tephra.inmemory.InMemoryTxSystemClient) DatasetTypeManager(co.cask.cdap.data2.datafabric.dataset.type.DatasetTypeManager) InMemoryTableModule(co.cask.cdap.data2.dataset2.module.lib.inmemory.InMemoryTableModule) Singleton(com.google.inject.Singleton) TransactionManager(org.apache.tephra.TransactionManager) LocalDatasetOpExecutor(co.cask.cdap.data2.datafabric.dataset.service.executor.LocalDatasetOpExecutor) AuthorizationEnforcementModule(co.cask.cdap.security.authorization.AuthorizationEnforcementModule) DelegatingTransactionSystemClientService(co.cask.cdap.data2.transaction.DelegatingTransactionSystemClientService) ConfigModule(co.cask.cdap.common.guice.ConfigModule) FactoryModuleBuilder(com.google.inject.assistedinject.FactoryModuleBuilder) DynamicTransactionExecutorFactory(co.cask.cdap.data.runtime.DynamicTransactionExecutorFactory) DatasetModule(co.cask.cdap.api.dataset.module.DatasetModule) DiscoveryExploreClient(co.cask.cdap.explore.client.DiscoveryExploreClient) SystemDatasetInstantiatorFactory(co.cask.cdap.data.dataset.SystemDatasetInstantiatorFactory) DefaultDatasetDefinitionRegistry(co.cask.cdap.data2.dataset2.DefaultDatasetDefinitionRegistry) CoreDatasetsModule(co.cask.cdap.data2.dataset2.lib.table.CoreDatasetsModule) DatasetInstanceService(co.cask.cdap.data2.datafabric.dataset.service.DatasetInstanceService) TransactionSystemClientService(co.cask.cdap.data2.transaction.TransactionSystemClientService) DelegatingTransactionSystemClientService(co.cask.cdap.data2.transaction.DelegatingTransactionSystemClientService) DiscoveryService(org.apache.twill.discovery.DiscoveryService) DatasetAdminService(co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetAdminService) LocalDatasetOpExecutor(co.cask.cdap.data2.datafabric.dataset.service.executor.LocalDatasetOpExecutor) DatasetOpExecutor(co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetOpExecutor) InMemoryDatasetOpExecutor(co.cask.cdap.data2.datafabric.dataset.service.executor.InMemoryDatasetOpExecutor) DefaultImpersonator(co.cask.cdap.security.impersonation.DefaultImpersonator) Impersonator(co.cask.cdap.security.impersonation.Impersonator) DefaultImpersonator(co.cask.cdap.security.impersonation.DefaultImpersonator) AuthorizationTestModule(co.cask.cdap.security.authorization.AuthorizationTestModule) AbstractModule(com.google.inject.AbstractModule) DatasetOpExecutorService(co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetOpExecutorService) RandomEndpointStrategy(co.cask.cdap.common.discovery.RandomEndpointStrategy) Before(org.junit.Before)

Aggregations

AuthorizationEnforcer (co.cask.cdap.security.spi.authorization.AuthorizationEnforcer)7 SystemDatasetInstantiatorFactory (co.cask.cdap.data.dataset.SystemDatasetInstantiatorFactory)3 DatasetManagementException (co.cask.cdap.api.dataset.DatasetManagementException)2 DatasetModule (co.cask.cdap.api.dataset.module.DatasetModule)2 MetricsCollectionService (co.cask.cdap.api.metrics.MetricsCollectionService)2 CConfiguration (co.cask.cdap.common.conf.CConfiguration)2 ConfigModule (co.cask.cdap.common.guice.ConfigModule)2 DiscoveryRuntimeModule (co.cask.cdap.common.guice.DiscoveryRuntimeModule)2 NoOpMetricsCollectionService (co.cask.cdap.common.metrics.NoOpMetricsCollectionService)2 NamespaceAdmin (co.cask.cdap.common.namespace.NamespaceAdmin)2 NamespaceQueryAdmin (co.cask.cdap.common.namespace.NamespaceQueryAdmin)2 DynamicTransactionExecutorFactory (co.cask.cdap.data.runtime.DynamicTransactionExecutorFactory)2 DatasetInstanceManager (co.cask.cdap.data2.datafabric.dataset.instance.DatasetInstanceManager)2 DatasetService (co.cask.cdap.data2.datafabric.dataset.service.DatasetService)2 DatasetAdminOpHTTPHandler (co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetAdminOpHTTPHandler)2 DatasetAdminService (co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetAdminService)2 DatasetOpExecutor (co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetOpExecutor)2 DatasetOpExecutorService (co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetOpExecutorService)2 InMemoryDatasetOpExecutor (co.cask.cdap.data2.datafabric.dataset.service.executor.InMemoryDatasetOpExecutor)2 DatasetTypeManager (co.cask.cdap.data2.datafabric.dataset.type.DatasetTypeManager)2