use of io.cdap.cdap.security.impersonation.OwnerAdmin in project cdap by caskdata.
the class DatasetServiceTestBase method initializeAndStartService.
protected static void initializeAndStartService(CConfiguration cConf) throws Exception {
// TODO: this whole method is a mess. Streamline it!
injector = Guice.createInjector(new ConfigModule(cConf), RemoteAuthenticatorModules.getNoOpModule(), new InMemoryDiscoveryModule(), new NonCustomLocationUnitTestModule(), new NamespaceAdminTestModule(), new SystemDatasetRuntimeModule().getInMemoryModules(), new TransactionInMemoryModule(), new AuthorizationTestModule(), new StorageModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule(), new AbstractModule() {
@Override
protected void configure() {
bind(MetricsCollectionService.class).to(NoOpMetricsCollectionService.class).in(Singleton.class);
bind(DatasetDefinitionRegistryFactory.class).to(DefaultDatasetDefinitionRegistryFactory.class).in(Scopes.SINGLETON);
// through the injector, we only need RemoteDatasetFramework in these tests
bind(RemoteDatasetFramework.class);
bind(OwnerStore.class).to(InMemoryOwnerStore.class);
bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
}
});
AccessEnforcer authEnforcer = injector.getInstance(AccessEnforcer.class);
AuthenticationContext authenticationContext = injector.getInstance(AuthenticationContext.class);
transactionRunner = injector.getInstance(TransactionRunner.class);
DiscoveryService discoveryService = injector.getInstance(DiscoveryService.class);
discoveryServiceClient = injector.getInstance(DiscoveryServiceClient.class);
dsFramework = injector.getInstance(RemoteDatasetFramework.class);
// Tx Manager to support working with datasets
txManager = injector.getInstance(TransactionManager.class);
txManager.startAndWait();
StructuredTableAdmin structuredTableAdmin = injector.getInstance(StructuredTableAdmin.class);
StoreDefinition.createAllTables(structuredTableAdmin);
TransactionSystemClient txSystemClient = injector.getInstance(TransactionSystemClient.class);
TransactionSystemClientService txSystemClientService = new DelegatingTransactionSystemClientService(txSystemClient);
NamespacePathLocator namespacePathLocator = injector.getInstance(NamespacePathLocator.class);
SystemDatasetInstantiatorFactory datasetInstantiatorFactory = new SystemDatasetInstantiatorFactory(locationFactory, dsFramework, cConf);
// ok to pass null, since the impersonator won't actually be called, if kerberos security is not enabled
Impersonator impersonator = new DefaultImpersonator(cConf, null);
DatasetAdminService datasetAdminService = new DatasetAdminService(dsFramework, cConf, locationFactory, datasetInstantiatorFactory, impersonator);
ImmutableSet<HttpHandler> handlers = ImmutableSet.<HttpHandler>of(new DatasetAdminOpHTTPHandler(datasetAdminService));
MetricsCollectionService metricsCollectionService = injector.getInstance(MetricsCollectionService.class);
opExecutorService = new DatasetOpExecutorService(cConf, SConfiguration.create(), discoveryService, metricsCollectionService, handlers);
opExecutorService.startAndWait();
Map<String, DatasetModule> defaultModules = injector.getInstance(Key.get(new TypeLiteral<Map<String, DatasetModule>>() {
}, Constants.Dataset.Manager.DefaultDatasetModules.class));
ImmutableMap<String, DatasetModule> modules = ImmutableMap.<String, DatasetModule>builder().putAll(defaultModules).build();
registryFactory = injector.getInstance(DatasetDefinitionRegistryFactory.class);
inMemoryDatasetFramework = new InMemoryDatasetFramework(registryFactory, modules);
DiscoveryExploreClient exploreClient = new DiscoveryExploreClient(discoveryServiceClient, authenticationContext);
ExploreFacade exploreFacade = new ExploreFacade(exploreClient, cConf);
namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
namespaceAdmin.create(NamespaceMeta.DEFAULT);
ownerAdmin = injector.getInstance(OwnerAdmin.class);
NamespaceQueryAdmin namespaceQueryAdmin = injector.getInstance(NamespaceQueryAdmin.class);
DatasetTypeManager typeManager = new DatasetTypeManager(cConf, locationFactory, impersonator, transactionRunner);
DatasetOpExecutor opExecutor = new InMemoryDatasetOpExecutor(dsFramework);
DatasetInstanceManager instanceManager = new DatasetInstanceManager(transactionRunner);
DatasetTypeService noAuthTypeService = new DefaultDatasetTypeService(typeManager, namespaceAdmin, namespacePathLocator, cConf, impersonator, txSystemClientService, transactionRunner, defaultModules);
DatasetTypeService typeService = new AuthorizationDatasetTypeService(noAuthTypeService, authEnforcer, authenticationContext);
instanceService = new DatasetInstanceService(typeService, noAuthTypeService, instanceManager, opExecutor, exploreFacade, namespaceQueryAdmin, ownerAdmin, authEnforcer, authenticationContext, new NoOpMetadataServiceClient());
service = new DatasetService(cConf, SConfiguration.create(), discoveryService, discoveryServiceClient, metricsCollectionService, new HashSet<>(), typeService, instanceService);
// Start dataset service, wait for it to be discoverable
service.startAndWait();
waitForService(Constants.Service.DATASET_EXECUTOR);
waitForService(Constants.Service.DATASET_MANAGER);
// this usually happens while creating a namespace, however not doing that in data fabric tests
Locations.mkdirsIfNotExists(namespacePathLocator.get(NamespaceId.DEFAULT));
}
use of io.cdap.cdap.security.impersonation.OwnerAdmin in project cdap by caskdata.
the class AbstractDatasetFrameworkTest method setup.
@BeforeClass
public static void setup() throws Exception {
cConf = CConfiguration.create();
File dataDir = new File(TMP_FOLDER.newFolder(), "data");
cConf.set(Constants.CFG_LOCAL_DATA_DIR, dataDir.getAbsolutePath());
final Injector injector = Guice.createInjector(new ConfigModule(cConf), new NonCustomLocationUnitTestModule(), new TransactionInMemoryModule(), new NamespaceAdminTestModule(), new AuditTestModule(), new AbstractModule() {
@Override
protected void configure() {
bind(OwnerStore.class).to(InMemoryOwnerStore.class).in(Scopes.SINGLETON);
bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
}
});
locationFactory = injector.getInstance(LocationFactory.class);
namespacePathLocator = injector.getInstance(NamespacePathLocator.class);
txExecutorFactory = injector.getInstance(TransactionExecutorFactory.class);
registryFactory = new DatasetDefinitionRegistryFactory() {
@Override
public DatasetDefinitionRegistry create() {
DefaultDatasetDefinitionRegistry registry = new DefaultDatasetDefinitionRegistry();
injector.injectMembers(registry);
return registry;
}
};
namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
namespaceQueryAdmin = injector.getInstance(NamespaceQueryAdmin.class);
ownerAdmin = injector.getInstance(OwnerAdmin.class);
inMemoryAuditPublisher = injector.getInstance(InMemoryAuditPublisher.class);
}
use of io.cdap.cdap.security.impersonation.OwnerAdmin in project cdap by caskdata.
the class AuthorizationUtilTest method testGetAppAuthorizingUse.
@Test
public void testGetAppAuthorizingUse() throws Exception {
OwnerAdmin ownerAdmin = getOwnerAdmin();
// test with complete principal (alice/somehost.net@somerealm.net)
String principal = username + "/" + InetAddress.getLocalHost().getHostName() + "@REALM.net";
NamespaceMeta nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal).setKeytabURI("doesnotmatter").build();
namespaceClient.create(nsMeta);
Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null));
// test with principal which is just username (alice)
namespaceClient.delete(namespaceId);
principal = username;
nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal).setKeytabURI("doesnotmatter").build();
namespaceClient.create(nsMeta);
Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null));
// test with principal and realm (alice@somerealm.net)
namespaceClient.delete(namespaceId);
principal = username + "@REALM.net";
nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal).setKeytabURI("doesnotmatter").build();
namespaceClient.create(nsMeta);
Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null));
// clean up
namespaceClient.delete(namespaceId);
}
Aggregations