UpgradeTool() throws Exception { this.cConf = CConfiguration.create(); if (this.cConf.getBoolean(Constants.Security.Authorization.ENABLED)) { LOG.info("Disabling authorization for {}.", getClass().getSimpleName()); this.cConf.setBoolean(Constants.Security.Authorization.ENABLED, false); } // Note: login has to happen before any objects that need Kerberos credentials are instantiated. SecurityUtil.loginForMasterService(cConf); this.hConf = HBaseConfiguration.create(); Injector injector = createInjector(); this.txService = injector.getInstance(TransactionService.class); this.zkClientService = injector.getInstance(ZKClientService.class); this.dsFramework = injector.getInstance(DatasetFramework.class); this.dsUpgrade = injector.getInstance(DatasetUpgrader.class); this.tmsTableFactory = injector.getInstance(HBaseTableFactory.class); LocationFactory locationFactory = injector.getInstance(LocationFactory.class); HBaseTableUtil tableUtil = injector.getInstance(HBaseTableUtil.class); this.coprocessorManager = new CoprocessorManager(cConf, locationFactory, tableUtil); Runtime.getRuntime().addShutdownHook(new Thread() { @Override public void run() { try { UpgradeTool.this.stop(); } catch (Throwable e) { LOG.error("Failed to upgrade", e); } } }); }
@Test public void testAuthenticationDisabled() throws Exception { CConfiguration cConf = CConfiguration.create(); cConf.setBoolean(Constants.Security.ENABLED, false); cConf.setBoolean(Constants.Security.Authorization.ENABLED, true); testDisabled(cConf, FeatureDisabledException.Feature.AUTHENTICATION, Constants.Security.ENABLED); }
protected static CConfiguration createCConf() throws IOException { CConfiguration cConf = DatasetServiceTestBase.createCConf(); cConf.setBoolean(Constants.Security.ENABLED, true); cConf.setBoolean(Constants.Security.Authorization.ENABLED, true); // we only want to test authorization, but we don't specify principal/keytab, so disable kerberos cConf.setBoolean(Constants.Security.KERBEROS_ENABLED, false); cConf.setInt(Constants.Security.Authorization.CACHE_MAX_ENTRIES, 0); Location authorizerJar = AppJarHelper.createDeploymentJar(locationFactory, InMemoryAuthorizer.class); cConf.set(Constants.Security.Authorization.EXTENSION_JAR_PATH, authorizerJar.toURI().getPath()); return cConf; }
@Test public void testAuthorizationDisabled() throws Exception { CConfiguration cConf = CConfiguration.create(); cConf.setBoolean(Constants.Security.ENABLED, true); cConf.setBoolean(Constants.Security.Authorization.ENABLED, false); testDisabled(cConf, FeatureDisabledException.Feature.AUTHORIZATION, Constants.Security.Authorization.ENABLED); }
private static CConfiguration createCConf() throws IOException { CConfiguration cConf = CConfiguration.create(); cConf.setBoolean(Constants.Security.ENABLED, true); cConf.setBoolean(Constants.Security.Authorization.ENABLED, true); // we only want to test authorization, but we don't specify principal/keytab, so disable kerberos cConf.setBoolean(Constants.Security.KERBEROS_ENABLED, false); cConf.setInt(Constants.Security.Authorization.CACHE_MAX_ENTRIES, 0); LocationFactory locationFactory = new LocalLocationFactory(new File(TEMPORARY_FOLDER.newFolder().toURI())); Location authorizerJar = AppJarHelper.createDeploymentJar(locationFactory, InMemoryAuthorizer.class); cConf.set(Constants.Security.Authorization.EXTENSION_JAR_PATH, authorizerJar.toURI().getPath()); return cConf; }
private static CConfiguration createCConf() throws IOException { CConfiguration cConf = CConfiguration.create(); cConf.setBoolean(Constants.Security.ENABLED, true); cConf.setBoolean(Constants.Security.Authorization.ENABLED, true); // we only want to test authorization, but we don't specify principal/keytab, so disable kerberos cConf.setBoolean(Constants.Security.KERBEROS_ENABLED, false); cConf.setInt(Constants.Security.Authorization.CACHE_MAX_ENTRIES, 0); LocationFactory locationFactory = new LocalLocationFactory(new File(TEMPORARY_FOLDER.newFolder().toURI())); Location authorizerJar = AppJarHelper.createDeploymentJar(locationFactory, InMemoryAuthorizer.class); cConf.set(Constants.Security.Authorization.EXTENSION_JAR_PATH, authorizerJar.toURI().getPath()); return cConf; } }
@BeforeClass public static void setup() throws IOException { CCONF.set(Constants.CFG_LOCAL_DATA_DIR, TEMPORARY_FOLDER.newFolder().getAbsolutePath()); CCONF.setBoolean(Constants.Security.ENABLED, true); CCONF.setBoolean(Constants.Security.Authorization.ENABLED, true); locationFactory = new LocalLocationFactory(TEMPORARY_FOLDER.newFolder()); } }
@Test public void testPublishingDisabled() { boolean auditEnabled = cConf.getBoolean(Constants.Audit.ENABLED); cConf.setBoolean(Constants.Audit.ENABLED, false); generateMetadataUpdates(); try { List<AuditMessage> publishedAuditMessages = auditPublisher.popMessages(); Assert.fail(String.format("Expected no changes to be published, but found %d changes: %s.", publishedAuditMessages.size(), publishedAuditMessages)); } catch (AssertionError e) { // expected } // reset config cConf.setBoolean(Constants.Audit.ENABLED, auditEnabled); }
protected static CConfiguration createCConf() throws IOException { CConfiguration cConf = CConfiguration.create(); File dataDir = new File(TMP_FOLDER.newFolder(), "data"); cConf.set(Constants.CFG_LOCAL_DATA_DIR, dataDir.getAbsolutePath()); if (!DirUtils.mkdirs(dataDir)) { throw new RuntimeException(String.format("Could not create DatasetFramework output dir %s", dataDir)); } cConf.set(Constants.Dataset.Manager.OUTPUT_DIR, dataDir.getAbsolutePath()); cConf.set(Constants.Service.MASTER_SERVICES_BIND_ADDRESS, "localhost"); cConf.setBoolean(Constants.Dangerous.UNRECOVERABLE_RESET, true); return cConf; }
protected static void setup() throws IOException, InterruptedException { cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMPORARY_FOLDER.newFolder().getAbsolutePath()); cConf.setBoolean(Constants.Security.ENABLED, true); cConf.setBoolean(Constants.Security.KERBEROS_ENABLED, false); cConf.setBoolean(Constants.Security.Authorization.ENABLED, true); cConf.setInt(Constants.Security.Authorization.CACHE_TTL_SECS, CACHE_TIMEOUT); Manifest manifest = new Manifest(); manifest.getMainAttributes().put(Attributes.Name.MAIN_CLASS, InMemoryAuthorizer.class.getName()); LocationFactory locationFactory = new LocalLocationFactory(TEMPORARY_FOLDER.newFolder()); Location externalAuthJar = AppJarHelper.createDeploymentJar(locationFactory, InMemoryAuthorizer.class, manifest); cConf.set(Constants.Security.Authorization.EXTENSION_JAR_PATH, externalAuthJar.toString()); Injector injector = AppFabricTestHelper.getInjector(cConf); discoveryService = injector.getInstance(DiscoveryServiceClient.class); appFabricServer = injector.getInstance(AppFabricServer.class); appFabricServer.startAndWait(); waitForService(Constants.Service.APP_FABRIC_HTTP); authorizationEnforcer = injector.getInstance(RemoteAuthorizationEnforcer.class); privilegesManager = injector.getInstance(PrivilegesManager.class); }
@BeforeClass public static void setup() { cConf = CConfiguration.create(); cConf.setBoolean(Constants.Audit.ENABLED, true); Injector injector = AppFabricTestHelper.getInjector(cConf, new AbstractModule() { @Override protected void configure() { bind(MetadataStore.class).to(DefaultMetadataStore.class); install(new AuditModule().getInMemoryModules()); } }); auditPublisher = injector.getInstance(InMemoryAuditPublisher.class); namespaceAdmin = injector.getInstance(NamespaceAdmin.class); scheduler = injector.getInstance(Scheduler.class); if (scheduler instanceof Service) { ((Service) scheduler).startAndWait(); } }
@Test public void testAuthorizationDisabled() throws Exception { CConfiguration cConfCopy = CConfiguration.copy(CCONF); cConfCopy.setBoolean(Constants.Security.Authorization.ENABLED, false); verifyDisabled(cConfCopy); }
@Test public void testAuthenticationDisabled() throws Exception { CConfiguration cConfCopy = CConfiguration.copy(CCONF); cConfCopy.setBoolean(Constants.Security.ENABLED, false); verifyDisabled(cConfCopy); }
private static CConfiguration createCConf() throws Exception { CConfiguration cConf = CConfiguration.create(); cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMPORARY_FOLDER.newFolder().getAbsolutePath()); cConf.setBoolean(Constants.Security.ENABLED, true); cConf.setBoolean(Constants.Security.Authorization.ENABLED, true); // we only want to test authorization, but we don't specify principal/keytab, so disable kerberos cConf.setBoolean(Constants.Security.KERBEROS_ENABLED, false); cConf.setInt(Constants.Security.Authorization.CACHE_MAX_ENTRIES, 0); LocationFactory locationFactory = new LocalLocationFactory(TEMPORARY_FOLDER.newFolder()); Location authorizerJar = AppJarHelper.createDeploymentJar(locationFactory, InMemoryAuthorizer.class); cConf.set(Constants.Security.Authorization.EXTENSION_JAR_PATH, authorizerJar.toURI().getPath()); // set secure store provider cConf.set(Constants.Security.Store.PROVIDER, "file"); return cConf; }
@Override protected void before() throws Throwable { tmpFolder.create(); CConfiguration cConf = CConfiguration.create(); cConf.set(Constants.CFG_LOCAL_DATA_DIR, tmpFolder.newFolder().getAbsolutePath()); cConf.set(Constants.Router.ADDRESS, getLocalHostname()); cConf.setInt(Constants.Router.ROUTER_PORT, Networks.getRandomPort()); cConf.setBoolean(Constants.Dangerous.UNRECOVERABLE_RESET, true); cConf.setBoolean(Constants.Explore.EXPLORE_ENABLED, true); cConf.setBoolean(Constants.Explore.START_ON_DEMAND, false); cConf.setBoolean(StandaloneMain.DISABLE_UI, true); cConf.setBoolean(Constants.Audit.ENABLED, false); for (int i = 0; i < configs.length; i += 2) { cConf.set(configs[i].toString(), configs[i + 1].toString()); } this.cConf = cConf; // Start standalone standaloneMain = StandaloneMain.create(cConf, new Configuration()); standaloneMain.startUp(); try { waitForStandalone(); } catch (Throwable t) { standaloneMain.shutDown(); throw t; } }
@Test public void testAuthenticationDisabled() throws IOException { CConfiguration cConf = CConfiguration.create(); cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMPORARY_FOLDER.newFolder().getAbsolutePath()); cConf.setBoolean(Constants.Security.Authorization.ENABLED, true); assertDisabled(cConf, FeatureDisabledException.Feature.AUTHENTICATION); }
@Test public void testAuthorizationDisabled() throws IOException { CConfiguration cConf = CConfiguration.create(); cConf.setBoolean(Constants.Security.ENABLED, true); cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMPORARY_FOLDER.newFolder().getAbsolutePath()); assertDisabled(cConf, FeatureDisabledException.Feature.AUTHORIZATION); }
@BeforeClass public static void setup() throws Exception { CConfiguration cConf = CConfiguration.create(); cConf.set(Constants.CFG_LOCAL_DATA_DIR, TMP_FOLDER.newFolder().getAbsolutePath()); cConf.setBoolean(Constants.Security.ENABLED, true); cConf.setBoolean(Constants.Security.KERBEROS_ENABLED, false); cConf.setBoolean(Constants.Security.Authorization.ENABLED, true); cConf.setInt(Constants.Security.Authorization.CACHE_MAX_ENTRIES, 0); Location deploymentJar = AppJarHelper.createDeploymentJar(new LocalLocationFactory(TMP_FOLDER.newFolder()), InMemoryAuthorizer.class); cConf.set(Constants.Security.Authorization.EXTENSION_JAR_PATH, deploymentJar.toURI().getPath()); // Add a system artifact File systemArtifactsDir = TMP_FOLDER.newFolder(); cConf.set(Constants.AppFabric.SYSTEM_ARTIFACTS_DIR, systemArtifactsDir.getAbsolutePath()); createSystemArtifact(systemArtifactsDir); Injector injector = AppFabricTestHelper.getInjector(cConf); artifactRepository = injector.getInstance(ArtifactRepository.class); AuthorizerInstantiator instantiatorService = injector.getInstance(AuthorizerInstantiator.class); authorizer = instantiatorService.get(); namespaceAdmin = injector.getInstance(NamespaceAdmin.class); }
@BeforeClass public static void setup() throws IOException { CConfiguration cConf = CConfiguration.create(); cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMP_FOLDER.newFolder().getAbsolutePath()); cConf.setBoolean(Constants.Explore.EXPLORE_ENABLED, true); Injector injector = Guice.createInjector(Modules.override(new AppFabricTestModule(cConf)).with( new AbstractModule() { @Override protected void configure() { // use the DefaultNamespacePathLocator here to test proper namespace creation in storage handler and // not the NamespacedLocationFactoryTestClient bind(NamespacePathLocator.class).to(DefaultNamespacePathLocator.class); } } )); namespacePathLocator = injector.getInstance(NamespacePathLocator.class); storageProviderNamespaceAdmin = injector.getInstance(StorageProviderNamespaceAdmin.class); // start the dataset service for namespace store to work transactionManager = injector.getInstance(TransactionManager.class); transactionManager.startAndWait(); datasetService = injector.getInstance(DatasetService.class); datasetService.startAndWait(); // we don't use namespace admin here but the store because namespaceadmin will try to create the // home directory for namespace which we don't want. We just want to store the namespace meta in store // to look up during the delete. namespaceStore = injector.getInstance(NamespaceStore.class); }
@BeforeClass public static void init() throws Exception { CConfiguration cConf = CConfiguration.create(); cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMP_FOLDER.newFolder().getAbsolutePath()); cConf.setBoolean(Constants.Explore.EXPLORE_ENABLED, false); Injector injector = Guice.createInjector(new AppFabricTestModule(cConf)); txManager = injector.getInstance(TransactionManager.class); txManager.startAndWait(); datasetService = injector.getInstance(DatasetService.class); datasetService.startAndWait(); messagingService = injector.getInstance(MessagingService.class); if (messagingService instanceof Service) { ((Service) messagingService).startAndWait(); } datasetFramework = injector.getInstance(DatasetFramework.class); TransactionSystemClient txClient = injector.getInstance(TransactionSystemClient.class); datasetCache = new MultiThreadDatasetCache( new SystemDatasetInstantiator(datasetFramework), new TransactionSystemClientAdapter(txClient), NamespaceId.SYSTEM, ImmutableMap.of(), null, null); transactional = Transactions.createTransactionalWithRetry(Transactions.createTransactional(datasetCache), RetryStrategies.retryOnConflict(20, 100)); }