Search in sources :

Example 1 with Discoverable

use of org.apache.twill.discovery.Discoverable in project cdap by caskdata.

the class ResourceBalancerService method createDiscoverable.

private Discoverable createDiscoverable(final String serviceName) {
    InetSocketAddress address;
    // NOTE: at this moment we are not using port anywhere
    int port = Networks.getRandomPort();
    try {
        address = new InetSocketAddress(InetAddress.getLocalHost(), port);
    } catch (UnknownHostException e) {
        address = new InetSocketAddress(port);
    }
    return new Discoverable(serviceName, address);
}
Also used : Discoverable(org.apache.twill.discovery.Discoverable) ResolvingDiscoverable(co.cask.cdap.common.discovery.ResolvingDiscoverable) UnknownHostException(java.net.UnknownHostException) InetSocketAddress(java.net.InetSocketAddress)

Example 2 with Discoverable

use of org.apache.twill.discovery.Discoverable in project cdap by caskdata.

the class RemoteClient method resolve.

/**
 * Discover the service address, then append the base path and specified resource to get the URL.
 *
 * @param resource the resource to use
 * @return the resolved URL
 * @throws ServiceUnavailableException if the service could not be discovered
 */
public URL resolve(String resource) {
    Discoverable discoverable = endpointStrategySupplier.get().pick(1L, TimeUnit.SECONDS);
    if (discoverable == null) {
        throw new ServiceUnavailableException(discoverableServiceName);
    }
    InetSocketAddress address = discoverable.getSocketAddress();
    String scheme = Arrays.equals(Constants.Security.SSL_URI_SCHEME.getBytes(), discoverable.getPayload()) ? Constants.Security.SSL_URI_SCHEME : Constants.Security.URI_SCHEME;
    String urlStr = String.format("%s%s:%d%s%s", scheme, address.getHostName(), address.getPort(), basePath, resource);
    try {
        return new URL(urlStr);
    } catch (MalformedURLException e) {
        // shouldn't happen. If it does, it means there is some bug in the service announcer
        throw new IllegalStateException(String.format("Discovered service %s, but it announced malformed URL %s", discoverableServiceName, urlStr), e);
    }
}
Also used : Discoverable(org.apache.twill.discovery.Discoverable) MalformedURLException(java.net.MalformedURLException) InetSocketAddress(java.net.InetSocketAddress) ServiceUnavailableException(co.cask.cdap.common.ServiceUnavailableException) URL(java.net.URL)

Example 3 with Discoverable

use of org.apache.twill.discovery.Discoverable in project cdap by caskdata.

the class DiscoverableCodec method deserialize.

@Override
public Discoverable deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
    JsonObject jsonObj = json.getAsJsonObject();
    String service = jsonObj.get("service").getAsString();
    String hostname = jsonObj.get("hostname").getAsString();
    int port = jsonObj.get("port").getAsInt();
    InetSocketAddress address = new InetSocketAddress(hostname, port);
    byte[] payload = context.deserialize(jsonObj.get("payload"), BYTE_ARRAY_TYPE);
    return new Discoverable(service, address, payload);
}
Also used : Discoverable(org.apache.twill.discovery.Discoverable) InetSocketAddress(java.net.InetSocketAddress) JsonObject(com.google.gson.JsonObject)

Example 4 with Discoverable

use of org.apache.twill.discovery.Discoverable in project cdap by caskdata.

the class UGIProviderTest method testRemoteUGIProvider.

@Test
public void testRemoteUGIProvider() throws Exception {
    // Starts a mock server to handle remote UGI requests
    final NettyHttpService httpService = NettyHttpService.builder("remoteUGITest").setHttpHandlers(new UGIProviderTestHandler()).build();
    httpService.start();
    setKeytabDir(localKeytabDirPath.getAbsolutePath());
    OwnerAdmin ownerAdmin = getOwnerAdmin();
    // add an owner for stream
    ownerAdmin.add(aliceEntity, aliceKerberosPrincipalId);
    try {
        InMemoryDiscoveryService discoveryService = new InMemoryDiscoveryService();
        discoveryService.register(new Discoverable(Constants.Service.APP_FABRIC_HTTP, httpService.getBindAddress()));
        RemoteUGIProvider ugiProvider = new RemoteUGIProvider(cConf, discoveryService, locationFactory, ownerAdmin);
        ImpersonationRequest aliceImpRequest = new ImpersonationRequest(aliceEntity, ImpersonatedOpType.OTHER);
        UGIWithPrincipal aliceUGIWithPrincipal = ugiProvider.getConfiguredUGI(aliceImpRequest);
        // Shouldn't be a kerberos UGI
        Assert.assertFalse(aliceUGIWithPrincipal.getUGI().hasKerberosCredentials());
        // Validate the credentials
        Token<? extends TokenIdentifier> token = aliceUGIWithPrincipal.getUGI().getCredentials().getToken(new Text("entity"));
        Assert.assertArrayEquals(aliceEntity.toString().getBytes(StandardCharsets.UTF_8), token.getIdentifier());
        Assert.assertArrayEquals(aliceEntity.toString().getBytes(StandardCharsets.UTF_8), token.getPassword());
        Assert.assertEquals(new Text("entity"), token.getKind());
        Assert.assertEquals(new Text("service"), token.getService());
        token = aliceUGIWithPrincipal.getUGI().getCredentials().getToken(new Text("opType"));
        Assert.assertArrayEquals(aliceImpRequest.getImpersonatedOpType().toString().getBytes(StandardCharsets.UTF_8), token.getIdentifier());
        Assert.assertArrayEquals(aliceImpRequest.getImpersonatedOpType().toString().getBytes(StandardCharsets.UTF_8), token.getPassword());
        Assert.assertEquals(new Text("opType"), token.getKind());
        Assert.assertEquals(new Text("service"), token.getService());
        // Fetch it again, it should return the same UGI due to caching
        Assert.assertSame(aliceUGIWithPrincipal, ugiProvider.getConfiguredUGI(aliceImpRequest));
        // Invalid the cache and fetch it again. A different UGI should be returned
        ugiProvider.invalidCache();
        Assert.assertNotSame(aliceUGIWithPrincipal, ugiProvider.getConfiguredUGI(aliceImpRequest));
    } finally {
        httpService.stop();
    }
    // cleanup
    ownerAdmin.delete(aliceEntity);
}
Also used : Discoverable(org.apache.twill.discovery.Discoverable) NettyHttpService(co.cask.http.NettyHttpService) Text(org.apache.hadoop.io.Text) InMemoryDiscoveryService(org.apache.twill.discovery.InMemoryDiscoveryService) Test(org.junit.Test)

Example 5 with Discoverable

use of org.apache.twill.discovery.Discoverable in project cdap by caskdata.

the class ExternalAuthenticationServer method startUp.

@Override
protected void startUp() throws Exception {
    server = new Server();
    InetAddress bindAddress = InetAddress.getByName(cConfiguration.get(Constants.Security.AUTH_SERVER_BIND_ADDRESS));
    QueuedThreadPool threadPool = new QueuedThreadPool();
    threadPool.setMaxThreads(maxThreads);
    server.setThreadPool(threadPool);
    initHandlers();
    ServletContextHandler context = new ServletContextHandler();
    context.setServer(server);
    context.addServlet(HttpServletDispatcher.class, "/");
    context.addEventListener(new AuthenticationGuiceServletContextListener(handlers));
    context.setSecurityHandler(authenticationHandler);
    // Status endpoint should be handled without the authentication
    ContextHandler statusContext = new ContextHandler();
    statusContext.setContextPath(Constants.EndPoints.STATUS);
    statusContext.setServer(server);
    statusContext.setHandler(new StatusRequestHandler());
    if (cConfiguration.getBoolean(Constants.Security.SSL.EXTERNAL_ENABLED, false)) {
        SslContextFactory sslContextFactory = new SslContextFactory();
        String keyStorePath = sConfiguration.get(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PATH);
        String keyStorePassword = sConfiguration.get(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PASSWORD);
        String keyStoreType = sConfiguration.get(Constants.Security.AuthenticationServer.SSL_KEYSTORE_TYPE, Constants.Security.AuthenticationServer.DEFAULT_SSL_KEYSTORE_TYPE);
        String keyPassword = sConfiguration.get(Constants.Security.AuthenticationServer.SSL_KEYPASSWORD);
        Preconditions.checkArgument(keyStorePath != null, "Key Store Path Not Configured");
        Preconditions.checkArgument(keyStorePassword != null, "KeyStore Password Not Configured");
        sslContextFactory.setKeyStorePath(keyStorePath);
        sslContextFactory.setKeyStorePassword(keyStorePassword);
        sslContextFactory.setKeyStoreType(keyStoreType);
        if (keyPassword != null && keyPassword.length() != 0) {
            sslContextFactory.setKeyManagerPassword(keyPassword);
        }
        String trustStorePath = cConfiguration.get(Constants.Security.AuthenticationServer.SSL_TRUSTSTORE_PATH);
        if (StringUtils.isNotEmpty(trustStorePath)) {
            String trustStorePassword = cConfiguration.get(Constants.Security.AuthenticationServer.SSL_TRUSTSTORE_PASSWORD);
            String trustStoreType = cConfiguration.get(Constants.Security.AuthenticationServer.SSL_TRUSTSTORE_TYPE, Constants.Security.AuthenticationServer.DEFAULT_SSL_KEYSTORE_TYPE);
            // SSL handshaking will involve requesting for a client certificate, if cert is not provided
            // server continues with the connection but the client is considered to be unauthenticated
            sslContextFactory.setWantClientAuth(true);
            sslContextFactory.setTrustStore(trustStorePath);
            sslContextFactory.setTrustStorePassword(trustStorePassword);
            sslContextFactory.setTrustStoreType(trustStoreType);
            sslContextFactory.setValidateCerts(true);
        }
        // TODO Figure out how to pick a certificate from key store
        SslSelectChannelConnector sslConnector = new SslSelectChannelConnector(sslContextFactory);
        sslConnector.setHost(bindAddress.getCanonicalHostName());
        sslConnector.setPort(port);
        server.setConnectors(new Connector[] { sslConnector });
    } else {
        SelectChannelConnector connector = new SelectChannelConnector();
        connector.setHost(bindAddress.getCanonicalHostName());
        connector.setPort(port);
        server.setConnectors(new Connector[] { connector });
    }
    HandlerCollection handlers = new HandlerCollection();
    handlers.addHandler(statusContext);
    handlers.addHandler(context);
    // AuditLogHandler must be last, since it needs the response that was sent to the client
    handlers.addHandler(auditLogHandler);
    server.setHandler(handlers);
    try {
        server.start();
    } catch (Exception e) {
        if ((Throwables.getRootCause(e) instanceof BindException)) {
            throw new ServiceBindException("Authentication Server", bindAddress.getCanonicalHostName(), port, e);
        }
        throw e;
    }
    // assumes we only have one connector
    Connector connector = server.getConnectors()[0];
    InetSocketAddress inetSocketAddress = new InetSocketAddress(connector.getHost(), connector.getLocalPort());
    serviceCancellable = discoveryService.register(ResolvingDiscoverable.of(new Discoverable(Constants.Service.EXTERNAL_AUTHENTICATION, inetSocketAddress)));
}
Also used : SslSelectChannelConnector(org.eclipse.jetty.server.ssl.SslSelectChannelConnector) SelectChannelConnector(org.eclipse.jetty.server.nio.SelectChannelConnector) Connector(org.eclipse.jetty.server.Connector) Discoverable(org.apache.twill.discovery.Discoverable) ResolvingDiscoverable(co.cask.cdap.common.discovery.ResolvingDiscoverable) ServiceBindException(co.cask.cdap.common.ServiceBindException) Server(org.eclipse.jetty.server.Server) InetSocketAddress(java.net.InetSocketAddress) BindException(java.net.BindException) ServiceBindException(co.cask.cdap.common.ServiceBindException) BindException(java.net.BindException) ServiceBindException(co.cask.cdap.common.ServiceBindException) SslSelectChannelConnector(org.eclipse.jetty.server.ssl.SslSelectChannelConnector) ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler) ContextHandler(org.eclipse.jetty.server.handler.ContextHandler) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SslSelectChannelConnector(org.eclipse.jetty.server.ssl.SslSelectChannelConnector) SelectChannelConnector(org.eclipse.jetty.server.nio.SelectChannelConnector) QueuedThreadPool(org.eclipse.jetty.util.thread.QueuedThreadPool) HandlerCollection(org.eclipse.jetty.server.handler.HandlerCollection) ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler) InetAddress(java.net.InetAddress)

Aggregations

Discoverable (org.apache.twill.discovery.Discoverable)54 ResolvingDiscoverable (co.cask.cdap.common.discovery.ResolvingDiscoverable)18 InetSocketAddress (java.net.InetSocketAddress)14 Test (org.junit.Test)14 RandomEndpointStrategy (co.cask.cdap.common.discovery.RandomEndpointStrategy)10 EndpointStrategy (co.cask.cdap.common.discovery.EndpointStrategy)7 ServiceLoggingContext (co.cask.cdap.common.logging.ServiceLoggingContext)7 DiscoveryServiceClient (org.apache.twill.discovery.DiscoveryServiceClient)7 IOException (java.io.IOException)5 ArrayList (java.util.ArrayList)5 Cancellable (org.apache.twill.common.Cancellable)5 ProgramId (co.cask.cdap.proto.id.ProgramId)4 RouteConfig (co.cask.cdap.route.store.RouteConfig)4 JsonObject (com.google.gson.JsonObject)4 ProgramDescriptor (co.cask.cdap.app.program.ProgramDescriptor)3 ProgramController (co.cask.cdap.app.runtime.ProgramController)3 CConfiguration (co.cask.cdap.common.conf.CConfiguration)3 CommonNettyHttpServiceBuilder (co.cask.cdap.common.http.CommonNettyHttpServiceBuilder)3 ServiceDiscoverable (co.cask.cdap.common.service.ServiceDiscoverable)3 ApplicationWithPrograms (co.cask.cdap.internal.app.deploy.pipeline.ApplicationWithPrograms)3