Search in sources :

Example 31 with DrillbitContext

use of org.apache.drill.exec.server.DrillbitContext in project drill by axbaretto.

the class TestSpnegoAuthentication method testSPNEGOAndFORMEnabled.

/**
 * Both SPNEGO and FORM mechanism is enabled for WebServer in configuration. Test to see if the respective security
 * handlers are created successfully or not.
 * @throws Exception
 */
@Test
public void testSPNEGOAndFORMEnabled() throws Exception {
    final DrillConfig newConfig = new DrillConfig(DrillConfig.create().withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.HTTP_AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("form", "spnego"))).withValue(ExecConstants.HTTP_SPNEGO_PRINCIPAL, ConfigValueFactory.fromAnyRef(spnegoHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.HTTP_SPNEGO_KEYTAB, ConfigValueFactory.fromAnyRef(spnegoHelper.serverKeytab.toString())));
    final ScanResult scanResult = ClassPathScanner.fromPrescan(newConfig);
    final AuthenticatorProviderImpl authenticatorProvider = Mockito.mock(AuthenticatorProviderImpl.class);
    Mockito.when(authenticatorProvider.containsFactory(PlainFactory.SIMPLE_NAME)).thenReturn(true);
    final DrillbitContext context = Mockito.mock(DrillbitContext.class);
    Mockito.when(context.getClasspathScan()).thenReturn(scanResult);
    Mockito.when(context.getConfig()).thenReturn(newConfig);
    Mockito.when(context.getAuthProvider()).thenReturn(authenticatorProvider);
    final DrillHttpSecurityHandlerProvider securityProvider = new DrillHttpSecurityHandlerProvider(newConfig, context);
    assertTrue(securityProvider.isFormEnabled());
    assertTrue(securityProvider.isSpnegoEnabled());
}
Also used : DrillbitContext(org.apache.drill.exec.server.DrillbitContext) AuthenticatorProviderImpl(org.apache.drill.exec.rpc.security.AuthenticatorProviderImpl) ScanResult(org.apache.drill.common.scanner.persistence.ScanResult) DrillHttpSecurityHandlerProvider(org.apache.drill.exec.server.rest.auth.DrillHttpSecurityHandlerProvider) DrillConfig(org.apache.drill.common.config.DrillConfig) SecurityTest(org.apache.drill.categories.SecurityTest) Test(org.junit.Test)

Example 32 with DrillbitContext

use of org.apache.drill.exec.server.DrillbitContext in project drill by axbaretto.

the class TestSpnegoAuthentication method testDrillSpnegoLoginService.

/**
 * Validate successful {@link DrillSpnegoLoginService#login(String, Object)} when provided with client token for a
 * configured service principal.
 * @throws Exception
 */
@Test
public void testDrillSpnegoLoginService() throws Exception {
    // Create client subject using it's principal and keytab
    final Subject clientSubject = JaasKrbUtil.loginUsingKeytab(spnegoHelper.CLIENT_PRINCIPAL, spnegoHelper.clientKeytab.getAbsoluteFile());
    // Generate a SPNEGO token for the peer SERVER_PRINCIPAL from this CLIENT_PRINCIPAL
    final String token = Subject.doAs(clientSubject, new PrivilegedExceptionAction<String>() {

        @Override
        public String run() throws Exception {
            final GSSManager gssManager = GSSManager.getInstance();
            GSSContext gssContext = null;
            try {
                final Oid oid = GSSUtil.GSS_SPNEGO_MECH_OID;
                final GSSName serviceName = gssManager.createName(spnegoHelper.SERVER_PRINCIPAL, GSSName.NT_USER_NAME, oid);
                gssContext = gssManager.createContext(serviceName, oid, null, GSSContext.DEFAULT_LIFETIME);
                gssContext.requestCredDeleg(true);
                gssContext.requestMutualAuth(true);
                byte[] outToken = new byte[0];
                outToken = gssContext.initSecContext(outToken, 0, outToken.length);
                return Base64.encodeBase64String(outToken);
            } finally {
                if (gssContext != null) {
                    gssContext.dispose();
                }
            }
        }
    });
    // Create a DrillbitContext with service principal and keytab for DrillSpnegoLoginService
    final DrillConfig newConfig = new DrillConfig(DrillConfig.create().withValue(ExecConstants.HTTP_AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("spnego"))).withValue(ExecConstants.HTTP_SPNEGO_PRINCIPAL, ConfigValueFactory.fromAnyRef(spnegoHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.HTTP_SPNEGO_KEYTAB, ConfigValueFactory.fromAnyRef(spnegoHelper.serverKeytab.toString())));
    final SystemOptionManager optionManager = Mockito.mock(SystemOptionManager.class);
    Mockito.when(optionManager.getOption(ExecConstants.ADMIN_USERS_VALIDATOR)).thenReturn(ExecConstants.ADMIN_USERS_VALIDATOR.DEFAULT_ADMIN_USERS);
    Mockito.when(optionManager.getOption(ExecConstants.ADMIN_USER_GROUPS_VALIDATOR)).thenReturn(ExecConstants.ADMIN_USER_GROUPS_VALIDATOR.DEFAULT_ADMIN_USER_GROUPS);
    final DrillbitContext drillbitContext = Mockito.mock(DrillbitContext.class);
    Mockito.when(drillbitContext.getConfig()).thenReturn(newConfig);
    Mockito.when(drillbitContext.getOptionManager()).thenReturn(optionManager);
    final DrillSpnegoLoginService loginService = new DrillSpnegoLoginService(drillbitContext);
    // Authenticate the client using its SPNEGO token
    final UserIdentity user = loginService.login(null, token);
    // Validate the UserIdentity of authenticated client
    assertTrue(user != null);
    assertTrue(user.getUserPrincipal().getName().equals(spnegoHelper.CLIENT_SHORT_NAME));
    assertTrue(user.isUserInRole("authenticated", null));
}
Also used : DrillbitContext(org.apache.drill.exec.server.DrillbitContext) GSSName(org.ietf.jgss.GSSName) SystemOptionManager(org.apache.drill.exec.server.options.SystemOptionManager) UserIdentity(org.eclipse.jetty.server.UserIdentity) Oid(org.ietf.jgss.Oid) DrillSpnegoLoginService(org.apache.drill.exec.server.rest.auth.DrillSpnegoLoginService) Subject(javax.security.auth.Subject) DrillbitStartupException(org.apache.drill.exec.exception.DrillbitStartupException) DrillConfig(org.apache.drill.common.config.DrillConfig) GSSManager(org.ietf.jgss.GSSManager) GSSContext(org.ietf.jgss.GSSContext) SecurityTest(org.apache.drill.categories.SecurityTest) Test(org.junit.Test)

Example 33 with DrillbitContext

use of org.apache.drill.exec.server.DrillbitContext in project drill by axbaretto.

the class TestSpnegoAuthentication method testConfigBackwardCompatibility.

/**
 * Validate when none of the security mechanism is specified in the
 * {@link ExecConstants#HTTP_AUTHENTICATION_MECHANISMS}, FORM security handler is still configured correctly when
 * authentication is enabled along with PAM authenticator module.
 * @throws Exception
 */
@Test
public void testConfigBackwardCompatibility() throws Exception {
    final DrillConfig newConfig = new DrillConfig(DrillConfig.create().withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)));
    final ScanResult scanResult = ClassPathScanner.fromPrescan(newConfig);
    final AuthenticatorProviderImpl authenticatorProvider = Mockito.mock(AuthenticatorProviderImpl.class);
    Mockito.when(authenticatorProvider.containsFactory(PlainFactory.SIMPLE_NAME)).thenReturn(true);
    final DrillbitContext context = Mockito.mock(DrillbitContext.class);
    Mockito.when(context.getClasspathScan()).thenReturn(scanResult);
    Mockito.when(context.getConfig()).thenReturn(newConfig);
    Mockito.when(context.getAuthProvider()).thenReturn(authenticatorProvider);
    final DrillHttpSecurityHandlerProvider securityProvider = new DrillHttpSecurityHandlerProvider(newConfig, context);
    assertTrue(securityProvider.isFormEnabled());
    assertTrue(!securityProvider.isSpnegoEnabled());
}
Also used : DrillbitContext(org.apache.drill.exec.server.DrillbitContext) AuthenticatorProviderImpl(org.apache.drill.exec.rpc.security.AuthenticatorProviderImpl) ScanResult(org.apache.drill.common.scanner.persistence.ScanResult) DrillHttpSecurityHandlerProvider(org.apache.drill.exec.server.rest.auth.DrillHttpSecurityHandlerProvider) DrillConfig(org.apache.drill.common.config.DrillConfig) SecurityTest(org.apache.drill.categories.SecurityTest) Test(org.junit.Test)

Example 34 with DrillbitContext

use of org.apache.drill.exec.server.DrillbitContext in project drill by axbaretto.

the class TestCustomTunnel method ensureRoundTripJackson.

@Test
public void ensureRoundTripJackson() throws Exception {
    final DrillbitContext context = getDrillbitContext();
    final MesgA mesgA = new MesgA();
    mesgA.fieldA = "123";
    mesgA.fieldB = "okra";
    final TestCustomMessageHandlerJackson handler = new TestCustomMessageHandlerJackson(mesgA);
    context.getController().registerCustomHandler(1003, handler, new ControlTunnel.JacksonSerDe<MesgA>(MesgA.class), new ControlTunnel.JacksonSerDe<MesgB>(MesgB.class));
    final ControlTunnel loopbackTunnel = context.getController().getTunnel(context.getEndpoint());
    final CustomTunnel<MesgA, MesgB> tunnel = loopbackTunnel.getCustomTunnel(1003, new ControlTunnel.JacksonSerDe<MesgA>(MesgA.class), new ControlTunnel.JacksonSerDe<MesgB>(MesgB.class));
    CustomFuture<MesgB> future = tunnel.send(mesgA);
    assertEquals(expectedB, future.get());
}
Also used : DrillbitContext(org.apache.drill.exec.server.DrillbitContext) Test(org.junit.Test)

Example 35 with DrillbitContext

use of org.apache.drill.exec.server.DrillbitContext in project drill by axbaretto.

the class TestCustomTunnel method ensureRoundTripBytes.

@Test
public void ensureRoundTripBytes() throws Exception {
    final DrillbitContext context = getDrillbitContext();
    final TestCustomMessageHandler handler = new TestCustomMessageHandler(context.getEndpoint(), true);
    context.getController().registerCustomHandler(1002, handler, DrillbitEndpoint.PARSER);
    final ControlTunnel loopbackTunnel = context.getController().getTunnel(context.getEndpoint());
    final CustomTunnel<DrillbitEndpoint, QueryId> tunnel = loopbackTunnel.getCustomTunnel(1002, DrillbitEndpoint.class, QueryId.PARSER);
    buf1.retain();
    CustomFuture<QueryId> future = tunnel.send(context.getEndpoint(), buf1);
    assertEquals(expectedId, future.get());
    byte[] actual = new byte[1024];
    future.getBuffer().getBytes(0, actual);
    future.getBuffer().release();
    assertTrue(Arrays.equals(expected, actual));
}
Also used : DrillbitContext(org.apache.drill.exec.server.DrillbitContext) DrillbitEndpoint(org.apache.drill.exec.proto.CoordinationProtos.DrillbitEndpoint) QueryId(org.apache.drill.exec.proto.UserBitShared.QueryId) Test(org.junit.Test)

Aggregations

DrillbitContext (org.apache.drill.exec.server.DrillbitContext)137 Test (org.junit.Test)96 FunctionImplementationRegistry (org.apache.drill.exec.expr.fn.FunctionImplementationRegistry)86 PhysicalPlan (org.apache.drill.exec.physical.PhysicalPlan)80 UserClientConnection (org.apache.drill.exec.rpc.UserClientConnection)78 FragmentContextImpl (org.apache.drill.exec.ops.FragmentContextImpl)77 FragmentRoot (org.apache.drill.exec.physical.base.FragmentRoot)72 PhysicalPlanReader (org.apache.drill.exec.planner.PhysicalPlanReader)72 SimpleRootExec (org.apache.drill.exec.physical.impl.SimpleRootExec)44 OperatorTest (org.apache.drill.categories.OperatorTest)39 ExecTest (org.apache.drill.exec.ExecTest)35 SchemaPath (org.apache.drill.common.expression.SchemaPath)32 DrillConfig (org.apache.drill.common.config.DrillConfig)28 ValueVector (org.apache.drill.exec.vector.ValueVector)17 Ignore (org.junit.Ignore)14 IntVector (org.apache.drill.exec.vector.IntVector)13 SecurityTest (org.apache.drill.categories.SecurityTest)12 ScanResult (org.apache.drill.common.scanner.persistence.ScanResult)12 DrillbitEndpoint (org.apache.drill.exec.proto.CoordinationProtos.DrillbitEndpoint)12 SystemOptionManager (org.apache.drill.exec.server.options.SystemOptionManager)12