Examples with AuthorizationEnforcementModule io.cdap.cdap.security.authorization.AuthorizationEnforcementModule used on opensource projects

Search in sources :

Example 11 with AuthorizationEnforcementModule

use of io.cdap.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class TransactionServiceClientTest method beforeClass.

@BeforeClass
public static void beforeClass() throws Exception {
    HBaseTestingUtility hBaseTestingUtility = new HBaseTestingUtility();
    hBaseTestingUtility.startMiniDFSCluster(1);
    Configuration hConf = hBaseTestingUtility.getConfiguration();
    hConf.setBoolean("fs.hdfs.impl.disable.cache", true);
    zkServer = InMemoryZKServer.builder().build();
    zkServer.startAndWait();
    CConfiguration cConf = CConfiguration.create();
    // tests should use the current user for HDFS
    cConf.set(Constants.CFG_HDFS_USER, System.getProperty("user.name"));
    cConf.set(Constants.Zookeeper.QUORUM, zkServer.getConnectionStr());
    cConf.set(Constants.CFG_LOCAL_DATA_DIR, tmpFolder.newFolder().getAbsolutePath());
    cConf.setBoolean(TxConstants.TransactionPruning.PRUNE_ENABLE, false);
    // we want persisting for this test
    cConf.setBoolean(TxConstants.Manager.CFG_DO_PERSIST, true);
    // getCommonConfiguration() sets up an hConf with tx service configuration.
    // however, createTxService() will override these with defaults from the CConf.
    // hence, we must pass in these settings when creating the tx service.
    Configuration extraCConf = new Configuration();
    extraCConf.clear();
    extraCConf = getCommonConfiguration(extraCConf);
    for (Map.Entry<String, String> entry : extraCConf) {
        cConf.set(entry.getKey(), entry.getValue());
    }
    server = TransactionServiceTest.createTxService(zkServer.getConnectionStr(), Networks.getRandomPort(), hConf, tmpFolder.newFolder(), cConf);
    server.startAndWait();
    injector = Guice.createInjector(new ConfigModule(cConf, hConf), RemoteAuthenticatorModules.getNoOpModule(), new ZKClientModule(), new ZKDiscoveryModule(), new NonCustomLocationUnitTestModule(), new TransactionMetricsModule(), new DataFabricModules().getDistributedModules(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(NamespaceQueryAdmin.class).to(SimpleNamespaceQueryAdmin.class);
            bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
            bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
        }
    }, Modules.override(new DataSetsModules().getDistributedModules()).with(new AbstractModule() {

        @Override
        protected void configure() {
            bind(MetadataStorage.class).to(NoopMetadataStorage.class);
        }
    }), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getNoOpModule());
    zkClient = injector.getInstance(ZKClientService.class);
    zkClient.startAndWait();
    txStateStorage = injector.getInstance(TransactionStateStorage.class);
    txStateStorage.startAndWait();
}
Also used : Configuration(org.apache.hadoop.conf.Configuration) CConfiguration(io.cdap.cdap.common.conf.CConfiguration) ZKDiscoveryModule(io.cdap.cdap.common.guice.ZKDiscoveryModule) ConfigModule(io.cdap.cdap.common.guice.ConfigModule) AuthenticationContextModules(io.cdap.cdap.security.auth.context.AuthenticationContextModules) UGIProvider(io.cdap.cdap.security.impersonation.UGIProvider) UnsupportedUGIProvider(io.cdap.cdap.security.impersonation.UnsupportedUGIProvider) DefaultOwnerAdmin(io.cdap.cdap.security.impersonation.DefaultOwnerAdmin) OwnerAdmin(io.cdap.cdap.security.impersonation.OwnerAdmin) DataSetsModules(io.cdap.cdap.data.runtime.DataSetsModules) NonCustomLocationUnitTestModule(io.cdap.cdap.common.guice.NonCustomLocationUnitTestModule) CConfiguration(io.cdap.cdap.common.conf.CConfiguration) AuthorizationTestModule(io.cdap.cdap.security.authorization.AuthorizationTestModule) TransactionMetricsModule(io.cdap.cdap.data.runtime.TransactionMetricsModule) AbstractModule(com.google.inject.AbstractModule) ZKClientModule(io.cdap.cdap.common.guice.ZKClientModule) NoopMetadataStorage(io.cdap.cdap.spi.metadata.noop.NoopMetadataStorage) ZKClientService(org.apache.twill.zookeeper.ZKClientService) HBaseTestingUtility(org.apache.hadoop.hbase.HBaseTestingUtility) NamespaceQueryAdmin(io.cdap.cdap.common.namespace.NamespaceQueryAdmin) SimpleNamespaceQueryAdmin(io.cdap.cdap.common.namespace.SimpleNamespaceQueryAdmin) TransactionStateStorage(org.apache.tephra.persist.TransactionStateStorage) Map(java.util.Map) DataFabricModules(io.cdap.cdap.data.runtime.DataFabricModules) AuthorizationEnforcementModule(io.cdap.cdap.security.authorization.AuthorizationEnforcementModule) BeforeClass(org.junit.BeforeClass)

Example 12 with AuthorizationEnforcementModule

use of io.cdap.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class TransactionServiceTest method testHA.

@Test(timeout = 30000)
public void testHA() throws Exception {
    // NOTE: we play with blocking/nonblocking a lot below
    // as until we integrate with "leader election" stuff, service blocks on start if it is not a leader
    // TODO: fix this by integration with generic leader election stuff
    CConfiguration cConf = CConfiguration.create();
    // tests should use the current user for HDFS
    cConf.set(Constants.CFG_HDFS_USER, System.getProperty("user.name"));
    cConf.set(Constants.Zookeeper.QUORUM, zkServer.getConnectionStr());
    cConf.set(Constants.CFG_LOCAL_DATA_DIR, tmpFolder.newFolder().getAbsolutePath());
    Injector injector = Guice.createInjector(new ConfigModule(cConf), RemoteAuthenticatorModules.getNoOpModule(), new ZKClientModule(), new ZKDiscoveryModule(), new NonCustomLocationUnitTestModule(), new TransactionMetricsModule(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(NamespaceQueryAdmin.class).to(SimpleNamespaceQueryAdmin.class);
            bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
            bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
        }
    }, new DataFabricModules().getDistributedModules(), Modules.override(new DataSetsModules().getDistributedModules()).with(new AbstractModule() {

        @Override
        protected void configure() {
            bind(MetadataStorage.class).to(NoopMetadataStorage.class);
        }
    }), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getNoOpModule());
    ZKClientService zkClient = injector.getInstance(ZKClientService.class);
    zkClient.startAndWait();
    try {
        final Table table = createTable("myTable");
        // tx service client
        // NOTE: we can init it earlier than we start services, it should pick them up when they are available
        TransactionSystemClient txClient = injector.getInstance(TransactionSystemClient.class);
        TransactionExecutor txExecutor = new DefaultTransactionExecutor(txClient, ImmutableList.of((TransactionAware) table));
        // starting tx service, tx client can pick it up
        TransactionService first = createTxService(zkServer.getConnectionStr(), Networks.getRandomPort(), hConf, tmpFolder.newFolder());
        first.startAndWait();
        Assert.assertNotNull(txClient.startShort());
        verifyGetAndPut(table, txExecutor, null, "val1");
        // starting another tx service should not hurt
        TransactionService second = createTxService(zkServer.getConnectionStr(), Networks.getRandomPort(), hConf, tmpFolder.newFolder());
        // NOTE: we don't have to wait for start as client should pick it up anyways, but we do wait to ensure
        // the case with two active is handled well
        second.startAndWait();
        // wait for affect a bit
        TimeUnit.SECONDS.sleep(1);
        Assert.assertNotNull(txClient.startShort());
        verifyGetAndPut(table, txExecutor, "val1", "val2");
        // shutting down the first one is fine: we have another one to pick up the leader role
        first.stopAndWait();
        Assert.assertNotNull(txClient.startShort());
        verifyGetAndPut(table, txExecutor, "val2", "val3");
        // doing same trick again to failover to the third one
        TransactionService third = createTxService(zkServer.getConnectionStr(), Networks.getRandomPort(), hConf, tmpFolder.newFolder());
        // NOTE: we don't have to wait for start as client should pick it up anyways
        third.start();
        // stopping second one
        second.stopAndWait();
        Assert.assertNotNull(txClient.startShort());
        verifyGetAndPut(table, txExecutor, "val3", "val4");
        // releasing resources
        third.stop();
    } finally {
        try {
            dropTable("myTable");
        } finally {
            zkClient.stopAndWait();
        }
    }
}
Also used : ZKDiscoveryModule(io.cdap.cdap.common.guice.ZKDiscoveryModule) ConfigModule(io.cdap.cdap.common.guice.ConfigModule) TransactionMetricsModule(io.cdap.cdap.data.runtime.TransactionMetricsModule) ZKClientModule(io.cdap.cdap.common.guice.ZKClientModule) TransactionSystemClient(org.apache.tephra.TransactionSystemClient) Injector(com.google.inject.Injector) SimpleNamespaceQueryAdmin(io.cdap.cdap.common.namespace.SimpleNamespaceQueryAdmin) UnsupportedUGIProvider(io.cdap.cdap.security.impersonation.UnsupportedUGIProvider) Table(io.cdap.cdap.api.dataset.table.Table) InMemoryTable(io.cdap.cdap.data2.dataset2.lib.table.inmemory.InMemoryTable) TransactionService(org.apache.tephra.distributed.TransactionService) AuthenticationContextModules(io.cdap.cdap.security.auth.context.AuthenticationContextModules) DataSetsModules(io.cdap.cdap.data.runtime.DataSetsModules) TransactionExecutor(org.apache.tephra.TransactionExecutor) DefaultTransactionExecutor(org.apache.tephra.DefaultTransactionExecutor) NonCustomLocationUnitTestModule(io.cdap.cdap.common.guice.NonCustomLocationUnitTestModule) DefaultOwnerAdmin(io.cdap.cdap.security.impersonation.DefaultOwnerAdmin) CConfiguration(io.cdap.cdap.common.conf.CConfiguration) AuthorizationTestModule(io.cdap.cdap.security.authorization.AuthorizationTestModule) AbstractModule(com.google.inject.AbstractModule) ZKClientService(org.apache.twill.zookeeper.ZKClientService) TransactionAware(org.apache.tephra.TransactionAware) MetadataStorage(io.cdap.cdap.spi.metadata.MetadataStorage) NoopMetadataStorage(io.cdap.cdap.spi.metadata.noop.NoopMetadataStorage) DefaultTransactionExecutor(org.apache.tephra.DefaultTransactionExecutor) DataFabricModules(io.cdap.cdap.data.runtime.DataFabricModules) AuthorizationEnforcementModule(io.cdap.cdap.security.authorization.AuthorizationEnforcementModule) Test(org.junit.Test)

Example 13 with AuthorizationEnforcementModule

use of io.cdap.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class LevelDBMetricsTableTest method setup.

@BeforeClass
public static void setup() throws Exception {
    CConfiguration conf = CConfiguration.create();
    conf.set(Constants.CFG_LOCAL_DATA_DIR, tmpFolder.newFolder().getAbsolutePath());
    Injector injector = Guice.createInjector(new ConfigModule(conf), new NonCustomLocationUnitTestModule(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule(), new InMemoryDiscoveryModule(), new SystemDatasetRuntimeModule().getInMemoryModules(), new DataSetsModules().getInMemoryModules(), new DataFabricLevelDBModule(), new TransactionMetricsModule());
    dsFramework = injector.getInstance(DatasetFramework.class);
}
Also used : InMemoryDiscoveryModule(io.cdap.cdap.common.guice.InMemoryDiscoveryModule) ConfigModule(io.cdap.cdap.common.guice.ConfigModule) AuthenticationContextModules(io.cdap.cdap.security.auth.context.AuthenticationContextModules) DataSetsModules(io.cdap.cdap.data.runtime.DataSetsModules) NonCustomLocationUnitTestModule(io.cdap.cdap.common.guice.NonCustomLocationUnitTestModule) CConfiguration(io.cdap.cdap.common.conf.CConfiguration) AuthorizationTestModule(io.cdap.cdap.security.authorization.AuthorizationTestModule) DataFabricLevelDBModule(io.cdap.cdap.data.runtime.DataFabricLevelDBModule) TransactionMetricsModule(io.cdap.cdap.data.runtime.TransactionMetricsModule) DatasetFramework(io.cdap.cdap.data2.dataset2.DatasetFramework) Injector(com.google.inject.Injector) SystemDatasetRuntimeModule(io.cdap.cdap.data.runtime.SystemDatasetRuntimeModule) AuthorizationEnforcementModule(io.cdap.cdap.security.authorization.AuthorizationEnforcementModule) BeforeClass(org.junit.BeforeClass)

Example 14 with AuthorizationEnforcementModule

use of io.cdap.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class DatasetMetadataStorageTest method doSetup.

public static Injector doSetup(Module... additionalModules) throws IOException {
    List<Module> modules = ImmutableList.<Module>builder().add(new ConfigModule(), new LocalLocationModule(), new TransactionInMemoryModule(), new SystemDatasetRuntimeModule().getInMemoryModules(), new NamespaceAdminTestModule(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule(), new StorageModule(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(MetricsCollectionService.class).to(NoOpMetricsCollectionService.class).in(Scopes.SINGLETON);
        }
    }).add(additionalModules).build();
    Injector injector = Guice.createInjector(modules);
    txManager = injector.getInstance(TransactionManager.class);
    txManager.startAndWait();
    storage = injector.getInstance(DatasetMetadataStorage.class);
    storage.createIndex();
    return injector;
}
Also used : StorageModule(io.cdap.cdap.data.runtime.StorageModule) TransactionInMemoryModule(org.apache.tephra.runtime.TransactionInMemoryModule) NamespaceAdminTestModule(io.cdap.cdap.common.guice.NamespaceAdminTestModule) NoOpMetricsCollectionService(io.cdap.cdap.common.metrics.NoOpMetricsCollectionService) MetricsCollectionService(io.cdap.cdap.api.metrics.MetricsCollectionService) ConfigModule(io.cdap.cdap.common.guice.ConfigModule) AuthenticationContextModules(io.cdap.cdap.security.auth.context.AuthenticationContextModules) AuthorizationTestModule(io.cdap.cdap.security.authorization.AuthorizationTestModule) AbstractModule(com.google.inject.AbstractModule) LocalLocationModule(io.cdap.cdap.common.guice.LocalLocationModule) Injector(com.google.inject.Injector) TransactionManager(org.apache.tephra.TransactionManager) SystemDatasetRuntimeModule(io.cdap.cdap.data.runtime.SystemDatasetRuntimeModule) Module(com.google.inject.Module) ConfigModule(io.cdap.cdap.common.guice.ConfigModule) SystemDatasetRuntimeModule(io.cdap.cdap.data.runtime.SystemDatasetRuntimeModule) LocalLocationModule(io.cdap.cdap.common.guice.LocalLocationModule) AuthorizationTestModule(io.cdap.cdap.security.authorization.AuthorizationTestModule) NamespaceAdminTestModule(io.cdap.cdap.common.guice.NamespaceAdminTestModule) AuthorizationEnforcementModule(io.cdap.cdap.security.authorization.AuthorizationEnforcementModule) TransactionInMemoryModule(org.apache.tephra.runtime.TransactionInMemoryModule) StorageModule(io.cdap.cdap.data.runtime.StorageModule) AbstractModule(com.google.inject.AbstractModule) AuthorizationEnforcementModule(io.cdap.cdap.security.authorization.AuthorizationEnforcementModule)

Example 15 with AuthorizationEnforcementModule

use of io.cdap.cdap.security.authorization.AuthorizationEnforcementModule in project cdap by caskdata.

the class JobQueueDebugger method createInjector.

private static Injector createInjector() throws Exception {
    CConfiguration cConf = CConfiguration.create();
    if (cConf.getBoolean(Constants.Security.Authorization.ENABLED)) {
        System.out.println(String.format("Disabling authorization for %s.", JobQueueDebugger.class.getSimpleName()));
        cConf.setBoolean(Constants.Security.Authorization.ENABLED, false);
    }
    // Note: login has to happen before any objects that need Kerberos credentials are instantiated.
    SecurityUtil.loginForMasterService(cConf);
    return Guice.createInjector(new ConfigModule(cConf, HBaseConfiguration.create()), RemoteAuthenticatorModules.getDefaultModule(), new IOModule(), new ZKClientModule(), new ZKDiscoveryModule(), new DFSLocationModule(), new TwillModule(), new ExploreClientModule(), new DataFabricModules().getDistributedModules(), new DataSetsModules().getDistributedModules(), new AppFabricServiceRuntimeModule(cConf).getDistributedModules(), new ProgramRunnerRuntimeModule().getDistributedModules(), new SystemDatasetRuntimeModule().getDistributedModules(), new KafkaLogAppenderModule(), new MetricsClientRuntimeModule().getDistributedModules(), new MetricsStoreModule(), new KafkaClientModule(), CoreSecurityRuntimeModule.getDistributedModule(cConf), new AuthenticationContextModules().getMasterModule(), new AuthorizationModule(), new AuthorizationEnforcementModule().getMasterModule(), new SecureStoreServerModule(), new MessagingClientModule(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(Store.class).annotatedWith(Names.named("defaultStore")).to(DefaultStore.class).in(Singleton.class);
            // This is needed because the LocalApplicationManager
            // expects a dsframework injection named datasetMDS
            bind(DatasetFramework.class).annotatedWith(Names.named("datasetMDS")).to(DatasetFramework.class).in(Singleton.class);
            // TODO (CDAP-14677): find a better way to inject metadata publisher
            bind(MetadataServiceClient.class).to(NoOpMetadataServiceClient.class);
        }
    });
}
Also used : IOModule(io.cdap.cdap.common.guice.IOModule) MessagingClientModule(io.cdap.cdap.messaging.guice.MessagingClientModule) MetricsStoreModule(io.cdap.cdap.metrics.guice.MetricsStoreModule) ZKDiscoveryModule(io.cdap.cdap.common.guice.ZKDiscoveryModule) ConfigModule(io.cdap.cdap.common.guice.ConfigModule) MetricsClientRuntimeModule(io.cdap.cdap.metrics.guice.MetricsClientRuntimeModule) ZKClientModule(io.cdap.cdap.common.guice.ZKClientModule) KafkaClientModule(io.cdap.cdap.common.guice.KafkaClientModule) SystemDatasetRuntimeModule(io.cdap.cdap.data.runtime.SystemDatasetRuntimeModule) AuthorizationModule(io.cdap.cdap.app.guice.AuthorizationModule) TwillModule(io.cdap.cdap.app.guice.TwillModule) AuthenticationContextModules(io.cdap.cdap.security.auth.context.AuthenticationContextModules) DataSetsModules(io.cdap.cdap.data.runtime.DataSetsModules) CConfiguration(io.cdap.cdap.common.conf.CConfiguration) KafkaLogAppenderModule(io.cdap.cdap.logging.guice.KafkaLogAppenderModule) AbstractModule(com.google.inject.AbstractModule) DFSLocationModule(io.cdap.cdap.common.guice.DFSLocationModule) ProgramRunnerRuntimeModule(io.cdap.cdap.app.guice.ProgramRunnerRuntimeModule) ExploreClientModule(io.cdap.cdap.explore.guice.ExploreClientModule) Singleton(com.google.inject.Singleton) NoOpMetadataServiceClient(io.cdap.cdap.data2.metadata.writer.NoOpMetadataServiceClient) DataFabricModules(io.cdap.cdap.data.runtime.DataFabricModules) AppFabricServiceRuntimeModule(io.cdap.cdap.app.guice.AppFabricServiceRuntimeModule) AuthorizationEnforcementModule(io.cdap.cdap.security.authorization.AuthorizationEnforcementModule) SecureStoreServerModule(io.cdap.cdap.security.guice.SecureStoreServerModule)

Aggregations

AuthorizationEnforcementModule (io.cdap.cdap.security.authorization.AuthorizationEnforcementModule)80 ConfigModule (io.cdap.cdap.common.guice.ConfigModule)76 AuthenticationContextModules (io.cdap.cdap.security.auth.context.AuthenticationContextModules)76 AbstractModule (com.google.inject.AbstractModule)66 AuthorizationTestModule (io.cdap.cdap.security.authorization.AuthorizationTestModule)64 DataSetsModules (io.cdap.cdap.data.runtime.DataSetsModules)62 NonCustomLocationUnitTestModule (io.cdap.cdap.common.guice.NonCustomLocationUnitTestModule)50 CConfiguration (io.cdap.cdap.common.conf.CConfiguration)48 BeforeClass (org.junit.BeforeClass)42 InMemoryDiscoveryModule (io.cdap.cdap.common.guice.InMemoryDiscoveryModule)40 SystemDatasetRuntimeModule (io.cdap.cdap.data.runtime.SystemDatasetRuntimeModule)40 UnsupportedUGIProvider (io.cdap.cdap.security.impersonation.UnsupportedUGIProvider)40 TransactionManager (org.apache.tephra.TransactionManager)40 DataFabricModules (io.cdap.cdap.data.runtime.DataFabricModules)36 NoOpMetricsCollectionService (io.cdap.cdap.common.metrics.NoOpMetricsCollectionService)34 DefaultOwnerAdmin (io.cdap.cdap.security.impersonation.DefaultOwnerAdmin)32 StructuredTableAdmin (io.cdap.cdap.spi.data.StructuredTableAdmin)32 MetricsCollectionService (io.cdap.cdap.api.metrics.MetricsCollectionService)30 Injector (com.google.inject.Injector)28 NamespaceAdminTestModule (io.cdap.cdap.common.guice.NamespaceAdminTestModule)28
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial