use of io.cdap.cdap.security.authorization.InMemoryAccessController in project cdap by caskdata.
the class TetheringServerHandlerTest method setUp.
@Before
public void setUp() throws Exception {
// Define all StructuredTable before starting any services that need StructuredTable
StoreDefinition.createAllTables(injector.getInstance(StructuredTableAdmin.class));
cConf.setBoolean(Constants.Tethering.TETHERING_SERVER_ENABLED, true);
cConf.setInt(Constants.Tethering.CONNECTION_TIMEOUT_SECONDS, 1);
List<Permission> tetheringPermissions = Arrays.asList(InstancePermission.TETHER);
InMemoryAccessController inMemoryAccessController = new InMemoryAccessController();
inMemoryAccessController.grant(Authorizable.fromEntityId(InstanceId.SELF), MASTER_PRINCIPAL, Collections.unmodifiableSet(new HashSet<>(tetheringPermissions)));
ContextAccessEnforcer contextAccessEnforcer = new DefaultContextAccessEnforcer(new AuthenticationTestContext(), inMemoryAccessController);
AuthenticationTestContext.actAsPrincipal(MASTER_PRINCIPAL);
service = new CommonNettyHttpServiceBuilder(CConfiguration.create(), getClass().getSimpleName()).setHttpHandlers(new TetheringServerHandler(cConf, tetheringStore, messagingService, contextAccessEnforcer), new TetheringHandler(cConf, tetheringStore, messagingService)).build();
service.start();
config = ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(service.getBindAddress().getHostName()).setPort(service.getBindAddress().getPort()).setSSLEnabled(false).build()).build();
}
use of io.cdap.cdap.security.authorization.InMemoryAccessController in project cdap by caskdata.
the class MonitorHandlerAuthorizationTest method createMonitorHandler.
private static MonitorHandler createMonitorHandler(Authorizable authorizable, List<Permission> requiredPermissions) {
Map<String, MasterServiceManager> masterServiceManagerMap = new HashMap<>();
MasterServiceManager mockMasterServiceManager = mock(MasterServiceManager.class);
when(mockMasterServiceManager.getInstances()).thenReturn(1);
when(mockMasterServiceManager.isServiceEnabled()).thenReturn(true);
when(mockMasterServiceManager.getMinInstances()).thenReturn(1);
when(mockMasterServiceManager.getMaxInstances()).thenReturn(1);
when(mockMasterServiceManager.setInstances(any(Integer.class))).thenReturn(true);
masterServiceManagerMap.put(SERVICE_NAME, mockMasterServiceManager);
ServiceStore mockServiceStore = mock(ServiceStore.class);
InMemoryAccessController inMemoryAccessController = new InMemoryAccessController();
inMemoryAccessController.grant(authorizable, MASTER_PRINCIPAL, Collections.unmodifiableSet(new HashSet<>(requiredPermissions)));
AuthenticationContext authenticationContext = new AuthenticationTestContext();
DefaultContextAccessEnforcer contextAccessEnforcer = new DefaultContextAccessEnforcer(authenticationContext, inMemoryAccessController);
return new MonitorHandler(masterServiceManagerMap, mockServiceStore, contextAccessEnforcer);
}
use of io.cdap.cdap.security.authorization.InMemoryAccessController in project cdap by caskdata.
the class AuthorizationHandlerTest method setUp.
@Before
public void setUp() throws Exception {
CConfiguration conf = CConfiguration.create();
conf.setBoolean(Constants.Security.Authorization.ENABLED, true);
conf.setBoolean(Constants.Security.ENABLED, true);
properties.setProperty("superusers", admin.getName());
final InMemoryAccessController auth = new InMemoryAccessController();
auth.initialize(FACTORY.create(properties));
service = new CommonNettyHttpServiceBuilder(conf, getClass().getSimpleName()).setHttpHandlers(new AuthorizationHandler(auth, new AccessControllerInstantiator(conf, FACTORY) {
@Override
public AccessController get() {
return auth;
}
}, conf, new MasterAuthenticationContext())).setChannelPipelineModifier(new ChannelPipelineModifier() {
@Override
public void modify(ChannelPipeline pipeline) {
pipeline.addBefore("dispatcher", "usernamesetter", new TestUserNameSetter());
}
}).build();
service.start();
client = new AuthorizationClient(ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(service.getBindAddress().getHostName()).setPort(service.getBindAddress().getPort()).setSSLEnabled(false).build()).build());
System.setProperty(USERNAME_PROPERTY, admin.getName());
}
use of io.cdap.cdap.security.authorization.InMemoryAccessController in project cdap by caskdata.
the class AuthorizationHandlerTest method testDisabled.
private void testDisabled(CConfiguration cConf, FeatureDisabledException.Feature feature, String configSetting) throws Exception {
final InMemoryAccessController accessController = new InMemoryAccessController();
NettyHttpService service = new CommonNettyHttpServiceBuilder(cConf, getClass().getSimpleName()).setHttpHandlers(new AuthorizationHandler(accessController, new AccessControllerInstantiator(cConf, FACTORY) {
@Override
public AccessController get() {
return accessController;
}
}, cConf, new MasterAuthenticationContext())).build();
service.start();
try {
final AuthorizationClient client = new AuthorizationClient(ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(service.getBindAddress().getHostName()).setPort(service.getBindAddress().getPort()).setSSLEnabled(false).build()).build());
final NamespaceId ns1 = Ids.namespace("ns1");
final Role admins = new Role("admins");
// Test that the right exception is thrown when any Authorization REST API is called with authorization disabled
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.grant(Authorizable.fromEntityId(ns1), admin, ImmutableSet.of(StandardPermission.GET));
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.revoke(Authorizable.fromEntityId(ns1), admin, ImmutableSet.of(StandardPermission.GET));
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.revoke(Authorizable.fromEntityId(ns1));
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.listGrants(admin);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.addRoleToPrincipal(admins, admin);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.removeRoleFromPrincipal(admins, admin);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.createRole(admins);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.dropRole(admins);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.listAllRoles();
}
}, feature, configSetting);
} finally {
service.stop();
}
}
use of io.cdap.cdap.security.authorization.InMemoryAccessController in project cdap by caskdata.
the class TetheringClientHandlerTest method setUp.
@Before
public void setUp() throws Exception {
// Define all StructuredTable before starting any services that need StructuredTable
StoreDefinition.createAllTables(injector.getInstance(StructuredTableAdmin.class));
CConfiguration conf = CConfiguration.create();
serverHandler = new MockTetheringServerHandler();
serverService = new CommonNettyHttpServiceBuilder(conf, getClass().getSimpleName() + "_server").setHttpHandlers(serverHandler).build();
serverService.start();
serverConfig = ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(serverService.getBindAddress().getHostName()).setPort(serverService.getBindAddress().getPort()).setSSLEnabled(false).build()).build();
cConf.setInt(Constants.Tethering.CONNECTION_INTERVAL, 1);
cConf.setInt(Constants.Tethering.CONNECTION_TIMEOUT_SECONDS, 5);
cConf.set(Constants.INSTANCE_NAME, CLIENT_INSTANCE);
List<Permission> tetheringPermissions = Arrays.asList(InstancePermission.TETHER);
InMemoryAccessController inMemoryAccessController = new InMemoryAccessController();
inMemoryAccessController.grant(Authorizable.fromEntityId(InstanceId.SELF), MASTER_PRINCIPAL, Collections.unmodifiableSet(new HashSet<>(tetheringPermissions)));
ContextAccessEnforcer contextAccessEnforcer = new DefaultContextAccessEnforcer(new AuthenticationTestContext(), inMemoryAccessController);
AuthenticationTestContext.actAsPrincipal(MASTER_PRINCIPAL);
MessagingService messagingService = injector.getInstance(MessagingService.class);
clientService = new CommonNettyHttpServiceBuilder(conf, getClass().getSimpleName() + "_client").setHttpHandlers(new TetheringClientHandler(tetheringStore, contextAccessEnforcer), new TetheringHandler(cConf, tetheringStore, messagingService)).build();
clientService.start();
clientConfig = ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(clientService.getBindAddress().getHostName()).setPort(clientService.getBindAddress().getPort()).setSSLEnabled(false).build()).build();
tetheringAgentService = new TetheringAgentService(cConf, injector.getInstance(TransactionRunner.class), tetheringStore, injector.getInstance(MessagingService.class), injector.getInstance(RemoteAuthenticator.class));
Assert.assertEquals(Service.State.RUNNING, tetheringAgentService.startAndWait());
}
Aggregations