Search in sources :

Example 1 with ContextAccessEnforcer

use of io.cdap.cdap.security.spi.authorization.ContextAccessEnforcer in project cdap by caskdata.

the class PreviewRunnerModule method configure.

@Override
protected void configure() {
    Boolean artifactLocalizerEnabled = cConf.getBoolean(Constants.Preview.ARTIFACT_LOCALIZER_ENABLED, false);
    if (artifactLocalizerEnabled) {
        // Use remote implementation to fetch artifact metadata from AppFab.
        // Remote implementation internally uses artifact localizer to fetch and cache artifacts locally.
        bind(ArtifactRepositoryReader.class).to(RemoteArtifactRepositoryReaderWithLocalization.class);
        bind(ArtifactRepository.class).to(RemoteArtifactRepositoryWithLocalization.class);
        expose(ArtifactRepository.class);
        bind(ArtifactRepository.class).annotatedWith(Names.named(AppFabricServiceRuntimeModule.NOAUTH_ARTIFACT_REPO)).to(RemoteArtifactRepositoryWithLocalization.class).in(Scopes.SINGLETON);
        expose(ArtifactRepository.class).annotatedWith(Names.named(AppFabricServiceRuntimeModule.NOAUTH_ARTIFACT_REPO));
        // Use remote implementation to fetch plugin metadata from AppFab.
        // Remote implementation internally uses artifact localizer to fetch and cache artifacts locally.
        bind(PluginFinder.class).to(RemoteWorkerPluginFinder.class);
        expose(PluginFinder.class);
        // Use remote implementation to fetch preferences from AppFab.
        bind(PreferencesFetcher.class).to(RemotePreferencesFetcherInternal.class);
        expose(PreferencesFetcher.class);
    } else {
        bind(ArtifactRepositoryReader.class).toProvider(artifactRepositoryReaderProvider);
        bind(ArtifactRepository.class).to(DefaultArtifactRepository.class);
        expose(ArtifactRepository.class);
        bind(ArtifactRepository.class).annotatedWith(Names.named(AppFabricServiceRuntimeModule.NOAUTH_ARTIFACT_REPO)).to(DefaultArtifactRepository.class).in(Scopes.SINGLETON);
        expose(ArtifactRepository.class).annotatedWith(Names.named(AppFabricServiceRuntimeModule.NOAUTH_ARTIFACT_REPO));
        bind(PluginFinder.class).toProvider(pluginFinderProvider);
        expose(PluginFinder.class);
        bind(PreferencesFetcher.class).toProvider(preferencesFetcherProvider);
        expose(PreferencesFetcher.class);
    }
    bind(ArtifactStore.class).toInstance(artifactStore);
    expose(ArtifactStore.class);
    bind(MessagingService.class).annotatedWith(Names.named(PreviewConfigModule.GLOBAL_TMS)).toInstance(messagingService);
    expose(MessagingService.class).annotatedWith(Names.named(PreviewConfigModule.GLOBAL_TMS));
    bind(AccessEnforcer.class).toInstance(accessEnforcer);
    expose(AccessEnforcer.class);
    bind(ContextAccessEnforcer.class).toInstance(contextAccessEnforcer);
    expose(ContextAccessEnforcer.class);
    bind(AccessControllerInstantiator.class).toInstance(accessControllerInstantiator);
    expose(AccessControllerInstantiator.class);
    bind(PermissionManager.class).toInstance(permissionManager);
    expose(PermissionManager.class);
    bind(PreferencesService.class).toInstance(preferencesService);
    // bind explore client to mock.
    bind(ExploreClient.class).to(MockExploreClient.class);
    expose(ExploreClient.class);
    bind(ProgramRuntimeProviderLoader.class).toInstance(programRuntimeProviderLoader);
    expose(ProgramRuntimeProviderLoader.class);
    bind(StorageProviderNamespaceAdmin.class).to(LocalStorageProviderNamespaceAdmin.class);
    bind(PipelineFactory.class).to(SynchronousPipelineFactory.class);
    install(new FactoryModuleBuilder().implement(Configurator.class, InMemoryConfigurator.class).build(ConfiguratorFactory.class));
    // expose this binding so program runner modules can use
    expose(ConfiguratorFactory.class);
    install(new FactoryModuleBuilder().implement(new TypeLiteral<Manager<AppDeploymentInfo, ApplicationWithPrograms>>() {
    }, new TypeLiteral<PreviewApplicationManager<AppDeploymentInfo, ApplicationWithPrograms>>() {
    }).build(new TypeLiteral<ManagerFactory<AppDeploymentInfo, ApplicationWithPrograms>>() {
    }));
    bind(Store.class).to(DefaultStore.class);
    bind(SecretStore.class).to(DefaultSecretStore.class).in(Scopes.SINGLETON);
    bind(UGIProvider.class).to(DefaultUGIProvider.class);
    expose(UGIProvider.class);
    bind(WorkflowStateWriter.class).to(BasicWorkflowStateWriter.class);
    expose(WorkflowStateWriter.class);
    // we don't delete namespaces in preview as we just delete preview directory when its done
    bind(NamespaceResourceDeleter.class).to(NoopNamespaceResourceDeleter.class).in(Scopes.SINGLETON);
    bind(NamespaceAdmin.class).to(DefaultNamespaceAdmin.class).in(Scopes.SINGLETON);
    bind(NamespaceQueryAdmin.class).to(DefaultNamespaceAdmin.class).in(Scopes.SINGLETON);
    expose(NamespaceAdmin.class);
    expose(NamespaceQueryAdmin.class);
    bind(MetadataAdmin.class).to(DefaultMetadataAdmin.class);
    expose(MetadataAdmin.class);
    bindPreviewRunner(binder());
    expose(PreviewRunner.class);
    bind(Scheduler.class).to(NoOpScheduler.class);
    bind(DataTracerFactory.class).to(DefaultDataTracerFactory.class);
    expose(DataTracerFactory.class);
    bind(PreviewDataPublisher.class).to(MessagingPreviewDataPublisher.class);
    bind(OwnerStore.class).to(DefaultOwnerStore.class);
    expose(OwnerStore.class);
    bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
    expose(OwnerAdmin.class);
    bind(CapabilityReader.class).to(CapabilityStatusStore.class);
}
Also used : MockExploreClient(io.cdap.cdap.explore.client.MockExploreClient) ExploreClient(io.cdap.cdap.explore.client.ExploreClient) ConfiguratorFactory(io.cdap.cdap.internal.app.deploy.ConfiguratorFactory) CapabilityReader(io.cdap.cdap.internal.capability.CapabilityReader) SynchronousPipelineFactory(io.cdap.cdap.internal.pipeline.SynchronousPipelineFactory) PipelineFactory(io.cdap.cdap.pipeline.PipelineFactory) FactoryModuleBuilder(com.google.inject.assistedinject.FactoryModuleBuilder) Scheduler(io.cdap.cdap.scheduler.Scheduler) NoOpScheduler(io.cdap.cdap.scheduler.NoOpScheduler) DefaultArtifactRepository(io.cdap.cdap.internal.app.runtime.artifact.DefaultArtifactRepository) DefaultUGIProvider(io.cdap.cdap.security.impersonation.DefaultUGIProvider) UGIProvider(io.cdap.cdap.security.impersonation.UGIProvider) ArtifactStore(io.cdap.cdap.internal.app.runtime.artifact.ArtifactStore) OwnerStore(io.cdap.cdap.security.impersonation.OwnerStore) CapabilityStatusStore(io.cdap.cdap.internal.capability.CapabilityStatusStore) SecretStore(io.cdap.cdap.securestore.spi.SecretStore) DefaultSecretStore(io.cdap.cdap.data.security.DefaultSecretStore) Store(io.cdap.cdap.app.store.Store) DefaultOwnerStore(io.cdap.cdap.store.DefaultOwnerStore) DefaultStore(io.cdap.cdap.internal.app.store.DefaultStore) BasicWorkflowStateWriter(io.cdap.cdap.internal.app.runtime.workflow.BasicWorkflowStateWriter) WorkflowStateWriter(io.cdap.cdap.internal.app.runtime.workflow.WorkflowStateWriter) Manager(io.cdap.cdap.app.deploy.Manager) PermissionManager(io.cdap.cdap.security.spi.authorization.PermissionManager) DefaultNamespaceAdmin(io.cdap.cdap.internal.app.namespace.DefaultNamespaceAdmin) ArtifactRepositoryReader(io.cdap.cdap.internal.app.runtime.artifact.ArtifactRepositoryReader) PreferencesService(io.cdap.cdap.config.PreferencesService) TypeLiteral(com.google.inject.TypeLiteral) AppDeploymentInfo(io.cdap.cdap.internal.app.deploy.pipeline.AppDeploymentInfo) PluginFinder(io.cdap.cdap.internal.app.runtime.artifact.PluginFinder) RemoteWorkerPluginFinder(io.cdap.cdap.internal.app.worker.RemoteWorkerPluginFinder) StorageProviderNamespaceAdmin(io.cdap.cdap.internal.app.namespace.StorageProviderNamespaceAdmin) LocalStorageProviderNamespaceAdmin(io.cdap.cdap.internal.app.namespace.LocalStorageProviderNamespaceAdmin) ApplicationWithPrograms(io.cdap.cdap.internal.app.deploy.pipeline.ApplicationWithPrograms) AccessEnforcer(io.cdap.cdap.security.spi.authorization.AccessEnforcer) ContextAccessEnforcer(io.cdap.cdap.security.spi.authorization.ContextAccessEnforcer) NoopNamespaceResourceDeleter(io.cdap.cdap.internal.app.namespace.NoopNamespaceResourceDeleter) DefaultMetadataAdmin(io.cdap.cdap.metadata.DefaultMetadataAdmin) MetadataAdmin(io.cdap.cdap.metadata.MetadataAdmin) RemoteArtifactRepositoryWithLocalization(io.cdap.cdap.internal.app.runtime.artifact.RemoteArtifactRepositoryWithLocalization) PermissionManager(io.cdap.cdap.security.spi.authorization.PermissionManager) DefaultSecretStore(io.cdap.cdap.data.security.DefaultSecretStore) DefaultOwnerAdmin(io.cdap.cdap.security.impersonation.DefaultOwnerAdmin) OwnerAdmin(io.cdap.cdap.security.impersonation.OwnerAdmin) AccessControllerInstantiator(io.cdap.cdap.security.authorization.AccessControllerInstantiator) DefaultArtifactRepository(io.cdap.cdap.internal.app.runtime.artifact.DefaultArtifactRepository) ArtifactRepository(io.cdap.cdap.internal.app.runtime.artifact.ArtifactRepository) OwnerStore(io.cdap.cdap.security.impersonation.OwnerStore) DefaultOwnerStore(io.cdap.cdap.store.DefaultOwnerStore) MessagingService(io.cdap.cdap.messaging.MessagingService) ProgramRuntimeProviderLoader(io.cdap.cdap.internal.app.runtime.ProgramRuntimeProviderLoader) ArtifactStore(io.cdap.cdap.internal.app.runtime.artifact.ArtifactStore) DefaultDataTracerFactory(io.cdap.cdap.internal.app.preview.DefaultDataTracerFactory) PreferencesFetcher(io.cdap.cdap.metadata.PreferencesFetcher) ContextAccessEnforcer(io.cdap.cdap.security.spi.authorization.ContextAccessEnforcer) MessagingPreviewDataPublisher(io.cdap.cdap.internal.app.preview.MessagingPreviewDataPublisher)

Example 2 with ContextAccessEnforcer

use of io.cdap.cdap.security.spi.authorization.ContextAccessEnforcer in project cdap by caskdata.

the class TetheringServerHandlerTest method setUp.

@Before
public void setUp() throws Exception {
    // Define all StructuredTable before starting any services that need StructuredTable
    StoreDefinition.createAllTables(injector.getInstance(StructuredTableAdmin.class));
    cConf.setBoolean(Constants.Tethering.TETHERING_SERVER_ENABLED, true);
    cConf.setInt(Constants.Tethering.CONNECTION_TIMEOUT_SECONDS, 1);
    List<Permission> tetheringPermissions = Arrays.asList(InstancePermission.TETHER);
    InMemoryAccessController inMemoryAccessController = new InMemoryAccessController();
    inMemoryAccessController.grant(Authorizable.fromEntityId(InstanceId.SELF), MASTER_PRINCIPAL, Collections.unmodifiableSet(new HashSet<>(tetheringPermissions)));
    ContextAccessEnforcer contextAccessEnforcer = new DefaultContextAccessEnforcer(new AuthenticationTestContext(), inMemoryAccessController);
    AuthenticationTestContext.actAsPrincipal(MASTER_PRINCIPAL);
    service = new CommonNettyHttpServiceBuilder(CConfiguration.create(), getClass().getSimpleName()).setHttpHandlers(new TetheringServerHandler(cConf, tetheringStore, messagingService, contextAccessEnforcer), new TetheringHandler(cConf, tetheringStore, messagingService)).build();
    service.start();
    config = ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(service.getBindAddress().getHostName()).setPort(service.getBindAddress().getPort()).setSSLEnabled(false).build()).build();
}
Also used : CommonNettyHttpServiceBuilder(io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder) StructuredTableAdmin(io.cdap.cdap.spi.data.StructuredTableAdmin) InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController) InstancePermission(io.cdap.cdap.proto.security.InstancePermission) Permission(io.cdap.cdap.proto.security.Permission) DefaultContextAccessEnforcer(io.cdap.cdap.security.authorization.DefaultContextAccessEnforcer) AuthenticationTestContext(io.cdap.cdap.security.auth.context.AuthenticationTestContext) DefaultContextAccessEnforcer(io.cdap.cdap.security.authorization.DefaultContextAccessEnforcer) ContextAccessEnforcer(io.cdap.cdap.security.spi.authorization.ContextAccessEnforcer) HashSet(java.util.HashSet) Before(org.junit.Before)

Example 3 with ContextAccessEnforcer

use of io.cdap.cdap.security.spi.authorization.ContextAccessEnforcer in project cdap by caskdata.

the class TetheringClientHandlerTest method setUp.

@Before
public void setUp() throws Exception {
    // Define all StructuredTable before starting any services that need StructuredTable
    StoreDefinition.createAllTables(injector.getInstance(StructuredTableAdmin.class));
    CConfiguration conf = CConfiguration.create();
    serverHandler = new MockTetheringServerHandler();
    serverService = new CommonNettyHttpServiceBuilder(conf, getClass().getSimpleName() + "_server").setHttpHandlers(serverHandler).build();
    serverService.start();
    serverConfig = ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(serverService.getBindAddress().getHostName()).setPort(serverService.getBindAddress().getPort()).setSSLEnabled(false).build()).build();
    cConf.setInt(Constants.Tethering.CONNECTION_INTERVAL, 1);
    cConf.setInt(Constants.Tethering.CONNECTION_TIMEOUT_SECONDS, 5);
    cConf.set(Constants.INSTANCE_NAME, CLIENT_INSTANCE);
    List<Permission> tetheringPermissions = Arrays.asList(InstancePermission.TETHER);
    InMemoryAccessController inMemoryAccessController = new InMemoryAccessController();
    inMemoryAccessController.grant(Authorizable.fromEntityId(InstanceId.SELF), MASTER_PRINCIPAL, Collections.unmodifiableSet(new HashSet<>(tetheringPermissions)));
    ContextAccessEnforcer contextAccessEnforcer = new DefaultContextAccessEnforcer(new AuthenticationTestContext(), inMemoryAccessController);
    AuthenticationTestContext.actAsPrincipal(MASTER_PRINCIPAL);
    MessagingService messagingService = injector.getInstance(MessagingService.class);
    clientService = new CommonNettyHttpServiceBuilder(conf, getClass().getSimpleName() + "_client").setHttpHandlers(new TetheringClientHandler(tetheringStore, contextAccessEnforcer), new TetheringHandler(cConf, tetheringStore, messagingService)).build();
    clientService.start();
    clientConfig = ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(clientService.getBindAddress().getHostName()).setPort(clientService.getBindAddress().getPort()).setSSLEnabled(false).build()).build();
    tetheringAgentService = new TetheringAgentService(cConf, injector.getInstance(TransactionRunner.class), tetheringStore, injector.getInstance(MessagingService.class), injector.getInstance(RemoteAuthenticator.class));
    Assert.assertEquals(Service.State.RUNNING, tetheringAgentService.startAndWait());
}
Also used : CommonNettyHttpServiceBuilder(io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder) StructuredTableAdmin(io.cdap.cdap.spi.data.StructuredTableAdmin) AuthenticationTestContext(io.cdap.cdap.security.auth.context.AuthenticationTestContext) CConfiguration(io.cdap.cdap.common.conf.CConfiguration) MessagingService(io.cdap.cdap.messaging.MessagingService) InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController) InstancePermission(io.cdap.cdap.proto.security.InstancePermission) Permission(io.cdap.cdap.proto.security.Permission) DefaultContextAccessEnforcer(io.cdap.cdap.security.authorization.DefaultContextAccessEnforcer) DefaultContextAccessEnforcer(io.cdap.cdap.security.authorization.DefaultContextAccessEnforcer) ContextAccessEnforcer(io.cdap.cdap.security.spi.authorization.ContextAccessEnforcer) HashSet(java.util.HashSet) Before(org.junit.Before)

Aggregations

ContextAccessEnforcer (io.cdap.cdap.security.spi.authorization.ContextAccessEnforcer)3 CommonNettyHttpServiceBuilder (io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder)2 MessagingService (io.cdap.cdap.messaging.MessagingService)2 InstancePermission (io.cdap.cdap.proto.security.InstancePermission)2 Permission (io.cdap.cdap.proto.security.Permission)2 TypeLiteral (com.google.inject.TypeLiteral)1 FactoryModuleBuilder (com.google.inject.assistedinject.FactoryModuleBuilder)1 Manager (io.cdap.cdap.app.deploy.Manager)1 Store (io.cdap.cdap.app.store.Store)1 CConfiguration (io.cdap.cdap.common.conf.CConfiguration)1 PreferencesService (io.cdap.cdap.config.PreferencesService)1 DefaultSecretStore (io.cdap.cdap.data.security.DefaultSecretStore)1 ExploreClient (io.cdap.cdap.explore.client.ExploreClient)1 MockExploreClient (io.cdap.cdap.explore.client.MockExploreClient)1 ConfiguratorFactory (io.cdap.cdap.internal.app.deploy.ConfiguratorFactory)1 AppDeploymentInfo (io.cdap.cdap.internal.app.deploy.pipeline.AppDeploymentInfo)1 ApplicationWithPrograms (io.cdap.cdap.internal.app.deploy.pipeline.ApplicationWithPrograms)1 DefaultNamespaceAdmin (io.cdap.cdap.internal.app.namespace.DefaultNamespaceAdmin)1 LocalStorageProviderNamespaceAdmin (io.cdap.cdap.internal.app.namespace.LocalStorageProviderNamespaceAdmin)1 NoopNamespaceResourceDeleter (io.cdap.cdap.internal.app.namespace.NoopNamespaceResourceDeleter)1