Search in sources :

Example 1 with CoreSecurityRuntimeModule

use of io.cdap.cdap.security.guice.CoreSecurityRuntimeModule in project cdap by caskdata.

the class RouterResource method before.

@Override
protected void before() {
    CConfiguration cConf = CConfiguration.create();
    Injector injector = Guice.createInjector(new CoreSecurityRuntimeModule().getStandaloneModules(), new ExternalAuthenticationModule(), new InMemoryDiscoveryModule(), new AppFabricTestModule(cConf));
    DiscoveryServiceClient discoveryServiceClient = injector.getInstance(DiscoveryServiceClient.class);
    TokenValidator mockValidator = new MockTokenValidator("failme");
    UserIdentityExtractor extractor = new MockAccessTokenIdentityExtractor(mockValidator);
    SConfiguration sConf = injector.getInstance(SConfiguration.class);
    cConf.set(Constants.Router.ADDRESS, hostname);
    cConf.setInt(Constants.Router.ROUTER_PORT, 0);
    for (Map.Entry<String, String> entry : additionalConfig.entrySet()) {
        cConf.set(entry.getKey(), entry.getValue());
    }
    router = new NettyRouter(cConf, sConf, InetAddresses.forString(hostname), new RouterServiceLookup(cConf, (DiscoveryServiceClient) discoveryService, new RouterPathLookup()), mockValidator, extractor, discoveryServiceClient);
    router.startAndWait();
}
Also used : InMemoryDiscoveryModule(io.cdap.cdap.common.guice.InMemoryDiscoveryModule) DiscoveryServiceClient(org.apache.twill.discovery.DiscoveryServiceClient) ExternalAuthenticationModule(io.cdap.cdap.security.guice.ExternalAuthenticationModule) CConfiguration(io.cdap.cdap.common.conf.CConfiguration) TokenValidator(io.cdap.cdap.security.auth.TokenValidator) CoreSecurityRuntimeModule(io.cdap.cdap.security.guice.CoreSecurityRuntimeModule) Injector(com.google.inject.Injector) SConfiguration(io.cdap.cdap.common.conf.SConfiguration) AppFabricTestModule(io.cdap.cdap.internal.guice.AppFabricTestModule) UserIdentityExtractor(io.cdap.cdap.security.auth.UserIdentityExtractor) HashMap(java.util.HashMap) Map(java.util.Map)

Example 2 with CoreSecurityRuntimeModule

use of io.cdap.cdap.security.guice.CoreSecurityRuntimeModule in project cdap by caskdata.

the class PreviewRunnerTwillRunnable method createInjector.

@VisibleForTesting
static Injector createInjector(CConfiguration cConf, Configuration hConf, PreviewRequestPollerInfo pollerInfo) {
    List<Module> modules = new ArrayList<>();
    byte[] pollerInfoBytes = Bytes.toBytes(new Gson().toJson(pollerInfo));
    SConfiguration sConf = SConfiguration.create();
    modules.add(new ConfigModule(cConf, hConf, sConf));
    modules.add(RemoteAuthenticatorModules.getDefaultModule());
    modules.add(new PreviewConfigModule(cConf, hConf, sConf));
    modules.add(new IOModule());
    modules.add(new MetricsClientRuntimeModule().getDistributedModules());
    // If MasterEnvironment is not available, assuming it is the old hadoop stack with ZK, Kafka
    MasterEnvironment masterEnv = MasterEnvironments.getMasterEnvironment();
    if (masterEnv == null) {
        modules.add(new ZKClientModule());
        modules.add(new ZKDiscoveryModule());
        modules.add(new KafkaClientModule());
        modules.add(new KafkaLogAppenderModule());
    } else {
        modules.add(new AbstractModule() {

            @Override
            protected void configure() {
                bind(DiscoveryService.class).toProvider(new SupplierProviderBridge<>(masterEnv.getDiscoveryServiceSupplier()));
                bind(DiscoveryServiceClient.class).toProvider(new SupplierProviderBridge<>(masterEnv.getDiscoveryServiceClientSupplier()));
            }
        });
        modules.add(new RemoteLogAppenderModule());
    }
    modules.add(new PreviewRunnerManagerModule().getDistributedModules());
    modules.add(new DataSetServiceModules().getStandaloneModules());
    modules.add(new DataSetsModules().getStandaloneModules());
    modules.add(new AppFabricServiceRuntimeModule(cConf).getStandaloneModules());
    modules.add(new ProgramRunnerRuntimeModule().getStandaloneModules());
    modules.add(new MetricsStoreModule());
    modules.add(new MessagingClientModule());
    modules.add(new AuditModule());
    modules.add(new SecureStoreClientModule());
    modules.add(new MetadataReaderWriterModules().getStandaloneModules());
    modules.add(new DFSLocationModule());
    modules.add(new MetadataServiceModule());
    modules.add(new CoreSecurityRuntimeModule().getInMemoryModules());
    modules.add(new AuthenticationContextModules().getMasterWorkerModule());
    modules.add(new AuthorizationModule());
    modules.add(new AuthorizationEnforcementModule().getNoOpModules());
    modules.add(Modules.override(new DataFabricModules("master").getDistributedModules()).with(new AbstractModule() {

        @Override
        protected void configure() {
            // Bind transaction system to a constant one, basically no transaction, with every write become
            // visible immediately.
            // TODO: Ideally we shouldn't need this at all. However, it is needed now to satisfy dependencies
            bind(TransactionSystemClientService.class).to(DelegatingTransactionSystemClientService.class);
            bind(TransactionSystemClient.class).to(ConstantTransactionSystemClient.class);
            bind(ExploreClient.class).to(UnsupportedExploreClient.class);
            bind(PreviewRequestPollerInfoProvider.class).toInstance(() -> pollerInfoBytes);
        }
    }));
    return Guice.createInjector(modules);
}
Also used : IOModule(io.cdap.cdap.common.guice.IOModule) MessagingClientModule(io.cdap.cdap.messaging.guice.MessagingClientModule) UnsupportedExploreClient(io.cdap.cdap.app.guice.UnsupportedExploreClient) ExploreClient(io.cdap.cdap.explore.client.ExploreClient) DataSetServiceModules(io.cdap.cdap.data.runtime.DataSetServiceModules) MetricsStoreModule(io.cdap.cdap.metrics.guice.MetricsStoreModule) ZKDiscoveryModule(io.cdap.cdap.common.guice.ZKDiscoveryModule) SecureStoreClientModule(io.cdap.cdap.security.guice.SecureStoreClientModule) ConfigModule(io.cdap.cdap.common.guice.ConfigModule) PreviewConfigModule(io.cdap.cdap.app.preview.PreviewConfigModule) ArrayList(java.util.ArrayList) Gson(com.google.gson.Gson) MetricsClientRuntimeModule(io.cdap.cdap.metrics.guice.MetricsClientRuntimeModule) ZKClientModule(io.cdap.cdap.common.guice.ZKClientModule) ConstantTransactionSystemClient(io.cdap.cdap.data.runtime.ConstantTransactionSystemClient) TransactionSystemClient(org.apache.tephra.TransactionSystemClient) PreviewConfigModule(io.cdap.cdap.app.preview.PreviewConfigModule) CoreSecurityRuntimeModule(io.cdap.cdap.security.guice.CoreSecurityRuntimeModule) KafkaClientModule(io.cdap.cdap.common.guice.KafkaClientModule) SConfiguration(io.cdap.cdap.common.conf.SConfiguration) TransactionSystemClientService(io.cdap.cdap.data2.transaction.TransactionSystemClientService) DelegatingTransactionSystemClientService(io.cdap.cdap.data2.transaction.DelegatingTransactionSystemClientService) SupplierProviderBridge(io.cdap.cdap.common.guice.SupplierProviderBridge) PreviewRunnerManagerModule(io.cdap.cdap.app.preview.PreviewRunnerManagerModule) AuthorizationModule(io.cdap.cdap.app.guice.AuthorizationModule) RemoteLogAppenderModule(io.cdap.cdap.logging.guice.RemoteLogAppenderModule) AuthenticationContextModules(io.cdap.cdap.security.auth.context.AuthenticationContextModules) DataSetsModules(io.cdap.cdap.data.runtime.DataSetsModules) MetadataServiceModule(io.cdap.cdap.metadata.MetadataServiceModule) KafkaLogAppenderModule(io.cdap.cdap.logging.guice.KafkaLogAppenderModule) AbstractModule(com.google.inject.AbstractModule) MetadataReaderWriterModules(io.cdap.cdap.metadata.MetadataReaderWriterModules) DFSLocationModule(io.cdap.cdap.common.guice.DFSLocationModule) ProgramRunnerRuntimeModule(io.cdap.cdap.app.guice.ProgramRunnerRuntimeModule) MasterEnvironment(io.cdap.cdap.master.spi.environment.MasterEnvironment) AuditModule(io.cdap.cdap.data2.audit.AuditModule) Module(com.google.inject.Module) SecureStoreClientModule(io.cdap.cdap.security.guice.SecureStoreClientModule) ConfigModule(io.cdap.cdap.common.guice.ConfigModule) AuthorizationModule(io.cdap.cdap.app.guice.AuthorizationModule) PreviewConfigModule(io.cdap.cdap.app.preview.PreviewConfigModule) AppFabricServiceRuntimeModule(io.cdap.cdap.app.guice.AppFabricServiceRuntimeModule) DFSLocationModule(io.cdap.cdap.common.guice.DFSLocationModule) ProgramRunnerRuntimeModule(io.cdap.cdap.app.guice.ProgramRunnerRuntimeModule) KafkaLogAppenderModule(io.cdap.cdap.logging.guice.KafkaLogAppenderModule) MessagingClientModule(io.cdap.cdap.messaging.guice.MessagingClientModule) PreviewRunnerManagerModule(io.cdap.cdap.app.preview.PreviewRunnerManagerModule) MetricsStoreModule(io.cdap.cdap.metrics.guice.MetricsStoreModule) RemoteLogAppenderModule(io.cdap.cdap.logging.guice.RemoteLogAppenderModule) CoreSecurityRuntimeModule(io.cdap.cdap.security.guice.CoreSecurityRuntimeModule) AuthorizationEnforcementModule(io.cdap.cdap.security.authorization.AuthorizationEnforcementModule) KafkaClientModule(io.cdap.cdap.common.guice.KafkaClientModule) ZKClientModule(io.cdap.cdap.common.guice.ZKClientModule) AuditModule(io.cdap.cdap.data2.audit.AuditModule) IOModule(io.cdap.cdap.common.guice.IOModule) ZKDiscoveryModule(io.cdap.cdap.common.guice.ZKDiscoveryModule) MetadataServiceModule(io.cdap.cdap.metadata.MetadataServiceModule) MetricsClientRuntimeModule(io.cdap.cdap.metrics.guice.MetricsClientRuntimeModule) AbstractModule(com.google.inject.AbstractModule) DataFabricModules(io.cdap.cdap.data.runtime.DataFabricModules) AppFabricServiceRuntimeModule(io.cdap.cdap.app.guice.AppFabricServiceRuntimeModule) AuthorizationEnforcementModule(io.cdap.cdap.security.authorization.AuthorizationEnforcementModule) VisibleForTesting(com.google.common.annotations.VisibleForTesting)

Example 3 with CoreSecurityRuntimeModule

use of io.cdap.cdap.security.guice.CoreSecurityRuntimeModule in project cdap by caskdata.

the class AuthenticationServerMain method init.

@Override
public void init(String[] args) {
    Injector injector = Guice.createInjector(new ConfigModule(), new IOModule(), RemoteAuthenticatorModules.getDefaultModule(), new ZKClientModule(), new ZKDiscoveryModule(), new CoreSecurityRuntimeModule().getDistributedModules(), new ExternalAuthenticationModule());
    configuration = injector.getInstance(CConfiguration.class);
    if (SecurityUtil.isManagedSecurity(configuration)) {
        this.zkClientService = injector.getInstance(ZKClientService.class);
        this.authServer = injector.getInstance(ExternalAuthenticationServer.class);
    }
}
Also used : IOModule(io.cdap.cdap.common.guice.IOModule) ZKClientModule(io.cdap.cdap.common.guice.ZKClientModule) ExternalAuthenticationModule(io.cdap.cdap.security.guice.ExternalAuthenticationModule) ZKClientService(org.apache.twill.zookeeper.ZKClientService) ExternalAuthenticationServer(io.cdap.cdap.security.server.ExternalAuthenticationServer) ZKDiscoveryModule(io.cdap.cdap.common.guice.ZKDiscoveryModule) CoreSecurityRuntimeModule(io.cdap.cdap.security.guice.CoreSecurityRuntimeModule) Injector(com.google.inject.Injector) ConfigModule(io.cdap.cdap.common.guice.ConfigModule) CConfiguration(io.cdap.cdap.common.conf.CConfiguration)

Example 4 with CoreSecurityRuntimeModule

use of io.cdap.cdap.security.guice.CoreSecurityRuntimeModule in project cdap by caskdata.

the class ExternalAuthenticationServerTestBase method setup.

protected void setup() throws Exception {
    Assert.assertNotNull("CConfiguration needs to be set by derived classes", configuration);
    // Intentionally set "security.auth.server.announce.urls" to invalid
    // values verify that they are not used by external authentication server
    configuration.set(Constants.Security.AUTH_SERVER_ANNOUNCE_URLS, "invalid.urls");
    Module externalAuthenticationModule = Modules.override(new ExternalAuthenticationModule()).with(new AbstractModule() {

        @Override
        protected void configure() {
            bind(AuditLogHandler.class).annotatedWith(Names.named(ExternalAuthenticationServer.NAMED_EXTERNAL_AUTH)).toInstance(new AuditLogHandler(TEST_AUDIT_LOGGER));
        }
    });
    Injector injector = Guice.createInjector(new IOModule(), externalAuthenticationModule, new CoreSecurityRuntimeModule().getInMemoryModules(), new ConfigModule(getConfiguration(configuration), HBaseConfiguration.create(), sConfiguration), new InMemoryDiscoveryModule());
    server = injector.getInstance(ExternalAuthenticationServer.class);
    tokenCodec = injector.getInstance(AccessTokenCodec.class);
    discoveryServiceClient = injector.getInstance(DiscoveryServiceClient.class);
    startExternalAuthenticationServer();
    server.startAndWait();
    LOG.info("Auth server running on address {}", server.getSocketAddress());
    TimeUnit.SECONDS.sleep(3);
}
Also used : IOModule(io.cdap.cdap.common.guice.IOModule) InMemoryDiscoveryModule(io.cdap.cdap.common.guice.InMemoryDiscoveryModule) DiscoveryServiceClient(org.apache.twill.discovery.DiscoveryServiceClient) ExternalAuthenticationModule(io.cdap.cdap.security.guice.ExternalAuthenticationModule) ConfigModule(io.cdap.cdap.common.guice.ConfigModule) AbstractModule(com.google.inject.AbstractModule) AccessTokenCodec(io.cdap.cdap.security.auth.AccessTokenCodec) CoreSecurityRuntimeModule(io.cdap.cdap.security.guice.CoreSecurityRuntimeModule) Injector(com.google.inject.Injector) Module(com.google.inject.Module) ConfigModule(io.cdap.cdap.common.guice.ConfigModule) CoreSecurityRuntimeModule(io.cdap.cdap.security.guice.CoreSecurityRuntimeModule) ExternalAuthenticationModule(io.cdap.cdap.security.guice.ExternalAuthenticationModule) IOModule(io.cdap.cdap.common.guice.IOModule) InMemoryDiscoveryModule(io.cdap.cdap.common.guice.InMemoryDiscoveryModule) AbstractModule(com.google.inject.AbstractModule)

Example 5 with CoreSecurityRuntimeModule

use of io.cdap.cdap.security.guice.CoreSecurityRuntimeModule in project cdap by caskdata.

the class TestInMemoryTokenManager method getTokenManagerAndCodec.

@Override
protected ImmutablePair<TokenManager, Codec<AccessToken>> getTokenManagerAndCodec() {
    Injector injector = Guice.createInjector(new IOModule(), new CoreSecurityRuntimeModule().getStandaloneModules(), new ConfigModule(), new InMemoryDiscoveryModule());
    TokenManager tokenManager = injector.getInstance(TokenManager.class);
    tokenManager.startAndWait();
    Codec<AccessToken> tokenCodec = injector.getInstance(AccessTokenCodec.class);
    return new ImmutablePair<>(tokenManager, tokenCodec);
}
Also used : IOModule(io.cdap.cdap.common.guice.IOModule) InMemoryDiscoveryModule(io.cdap.cdap.common.guice.InMemoryDiscoveryModule) ImmutablePair(io.cdap.cdap.common.utils.ImmutablePair) CoreSecurityRuntimeModule(io.cdap.cdap.security.guice.CoreSecurityRuntimeModule) Injector(com.google.inject.Injector) ConfigModule(io.cdap.cdap.common.guice.ConfigModule)

Aggregations

CoreSecurityRuntimeModule (io.cdap.cdap.security.guice.CoreSecurityRuntimeModule)9 ConfigModule (io.cdap.cdap.common.guice.ConfigModule)6 IOModule (io.cdap.cdap.common.guice.IOModule)6 ExternalAuthenticationModule (io.cdap.cdap.security.guice.ExternalAuthenticationModule)6 Injector (com.google.inject.Injector)5 CConfiguration (io.cdap.cdap.common.conf.CConfiguration)5 InMemoryDiscoveryModule (io.cdap.cdap.common.guice.InMemoryDiscoveryModule)5 AbstractModule (com.google.inject.AbstractModule)4 SConfiguration (io.cdap.cdap.common.conf.SConfiguration)4 ZKClientModule (io.cdap.cdap.common.guice.ZKClientModule)3 AppFabricTestModule (io.cdap.cdap.internal.guice.AppFabricTestModule)3 Module (com.google.inject.Module)2 AppFabricServiceRuntimeModule (io.cdap.cdap.app.guice.AppFabricServiceRuntimeModule)2 AuthorizationModule (io.cdap.cdap.app.guice.AuthorizationModule)2 ProgramRunnerRuntimeModule (io.cdap.cdap.app.guice.ProgramRunnerRuntimeModule)2 PreviewConfigModule (io.cdap.cdap.app.preview.PreviewConfigModule)2 PreviewRunnerManagerModule (io.cdap.cdap.app.preview.PreviewRunnerManagerModule)2 KafkaClientModule (io.cdap.cdap.common.guice.KafkaClientModule)2 ZKDiscoveryModule (io.cdap.cdap.common.guice.ZKDiscoveryModule)2 DataFabricModules (io.cdap.cdap.data.runtime.DataFabricModules)2