Examples with PrivilegesManager co.cask.cdap.security.spi.authorization.PrivilegesManager used on opensource projects

Search in sources :

Example 1 with PrivilegesManager

use of co.cask.cdap.security.spi.authorization.PrivilegesManager in project cdap by caskdata.

the class RemotePrivilegesTest method setup.

@BeforeClass
public static void setup() throws IOException, InterruptedException {
    CConfiguration cConf = CConfiguration.create();
    cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMPORARY_FOLDER.newFolder().getAbsolutePath());
    cConf.setBoolean(Constants.Security.ENABLED, true);
    cConf.setBoolean(Constants.Security.KERBEROS_ENABLED, false);
    cConf.setBoolean(Constants.Security.Authorization.ENABLED, true);
    cConf.setInt(Constants.Security.Authorization.CACHE_MAX_ENTRIES, 10000);
    cConf.setInt(Constants.Security.Authorization.CACHE_TTL_SECS, CACHE_TIMEOUT);
    Manifest manifest = new Manifest();
    manifest.getMainAttributes().put(Attributes.Name.MAIN_CLASS, InMemoryAuthorizer.class.getName());
    LocationFactory locationFactory = new LocalLocationFactory(TEMPORARY_FOLDER.newFolder());
    Location externalAuthJar = AppJarHelper.createDeploymentJar(locationFactory, InMemoryAuthorizer.class, manifest);
    cConf.set(Constants.Security.Authorization.EXTENSION_JAR_PATH, externalAuthJar.toString());
    Injector injector = AppFabricTestHelper.getInjector(cConf);
    discoveryService = injector.getInstance(DiscoveryServiceClient.class);
    appFabricServer = injector.getInstance(AppFabricServer.class);
    appFabricServer.startAndWait();
    waitForService(Constants.Service.APP_FABRIC_HTTP);
    authorizationEnforcer = injector.getInstance(RemoteAuthorizationEnforcer.class);
    privilegesManager = injector.getInstance(PrivilegesManager.class);
}
Also used : DiscoveryServiceClient(org.apache.twill.discovery.DiscoveryServiceClient) RemoteAuthorizationEnforcer(co.cask.cdap.security.authorization.RemoteAuthorizationEnforcer) InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer) Injector(com.google.inject.Injector) AppFabricServer(co.cask.cdap.internal.app.services.AppFabricServer) PrivilegesManager(co.cask.cdap.security.spi.authorization.PrivilegesManager) Manifest(java.util.jar.Manifest) CConfiguration(co.cask.cdap.common.conf.CConfiguration) LocalLocationFactory(org.apache.twill.filesystem.LocalLocationFactory) LocalLocationFactory(org.apache.twill.filesystem.LocalLocationFactory) LocationFactory(org.apache.twill.filesystem.LocationFactory) Location(org.apache.twill.filesystem.Location) BeforeClass(org.junit.BeforeClass)

Example 2 with PrivilegesManager

use of co.cask.cdap.security.spi.authorization.PrivilegesManager in project cdap by caskdata.

the class DistributedProgramRunnableModule method getCoreModules.

private List<Module> getCoreModules(final ProgramId programId, String txClientId) {
    return new ArrayList<>(Arrays.<Module>asList(new ConfigModule(cConf, hConf), new IOModule(), new ZKClientModule(), new KafkaClientModule(), new MetricsClientRuntimeModule().getDistributedModules(), new MessagingClientModule(), new LocationRuntimeModule().getDistributedModules(), new LoggingModules().getDistributedModules(), new DiscoveryRuntimeModule().getDistributedModules(), new DataFabricModules(txClientId).getDistributedModules(), new DataSetsModules().getDistributedModules(), new ViewAdminModules().getDistributedModules(), new StreamAdminModules().getDistributedModules(), new NotificationFeedClientModule(), new AuditModule().getDistributedModules(), new NamespaceClientRuntimeModule().getDistributedModules(), new AuthorizationEnforcementModule().getDistributedModules(), new SecureStoreModules().getDistributedModules(), new AbstractModule() {

        @Override
        protected void configure() {
            // For Binding queue stuff
            bind(QueueReaderFactory.class).in(Scopes.SINGLETON);
            // For binding DataSet transaction stuff
            install(new DataFabricFacadeModule());
            bind(ProgramStateWriter.class).to(MessagingProgramStateWriter.class);
            bind(RuntimeStore.class).to(RemoteRuntimeStore.class);
            // For binding StreamWriter
            install(createStreamFactoryModule());
            // don't need to perform any impersonation from within user programs
            bind(UGIProvider.class).to(CurrentUGIProvider.class).in(Scopes.SINGLETON);
            // bind PrivilegesManager to a remote implementation, so it does not need to instantiate the authorizer
            bind(PrivilegesManager.class).to(RemotePrivilegesManager.class);
            bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
            // Bind ProgramId to the passed in instance programId so that we can retrieve it back later when needed.
            // For example see ProgramDiscoveryExploreClient.
            // Also binding to instance is fine here as the programId is guaranteed to not change throughout the
            // lifecycle of this program runnable
            bind(ProgramId.class).toInstance(programId);
            // bind explore client to ProgramDiscoveryExploreClient which is aware of the programId
            bind(ExploreClient.class).to(ProgramDiscoveryExploreClient.class).in(Scopes.SINGLETON);
            // Bind the ArtifactManager implementation
            install(new FactoryModuleBuilder().implement(ArtifactManager.class, RemoteArtifactManager.class).build(ArtifactManagerFactory.class));
            // Bind the PluginFinder implementation
            bind(PluginFinder.class).to(RemotePluginFinder.class);
        }
    }));
}
Also used : IOModule(co.cask.cdap.common.guice.IOModule) MessagingClientModule(co.cask.cdap.messaging.guice.MessagingClientModule) NamespaceClientRuntimeModule(co.cask.cdap.common.namespace.guice.NamespaceClientRuntimeModule) ProgramDiscoveryExploreClient(co.cask.cdap.explore.client.ProgramDiscoveryExploreClient) ConfigModule(co.cask.cdap.common.guice.ConfigModule) FactoryModuleBuilder(com.google.inject.assistedinject.FactoryModuleBuilder) ArtifactManagerFactory(co.cask.cdap.internal.app.runtime.artifact.ArtifactManagerFactory) ArrayList(java.util.ArrayList) RuntimeStore(co.cask.cdap.app.store.RuntimeStore) RemoteRuntimeStore(co.cask.cdap.internal.app.store.remote.RemoteRuntimeStore) MetricsClientRuntimeModule(co.cask.cdap.metrics.guice.MetricsClientRuntimeModule) ViewAdminModules(co.cask.cdap.data.view.ViewAdminModules) ZKClientModule(co.cask.cdap.common.guice.ZKClientModule) MessagingProgramStateWriter(co.cask.cdap.internal.app.program.MessagingProgramStateWriter) ProgramStateWriter(co.cask.cdap.app.runtime.ProgramStateWriter) KafkaClientModule(co.cask.cdap.common.guice.KafkaClientModule) RemotePluginFinder(co.cask.cdap.internal.app.runtime.artifact.RemotePluginFinder) PluginFinder(co.cask.cdap.internal.app.runtime.artifact.PluginFinder) CurrentUGIProvider(co.cask.cdap.security.impersonation.CurrentUGIProvider) DiscoveryRuntimeModule(co.cask.cdap.common.guice.DiscoveryRuntimeModule) DataSetsModules(co.cask.cdap.data.runtime.DataSetsModules) SecureStoreModules(co.cask.cdap.security.guice.SecureStoreModules) DefaultOwnerAdmin(co.cask.cdap.security.impersonation.DefaultOwnerAdmin) OwnerAdmin(co.cask.cdap.security.impersonation.OwnerAdmin) LocationRuntimeModule(co.cask.cdap.common.guice.LocationRuntimeModule) PrivilegesManager(co.cask.cdap.security.spi.authorization.PrivilegesManager) RemotePrivilegesManager(co.cask.cdap.security.authorization.RemotePrivilegesManager) ProgramId(co.cask.cdap.proto.id.ProgramId) LoggingModules(co.cask.cdap.logging.guice.LoggingModules) AbstractModule(com.google.inject.AbstractModule) StreamAdminModules(co.cask.cdap.data.stream.StreamAdminModules) NotificationFeedClientModule(co.cask.cdap.notifications.feeds.client.NotificationFeedClientModule) QueueReaderFactory(co.cask.cdap.internal.app.queue.QueueReaderFactory) AuditModule(co.cask.cdap.data2.audit.AuditModule) DataFabricModules(co.cask.cdap.data.runtime.DataFabricModules) AuthorizationEnforcementModule(co.cask.cdap.security.authorization.AuthorizationEnforcementModule)

Example 3 with PrivilegesManager

use of co.cask.cdap.security.spi.authorization.PrivilegesManager in project cdap by caskdata.

the class PreviewRunnerModule method configure.

@Override
protected void configure() {
    bind(ArtifactRepository.class).toInstance(artifactRepository);
    expose(ArtifactRepository.class);
    bind(ArtifactStore.class).toInstance(artifactStore);
    expose(ArtifactStore.class);
    bind(AuthorizerInstantiator.class).toInstance(authorizerInstantiator);
    expose(AuthorizerInstantiator.class);
    bind(AuthorizationEnforcer.class).toInstance(authorizationEnforcer);
    expose(AuthorizationEnforcer.class);
    bind(PrivilegesManager.class).toInstance(privilegesManager);
    expose(PrivilegesManager.class);
    bind(StreamConsumerFactory.class).to(InMemoryStreamConsumerFactory.class).in(Scopes.SINGLETON);
    expose(StreamConsumerFactory.class);
    bind(StreamCoordinatorClient.class).toInstance(streamCoordinatorClient);
    expose(StreamCoordinatorClient.class);
    bind(PreferencesStore.class).toInstance(preferencesStore);
    // bind explore client to mock.
    bind(ExploreClient.class).to(MockExploreClient.class);
    expose(ExploreClient.class);
    bind(StorageProviderNamespaceAdmin.class).to(LocalStorageProviderNamespaceAdmin.class);
    bind(PipelineFactory.class).to(SynchronousPipelineFactory.class);
    install(new FactoryModuleBuilder().implement(new TypeLiteral<Manager<AppDeploymentInfo, ApplicationWithPrograms>>() {
    }, new TypeLiteral<PreviewApplicationManager<AppDeploymentInfo, ApplicationWithPrograms>>() {
    }).build(new TypeLiteral<ManagerFactory<AppDeploymentInfo, ApplicationWithPrograms>>() {
    }));
    bind(Store.class).to(DefaultStore.class);
    bind(RouteStore.class).to(LocalRouteStore.class).in(Scopes.SINGLETON);
    bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
    expose(UGIProvider.class);
    bind(RuntimeStore.class).to(DefaultStore.class);
    expose(RuntimeStore.class);
    // we don't delete namespaces in preview as we just delete preview directory when its done
    bind(NamespaceResourceDeleter.class).to(NoopNamespaceResourceDeleter.class).in(Scopes.SINGLETON);
    bind(NamespaceAdmin.class).to(DefaultNamespaceAdmin.class).in(Scopes.SINGLETON);
    bind(NamespaceQueryAdmin.class).to(DefaultNamespaceAdmin.class).in(Scopes.SINGLETON);
    expose(NamespaceAdmin.class);
    expose(NamespaceQueryAdmin.class);
    bind(PreviewRunner.class).to(DefaultPreviewRunner.class).in(Scopes.SINGLETON);
    expose(PreviewRunner.class);
    bind(PreviewStore.class).to(DefaultPreviewStore.class).in(Scopes.SINGLETON);
    bind(Scheduler.class).to(NoOpScheduler.class);
    bind(DataTracerFactory.class).to(DefaultDataTracerFactory.class);
    expose(DataTracerFactory.class);
    bind(OwnerStore.class).to(DefaultOwnerStore.class);
    expose(OwnerStore.class);
    bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
    expose(OwnerAdmin.class);
}
Also used : ExploreClient(co.cask.cdap.explore.client.ExploreClient) MockExploreClient(co.cask.cdap.explore.client.MockExploreClient) AuthorizerInstantiator(co.cask.cdap.security.authorization.AuthorizerInstantiator) SynchronousPipelineFactory(co.cask.cdap.internal.pipeline.SynchronousPipelineFactory) PipelineFactory(co.cask.cdap.pipeline.PipelineFactory) FactoryModuleBuilder(com.google.inject.assistedinject.FactoryModuleBuilder) Scheduler(co.cask.cdap.scheduler.Scheduler) NoOpScheduler(co.cask.cdap.scheduler.NoOpScheduler) UGIProvider(co.cask.cdap.security.impersonation.UGIProvider) UnsupportedUGIProvider(co.cask.cdap.security.impersonation.UnsupportedUGIProvider) RuntimeStore(co.cask.cdap.app.store.RuntimeStore) PreferencesStore(co.cask.cdap.config.PreferencesStore) DefaultPreviewStore(co.cask.cdap.internal.app.store.preview.DefaultPreviewStore) PreviewStore(co.cask.cdap.app.store.preview.PreviewStore) Store(co.cask.cdap.app.store.Store) LocalRouteStore(co.cask.cdap.route.store.LocalRouteStore) OwnerStore(co.cask.cdap.security.impersonation.OwnerStore) DefaultOwnerStore(co.cask.cdap.store.DefaultOwnerStore) RouteStore(co.cask.cdap.route.store.RouteStore) RuntimeStore(co.cask.cdap.app.store.RuntimeStore) DefaultStore(co.cask.cdap.internal.app.store.DefaultStore) ArtifactStore(co.cask.cdap.internal.app.runtime.artifact.ArtifactStore) AuthorizationEnforcer(co.cask.cdap.security.spi.authorization.AuthorizationEnforcer) PrivilegesManager(co.cask.cdap.security.spi.authorization.PrivilegesManager) Manager(co.cask.cdap.app.deploy.Manager) DefaultNamespaceAdmin(co.cask.cdap.internal.app.namespace.DefaultNamespaceAdmin) TypeLiteral(com.google.inject.TypeLiteral) AppDeploymentInfo(co.cask.cdap.internal.app.deploy.pipeline.AppDeploymentInfo) StorageProviderNamespaceAdmin(co.cask.cdap.internal.app.namespace.StorageProviderNamespaceAdmin) LocalStorageProviderNamespaceAdmin(co.cask.cdap.internal.app.namespace.LocalStorageProviderNamespaceAdmin) ApplicationWithPrograms(co.cask.cdap.internal.app.deploy.pipeline.ApplicationWithPrograms) PreferencesStore(co.cask.cdap.config.PreferencesStore) LocalRouteStore(co.cask.cdap.route.store.LocalRouteStore) NoopNamespaceResourceDeleter(co.cask.cdap.internal.app.namespace.NoopNamespaceResourceDeleter) DefaultPreviewStore(co.cask.cdap.internal.app.store.preview.DefaultPreviewStore) DefaultOwnerAdmin(co.cask.cdap.security.impersonation.DefaultOwnerAdmin) OwnerAdmin(co.cask.cdap.security.impersonation.OwnerAdmin) PrivilegesManager(co.cask.cdap.security.spi.authorization.PrivilegesManager) StreamCoordinatorClient(co.cask.cdap.data.stream.StreamCoordinatorClient) ArtifactRepository(co.cask.cdap.internal.app.runtime.artifact.ArtifactRepository) OwnerStore(co.cask.cdap.security.impersonation.OwnerStore) DefaultOwnerStore(co.cask.cdap.store.DefaultOwnerStore) ArtifactStore(co.cask.cdap.internal.app.runtime.artifact.ArtifactStore) InMemoryStreamConsumerFactory(co.cask.cdap.data2.transaction.stream.inmemory.InMemoryStreamConsumerFactory) DefaultPreviewRunner(co.cask.cdap.internal.app.preview.DefaultPreviewRunner) DefaultDataTracerFactory(co.cask.cdap.internal.app.preview.DefaultDataTracerFactory)

Example 4 with PrivilegesManager

use of co.cask.cdap.security.spi.authorization.PrivilegesManager in project cdap by caskdata.

the class RemotePrivilegesTestBase method setup.

protected static void setup() throws IOException, InterruptedException {
    cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMPORARY_FOLDER.newFolder().getAbsolutePath());
    cConf.setBoolean(Constants.Security.ENABLED, true);
    cConf.setBoolean(Constants.Security.KERBEROS_ENABLED, false);
    cConf.setBoolean(Constants.Security.Authorization.ENABLED, true);
    cConf.setInt(Constants.Security.Authorization.CACHE_TTL_SECS, CACHE_TIMEOUT);
    Manifest manifest = new Manifest();
    manifest.getMainAttributes().put(Attributes.Name.MAIN_CLASS, InMemoryAuthorizer.class.getName());
    LocationFactory locationFactory = new LocalLocationFactory(TEMPORARY_FOLDER.newFolder());
    Location externalAuthJar = AppJarHelper.createDeploymentJar(locationFactory, InMemoryAuthorizer.class, manifest);
    cConf.set(Constants.Security.Authorization.EXTENSION_JAR_PATH, externalAuthJar.toString());
    Injector injector = AppFabricTestHelper.getInjector(cConf);
    discoveryService = injector.getInstance(DiscoveryServiceClient.class);
    appFabricServer = injector.getInstance(AppFabricServer.class);
    appFabricServer.startAndWait();
    waitForService(Constants.Service.APP_FABRIC_HTTP);
    authorizationEnforcer = injector.getInstance(RemoteAuthorizationEnforcer.class);
    privilegesManager = injector.getInstance(PrivilegesManager.class);
}
Also used : DiscoveryServiceClient(org.apache.twill.discovery.DiscoveryServiceClient) RemoteAuthorizationEnforcer(co.cask.cdap.security.authorization.RemoteAuthorizationEnforcer) InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer) Injector(com.google.inject.Injector) AppFabricServer(co.cask.cdap.internal.app.services.AppFabricServer) PrivilegesManager(co.cask.cdap.security.spi.authorization.PrivilegesManager) Manifest(java.util.jar.Manifest) LocalLocationFactory(org.apache.twill.filesystem.LocalLocationFactory) LocalLocationFactory(org.apache.twill.filesystem.LocalLocationFactory) LocationFactory(org.apache.twill.filesystem.LocationFactory) Location(org.apache.twill.filesystem.Location)

Aggregations

PrivilegesManager (co.cask.cdap.security.spi.authorization.PrivilegesManager)4 RuntimeStore (co.cask.cdap.app.store.RuntimeStore)2 AppFabricServer (co.cask.cdap.internal.app.services.AppFabricServer)2 InMemoryAuthorizer (co.cask.cdap.security.authorization.InMemoryAuthorizer)2 RemoteAuthorizationEnforcer (co.cask.cdap.security.authorization.RemoteAuthorizationEnforcer)2 DefaultOwnerAdmin (co.cask.cdap.security.impersonation.DefaultOwnerAdmin)2 OwnerAdmin (co.cask.cdap.security.impersonation.OwnerAdmin)2 Injector (com.google.inject.Injector)2 Manager (co.cask.cdap.app.deploy.Manager)1 ProgramStateWriter (co.cask.cdap.app.runtime.ProgramStateWriter)1 Store (co.cask.cdap.app.store.Store)1 PreviewStore (co.cask.cdap.app.store.preview.PreviewStore)1 CConfiguration (co.cask.cdap.common.conf.CConfiguration)1 ConfigModule (co.cask.cdap.common.guice.ConfigModule)1 DiscoveryRuntimeModule (co.cask.cdap.common.guice.DiscoveryRuntimeModule)1 IOModule (co.cask.cdap.common.guice.IOModule)1 KafkaClientModule (co.cask.cdap.common.guice.KafkaClientModule)1 LocationRuntimeModule (co.cask.cdap.common.guice.LocationRuntimeModule)1 ZKClientModule (co.cask.cdap.common.guice.ZKClientModule)1 NamespaceClientRuntimeModule (co.cask.cdap.common.namespace.guice.NamespaceClientRuntimeModule)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial