@BeforeClass public static void beforeClass() throws IOException, InterruptedException { cConf.setInt(Constants.Security.Authorization.CACHE_MAX_ENTRIES, 10000); RemotePrivilegesTestBase.setup(); }
@BeforeClass public static void beforeClass() throws IOException, InterruptedException { cConf.setInt(Constants.Security.Authorization.CACHE_MAX_ENTRIES, 0); RemotePrivilegesTestBase.setup(); }
@Override protected Injector doInit(TwillContext context) { CConfiguration cConf = getCConfiguration(); cConf.set(Constants.MessagingSystem.HTTP_SERVER_BIND_ADDRESS, context.getHost().getHostName()); cConf.setInt(Constants.MessagingSystem.CONTAINER_INSTANCE_ID, context.getInstanceId()); injector = createInjector(cConf, getConfiguration()); injector.getInstance(LogAppenderInitializer.class).initialize(); LoggingContextAccessor.setLoggingContext(new ServiceLoggingContext(NamespaceId.SYSTEM.getNamespace(), Constants.Logging.COMPONENT_NAME, Constants.Service.MESSAGING_SERVICE)); return injector; }
@BeforeClass public static void beforeClass() throws IOException { // we are only gonna do long-running transactions here. Set the tx timeout to a ridiculously low value. // that will test that the long-running transactions actually bypass that timeout. CConfiguration conf = CConfiguration.create(); conf.setInt(TxConstants.Manager.CFG_TX_TIMEOUT, 1); conf.setInt(TxConstants.Manager.CFG_TX_CLEANUP_INTERVAL, 2); Injector injector = AppFabricTestHelper.getInjector(conf); txService = injector.getInstance(TransactionManager.class); txExecutorFactory = injector.getInstance(TransactionExecutorFactory.class); dsFramework = injector.getInstance(DatasetFramework.class); datasetCache = new SingleThreadDatasetCache( new SystemDatasetInstantiator(dsFramework, WorkerProgramRunnerTest.class.getClassLoader(), null), injector.getInstance(TransactionSystemClient.class), NamespaceId.DEFAULT, DatasetDefinition.NO_ARGUMENTS, null, null); metricStore = injector.getInstance(MetricStore.class); txService.startAndWait(); }
/** * LDAP server and related handler configurations. */ protected CConfiguration getConfiguration(CConfiguration cConf) { String configBase = Constants.Security.AUTH_HANDLER_CONFIG_BASE; // Use random port for testing cConf.setInt(Constants.Security.AUTH_SERVER_BIND_PORT, 0); cConf.setInt(Constants.Security.AuthenticationServer.SSL_PORT, 0); cConf.set(Constants.Security.AUTH_HANDLER_CLASS, LDAPAuthenticationHandler.class.getName()); cConf.set(Constants.Security.LOGIN_MODULE_CLASS_NAME, LDAPLoginModule.class.getName()); cConf.set(configBase.concat("debug"), "true"); cConf.set(configBase.concat("hostname"), InetAddress.getLoopbackAddress().getHostName()); cConf.set(configBase.concat("port"), Integer.toString(ldapPort)); cConf.set(configBase.concat("userBaseDn"), "dc=example,dc=com"); cConf.set(configBase.concat("userRdnAttribute"), "cn"); cConf.set(configBase.concat("userObjectClass"), "inetorgperson"); URL keytabUrl = ExternalAuthenticationServerTestBase.class.getClassLoader().getResource("test.keytab"); Assert.assertNotNull(keytabUrl); cConf.set(Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH, keytabUrl.getPath()); cConf.set(Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL, "test_principal"); return cConf; }
@BeforeClass public static void beforeClass() throws Exception { CConfiguration conf = CConfiguration.create(); // allow subclasses to override the following two parameters Integer txTimeout = Integer.getInteger(TxConstants.Manager.CFG_TX_TIMEOUT); if (txTimeout != null) { conf.setInt(TxConstants.Manager.CFG_TX_TIMEOUT, txTimeout); } Integer txCleanupInterval = Integer.getInteger(TxConstants.Manager.CFG_TX_CLEANUP_INTERVAL); if (txCleanupInterval != null) { conf.setInt(TxConstants.Manager.CFG_TX_CLEANUP_INTERVAL, txCleanupInterval); } injector = AppFabricTestHelper.getInjector(conf); txService = injector.getInstance(TransactionManager.class); txExecutorFactory = injector.getInstance(TransactionExecutorFactory.class); dsFramework = injector.getInstance(DatasetFramework.class); datasetCache = new SingleThreadDatasetCache( new SystemDatasetInstantiator(dsFramework, MapReduceRunnerTestBase.class.getClassLoader(), null), injector.getInstance(TransactionSystemClient.class), NamespaceId.DEFAULT, DatasetDefinition.NO_ARGUMENTS, null, null); metricStore = injector.getInstance(MetricStore.class); txService.startAndWait(); // Always create the default namespace injector.getInstance(NamespaceAdmin.class).create(NamespaceMeta.DEFAULT); }
/** * Authentication Server with 2-way SSL and related handler configurations. */ protected CConfiguration getConfiguration(CConfiguration cConf) { String configBase = Constants.Security.AUTH_HANDLER_CONFIG_BASE; cConf.set(Constants.Security.SSL.EXTERNAL_ENABLED, Boolean.TRUE.toString()); // Use random port for testing cConf.setInt(Constants.Security.AUTH_SERVER_BIND_PORT, Networks.getRandomPort()); cConf.setInt(Constants.Security.AuthenticationServer.SSL_PORT, Networks.getRandomPort()); // Setting the Authentication Handler to the Certificate Handler cConf.set(Constants.Security.AUTH_HANDLER_CLASS, CertificateAuthenticationHandler.class.getName()); cConf.set(Constants.Security.LOGIN_MODULE_CLASS_NAME, PropertyFileLoginModule.class.getName()); cConf.set(configBase.concat("debug"), "true"); cConf.set(configBase.concat("hostname"), "localhost"); URL keytabUrl = ExternalMTLSAuthenticationServerTest.class.getClassLoader().getResource("test.keytab"); Assert.assertNotNull(keytabUrl); cConf.set(Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH, keytabUrl.getPath()); cConf.set(Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL, "test_principal"); return cConf; }
private static CConfiguration createCConf() throws IOException { CConfiguration cConf = CConfiguration.create(); cConf.setBoolean(Constants.Security.ENABLED, true); cConf.setBoolean(Constants.Security.Authorization.ENABLED, true); // we only want to test authorization, but we don't specify principal/keytab, so disable kerberos cConf.setBoolean(Constants.Security.KERBEROS_ENABLED, false); cConf.setInt(Constants.Security.Authorization.CACHE_MAX_ENTRIES, 0); LocationFactory locationFactory = new LocalLocationFactory(new File(TEMPORARY_FOLDER.newFolder().toURI())); Location authorizerJar = AppJarHelper.createDeploymentJar(locationFactory, InMemoryAuthorizer.class); cConf.set(Constants.Security.Authorization.EXTENSION_JAR_PATH, authorizerJar.toURI().getPath()); return cConf; }
private static CConfiguration createCConf() throws IOException { CConfiguration cConf = CConfiguration.create(); cConf.setBoolean(Constants.Security.ENABLED, true); cConf.setBoolean(Constants.Security.Authorization.ENABLED, true); // we only want to test authorization, but we don't specify principal/keytab, so disable kerberos cConf.setBoolean(Constants.Security.KERBEROS_ENABLED, false); cConf.setInt(Constants.Security.Authorization.CACHE_MAX_ENTRIES, 0); LocationFactory locationFactory = new LocalLocationFactory(new File(TEMPORARY_FOLDER.newFolder().toURI())); Location authorizerJar = AppJarHelper.createDeploymentJar(locationFactory, InMemoryAuthorizer.class); cConf.set(Constants.Security.Authorization.EXTENSION_JAR_PATH, authorizerJar.toURI().getPath()); return cConf; } }
protected static void setup() throws IOException, InterruptedException { cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMPORARY_FOLDER.newFolder().getAbsolutePath()); cConf.setBoolean(Constants.Security.ENABLED, true); cConf.setBoolean(Constants.Security.KERBEROS_ENABLED, false); cConf.setBoolean(Constants.Security.Authorization.ENABLED, true); cConf.setInt(Constants.Security.Authorization.CACHE_TTL_SECS, CACHE_TIMEOUT); Manifest manifest = new Manifest(); manifest.getMainAttributes().put(Attributes.Name.MAIN_CLASS, InMemoryAuthorizer.class.getName()); LocationFactory locationFactory = new LocalLocationFactory(TEMPORARY_FOLDER.newFolder()); Location externalAuthJar = AppJarHelper.createDeploymentJar(locationFactory, InMemoryAuthorizer.class, manifest); cConf.set(Constants.Security.Authorization.EXTENSION_JAR_PATH, externalAuthJar.toString()); Injector injector = AppFabricTestHelper.getInjector(cConf); discoveryService = injector.getInstance(DiscoveryServiceClient.class); appFabricServer = injector.getInstance(AppFabricServer.class); appFabricServer.startAndWait(); waitForService(Constants.Service.APP_FABRIC_HTTP); authorizationEnforcer = injector.getInstance(RemoteAuthorizationEnforcer.class); privilegesManager = injector.getInstance(PrivilegesManager.class); }
@Test(expected = IllegalArgumentException.class) public void testDefaultExceedsMax() throws Exception { CConfiguration cConfiguration = CConfiguration.create(); cConfiguration.setInt(TxConstants.Manager.CFG_TX_TIMEOUT, cConfiguration.getInt(TxConstants.Manager.CFG_TX_MAX_TIMEOUT) + 5); run(cConfiguration); } }
@Test public void testProgrammatic() { CConfiguration cConf = CConfiguration.create(); cConf.setInt(Configs.Keys.JAVA_RESERVED_MEMORY_MB, 300); Configuration hConf = new Configuration(); hConf.setInt(Job.MAP_MEMORY_MB, 3000); hConf.setInt(Job.MAP_CPU_VCORES, 5); // Always use configurations setup programmatically via job conf. MapReduceRuntimeService.TaskType.MAP.configure(hConf, cConf, Collections.emptyMap(), null); int maxHeapSize = org.apache.twill.internal.utils.Resources.computeMaxHeapSize( 3000, cConf.getInt(Configs.Keys.JAVA_RESERVED_MEMORY_MB), 0); validateResources(cConf, hConf, 3000, 5, maxHeapSize); // Even resources is provided via context, it is ignored. hConf = new Configuration(); hConf.setInt(Job.MAP_MEMORY_MB, 3000); hConf.setInt(Job.MAP_CPU_VCORES, 5); MapReduceRuntimeService.TaskType.MAP.configure(hConf, cConf, Collections.emptyMap(), new Resources(1234)); maxHeapSize = org.apache.twill.internal.utils.Resources.computeMaxHeapSize( 3000, cConf.getInt(Configs.Keys.JAVA_RESERVED_MEMORY_MB), 0); validateResources(cConf, hConf, 3000, 5, maxHeapSize); // Set the reserved memory via task arguments hConf = new Configuration(); hConf.setInt(Job.MAP_MEMORY_MB, 3000); hConf.setInt(Job.MAP_CPU_VCORES, 5); MapReduceRuntimeService.TaskType.MAP.configure( hConf, cConf, Collections.singletonMap("system.resources.reserved.memory.override", "2000"), null); validateResources(cConf, hConf, 3000, 5, 3000 - 2000); }
@BeforeClass public static void beforeClass() throws Exception { CConfiguration cConf = CConfiguration.create(); cConf.set(Constants.Security.AUTH_SERVER_BIND_ADDRESS, InetAddress.getLoopbackAddress().getHostName()); cConf.set(Constants.Security.SSL.EXTERNAL_ENABLED, "false"); cConf.setInt(Constants.Security.AUTH_SERVER_BIND_PORT, 0); configuration = cConf; sConfiguration = SConfiguration.create(); ldapListenerConfig = InMemoryListenerConfig.createLDAPConfig("LDAP", InetAddress.getLoopbackAddress(), ldapPort, null); testServer = new ExternalLDAPAuthenticationServerTest(); testServer.setup(); }
@Test public void testContextResources() { CConfiguration cConf = CConfiguration.create(); cConf.setInt(Configs.Keys.JAVA_RESERVED_MEMORY_MB, 300); Configuration hConf = new Configuration(); // Resources is set through context object // At runtime time, it is either from spec, from runtime arg of the program // or from the context.setResources call in the initialize() method) Resources resources = new Resources(2345, 8); MapReduceRuntimeService.TaskType.MAP.configure(hConf, cConf, Collections.emptyMap(), resources); int maxHeapSize = org.apache.twill.internal.utils.Resources.computeMaxHeapSize( 2345, cConf.getInt(Configs.Keys.JAVA_RESERVED_MEMORY_MB), 0); validateResources(cConf, hConf, 2345, 8, maxHeapSize); // Set the reserved memory via task arguments hConf = new Configuration(); MapReduceRuntimeService.TaskType.MAP.configure( hConf, cConf, Collections.singletonMap("system.resources.reserved.memory.override", "1000"), resources); validateResources(cConf, hConf, 2345, 8, 2345 - 1000); }
protected static CConfiguration createCConf() throws IOException { CConfiguration cConf = DatasetServiceTestBase.createCConf(); cConf.setBoolean(Constants.Security.ENABLED, true); cConf.setBoolean(Constants.Security.Authorization.ENABLED, true); // we only want to test authorization, but we don't specify principal/keytab, so disable kerberos cConf.setBoolean(Constants.Security.KERBEROS_ENABLED, false); cConf.setInt(Constants.Security.Authorization.CACHE_MAX_ENTRIES, 0); Location authorizerJar = AppJarHelper.createDeploymentJar(locationFactory, InMemoryAuthorizer.class); cConf.set(Constants.Security.Authorization.EXTENSION_JAR_PATH, authorizerJar.toURI().getPath()); return cConf; }
@BeforeClass public static void beforeClass() throws Exception { URL certUrl = ExternalLDAPAuthenticationServerSSLTest.class.getClassLoader().getResource("cert.jks"); Assert.assertNotNull(certUrl); String authHandlerConfigBase = Constants.Security.AUTH_HANDLER_CONFIG_BASE; CConfiguration cConf = CConfiguration.create(); SConfiguration sConf = SConfiguration.create(); cConf.set(Constants.Security.AUTH_SERVER_BIND_ADDRESS, InetAddress.getLoopbackAddress().getHostName()); cConf.set(Constants.Security.SSL.EXTERNAL_ENABLED, "true"); cConf.setInt(Constants.Security.AuthenticationServer.SSL_PORT, 0); cConf.set(authHandlerConfigBase.concat("useLdaps"), "true"); cConf.set(authHandlerConfigBase.concat("ldapsVerifyCertificate"), "false"); sConf.set(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PATH, certUrl.getPath()); configuration = cConf; sConfiguration = sConf; String keystorePassword = sConf.get(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PASSWORD); KeyStoreKeyManager keyManager = new KeyStoreKeyManager(certUrl.getFile(), keystorePassword.toCharArray()); SSLUtil sslUtil = new SSLUtil(keyManager, new TrustAllTrustManager()); ldapListenerConfig = InMemoryListenerConfig.createLDAPSConfig("LDAP", InetAddress.getLoopbackAddress(), ldapPort, sslUtil.createSSLServerSocketFactory(), sslUtil.createSSLSocketFactory()); testServer = new ExternalLDAPAuthenticationServerSSLTest(); testServer.setup(); }
@BeforeClass public static void init() throws IOException { cConf = CConfiguration.create(); cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMP_FOLDER.newFolder().getAbsolutePath()); cConf.setInt(Constants.MessagingSystem.HTTP_SERVER_CONSUME_CHUNK_SIZE, 128); // Set max life time to a high value so that dummy tx ids that we create in the tests still work cConf.setLong(TxConstants.Manager.CFG_TX_MAX_LIFETIME, 10000000000L); Injector injector = Guice.createInjector( new ConfigModule(cConf), new InMemoryDiscoveryModule(), new MessagingServerRuntimeModule().getInMemoryModules(), new AbstractModule() { @Override protected void configure() { bind(MetricsCollectionService.class).toInstance(new NoOpMetricsCollectionService()); } } ); httpService = injector.getInstance(MessagingHttpService.class); httpService.startAndWait(); client = new ClientMessagingService(injector.getInstance(DiscoveryServiceClient.class)); }
@BeforeClass public static void setup() throws Exception { CConfiguration cConf = CConfiguration.create(); cConf.set(Constants.CFG_LOCAL_DATA_DIR, TMP_FOLDER.newFolder().getAbsolutePath()); cConf.setBoolean(Constants.Security.ENABLED, true); cConf.setBoolean(Constants.Security.KERBEROS_ENABLED, false); cConf.setBoolean(Constants.Security.Authorization.ENABLED, true); cConf.setInt(Constants.Security.Authorization.CACHE_MAX_ENTRIES, 0); Location deploymentJar = AppJarHelper.createDeploymentJar(new LocalLocationFactory(TMP_FOLDER.newFolder()), InMemoryAuthorizer.class); cConf.set(Constants.Security.Authorization.EXTENSION_JAR_PATH, deploymentJar.toURI().getPath()); // Add a system artifact File systemArtifactsDir = TMP_FOLDER.newFolder(); cConf.set(Constants.AppFabric.SYSTEM_ARTIFACTS_DIR, systemArtifactsDir.getAbsolutePath()); createSystemArtifact(systemArtifactsDir); Injector injector = AppFabricTestHelper.getInjector(cConf); artifactRepository = injector.getInstance(ArtifactRepository.class); AuthorizerInstantiator instantiatorService = injector.getInstance(AuthorizerInstantiator.class); authorizer = instantiatorService.get(); namespaceAdmin = injector.getInstance(NamespaceAdmin.class); }
private static CConfiguration createCConf() throws Exception { CConfiguration cConf = CConfiguration.create(); cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMPORARY_FOLDER.newFolder().getAbsolutePath()); cConf.setBoolean(Constants.Security.ENABLED, true); cConf.setBoolean(Constants.Security.Authorization.ENABLED, true); // we only want to test authorization, but we don't specify principal/keytab, so disable kerberos cConf.setBoolean(Constants.Security.KERBEROS_ENABLED, false); cConf.setInt(Constants.Security.Authorization.CACHE_MAX_ENTRIES, 0); LocationFactory locationFactory = new LocalLocationFactory(TEMPORARY_FOLDER.newFolder()); Location authorizerJar = AppJarHelper.createDeploymentJar(locationFactory, InMemoryAuthorizer.class); cConf.set(Constants.Security.Authorization.EXTENSION_JAR_PATH, authorizerJar.toURI().getPath()); // set secure store provider cConf.set(Constants.Security.Store.PROVIDER, "file"); return cConf; }
@BeforeClass public static void init() throws IOException { zkServer = InMemoryZKServer.builder().setDataDir(TEMP_FOLDER.newFolder()).build(); zkServer.startAndWait(); cConf = CConfiguration.create(); cConf.set(Constants.Zookeeper.QUORUM, zkServer.getConnectionStr()); cConf.setInt(Constants.Zookeeper.CFG_SESSION_TIMEOUT_MILLIS, 2000); cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMP_FOLDER.newFolder().getAbsolutePath()); cConf.set(Constants.MessagingSystem.HTTP_SERVER_BIND_ADDRESS, InetAddress.getLocalHost().getHostName()); cConf.set(Constants.MessagingSystem.SYSTEM_TOPICS, "topic"); cConf.setLong(Constants.MessagingSystem.HA_FENCING_DELAY_SECONDS, 0L); namespaceQueryAdmin = new InMemoryNamespaceAdmin(); levelDBTableFactory = new LevelDBTableFactory(cConf); }