Search in sources :

Example 31 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class QueryLogicFactoryBeanTest method setup.

@Before
public void setup() throws IllegalArgumentException, IllegalAccessException {
    System.setProperty(NpeUtils.NPE_OU_PROPERTY, "iamnotaperson");
    System.setProperty("dw.metadatahelper.all.auths", "A,B,C,D");
    Logger.getLogger(ClassPathXmlApplicationContext.class).setLevel(Level.OFF);
    Logger.getLogger(XmlBeanDefinitionReader.class).setLevel(Level.OFF);
    Logger.getLogger(DefaultListableBeanFactory.class).setLevel(Level.OFF);
    ClassPathXmlApplicationContext queryFactory = new ClassPathXmlApplicationContext();
    queryFactory.setConfigLocation("TestQueryLogicFactory.xml");
    queryFactory.refresh();
    factoryConfig = queryFactory.getBean(QueryLogicFactoryConfiguration.class.getSimpleName(), QueryLogicFactoryConfiguration.class);
    Whitebox.setInternalState(bean, QueryLogicFactoryConfiguration.class, factoryConfig);
    Whitebox.setInternalState(bean, ClassPathXmlApplicationContext.class, queryFactory);
    ctx = createMock(EJBContext.class);
    logic = createMockBuilder(BaseQueryLogic.class).addMockedMethods("setLogicName", "getMaxPageSize", "getPageByteTrigger").createMock();
    DatawaveUser user = new DatawaveUser(SubjectIssuerDNPair.of("CN=Poe Edgar Allan eapoe, OU=acme", "<CN=ca, OU=acme>"), UserType.USER, null, null, null, 0L);
    principal = new DatawavePrincipal(Collections.singletonList(user));
}
Also used : EJBContext(javax.ejb.EJBContext) ClassPathXmlApplicationContext(org.springframework.context.support.ClassPathXmlApplicationContext) XmlBeanDefinitionReader(org.springframework.beans.factory.xml.XmlBeanDefinitionReader) DatawaveUser(datawave.security.authorization.DatawaveUser) DefaultListableBeanFactory(org.springframework.beans.factory.support.DefaultListableBeanFactory) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) Before(org.junit.Before)

Example 32 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class MapReduceBean method ooziesubmit.

/**
 * Execute a Oozie workflow with the given workFlow name and runtime parameters
 *
 * @param queryParameters
 * @return
 */
@POST
@Produces({ "application/xml", "text/xml", "application/json", "text/yaml", "text/x-yaml", "application/x-yaml", "application/x-protobuf", "application/x-protostuff" })
@javax.ws.rs.Path("/ooziesubmit")
@GZIP
public GenericResponse<String> ooziesubmit(MultivaluedMap<String, String> queryParameters) {
    GenericResponse<String> response = new GenericResponse<>();
    String workFlow = queryParameters.getFirst(OozieJobConstants.WORKFLOW_PARAM);
    if (StringUtils.isBlank(workFlow)) {
        throw new BadRequestException(new IllegalArgumentException(OozieJobConstants.WORKFLOW_PARAM + " parameter missing"), response);
    }
    String parameters = queryParameters.getFirst(OozieJobConstants.PARAMETERS);
    // Find out who/what called this method
    Principal p = ctx.getCallerPrincipal();
    String sid = null;
    String userDn = p.getName();
    DatawavePrincipal datawavePrincipal = null;
    if (p instanceof DatawavePrincipal) {
        datawavePrincipal = (DatawavePrincipal) p;
        sid = datawavePrincipal.getShortName();
    } else {
        QueryException qe = new QueryException(DatawaveErrorCode.UNEXPECTED_PRINCIPAL_ERROR, MessageFormat.format("Class: {0}", p.getClass().getName()));
        response.addException(qe);
        throw new DatawaveWebApplicationException(qe, response);
    }
    OozieJobConfiguration job;
    try {
        MapReduceJobConfiguration mrConfig = this.mapReduceConfiguration.getConfiguration(workFlow);
        if (mrConfig instanceof OozieJobConfiguration) {
            job = (OozieJobConfiguration) mrConfig;
        } else {
            throw new IllegalArgumentException(workFlow + " not an Oozie job configuration");
        }
    } catch (IllegalArgumentException e) {
        BadRequestQueryException qe = new BadRequestQueryException(DatawaveErrorCode.JOB_CONFIGURATION_ERROR, e);
        response.addException(qe);
        throw new BadRequestException(qe, response);
    }
    if (job instanceof NeedCallerDetails) {
        ((NeedCallerDetails) job).setUserSid(sid);
        ((NeedCallerDetails) job).setPrincipal(p);
    }
    // Ensure that the user has the required roles and has passed the required auths
    if (null != job.getRequiredRoles() || null != job.getRequiredAuths()) {
        try {
            canRunJob(datawavePrincipal, queryParameters, job.getRequiredRoles(), job.getRequiredAuths());
        } catch (UnauthorizedQueryException qe) {
            // user does not have all of the required roles or did not pass the required auths
            response.addException(qe);
            throw new UnauthorizedException(qe, response);
        }
    }
    String id = sid + "_" + UUID.randomUUID();
    OozieClient oozieClient = null;
    Properties oozieConf = null;
    try {
        oozieClient = new OozieClient((String) job.getJobConfigurationProperties().get(OozieJobConstants.OOZIE_CLIENT_PROP));
        oozieConf = oozieClient.createConfiguration();
        job.initializeOozieConfiguration(id, oozieConf, queryParameters);
        job.validateWorkflowParameter(oozieConf, mapReduceConfiguration);
    } catch (QueryException qe) {
        log.error(qe.getMessage(), qe);
        response.addException(qe);
        throw new DatawaveWebApplicationException(qe, response);
    } catch (Exception e) {
        log.error(e.getMessage(), e);
        response.addException(new QueryException(e.getMessage(), e));
        throw new DatawaveWebApplicationException(e, response);
    } finally {
        // audit query here
        Auditor.AuditType auditType = job.getAuditType();
        log.trace("Audit type is: " + auditType.name());
        if (!auditType.equals(Auditor.AuditType.NONE)) {
            try {
                marking.validate(queryParameters);
                PrivateAuditConstants.stripPrivateParameters(queryParameters);
                queryParameters.putSingle(PrivateAuditConstants.USER_DN, userDn);
                queryParameters.putSingle(PrivateAuditConstants.COLUMN_VISIBILITY, marking.toColumnVisibilityString());
                queryParameters.putSingle(PrivateAuditConstants.AUDIT_TYPE, auditType.name());
                List<String> selectors = job.getSelectors(queryParameters, oozieConf);
                if (selectors != null && !selectors.isEmpty()) {
                    queryParameters.put(PrivateAuditConstants.SELECTORS, selectors);
                }
                // if the user didn't set an audit id, use the query id
                if (!queryParameters.containsKey(AuditParameters.AUDIT_ID)) {
                    queryParameters.putSingle(AuditParameters.AUDIT_ID, id);
                }
                auditor.audit(queryParameters);
            } catch (IllegalArgumentException e) {
                log.error("Error validating audit parameters", e);
                BadRequestQueryException qe = new BadRequestQueryException(DatawaveErrorCode.MISSING_REQUIRED_PARAMETER, e);
                response.addException(qe);
                throw new BadRequestException(qe, response);
            } catch (Exception e) {
                log.error("Error auditing query", e);
                response.addMessage("Error auditing query - " + e.getMessage());
                throw new BadRequestException(e, response);
            }
        }
    }
    // Submit the Oozie workflow.
    try {
        String jobID = null;
        try {
            jobID = oozieClient.run(oozieConf);
        } catch (Exception e) {
            throw new QueryException(DatawaveErrorCode.OOZIE_JOB_START_ERROR, e);
        }
        try {
            String jobResultstDir = oozieConf.getProperty(OozieJobConstants.OUT_DIR_PROP) + "/" + id;
            response.setResult(id);
            Path baseDir = new Path(this.mapReduceConfiguration.getMapReduceBaseDirectory());
            // Create a directory path for this job
            Path jobDir = new Path(baseDir, id);
            mapReduceState.create(id, job.getHdfsUri(), job.getJobTracker(), jobDir.toString(), jobID, jobResultstDir, parameters, workFlow);
        } catch (Exception e) {
            QueryException qe = new QueryException(DatawaveErrorCode.MAPREDUCE_STATE_PERSISTENCE_ERROR, e);
            response.addException(qe.getBottomQueryException());
            try {
                oozieClient.kill(jobID);
                // if we successfully kill the job, throw the original exception
                throw qe;
            } catch (Exception e2) {
                // throw the exception from killing the job
                throw new QueryException(DatawaveErrorCode.MAPREDUCE_JOB_KILL_ERROR, e2);
            }
        }
    } catch (QueryException qe) {
        log.error(qe.getMessage(), qe);
        response.addException(qe);
        throw new DatawaveWebApplicationException(qe, response);
    } catch (Exception e) {
        log.error(e.getMessage(), e);
        QueryException qe = new QueryException(DatawaveErrorCode.UNKNOWN_SERVER_ERROR, e.getMessage());
        response.addException(qe);
        throw new DatawaveWebApplicationException(qe, response);
    }
    return response;
}
Also used : Path(org.apache.hadoop.fs.Path) GenericResponse(datawave.webservice.result.GenericResponse) BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException) NeedCallerDetails(datawave.webservice.mr.configuration.NeedCallerDetails) Properties(java.util.Properties) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) DatawaveWebApplicationException(datawave.webservice.common.exception.DatawaveWebApplicationException) WebApplicationException(javax.ws.rs.WebApplicationException) NotFoundQueryException(datawave.webservice.query.exception.NotFoundQueryException) IOException(java.io.IOException) QueryException(datawave.webservice.query.exception.QueryException) BadRequestException(datawave.webservice.common.exception.BadRequestException) NotFoundException(datawave.webservice.common.exception.NotFoundException) UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException) UnauthorizedException(datawave.webservice.common.exception.UnauthorizedException) BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException) UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException) Auditor(datawave.webservice.common.audit.Auditor) OozieClient(org.apache.oozie.client.OozieClient) NotFoundQueryException(datawave.webservice.query.exception.NotFoundQueryException) QueryException(datawave.webservice.query.exception.QueryException) UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException) BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException) MapReduceJobConfiguration(datawave.webservice.mr.configuration.MapReduceJobConfiguration) UnauthorizedException(datawave.webservice.common.exception.UnauthorizedException) BadRequestException(datawave.webservice.common.exception.BadRequestException) DatawaveWebApplicationException(datawave.webservice.common.exception.DatawaveWebApplicationException) OozieJobConfiguration(datawave.webservice.mr.configuration.OozieJobConfiguration) Principal(java.security.Principal) ServerPrincipal(datawave.security.system.ServerPrincipal) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces) GZIP(org.jboss.resteasy.annotations.GZIP)

Example 33 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class RemoteAuditor method audit.

@Override
@Timed(name = "dw.remoteAuditService.audit", absolute = true)
public String audit(Map<String, String> params) {
    Principal p = ctx.getCallerPrincipal();
    DatawavePrincipal dp = null;
    if (p instanceof DatawavePrincipal)
        dp = (DatawavePrincipal) p;
    final String bearerHeader = "Bearer " + jwtTokenHandler.createTokenFromUsers(dp.getName(), dp.getProxiedUsers());
    UrlEncodedFormEntity postBody = new UrlEncodedFormEntity(params.entrySet().stream().map(e -> (NameValuePair) new BasicNameValuePair(e.getKey(), e.getValue()))::iterator, Consts.UTF_8);
    // @formatter:off
    return executePostMethodWithRuntimeException("audit", uriBuilder -> {
    }, httpPost -> {
        httpPost.setEntity(postBody);
        httpPost.setHeader("Authorization", bearerHeader);
    }, EntityUtils::toString, () -> "audit [" + params + "]");
// @formatter:on
}
Also used : BasicNameValuePair(org.apache.http.message.BasicNameValuePair) UrlEncodedFormEntity(org.apache.http.client.entity.UrlEncodedFormEntity) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) Principal(java.security.Principal) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) EntityUtils(org.apache.http.util.EntityUtils) Timed(com.codahale.metrics.annotation.Timed)

Example 34 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class QueryExecutorBeanTest method testPredict.

@SuppressWarnings("unchecked")
@Test
public void testPredict() throws Exception {
    QueryImpl q = createNewQuery();
    MultivaluedMap p = createNewQueryParameterMap();
    p.putSingle(QueryParameters.QUERY_LOGIC_NAME, queryLogicName);
    MultivaluedMap<String, String> optionalParameters = createNewQueryParameters(q, p);
    @SuppressWarnings("rawtypes") QueryLogic logic = createMock(BaseQueryLogic.class);
    DatawaveUser user = new DatawaveUser(SubjectIssuerDNPair.of(userDN, "<CN=MY_CA, OU=MY_SUBDIVISION, OU=MY_DIVISION, O=ORG, C=US>"), UserType.USER, Arrays.asList(auths), null, null, 0L);
    DatawavePrincipal principal = new DatawavePrincipal(Collections.singletonList(user));
    String[] dns = principal.getDNs();
    Arrays.sort(dns);
    List<String> dnList = Arrays.asList(dns);
    PowerMock.resetAll();
    EasyMock.expect(ctx.getCallerPrincipal()).andReturn(principal).anyTimes();
    suppress(constructor(QueryParametersImpl.class));
    EasyMock.expect(persister.create(principal.getUserDN().subjectDN(), dnList, (SecurityMarking) Whitebox.getField(bean.getClass(), "marking").get(bean), queryLogicName, (QueryParameters) Whitebox.getField(bean.getClass(), "qp").get(bean), optionalParameters)).andReturn(q);
    EasyMock.expect(queryLogicFactory.getQueryLogic(queryLogicName, principal)).andReturn(logic);
    EasyMock.expect(logic.getRequiredQueryParameters()).andReturn(Collections.EMPTY_SET);
    EasyMock.expect(logic.containsDNWithAccess(dnList)).andReturn(true);
    EasyMock.expect(logic.getMaxPageSize()).andReturn(0);
    BaseQueryMetric metric = new QueryMetricFactoryImpl().createMetric();
    metric.populate(q);
    metric.setQueryType(RunningQuery.class.getSimpleName());
    QueryMetric testMetric = new QueryMetric((QueryMetric) metric) {

        @Override
        public boolean equals(Object o) {
            // test for equality except for the create date
            if (null == o) {
                return false;
            }
            if (this == o) {
                return true;
            }
            if (o instanceof QueryMetric) {
                QueryMetric other = (QueryMetric) o;
                return new EqualsBuilder().append(this.getQueryId(), other.getQueryId()).append(this.getQueryType(), other.getQueryType()).append(this.getQueryAuthorizations(), other.getQueryAuthorizations()).append(this.getColumnVisibility(), other.getColumnVisibility()).append(this.getBeginDate(), other.getBeginDate()).append(this.getEndDate(), other.getEndDate()).append(this.getCreateDate(), other.getCreateDate()).append(this.getSetupTime(), other.getSetupTime()).append(this.getUser(), other.getUser()).append(this.getUserDN(), other.getUserDN()).append(this.getQuery(), other.getQuery()).append(this.getQueryLogic(), other.getQueryLogic()).append(this.getQueryName(), other.getQueryName()).append(this.getParameters(), other.getParameters()).append(this.getHost(), other.getHost()).append(this.getPageTimes(), other.getPageTimes()).append(this.getProxyServers(), other.getProxyServers()).append(this.getLifecycle(), other.getLifecycle()).append(this.getErrorMessage(), other.getErrorMessage()).append(this.getErrorCode(), other.getErrorCode()).append(this.getSourceCount(), other.getSourceCount()).append(this.getNextCount(), other.getNextCount()).append(this.getSeekCount(), other.getSeekCount()).append(this.getYieldCount(), other.getYieldCount()).append(this.getDocRanges(), other.getDocRanges()).append(this.getFiRanges(), other.getFiRanges()).append(this.getPlan(), other.getPlan()).append(this.getVersion(), other.getVersion()).append(this.getLoginTime(), other.getLoginTime()).append(this.getPredictions(), other.getPredictions()).isEquals();
            } else {
                return false;
            }
        }
    };
    Set<Prediction> predictions = new HashSet<>();
    predictions.add(new Prediction("source", 1));
    EasyMock.expect(predictor.predict(EasyMock.eq(testMetric))).andReturn(predictions);
    PowerMock.replayAll();
    GenericResponse<String> response = bean.predictQuery(queryLogicName, p);
    PowerMock.verifyAll();
    Object cachedRunningQuery = cache.get(q.getId().toString());
    Assert.assertNull(cachedRunningQuery);
    Assert.assertEquals(predictions.toString(), response.getResult());
}
Also used : DatawaveUser(datawave.security.authorization.DatawaveUser) Prediction(datawave.microservice.querymetric.BaseQueryMetric.Prediction) EqualsBuilder(org.apache.commons.lang.builder.EqualsBuilder) BaseQueryLogic(datawave.webservice.query.logic.BaseQueryLogic) QueryLogic(datawave.webservice.query.logic.QueryLogic) QueryParametersImpl(datawave.webservice.query.QueryParametersImpl) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) QueryImpl(datawave.webservice.query.QueryImpl) BaseQueryMetric(datawave.microservice.querymetric.BaseQueryMetric) QueryMetric(datawave.microservice.querymetric.QueryMetric) EasyMock.anyObject(org.easymock.EasyMock.anyObject) BaseQueryMetric(datawave.microservice.querymetric.BaseQueryMetric) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) QueryMetricFactoryImpl(datawave.microservice.querymetric.QueryMetricFactoryImpl) HashSet(java.util.HashSet) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 35 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class QueryExecutorBeanTest method testGoodListWithGet.

// @Test
@SuppressWarnings("unchecked")
public void testGoodListWithGet() throws URISyntaxException, CloneNotSupportedException, ParserConfigurationException, IOException, SAXException {
    String queryName = "Something";
    // need to call the getQueryByName() method. Maybe a partial mock of QueryExecutorBean would be better
    // setup principal mock
    String dn = "CN=Guy Some Other soguy, OU=MY_SUBDIVISION, OU=MY_DIVISION, O=ORG, C=US";
    String[] auths = new String[2];
    auths[0] = "PUBLIC";
    auths[1] = "PRIVATE";
    DatawaveUser user = new DatawaveUser(SubjectIssuerDNPair.of(dn), UserType.USER, Arrays.asList(auths), null, null, 0L);
    DatawavePrincipal principal = new DatawavePrincipal(Collections.singletonList(user));
    EasyMock.expect(ctx.getCallerPrincipal()).andReturn(principal);
    EasyMock.replay(ctx);
    // setup persister with queries
    String logicName = "EventQuery";
    QueryImpl q1 = new QueryImpl();
    q1.setUserDN(principal.getShortName());
    q1.setQueryLogicName(logicName);
    q1.setQueryAuthorizations(auths.toString());
    q1.setId(new UUID(1, 1));
    QueryImpl q2 = new QueryImpl();
    q2.setUserDN(principal.getShortName());
    q2.setQueryLogicName(logicName);
    q2.setQueryAuthorizations(auths.toString());
    q2.setId(new UUID(1, 2));
    List<Query> queries = new ArrayList<>();
    queries.add(q1);
    queries.add(q2);
    EasyMock.expect(persister.findByName(queryName)).andReturn(queries);
    EasyMock.replay(persister);
    @SuppressWarnings("rawtypes") QueryLogic logic = createMock(BaseQueryLogic.class);
    EasyMock.expect(logic.getConnectionPriority()).andReturn(AccumuloConnectionFactory.Priority.NORMAL).times(2);
    EasyMock.expect(logic.getMaxPageSize()).andReturn(0);
    EasyMock.replay(logic);
    EasyMock.expect(queryLogicFactory.getQueryLogic(logicName, null)).andReturn(logic).times(2);
    EasyMock.replay(queryLogicFactory);
    // setup test
    request = MockHttpRequest.get("/DataWave/Query/list?name=" + queryName);
    // execute
    dispatcher.invoke(request, response);
    // assert
    assertEquals(HttpServletResponse.SC_OK, response.getStatus());
    DocumentBuilder db = (DocumentBuilderFactory.newInstance()).newDocumentBuilder();
    Document doc = db.parse(new InputSource(new StringReader(response.getContentAsString())));
    NodeList returnedQueries = doc.getElementsByTagName("query");
    assertEquals(queries.size(), returnedQueries.getLength());
}
Also used : InputSource(org.xml.sax.InputSource) Query(datawave.webservice.query.Query) DatawaveUser(datawave.security.authorization.DatawaveUser) NodeList(org.w3c.dom.NodeList) ArrayList(java.util.ArrayList) BaseQueryLogic(datawave.webservice.query.logic.BaseQueryLogic) QueryLogic(datawave.webservice.query.logic.QueryLogic) Document(org.w3c.dom.Document) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) QueryImpl(datawave.webservice.query.QueryImpl) DocumentBuilder(javax.xml.parsers.DocumentBuilder) StringReader(java.io.StringReader) UUID(java.util.UUID)

Aggregations

DatawavePrincipal (datawave.security.authorization.DatawavePrincipal)93 DatawaveUser (datawave.security.authorization.DatawaveUser)41 Principal (java.security.Principal)37 HashSet (java.util.HashSet)33 Test (org.junit.Test)29 QueryException (datawave.webservice.query.exception.QueryException)24 Connector (org.apache.accumulo.core.client.Connector)23 IOException (java.io.IOException)19 DatawaveWebApplicationException (datawave.webservice.common.exception.DatawaveWebApplicationException)18 NotFoundQueryException (datawave.webservice.query.exception.NotFoundQueryException)18 Authorizations (org.apache.accumulo.core.security.Authorizations)17 Query (datawave.webservice.query.Query)16 UnauthorizedQueryException (datawave.webservice.query.exception.UnauthorizedQueryException)15 NoResultsException (datawave.webservice.common.exception.NoResultsException)13 ArrayList (java.util.ArrayList)13 Path (javax.ws.rs.Path)13 Produces (javax.ws.rs.Produces)13 SubjectIssuerDNPair (datawave.security.authorization.SubjectIssuerDNPair)12 WebApplicationException (javax.ws.rs.WebApplicationException)12 BadRequestException (datawave.webservice.common.exception.BadRequestException)11