Search in sources :

Example 16 with NonTransientRpcException

use of org.apache.drill.exec.rpc.NonTransientRpcException in project drill by axbaretto.

the class TestUserBitSaslCompatibility method testEnableDrillbitAuth_DisableClientAuth.

/**
 * Test showing failure in SASL handshake when Drillbit is configured for authentication only whereas client doesn't
 * provide any security properties like username/password in this case.
 * @throws Exception
 */
@Test
public void testEnableDrillbitAuth_DisableClientAuth() throws Exception {
    final DrillConfig newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain"))).withValue(ExecConstants.USER_ENCRYPTION_SASL_ENABLED, ConfigValueFactory.fromAnyRef(false)));
    final Properties connectionProps = new Properties();
    try {
        updateTestCluster(1, newConfig, connectionProps);
        fail();
    } catch (Exception ex) {
        assertTrue(ex.getCause() instanceof NonTransientRpcException);
        assertTrue(ex.getCause().getCause() instanceof SaslException);
    }
}
Also used : DrillConfig(org.apache.drill.common.config.DrillConfig) NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException) Properties(java.util.Properties) DrillProperties(org.apache.drill.common.config.DrillProperties) SaslException(javax.security.sasl.SaslException) SaslException(javax.security.sasl.SaslException) NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException) Test(org.junit.Test) SecurityTest(org.apache.drill.categories.SecurityTest)

Example 17 with NonTransientRpcException

use of org.apache.drill.exec.rpc.NonTransientRpcException in project drill by apache.

the class TestUserBitKerberosEncryption method clientNeedsEncryptionWithNoServerSupport.

/**
 * Test to validate that clients which needs encrypted connection fails to connect
 * to server with encryption disabled.
 */
@Test
public void clientNeedsEncryptionWithNoServerSupport() throws Exception {
    try {
        final Properties connectionProps = new Properties();
        connectionProps.setProperty(DrillProperties.SERVICE_PRINCIPAL, krbHelper.SERVER_PRINCIPAL);
        connectionProps.setProperty(DrillProperties.USER, krbHelper.CLIENT_PRINCIPAL);
        connectionProps.setProperty(DrillProperties.KEYTAB, krbHelper.clientKeytab.getAbsolutePath());
        connectionProps.setProperty(DrillProperties.SASL_ENCRYPT, "true");
        newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))));
        updateTestCluster(1, newConfig, connectionProps);
        fail();
    } catch (Exception ex) {
        assert (ex.getCause() instanceof NonTransientRpcException);
    }
}
Also used : DrillConfig(org.apache.drill.common.config.DrillConfig) NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException) DrillProperties(org.apache.drill.common.config.DrillProperties) Properties(java.util.Properties) RpcException(org.apache.drill.exec.rpc.RpcException) NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException) SecurityTest(org.apache.drill.categories.SecurityTest) Test(org.junit.Test)

Example 18 with NonTransientRpcException

use of org.apache.drill.exec.rpc.NonTransientRpcException in project drill by apache.

the class TestUserBitKerberosEncryption method failurePlainMech.

@Test
public void failurePlainMech() {
    try {
        final Properties connectionProps = new Properties();
        connectionProps.setProperty(DrillProperties.USER, "anonymous");
        connectionProps.setProperty(DrillProperties.PASSWORD, "anything works!");
        newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))).withValue(ExecConstants.USER_ENCRYPTION_SASL_ENABLED, ConfigValueFactory.fromAnyRef(true)));
        updateTestCluster(1, newConfig, connectionProps);
        fail();
    } catch (Exception ex) {
        assert (ex.getCause() instanceof NonTransientRpcException);
        logger.error("Caught exception: ", ex);
    }
}
Also used : DrillConfig(org.apache.drill.common.config.DrillConfig) NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException) DrillProperties(org.apache.drill.common.config.DrillProperties) Properties(java.util.Properties) RpcException(org.apache.drill.exec.rpc.RpcException) NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException) SecurityTest(org.apache.drill.categories.SecurityTest) Test(org.junit.Test)

Example 19 with NonTransientRpcException

use of org.apache.drill.exec.rpc.NonTransientRpcException in project drill by apache.

the class TestUserBitKerberosEncryption method clientNeedsEncryptionWithServerSupport.

/**
 * Test to validate that clients which needs encrypted connection connects
 * to server with encryption enabled.
 */
@Test
public void clientNeedsEncryptionWithServerSupport() throws Exception {
    try {
        final Properties connectionProps = new Properties();
        connectionProps.setProperty(DrillProperties.SERVICE_PRINCIPAL, krbHelper.SERVER_PRINCIPAL);
        connectionProps.setProperty(DrillProperties.USER, krbHelper.CLIENT_PRINCIPAL);
        connectionProps.setProperty(DrillProperties.KEYTAB, krbHelper.clientKeytab.getAbsolutePath());
        connectionProps.setProperty(DrillProperties.SASL_ENCRYPT, "true");
        newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))).withValue(ExecConstants.USER_ENCRYPTION_SASL_ENABLED, ConfigValueFactory.fromAnyRef(true)));
        updateTestCluster(1, newConfig, connectionProps);
    } catch (Exception ex) {
        fail();
        assert (ex.getCause() instanceof NonTransientRpcException);
    }
}
Also used : DrillConfig(org.apache.drill.common.config.DrillConfig) NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException) DrillProperties(org.apache.drill.common.config.DrillProperties) Properties(java.util.Properties) RpcException(org.apache.drill.exec.rpc.RpcException) NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException) SecurityTest(org.apache.drill.categories.SecurityTest) Test(org.junit.Test)

Example 20 with NonTransientRpcException

use of org.apache.drill.exec.rpc.NonTransientRpcException in project drill by apache.

the class TestUserBitSaslCompatibility method testEnableDrillbitClientEncryption_UsingPlain.

/**
 * Below test shows the failure in Sasl layer with client and Drillbit side encryption enabled using PLAIN
 * mechanism. This is expected since PLAIN mechanism doesn't support encryption using SASL. Whereas same test
 * setup using Kerberos or any other mechanism with encryption support will result in successful SASL handshake.
 * @throws Exception
 */
@Test
public void testEnableDrillbitClientEncryption_UsingPlain() throws Exception {
    final DrillConfig newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain"))).withValue(ExecConstants.USER_ENCRYPTION_SASL_ENABLED, ConfigValueFactory.fromAnyRef(true)));
    final Properties connectionProps = new Properties();
    connectionProps.setProperty(DrillProperties.USER, "anonymous");
    connectionProps.setProperty(DrillProperties.PASSWORD, "anything works!");
    connectionProps.setProperty(DrillProperties.SASL_ENCRYPT, "true");
    try {
        updateTestCluster(1, newConfig, connectionProps);
        fail();
    } catch (Exception ex) {
        assertTrue(ex.getCause() instanceof NonTransientRpcException);
        assertTrue(ex.getCause().getCause() instanceof SaslException);
    }
}
Also used : DrillConfig(org.apache.drill.common.config.DrillConfig) NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException) Properties(java.util.Properties) DrillProperties(org.apache.drill.common.config.DrillProperties) SaslException(javax.security.sasl.SaslException) SaslException(javax.security.sasl.SaslException) NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException) Test(org.junit.Test) SecurityTest(org.apache.drill.categories.SecurityTest)

Aggregations

NonTransientRpcException (org.apache.drill.exec.rpc.NonTransientRpcException)23 Properties (java.util.Properties)20 SecurityTest (org.apache.drill.categories.SecurityTest)20 DrillConfig (org.apache.drill.common.config.DrillConfig)20 DrillProperties (org.apache.drill.common.config.DrillProperties)20 Test (org.junit.Test)20 SaslException (javax.security.sasl.SaslException)13 RpcException (org.apache.drill.exec.rpc.RpcException)10 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)2 IOException (java.io.IOException)2 ArrayList (java.util.ArrayList)2 SynchronousQueue (java.util.concurrent.SynchronousQueue)2 ThreadPoolExecutor (java.util.concurrent.ThreadPoolExecutor)2 UserException (org.apache.drill.common.exceptions.UserException)2 ZKClusterCoordinator (org.apache.drill.exec.coord.zk.ZKClusterCoordinator)2 OutOfMemoryException (org.apache.drill.exec.exception.OutOfMemoryException)2 DrillbitEndpoint (org.apache.drill.exec.proto.CoordinationProtos.DrillbitEndpoint)2 ChannelClosedException (org.apache.drill.exec.rpc.ChannelClosedException)2 NamedThreadFactory (org.apache.drill.exec.rpc.NamedThreadFactory)2 UserClient (org.apache.drill.exec.rpc.user.UserClient)2