Example 1 with AccessControllerInstantiator
use of io.cdap.cdap.security.authorization.AccessControllerInstantiator in project cdap by caskdata.
the class PreviewRunnerModule method configure.
@Override
protected void configure() {
Boolean artifactLocalizerEnabled = cConf.getBoolean(Constants.Preview.ARTIFACT_LOCALIZER_ENABLED, false);
if (artifactLocalizerEnabled) {
// Use remote implementation to fetch artifact metadata from AppFab.
// Remote implementation internally uses artifact localizer to fetch and cache artifacts locally.
bind(ArtifactRepositoryReader.class).to(RemoteArtifactRepositoryReaderWithLocalization.class);
bind(ArtifactRepository.class).to(RemoteArtifactRepositoryWithLocalization.class);
expose(ArtifactRepository.class);
bind(ArtifactRepository.class).annotatedWith(Names.named(AppFabricServiceRuntimeModule.NOAUTH_ARTIFACT_REPO)).to(RemoteArtifactRepositoryWithLocalization.class).in(Scopes.SINGLETON);
expose(ArtifactRepository.class).annotatedWith(Names.named(AppFabricServiceRuntimeModule.NOAUTH_ARTIFACT_REPO));
// Use remote implementation to fetch plugin metadata from AppFab.
// Remote implementation internally uses artifact localizer to fetch and cache artifacts locally.
bind(PluginFinder.class).to(RemoteWorkerPluginFinder.class);
expose(PluginFinder.class);
// Use remote implementation to fetch preferences from AppFab.
bind(PreferencesFetcher.class).to(RemotePreferencesFetcherInternal.class);
expose(PreferencesFetcher.class);
} else {
bind(ArtifactRepositoryReader.class).toProvider(artifactRepositoryReaderProvider);
bind(ArtifactRepository.class).to(DefaultArtifactRepository.class);
expose(ArtifactRepository.class);
bind(ArtifactRepository.class).annotatedWith(Names.named(AppFabricServiceRuntimeModule.NOAUTH_ARTIFACT_REPO)).to(DefaultArtifactRepository.class).in(Scopes.SINGLETON);
expose(ArtifactRepository.class).annotatedWith(Names.named(AppFabricServiceRuntimeModule.NOAUTH_ARTIFACT_REPO));
bind(PluginFinder.class).toProvider(pluginFinderProvider);
expose(PluginFinder.class);
bind(PreferencesFetcher.class).toProvider(preferencesFetcherProvider);
expose(PreferencesFetcher.class);
}
bind(ArtifactStore.class).toInstance(artifactStore);
expose(ArtifactStore.class);
bind(MessagingService.class).annotatedWith(Names.named(PreviewConfigModule.GLOBAL_TMS)).toInstance(messagingService);
expose(MessagingService.class).annotatedWith(Names.named(PreviewConfigModule.GLOBAL_TMS));
bind(AccessEnforcer.class).toInstance(accessEnforcer);
expose(AccessEnforcer.class);
bind(ContextAccessEnforcer.class).toInstance(contextAccessEnforcer);
expose(ContextAccessEnforcer.class);
bind(AccessControllerInstantiator.class).toInstance(accessControllerInstantiator);
expose(AccessControllerInstantiator.class);
bind(PermissionManager.class).toInstance(permissionManager);
expose(PermissionManager.class);
bind(PreferencesService.class).toInstance(preferencesService);
// bind explore client to mock.
bind(ExploreClient.class).to(MockExploreClient.class);
expose(ExploreClient.class);
bind(ProgramRuntimeProviderLoader.class).toInstance(programRuntimeProviderLoader);
expose(ProgramRuntimeProviderLoader.class);
bind(StorageProviderNamespaceAdmin.class).to(LocalStorageProviderNamespaceAdmin.class);
bind(PipelineFactory.class).to(SynchronousPipelineFactory.class);
install(new FactoryModuleBuilder().implement(Configurator.class, InMemoryConfigurator.class).build(ConfiguratorFactory.class));
// expose this binding so program runner modules can use
expose(ConfiguratorFactory.class);
install(new FactoryModuleBuilder().implement(new TypeLiteral<Manager<AppDeploymentInfo, ApplicationWithPrograms>>() {
}, new TypeLiteral<PreviewApplicationManager<AppDeploymentInfo, ApplicationWithPrograms>>() {
}).build(new TypeLiteral<ManagerFactory<AppDeploymentInfo, ApplicationWithPrograms>>() {
}));
bind(Store.class).to(DefaultStore.class);
bind(SecretStore.class).to(DefaultSecretStore.class).in(Scopes.SINGLETON);
bind(UGIProvider.class).to(DefaultUGIProvider.class);
expose(UGIProvider.class);
bind(WorkflowStateWriter.class).to(BasicWorkflowStateWriter.class);
expose(WorkflowStateWriter.class);
// we don't delete namespaces in preview as we just delete preview directory when its done
bind(NamespaceResourceDeleter.class).to(NoopNamespaceResourceDeleter.class).in(Scopes.SINGLETON);
bind(NamespaceAdmin.class).to(DefaultNamespaceAdmin.class).in(Scopes.SINGLETON);
bind(NamespaceQueryAdmin.class).to(DefaultNamespaceAdmin.class).in(Scopes.SINGLETON);
expose(NamespaceAdmin.class);
expose(NamespaceQueryAdmin.class);
bind(MetadataAdmin.class).to(DefaultMetadataAdmin.class);
expose(MetadataAdmin.class);
bindPreviewRunner(binder());
expose(PreviewRunner.class);
bind(Scheduler.class).to(NoOpScheduler.class);
bind(DataTracerFactory.class).to(DefaultDataTracerFactory.class);
expose(DataTracerFactory.class);
bind(PreviewDataPublisher.class).to(MessagingPreviewDataPublisher.class);
bind(OwnerStore.class).to(DefaultOwnerStore.class);
expose(OwnerStore.class);
bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
expose(OwnerAdmin.class);
bind(CapabilityReader.class).to(CapabilityStatusStore.class);
}
Also used :
MockExploreClient(io.cdap.cdap.explore.client.MockExploreClient)
ExploreClient(io.cdap.cdap.explore.client.ExploreClient)
ConfiguratorFactory(io.cdap.cdap.internal.app.deploy.ConfiguratorFactory)
CapabilityReader(io.cdap.cdap.internal.capability.CapabilityReader)
SynchronousPipelineFactory(io.cdap.cdap.internal.pipeline.SynchronousPipelineFactory)
PipelineFactory(io.cdap.cdap.pipeline.PipelineFactory)
FactoryModuleBuilder(com.google.inject.assistedinject.FactoryModuleBuilder)
Scheduler(io.cdap.cdap.scheduler.Scheduler)
NoOpScheduler(io.cdap.cdap.scheduler.NoOpScheduler)
DefaultArtifactRepository(io.cdap.cdap.internal.app.runtime.artifact.DefaultArtifactRepository)
DefaultUGIProvider(io.cdap.cdap.security.impersonation.DefaultUGIProvider)
UGIProvider(io.cdap.cdap.security.impersonation.UGIProvider)
ArtifactStore(io.cdap.cdap.internal.app.runtime.artifact.ArtifactStore)
OwnerStore(io.cdap.cdap.security.impersonation.OwnerStore)
CapabilityStatusStore(io.cdap.cdap.internal.capability.CapabilityStatusStore)
SecretStore(io.cdap.cdap.securestore.spi.SecretStore)
DefaultSecretStore(io.cdap.cdap.data.security.DefaultSecretStore)
Store(io.cdap.cdap.app.store.Store)
DefaultOwnerStore(io.cdap.cdap.store.DefaultOwnerStore)
DefaultStore(io.cdap.cdap.internal.app.store.DefaultStore)
BasicWorkflowStateWriter(io.cdap.cdap.internal.app.runtime.workflow.BasicWorkflowStateWriter)
WorkflowStateWriter(io.cdap.cdap.internal.app.runtime.workflow.WorkflowStateWriter)
Manager(io.cdap.cdap.app.deploy.Manager)
PermissionManager(io.cdap.cdap.security.spi.authorization.PermissionManager)
DefaultNamespaceAdmin(io.cdap.cdap.internal.app.namespace.DefaultNamespaceAdmin)
ArtifactRepositoryReader(io.cdap.cdap.internal.app.runtime.artifact.ArtifactRepositoryReader)
PreferencesService(io.cdap.cdap.config.PreferencesService)
TypeLiteral(com.google.inject.TypeLiteral)
AppDeploymentInfo(io.cdap.cdap.internal.app.deploy.pipeline.AppDeploymentInfo)
PluginFinder(io.cdap.cdap.internal.app.runtime.artifact.PluginFinder)
RemoteWorkerPluginFinder(io.cdap.cdap.internal.app.worker.RemoteWorkerPluginFinder)
StorageProviderNamespaceAdmin(io.cdap.cdap.internal.app.namespace.StorageProviderNamespaceAdmin)
LocalStorageProviderNamespaceAdmin(io.cdap.cdap.internal.app.namespace.LocalStorageProviderNamespaceAdmin)
ApplicationWithPrograms(io.cdap.cdap.internal.app.deploy.pipeline.ApplicationWithPrograms)
AccessEnforcer(io.cdap.cdap.security.spi.authorization.AccessEnforcer)
ContextAccessEnforcer(io.cdap.cdap.security.spi.authorization.ContextAccessEnforcer)
NoopNamespaceResourceDeleter(io.cdap.cdap.internal.app.namespace.NoopNamespaceResourceDeleter)
DefaultMetadataAdmin(io.cdap.cdap.metadata.DefaultMetadataAdmin)
MetadataAdmin(io.cdap.cdap.metadata.MetadataAdmin)
RemoteArtifactRepositoryWithLocalization(io.cdap.cdap.internal.app.runtime.artifact.RemoteArtifactRepositoryWithLocalization)
PermissionManager(io.cdap.cdap.security.spi.authorization.PermissionManager)
DefaultSecretStore(io.cdap.cdap.data.security.DefaultSecretStore)
DefaultOwnerAdmin(io.cdap.cdap.security.impersonation.DefaultOwnerAdmin)
OwnerAdmin(io.cdap.cdap.security.impersonation.OwnerAdmin)
AccessControllerInstantiator(io.cdap.cdap.security.authorization.AccessControllerInstantiator)
DefaultArtifactRepository(io.cdap.cdap.internal.app.runtime.artifact.DefaultArtifactRepository)
ArtifactRepository(io.cdap.cdap.internal.app.runtime.artifact.ArtifactRepository)
OwnerStore(io.cdap.cdap.security.impersonation.OwnerStore)
DefaultOwnerStore(io.cdap.cdap.store.DefaultOwnerStore)
MessagingService(io.cdap.cdap.messaging.MessagingService)
ProgramRuntimeProviderLoader(io.cdap.cdap.internal.app.runtime.ProgramRuntimeProviderLoader)
ArtifactStore(io.cdap.cdap.internal.app.runtime.artifact.ArtifactStore)
DefaultDataTracerFactory(io.cdap.cdap.internal.app.preview.DefaultDataTracerFactory)
PreferencesFetcher(io.cdap.cdap.metadata.PreferencesFetcher)
ContextAccessEnforcer(io.cdap.cdap.security.spi.authorization.ContextAccessEnforcer)
MessagingPreviewDataPublisher(io.cdap.cdap.internal.app.preview.MessagingPreviewDataPublisher)
Example 2 with AccessControllerInstantiator
use of io.cdap.cdap.security.authorization.AccessControllerInstantiator in project cdap by caskdata.
the class SystemArtifactsAuthorizationTest method setup.
@BeforeClass
public static void setup() throws Exception {
CConfiguration cConf = CConfiguration.create();
cConf.set(Constants.CFG_LOCAL_DATA_DIR, TMP_FOLDER.newFolder().getAbsolutePath());
cConf.setBoolean(Constants.Security.ENABLED, true);
cConf.setBoolean(Constants.Security.KERBEROS_ENABLED, false);
cConf.setBoolean(Constants.Security.Authorization.ENABLED, true);
cConf.setInt(Constants.Security.Authorization.CACHE_MAX_ENTRIES, 0);
Location deploymentJar = AppJarHelper.createDeploymentJar(new LocalLocationFactory(TMP_FOLDER.newFolder()), InMemoryAccessController.class);
cConf.set(Constants.Security.Authorization.EXTENSION_JAR_PATH, deploymentJar.toURI().getPath());
// Add a system artifact
File systemArtifactsDir = TMP_FOLDER.newFolder();
cConf.set(Constants.AppFabric.SYSTEM_ARTIFACTS_DIR, systemArtifactsDir.getAbsolutePath());
createSystemArtifact(systemArtifactsDir);
Injector injector = AppFabricTestHelper.getInjector(cConf);
artifactRepository = injector.getInstance(ArtifactRepository.class);
AccessControllerInstantiator instantiatorService = injector.getInstance(AccessControllerInstantiator.class);
accessController = instantiatorService.get();
namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
}
Also used :
Injector(com.google.inject.Injector)
NamespaceAdmin(io.cdap.cdap.common.namespace.NamespaceAdmin)
AccessControllerInstantiator(io.cdap.cdap.security.authorization.AccessControllerInstantiator)
CConfiguration(io.cdap.cdap.common.conf.CConfiguration)
LocalLocationFactory(org.apache.twill.filesystem.LocalLocationFactory)
File(java.io.File)
Location(org.apache.twill.filesystem.Location)
BeforeClass(org.junit.BeforeClass)
Example 3 with AccessControllerInstantiator
use of io.cdap.cdap.security.authorization.AccessControllerInstantiator in project cdap by caskdata.
the class AuthorizationHandlerTest method setUp.
@Before
public void setUp() throws Exception {
CConfiguration conf = CConfiguration.create();
conf.setBoolean(Constants.Security.Authorization.ENABLED, true);
conf.setBoolean(Constants.Security.ENABLED, true);
properties.setProperty("superusers", admin.getName());
final InMemoryAccessController auth = new InMemoryAccessController();
auth.initialize(FACTORY.create(properties));
service = new CommonNettyHttpServiceBuilder(conf, getClass().getSimpleName()).setHttpHandlers(new AuthorizationHandler(auth, new AccessControllerInstantiator(conf, FACTORY) {
@Override
public AccessController get() {
return auth;
}
}, conf, new MasterAuthenticationContext())).setChannelPipelineModifier(new ChannelPipelineModifier() {
@Override
public void modify(ChannelPipeline pipeline) {
pipeline.addBefore("dispatcher", "usernamesetter", new TestUserNameSetter());
}
}).build();
service.start();
client = new AuthorizationClient(ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(service.getBindAddress().getHostName()).setPort(service.getBindAddress().getPort()).setSSLEnabled(false).build()).build());
System.setProperty(USERNAME_PROPERTY, admin.getName());
}
Also used :
MasterAuthenticationContext(io.cdap.cdap.security.auth.context.MasterAuthenticationContext)
InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController)
AccessController(io.cdap.cdap.security.spi.authorization.AccessController)
CommonNettyHttpServiceBuilder(io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder)
InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController)
AccessControllerInstantiator(io.cdap.cdap.security.authorization.AccessControllerInstantiator)
AuthorizationClient(io.cdap.cdap.client.AuthorizationClient)
CConfiguration(io.cdap.cdap.common.conf.CConfiguration)
ChannelPipelineModifier(io.cdap.http.ChannelPipelineModifier)
ChannelPipeline(io.netty.channel.ChannelPipeline)
Before(org.junit.Before)
Example 4 with AccessControllerInstantiator
use of io.cdap.cdap.security.authorization.AccessControllerInstantiator in project cdap by caskdata.
the class TestBase method initialize.
@BeforeClass
public static void initialize() throws Exception {
if (nestedStartCount++ > 0) {
return;
}
File localDataDir = TMP_FOLDER.newFolder();
cConf = createCConf(localDataDir);
CConfiguration previewCConf = createPreviewConf(cConf);
LevelDBTableService previewLevelDBTableService = new LevelDBTableService();
previewLevelDBTableService.setConfiguration(previewCConf);
// enable default services
File capabilityFolder = new File(localDataDir.toString(), "capability");
capabilityFolder.mkdir();
cConf.set(Constants.Capability.CONFIG_DIR, capabilityFolder.getAbsolutePath());
cConf.setInt(Constants.Capability.AUTO_INSTALL_THREADS, 5);
org.apache.hadoop.conf.Configuration hConf = new org.apache.hadoop.conf.Configuration();
hConf.addResource("mapred-site-local.xml");
hConf.reloadConfiguration();
hConf.set(Constants.CFG_LOCAL_DATA_DIR, localDataDir.getAbsolutePath());
hConf.set(Constants.AppFabric.OUTPUT_DIR, cConf.get(Constants.AppFabric.OUTPUT_DIR));
hConf.set("hadoop.tmp.dir", new File(localDataDir, cConf.get(Constants.AppFabric.TEMP_DIR)).getAbsolutePath());
// Windows specific requirements
if (OSDetector.isWindows()) {
File tmpDir = TMP_FOLDER.newFolder();
File binDir = new File(tmpDir, "bin");
Assert.assertTrue(binDir.mkdirs());
copyTempFile("hadoop.dll", tmpDir);
copyTempFile("winutils.exe", binDir);
System.setProperty("hadoop.home.dir", tmpDir.getAbsolutePath());
System.load(new File(tmpDir, "hadoop.dll").getAbsolutePath());
}
injector = Guice.createInjector(createDataFabricModule(), new TransactionExecutorModule(), new DataSetsModules().getStandaloneModules(), new DataSetServiceModules().getInMemoryModules(), new ConfigModule(cConf, hConf), RemoteAuthenticatorModules.getNoOpModule(), new IOModule(), new LocalLocationModule(), new InMemoryDiscoveryModule(), new AppFabricServiceRuntimeModule(cConf).getInMemoryModules(), new MonitorHandlerModule(false), new AuthenticationContextModules().getMasterModule(), new AuthorizationModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new ProgramRunnerRuntimeModule().getInMemoryModules(), new SecureStoreServerModule(), new MetadataReaderWriterModules().getInMemoryModules(), new MetadataServiceModule(), new AbstractModule() {
@Override
protected void configure() {
bind(MetricsManager.class).toProvider(MetricsManagerProvider.class);
}
}, new MetricsClientRuntimeModule().getInMemoryModules(), new LocalLogAppenderModule(), new LogReaderRuntimeModules().getInMemoryModules(), new ExploreRuntimeModule().getInMemoryModules(), new ExploreClientModule(), new MessagingServerRuntimeModule().getInMemoryModules(), new PreviewConfigModule(cConf, new Configuration(), SConfiguration.create()), new PreviewManagerModule(false), new PreviewRunnerManagerModule().getInMemoryModules(), new SupportBundleServiceModule(), new MockProvisionerModule(), new AbstractModule() {
@Override
protected void configure() {
install(new FactoryModuleBuilder().implement(ApplicationManager.class, DefaultApplicationManager.class).build(ApplicationManagerFactory.class));
install(new FactoryModuleBuilder().implement(ArtifactManager.class, DefaultArtifactManager.class).build(ArtifactManagerFactory.class));
bind(TemporaryFolder.class).toInstance(TMP_FOLDER);
bind(AuthorizationHandler.class).in(Scopes.SINGLETON);
// Needed by MonitorHandlerModuler
bind(TwillRunner.class).to(NoopTwillRunnerService.class);
bind(MetadataSubscriberService.class).in(Scopes.SINGLETON);
}
});
messagingService = injector.getInstance(MessagingService.class);
if (messagingService instanceof Service) {
((Service) messagingService).startAndWait();
}
txService = injector.getInstance(TransactionManager.class);
txService.startAndWait();
metadataSubscriberService = injector.getInstance(MetadataSubscriberService.class);
metadataStorage = injector.getInstance(MetadataStorage.class);
metadataAdmin = injector.getInstance(MetadataAdmin.class);
metadataStorage.createIndex();
metadataService = injector.getInstance(MetadataService.class);
metadataService.startAndWait();
// Define all StructuredTable before starting any services that need StructuredTable
StoreDefinition.createAllTables(injector.getInstance(StructuredTableAdmin.class));
dsOpService = injector.getInstance(DatasetOpExecutorService.class);
dsOpService.startAndWait();
datasetService = injector.getInstance(DatasetService.class);
datasetService.startAndWait();
metricsCollectionService = injector.getInstance(MetricsCollectionService.class);
metricsCollectionService.startAndWait();
if (cConf.getBoolean(Constants.Explore.EXPLORE_ENABLED)) {
exploreExecutorService = injector.getInstance(ExploreExecutorService.class);
exploreExecutorService.startAndWait();
// wait for explore service to be discoverable
DiscoveryServiceClient discoveryService = injector.getInstance(DiscoveryServiceClient.class);
EndpointStrategy endpointStrategy = new RandomEndpointStrategy(() -> discoveryService.discover(Constants.Service.EXPLORE_HTTP_USER_SERVICE));
Preconditions.checkNotNull(endpointStrategy.pick(5, TimeUnit.SECONDS), "%s service is not up after 5 seconds", Constants.Service.EXPLORE_HTTP_USER_SERVICE);
exploreClient = injector.getInstance(ExploreClient.class);
}
programScheduler = injector.getInstance(Scheduler.class);
if (programScheduler instanceof Service) {
((Service) programScheduler).startAndWait();
}
testManager = injector.getInstance(UnitTestManager.class);
metricsManager = injector.getInstance(MetricsManager.class);
accessControllerInstantiator = injector.getInstance(AccessControllerInstantiator.class);
// This is needed so the logged-in user can successfully create the default namespace
if (cConf.getBoolean(Constants.Security.Authorization.ENABLED)) {
String user = System.getProperty("user.name");
SecurityRequestContext.setUserId(user);
InstanceId instance = new InstanceId(cConf.get(Constants.INSTANCE_NAME));
Principal principal = new Principal(user, Principal.PrincipalType.USER);
accessControllerInstantiator.get().grant(Authorizable.fromEntityId(instance), principal, EnumSet.allOf(StandardPermission.class));
accessControllerInstantiator.get().grant(Authorizable.fromEntityId(NamespaceId.DEFAULT), principal, EnumSet.allOf(StandardPermission.class));
}
namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
if (firstInit) {
// only create the default namespace on first test. if multiple tests are run in the same JVM,
// then any time after the first time, the default namespace already exists. That is because
// the namespaceAdmin.delete(Id.Namespace.DEFAULT) in finish() only clears the default namespace
// but does not remove it entirely
namespaceAdmin.create(NamespaceMeta.DEFAULT);
ProfileService profileService = injector.getInstance(ProfileService.class);
profileService.saveProfile(ProfileId.NATIVE, Profile.NATIVE);
}
secureStore = injector.getInstance(SecureStore.class);
secureStoreManager = injector.getInstance(SecureStoreManager.class);
messagingContext = new MultiThreadMessagingContext(messagingService);
firstInit = false;
previewHttpServer = injector.getInstance(PreviewHttpServer.class);
previewHttpServer.startAndWait();
fieldLineageAdmin = injector.getInstance(FieldLineageAdmin.class);
lineageAdmin = injector.getInstance(LineageAdmin.class);
metadataSubscriberService.startAndWait();
previewRunnerManager = injector.getInstance(PreviewRunnerManager.class);
if (previewRunnerManager instanceof Service) {
((Service) previewRunnerManager).startAndWait();
}
appFabricServer = injector.getInstance(AppFabricServer.class);
appFabricServer.startAndWait();
preferencesService = injector.getInstance(PreferencesService.class);
scheduler = injector.getInstance(Scheduler.class);
if (scheduler instanceof Service) {
((Service) scheduler).startAndWait();
}
if (scheduler instanceof CoreSchedulerService) {
((CoreSchedulerService) scheduler).waitUntilFunctional(10, TimeUnit.SECONDS);
}
supportBundleInternalService = injector.getInstance(SupportBundleInternalService.class);
supportBundleInternalService.startAndWait();
appFabricHealthCheckService = injector.getInstance(HealthCheckService.class);
appFabricHealthCheckService.helper(Constants.AppFabricHealthCheck.APP_FABRIC_HEALTH_CHECK_SERVICE, cConf, Constants.Service.MASTER_SERVICES_BIND_ADDRESS);
appFabricHealthCheckService.startAndWait();
}
Also used :
DataSetServiceModules(io.cdap.cdap.data.runtime.DataSetServiceModules)
PreviewManagerModule(io.cdap.cdap.app.preview.PreviewManagerModule)
DiscoveryServiceClient(org.apache.twill.discovery.DiscoveryServiceClient)
Configuration(org.apache.hadoop.conf.Configuration)
SConfiguration(io.cdap.cdap.common.conf.SConfiguration)
CConfiguration(io.cdap.cdap.common.conf.CConfiguration)
TwillRunner(org.apache.twill.api.TwillRunner)
DatasetService(io.cdap.cdap.data2.datafabric.dataset.service.DatasetService)
MetricsClientRuntimeModule(io.cdap.cdap.metrics.guice.MetricsClientRuntimeModule)
LineageAdmin(io.cdap.cdap.metadata.LineageAdmin)
FieldLineageAdmin(io.cdap.cdap.metadata.FieldLineageAdmin)
StandardPermission(io.cdap.cdap.proto.security.StandardPermission)
PreviewConfigModule(io.cdap.cdap.app.preview.PreviewConfigModule)
RandomEndpointStrategy(io.cdap.cdap.common.discovery.RandomEndpointStrategy)
EndpointStrategy(io.cdap.cdap.common.discovery.EndpointStrategy)
CoreSchedulerService(io.cdap.cdap.scheduler.CoreSchedulerService)
Configuration(org.apache.hadoop.conf.Configuration)
SecureStoreManager(io.cdap.cdap.api.security.store.SecureStoreManager)
SupportBundleServiceModule(io.cdap.cdap.support.app.guice.SupportBundleServiceModule)
PreviewRunnerManagerModule(io.cdap.cdap.app.preview.PreviewRunnerManagerModule)
PreviewRunnerManager(io.cdap.cdap.app.preview.PreviewRunnerManager)
AuthorizationModule(io.cdap.cdap.app.guice.AuthorizationModule)
HealthCheckService(io.cdap.cdap.common.service.HealthCheckService)
MetricsCollectionService(io.cdap.cdap.api.metrics.MetricsCollectionService)
InstanceId(io.cdap.cdap.proto.id.InstanceId)
AuthenticationContextModules(io.cdap.cdap.security.auth.context.AuthenticationContextModules)
MetadataServiceModule(io.cdap.cdap.metadata.MetadataServiceModule)
NamespaceAdmin(io.cdap.cdap.common.namespace.NamespaceAdmin)
ExploreRuntimeModule(io.cdap.cdap.explore.guice.ExploreRuntimeModule)
CConfiguration(io.cdap.cdap.common.conf.CConfiguration)
SecureStore(io.cdap.cdap.api.security.store.SecureStore)
MetadataReaderWriterModules(io.cdap.cdap.metadata.MetadataReaderWriterModules)
SupportBundleInternalService(io.cdap.cdap.support.internal.app.services.SupportBundleInternalService)
ExploreClientModule(io.cdap.cdap.explore.guice.ExploreClientModule)
MetadataSubscriberService(io.cdap.cdap.metadata.MetadataSubscriberService)
TransactionManager(org.apache.tephra.TransactionManager)
MetadataStorage(io.cdap.cdap.spi.metadata.MetadataStorage)
File(java.io.File)
AppFabricServiceRuntimeModule(io.cdap.cdap.app.guice.AppFabricServiceRuntimeModule)
AuthorizationEnforcementModule(io.cdap.cdap.security.authorization.AuthorizationEnforcementModule)
FieldLineageAdmin(io.cdap.cdap.metadata.FieldLineageAdmin)
IOModule(io.cdap.cdap.common.guice.IOModule)
AuthorizationHandler(io.cdap.cdap.gateway.handlers.AuthorizationHandler)
ExploreClient(io.cdap.cdap.explore.client.ExploreClient)
InMemoryDiscoveryModule(io.cdap.cdap.common.guice.InMemoryDiscoveryModule)
ConfigModule(io.cdap.cdap.common.guice.ConfigModule)
PreviewConfigModule(io.cdap.cdap.app.preview.PreviewConfigModule)
FactoryModuleBuilder(com.google.inject.assistedinject.FactoryModuleBuilder)
ArtifactManagerFactory(io.cdap.cdap.test.internal.ArtifactManagerFactory)
StructuredTableAdmin(io.cdap.cdap.spi.data.StructuredTableAdmin)
Scheduler(io.cdap.cdap.scheduler.Scheduler)
AppFabricServer(io.cdap.cdap.internal.app.services.AppFabricServer)
MessagingServerRuntimeModule(io.cdap.cdap.messaging.guice.MessagingServerRuntimeModule)
MultiThreadMessagingContext(io.cdap.cdap.messaging.context.MultiThreadMessagingContext)
MetadataService(io.cdap.cdap.metadata.MetadataService)
MonitorHandlerModule(io.cdap.cdap.app.guice.MonitorHandlerModule)
PreferencesService(io.cdap.cdap.config.PreferencesService)
TransactionExecutorModule(io.cdap.cdap.data.runtime.TransactionExecutorModule)
LocalLocationModule(io.cdap.cdap.common.guice.LocalLocationModule)
TemporaryFolder(org.junit.rules.TemporaryFolder)
MockProvisionerModule(io.cdap.cdap.internal.provision.MockProvisionerModule)
MetadataAdmin(io.cdap.cdap.metadata.MetadataAdmin)
ApplicationManagerFactory(io.cdap.cdap.test.internal.ApplicationManagerFactory)
LogReaderRuntimeModules(io.cdap.cdap.logging.guice.LogReaderRuntimeModules)
DataSetsModules(io.cdap.cdap.data.runtime.DataSetsModules)
NoopTwillRunnerService(io.cdap.cdap.common.twill.NoopTwillRunnerService)
PreferencesService(io.cdap.cdap.config.PreferencesService)
MetadataSubscriberService(io.cdap.cdap.metadata.MetadataSubscriberService)
ExploreExecutorService(io.cdap.cdap.explore.executor.ExploreExecutorService)
LevelDBTableService(io.cdap.cdap.data2.dataset2.lib.table.leveldb.LevelDBTableService)
DatasetOpExecutorService(io.cdap.cdap.data2.datafabric.dataset.service.executor.DatasetOpExecutorService)
ProfileService(io.cdap.cdap.internal.profile.ProfileService)
Service(com.google.common.util.concurrent.Service)
CapabilityManagementService(io.cdap.cdap.internal.capability.CapabilityManagementService)
MetadataService(io.cdap.cdap.metadata.MetadataService)
HealthCheckService(io.cdap.cdap.common.service.HealthCheckService)
MessagingService(io.cdap.cdap.messaging.MessagingService)
SupportBundleInternalService(io.cdap.cdap.support.internal.app.services.SupportBundleInternalService)
DatasetService(io.cdap.cdap.data2.datafabric.dataset.service.DatasetService)
CoreSchedulerService(io.cdap.cdap.scheduler.CoreSchedulerService)
MetricsCollectionService(io.cdap.cdap.api.metrics.MetricsCollectionService)
AccessControllerInstantiator(io.cdap.cdap.security.authorization.AccessControllerInstantiator)
AbstractModule(com.google.inject.AbstractModule)
MessagingService(io.cdap.cdap.messaging.MessagingService)
ProgramRunnerRuntimeModule(io.cdap.cdap.app.guice.ProgramRunnerRuntimeModule)
ProfileService(io.cdap.cdap.internal.profile.ProfileService)
LocalLogAppenderModule(io.cdap.cdap.logging.guice.LocalLogAppenderModule)
LevelDBTableService(io.cdap.cdap.data2.dataset2.lib.table.leveldb.LevelDBTableService)
DatasetOpExecutorService(io.cdap.cdap.data2.datafabric.dataset.service.executor.DatasetOpExecutorService)
ExploreExecutorService(io.cdap.cdap.explore.executor.ExploreExecutorService)
SecureStoreServerModule(io.cdap.cdap.security.guice.SecureStoreServerModule)
Principal(io.cdap.cdap.proto.security.Principal)
RandomEndpointStrategy(io.cdap.cdap.common.discovery.RandomEndpointStrategy)
PreviewHttpServer(io.cdap.cdap.app.preview.PreviewHttpServer)
BeforeClass(org.junit.BeforeClass)
Example 5 with AccessControllerInstantiator
use of io.cdap.cdap.security.authorization.AccessControllerInstantiator in project cdap by caskdata.
the class AuthorizationHandlerTest method testDisabled.
private void testDisabled(CConfiguration cConf, FeatureDisabledException.Feature feature, String configSetting) throws Exception {
final InMemoryAccessController accessController = new InMemoryAccessController();
NettyHttpService service = new CommonNettyHttpServiceBuilder(cConf, getClass().getSimpleName()).setHttpHandlers(new AuthorizationHandler(accessController, new AccessControllerInstantiator(cConf, FACTORY) {
@Override
public AccessController get() {
return accessController;
}
}, cConf, new MasterAuthenticationContext())).build();
service.start();
try {
final AuthorizationClient client = new AuthorizationClient(ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(service.getBindAddress().getHostName()).setPort(service.getBindAddress().getPort()).setSSLEnabled(false).build()).build());
final NamespaceId ns1 = Ids.namespace("ns1");
final Role admins = new Role("admins");
// Test that the right exception is thrown when any Authorization REST API is called with authorization disabled
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.grant(Authorizable.fromEntityId(ns1), admin, ImmutableSet.of(StandardPermission.GET));
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.revoke(Authorizable.fromEntityId(ns1), admin, ImmutableSet.of(StandardPermission.GET));
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.revoke(Authorizable.fromEntityId(ns1));
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.listGrants(admin);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.addRoleToPrincipal(admins, admin);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.removeRoleFromPrincipal(admins, admin);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.createRole(admins);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.dropRole(admins);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.listAllRoles();
}
}, feature, configSetting);
} finally {
service.stop();
}
}
Also used :
MasterAuthenticationContext(io.cdap.cdap.security.auth.context.MasterAuthenticationContext)
CommonNettyHttpServiceBuilder(io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder)
AccessControllerInstantiator(io.cdap.cdap.security.authorization.AccessControllerInstantiator)
AccessException(io.cdap.cdap.api.security.AccessException)
FeatureDisabledException(io.cdap.cdap.common.FeatureDisabledException)
AlreadyExistsException(io.cdap.cdap.security.spi.authorization.AlreadyExistsException)
Role(io.cdap.cdap.proto.security.Role)
InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController)
AccessController(io.cdap.cdap.security.spi.authorization.AccessController)
InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController)
NettyHttpService(io.cdap.http.NettyHttpService)
AuthorizationClient(io.cdap.cdap.client.AuthorizationClient)
NamespaceId(io.cdap.cdap.proto.id.NamespaceId)
Aggregations
AccessControllerInstantiator (io.cdap.cdap.security.authorization.AccessControllerInstantiator)5
CConfiguration (io.cdap.cdap.common.conf.CConfiguration)3
FactoryModuleBuilder (com.google.inject.assistedinject.FactoryModuleBuilder)2
AuthorizationClient (io.cdap.cdap.client.AuthorizationClient)2
CommonNettyHttpServiceBuilder (io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder)2
NamespaceAdmin (io.cdap.cdap.common.namespace.NamespaceAdmin)2
PreferencesService (io.cdap.cdap.config.PreferencesService)2
ExploreClient (io.cdap.cdap.explore.client.ExploreClient)2
Service (com.google.common.util.concurrent.Service)1
AbstractModule (com.google.inject.AbstractModule)1
Injector (com.google.inject.Injector)1
TypeLiteral (com.google.inject.TypeLiteral)1
MetricsCollectionService (io.cdap.cdap.api.metrics.MetricsCollectionService)1
AccessException (io.cdap.cdap.api.security.AccessException)1
SecureStore (io.cdap.cdap.api.security.store.SecureStore)1
SecureStoreManager (io.cdap.cdap.api.security.store.SecureStoreManager)1
Manager (io.cdap.cdap.app.deploy.Manager)1
AppFabricServiceRuntimeModule (io.cdap.cdap.app.guice.AppFabricServiceRuntimeModule)1
AuthorizationModule (io.cdap.cdap.app.guice.AuthorizationModule)1
MonitorHandlerModule (io.cdap.cdap.app.guice.MonitorHandlerModule)1
