Example 91 with DrillConfig
use of org.apache.drill.common.config.DrillConfig in project drill by apache.
the class TestUserBitKerberos method setupTest.
@BeforeClass
public static void setupTest() throws Exception {
krbHelper = new KerberosHelper(TestUserBitKerberos.class.getSimpleName(), null);
krbHelper.setupKdc(dirTestWatcher.getTmpDir());
// Create a new DrillConfig which has user authentication enabled and authenticator set to
// UserAuthenticatorTestImpl.
final DrillConfig newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))));
final Properties connectionProps = new Properties();
connectionProps.setProperty(DrillProperties.USER, "anonymous");
connectionProps.setProperty(DrillProperties.PASSWORD, "anything works!");
// Ignore the compile time warning caused by the code below.
// Config is statically initialized at this point. But the above configuration results in a different
// initialization which causes the tests to fail. So the following two changes are required.
// (1) Refresh Kerberos config.
sun.security.krb5.Config.refresh();
// (2) Reset the default realm.
final Field defaultRealm = KerberosName.class.getDeclaredField("defaultRealm");
defaultRealm.setAccessible(true);
defaultRealm.set(null, KerberosUtil.getDefaultRealm());
updateTestCluster(1, newConfig, connectionProps);
}
Also used :
Field(java.lang.reflect.Field)
DrillConfig(org.apache.drill.common.config.DrillConfig)
DrillProperties(org.apache.drill.common.config.DrillProperties)
Properties(java.util.Properties)
KerberosHelper(org.apache.drill.exec.rpc.security.KerberosHelper)
BeforeClass(org.junit.BeforeClass)
Example 92 with DrillConfig
use of org.apache.drill.common.config.DrillConfig in project drill by apache.
the class TestUserBitSSL method setupTest.
@BeforeClass
public static void setupTest() throws Exception {
// Create a new DrillConfig
classLoader = TestUserBitSSL.class.getClassLoader();
ksPath = new File(classLoader.getResource("ssl/keystore.ks").getFile()).getAbsolutePath();
unknownKsPath = new File(classLoader.getResource("ssl/unknownkeystore.ks").getFile()).getAbsolutePath();
tsPath = new File(classLoader.getResource("ssl/truststore.ks").getFile()).getAbsolutePath();
emptyTSPath = new File(classLoader.getResource("ssl/emptytruststore.ks").getFile()).getAbsolutePath();
newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue(ExecConstants.SSL_USE_HADOOP_CONF, ConfigValueFactory.fromAnyRef(false)).withValue(ExecConstants.USER_SSL_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.SSL_KEYSTORE_TYPE, ConfigValueFactory.fromAnyRef("JKS")).withValue(ExecConstants.SSL_KEYSTORE_PATH, ConfigValueFactory.fromAnyRef(ksPath)).withValue(ExecConstants.SSL_KEYSTORE_PASSWORD, ConfigValueFactory.fromAnyRef("drill123")).withValue(ExecConstants.SSL_KEY_PASSWORD, ConfigValueFactory.fromAnyRef("drill123")).withValue(ExecConstants.SSL_TRUSTSTORE_TYPE, ConfigValueFactory.fromAnyRef("JKS")).withValue(ExecConstants.SSL_TRUSTSTORE_PATH, ConfigValueFactory.fromAnyRef(tsPath)).withValue(ExecConstants.SSL_TRUSTSTORE_PASSWORD, ConfigValueFactory.fromAnyRef("drill123")).withValue(ExecConstants.SSL_PROTOCOL, ConfigValueFactory.fromAnyRef("TLSv1.2")));
initProps = new Properties();
initProps.setProperty(DrillProperties.ENABLE_TLS, "true");
initProps.setProperty(DrillProperties.TRUSTSTORE_PATH, tsPath);
initProps.setProperty(DrillProperties.TRUSTSTORE_PASSWORD, "drill123");
initProps.setProperty(DrillProperties.DISABLE_HOST_VERIFICATION, "true");
// Start an SSL enabled cluster
updateTestCluster(1, newConfig, initProps);
}
Also used :
DrillConfig(org.apache.drill.common.config.DrillConfig)
Properties(java.util.Properties)
DrillProperties(org.apache.drill.common.config.DrillProperties)
File(java.io.File)
BeforeClass(org.junit.BeforeClass)
Example 93 with DrillConfig
use of org.apache.drill.common.config.DrillConfig in project drill by apache.
the class TestUserBitSSL method cleanTest.
@AfterClass
public static void cleanTest() throws Exception {
DrillConfig restoreConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()));
updateTestCluster(1, restoreConfig);
}
Also used :
DrillConfig(org.apache.drill.common.config.DrillConfig)
AfterClass(org.junit.AfterClass)
Example 94 with DrillConfig
use of org.apache.drill.common.config.DrillConfig in project drill by apache.
the class TestUserBitSSL method testClientConfigNoCertificateVerification.
@Test
public void testClientConfigNoCertificateVerification() {
// Pass if certificate is not valid, but mode is insecure.
try {
final Properties connectionProps = new Properties();
connectionProps.setProperty(DrillProperties.ENABLE_TLS, "true");
connectionProps.setProperty(DrillProperties.TRUSTSTORE_PATH, tsPath);
connectionProps.setProperty(DrillProperties.TRUSTSTORE_PASSWORD, "drill123");
connectionProps.setProperty(DrillProperties.DISABLE_HOST_VERIFICATION, "true");
connectionProps.setProperty(DrillProperties.DISABLE_CERT_VERIFICATION, "true");
DrillConfig sslConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue(ExecConstants.USER_SSL_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.SSL_KEYSTORE_TYPE, ConfigValueFactory.fromAnyRef("JKS")).withValue(ExecConstants.SSL_KEYSTORE_PATH, ConfigValueFactory.fromAnyRef(unknownKsPath)).withValue(ExecConstants.SSL_KEYSTORE_PASSWORD, ConfigValueFactory.fromAnyRef("drill123")).withValue(ExecConstants.SSL_PROTOCOL, ConfigValueFactory.fromAnyRef("TLSv1.2")));
updateTestCluster(1, sslConfig, connectionProps);
} catch (Exception e) {
fail(e.getMessage());
}
// reset cluster
updateTestCluster(1, newConfig, initProps);
}
Also used :
DrillConfig(org.apache.drill.common.config.DrillConfig)
Properties(java.util.Properties)
DrillProperties(org.apache.drill.common.config.DrillProperties)
Test(org.junit.Test)
Example 95 with DrillConfig
use of org.apache.drill.common.config.DrillConfig in project drill by apache.
the class TestUserBitSSL method testClientConfigHostnameVerification.
@Ignore("This test fails in some cases where the host name may be set up inconsistently.")
@Test
public void testClientConfigHostnameVerification() {
String password = "test_password";
String trustStoreFileName = "drillTestTrustStore";
String keyStoreFileName = "drillTestKeyStore";
KeyStore ts, ks;
File tempFile1, tempFile2;
String trustStorePath;
String keyStorePath;
try {
String fqdn = InetAddress.getLocalHost().getHostName();
SelfSignedCertificate certificate = new SelfSignedCertificate(fqdn);
tempFile1 = File.createTempFile(trustStoreFileName, ".ks");
tempFile1.deleteOnExit();
trustStorePath = tempFile1.getAbsolutePath();
// generate a truststore.
ts = KeyStore.getInstance(KeyStore.getDefaultType());
ts.load(null, password.toCharArray());
ts.setCertificateEntry("drillTest", certificate.cert());
// Store away the truststore.
try (FileOutputStream fos1 = new FileOutputStream(tempFile1)) {
ts.store(fos1, password.toCharArray());
} catch (Exception e) {
fail(e.getMessage());
}
tempFile2 = File.createTempFile(keyStoreFileName, ".ks");
tempFile2.deleteOnExit();
keyStorePath = tempFile2.getAbsolutePath();
// generate a keystore.
ts = KeyStore.getInstance(KeyStore.getDefaultType());
ts.load(null, password.toCharArray());
ts.setKeyEntry("drillTest", certificate.key(), password.toCharArray(), new java.security.cert.Certificate[] { certificate.cert() });
// Store away the keystore.
try (FileOutputStream fos2 = new FileOutputStream(tempFile2)) {
ts.store(fos2, password.toCharArray());
} catch (Exception e) {
fail(e.getMessage());
}
final Properties connectionProps = new Properties();
connectionProps.setProperty(DrillProperties.ENABLE_TLS, "true");
connectionProps.setProperty(DrillProperties.TRUSTSTORE_PATH, trustStorePath);
connectionProps.setProperty(DrillProperties.TRUSTSTORE_PASSWORD, password);
connectionProps.setProperty(DrillProperties.DISABLE_HOST_VERIFICATION, "false");
DrillConfig sslConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue(ExecConstants.USER_SSL_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.SSL_KEYSTORE_TYPE, ConfigValueFactory.fromAnyRef("JKS")).withValue(ExecConstants.SSL_KEYSTORE_PATH, ConfigValueFactory.fromAnyRef(keyStorePath)).withValue(ExecConstants.SSL_KEYSTORE_PASSWORD, ConfigValueFactory.fromAnyRef("test_password")).withValue(ExecConstants.SSL_PROTOCOL, ConfigValueFactory.fromAnyRef("TLSv1.2")));
updateTestCluster(1, sslConfig, connectionProps);
} catch (Exception e) {
fail(e.getMessage());
}
// reset cluster
updateTestCluster(1, newConfig, initProps);
}
Also used :
SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate)
DrillConfig(org.apache.drill.common.config.DrillConfig)
FileOutputStream(java.io.FileOutputStream)
Properties(java.util.Properties)
DrillProperties(org.apache.drill.common.config.DrillProperties)
KeyStore(java.security.KeyStore)
File(java.io.File)
Ignore(org.junit.Ignore)
Test(org.junit.Test)
Aggregations
DrillConfig (org.apache.drill.common.config.DrillConfig)249
Test (org.junit.Test)165
Properties (java.util.Properties)89
SecurityTest (org.apache.drill.categories.SecurityTest)88
DrillProperties (org.apache.drill.common.config.DrillProperties)77
NonTransientRpcException (org.apache.drill.exec.rpc.NonTransientRpcException)32
ScanResult (org.apache.drill.common.scanner.persistence.ScanResult)29
DrillbitContext (org.apache.drill.exec.server.DrillbitContext)28
BeforeClass (org.junit.BeforeClass)25
DrillbitEndpoint (org.apache.drill.exec.proto.CoordinationProtos.DrillbitEndpoint)23
SaslException (javax.security.sasl.SaslException)20
RpcException (org.apache.drill.exec.rpc.RpcException)20
Drillbit (org.apache.drill.exec.server.Drillbit)20
DrillbitStartupException (org.apache.drill.exec.exception.DrillbitStartupException)18
RemoteServiceSet (org.apache.drill.exec.server.RemoteServiceSet)17
BaseTest (org.apache.drill.test.BaseTest)17
ExecTest (org.apache.drill.exec.ExecTest)14
IOException (java.io.IOException)12
IcebergMetastore (org.apache.drill.metastore.iceberg.IcebergMetastore)12
File (java.io.File)10
