use of io.cdap.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.
the class LogHttpHandlerTest method setup.
@BeforeClass
public static void setup() throws Exception {
CConfiguration cConf = CConfiguration.create();
cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMP_FOLDER.newFolder().getAbsolutePath());
cConf.set(Constants.LogQuery.ADDRESS, InetAddress.getLoopbackAddress().getHostAddress());
Injector injector = Guice.createInjector(Modules.override(new ConfigModule(cConf), RemoteAuthenticatorModules.getNoOpModule(), new NonCustomLocationUnitTestModule(), new InMemoryDiscoveryModule(), new LogQueryRuntimeModule().getInMemoryModules(), new DataFabricModules().getInMemoryModules(), new DataSetsModules().getStandaloneModules(), new DataSetServiceModules().getInMemoryModules(), new ExploreClientModule(), new NamespaceAdminTestModule(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule()).with(new AbstractModule() {
@Override
protected void configure() {
bind(MetricsCollectionService.class).to(NoOpMetricsCollectionService.class);
bind(LogReader.class).to(MockLogReader.class).in(Scopes.SINGLETON);
bind(Store.class).to(DefaultStore.class);
bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
bind(OwnerAdmin.class).to(NoOpOwnerAdmin.class);
// TODO (CDAP-14677): find a better way to inject metadata publisher
bind(MetadataServiceClient.class).to(NoOpMetadataServiceClient.class);
}
}));
transactionManager = injector.getInstance(TransactionManager.class);
transactionManager.startAndWait();
StoreDefinition.createAllTables(injector.getInstance(StructuredTableAdmin.class));
dsOpService = injector.getInstance(DatasetOpExecutorService.class);
dsOpService.startAndWait();
datasetService = injector.getInstance(DatasetService.class);
datasetService.startAndWait();
logQueryService = injector.getInstance(LogQueryService.class);
logQueryService.startAndWait();
mockLogReader = (MockLogReader) injector.getInstance(LogReader.class);
mockLogReader.generateLogs();
discoveryServiceClient = injector.getInstance(DiscoveryServiceClient.class);
}
use of io.cdap.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.
the class PreviewRunnerTwillRunnable method createInjector.
@VisibleForTesting
static Injector createInjector(CConfiguration cConf, Configuration hConf, PreviewRequestPollerInfo pollerInfo) {
List<Module> modules = new ArrayList<>();
byte[] pollerInfoBytes = Bytes.toBytes(new Gson().toJson(pollerInfo));
SConfiguration sConf = SConfiguration.create();
modules.add(new ConfigModule(cConf, hConf, sConf));
modules.add(RemoteAuthenticatorModules.getDefaultModule());
modules.add(new PreviewConfigModule(cConf, hConf, sConf));
modules.add(new IOModule());
modules.add(new MetricsClientRuntimeModule().getDistributedModules());
// If MasterEnvironment is not available, assuming it is the old hadoop stack with ZK, Kafka
MasterEnvironment masterEnv = MasterEnvironments.getMasterEnvironment();
if (masterEnv == null) {
modules.add(new ZKClientModule());
modules.add(new ZKDiscoveryModule());
modules.add(new KafkaClientModule());
modules.add(new KafkaLogAppenderModule());
} else {
modules.add(new AbstractModule() {
@Override
protected void configure() {
bind(DiscoveryService.class).toProvider(new SupplierProviderBridge<>(masterEnv.getDiscoveryServiceSupplier()));
bind(DiscoveryServiceClient.class).toProvider(new SupplierProviderBridge<>(masterEnv.getDiscoveryServiceClientSupplier()));
}
});
modules.add(new RemoteLogAppenderModule());
}
modules.add(new PreviewRunnerManagerModule().getDistributedModules());
modules.add(new DataSetServiceModules().getStandaloneModules());
modules.add(new DataSetsModules().getStandaloneModules());
modules.add(new AppFabricServiceRuntimeModule(cConf).getStandaloneModules());
modules.add(new ProgramRunnerRuntimeModule().getStandaloneModules());
modules.add(new MetricsStoreModule());
modules.add(new MessagingClientModule());
modules.add(new AuditModule());
modules.add(new SecureStoreClientModule());
modules.add(new MetadataReaderWriterModules().getStandaloneModules());
modules.add(new DFSLocationModule());
modules.add(new MetadataServiceModule());
modules.add(new CoreSecurityRuntimeModule().getInMemoryModules());
modules.add(new AuthenticationContextModules().getMasterWorkerModule());
modules.add(new AuthorizationModule());
modules.add(new AuthorizationEnforcementModule().getNoOpModules());
modules.add(Modules.override(new DataFabricModules("master").getDistributedModules()).with(new AbstractModule() {
@Override
protected void configure() {
// Bind transaction system to a constant one, basically no transaction, with every write become
// visible immediately.
// TODO: Ideally we shouldn't need this at all. However, it is needed now to satisfy dependencies
bind(TransactionSystemClientService.class).to(DelegatingTransactionSystemClientService.class);
bind(TransactionSystemClient.class).to(ConstantTransactionSystemClient.class);
bind(ExploreClient.class).to(UnsupportedExploreClient.class);
bind(PreviewRequestPollerInfoProvider.class).toInstance(() -> pollerInfoBytes);
}
}));
return Guice.createInjector(modules);
}
use of io.cdap.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.
the class ExploreDisabledTest method createInMemoryModules.
private static List<Module> createInMemoryModules(CConfiguration configuration, Configuration hConf) {
configuration.set(Constants.CFG_DATA_INMEMORY_PERSISTENCE, Constants.InMemoryPersistenceType.MEMORY.name());
configuration.setBoolean(Constants.Explore.EXPLORE_ENABLED, false);
configuration.set(Constants.Explore.LOCAL_DATA_DIR, new File(System.getProperty("java.io.tmpdir"), "hive").getAbsolutePath());
return ImmutableList.of(new ConfigModule(configuration, hConf), RemoteAuthenticatorModules.getNoOpModule(), new IOModule(), new InMemoryDiscoveryModule(), new NonCustomLocationUnitTestModule(), new DataFabricModules().getInMemoryModules(), new DataSetsModules().getStandaloneModules(), new DataSetServiceModules().getInMemoryModules(), new MetricsClientRuntimeModule().getInMemoryModules(), new ExploreRuntimeModule().getInMemoryModules(), new ExploreClientModule(), new NamespaceAdminTestModule(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule(), new AbstractModule() {
@Override
protected void configure() {
bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
bind(MetadataServiceClient.class).to(NoOpMetadataServiceClient.class);
}
});
}
use of io.cdap.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.
the class InMemoryExploreServiceTest method start.
@BeforeClass
public static void start() throws Exception {
CConfiguration configuration = CConfiguration.create();
Configuration hConf = new Configuration();
configuration.set(Constants.CFG_DATA_INMEMORY_PERSISTENCE, Constants.InMemoryPersistenceType.MEMORY.name());
configuration.set(Constants.Explore.LOCAL_DATA_DIR, tmpFolder.newFolder().getAbsolutePath());
Injector injector = Guice.createInjector(new ConfigModule(configuration, hConf), RemoteAuthenticatorModules.getNoOpModule(), new IOModule(), new InMemoryDiscoveryModule(), new NonCustomLocationUnitTestModule(), new DataFabricModules().getInMemoryModules(), new DataSetsModules().getStandaloneModules(), new DataSetServiceModules().getInMemoryModules(), new MetricsClientRuntimeModule().getInMemoryModules(), new ExploreRuntimeModule().getInMemoryModules(), new ExploreClientModule(), new NamespaceAdminTestModule(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule(), new AbstractModule() {
@Override
protected void configure() {
bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
bind(MetadataServiceClient.class).to(NoOpMetadataServiceClient.class);
}
});
transactionManager = injector.getInstance(TransactionManager.class);
transactionManager.startAndWait();
StoreDefinition.createAllTables(injector.getInstance(StructuredTableAdmin.class));
dsOpService = injector.getInstance(DatasetOpExecutorService.class);
dsOpService.startAndWait();
datasetService = injector.getInstance(DatasetService.class);
datasetService.startAndWait();
exploreService = injector.getInstance(ExploreService.class);
exploreService.startAndWait();
namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
}
use of io.cdap.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.
the class DistributedProgramContainerModule method getCoreModules.
private List<Module> getCoreModules() {
Arguments systemArgs = programOpts.getArguments();
ClusterMode clusterMode = systemArgs.hasOption(ProgramOptionConstants.CLUSTER_MODE) ? ClusterMode.valueOf(systemArgs.getOption(ProgramOptionConstants.CLUSTER_MODE)) : ClusterMode.ON_PREMISE;
List<Module> modules = new ArrayList<>();
modules.add(new ConfigModule(cConf, hConf));
modules.add(new IOModule());
modules.add(new DFSLocationModule());
modules.add(new MetricsClientRuntimeModule().getDistributedModules());
modules.add(new MessagingClientModule());
modules.add(new AuditModule());
modules.add(new AuthorizationEnforcementModule().getDistributedModules());
modules.add(new SecureStoreClientModule());
modules.add(new MetadataReaderWriterModules().getDistributedModules());
modules.add(new NamespaceQueryAdminModule());
modules.add(new DataSetsModules().getDistributedModules());
modules.add(new AbstractModule() {
@Override
protected void configure() {
bind(ProgramStateWriter.class).to(MessagingProgramStateWriter.class);
bind(WorkflowStateWriter.class).to(MessagingWorkflowStateWriter.class);
// don't need to perform any impersonation from within user programs
bind(UGIProvider.class).to(CurrentUGIProvider.class).in(Scopes.SINGLETON);
// Bind ProgramId to the passed in instance programId so that we can retrieve it back later when needed.
// For example see ProgramDiscoveryExploreClient.
// Also binding to instance is fine here as the programId is guaranteed to not change throughout the
// lifecycle of this program runnable
bind(ProgramId.class).toInstance(programRunId.getParent());
bind(ProgramRunId.class).toInstance(programRunId);
if (serviceAnnouncer != null) {
bind(ServiceAnnouncer.class).toInstance(serviceAnnouncer);
}
bind(PreferencesFetcher.class).to(RemotePreferencesFetcherInternal.class).in(Scopes.SINGLETON);
}
});
addDataFabricModules(modules);
switch(clusterMode) {
case ON_PREMISE:
addOnPremiseModules(modules);
break;
case ISOLATED:
addIsolatedModules(modules);
break;
default:
}
return modules;
}
Aggregations