use of org.apache.drill.exec.rpc.NonTransientRpcException in project drill by axbaretto.
the class TestUserBitSaslCompatibility method testEnableDrillbitAuth_DisableClientAuth.
/**
* Test showing failure in SASL handshake when Drillbit is configured for authentication only whereas client doesn't
* provide any security properties like username/password in this case.
* @throws Exception
*/
@Test
public void testEnableDrillbitAuth_DisableClientAuth() throws Exception {
final DrillConfig newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain"))).withValue(ExecConstants.USER_ENCRYPTION_SASL_ENABLED, ConfigValueFactory.fromAnyRef(false)));
final Properties connectionProps = new Properties();
try {
updateTestCluster(1, newConfig, connectionProps);
fail();
} catch (Exception ex) {
assertTrue(ex.getCause() instanceof NonTransientRpcException);
assertTrue(ex.getCause().getCause() instanceof SaslException);
}
}
use of org.apache.drill.exec.rpc.NonTransientRpcException in project drill by apache.
the class TestUserBitKerberosEncryption method clientNeedsEncryptionWithNoServerSupport.
/**
* Test to validate that clients which needs encrypted connection fails to connect
* to server with encryption disabled.
*/
@Test
public void clientNeedsEncryptionWithNoServerSupport() throws Exception {
try {
final Properties connectionProps = new Properties();
connectionProps.setProperty(DrillProperties.SERVICE_PRINCIPAL, krbHelper.SERVER_PRINCIPAL);
connectionProps.setProperty(DrillProperties.USER, krbHelper.CLIENT_PRINCIPAL);
connectionProps.setProperty(DrillProperties.KEYTAB, krbHelper.clientKeytab.getAbsolutePath());
connectionProps.setProperty(DrillProperties.SASL_ENCRYPT, "true");
newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))));
updateTestCluster(1, newConfig, connectionProps);
fail();
} catch (Exception ex) {
assert (ex.getCause() instanceof NonTransientRpcException);
}
}
use of org.apache.drill.exec.rpc.NonTransientRpcException in project drill by apache.
the class TestUserBitKerberosEncryption method failurePlainMech.
@Test
public void failurePlainMech() {
try {
final Properties connectionProps = new Properties();
connectionProps.setProperty(DrillProperties.USER, "anonymous");
connectionProps.setProperty(DrillProperties.PASSWORD, "anything works!");
newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))).withValue(ExecConstants.USER_ENCRYPTION_SASL_ENABLED, ConfigValueFactory.fromAnyRef(true)));
updateTestCluster(1, newConfig, connectionProps);
fail();
} catch (Exception ex) {
assert (ex.getCause() instanceof NonTransientRpcException);
logger.error("Caught exception: ", ex);
}
}
use of org.apache.drill.exec.rpc.NonTransientRpcException in project drill by apache.
the class TestUserBitKerberosEncryption method clientNeedsEncryptionWithServerSupport.
/**
* Test to validate that clients which needs encrypted connection connects
* to server with encryption enabled.
*/
@Test
public void clientNeedsEncryptionWithServerSupport() throws Exception {
try {
final Properties connectionProps = new Properties();
connectionProps.setProperty(DrillProperties.SERVICE_PRINCIPAL, krbHelper.SERVER_PRINCIPAL);
connectionProps.setProperty(DrillProperties.USER, krbHelper.CLIENT_PRINCIPAL);
connectionProps.setProperty(DrillProperties.KEYTAB, krbHelper.clientKeytab.getAbsolutePath());
connectionProps.setProperty(DrillProperties.SASL_ENCRYPT, "true");
newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))).withValue(ExecConstants.USER_ENCRYPTION_SASL_ENABLED, ConfigValueFactory.fromAnyRef(true)));
updateTestCluster(1, newConfig, connectionProps);
} catch (Exception ex) {
fail();
assert (ex.getCause() instanceof NonTransientRpcException);
}
}
use of org.apache.drill.exec.rpc.NonTransientRpcException in project drill by apache.
the class TestUserBitSaslCompatibility method testEnableDrillbitClientEncryption_UsingPlain.
/**
* Below test shows the failure in Sasl layer with client and Drillbit side encryption enabled using PLAIN
* mechanism. This is expected since PLAIN mechanism doesn't support encryption using SASL. Whereas same test
* setup using Kerberos or any other mechanism with encryption support will result in successful SASL handshake.
* @throws Exception
*/
@Test
public void testEnableDrillbitClientEncryption_UsingPlain() throws Exception {
final DrillConfig newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain"))).withValue(ExecConstants.USER_ENCRYPTION_SASL_ENABLED, ConfigValueFactory.fromAnyRef(true)));
final Properties connectionProps = new Properties();
connectionProps.setProperty(DrillProperties.USER, "anonymous");
connectionProps.setProperty(DrillProperties.PASSWORD, "anything works!");
connectionProps.setProperty(DrillProperties.SASL_ENCRYPT, "true");
try {
updateTestCluster(1, newConfig, connectionProps);
fail();
} catch (Exception ex) {
assertTrue(ex.getCause() instanceof NonTransientRpcException);
assertTrue(ex.getCause().getCause() instanceof SaslException);
}
}
Aggregations