Search in sources :

Example 1 with OwnerAdmin

use of io.cdap.cdap.security.impersonation.OwnerAdmin in project cdap by caskdata.

the class DatasetServiceTestBase method initializeAndStartService.

protected static void initializeAndStartService(CConfiguration cConf) throws Exception {
    // TODO: this whole method is a mess. Streamline it!
    injector = Guice.createInjector(new ConfigModule(cConf), RemoteAuthenticatorModules.getNoOpModule(), new InMemoryDiscoveryModule(), new NonCustomLocationUnitTestModule(), new NamespaceAdminTestModule(), new SystemDatasetRuntimeModule().getInMemoryModules(), new TransactionInMemoryModule(), new AuthorizationTestModule(), new StorageModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(MetricsCollectionService.class).to(NoOpMetricsCollectionService.class).in(Singleton.class);
            bind(DatasetDefinitionRegistryFactory.class).to(DefaultDatasetDefinitionRegistryFactory.class).in(Scopes.SINGLETON);
            // through the injector, we only need RemoteDatasetFramework in these tests
            bind(RemoteDatasetFramework.class);
            bind(OwnerStore.class).to(InMemoryOwnerStore.class);
            bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
        }
    });
    AccessEnforcer authEnforcer = injector.getInstance(AccessEnforcer.class);
    AuthenticationContext authenticationContext = injector.getInstance(AuthenticationContext.class);
    transactionRunner = injector.getInstance(TransactionRunner.class);
    DiscoveryService discoveryService = injector.getInstance(DiscoveryService.class);
    discoveryServiceClient = injector.getInstance(DiscoveryServiceClient.class);
    dsFramework = injector.getInstance(RemoteDatasetFramework.class);
    // Tx Manager to support working with datasets
    txManager = injector.getInstance(TransactionManager.class);
    txManager.startAndWait();
    StructuredTableAdmin structuredTableAdmin = injector.getInstance(StructuredTableAdmin.class);
    StoreDefinition.createAllTables(structuredTableAdmin);
    TransactionSystemClient txSystemClient = injector.getInstance(TransactionSystemClient.class);
    TransactionSystemClientService txSystemClientService = new DelegatingTransactionSystemClientService(txSystemClient);
    NamespacePathLocator namespacePathLocator = injector.getInstance(NamespacePathLocator.class);
    SystemDatasetInstantiatorFactory datasetInstantiatorFactory = new SystemDatasetInstantiatorFactory(locationFactory, dsFramework, cConf);
    // ok to pass null, since the impersonator won't actually be called, if kerberos security is not enabled
    Impersonator impersonator = new DefaultImpersonator(cConf, null);
    DatasetAdminService datasetAdminService = new DatasetAdminService(dsFramework, cConf, locationFactory, datasetInstantiatorFactory, impersonator);
    ImmutableSet<HttpHandler> handlers = ImmutableSet.<HttpHandler>of(new DatasetAdminOpHTTPHandler(datasetAdminService));
    MetricsCollectionService metricsCollectionService = injector.getInstance(MetricsCollectionService.class);
    opExecutorService = new DatasetOpExecutorService(cConf, SConfiguration.create(), discoveryService, metricsCollectionService, handlers);
    opExecutorService.startAndWait();
    Map<String, DatasetModule> defaultModules = injector.getInstance(Key.get(new TypeLiteral<Map<String, DatasetModule>>() {
    }, Constants.Dataset.Manager.DefaultDatasetModules.class));
    ImmutableMap<String, DatasetModule> modules = ImmutableMap.<String, DatasetModule>builder().putAll(defaultModules).build();
    registryFactory = injector.getInstance(DatasetDefinitionRegistryFactory.class);
    inMemoryDatasetFramework = new InMemoryDatasetFramework(registryFactory, modules);
    DiscoveryExploreClient exploreClient = new DiscoveryExploreClient(discoveryServiceClient, authenticationContext);
    ExploreFacade exploreFacade = new ExploreFacade(exploreClient, cConf);
    namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
    namespaceAdmin.create(NamespaceMeta.DEFAULT);
    ownerAdmin = injector.getInstance(OwnerAdmin.class);
    NamespaceQueryAdmin namespaceQueryAdmin = injector.getInstance(NamespaceQueryAdmin.class);
    DatasetTypeManager typeManager = new DatasetTypeManager(cConf, locationFactory, impersonator, transactionRunner);
    DatasetOpExecutor opExecutor = new InMemoryDatasetOpExecutor(dsFramework);
    DatasetInstanceManager instanceManager = new DatasetInstanceManager(transactionRunner);
    DatasetTypeService noAuthTypeService = new DefaultDatasetTypeService(typeManager, namespaceAdmin, namespacePathLocator, cConf, impersonator, txSystemClientService, transactionRunner, defaultModules);
    DatasetTypeService typeService = new AuthorizationDatasetTypeService(noAuthTypeService, authEnforcer, authenticationContext);
    instanceService = new DatasetInstanceService(typeService, noAuthTypeService, instanceManager, opExecutor, exploreFacade, namespaceQueryAdmin, ownerAdmin, authEnforcer, authenticationContext, new NoOpMetadataServiceClient());
    service = new DatasetService(cConf, SConfiguration.create(), discoveryService, discoveryServiceClient, metricsCollectionService, new HashSet<>(), typeService, instanceService);
    // Start dataset service, wait for it to be discoverable
    service.startAndWait();
    waitForService(Constants.Service.DATASET_EXECUTOR);
    waitForService(Constants.Service.DATASET_MANAGER);
    // this usually happens while creating a namespace, however not doing that in data fabric tests
    Locations.mkdirsIfNotExists(namespacePathLocator.get(NamespaceId.DEFAULT));
}
Also used : RemoteDatasetFramework(io.cdap.cdap.data2.datafabric.dataset.RemoteDatasetFramework) InMemoryDatasetOpExecutor(io.cdap.cdap.data2.datafabric.dataset.service.executor.InMemoryDatasetOpExecutor) AuthenticationContext(io.cdap.cdap.security.spi.authentication.AuthenticationContext) DiscoveryServiceClient(org.apache.twill.discovery.DiscoveryServiceClient) DatasetAdminOpHTTPHandler(io.cdap.cdap.data2.datafabric.dataset.service.executor.DatasetAdminOpHTTPHandler) TransactionInMemoryModule(org.apache.tephra.runtime.TransactionInMemoryModule) NamespacePathLocator(io.cdap.cdap.common.namespace.NamespacePathLocator) NoOpMetricsCollectionService(io.cdap.cdap.common.metrics.NoOpMetricsCollectionService) ExploreFacade(io.cdap.cdap.explore.client.ExploreFacade) DatasetDefinitionRegistryFactory(io.cdap.cdap.data2.dataset2.DatasetDefinitionRegistryFactory) DefaultDatasetDefinitionRegistryFactory(io.cdap.cdap.data2.dataset2.DefaultDatasetDefinitionRegistryFactory) SystemDatasetRuntimeModule(io.cdap.cdap.data.runtime.SystemDatasetRuntimeModule) InMemoryDatasetFramework(io.cdap.cdap.data2.dataset2.InMemoryDatasetFramework) HashSet(java.util.HashSet) HttpHandler(io.cdap.http.HttpHandler) DatasetInstanceManager(io.cdap.cdap.data2.datafabric.dataset.instance.DatasetInstanceManager) NoOpMetricsCollectionService(io.cdap.cdap.common.metrics.NoOpMetricsCollectionService) MetricsCollectionService(io.cdap.cdap.api.metrics.MetricsCollectionService) AuthenticationContextModules(io.cdap.cdap.security.auth.context.AuthenticationContextModules) DefaultOwnerAdmin(io.cdap.cdap.security.impersonation.DefaultOwnerAdmin) OwnerAdmin(io.cdap.cdap.security.impersonation.OwnerAdmin) NamespaceAdmin(io.cdap.cdap.common.namespace.NamespaceAdmin) NonCustomLocationUnitTestModule(io.cdap.cdap.common.guice.NonCustomLocationUnitTestModule) DatasetTypeManager(io.cdap.cdap.data2.datafabric.dataset.type.DatasetTypeManager) TransactionRunner(io.cdap.cdap.spi.data.transaction.TransactionRunner) TransactionManager(org.apache.tephra.TransactionManager) NoOpMetadataServiceClient(io.cdap.cdap.data2.metadata.writer.NoOpMetadataServiceClient) AuthorizationEnforcementModule(io.cdap.cdap.security.authorization.AuthorizationEnforcementModule) DelegatingTransactionSystemClientService(io.cdap.cdap.data2.transaction.DelegatingTransactionSystemClientService) InMemoryDiscoveryModule(io.cdap.cdap.common.guice.InMemoryDiscoveryModule) StorageModule(io.cdap.cdap.data.runtime.StorageModule) NamespaceAdminTestModule(io.cdap.cdap.common.guice.NamespaceAdminTestModule) ConfigModule(io.cdap.cdap.common.guice.ConfigModule) StructuredTableAdmin(io.cdap.cdap.spi.data.StructuredTableAdmin) DatasetModule(io.cdap.cdap.api.dataset.module.DatasetModule) TransactionSystemClient(org.apache.tephra.TransactionSystemClient) DiscoveryExploreClient(io.cdap.cdap.explore.client.DiscoveryExploreClient) SystemDatasetInstantiatorFactory(io.cdap.cdap.data.dataset.SystemDatasetInstantiatorFactory) TypeLiteral(com.google.inject.TypeLiteral) AccessEnforcer(io.cdap.cdap.security.spi.authorization.AccessEnforcer) NamespaceQueryAdmin(io.cdap.cdap.common.namespace.NamespaceQueryAdmin) DefaultDatasetDefinitionRegistryFactory(io.cdap.cdap.data2.dataset2.DefaultDatasetDefinitionRegistryFactory) DelegatingTransactionSystemClientService(io.cdap.cdap.data2.transaction.DelegatingTransactionSystemClientService) TransactionSystemClientService(io.cdap.cdap.data2.transaction.TransactionSystemClientService) DiscoveryService(org.apache.twill.discovery.DiscoveryService) DatasetAdminService(io.cdap.cdap.data2.datafabric.dataset.service.executor.DatasetAdminService) DatasetOpExecutor(io.cdap.cdap.data2.datafabric.dataset.service.executor.DatasetOpExecutor) InMemoryDatasetOpExecutor(io.cdap.cdap.data2.datafabric.dataset.service.executor.InMemoryDatasetOpExecutor) AuthorizationTestModule(io.cdap.cdap.security.authorization.AuthorizationTestModule) DefaultImpersonator(io.cdap.cdap.security.impersonation.DefaultImpersonator) Impersonator(io.cdap.cdap.security.impersonation.Impersonator) DefaultImpersonator(io.cdap.cdap.security.impersonation.DefaultImpersonator) OwnerStore(io.cdap.cdap.security.impersonation.OwnerStore) InMemoryOwnerStore(io.cdap.cdap.security.impersonation.InMemoryOwnerStore) AbstractModule(com.google.inject.AbstractModule) DatasetOpExecutorService(io.cdap.cdap.data2.datafabric.dataset.service.executor.DatasetOpExecutorService)

Example 2 with OwnerAdmin

use of io.cdap.cdap.security.impersonation.OwnerAdmin in project cdap by caskdata.

the class AbstractDatasetFrameworkTest method setup.

@BeforeClass
public static void setup() throws Exception {
    cConf = CConfiguration.create();
    File dataDir = new File(TMP_FOLDER.newFolder(), "data");
    cConf.set(Constants.CFG_LOCAL_DATA_DIR, dataDir.getAbsolutePath());
    final Injector injector = Guice.createInjector(new ConfigModule(cConf), new NonCustomLocationUnitTestModule(), new TransactionInMemoryModule(), new NamespaceAdminTestModule(), new AuditTestModule(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(OwnerStore.class).to(InMemoryOwnerStore.class).in(Scopes.SINGLETON);
            bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
        }
    });
    locationFactory = injector.getInstance(LocationFactory.class);
    namespacePathLocator = injector.getInstance(NamespacePathLocator.class);
    txExecutorFactory = injector.getInstance(TransactionExecutorFactory.class);
    registryFactory = new DatasetDefinitionRegistryFactory() {

        @Override
        public DatasetDefinitionRegistry create() {
            DefaultDatasetDefinitionRegistry registry = new DefaultDatasetDefinitionRegistry();
            injector.injectMembers(registry);
            return registry;
        }
    };
    namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
    namespaceQueryAdmin = injector.getInstance(NamespaceQueryAdmin.class);
    ownerAdmin = injector.getInstance(OwnerAdmin.class);
    inMemoryAuditPublisher = injector.getInstance(InMemoryAuditPublisher.class);
}
Also used : TransactionInMemoryModule(org.apache.tephra.runtime.TransactionInMemoryModule) NamespaceAdminTestModule(io.cdap.cdap.common.guice.NamespaceAdminTestModule) ConfigModule(io.cdap.cdap.common.guice.ConfigModule) DefaultOwnerAdmin(io.cdap.cdap.security.impersonation.DefaultOwnerAdmin) OwnerAdmin(io.cdap.cdap.security.impersonation.OwnerAdmin) NamespaceAdmin(io.cdap.cdap.common.namespace.NamespaceAdmin) NamespacePathLocator(io.cdap.cdap.common.namespace.NamespacePathLocator) DatasetDefinitionRegistry(io.cdap.cdap.api.dataset.module.DatasetDefinitionRegistry) NonCustomLocationUnitTestModule(io.cdap.cdap.common.guice.NonCustomLocationUnitTestModule) DefaultOwnerAdmin(io.cdap.cdap.security.impersonation.DefaultOwnerAdmin) OwnerStore(io.cdap.cdap.security.impersonation.OwnerStore) InMemoryOwnerStore(io.cdap.cdap.security.impersonation.InMemoryOwnerStore) AbstractModule(com.google.inject.AbstractModule) LocationFactory(org.apache.twill.filesystem.LocationFactory) TransactionExecutorFactory(org.apache.tephra.TransactionExecutorFactory) InMemoryAuditPublisher(io.cdap.cdap.data2.audit.InMemoryAuditPublisher) Injector(com.google.inject.Injector) NamespaceQueryAdmin(io.cdap.cdap.common.namespace.NamespaceQueryAdmin) AuditTestModule(io.cdap.cdap.data2.audit.AuditTestModule) File(java.io.File) BeforeClass(org.junit.BeforeClass)

Example 3 with OwnerAdmin

use of io.cdap.cdap.security.impersonation.OwnerAdmin in project cdap by caskdata.

the class AuthorizationUtilTest method testGetAppAuthorizingUse.

@Test
public void testGetAppAuthorizingUse() throws Exception {
    OwnerAdmin ownerAdmin = getOwnerAdmin();
    // test with complete principal (alice/somehost.net@somerealm.net)
    String principal = username + "/" + InetAddress.getLocalHost().getHostName() + "@REALM.net";
    NamespaceMeta nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal).setKeytabURI("doesnotmatter").build();
    namespaceClient.create(nsMeta);
    Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null));
    // test with principal which is just username (alice)
    namespaceClient.delete(namespaceId);
    principal = username;
    nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal).setKeytabURI("doesnotmatter").build();
    namespaceClient.create(nsMeta);
    Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null));
    // test with principal and realm (alice@somerealm.net)
    namespaceClient.delete(namespaceId);
    principal = username + "@REALM.net";
    nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal).setKeytabURI("doesnotmatter").build();
    namespaceClient.create(nsMeta);
    Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null));
    // clean up
    namespaceClient.delete(namespaceId);
}
Also used : NamespaceMeta(io.cdap.cdap.proto.NamespaceMeta) DefaultOwnerAdmin(io.cdap.cdap.security.impersonation.DefaultOwnerAdmin) OwnerAdmin(io.cdap.cdap.security.impersonation.OwnerAdmin) Test(org.junit.Test)

Aggregations

DefaultOwnerAdmin (io.cdap.cdap.security.impersonation.DefaultOwnerAdmin)3 OwnerAdmin (io.cdap.cdap.security.impersonation.OwnerAdmin)3 AbstractModule (com.google.inject.AbstractModule)2 ConfigModule (io.cdap.cdap.common.guice.ConfigModule)2 NamespaceAdminTestModule (io.cdap.cdap.common.guice.NamespaceAdminTestModule)2 NonCustomLocationUnitTestModule (io.cdap.cdap.common.guice.NonCustomLocationUnitTestModule)2 NamespaceAdmin (io.cdap.cdap.common.namespace.NamespaceAdmin)2 NamespacePathLocator (io.cdap.cdap.common.namespace.NamespacePathLocator)2 NamespaceQueryAdmin (io.cdap.cdap.common.namespace.NamespaceQueryAdmin)2 InMemoryOwnerStore (io.cdap.cdap.security.impersonation.InMemoryOwnerStore)2 OwnerStore (io.cdap.cdap.security.impersonation.OwnerStore)2 TransactionInMemoryModule (org.apache.tephra.runtime.TransactionInMemoryModule)2 Injector (com.google.inject.Injector)1 TypeLiteral (com.google.inject.TypeLiteral)1 DatasetDefinitionRegistry (io.cdap.cdap.api.dataset.module.DatasetDefinitionRegistry)1 DatasetModule (io.cdap.cdap.api.dataset.module.DatasetModule)1 MetricsCollectionService (io.cdap.cdap.api.metrics.MetricsCollectionService)1 InMemoryDiscoveryModule (io.cdap.cdap.common.guice.InMemoryDiscoveryModule)1 NoOpMetricsCollectionService (io.cdap.cdap.common.metrics.NoOpMetricsCollectionService)1 SystemDatasetInstantiatorFactory (io.cdap.cdap.data.dataset.SystemDatasetInstantiatorFactory)1