use of org.apache.twill.discovery.Discoverable in project cdap by caskdata.
the class ResourceBalancerService method createDiscoverable.
private Discoverable createDiscoverable(final String serviceName) {
InetSocketAddress address;
// NOTE: at this moment we are not using port anywhere
int port = Networks.getRandomPort();
try {
address = new InetSocketAddress(InetAddress.getLocalHost(), port);
} catch (UnknownHostException e) {
address = new InetSocketAddress(port);
}
return new Discoverable(serviceName, address);
}
use of org.apache.twill.discovery.Discoverable in project cdap by caskdata.
the class RemoteClient method resolve.
/**
* Discover the service address, then append the base path and specified resource to get the URL.
*
* @param resource the resource to use
* @return the resolved URL
* @throws ServiceUnavailableException if the service could not be discovered
*/
public URL resolve(String resource) {
Discoverable discoverable = endpointStrategySupplier.get().pick(1L, TimeUnit.SECONDS);
if (discoverable == null) {
throw new ServiceUnavailableException(discoverableServiceName);
}
InetSocketAddress address = discoverable.getSocketAddress();
String scheme = Arrays.equals(Constants.Security.SSL_URI_SCHEME.getBytes(), discoverable.getPayload()) ? Constants.Security.SSL_URI_SCHEME : Constants.Security.URI_SCHEME;
String urlStr = String.format("%s%s:%d%s%s", scheme, address.getHostName(), address.getPort(), basePath, resource);
try {
return new URL(urlStr);
} catch (MalformedURLException e) {
// shouldn't happen. If it does, it means there is some bug in the service announcer
throw new IllegalStateException(String.format("Discovered service %s, but it announced malformed URL %s", discoverableServiceName, urlStr), e);
}
}
use of org.apache.twill.discovery.Discoverable in project cdap by caskdata.
the class DiscoverableCodec method deserialize.
@Override
public Discoverable deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
JsonObject jsonObj = json.getAsJsonObject();
String service = jsonObj.get("service").getAsString();
String hostname = jsonObj.get("hostname").getAsString();
int port = jsonObj.get("port").getAsInt();
InetSocketAddress address = new InetSocketAddress(hostname, port);
byte[] payload = context.deserialize(jsonObj.get("payload"), BYTE_ARRAY_TYPE);
return new Discoverable(service, address, payload);
}
use of org.apache.twill.discovery.Discoverable in project cdap by caskdata.
the class UGIProviderTest method testRemoteUGIProvider.
@Test
public void testRemoteUGIProvider() throws Exception {
// Starts a mock server to handle remote UGI requests
final NettyHttpService httpService = NettyHttpService.builder("remoteUGITest").setHttpHandlers(new UGIProviderTestHandler()).build();
httpService.start();
setKeytabDir(localKeytabDirPath.getAbsolutePath());
OwnerAdmin ownerAdmin = getOwnerAdmin();
// add an owner for stream
ownerAdmin.add(aliceEntity, aliceKerberosPrincipalId);
try {
InMemoryDiscoveryService discoveryService = new InMemoryDiscoveryService();
discoveryService.register(new Discoverable(Constants.Service.APP_FABRIC_HTTP, httpService.getBindAddress()));
RemoteUGIProvider ugiProvider = new RemoteUGIProvider(cConf, discoveryService, locationFactory, ownerAdmin);
ImpersonationRequest aliceImpRequest = new ImpersonationRequest(aliceEntity, ImpersonatedOpType.OTHER);
UGIWithPrincipal aliceUGIWithPrincipal = ugiProvider.getConfiguredUGI(aliceImpRequest);
// Shouldn't be a kerberos UGI
Assert.assertFalse(aliceUGIWithPrincipal.getUGI().hasKerberosCredentials());
// Validate the credentials
Token<? extends TokenIdentifier> token = aliceUGIWithPrincipal.getUGI().getCredentials().getToken(new Text("entity"));
Assert.assertArrayEquals(aliceEntity.toString().getBytes(StandardCharsets.UTF_8), token.getIdentifier());
Assert.assertArrayEquals(aliceEntity.toString().getBytes(StandardCharsets.UTF_8), token.getPassword());
Assert.assertEquals(new Text("entity"), token.getKind());
Assert.assertEquals(new Text("service"), token.getService());
token = aliceUGIWithPrincipal.getUGI().getCredentials().getToken(new Text("opType"));
Assert.assertArrayEquals(aliceImpRequest.getImpersonatedOpType().toString().getBytes(StandardCharsets.UTF_8), token.getIdentifier());
Assert.assertArrayEquals(aliceImpRequest.getImpersonatedOpType().toString().getBytes(StandardCharsets.UTF_8), token.getPassword());
Assert.assertEquals(new Text("opType"), token.getKind());
Assert.assertEquals(new Text("service"), token.getService());
// Fetch it again, it should return the same UGI due to caching
Assert.assertSame(aliceUGIWithPrincipal, ugiProvider.getConfiguredUGI(aliceImpRequest));
// Invalid the cache and fetch it again. A different UGI should be returned
ugiProvider.invalidCache();
Assert.assertNotSame(aliceUGIWithPrincipal, ugiProvider.getConfiguredUGI(aliceImpRequest));
} finally {
httpService.stop();
}
// cleanup
ownerAdmin.delete(aliceEntity);
}
use of org.apache.twill.discovery.Discoverable in project cdap by caskdata.
the class ExternalAuthenticationServer method startUp.
@Override
protected void startUp() throws Exception {
server = new Server();
InetAddress bindAddress = InetAddress.getByName(cConfiguration.get(Constants.Security.AUTH_SERVER_BIND_ADDRESS));
QueuedThreadPool threadPool = new QueuedThreadPool();
threadPool.setMaxThreads(maxThreads);
server.setThreadPool(threadPool);
initHandlers();
ServletContextHandler context = new ServletContextHandler();
context.setServer(server);
context.addServlet(HttpServletDispatcher.class, "/");
context.addEventListener(new AuthenticationGuiceServletContextListener(handlers));
context.setSecurityHandler(authenticationHandler);
// Status endpoint should be handled without the authentication
ContextHandler statusContext = new ContextHandler();
statusContext.setContextPath(Constants.EndPoints.STATUS);
statusContext.setServer(server);
statusContext.setHandler(new StatusRequestHandler());
if (cConfiguration.getBoolean(Constants.Security.SSL.EXTERNAL_ENABLED, false)) {
SslContextFactory sslContextFactory = new SslContextFactory();
String keyStorePath = sConfiguration.get(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PATH);
String keyStorePassword = sConfiguration.get(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PASSWORD);
String keyStoreType = sConfiguration.get(Constants.Security.AuthenticationServer.SSL_KEYSTORE_TYPE, Constants.Security.AuthenticationServer.DEFAULT_SSL_KEYSTORE_TYPE);
String keyPassword = sConfiguration.get(Constants.Security.AuthenticationServer.SSL_KEYPASSWORD);
Preconditions.checkArgument(keyStorePath != null, "Key Store Path Not Configured");
Preconditions.checkArgument(keyStorePassword != null, "KeyStore Password Not Configured");
sslContextFactory.setKeyStorePath(keyStorePath);
sslContextFactory.setKeyStorePassword(keyStorePassword);
sslContextFactory.setKeyStoreType(keyStoreType);
if (keyPassword != null && keyPassword.length() != 0) {
sslContextFactory.setKeyManagerPassword(keyPassword);
}
String trustStorePath = cConfiguration.get(Constants.Security.AuthenticationServer.SSL_TRUSTSTORE_PATH);
if (StringUtils.isNotEmpty(trustStorePath)) {
String trustStorePassword = cConfiguration.get(Constants.Security.AuthenticationServer.SSL_TRUSTSTORE_PASSWORD);
String trustStoreType = cConfiguration.get(Constants.Security.AuthenticationServer.SSL_TRUSTSTORE_TYPE, Constants.Security.AuthenticationServer.DEFAULT_SSL_KEYSTORE_TYPE);
// SSL handshaking will involve requesting for a client certificate, if cert is not provided
// server continues with the connection but the client is considered to be unauthenticated
sslContextFactory.setWantClientAuth(true);
sslContextFactory.setTrustStore(trustStorePath);
sslContextFactory.setTrustStorePassword(trustStorePassword);
sslContextFactory.setTrustStoreType(trustStoreType);
sslContextFactory.setValidateCerts(true);
}
// TODO Figure out how to pick a certificate from key store
SslSelectChannelConnector sslConnector = new SslSelectChannelConnector(sslContextFactory);
sslConnector.setHost(bindAddress.getCanonicalHostName());
sslConnector.setPort(port);
server.setConnectors(new Connector[] { sslConnector });
} else {
SelectChannelConnector connector = new SelectChannelConnector();
connector.setHost(bindAddress.getCanonicalHostName());
connector.setPort(port);
server.setConnectors(new Connector[] { connector });
}
HandlerCollection handlers = new HandlerCollection();
handlers.addHandler(statusContext);
handlers.addHandler(context);
// AuditLogHandler must be last, since it needs the response that was sent to the client
handlers.addHandler(auditLogHandler);
server.setHandler(handlers);
try {
server.start();
} catch (Exception e) {
if ((Throwables.getRootCause(e) instanceof BindException)) {
throw new ServiceBindException("Authentication Server", bindAddress.getCanonicalHostName(), port, e);
}
throw e;
}
// assumes we only have one connector
Connector connector = server.getConnectors()[0];
InetSocketAddress inetSocketAddress = new InetSocketAddress(connector.getHost(), connector.getLocalPort());
serviceCancellable = discoveryService.register(ResolvingDiscoverable.of(new Discoverable(Constants.Service.EXTERNAL_AUTHENTICATION, inetSocketAddress)));
}
Aggregations