Example 1 with TCredentials
use of org.apache.accumulo.core.security.thrift.TCredentials in project accumulo by apache.
the class ReplicationOperationsImplIT method getReplicationOperations.
/**
* Spoof out the Master so we can call the implementation without starting a full instance.
*/
private ReplicationOperationsImpl getReplicationOperations() throws Exception {
Master master = EasyMock.createMock(Master.class);
EasyMock.expect(master.getConnector()).andReturn(conn).anyTimes();
EasyMock.expect(master.getInstance()).andReturn(inst).anyTimes();
EasyMock.replay(master);
final MasterClientServiceHandler mcsh = new MasterClientServiceHandler(master) {
@Override
protected Table.ID getTableId(Instance inst, String tableName) throws ThriftTableOperationException {
try {
return Table.ID.of(conn.tableOperations().tableIdMap().get(tableName));
} catch (Exception e) {
throw new RuntimeException(e);
}
}
};
ClientContext context = new ClientContext(inst, new Credentials("root", new PasswordToken(ROOT_PASSWORD)), getClientConfig());
return new ReplicationOperationsImpl(context) {
@Override
protected boolean getMasterDrain(final TInfo tinfo, final TCredentials rpcCreds, final String tableName, final Set<String> wals) throws AccumuloException, AccumuloSecurityException, TableNotFoundException {
try {
return mcsh.drainReplicationTable(tinfo, rpcCreds, tableName, wals);
} catch (TException e) {
throw new RuntimeException(e);
}
}
};
}
Also used :
TInfo(org.apache.accumulo.core.trace.thrift.TInfo)
TException(org.apache.thrift.TException)
MetadataTable(org.apache.accumulo.core.metadata.MetadataTable)
Table(org.apache.accumulo.core.client.impl.Table)
ReplicationTable(org.apache.accumulo.core.replication.ReplicationTable)
Set(java.util.Set)
Instance(org.apache.accumulo.core.client.Instance)
TCredentials(org.apache.accumulo.core.security.thrift.TCredentials)
ClientContext(org.apache.accumulo.core.client.impl.ClientContext)
TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException)
AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException)
TException(org.apache.thrift.TException)
AccumuloException(org.apache.accumulo.core.client.AccumuloException)
ThriftTableOperationException(org.apache.accumulo.core.client.impl.thrift.ThriftTableOperationException)
Master(org.apache.accumulo.master.Master)
PasswordToken(org.apache.accumulo.core.client.security.tokens.PasswordToken)
MasterClientServiceHandler(org.apache.accumulo.master.MasterClientServiceHandler)
TCredentials(org.apache.accumulo.core.security.thrift.TCredentials)
Credentials(org.apache.accumulo.core.client.impl.Credentials)
ReplicationOperationsImpl(org.apache.accumulo.core.client.impl.ReplicationOperationsImpl)
Example 2 with TCredentials
use of org.apache.accumulo.core.security.thrift.TCredentials in project accumulo by apache.
the class TCredentialsUpdatingInvocationHandlerTest method testDisallowedImpersonationForMultipleUsers.
@SuppressWarnings("deprecation")
@Test(expected = ThriftSecurityException.class)
public void testDisallowedImpersonationForMultipleUsers() throws Exception {
final String proxyServer = "proxy";
// let "otherproxy" impersonate, but not "proxy"
cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + "otherproxy1" + ".users", "*");
cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + "otherproxy1" + ".hosts", "*");
cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + "otherproxy2" + ".users", "client1,client2");
cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + "otherproxy2" + ".hosts", "*");
proxy = new TCredentialsUpdatingInvocationHandler<>(new Object(), conf);
TCredentials tcreds = new TCredentials("client1", KerberosToken.class.getName(), ByteBuffer.allocate(0), UUID.randomUUID().toString());
UGIAssumingProcessor.rpcPrincipal.set(proxyServer);
proxy.updateArgs(new Object[] { new Object(), tcreds });
}
Also used :
TCredentials(org.apache.accumulo.core.security.thrift.TCredentials)
KerberosToken(org.apache.accumulo.core.client.security.tokens.KerberosToken)
Test(org.junit.Test)
Example 3 with TCredentials
use of org.apache.accumulo.core.security.thrift.TCredentials in project accumulo by apache.
the class TCredentialsUpdatingInvocationHandlerTest method testMissingPrincipal.
@Test(expected = ThriftSecurityException.class)
public void testMissingPrincipal() throws Exception {
final String principal = "root";
TCredentials tcreds = new TCredentials(principal, KerberosToken.CLASS_NAME, ByteBuffer.allocate(0), UUID.randomUUID().toString());
UGIAssumingProcessor.rpcPrincipal.set(null);
proxy.updateArgs(new Object[] { new Object(), tcreds });
}
Also used :
TCredentials(org.apache.accumulo.core.security.thrift.TCredentials)
Test(org.junit.Test)
Example 4 with TCredentials
use of org.apache.accumulo.core.security.thrift.TCredentials in project accumulo by apache.
the class TCredentialsUpdatingInvocationHandlerTest method testDisallowedImpersonationFromSpecificHost.
@SuppressWarnings("deprecation")
@Test(expected = ThriftSecurityException.class)
public void testDisallowedImpersonationFromSpecificHost() throws Exception {
final String proxyServer = "proxy", client = "client", host = "host.domain.com";
cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + proxyServer + ".users", client);
cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + proxyServer + ".hosts", host);
proxy = new TCredentialsUpdatingInvocationHandler<>(new Object(), conf);
TCredentials tcreds = new TCredentials("client", KerberosToken.class.getName(), ByteBuffer.allocate(0), UUID.randomUUID().toString());
UGIAssumingProcessor.rpcPrincipal.set(proxyServer);
// The RPC came from a different host than is allowed
TServerUtils.clientAddress.set("otherhost.domain.com");
proxy.updateArgs(new Object[] { new Object(), tcreds });
}
Also used :
TCredentials(org.apache.accumulo.core.security.thrift.TCredentials)
KerberosToken(org.apache.accumulo.core.client.security.tokens.KerberosToken)
Test(org.junit.Test)
Example 5 with TCredentials
use of org.apache.accumulo.core.security.thrift.TCredentials in project accumulo by apache.
the class TCredentialsUpdatingInvocationHandlerTest method testMismatchedPrincipal.
@Test(expected = ThriftSecurityException.class)
public void testMismatchedPrincipal() throws Exception {
final String principal = "root";
TCredentials tcreds = new TCredentials(principal, KerberosToken.CLASS_NAME, ByteBuffer.allocate(0), UUID.randomUUID().toString());
UGIAssumingProcessor.rpcPrincipal.set(principal + "foobar");
proxy.updateArgs(new Object[] { new Object(), tcreds });
}
Also used :
TCredentials(org.apache.accumulo.core.security.thrift.TCredentials)
Test(org.junit.Test)
Aggregations
TCredentials (org.apache.accumulo.core.security.thrift.TCredentials)26
Test (org.junit.Test)21
KerberosToken (org.apache.accumulo.core.client.security.tokens.KerberosToken)13
PasswordToken (org.apache.accumulo.core.client.security.tokens.PasswordToken)6
Credentials (org.apache.accumulo.core.client.impl.Credentials)5
DataInputStream (java.io.DataInputStream)2
HashSet (java.util.HashSet)2
AccumuloException (org.apache.accumulo.core.client.AccumuloException)2
AccumuloSecurityException (org.apache.accumulo.core.client.AccumuloSecurityException)2
ThriftSecurityException (org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException)2
AuthenticationToken (org.apache.accumulo.core.client.security.tokens.AuthenticationToken)2
ReplicationTarget (org.apache.accumulo.core.replication.ReplicationTarget)2
Client (org.apache.accumulo.core.replication.thrift.ReplicationServicer.Client)2
WalEdits (org.apache.accumulo.core.replication.thrift.WalEdits)2
TInfo (org.apache.accumulo.core.trace.thrift.TInfo)2
Status (org.apache.accumulo.server.replication.proto.Replication.Status)2
ReplicationStats (org.apache.accumulo.tserver.replication.AccumuloReplicaSystem.ReplicationStats)2
WalClientExecReturn (org.apache.accumulo.tserver.replication.AccumuloReplicaSystem.WalClientExecReturn)2
WalReplication (org.apache.accumulo.tserver.replication.AccumuloReplicaSystem.WalReplication)2
Path (org.apache.hadoop.fs.Path)2
