use of org.apache.accumulo.core.securityImpl.thrift.TCredentials in project accumulo by apache.
the class TservConstraintEnvTest method testGetAuthorizationsContainer.
@Test
public void testGetAuthorizationsContainer() {
SecurityOperation security = createMock(SecurityOperation.class);
TCredentials goodCred = createMock(TCredentials.class);
TCredentials badCred = createMock(TCredentials.class);
ByteSequence bs = new ArrayByteSequence("foo".getBytes());
List<ByteBuffer> bbList = Collections.singletonList(ByteBuffer.wrap(bs.getBackingArray(), bs.offset(), bs.length()));
expect(security.authenticatedUserHasAuthorizations(goodCred, bbList)).andReturn(true);
expect(security.authenticatedUserHasAuthorizations(badCred, bbList)).andReturn(false);
replay(security);
assertTrue(new TservConstraintEnv(null, security, goodCred).getAuthorizationsContainer().contains(bs));
assertFalse(new TservConstraintEnv(null, security, badCred).getAuthorizationsContainer().contains(bs));
}
use of org.apache.accumulo.core.securityImpl.thrift.TCredentials in project accumulo by apache.
the class CredentialsTest method testToThrift.
@Test
public void testToThrift() throws DestroyFailedException {
var instanceID = InstanceId.of(testName());
// verify thrift serialization
Credentials creds = new Credentials("test", new PasswordToken("testing"));
TCredentials tCreds = creds.toThrift(instanceID);
assertEquals("test", tCreds.getPrincipal());
assertEquals(PasswordToken.class.getName(), tCreds.getTokenClassName());
assertArrayEquals(AuthenticationTokenSerializer.serialize(new PasswordToken("testing")), tCreds.getToken());
// verify that we can't serialize if it's destroyed
creds.getToken().destroy();
Exception e = assertThrows(RuntimeException.class, () -> creds.toThrift(instanceID));
assertSame(AccumuloSecurityException.class, e.getCause().getClass());
assertEquals(AccumuloSecurityException.class.cast(e.getCause()).getSecurityErrorCode(), SecurityErrorCode.TOKEN_EXPIRED);
}
use of org.apache.accumulo.core.securityImpl.thrift.TCredentials in project accumulo by apache.
the class CompactionCoordinatorTest method testCoordinatorRestartNoRunningCompactions.
@Test
public void testCoordinatorRestartNoRunningCompactions() throws Exception {
PowerMock.resetAll();
PowerMock.suppress(PowerMock.constructor(AbstractServer.class));
PowerMock.suppress(PowerMock.methods(ThriftUtil.class, "returnClient"));
PowerMock.suppress(PowerMock.methods(DeadCompactionDetector.class, "detectDeadCompactions", "detectDanglingFinalStateMarkers"));
AccumuloConfiguration conf = PowerMock.createNiceMock(AccumuloConfiguration.class);
ServerContext context = PowerMock.createNiceMock(ServerContext.class);
TCredentials creds = PowerMock.createNiceMock(TCredentials.class);
EasyMock.expect(context.rpcCreds()).andReturn(creds);
CompactionFinalizer finalizer = PowerMock.createNiceMock(CompactionFinalizer.class);
LiveTServerSet tservers = PowerMock.createNiceMock(LiveTServerSet.class);
TServerInstance instance = PowerMock.createNiceMock(TServerInstance.class);
HostAndPort tserverAddress = HostAndPort.fromString("localhost:9997");
EasyMock.expect(instance.getHostAndPort()).andReturn(tserverAddress).anyTimes();
EasyMock.expect(tservers.getCurrentServers()).andReturn(Sets.newHashSet(instance)).once();
tservers.startListeningForTabletServerChanges();
PowerMock.mockStatic(ExternalCompactionUtil.class);
List<RunningCompaction> runningCompactions = new ArrayList<>();
EasyMock.expect(ExternalCompactionUtil.getCompactionsRunningOnCompactors(context)).andReturn(runningCompactions);
ServerAddress client = PowerMock.createNiceMock(ServerAddress.class);
HostAndPort address = HostAndPort.fromString("localhost:10240");
EasyMock.expect(client.getAddress()).andReturn(address).anyTimes();
EasyMock.expect(instance.getHostPort()).andReturn("localhost:9997").anyTimes();
TabletClientService.Client tsc = PowerMock.createNiceMock(TabletClientService.Client.class);
TCompactionQueueSummary queueSummary = PowerMock.createNiceMock(TCompactionQueueSummary.class);
EasyMock.expect(tsc.getCompactionQueueInfo(EasyMock.anyObject(), EasyMock.anyObject())).andReturn(Collections.singletonList(queueSummary)).anyTimes();
EasyMock.expect(queueSummary.getQueue()).andReturn("R2DQ").anyTimes();
EasyMock.expect(queueSummary.getPriority()).andReturn((short) 1).anyTimes();
AuditedSecurityOperation security = PowerMock.createNiceMock(AuditedSecurityOperation.class);
PowerMock.replayAll();
TestCoordinator coordinator = new TestCoordinator(conf, finalizer, tservers, client, tsc, context, security);
coordinator.resetInternals();
assertEquals(0, coordinator.getQueues().size());
assertEquals(0, coordinator.getIndex().size());
assertEquals(0, coordinator.getRunning().size());
coordinator.run();
assertEquals(1, coordinator.getQueues().size());
QueueAndPriority qp = QueueAndPriority.get("R2DQ".intern(), (short) 1);
Map<Short, TreeSet<TServerInstance>> m = coordinator.getQueues().get("R2DQ".intern());
assertNotNull(m);
assertEquals(1, m.size());
assertTrue(m.containsKey((short) 1));
Set<TServerInstance> t = m.get((short) 1);
assertNotNull(t);
assertEquals(1, t.size());
TServerInstance queuedTsi = t.iterator().next();
assertEquals(instance.getHostPortSession(), queuedTsi.getHostPortSession());
assertEquals(1, coordinator.getIndex().size());
assertTrue(coordinator.getIndex().containsKey(queuedTsi));
Set<QueueAndPriority> i = coordinator.getIndex().get(queuedTsi);
assertEquals(1, i.size());
assertEquals(qp, i.iterator().next());
assertEquals(0, coordinator.getRunning().size());
PowerMock.verifyAll();
coordinator.resetInternals();
coordinator.close();
}
use of org.apache.accumulo.core.securityImpl.thrift.TCredentials in project accumulo by apache.
the class TCredentialsUpdatingInvocationHandlerTest method testDisallowedImpersonationFromSpecificHost.
@Test
public void testDisallowedImpersonationFromSpecificHost() {
final String proxyServer = "proxy", client = "client", host = "host.domain.com";
cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION, proxyServer + ":" + client);
cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION, host);
proxy = new TCredentialsUpdatingInvocationHandler<>(new Object(), conf);
TCredentials tcreds = new TCredentials("client", KerberosToken.class.getName(), ByteBuffer.allocate(0), UUID.randomUUID().toString());
UGIAssumingProcessor.rpcPrincipal.set(proxyServer);
// The RPC came from a different host than is allowed
TServerUtils.clientAddress.set("otherhost.domain.com");
assertThrows(ThriftSecurityException.class, () -> proxy.updateArgs(new Object[] { new Object(), tcreds }));
}
use of org.apache.accumulo.core.securityImpl.thrift.TCredentials in project accumulo by apache.
the class TCredentialsUpdatingInvocationHandlerTest method testDisallowedImpersonationForUser.
@Test
public void testDisallowedImpersonationForUser() {
final String proxyServer = "proxy";
// let "otherproxy" impersonate, but not "proxy"
cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION, "otherproxy:*");
cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION, "*");
proxy = new TCredentialsUpdatingInvocationHandler<>(new Object(), conf);
TCredentials tcreds = new TCredentials("client", KerberosToken.class.getName(), ByteBuffer.allocate(0), UUID.randomUUID().toString());
UGIAssumingProcessor.rpcPrincipal.set(proxyServer);
assertThrows(ThriftSecurityException.class, () -> proxy.updateArgs(new Object[] { new Object(), tcreds }));
}
Aggregations