Example 1 with TestingKdc
use of org.apache.accumulo.harness.TestingKdc in project accumulo by apache.
the class SimpleProxyBase method setup.
@Before
public void setup() throws Exception {
// Create a new client for each test
if (isKerberosEnabled()) {
UserGroupInformation.loginUserFromKeytab(clientPrincipal, clientKeytab.getAbsolutePath());
proxyClient = new TestProxyClient(hostname, proxyPort, factory, proxyPrimary, UserGroupInformation.getCurrentUser());
client = proxyClient.proxy();
creds = client.login(clientPrincipal, properties);
TestingKdc kdc = getKdc();
final ClusterUser user = kdc.getClientPrincipal(0);
// Create another user
client.createLocalUser(creds, user.getPrincipal(), s2bb("unused"));
// Login in as that user we just created
UserGroupInformation.loginUserFromKeytab(user.getPrincipal(), user.getKeytab().getAbsolutePath());
final UserGroupInformation badUgi = UserGroupInformation.getCurrentUser();
// Get a "Credentials" object for the proxy
TestProxyClient badClient = new TestProxyClient(hostname, proxyPort, factory, proxyPrimary, badUgi);
try {
Client badProxy = badClient.proxy();
badLogin = badProxy.login(user.getPrincipal(), properties);
} finally {
badClient.close();
}
// Log back in as the test user
UserGroupInformation.loginUserFromKeytab(clientPrincipal, clientKeytab.getAbsolutePath());
// Drop test user, invalidating the credentials (not to mention not having the krb credentials anymore)
client.dropLocalUser(creds, user.getPrincipal());
} else {
proxyClient = new TestProxyClient(hostname, proxyPort, factory);
client = proxyClient.proxy();
creds = client.login("root", properties);
// Create 'user'
client.createLocalUser(creds, "user", s2bb(SharedMiniClusterBase.getRootPassword()));
// Log in as 'user'
badLogin = client.login("user", properties);
// Drop 'user', invalidating the credentials
client.dropLocalUser(creds, "user");
}
// Create some unique names for tables, namespaces, etc.
String[] uniqueNames = getUniqueNames(2);
// Create a general table to be used
tableName = uniqueNames[0];
client.createTable(creds, tableName, true, TimeType.MILLIS);
// Create a general namespace to be used
namespaceName = uniqueNames[1];
client.createNamespace(creds, namespaceName);
}
Also used :
TestingKdc(org.apache.accumulo.harness.TestingKdc)
ClusterUser(org.apache.accumulo.cluster.ClusterUser)
Client(org.apache.accumulo.proxy.thrift.AccumuloProxy.Client)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Before(org.junit.Before)
Example 2 with TestingKdc
use of org.apache.accumulo.harness.TestingKdc in project accumulo by apache.
the class KerberosReplicationIT method startKdc.
@BeforeClass
public static void startKdc() throws Exception {
kdc = new TestingKdc();
kdc.start();
krbEnabledForITs = System.getProperty(MiniClusterHarness.USE_KERBEROS_FOR_IT_OPTION);
if (null == krbEnabledForITs || !Boolean.parseBoolean(krbEnabledForITs)) {
System.setProperty(MiniClusterHarness.USE_KERBEROS_FOR_IT_OPTION, "true");
}
rootUser = kdc.getRootUser();
}
Also used :
TestingKdc(org.apache.accumulo.harness.TestingKdc)
BeforeClass(org.junit.BeforeClass)
Example 3 with TestingKdc
use of org.apache.accumulo.harness.TestingKdc in project accumulo by apache.
the class SimpleProxyBase method setUpProxy.
/**
* Does the actual test setup, invoked by the concrete test class
*/
public static void setUpProxy() throws Exception {
assertNotNull("Implementations must initialize the TProtocolFactory", factory);
Connector c = SharedMiniClusterBase.getConnector();
Instance inst = c.getInstance();
waitForAccumulo(c);
hostname = InetAddress.getLocalHost().getCanonicalHostName();
Properties props = new Properties();
props.put("instance", inst.getInstanceName());
props.put("zookeepers", inst.getZooKeepers());
final String tokenClass;
if (isKerberosEnabled()) {
tokenClass = KerberosToken.class.getName();
TestingKdc kdc = getKdc();
// Create a principal+keytab for the proxy
proxyKeytab = new File(kdc.getKeytabDir(), "proxy.keytab");
hostname = InetAddress.getLocalHost().getCanonicalHostName();
// Set the primary because the client needs to know it
proxyPrimary = "proxy";
// Qualify with an instance
proxyPrincipal = proxyPrimary + "/" + hostname;
kdc.createPrincipal(proxyKeytab, proxyPrincipal);
// Tack on the realm too
proxyPrincipal = kdc.qualifyUser(proxyPrincipal);
props.setProperty("kerberosPrincipal", proxyPrincipal);
props.setProperty("kerberosKeytab", proxyKeytab.getCanonicalPath());
props.setProperty("thriftServerType", "sasl");
// Enabled kerberos auth
Configuration conf = new Configuration(false);
conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
UserGroupInformation.setConfiguration(conf);
// Login for the Proxy itself
UserGroupInformation.loginUserFromKeytab(proxyPrincipal, proxyKeytab.getAbsolutePath());
// User for tests
ClusterUser user = kdc.getRootUser();
clientPrincipal = user.getPrincipal();
clientKeytab = user.getKeytab();
} else {
clientPrincipal = "root";
tokenClass = PasswordToken.class.getName();
properties.put("password", SharedMiniClusterBase.getRootPassword());
hostname = "localhost";
}
props.put("tokenClass", tokenClass);
ClientConfiguration clientConfig = SharedMiniClusterBase.getCluster().getClientConfig();
String clientConfPath = new File(SharedMiniClusterBase.getCluster().getConfig().getConfDir(), "client.conf").getAbsolutePath();
props.put("clientConfigurationFile", clientConfPath);
properties.put("clientConfigurationFile", clientConfPath);
proxyPort = PortUtils.getRandomFreePort();
proxyServer = Proxy.createProxyServer(HostAndPort.fromParts(hostname, proxyPort), factory, props, clientConfig).server;
while (!proxyServer.isServing()) sleepUninterruptibly(100, TimeUnit.MILLISECONDS);
}
Also used :
Connector(org.apache.accumulo.core.client.Connector)
PasswordToken(org.apache.accumulo.core.client.security.tokens.PasswordToken)
Configuration(org.apache.hadoop.conf.Configuration)
ClientConfiguration(org.apache.accumulo.core.client.ClientConfiguration)
DefaultConfiguration(org.apache.accumulo.core.conf.DefaultConfiguration)
Instance(org.apache.accumulo.core.client.Instance)
KerberosToken(org.apache.accumulo.core.client.security.tokens.KerberosToken)
TestingKdc(org.apache.accumulo.harness.TestingKdc)
ClusterUser(org.apache.accumulo.cluster.ClusterUser)
Properties(java.util.Properties)
File(java.io.File)
ClientConfiguration(org.apache.accumulo.core.client.ClientConfiguration)
Example 4 with TestingKdc
use of org.apache.accumulo.harness.TestingKdc in project accumulo by apache.
the class KerberosClientOptsTest method startKdc.
@BeforeClass
public static void startKdc() throws Exception {
kdc = new TestingKdc();
kdc.start();
}
Also used :
TestingKdc(org.apache.accumulo.harness.TestingKdc)
BeforeClass(org.junit.BeforeClass)
Example 5 with TestingKdc
use of org.apache.accumulo.harness.TestingKdc in project accumulo by apache.
the class KerberosTokenEmbeddedKDCTest method startKdc.
@BeforeClass
public static void startKdc() throws Exception {
kdc = new TestingKdc();
kdc.start();
}
Also used :
TestingKdc(org.apache.accumulo.harness.TestingKdc)
BeforeClass(org.junit.BeforeClass)
Aggregations
TestingKdc (org.apache.accumulo.harness.TestingKdc)8
BeforeClass (org.junit.BeforeClass)6
File (java.io.File)2
ClusterUser (org.apache.accumulo.cluster.ClusterUser)2
Properties (java.util.Properties)1
ClientConfiguration (org.apache.accumulo.core.client.ClientConfiguration)1
Connector (org.apache.accumulo.core.client.Connector)1
Instance (org.apache.accumulo.core.client.Instance)1
KerberosToken (org.apache.accumulo.core.client.security.tokens.KerberosToken)1
PasswordToken (org.apache.accumulo.core.client.security.tokens.PasswordToken)1
DefaultConfiguration (org.apache.accumulo.core.conf.DefaultConfiguration)1
Client (org.apache.accumulo.proxy.thrift.AccumuloProxy.Client)1
Configuration (org.apache.hadoop.conf.Configuration)1
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1
Before (org.junit.Before)1
