Example 76 with DrillConfig
use of org.apache.drill.common.config.DrillConfig in project drill by apache.
the class TestSpnegoConfig method testSpnegoConfigOnlyKeytab.
/**
* Invalid configuration with keytab only and missing principal
* @throws Exception
*/
@Test
public void testSpnegoConfigOnlyKeytab() throws Exception {
try {
final DrillConfig newConfig = new DrillConfig(DrillConfig.create().withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain"))).withValue(ExecConstants.HTTP_SPNEGO_KEYTAB, ConfigValueFactory.fromAnyRef(spnegoHelper.serverKeytab.toString())).withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)));
final SpnegoConfig spnegoConfig = new SpnegoConfig(newConfig);
spnegoConfig.validateSpnegoConfig();
fail();
} catch (Exception ex) {
assertTrue(ex instanceof DrillException);
}
}
Also used :
DrillConfig(org.apache.drill.common.config.DrillConfig)
SpnegoConfig(org.apache.drill.exec.server.rest.auth.SpnegoConfig)
DrillException(org.apache.drill.common.exceptions.DrillException)
DrillException(org.apache.drill.common.exceptions.DrillException)
Test(org.junit.Test)
BaseTest(org.apache.drill.test.BaseTest)
SecurityTest(org.apache.drill.categories.SecurityTest)
Example 77 with DrillConfig
use of org.apache.drill.common.config.DrillConfig in project drill by apache.
the class TestSpnegoConfig method testSpnegoConfigOnlyPrincipal.
/**
* Invalid configuration with principal only and missing keytab
* @throws Exception
*/
@Test
public void testSpnegoConfigOnlyPrincipal() throws Exception {
try {
final DrillConfig newConfig = new DrillConfig(DrillConfig.create().withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain"))).withValue(ExecConstants.HTTP_SPNEGO_PRINCIPAL, ConfigValueFactory.fromAnyRef(spnegoHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)));
final SpnegoConfig spnegoConfig = new SpnegoConfig(newConfig);
spnegoConfig.validateSpnegoConfig();
fail();
} catch (Exception ex) {
assertTrue(ex instanceof DrillException);
}
}
Also used :
DrillConfig(org.apache.drill.common.config.DrillConfig)
SpnegoConfig(org.apache.drill.exec.server.rest.auth.SpnegoConfig)
DrillException(org.apache.drill.common.exceptions.DrillException)
DrillException(org.apache.drill.common.exceptions.DrillException)
Test(org.junit.Test)
BaseTest(org.apache.drill.test.BaseTest)
SecurityTest(org.apache.drill.categories.SecurityTest)
Example 78 with DrillConfig
use of org.apache.drill.common.config.DrillConfig in project drill by apache.
the class TestUserBitKerberosEncryption method testConnectionCounters.
/**
* Test connection counter values for both encrypted and unencrypted connections over all Drillbit channels.
* Encryption is enabled only for UserRpc NOT for ControlRpc and DataRpc. Test validates corresponding connection
* count for each channel.
* For example: There is only 1 DrillClient so encrypted connection count of UserRpcMetrics will be 1. Before
* running any query there should not be any connection (control or data) between Drillbits, hence those counters
* are 0. After running a simple query since there is only 1 fragment which is root fragment the Control Connection
* count is 0 (for unencrypted counter) since with DRILL-5721 status update of fragment to Foreman happens locally.
* There is no Data Connection because there is no data exchange between multiple fragments.
*
* @throws Exception
*/
@Test
public void testConnectionCounters() throws Exception {
final Properties connectionProps = new Properties();
connectionProps.setProperty(DrillProperties.SERVICE_PRINCIPAL, krbHelper.SERVER_PRINCIPAL);
connectionProps.setProperty(DrillProperties.USER, krbHelper.CLIENT_PRINCIPAL);
connectionProps.setProperty(DrillProperties.KEYTAB, krbHelper.clientKeytab.getAbsolutePath());
newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))).withValue(ExecConstants.USER_ENCRYPTION_SASL_ENABLED, ConfigValueFactory.fromAnyRef(true)));
updateTestCluster(1, newConfig, connectionProps);
assertTrue(UserRpcMetrics.getInstance().getEncryptedConnectionCount() == 1);
assertTrue(UserRpcMetrics.getInstance().getUnEncryptedConnectionCount() == 0);
// Run few queries using the new client
testBuilder().sqlQuery("SELECT session_user FROM (SELECT * FROM sys.drillbits LIMIT 1)").unOrdered().baselineColumns("session_user").baselineValues(krbHelper.CLIENT_SHORT_NAME).go();
// Check encrypted counters value
assertTrue(1 == UserRpcMetrics.getInstance().getEncryptedConnectionCount());
assertTrue(0 == ControlRpcMetrics.getInstance().getEncryptedConnectionCount());
assertTrue(0 == DataRpcMetrics.getInstance().getEncryptedConnectionCount());
// Check unencrypted counters value
assertTrue(0 == UserRpcMetrics.getInstance().getUnEncryptedConnectionCount());
assertTrue(0 == ControlRpcMetrics.getInstance().getUnEncryptedConnectionCount());
assertTrue(0 == DataRpcMetrics.getInstance().getUnEncryptedConnectionCount());
}
Also used :
DrillConfig(org.apache.drill.common.config.DrillConfig)
DrillProperties(org.apache.drill.common.config.DrillProperties)
Properties(java.util.Properties)
SecurityTest(org.apache.drill.categories.SecurityTest)
Test(org.junit.Test)
Example 79 with DrillConfig
use of org.apache.drill.common.config.DrillConfig in project drill by apache.
the class TestUserBitKerberosEncryption method successKeytabWithChunking.
@Test
public void successKeytabWithChunking() throws Exception {
final Properties connectionProps = new Properties();
connectionProps.setProperty(DrillProperties.SERVICE_PRINCIPAL, krbHelper.SERVER_PRINCIPAL);
connectionProps.setProperty(DrillProperties.USER, krbHelper.CLIENT_PRINCIPAL);
connectionProps.setProperty(DrillProperties.KEYTAB, krbHelper.clientKeytab.getAbsolutePath());
newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))).withValue(ExecConstants.USER_ENCRYPTION_SASL_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.USER_ENCRYPTION_SASL_MAX_WRAPPED_SIZE, ConfigValueFactory.fromAnyRef(100)));
updateTestCluster(1, newConfig, connectionProps);
// Run few queries using the new client
testBuilder().sqlQuery("SELECT session_user FROM (SELECT * FROM sys.drillbits LIMIT 1)").unOrdered().baselineColumns("session_user").baselineValues(krbHelper.CLIENT_SHORT_NAME).go();
test("SHOW SCHEMAS");
test("USE INFORMATION_SCHEMA");
test("SHOW TABLES");
test("SELECT * FROM INFORMATION_SCHEMA.`TABLES` WHERE TABLE_NAME LIKE 'COLUMNS'");
test("SELECT * FROM cp.`region.json`");
}
Also used :
DrillConfig(org.apache.drill.common.config.DrillConfig)
DrillProperties(org.apache.drill.common.config.DrillProperties)
Properties(java.util.Properties)
SecurityTest(org.apache.drill.categories.SecurityTest)
Test(org.junit.Test)
Example 80 with DrillConfig
use of org.apache.drill.common.config.DrillConfig in project drill by apache.
the class TestUserBitKerberosEncryption method failureOldClientEncryptionEnabled.
/**
* Test to validate that older clients are not allowed to connect to secure cluster
* with encryption enabled.
*/
@Test
public void failureOldClientEncryptionEnabled() {
try {
final Properties connectionProps = new Properties();
connectionProps.setProperty(DrillProperties.SERVICE_PRINCIPAL, krbHelper.SERVER_PRINCIPAL);
connectionProps.setProperty(DrillProperties.USER, krbHelper.CLIENT_PRINCIPAL);
connectionProps.setProperty(DrillProperties.KEYTAB, krbHelper.clientKeytab.getAbsolutePath());
connectionProps.setProperty(DrillProperties.TEST_SASL_LEVEL, "1");
newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))).withValue(ExecConstants.USER_ENCRYPTION_SASL_ENABLED, ConfigValueFactory.fromAnyRef(true)));
updateTestCluster(1, newConfig, connectionProps);
fail();
} catch (Exception ex) {
assert (ex.getCause() instanceof RpcException);
logger.error("Caught exception: ", ex);
}
}
Also used :
DrillConfig(org.apache.drill.common.config.DrillConfig)
RpcException(org.apache.drill.exec.rpc.RpcException)
NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException)
DrillProperties(org.apache.drill.common.config.DrillProperties)
Properties(java.util.Properties)
RpcException(org.apache.drill.exec.rpc.RpcException)
NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException)
SecurityTest(org.apache.drill.categories.SecurityTest)
Test(org.junit.Test)
Aggregations
DrillConfig (org.apache.drill.common.config.DrillConfig)249
Test (org.junit.Test)165
Properties (java.util.Properties)89
SecurityTest (org.apache.drill.categories.SecurityTest)88
DrillProperties (org.apache.drill.common.config.DrillProperties)77
NonTransientRpcException (org.apache.drill.exec.rpc.NonTransientRpcException)32
ScanResult (org.apache.drill.common.scanner.persistence.ScanResult)29
DrillbitContext (org.apache.drill.exec.server.DrillbitContext)28
BeforeClass (org.junit.BeforeClass)25
DrillbitEndpoint (org.apache.drill.exec.proto.CoordinationProtos.DrillbitEndpoint)23
SaslException (javax.security.sasl.SaslException)20
RpcException (org.apache.drill.exec.rpc.RpcException)20
Drillbit (org.apache.drill.exec.server.Drillbit)20
DrillbitStartupException (org.apache.drill.exec.exception.DrillbitStartupException)18
RemoteServiceSet (org.apache.drill.exec.server.RemoteServiceSet)17
BaseTest (org.apache.drill.test.BaseTest)17
ExecTest (org.apache.drill.exec.ExecTest)14
IOException (java.io.IOException)12
IcebergMetastore (org.apache.drill.metastore.iceberg.IcebergMetastore)12
File (java.io.File)10
