use of io.cdap.cdap.security.auth.context.AuthenticationContextModules in project cdap by caskdata.
the class RemoteExecutionJobMain method initialize.
@VisibleForTesting
RemoteExecutionRuntimeJobEnvironment initialize(CConfiguration cConf) throws Exception {
zkServer = InMemoryZKServer.builder().build();
zkServer.startAndWait();
InetSocketAddress zkAddr = ResolvingDiscoverable.resolve(zkServer.getLocalAddress());
String zkConnectStr = String.format("%s:%d", zkAddr.getHostString(), zkAddr.getPort());
LOG.debug("In memory ZK started at {}", zkConnectStr);
cConf.set(Constants.Zookeeper.QUORUM, zkConnectStr);
Injector injector = Guice.createInjector(new ConfigModule(cConf), RemoteAuthenticatorModules.getDefaultModule(), new DFSLocationModule(), new InMemoryDiscoveryModule(), new TwillModule(), new AuthenticationContextModules().getProgramContainerModule(cConf), new AbstractModule() {
@Override
protected void configure() {
// don't need to perform any impersonation from within user programs
bind(UGIProvider.class).to(CurrentUGIProvider.class).in(Scopes.SINGLETON);
// Binds a no-op SecureStore for the TwillModule to setup TokenSecureStoreRenewer.
bind(SecureStore.class).toInstance(new SecureStore() {
@Override
public List<SecureStoreMetadata> list(String namespace) {
return Collections.emptyList();
}
@Override
public SecureStoreData get(String namespace, String name) throws Exception {
throw new NotFoundException("Secure key " + name + " not found in namespace " + namespace);
}
});
}
});
Map<String, String> properties = new HashMap<>();
properties.put(Constants.Zookeeper.QUORUM, zkConnectStr);
locationFactory = injector.getInstance(LocationFactory.class);
locationFactory.create("/").mkdirs();
twillRunnerService = injector.getInstance(TwillRunnerService.class);
twillRunnerService.start();
if (UserGroupInformation.isSecurityEnabled()) {
TokenSecureStoreRenewer secureStoreRenewer = injector.getInstance(TokenSecureStoreRenewer.class);
secureStoreUpdateCancellable = twillRunnerService.setSecureStoreRenewer(secureStoreRenewer, 30000L, secureStoreRenewer.getUpdateInterval(), 30000L, TimeUnit.MILLISECONDS);
}
return new RemoteExecutionRuntimeJobEnvironment(locationFactory, twillRunnerService, properties);
}
use of io.cdap.cdap.security.auth.context.AuthenticationContextModules in project cdap by caskdata.
the class DefaultRuntimeJob method createModules.
/**
* Returns list of guice modules used to start the program run.
*/
@VisibleForTesting
List<Module> createModules(RuntimeJobEnvironment runtimeJobEnv, CConfiguration cConf, ProgramRunId programRunId, ProgramOptions programOpts) {
List<Module> modules = new ArrayList<>();
modules.add(new ConfigModule(cConf));
RuntimeMonitorType runtimeMonitorType = SystemArguments.getRuntimeMonitorType(cConf, programOpts);
modules.add(RuntimeMonitors.getRemoteAuthenticatorModule(runtimeMonitorType, programOpts));
modules.add(new IOModule());
modules.add(new TMSLogAppenderModule());
modules.add(new RemoteExecutionDiscoveryModule());
modules.add(new AuthenticationContextModules().getProgramContainerModule(cConf));
modules.add(new MetricsClientRuntimeModule().getDistributedModules());
modules.add(new MessagingServerRuntimeModule().getStandaloneModules());
modules.add(new AbstractModule() {
@Override
protected void configure() {
bind(ClusterMode.class).toInstance(ClusterMode.ISOLATED);
bind(UGIProvider.class).to(CurrentUGIProvider.class).in(Scopes.SINGLETON);
// Bindings from the environment
bind(TwillRunner.class).annotatedWith(Constants.AppFabric.ProgramRunner.class).toInstance(runtimeJobEnv.getTwillRunner());
bind(LocationFactory.class).toInstance(runtimeJobEnv.getLocationFactory());
MapBinder<ProgramType, ProgramRunner> defaultProgramRunnerBinder = MapBinder.newMapBinder(binder(), ProgramType.class, ProgramRunner.class);
bind(ProgramRuntimeProvider.Mode.class).toInstance(ProgramRuntimeProvider.Mode.DISTRIBUTED);
bind(ProgramRunnerFactory.class).annotatedWith(Constants.AppFabric.ProgramRunner.class).to(DefaultProgramRunnerFactory.class).in(Scopes.SINGLETON);
bind(ProgramStateWriter.class).to(MessagingProgramStateWriter.class).in(Scopes.SINGLETON);
defaultProgramRunnerBinder.addBinding(ProgramType.MAPREDUCE).to(DistributedMapReduceProgramRunner.class);
defaultProgramRunnerBinder.addBinding(ProgramType.WORKFLOW).to(DistributedWorkflowProgramRunner.class);
defaultProgramRunnerBinder.addBinding(ProgramType.WORKER).to(DistributedWorkerProgramRunner.class);
bind(ProgramRunnerFactory.class).to(DefaultProgramRunnerFactory.class).in(Scopes.SINGLETON);
bind(ProgramRunId.class).toInstance(programRunId);
bind(RuntimeMonitorType.class).toInstance(runtimeMonitorType);
install(new FactoryModuleBuilder().implement(Configurator.class, InMemoryConfigurator.class).build(ConfiguratorFactory.class));
bind(String.class).annotatedWith(Names.named(RemoteIsolatedPluginFinder.ISOLATED_PLUGIN_DIR)).toInstance(programOpts.getArguments().getOption(ProgramOptionConstants.PLUGIN_DIR, DistributedProgramRunner.PLUGIN_DIR));
bind(PluginFinder.class).to(RemoteIsolatedPluginFinder.class);
bind(ArtifactRepositoryReader.class).to(RemoteArtifactRepositoryReader.class).in(Scopes.SINGLETON);
bind(ArtifactRepository.class).to(RemoteArtifactRepository.class);
}
});
return modules;
}
use of io.cdap.cdap.security.auth.context.AuthenticationContextModules in project cdap by caskdata.
the class LogHttpHandlerTest method setup.
@BeforeClass
public static void setup() throws Exception {
CConfiguration cConf = CConfiguration.create();
cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMP_FOLDER.newFolder().getAbsolutePath());
cConf.set(Constants.LogQuery.ADDRESS, InetAddress.getLoopbackAddress().getHostAddress());
Injector injector = Guice.createInjector(Modules.override(new ConfigModule(cConf), RemoteAuthenticatorModules.getNoOpModule(), new NonCustomLocationUnitTestModule(), new InMemoryDiscoveryModule(), new LogQueryRuntimeModule().getInMemoryModules(), new DataFabricModules().getInMemoryModules(), new DataSetsModules().getStandaloneModules(), new DataSetServiceModules().getInMemoryModules(), new ExploreClientModule(), new NamespaceAdminTestModule(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule()).with(new AbstractModule() {
@Override
protected void configure() {
bind(MetricsCollectionService.class).to(NoOpMetricsCollectionService.class);
bind(LogReader.class).to(MockLogReader.class).in(Scopes.SINGLETON);
bind(Store.class).to(DefaultStore.class);
bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
bind(OwnerAdmin.class).to(NoOpOwnerAdmin.class);
// TODO (CDAP-14677): find a better way to inject metadata publisher
bind(MetadataServiceClient.class).to(NoOpMetadataServiceClient.class);
}
}));
transactionManager = injector.getInstance(TransactionManager.class);
transactionManager.startAndWait();
StoreDefinition.createAllTables(injector.getInstance(StructuredTableAdmin.class));
dsOpService = injector.getInstance(DatasetOpExecutorService.class);
dsOpService.startAndWait();
datasetService = injector.getInstance(DatasetService.class);
datasetService.startAndWait();
logQueryService = injector.getInstance(LogQueryService.class);
logQueryService.startAndWait();
mockLogReader = (MockLogReader) injector.getInstance(LogReader.class);
mockLogReader.generateLogs();
discoveryServiceClient = injector.getInstance(DiscoveryServiceClient.class);
}
use of io.cdap.cdap.security.auth.context.AuthenticationContextModules in project cdap by caskdata.
the class PreviewRunnerTwillRunnable method createInjector.
@VisibleForTesting
static Injector createInjector(CConfiguration cConf, Configuration hConf, PreviewRequestPollerInfo pollerInfo) {
List<Module> modules = new ArrayList<>();
byte[] pollerInfoBytes = Bytes.toBytes(new Gson().toJson(pollerInfo));
SConfiguration sConf = SConfiguration.create();
modules.add(new ConfigModule(cConf, hConf, sConf));
modules.add(RemoteAuthenticatorModules.getDefaultModule());
modules.add(new PreviewConfigModule(cConf, hConf, sConf));
modules.add(new IOModule());
modules.add(new MetricsClientRuntimeModule().getDistributedModules());
// If MasterEnvironment is not available, assuming it is the old hadoop stack with ZK, Kafka
MasterEnvironment masterEnv = MasterEnvironments.getMasterEnvironment();
if (masterEnv == null) {
modules.add(new ZKClientModule());
modules.add(new ZKDiscoveryModule());
modules.add(new KafkaClientModule());
modules.add(new KafkaLogAppenderModule());
} else {
modules.add(new AbstractModule() {
@Override
protected void configure() {
bind(DiscoveryService.class).toProvider(new SupplierProviderBridge<>(masterEnv.getDiscoveryServiceSupplier()));
bind(DiscoveryServiceClient.class).toProvider(new SupplierProviderBridge<>(masterEnv.getDiscoveryServiceClientSupplier()));
}
});
modules.add(new RemoteLogAppenderModule());
}
modules.add(new PreviewRunnerManagerModule().getDistributedModules());
modules.add(new DataSetServiceModules().getStandaloneModules());
modules.add(new DataSetsModules().getStandaloneModules());
modules.add(new AppFabricServiceRuntimeModule(cConf).getStandaloneModules());
modules.add(new ProgramRunnerRuntimeModule().getStandaloneModules());
modules.add(new MetricsStoreModule());
modules.add(new MessagingClientModule());
modules.add(new AuditModule());
modules.add(new SecureStoreClientModule());
modules.add(new MetadataReaderWriterModules().getStandaloneModules());
modules.add(new DFSLocationModule());
modules.add(new MetadataServiceModule());
modules.add(new CoreSecurityRuntimeModule().getInMemoryModules());
modules.add(new AuthenticationContextModules().getMasterWorkerModule());
modules.add(new AuthorizationModule());
modules.add(new AuthorizationEnforcementModule().getNoOpModules());
modules.add(Modules.override(new DataFabricModules("master").getDistributedModules()).with(new AbstractModule() {
@Override
protected void configure() {
// Bind transaction system to a constant one, basically no transaction, with every write become
// visible immediately.
// TODO: Ideally we shouldn't need this at all. However, it is needed now to satisfy dependencies
bind(TransactionSystemClientService.class).to(DelegatingTransactionSystemClientService.class);
bind(TransactionSystemClient.class).to(ConstantTransactionSystemClient.class);
bind(ExploreClient.class).to(UnsupportedExploreClient.class);
bind(PreviewRequestPollerInfoProvider.class).toInstance(() -> pollerInfoBytes);
}
}));
return Guice.createInjector(modules);
}
use of io.cdap.cdap.security.auth.context.AuthenticationContextModules in project cdap by caskdata.
the class AbstractServiceMain method init.
@Override
public final void init(String[] args) throws Exception {
LOG.info("Initializing master service class {}", getClass().getName());
// System wide setup
Thread.setDefaultUncaughtExceptionHandler(new UncaughtExceptionHandler());
// Intercept JUL loggers
SLF4JBridgeHandler.removeHandlersForRootLogger();
SLF4JBridgeHandler.install();
TypeToken<?> type = TypeToken.of(getClass()).resolveType(AbstractServiceMain.class.getTypeParameters()[0]);
T options = (T) type.getRawType().newInstance();
OptionsParser.init(options, args, getClass().getSimpleName(), ProjectInfo.getVersion().toString(), System.out);
CConfiguration cConf = CConfiguration.create();
SecurityUtil.loginForMasterService(cConf);
SConfiguration sConf = SConfiguration.create();
if (options.getExtraConfPath() != null) {
cConf.addResource(new File(options.getExtraConfPath(), "cdap-site.xml").toURI().toURL());
sConf.addResource(new File(options.getExtraConfPath(), "cdap-security.xml").toURI().toURL());
}
cConf = updateCConf(cConf);
Configuration hConf = new Configuration();
masterEnv = MasterEnvironments.setMasterEnvironment(MasterEnvironments.create(cConf, options.getEnvProvider()));
MasterEnvironmentContext masterEnvContext = MasterEnvironments.createContext(cConf, hConf, masterEnv.getName());
masterEnv.initialize(masterEnvContext);
List<Module> modules = new ArrayList<>();
modules.add(new ConfigModule(cConf, hConf, sConf));
modules.add(RemoteAuthenticatorModules.getDefaultModule());
modules.add(new PreviewConfigModule(cConf, hConf, sConf));
modules.add(new IOModule());
modules.add(new MetricsClientRuntimeModule().getDistributedModules());
modules.add(new AbstractModule() {
@Override
protected void configure() {
bind(DiscoveryService.class).toProvider(new SupplierProviderBridge<>(masterEnv.getDiscoveryServiceSupplier()));
bind(DiscoveryServiceClient.class).toProvider(new SupplierProviderBridge<>(masterEnv.getDiscoveryServiceClientSupplier()));
}
});
modules.add(getLogAppenderModule());
CoreSecurityModule coreSecurityModule = CoreSecurityRuntimeModule.getDistributedModule(cConf);
modules.add(coreSecurityModule);
if (coreSecurityModule.requiresZKClient()) {
modules.add(new ZKClientModule());
}
modules.add(new AuthenticationContextModules().getMasterModule());
modules.addAll(getServiceModules(masterEnv, options, cConf));
injector = Guice.createInjector(modules);
// Initialize logging context
LogAppenderInitializer logAppenderInitializer = injector.getInstance(LogAppenderInitializer.class);
closeableResources.add(logAppenderInitializer);
logAppenderInitializer.initialize();
Optional.ofNullable(getLoggingContext(options)).ifPresent(LoggingContextAccessor::setLoggingContext);
// Add Services
services.add(injector.getInstance(MetricsCollectionService.class));
addServices(injector, services, closeableResources, masterEnv, masterEnvContext, options);
// Optionally get the storage provider. It is for destroy() method to close it on shutdown.
Binding<StorageProvider> storageBinding = injector.getExistingBinding(Key.get(StorageProvider.class));
if (storageBinding != null) {
storageProvider = storageBinding.getProvider().get();
}
LOG.info("Service {} initialized", getClass().getName());
}
Aggregations