Search in sources :

Example 6 with TCredentials

use of org.apache.accumulo.core.securityImpl.thrift.TCredentials in project accumulo by apache.

the class TservConstraintEnvTest method testGetAuthorizationsContainer.

@Test
public void testGetAuthorizationsContainer() {
    SecurityOperation security = createMock(SecurityOperation.class);
    TCredentials goodCred = createMock(TCredentials.class);
    TCredentials badCred = createMock(TCredentials.class);
    ByteSequence bs = new ArrayByteSequence("foo".getBytes());
    List<ByteBuffer> bbList = Collections.singletonList(ByteBuffer.wrap(bs.getBackingArray(), bs.offset(), bs.length()));
    expect(security.authenticatedUserHasAuthorizations(goodCred, bbList)).andReturn(true);
    expect(security.authenticatedUserHasAuthorizations(badCred, bbList)).andReturn(false);
    replay(security);
    assertTrue(new TservConstraintEnv(null, security, goodCred).getAuthorizationsContainer().contains(bs));
    assertFalse(new TservConstraintEnv(null, security, badCred).getAuthorizationsContainer().contains(bs));
}
Also used : TCredentials(org.apache.accumulo.core.securityImpl.thrift.TCredentials) SecurityOperation(org.apache.accumulo.server.security.SecurityOperation) ArrayByteSequence(org.apache.accumulo.core.data.ArrayByteSequence) ByteBuffer(java.nio.ByteBuffer) ByteSequence(org.apache.accumulo.core.data.ByteSequence) ArrayByteSequence(org.apache.accumulo.core.data.ArrayByteSequence) Test(org.junit.Test)

Example 7 with TCredentials

use of org.apache.accumulo.core.securityImpl.thrift.TCredentials in project accumulo by apache.

the class CredentialsTest method testToThrift.

@Test
public void testToThrift() throws DestroyFailedException {
    var instanceID = InstanceId.of(testName());
    // verify thrift serialization
    Credentials creds = new Credentials("test", new PasswordToken("testing"));
    TCredentials tCreds = creds.toThrift(instanceID);
    assertEquals("test", tCreds.getPrincipal());
    assertEquals(PasswordToken.class.getName(), tCreds.getTokenClassName());
    assertArrayEquals(AuthenticationTokenSerializer.serialize(new PasswordToken("testing")), tCreds.getToken());
    // verify that we can't serialize if it's destroyed
    creds.getToken().destroy();
    Exception e = assertThrows(RuntimeException.class, () -> creds.toThrift(instanceID));
    assertSame(AccumuloSecurityException.class, e.getCause().getClass());
    assertEquals(AccumuloSecurityException.class.cast(e.getCause()).getSecurityErrorCode(), SecurityErrorCode.TOKEN_EXPIRED);
}
Also used : PasswordToken(org.apache.accumulo.core.client.security.tokens.PasswordToken) TCredentials(org.apache.accumulo.core.securityImpl.thrift.TCredentials) TCredentials(org.apache.accumulo.core.securityImpl.thrift.TCredentials) Credentials(org.apache.accumulo.core.clientImpl.Credentials) DestroyFailedException(javax.security.auth.DestroyFailedException) AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException) Test(org.junit.jupiter.api.Test)

Example 8 with TCredentials

use of org.apache.accumulo.core.securityImpl.thrift.TCredentials in project accumulo by apache.

the class CompactionCoordinatorTest method testCoordinatorRestartNoRunningCompactions.

@Test
public void testCoordinatorRestartNoRunningCompactions() throws Exception {
    PowerMock.resetAll();
    PowerMock.suppress(PowerMock.constructor(AbstractServer.class));
    PowerMock.suppress(PowerMock.methods(ThriftUtil.class, "returnClient"));
    PowerMock.suppress(PowerMock.methods(DeadCompactionDetector.class, "detectDeadCompactions", "detectDanglingFinalStateMarkers"));
    AccumuloConfiguration conf = PowerMock.createNiceMock(AccumuloConfiguration.class);
    ServerContext context = PowerMock.createNiceMock(ServerContext.class);
    TCredentials creds = PowerMock.createNiceMock(TCredentials.class);
    EasyMock.expect(context.rpcCreds()).andReturn(creds);
    CompactionFinalizer finalizer = PowerMock.createNiceMock(CompactionFinalizer.class);
    LiveTServerSet tservers = PowerMock.createNiceMock(LiveTServerSet.class);
    TServerInstance instance = PowerMock.createNiceMock(TServerInstance.class);
    HostAndPort tserverAddress = HostAndPort.fromString("localhost:9997");
    EasyMock.expect(instance.getHostAndPort()).andReturn(tserverAddress).anyTimes();
    EasyMock.expect(tservers.getCurrentServers()).andReturn(Sets.newHashSet(instance)).once();
    tservers.startListeningForTabletServerChanges();
    PowerMock.mockStatic(ExternalCompactionUtil.class);
    List<RunningCompaction> runningCompactions = new ArrayList<>();
    EasyMock.expect(ExternalCompactionUtil.getCompactionsRunningOnCompactors(context)).andReturn(runningCompactions);
    ServerAddress client = PowerMock.createNiceMock(ServerAddress.class);
    HostAndPort address = HostAndPort.fromString("localhost:10240");
    EasyMock.expect(client.getAddress()).andReturn(address).anyTimes();
    EasyMock.expect(instance.getHostPort()).andReturn("localhost:9997").anyTimes();
    TabletClientService.Client tsc = PowerMock.createNiceMock(TabletClientService.Client.class);
    TCompactionQueueSummary queueSummary = PowerMock.createNiceMock(TCompactionQueueSummary.class);
    EasyMock.expect(tsc.getCompactionQueueInfo(EasyMock.anyObject(), EasyMock.anyObject())).andReturn(Collections.singletonList(queueSummary)).anyTimes();
    EasyMock.expect(queueSummary.getQueue()).andReturn("R2DQ").anyTimes();
    EasyMock.expect(queueSummary.getPriority()).andReturn((short) 1).anyTimes();
    AuditedSecurityOperation security = PowerMock.createNiceMock(AuditedSecurityOperation.class);
    PowerMock.replayAll();
    TestCoordinator coordinator = new TestCoordinator(conf, finalizer, tservers, client, tsc, context, security);
    coordinator.resetInternals();
    assertEquals(0, coordinator.getQueues().size());
    assertEquals(0, coordinator.getIndex().size());
    assertEquals(0, coordinator.getRunning().size());
    coordinator.run();
    assertEquals(1, coordinator.getQueues().size());
    QueueAndPriority qp = QueueAndPriority.get("R2DQ".intern(), (short) 1);
    Map<Short, TreeSet<TServerInstance>> m = coordinator.getQueues().get("R2DQ".intern());
    assertNotNull(m);
    assertEquals(1, m.size());
    assertTrue(m.containsKey((short) 1));
    Set<TServerInstance> t = m.get((short) 1);
    assertNotNull(t);
    assertEquals(1, t.size());
    TServerInstance queuedTsi = t.iterator().next();
    assertEquals(instance.getHostPortSession(), queuedTsi.getHostPortSession());
    assertEquals(1, coordinator.getIndex().size());
    assertTrue(coordinator.getIndex().containsKey(queuedTsi));
    Set<QueueAndPriority> i = coordinator.getIndex().get(queuedTsi);
    assertEquals(1, i.size());
    assertEquals(qp, i.iterator().next());
    assertEquals(0, coordinator.getRunning().size());
    PowerMock.verifyAll();
    coordinator.resetInternals();
    coordinator.close();
}
Also used : ThriftUtil(org.apache.accumulo.core.rpc.ThriftUtil) ArrayList(java.util.ArrayList) ServerAddress(org.apache.accumulo.server.rpc.ServerAddress) AuditedSecurityOperation(org.apache.accumulo.server.security.AuditedSecurityOperation) TCompactionQueueSummary(org.apache.accumulo.core.tabletserver.thrift.TCompactionQueueSummary) LiveTServerSet(org.apache.accumulo.server.manager.LiveTServerSet) HostAndPort(org.apache.accumulo.core.util.HostAndPort) Client(org.apache.accumulo.core.tabletserver.thrift.TabletClientService.Client) TreeSet(java.util.TreeSet) AccumuloConfiguration(org.apache.accumulo.core.conf.AccumuloConfiguration) TCredentials(org.apache.accumulo.core.securityImpl.thrift.TCredentials) RunningCompaction(org.apache.accumulo.core.util.compaction.RunningCompaction) TServerInstance(org.apache.accumulo.core.metadata.TServerInstance) AbstractServer(org.apache.accumulo.server.AbstractServer) ServerContext(org.apache.accumulo.server.ServerContext) TabletClientService(org.apache.accumulo.core.tabletserver.thrift.TabletClientService) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 9 with TCredentials

use of org.apache.accumulo.core.securityImpl.thrift.TCredentials in project accumulo by apache.

the class TCredentialsUpdatingInvocationHandlerTest method testDisallowedImpersonationFromSpecificHost.

@Test
public void testDisallowedImpersonationFromSpecificHost() {
    final String proxyServer = "proxy", client = "client", host = "host.domain.com";
    cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION, proxyServer + ":" + client);
    cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION, host);
    proxy = new TCredentialsUpdatingInvocationHandler<>(new Object(), conf);
    TCredentials tcreds = new TCredentials("client", KerberosToken.class.getName(), ByteBuffer.allocate(0), UUID.randomUUID().toString());
    UGIAssumingProcessor.rpcPrincipal.set(proxyServer);
    // The RPC came from a different host than is allowed
    TServerUtils.clientAddress.set("otherhost.domain.com");
    assertThrows(ThriftSecurityException.class, () -> proxy.updateArgs(new Object[] { new Object(), tcreds }));
}
Also used : TCredentials(org.apache.accumulo.core.securityImpl.thrift.TCredentials) KerberosToken(org.apache.accumulo.core.client.security.tokens.KerberosToken) Test(org.junit.Test)

Example 10 with TCredentials

use of org.apache.accumulo.core.securityImpl.thrift.TCredentials in project accumulo by apache.

the class TCredentialsUpdatingInvocationHandlerTest method testDisallowedImpersonationForUser.

@Test
public void testDisallowedImpersonationForUser() {
    final String proxyServer = "proxy";
    // let "otherproxy" impersonate, but not "proxy"
    cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION, "otherproxy:*");
    cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION, "*");
    proxy = new TCredentialsUpdatingInvocationHandler<>(new Object(), conf);
    TCredentials tcreds = new TCredentials("client", KerberosToken.class.getName(), ByteBuffer.allocate(0), UUID.randomUUID().toString());
    UGIAssumingProcessor.rpcPrincipal.set(proxyServer);
    assertThrows(ThriftSecurityException.class, () -> proxy.updateArgs(new Object[] { new Object(), tcreds }));
}
Also used : TCredentials(org.apache.accumulo.core.securityImpl.thrift.TCredentials) KerberosToken(org.apache.accumulo.core.client.security.tokens.KerberosToken) Test(org.junit.Test)

Aggregations

TCredentials (org.apache.accumulo.core.securityImpl.thrift.TCredentials)27 Test (org.junit.Test)18 KerberosToken (org.apache.accumulo.core.client.security.tokens.KerberosToken)7 ArrayList (java.util.ArrayList)6 TabletClientService (org.apache.accumulo.core.tabletserver.thrift.TabletClientService)6 PasswordToken (org.apache.accumulo.core.client.security.tokens.PasswordToken)5 AccumuloConfiguration (org.apache.accumulo.core.conf.AccumuloConfiguration)5 TServerInstance (org.apache.accumulo.core.metadata.TServerInstance)5 TCompactionQueueSummary (org.apache.accumulo.core.tabletserver.thrift.TCompactionQueueSummary)5 Client (org.apache.accumulo.core.tabletserver.thrift.TabletClientService.Client)5 TInfo (org.apache.accumulo.core.trace.thrift.TInfo)5 HostAndPort (org.apache.accumulo.core.util.HostAndPort)5 AbstractServer (org.apache.accumulo.server.AbstractServer)5 ServerContext (org.apache.accumulo.server.ServerContext)5 LiveTServerSet (org.apache.accumulo.server.manager.LiveTServerSet)5 ServerAddress (org.apache.accumulo.server.rpc.ServerAddress)5 AuditedSecurityOperation (org.apache.accumulo.server.security.AuditedSecurityOperation)5 HashSet (java.util.HashSet)4 TreeSet (java.util.TreeSet)4 Credentials (org.apache.accumulo.core.clientImpl.Credentials)4