use of io.cdap.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.
the class DatasetServiceTestBase method initializeAndStartService.
protected static void initializeAndStartService(CConfiguration cConf) throws Exception {
// TODO: this whole method is a mess. Streamline it!
injector = Guice.createInjector(new ConfigModule(cConf), RemoteAuthenticatorModules.getNoOpModule(), new InMemoryDiscoveryModule(), new NonCustomLocationUnitTestModule(), new NamespaceAdminTestModule(), new SystemDatasetRuntimeModule().getInMemoryModules(), new TransactionInMemoryModule(), new AuthorizationTestModule(), new StorageModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule(), new AbstractModule() {
@Override
protected void configure() {
bind(MetricsCollectionService.class).to(NoOpMetricsCollectionService.class).in(Singleton.class);
bind(DatasetDefinitionRegistryFactory.class).to(DefaultDatasetDefinitionRegistryFactory.class).in(Scopes.SINGLETON);
// through the injector, we only need RemoteDatasetFramework in these tests
bind(RemoteDatasetFramework.class);
bind(OwnerStore.class).to(InMemoryOwnerStore.class);
bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
}
});
AccessEnforcer authEnforcer = injector.getInstance(AccessEnforcer.class);
AuthenticationContext authenticationContext = injector.getInstance(AuthenticationContext.class);
transactionRunner = injector.getInstance(TransactionRunner.class);
DiscoveryService discoveryService = injector.getInstance(DiscoveryService.class);
discoveryServiceClient = injector.getInstance(DiscoveryServiceClient.class);
dsFramework = injector.getInstance(RemoteDatasetFramework.class);
// Tx Manager to support working with datasets
txManager = injector.getInstance(TransactionManager.class);
txManager.startAndWait();
StructuredTableAdmin structuredTableAdmin = injector.getInstance(StructuredTableAdmin.class);
StoreDefinition.createAllTables(structuredTableAdmin);
TransactionSystemClient txSystemClient = injector.getInstance(TransactionSystemClient.class);
TransactionSystemClientService txSystemClientService = new DelegatingTransactionSystemClientService(txSystemClient);
NamespacePathLocator namespacePathLocator = injector.getInstance(NamespacePathLocator.class);
SystemDatasetInstantiatorFactory datasetInstantiatorFactory = new SystemDatasetInstantiatorFactory(locationFactory, dsFramework, cConf);
// ok to pass null, since the impersonator won't actually be called, if kerberos security is not enabled
Impersonator impersonator = new DefaultImpersonator(cConf, null);
DatasetAdminService datasetAdminService = new DatasetAdminService(dsFramework, cConf, locationFactory, datasetInstantiatorFactory, impersonator);
ImmutableSet<HttpHandler> handlers = ImmutableSet.<HttpHandler>of(new DatasetAdminOpHTTPHandler(datasetAdminService));
MetricsCollectionService metricsCollectionService = injector.getInstance(MetricsCollectionService.class);
opExecutorService = new DatasetOpExecutorService(cConf, SConfiguration.create(), discoveryService, metricsCollectionService, handlers);
opExecutorService.startAndWait();
Map<String, DatasetModule> defaultModules = injector.getInstance(Key.get(new TypeLiteral<Map<String, DatasetModule>>() {
}, Constants.Dataset.Manager.DefaultDatasetModules.class));
ImmutableMap<String, DatasetModule> modules = ImmutableMap.<String, DatasetModule>builder().putAll(defaultModules).build();
registryFactory = injector.getInstance(DatasetDefinitionRegistryFactory.class);
inMemoryDatasetFramework = new InMemoryDatasetFramework(registryFactory, modules);
DiscoveryExploreClient exploreClient = new DiscoveryExploreClient(discoveryServiceClient, authenticationContext);
ExploreFacade exploreFacade = new ExploreFacade(exploreClient, cConf);
namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
namespaceAdmin.create(NamespaceMeta.DEFAULT);
ownerAdmin = injector.getInstance(OwnerAdmin.class);
NamespaceQueryAdmin namespaceQueryAdmin = injector.getInstance(NamespaceQueryAdmin.class);
DatasetTypeManager typeManager = new DatasetTypeManager(cConf, locationFactory, impersonator, transactionRunner);
DatasetOpExecutor opExecutor = new InMemoryDatasetOpExecutor(dsFramework);
DatasetInstanceManager instanceManager = new DatasetInstanceManager(transactionRunner);
DatasetTypeService noAuthTypeService = new DefaultDatasetTypeService(typeManager, namespaceAdmin, namespacePathLocator, cConf, impersonator, txSystemClientService, transactionRunner, defaultModules);
DatasetTypeService typeService = new AuthorizationDatasetTypeService(noAuthTypeService, authEnforcer, authenticationContext);
instanceService = new DatasetInstanceService(typeService, noAuthTypeService, instanceManager, opExecutor, exploreFacade, namespaceQueryAdmin, ownerAdmin, authEnforcer, authenticationContext, new NoOpMetadataServiceClient());
service = new DatasetService(cConf, SConfiguration.create(), discoveryService, discoveryServiceClient, metricsCollectionService, new HashSet<>(), typeService, instanceService);
// Start dataset service, wait for it to be discoverable
service.startAndWait();
waitForService(Constants.Service.DATASET_EXECUTOR);
waitForService(Constants.Service.DATASET_MANAGER);
// this usually happens while creating a namespace, however not doing that in data fabric tests
Locations.mkdirsIfNotExists(namespacePathLocator.get(NamespaceId.DEFAULT));
}
use of io.cdap.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.
the class DatasetOpExecutorServiceTest method setUp.
@Before
public void setUp() throws Exception {
Configuration hConf = new Configuration();
CConfiguration cConf = CConfiguration.create();
File datasetDir = new File(TMP_FOLDER.newFolder(), "datasetUser");
Assert.assertTrue(datasetDir.mkdirs());
cConf.set(Constants.Dataset.Manager.OUTPUT_DIR, datasetDir.getAbsolutePath());
cConf.set(Constants.Service.MASTER_SERVICES_BIND_ADDRESS, "localhost");
cConf.set(Constants.Dataset.Executor.ADDRESS, "localhost");
cConf.setInt(Constants.Dataset.Executor.PORT, Networks.getRandomPort());
Injector injector = Guice.createInjector(new ConfigModule(cConf, hConf), RemoteAuthenticatorModules.getNoOpModule(), new IOModule(), new ZKClientModule(), new KafkaClientModule(), new InMemoryDiscoveryModule(), new NonCustomLocationUnitTestModule(), new DataFabricModules().getInMemoryModules(), new DataSetsModules().getStandaloneModules(), new DataSetServiceModules().getInMemoryModules(), new TransactionMetricsModule(), new ExploreClientModule(), new NamespaceAdminTestModule(), new AuthenticationContextModules().getMasterModule(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AbstractModule() {
@Override
protected void configure() {
bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
bind(MetadataServiceClient.class).to(NoOpMetadataServiceClient.class);
}
});
txManager = injector.getInstance(TransactionManager.class);
txManager.startAndWait();
StoreDefinition.createAllTables(injector.getInstance(StructuredTableAdmin.class));
dsOpExecService = injector.getInstance(DatasetOpExecutorService.class);
dsOpExecService.startAndWait();
managerService = injector.getInstance(DatasetService.class);
managerService.startAndWait();
dsFramework = injector.getInstance(DatasetFramework.class);
// find host
DiscoveryServiceClient discoveryClient = injector.getInstance(DiscoveryServiceClient.class);
endpointStrategy = new RandomEndpointStrategy(() -> discoveryClient.discover(Constants.Service.DATASET_MANAGER));
namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
namespaceAdmin.create(NamespaceMeta.DEFAULT);
namespaceAdmin.create(new NamespaceMeta.Builder().setName(bob.getParent()).build());
}
use of io.cdap.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.
the class TetheringClientHandlerTest method setup.
@BeforeClass
public static void setup() throws Exception {
cConf = CConfiguration.create();
injector = Guice.createInjector(new ConfigModule(cConf), RemoteAuthenticatorModules.getNoOpModule(), new SystemDatasetRuntimeModule().getInMemoryModules(), new TransactionModules().getInMemoryModules(), new TransactionExecutorModule(), new InMemoryDiscoveryModule(), new MessagingServerRuntimeModule().getInMemoryModules(), new StorageModule(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule(), new PrivateModule() {
@Override
protected void configure() {
bind(MetricsCollectionService.class).to(NoOpMetricsCollectionService.class).in(Scopes.SINGLETON);
expose(MetricsCollectionService.class);
}
});
tetheringStore = new TetheringStore(injector.getInstance(TransactionRunner.class));
txManager = injector.getInstance(TransactionManager.class);
txManager.startAndWait();
}
use of io.cdap.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.
the class AppFabricTestModule method configure.
@Override
protected void configure() {
install(new DataFabricModules().getInMemoryModules());
install(new DataSetsModules().getStandaloneModules());
install(new TransactionExecutorModule());
install(new DataSetServiceModules().getInMemoryModules());
install(new ConfigModule(cConf, hConf, sConf));
install(RemoteAuthenticatorModules.getNoOpModule());
install(new IOModule());
install(new InMemoryDiscoveryModule());
install(new AppFabricServiceRuntimeModule(cConf).getInMemoryModules());
install(new MonitorHandlerModule(false));
install(new ProgramRunnerRuntimeModule().getInMemoryModules());
install(new NonCustomLocationUnitTestModule());
install(new LocalLogAppenderModule());
install(new LogReaderRuntimeModules().getInMemoryModules());
install(new LogQueryRuntimeModule().getInMemoryModules());
install(new MetricsHandlerModule());
install(new MetricsClientRuntimeModule().getInMemoryModules());
install(new ExploreClientModule());
install(new ConfigStoreModule());
install(new MetadataServiceModule());
install(new AuthenticationContextModules().getMasterModule());
install(new AuthorizationModule());
install(new AuthorizationEnforcementModule().getStandaloneModules());
install(new SecureStoreServerModule());
install(new MetadataReaderWriterModules().getInMemoryModules());
install(new MessagingServerRuntimeModule().getInMemoryModules());
install(new MockProvisionerModule());
// Needed by MonitorHandlerModuler
bind(TwillRunner.class).to(NoopTwillRunnerService.class);
}
use of io.cdap.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.
the class TransactionServiceTest method createTxService.
static TransactionService createTxService(String zkConnectionString, int txServicePort, Configuration hConf, final File outPath, @Nullable CConfiguration cConfig) {
final CConfiguration cConf = cConfig == null ? CConfiguration.create() : cConfig;
// tests should use the current user for HDFS
cConf.set(Constants.CFG_HDFS_USER, System.getProperty("user.name"));
cConf.set(Constants.Zookeeper.QUORUM, zkConnectionString);
cConf.set(Constants.CFG_LOCAL_DATA_DIR, outPath.getAbsolutePath());
cConf.set(TxConstants.Service.CFG_DATA_TX_BIND_PORT, Integer.toString(txServicePort));
// we want persisting for this test
cConf.setBoolean(TxConstants.Manager.CFG_DO_PERSIST, true);
cConf.setBoolean(TxConstants.TransactionPruning.PRUNE_ENABLE, false);
final Injector injector = Guice.createInjector(new ConfigModule(cConf, hConf), new NonCustomLocationUnitTestModule(), new ZKClientModule(), new ZKDiscoveryModule(), new TransactionMetricsModule(), new AbstractModule() {
@Override
protected void configure() {
bind(NamespaceQueryAdmin.class).to(SimpleNamespaceQueryAdmin.class);
bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
}
}, new DataFabricModules().getDistributedModules(), new SystemDatasetRuntimeModule().getInMemoryModules(), new DataSetsModules().getInMemoryModules(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getNoOpModule());
injector.getInstance(ZKClientService.class).startAndWait();
return injector.getInstance(TransactionService.class);
}
Aggregations