@Before public void setUp() throws Exception { CConfiguration conf = CConfiguration.create(); conf.set(Constants.Security.Store.FILE_PATH, TEMP_FOLDER.newFolder().getAbsolutePath()); SConfiguration sConf = SConfiguration.create(); sConf.set(Constants.Security.Store.FILE_PASSWORD, "secret"); InMemoryNamespaceAdmin namespaceClient = new InMemoryNamespaceAdmin(); NamespaceMeta namespaceMeta = new NamespaceMeta.Builder() .setName(NAMESPACE1) .build(); namespaceClient.create(namespaceMeta); namespaceMeta = new NamespaceMeta.Builder() .setName(NAMESPACE2) .build(); namespaceClient.create(namespaceMeta); FileSecureStoreService fileSecureStoreService = new FileSecureStoreService(conf, sConf, namespaceClient); secureStoreManager = fileSecureStoreService; secureStore = fileSecureStoreService; }
@Test public void testGetAppAuthorizingUse() throws Exception { OwnerAdmin ownerAdmin = getOwnerAdmin(); // test with complete principal (alice/somehost.net@somerealm.net) String principal = username + "/" + InetAddress.getLocalHost().getHostName() + "@REALM.net"; NamespaceMeta nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal) .setKeytabURI("doesnotmatter").build(); namespaceClient.create(nsMeta); Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null)); // test with principal which is just username (alice) namespaceClient.delete(namespaceId); principal = username; nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal) .setKeytabURI("doesnotmatter").build(); namespaceClient.create(nsMeta); Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null)); // test with principal and realm (alice@somerealm.net) namespaceClient.delete(namespaceId); principal = username + "@REALM.net"; nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal) .setKeytabURI("doesnotmatter").build(); namespaceClient.create(nsMeta); Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null)); // clean up namespaceClient.delete(namespaceId); }
@BeforeClass public static void init() throws Exception { cConf = CConfiguration.create(); // Note: it is important to initialize the UGI before we call AuthorizationUtil.getAppAuthorizingUser(..) // which uses KerberosName since KerberosName expect the rules for matching to be set. See // http://lucene.472066.n3.nabble.com/KerberosName-rules-are-null-during-KerberosName-getShortName- // in-KerberosAuthenticationHandler-td4074309.html for more context username = UserGroupInformation.getCurrentUser().getShortUserName(); namespaceClient = new InMemoryNamespaceAdmin(); authenticationContext = new AuthenticationTestContext(); }
@BeforeClass public static void init() throws IOException { zkServer = InMemoryZKServer.builder().setDataDir(TEMP_FOLDER.newFolder()).build(); zkServer.startAndWait(); cConf = CConfiguration.create(); cConf.set(Constants.Zookeeper.QUORUM, zkServer.getConnectionStr()); cConf.setInt(Constants.Zookeeper.CFG_SESSION_TIMEOUT_MILLIS, 2000); cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMP_FOLDER.newFolder().getAbsolutePath()); cConf.set(Constants.MessagingSystem.HTTP_SERVER_BIND_ADDRESS, InetAddress.getLocalHost().getHostName()); cConf.set(Constants.MessagingSystem.SYSTEM_TOPICS, "topic"); cConf.setLong(Constants.MessagingSystem.HA_FENCING_DELAY_SECONDS, 0L); namespaceQueryAdmin = new InMemoryNamespaceAdmin(); levelDBTableFactory = new LevelDBTableFactory(cConf); }
@BeforeClass public static void setUp() throws Exception { InMemoryNamespaceAdmin namespaceClient = new InMemoryNamespaceAdmin(); NamespaceMeta namespaceMeta = new NamespaceMeta.Builder() .setName(NAMESPACE1) .build(); namespaceClient.create(namespaceMeta); secureStoreService = new SecretManagerSecureStoreService(namespaceClient, new MockSecretManagerContext(), "mock", new MockSecretManager()); secureStoreService.startAndWait(); }
@BeforeClass public static void init() throws Exception { cConf = CConfiguration.create(); cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMP_FOLDER.newFolder().getAbsolutePath()); namespaceClient = new InMemoryNamespaceAdmin(); // Start KDC miniKdc = new MiniKdc(MiniKdc.createConf(), TEMP_FOLDER.newFolder()); miniKdc.start(); System.setProperty("java.security.krb5.conf", miniKdc.getKrb5conf().getAbsolutePath()); localKeytabDirPath = TEMP_FOLDER.newFolder(); // Generate keytab aliceKeytabFile = createPrincipal(localKeytabDirPath, "alice"); bobKeytabFile = createPrincipal(localKeytabDirPath, "bob"); eveKeytabFile = createPrincipal(localKeytabDirPath, "eve"); // construct Kerberos PrincipalIds aliceKerberosPrincipalId = new KerberosPrincipalId(getPrincipal("alice")); bobKerberosPrincipalId = new KerberosPrincipalId(getPrincipal("bob")); eveKerberosPrincipalId = new KerberosPrincipalId(getPrincipal("eve")); // Start mini DFS cluster Configuration hConf = new Configuration(); hConf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, TEMP_FOLDER.newFolder().getAbsolutePath()); hConf.setBoolean("ipc.client.fallback-to-simple-auth-allowed", true); miniDFSCluster = new MiniDFSCluster.Builder(hConf).numDataNodes(1).build(); miniDFSCluster.waitClusterUp(); locationFactory = new FileContextLocationFactory(miniDFSCluster.getFileSystem().getConf()); hConf = new Configuration(); hConf.set("hadoop.security.authentication", "kerberos"); UserGroupInformation.setConfiguration(hConf); }
@BeforeClass public static void setUp() throws Exception { CConfiguration conf = CConfiguration.create(); conf.set(Constants.Security.Store.FILE_PATH, TEMP_FOLDER.newFolder().getAbsolutePath()); SConfiguration sConf = SConfiguration.create(); sConf.set(Constants.Security.Store.FILE_PASSWORD, "secret"); InMemoryNamespaceAdmin namespaceClient = new InMemoryNamespaceAdmin(); NamespaceMeta namespaceMeta = new NamespaceMeta.Builder() .setName(NAMESPACE1) .build(); namespaceClient.create(namespaceMeta); FileSecureStoreService fileSecureStoreService = new FileSecureStoreService(conf, sConf, namespaceClient); // Starts a mock server to handle remote secure store requests httpService = NettyHttpService.builder("remoteSecureStoreTest") .setHttpHandlers(new SecureStoreHandler(fileSecureStoreService, fileSecureStoreService)) .setExceptionHandler(new HttpExceptionHandler()) .build(); httpService.start(); InMemoryDiscoveryService discoveryService = new InMemoryDiscoveryService(); discoveryService.register(new Discoverable(Constants.Service.SECURE_STORE_SERVICE, httpService.getBindAddress())); remoteSecureStore = new RemoteSecureStore(discoveryService); }
LocationFactory locationFactory = new LocalLocationFactory(locationFactoryPath); NamespaceAdmin nsAdmin = new InMemoryNamespaceAdmin();