Search in sources :

Example 1 with AccessControllerInstantiator

use of io.cdap.cdap.security.authorization.AccessControllerInstantiator in project cdap by caskdata.

the class PreviewRunnerModule method configure.

@Override
protected void configure() {
    Boolean artifactLocalizerEnabled = cConf.getBoolean(Constants.Preview.ARTIFACT_LOCALIZER_ENABLED, false);
    if (artifactLocalizerEnabled) {
        // Use remote implementation to fetch artifact metadata from AppFab.
        // Remote implementation internally uses artifact localizer to fetch and cache artifacts locally.
        bind(ArtifactRepositoryReader.class).to(RemoteArtifactRepositoryReaderWithLocalization.class);
        bind(ArtifactRepository.class).to(RemoteArtifactRepositoryWithLocalization.class);
        expose(ArtifactRepository.class);
        bind(ArtifactRepository.class).annotatedWith(Names.named(AppFabricServiceRuntimeModule.NOAUTH_ARTIFACT_REPO)).to(RemoteArtifactRepositoryWithLocalization.class).in(Scopes.SINGLETON);
        expose(ArtifactRepository.class).annotatedWith(Names.named(AppFabricServiceRuntimeModule.NOAUTH_ARTIFACT_REPO));
        // Use remote implementation to fetch plugin metadata from AppFab.
        // Remote implementation internally uses artifact localizer to fetch and cache artifacts locally.
        bind(PluginFinder.class).to(RemoteWorkerPluginFinder.class);
        expose(PluginFinder.class);
        // Use remote implementation to fetch preferences from AppFab.
        bind(PreferencesFetcher.class).to(RemotePreferencesFetcherInternal.class);
        expose(PreferencesFetcher.class);
    } else {
        bind(ArtifactRepositoryReader.class).toProvider(artifactRepositoryReaderProvider);
        bind(ArtifactRepository.class).to(DefaultArtifactRepository.class);
        expose(ArtifactRepository.class);
        bind(ArtifactRepository.class).annotatedWith(Names.named(AppFabricServiceRuntimeModule.NOAUTH_ARTIFACT_REPO)).to(DefaultArtifactRepository.class).in(Scopes.SINGLETON);
        expose(ArtifactRepository.class).annotatedWith(Names.named(AppFabricServiceRuntimeModule.NOAUTH_ARTIFACT_REPO));
        bind(PluginFinder.class).toProvider(pluginFinderProvider);
        expose(PluginFinder.class);
        bind(PreferencesFetcher.class).toProvider(preferencesFetcherProvider);
        expose(PreferencesFetcher.class);
    }
    bind(ArtifactStore.class).toInstance(artifactStore);
    expose(ArtifactStore.class);
    bind(MessagingService.class).annotatedWith(Names.named(PreviewConfigModule.GLOBAL_TMS)).toInstance(messagingService);
    expose(MessagingService.class).annotatedWith(Names.named(PreviewConfigModule.GLOBAL_TMS));
    bind(AccessEnforcer.class).toInstance(accessEnforcer);
    expose(AccessEnforcer.class);
    bind(ContextAccessEnforcer.class).toInstance(contextAccessEnforcer);
    expose(ContextAccessEnforcer.class);
    bind(AccessControllerInstantiator.class).toInstance(accessControllerInstantiator);
    expose(AccessControllerInstantiator.class);
    bind(PermissionManager.class).toInstance(permissionManager);
    expose(PermissionManager.class);
    bind(PreferencesService.class).toInstance(preferencesService);
    // bind explore client to mock.
    bind(ExploreClient.class).to(MockExploreClient.class);
    expose(ExploreClient.class);
    bind(ProgramRuntimeProviderLoader.class).toInstance(programRuntimeProviderLoader);
    expose(ProgramRuntimeProviderLoader.class);
    bind(StorageProviderNamespaceAdmin.class).to(LocalStorageProviderNamespaceAdmin.class);
    bind(PipelineFactory.class).to(SynchronousPipelineFactory.class);
    install(new FactoryModuleBuilder().implement(Configurator.class, InMemoryConfigurator.class).build(ConfiguratorFactory.class));
    // expose this binding so program runner modules can use
    expose(ConfiguratorFactory.class);
    install(new FactoryModuleBuilder().implement(new TypeLiteral<Manager<AppDeploymentInfo, ApplicationWithPrograms>>() {
    }, new TypeLiteral<PreviewApplicationManager<AppDeploymentInfo, ApplicationWithPrograms>>() {
    }).build(new TypeLiteral<ManagerFactory<AppDeploymentInfo, ApplicationWithPrograms>>() {
    }));
    bind(Store.class).to(DefaultStore.class);
    bind(SecretStore.class).to(DefaultSecretStore.class).in(Scopes.SINGLETON);
    bind(UGIProvider.class).to(DefaultUGIProvider.class);
    expose(UGIProvider.class);
    bind(WorkflowStateWriter.class).to(BasicWorkflowStateWriter.class);
    expose(WorkflowStateWriter.class);
    // we don't delete namespaces in preview as we just delete preview directory when its done
    bind(NamespaceResourceDeleter.class).to(NoopNamespaceResourceDeleter.class).in(Scopes.SINGLETON);
    bind(NamespaceAdmin.class).to(DefaultNamespaceAdmin.class).in(Scopes.SINGLETON);
    bind(NamespaceQueryAdmin.class).to(DefaultNamespaceAdmin.class).in(Scopes.SINGLETON);
    expose(NamespaceAdmin.class);
    expose(NamespaceQueryAdmin.class);
    bind(MetadataAdmin.class).to(DefaultMetadataAdmin.class);
    expose(MetadataAdmin.class);
    bindPreviewRunner(binder());
    expose(PreviewRunner.class);
    bind(Scheduler.class).to(NoOpScheduler.class);
    bind(DataTracerFactory.class).to(DefaultDataTracerFactory.class);
    expose(DataTracerFactory.class);
    bind(PreviewDataPublisher.class).to(MessagingPreviewDataPublisher.class);
    bind(OwnerStore.class).to(DefaultOwnerStore.class);
    expose(OwnerStore.class);
    bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
    expose(OwnerAdmin.class);
    bind(CapabilityReader.class).to(CapabilityStatusStore.class);
}
Also used : MockExploreClient(io.cdap.cdap.explore.client.MockExploreClient) ExploreClient(io.cdap.cdap.explore.client.ExploreClient) ConfiguratorFactory(io.cdap.cdap.internal.app.deploy.ConfiguratorFactory) CapabilityReader(io.cdap.cdap.internal.capability.CapabilityReader) SynchronousPipelineFactory(io.cdap.cdap.internal.pipeline.SynchronousPipelineFactory) PipelineFactory(io.cdap.cdap.pipeline.PipelineFactory) FactoryModuleBuilder(com.google.inject.assistedinject.FactoryModuleBuilder) Scheduler(io.cdap.cdap.scheduler.Scheduler) NoOpScheduler(io.cdap.cdap.scheduler.NoOpScheduler) DefaultArtifactRepository(io.cdap.cdap.internal.app.runtime.artifact.DefaultArtifactRepository) DefaultUGIProvider(io.cdap.cdap.security.impersonation.DefaultUGIProvider) UGIProvider(io.cdap.cdap.security.impersonation.UGIProvider) ArtifactStore(io.cdap.cdap.internal.app.runtime.artifact.ArtifactStore) OwnerStore(io.cdap.cdap.security.impersonation.OwnerStore) CapabilityStatusStore(io.cdap.cdap.internal.capability.CapabilityStatusStore) SecretStore(io.cdap.cdap.securestore.spi.SecretStore) DefaultSecretStore(io.cdap.cdap.data.security.DefaultSecretStore) Store(io.cdap.cdap.app.store.Store) DefaultOwnerStore(io.cdap.cdap.store.DefaultOwnerStore) DefaultStore(io.cdap.cdap.internal.app.store.DefaultStore) BasicWorkflowStateWriter(io.cdap.cdap.internal.app.runtime.workflow.BasicWorkflowStateWriter) WorkflowStateWriter(io.cdap.cdap.internal.app.runtime.workflow.WorkflowStateWriter) Manager(io.cdap.cdap.app.deploy.Manager) PermissionManager(io.cdap.cdap.security.spi.authorization.PermissionManager) DefaultNamespaceAdmin(io.cdap.cdap.internal.app.namespace.DefaultNamespaceAdmin) ArtifactRepositoryReader(io.cdap.cdap.internal.app.runtime.artifact.ArtifactRepositoryReader) PreferencesService(io.cdap.cdap.config.PreferencesService) TypeLiteral(com.google.inject.TypeLiteral) AppDeploymentInfo(io.cdap.cdap.internal.app.deploy.pipeline.AppDeploymentInfo) PluginFinder(io.cdap.cdap.internal.app.runtime.artifact.PluginFinder) RemoteWorkerPluginFinder(io.cdap.cdap.internal.app.worker.RemoteWorkerPluginFinder) StorageProviderNamespaceAdmin(io.cdap.cdap.internal.app.namespace.StorageProviderNamespaceAdmin) LocalStorageProviderNamespaceAdmin(io.cdap.cdap.internal.app.namespace.LocalStorageProviderNamespaceAdmin) ApplicationWithPrograms(io.cdap.cdap.internal.app.deploy.pipeline.ApplicationWithPrograms) AccessEnforcer(io.cdap.cdap.security.spi.authorization.AccessEnforcer) ContextAccessEnforcer(io.cdap.cdap.security.spi.authorization.ContextAccessEnforcer) NoopNamespaceResourceDeleter(io.cdap.cdap.internal.app.namespace.NoopNamespaceResourceDeleter) DefaultMetadataAdmin(io.cdap.cdap.metadata.DefaultMetadataAdmin) MetadataAdmin(io.cdap.cdap.metadata.MetadataAdmin) RemoteArtifactRepositoryWithLocalization(io.cdap.cdap.internal.app.runtime.artifact.RemoteArtifactRepositoryWithLocalization) PermissionManager(io.cdap.cdap.security.spi.authorization.PermissionManager) DefaultSecretStore(io.cdap.cdap.data.security.DefaultSecretStore) DefaultOwnerAdmin(io.cdap.cdap.security.impersonation.DefaultOwnerAdmin) OwnerAdmin(io.cdap.cdap.security.impersonation.OwnerAdmin) AccessControllerInstantiator(io.cdap.cdap.security.authorization.AccessControllerInstantiator) DefaultArtifactRepository(io.cdap.cdap.internal.app.runtime.artifact.DefaultArtifactRepository) ArtifactRepository(io.cdap.cdap.internal.app.runtime.artifact.ArtifactRepository) OwnerStore(io.cdap.cdap.security.impersonation.OwnerStore) DefaultOwnerStore(io.cdap.cdap.store.DefaultOwnerStore) MessagingService(io.cdap.cdap.messaging.MessagingService) ProgramRuntimeProviderLoader(io.cdap.cdap.internal.app.runtime.ProgramRuntimeProviderLoader) ArtifactStore(io.cdap.cdap.internal.app.runtime.artifact.ArtifactStore) DefaultDataTracerFactory(io.cdap.cdap.internal.app.preview.DefaultDataTracerFactory) PreferencesFetcher(io.cdap.cdap.metadata.PreferencesFetcher) ContextAccessEnforcer(io.cdap.cdap.security.spi.authorization.ContextAccessEnforcer) MessagingPreviewDataPublisher(io.cdap.cdap.internal.app.preview.MessagingPreviewDataPublisher)

Example 2 with AccessControllerInstantiator

use of io.cdap.cdap.security.authorization.AccessControllerInstantiator in project cdap by caskdata.

the class SystemArtifactsAuthorizationTest method setup.

@BeforeClass
public static void setup() throws Exception {
    CConfiguration cConf = CConfiguration.create();
    cConf.set(Constants.CFG_LOCAL_DATA_DIR, TMP_FOLDER.newFolder().getAbsolutePath());
    cConf.setBoolean(Constants.Security.ENABLED, true);
    cConf.setBoolean(Constants.Security.KERBEROS_ENABLED, false);
    cConf.setBoolean(Constants.Security.Authorization.ENABLED, true);
    cConf.setInt(Constants.Security.Authorization.CACHE_MAX_ENTRIES, 0);
    Location deploymentJar = AppJarHelper.createDeploymentJar(new LocalLocationFactory(TMP_FOLDER.newFolder()), InMemoryAccessController.class);
    cConf.set(Constants.Security.Authorization.EXTENSION_JAR_PATH, deploymentJar.toURI().getPath());
    // Add a system artifact
    File systemArtifactsDir = TMP_FOLDER.newFolder();
    cConf.set(Constants.AppFabric.SYSTEM_ARTIFACTS_DIR, systemArtifactsDir.getAbsolutePath());
    createSystemArtifact(systemArtifactsDir);
    Injector injector = AppFabricTestHelper.getInjector(cConf);
    artifactRepository = injector.getInstance(ArtifactRepository.class);
    AccessControllerInstantiator instantiatorService = injector.getInstance(AccessControllerInstantiator.class);
    accessController = instantiatorService.get();
    namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
}
Also used : Injector(com.google.inject.Injector) NamespaceAdmin(io.cdap.cdap.common.namespace.NamespaceAdmin) AccessControllerInstantiator(io.cdap.cdap.security.authorization.AccessControllerInstantiator) CConfiguration(io.cdap.cdap.common.conf.CConfiguration) LocalLocationFactory(org.apache.twill.filesystem.LocalLocationFactory) File(java.io.File) Location(org.apache.twill.filesystem.Location) BeforeClass(org.junit.BeforeClass)

Example 3 with AccessControllerInstantiator

use of io.cdap.cdap.security.authorization.AccessControllerInstantiator in project cdap by caskdata.

the class AuthorizationHandlerTest method setUp.

@Before
public void setUp() throws Exception {
    CConfiguration conf = CConfiguration.create();
    conf.setBoolean(Constants.Security.Authorization.ENABLED, true);
    conf.setBoolean(Constants.Security.ENABLED, true);
    properties.setProperty("superusers", admin.getName());
    final InMemoryAccessController auth = new InMemoryAccessController();
    auth.initialize(FACTORY.create(properties));
    service = new CommonNettyHttpServiceBuilder(conf, getClass().getSimpleName()).setHttpHandlers(new AuthorizationHandler(auth, new AccessControllerInstantiator(conf, FACTORY) {

        @Override
        public AccessController get() {
            return auth;
        }
    }, conf, new MasterAuthenticationContext())).setChannelPipelineModifier(new ChannelPipelineModifier() {

        @Override
        public void modify(ChannelPipeline pipeline) {
            pipeline.addBefore("dispatcher", "usernamesetter", new TestUserNameSetter());
        }
    }).build();
    service.start();
    client = new AuthorizationClient(ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(service.getBindAddress().getHostName()).setPort(service.getBindAddress().getPort()).setSSLEnabled(false).build()).build());
    System.setProperty(USERNAME_PROPERTY, admin.getName());
}
Also used : MasterAuthenticationContext(io.cdap.cdap.security.auth.context.MasterAuthenticationContext) InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController) AccessController(io.cdap.cdap.security.spi.authorization.AccessController) CommonNettyHttpServiceBuilder(io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder) InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController) AccessControllerInstantiator(io.cdap.cdap.security.authorization.AccessControllerInstantiator) AuthorizationClient(io.cdap.cdap.client.AuthorizationClient) CConfiguration(io.cdap.cdap.common.conf.CConfiguration) ChannelPipelineModifier(io.cdap.http.ChannelPipelineModifier) ChannelPipeline(io.netty.channel.ChannelPipeline) Before(org.junit.Before)

Example 4 with AccessControllerInstantiator

use of io.cdap.cdap.security.authorization.AccessControllerInstantiator in project cdap by caskdata.

the class TestBase method initialize.

@BeforeClass
public static void initialize() throws Exception {
    if (nestedStartCount++ > 0) {
        return;
    }
    File localDataDir = TMP_FOLDER.newFolder();
    cConf = createCConf(localDataDir);
    CConfiguration previewCConf = createPreviewConf(cConf);
    LevelDBTableService previewLevelDBTableService = new LevelDBTableService();
    previewLevelDBTableService.setConfiguration(previewCConf);
    // enable default services
    File capabilityFolder = new File(localDataDir.toString(), "capability");
    capabilityFolder.mkdir();
    cConf.set(Constants.Capability.CONFIG_DIR, capabilityFolder.getAbsolutePath());
    cConf.setInt(Constants.Capability.AUTO_INSTALL_THREADS, 5);
    org.apache.hadoop.conf.Configuration hConf = new org.apache.hadoop.conf.Configuration();
    hConf.addResource("mapred-site-local.xml");
    hConf.reloadConfiguration();
    hConf.set(Constants.CFG_LOCAL_DATA_DIR, localDataDir.getAbsolutePath());
    hConf.set(Constants.AppFabric.OUTPUT_DIR, cConf.get(Constants.AppFabric.OUTPUT_DIR));
    hConf.set("hadoop.tmp.dir", new File(localDataDir, cConf.get(Constants.AppFabric.TEMP_DIR)).getAbsolutePath());
    // Windows specific requirements
    if (OSDetector.isWindows()) {
        File tmpDir = TMP_FOLDER.newFolder();
        File binDir = new File(tmpDir, "bin");
        Assert.assertTrue(binDir.mkdirs());
        copyTempFile("hadoop.dll", tmpDir);
        copyTempFile("winutils.exe", binDir);
        System.setProperty("hadoop.home.dir", tmpDir.getAbsolutePath());
        System.load(new File(tmpDir, "hadoop.dll").getAbsolutePath());
    }
    injector = Guice.createInjector(createDataFabricModule(), new TransactionExecutorModule(), new DataSetsModules().getStandaloneModules(), new DataSetServiceModules().getInMemoryModules(), new ConfigModule(cConf, hConf), RemoteAuthenticatorModules.getNoOpModule(), new IOModule(), new LocalLocationModule(), new InMemoryDiscoveryModule(), new AppFabricServiceRuntimeModule(cConf).getInMemoryModules(), new MonitorHandlerModule(false), new AuthenticationContextModules().getMasterModule(), new AuthorizationModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new ProgramRunnerRuntimeModule().getInMemoryModules(), new SecureStoreServerModule(), new MetadataReaderWriterModules().getInMemoryModules(), new MetadataServiceModule(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(MetricsManager.class).toProvider(MetricsManagerProvider.class);
        }
    }, new MetricsClientRuntimeModule().getInMemoryModules(), new LocalLogAppenderModule(), new LogReaderRuntimeModules().getInMemoryModules(), new ExploreRuntimeModule().getInMemoryModules(), new ExploreClientModule(), new MessagingServerRuntimeModule().getInMemoryModules(), new PreviewConfigModule(cConf, new Configuration(), SConfiguration.create()), new PreviewManagerModule(false), new PreviewRunnerManagerModule().getInMemoryModules(), new SupportBundleServiceModule(), new MockProvisionerModule(), new AbstractModule() {

        @Override
        protected void configure() {
            install(new FactoryModuleBuilder().implement(ApplicationManager.class, DefaultApplicationManager.class).build(ApplicationManagerFactory.class));
            install(new FactoryModuleBuilder().implement(ArtifactManager.class, DefaultArtifactManager.class).build(ArtifactManagerFactory.class));
            bind(TemporaryFolder.class).toInstance(TMP_FOLDER);
            bind(AuthorizationHandler.class).in(Scopes.SINGLETON);
            // Needed by MonitorHandlerModuler
            bind(TwillRunner.class).to(NoopTwillRunnerService.class);
            bind(MetadataSubscriberService.class).in(Scopes.SINGLETON);
        }
    });
    messagingService = injector.getInstance(MessagingService.class);
    if (messagingService instanceof Service) {
        ((Service) messagingService).startAndWait();
    }
    txService = injector.getInstance(TransactionManager.class);
    txService.startAndWait();
    metadataSubscriberService = injector.getInstance(MetadataSubscriberService.class);
    metadataStorage = injector.getInstance(MetadataStorage.class);
    metadataAdmin = injector.getInstance(MetadataAdmin.class);
    metadataStorage.createIndex();
    metadataService = injector.getInstance(MetadataService.class);
    metadataService.startAndWait();
    // Define all StructuredTable before starting any services that need StructuredTable
    StoreDefinition.createAllTables(injector.getInstance(StructuredTableAdmin.class));
    dsOpService = injector.getInstance(DatasetOpExecutorService.class);
    dsOpService.startAndWait();
    datasetService = injector.getInstance(DatasetService.class);
    datasetService.startAndWait();
    metricsCollectionService = injector.getInstance(MetricsCollectionService.class);
    metricsCollectionService.startAndWait();
    if (cConf.getBoolean(Constants.Explore.EXPLORE_ENABLED)) {
        exploreExecutorService = injector.getInstance(ExploreExecutorService.class);
        exploreExecutorService.startAndWait();
        // wait for explore service to be discoverable
        DiscoveryServiceClient discoveryService = injector.getInstance(DiscoveryServiceClient.class);
        EndpointStrategy endpointStrategy = new RandomEndpointStrategy(() -> discoveryService.discover(Constants.Service.EXPLORE_HTTP_USER_SERVICE));
        Preconditions.checkNotNull(endpointStrategy.pick(5, TimeUnit.SECONDS), "%s service is not up after 5 seconds", Constants.Service.EXPLORE_HTTP_USER_SERVICE);
        exploreClient = injector.getInstance(ExploreClient.class);
    }
    programScheduler = injector.getInstance(Scheduler.class);
    if (programScheduler instanceof Service) {
        ((Service) programScheduler).startAndWait();
    }
    testManager = injector.getInstance(UnitTestManager.class);
    metricsManager = injector.getInstance(MetricsManager.class);
    accessControllerInstantiator = injector.getInstance(AccessControllerInstantiator.class);
    // This is needed so the logged-in user can successfully create the default namespace
    if (cConf.getBoolean(Constants.Security.Authorization.ENABLED)) {
        String user = System.getProperty("user.name");
        SecurityRequestContext.setUserId(user);
        InstanceId instance = new InstanceId(cConf.get(Constants.INSTANCE_NAME));
        Principal principal = new Principal(user, Principal.PrincipalType.USER);
        accessControllerInstantiator.get().grant(Authorizable.fromEntityId(instance), principal, EnumSet.allOf(StandardPermission.class));
        accessControllerInstantiator.get().grant(Authorizable.fromEntityId(NamespaceId.DEFAULT), principal, EnumSet.allOf(StandardPermission.class));
    }
    namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
    if (firstInit) {
        // only create the default namespace on first test. if multiple tests are run in the same JVM,
        // then any time after the first time, the default namespace already exists. That is because
        // the namespaceAdmin.delete(Id.Namespace.DEFAULT) in finish() only clears the default namespace
        // but does not remove it entirely
        namespaceAdmin.create(NamespaceMeta.DEFAULT);
        ProfileService profileService = injector.getInstance(ProfileService.class);
        profileService.saveProfile(ProfileId.NATIVE, Profile.NATIVE);
    }
    secureStore = injector.getInstance(SecureStore.class);
    secureStoreManager = injector.getInstance(SecureStoreManager.class);
    messagingContext = new MultiThreadMessagingContext(messagingService);
    firstInit = false;
    previewHttpServer = injector.getInstance(PreviewHttpServer.class);
    previewHttpServer.startAndWait();
    fieldLineageAdmin = injector.getInstance(FieldLineageAdmin.class);
    lineageAdmin = injector.getInstance(LineageAdmin.class);
    metadataSubscriberService.startAndWait();
    previewRunnerManager = injector.getInstance(PreviewRunnerManager.class);
    if (previewRunnerManager instanceof Service) {
        ((Service) previewRunnerManager).startAndWait();
    }
    appFabricServer = injector.getInstance(AppFabricServer.class);
    appFabricServer.startAndWait();
    preferencesService = injector.getInstance(PreferencesService.class);
    scheduler = injector.getInstance(Scheduler.class);
    if (scheduler instanceof Service) {
        ((Service) scheduler).startAndWait();
    }
    if (scheduler instanceof CoreSchedulerService) {
        ((CoreSchedulerService) scheduler).waitUntilFunctional(10, TimeUnit.SECONDS);
    }
    supportBundleInternalService = injector.getInstance(SupportBundleInternalService.class);
    supportBundleInternalService.startAndWait();
    appFabricHealthCheckService = injector.getInstance(HealthCheckService.class);
    appFabricHealthCheckService.helper(Constants.AppFabricHealthCheck.APP_FABRIC_HEALTH_CHECK_SERVICE, cConf, Constants.Service.MASTER_SERVICES_BIND_ADDRESS);
    appFabricHealthCheckService.startAndWait();
}
Also used : DataSetServiceModules(io.cdap.cdap.data.runtime.DataSetServiceModules) PreviewManagerModule(io.cdap.cdap.app.preview.PreviewManagerModule) DiscoveryServiceClient(org.apache.twill.discovery.DiscoveryServiceClient) Configuration(org.apache.hadoop.conf.Configuration) SConfiguration(io.cdap.cdap.common.conf.SConfiguration) CConfiguration(io.cdap.cdap.common.conf.CConfiguration) TwillRunner(org.apache.twill.api.TwillRunner) DatasetService(io.cdap.cdap.data2.datafabric.dataset.service.DatasetService) MetricsClientRuntimeModule(io.cdap.cdap.metrics.guice.MetricsClientRuntimeModule) LineageAdmin(io.cdap.cdap.metadata.LineageAdmin) FieldLineageAdmin(io.cdap.cdap.metadata.FieldLineageAdmin) StandardPermission(io.cdap.cdap.proto.security.StandardPermission) PreviewConfigModule(io.cdap.cdap.app.preview.PreviewConfigModule) RandomEndpointStrategy(io.cdap.cdap.common.discovery.RandomEndpointStrategy) EndpointStrategy(io.cdap.cdap.common.discovery.EndpointStrategy) CoreSchedulerService(io.cdap.cdap.scheduler.CoreSchedulerService) Configuration(org.apache.hadoop.conf.Configuration) SecureStoreManager(io.cdap.cdap.api.security.store.SecureStoreManager) SupportBundleServiceModule(io.cdap.cdap.support.app.guice.SupportBundleServiceModule) PreviewRunnerManagerModule(io.cdap.cdap.app.preview.PreviewRunnerManagerModule) PreviewRunnerManager(io.cdap.cdap.app.preview.PreviewRunnerManager) AuthorizationModule(io.cdap.cdap.app.guice.AuthorizationModule) HealthCheckService(io.cdap.cdap.common.service.HealthCheckService) MetricsCollectionService(io.cdap.cdap.api.metrics.MetricsCollectionService) InstanceId(io.cdap.cdap.proto.id.InstanceId) AuthenticationContextModules(io.cdap.cdap.security.auth.context.AuthenticationContextModules) MetadataServiceModule(io.cdap.cdap.metadata.MetadataServiceModule) NamespaceAdmin(io.cdap.cdap.common.namespace.NamespaceAdmin) ExploreRuntimeModule(io.cdap.cdap.explore.guice.ExploreRuntimeModule) CConfiguration(io.cdap.cdap.common.conf.CConfiguration) SecureStore(io.cdap.cdap.api.security.store.SecureStore) MetadataReaderWriterModules(io.cdap.cdap.metadata.MetadataReaderWriterModules) SupportBundleInternalService(io.cdap.cdap.support.internal.app.services.SupportBundleInternalService) ExploreClientModule(io.cdap.cdap.explore.guice.ExploreClientModule) MetadataSubscriberService(io.cdap.cdap.metadata.MetadataSubscriberService) TransactionManager(org.apache.tephra.TransactionManager) MetadataStorage(io.cdap.cdap.spi.metadata.MetadataStorage) File(java.io.File) AppFabricServiceRuntimeModule(io.cdap.cdap.app.guice.AppFabricServiceRuntimeModule) AuthorizationEnforcementModule(io.cdap.cdap.security.authorization.AuthorizationEnforcementModule) FieldLineageAdmin(io.cdap.cdap.metadata.FieldLineageAdmin) IOModule(io.cdap.cdap.common.guice.IOModule) AuthorizationHandler(io.cdap.cdap.gateway.handlers.AuthorizationHandler) ExploreClient(io.cdap.cdap.explore.client.ExploreClient) InMemoryDiscoveryModule(io.cdap.cdap.common.guice.InMemoryDiscoveryModule) ConfigModule(io.cdap.cdap.common.guice.ConfigModule) PreviewConfigModule(io.cdap.cdap.app.preview.PreviewConfigModule) FactoryModuleBuilder(com.google.inject.assistedinject.FactoryModuleBuilder) ArtifactManagerFactory(io.cdap.cdap.test.internal.ArtifactManagerFactory) StructuredTableAdmin(io.cdap.cdap.spi.data.StructuredTableAdmin) Scheduler(io.cdap.cdap.scheduler.Scheduler) AppFabricServer(io.cdap.cdap.internal.app.services.AppFabricServer) MessagingServerRuntimeModule(io.cdap.cdap.messaging.guice.MessagingServerRuntimeModule) MultiThreadMessagingContext(io.cdap.cdap.messaging.context.MultiThreadMessagingContext) MetadataService(io.cdap.cdap.metadata.MetadataService) MonitorHandlerModule(io.cdap.cdap.app.guice.MonitorHandlerModule) PreferencesService(io.cdap.cdap.config.PreferencesService) TransactionExecutorModule(io.cdap.cdap.data.runtime.TransactionExecutorModule) LocalLocationModule(io.cdap.cdap.common.guice.LocalLocationModule) TemporaryFolder(org.junit.rules.TemporaryFolder) MockProvisionerModule(io.cdap.cdap.internal.provision.MockProvisionerModule) MetadataAdmin(io.cdap.cdap.metadata.MetadataAdmin) ApplicationManagerFactory(io.cdap.cdap.test.internal.ApplicationManagerFactory) LogReaderRuntimeModules(io.cdap.cdap.logging.guice.LogReaderRuntimeModules) DataSetsModules(io.cdap.cdap.data.runtime.DataSetsModules) NoopTwillRunnerService(io.cdap.cdap.common.twill.NoopTwillRunnerService) PreferencesService(io.cdap.cdap.config.PreferencesService) MetadataSubscriberService(io.cdap.cdap.metadata.MetadataSubscriberService) ExploreExecutorService(io.cdap.cdap.explore.executor.ExploreExecutorService) LevelDBTableService(io.cdap.cdap.data2.dataset2.lib.table.leveldb.LevelDBTableService) DatasetOpExecutorService(io.cdap.cdap.data2.datafabric.dataset.service.executor.DatasetOpExecutorService) ProfileService(io.cdap.cdap.internal.profile.ProfileService) Service(com.google.common.util.concurrent.Service) CapabilityManagementService(io.cdap.cdap.internal.capability.CapabilityManagementService) MetadataService(io.cdap.cdap.metadata.MetadataService) HealthCheckService(io.cdap.cdap.common.service.HealthCheckService) MessagingService(io.cdap.cdap.messaging.MessagingService) SupportBundleInternalService(io.cdap.cdap.support.internal.app.services.SupportBundleInternalService) DatasetService(io.cdap.cdap.data2.datafabric.dataset.service.DatasetService) CoreSchedulerService(io.cdap.cdap.scheduler.CoreSchedulerService) MetricsCollectionService(io.cdap.cdap.api.metrics.MetricsCollectionService) AccessControllerInstantiator(io.cdap.cdap.security.authorization.AccessControllerInstantiator) AbstractModule(com.google.inject.AbstractModule) MessagingService(io.cdap.cdap.messaging.MessagingService) ProgramRunnerRuntimeModule(io.cdap.cdap.app.guice.ProgramRunnerRuntimeModule) ProfileService(io.cdap.cdap.internal.profile.ProfileService) LocalLogAppenderModule(io.cdap.cdap.logging.guice.LocalLogAppenderModule) LevelDBTableService(io.cdap.cdap.data2.dataset2.lib.table.leveldb.LevelDBTableService) DatasetOpExecutorService(io.cdap.cdap.data2.datafabric.dataset.service.executor.DatasetOpExecutorService) ExploreExecutorService(io.cdap.cdap.explore.executor.ExploreExecutorService) SecureStoreServerModule(io.cdap.cdap.security.guice.SecureStoreServerModule) Principal(io.cdap.cdap.proto.security.Principal) RandomEndpointStrategy(io.cdap.cdap.common.discovery.RandomEndpointStrategy) PreviewHttpServer(io.cdap.cdap.app.preview.PreviewHttpServer) BeforeClass(org.junit.BeforeClass)

Example 5 with AccessControllerInstantiator

use of io.cdap.cdap.security.authorization.AccessControllerInstantiator in project cdap by caskdata.

the class AuthorizationHandlerTest method testDisabled.

private void testDisabled(CConfiguration cConf, FeatureDisabledException.Feature feature, String configSetting) throws Exception {
    final InMemoryAccessController accessController = new InMemoryAccessController();
    NettyHttpService service = new CommonNettyHttpServiceBuilder(cConf, getClass().getSimpleName()).setHttpHandlers(new AuthorizationHandler(accessController, new AccessControllerInstantiator(cConf, FACTORY) {

        @Override
        public AccessController get() {
            return accessController;
        }
    }, cConf, new MasterAuthenticationContext())).build();
    service.start();
    try {
        final AuthorizationClient client = new AuthorizationClient(ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(service.getBindAddress().getHostName()).setPort(service.getBindAddress().getPort()).setSSLEnabled(false).build()).build());
        final NamespaceId ns1 = Ids.namespace("ns1");
        final Role admins = new Role("admins");
        // Test that the right exception is thrown when any Authorization REST API is called with authorization disabled
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.grant(Authorizable.fromEntityId(ns1), admin, ImmutableSet.of(StandardPermission.GET));
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.revoke(Authorizable.fromEntityId(ns1), admin, ImmutableSet.of(StandardPermission.GET));
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.revoke(Authorizable.fromEntityId(ns1));
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.listGrants(admin);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.addRoleToPrincipal(admins, admin);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.removeRoleFromPrincipal(admins, admin);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.createRole(admins);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.dropRole(admins);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.listAllRoles();
            }
        }, feature, configSetting);
    } finally {
        service.stop();
    }
}
Also used : MasterAuthenticationContext(io.cdap.cdap.security.auth.context.MasterAuthenticationContext) CommonNettyHttpServiceBuilder(io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder) AccessControllerInstantiator(io.cdap.cdap.security.authorization.AccessControllerInstantiator) AccessException(io.cdap.cdap.api.security.AccessException) FeatureDisabledException(io.cdap.cdap.common.FeatureDisabledException) AlreadyExistsException(io.cdap.cdap.security.spi.authorization.AlreadyExistsException) Role(io.cdap.cdap.proto.security.Role) InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController) AccessController(io.cdap.cdap.security.spi.authorization.AccessController) InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController) NettyHttpService(io.cdap.http.NettyHttpService) AuthorizationClient(io.cdap.cdap.client.AuthorizationClient) NamespaceId(io.cdap.cdap.proto.id.NamespaceId)

Aggregations

AccessControllerInstantiator (io.cdap.cdap.security.authorization.AccessControllerInstantiator)5 CConfiguration (io.cdap.cdap.common.conf.CConfiguration)3 FactoryModuleBuilder (com.google.inject.assistedinject.FactoryModuleBuilder)2 AuthorizationClient (io.cdap.cdap.client.AuthorizationClient)2 CommonNettyHttpServiceBuilder (io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder)2 NamespaceAdmin (io.cdap.cdap.common.namespace.NamespaceAdmin)2 PreferencesService (io.cdap.cdap.config.PreferencesService)2 ExploreClient (io.cdap.cdap.explore.client.ExploreClient)2 Service (com.google.common.util.concurrent.Service)1 AbstractModule (com.google.inject.AbstractModule)1 Injector (com.google.inject.Injector)1 TypeLiteral (com.google.inject.TypeLiteral)1 MetricsCollectionService (io.cdap.cdap.api.metrics.MetricsCollectionService)1 AccessException (io.cdap.cdap.api.security.AccessException)1 SecureStore (io.cdap.cdap.api.security.store.SecureStore)1 SecureStoreManager (io.cdap.cdap.api.security.store.SecureStoreManager)1 Manager (io.cdap.cdap.app.deploy.Manager)1 AppFabricServiceRuntimeModule (io.cdap.cdap.app.guice.AppFabricServiceRuntimeModule)1 AuthorizationModule (io.cdap.cdap.app.guice.AuthorizationModule)1 MonitorHandlerModule (io.cdap.cdap.app.guice.MonitorHandlerModule)1