org.apache.flink.runtime.security.modules.SecurityModule Java Examples
The following examples show how to use
org.apache.flink.runtime.security.modules.SecurityModule.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: YarnTaskExecutorRunnerTest.java From Flink-CEPplus with Apache License 2.0 | 6 votes |
|
@Test
public void testKerberosKeytabConfiguration() throws Exception {
final String resourceDirPath = Paths.get("src", "test", "resources").toAbsolutePath().toString();
final Map<String, String> envs = new HashMap<>(2);
envs.put(YarnConfigKeys.KEYTAB_PRINCIPAL, "testuser1@domain");
envs.put(YarnConfigKeys.KEYTAB_PATH, resourceDirPath);
Configuration configuration = new Configuration();
YarnTaskExecutorRunner.setupConfigurationAndInstallSecurityContext(configuration, resourceDirPath, envs);
final List<SecurityModule> modules = SecurityUtils.getInstalledModules();
Optional<SecurityModule> moduleOpt = modules.stream().filter(module -> module instanceof HadoopModule).findFirst();
if (moduleOpt.isPresent()) {
HadoopModule hadoopModule = (HadoopModule) moduleOpt.get();
assertThat(hadoopModule.getSecurityConfig().getPrincipal(), is("testuser1@domain"));
assertThat(hadoopModule.getSecurityConfig().getKeytab(), is(new File(resourceDirPath, Utils.KEYTAB_FILE_NAME).getAbsolutePath()));
} else {
fail("Can not find HadoopModule!");
}
assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_KEYTAB), is(new File(resourceDirPath, Utils.KEYTAB_FILE_NAME).getAbsolutePath()));
assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL), is("testuser1@domain"));
}
Example #2
| Source File: SecurityUtils.java From Flink-CEPplus with Apache License 2.0 | 6 votes |
|
static void uninstall() {
if (installedModules != null) {
// uninstall them in reverse order
for (int i = installedModules.size() - 1; i >= 0; i--) {
SecurityModule module = installedModules.get(i);
try {
module.uninstall();
}
catch (UnsupportedOperationException ignored) {
}
catch (SecurityModule.SecurityInstallException e) {
LOG.warn("unable to uninstall a security module", e);
}
}
installedModules = null;
}
installedContext = new NoOpSecurityContext();
}
Example #3
| Source File: YarnTaskExecutorRunnerTest.java From flink with Apache License 2.0 | 6 votes |
|
@Test
public void testKerberosKeytabConfiguration() throws Exception {
final String resourceDirPath = Paths.get("src", "test", "resources").toAbsolutePath().toString();
final Map<String, String> envs = new HashMap<>(2);
envs.put(YarnConfigKeys.KEYTAB_PRINCIPAL, "testuser1@domain");
envs.put(YarnConfigKeys.KEYTAB_PATH, resourceDirPath);
Configuration configuration = new Configuration();
YarnTaskExecutorRunner.setupConfigurationAndInstallSecurityContext(configuration, resourceDirPath, envs);
final List<SecurityModule> modules = SecurityUtils.getInstalledModules();
Optional<SecurityModule> moduleOpt = modules.stream().filter(module -> module instanceof HadoopModule).findFirst();
if (moduleOpt.isPresent()) {
HadoopModule hadoopModule = (HadoopModule) moduleOpt.get();
assertThat(hadoopModule.getSecurityConfig().getPrincipal(), is("testuser1@domain"));
assertThat(hadoopModule.getSecurityConfig().getKeytab(), is(new File(resourceDirPath, Utils.KEYTAB_FILE_NAME).getAbsolutePath()));
} else {
fail("Can not find HadoopModule!");
}
assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_KEYTAB), is(new File(resourceDirPath, Utils.KEYTAB_FILE_NAME).getAbsolutePath()));
assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL), is("testuser1@domain"));
}
Example #4
| Source File: SecurityUtils.java From flink with Apache License 2.0 | 6 votes |
|
static void uninstall() {
if (installedModules != null) {
// uninstall them in reverse order
for (int i = installedModules.size() - 1; i >= 0; i--) {
SecurityModule module = installedModules.get(i);
try {
module.uninstall();
}
catch (UnsupportedOperationException ignored) {
}
catch (SecurityModule.SecurityInstallException e) {
LOG.warn("unable to uninstall a security module", e);
}
}
installedModules = null;
}
installedContext = new NoOpSecurityContext();
}
Example #5
| Source File: SecurityUtils.java From flink with Apache License 2.0 | 6 votes |
|
static void installModules(SecurityConfiguration config) throws Exception {
// install the security module factories
List<SecurityModule> modules = new ArrayList<>();
for (String moduleFactoryClass : config.getSecurityModuleFactories()) {
SecurityModuleFactory moduleFactory = null;
try {
moduleFactory = SecurityFactoryServiceLoader.findModuleFactory(moduleFactoryClass);
} catch (NoMatchSecurityFactoryException ne) {
LOG.error("Unable to instantiate security module factory {}", moduleFactoryClass);
throw new IllegalArgumentException("Unable to find module factory class", ne);
}
SecurityModule module = moduleFactory.createModule(config);
// can be null if a SecurityModule is not supported in the current environment
if (module != null) {
module.install();
modules.add(module);
}
}
installedModules = modules;
}
Example #6
| Source File: SecurityUtils.java From flink with Apache License 2.0 | 6 votes |
|
static void uninstall() {
if (installedModules != null) {
// uninstall them in reverse order
for (int i = installedModules.size() - 1; i >= 0; i--) {
SecurityModule module = installedModules.get(i);
try {
module.uninstall();
}
catch (UnsupportedOperationException ignored) {
}
catch (SecurityModule.SecurityInstallException e) {
LOG.warn("unable to uninstall a security module", e);
}
}
installedModules = null;
}
installedContext = new NoOpSecurityContext();
}
Example #7
| Source File: YarnTaskExecutorRunnerTest.java From flink with Apache License 2.0 | 5 votes |
|
@Test
public void testDefaultKerberosKeytabConfiguration() throws Exception {
final String resourceDirPath = Paths.get("src", "test", "resources").toAbsolutePath().toString();
final Map<String, String> envs = new HashMap<>(2);
envs.put(YarnConfigKeys.KEYTAB_PRINCIPAL, "testuser1@domain");
envs.put(YarnConfigKeys.REMOTE_KEYTAB_PATH, resourceDirPath);
// Local keytab path will be populated from default YarnConfigOptions.LOCALIZED_KEYTAB_PATH
envs.put(YarnConfigKeys.LOCAL_KEYTAB_PATH, YarnConfigOptions.LOCALIZED_KEYTAB_PATH.defaultValue());
Configuration configuration = new Configuration();
YarnTaskExecutorRunner.setupConfigurationAndInstallSecurityContext(configuration, resourceDirPath, envs);
final List<SecurityModule> modules = SecurityUtils.getInstalledModules();
Optional<SecurityModule> moduleOpt = modules.stream().filter(module -> module instanceof HadoopModule).findFirst();
if (moduleOpt.isPresent()) {
HadoopModule hadoopModule = (HadoopModule) moduleOpt.get();
assertThat(hadoopModule.getSecurityConfig().getPrincipal(), is("testuser1@domain"));
assertThat(hadoopModule.getSecurityConfig().getKeytab(), is(new File(resourceDirPath, YarnConfigOptions.LOCALIZED_KEYTAB_PATH.defaultValue()).getAbsolutePath()));
} else {
fail("Can not find HadoopModule!");
}
assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_KEYTAB), is(new File(resourceDirPath, YarnConfigOptions.LOCALIZED_KEYTAB_PATH.defaultValue()).getAbsolutePath()));
assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL), is("testuser1@domain"));
}
Example #8
| Source File: YarnTaskExecutorRunnerTest.java From flink with Apache License 2.0 | 5 votes |
|
@Test
public void testPreInstallKerberosKeytabConfiguration() throws Exception {
final String resourceDirPath = Paths.get("src", "test", "resources").toAbsolutePath().toString();
final Map<String, String> envs = new HashMap<>(2);
envs.put(YarnConfigKeys.KEYTAB_PRINCIPAL, "testuser1@domain");
// Try directly resolving local path when no remote keytab path is provided.
envs.put(YarnConfigKeys.LOCAL_KEYTAB_PATH, "src/test/resources/krb5.keytab");
Configuration configuration = new Configuration();
YarnTaskExecutorRunner.setupConfigurationAndInstallSecurityContext(configuration, resourceDirPath, envs);
final List<SecurityModule> modules = SecurityUtils.getInstalledModules();
Optional<SecurityModule> moduleOpt = modules.stream().filter(module -> module instanceof HadoopModule).findFirst();
if (moduleOpt.isPresent()) {
HadoopModule hadoopModule = (HadoopModule) moduleOpt.get();
assertThat(hadoopModule.getSecurityConfig().getPrincipal(), is("testuser1@domain"));
// Using containString verification as the absolute path varies depending on runtime environment
assertThat(hadoopModule.getSecurityConfig().getKeytab(), containsString("src/test/resources/krb5.keytab"));
} else {
fail("Can not find HadoopModule!");
}
assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_KEYTAB), containsString("src/test/resources/krb5.keytab"));
assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL), is("testuser1@domain"));
}
Example #9
| Source File: TestHadoopModuleFactory.java From flink with Apache License 2.0 | 5 votes |
|
@Override
public SecurityModule createModule(SecurityConfiguration securityConfig) {
if (hadoopConfiguration == null) {
throw new IllegalStateException("Cannot instantiate test module, hadoop config not set!");
}
return new HadoopModule(securityConfig, hadoopConfiguration);
}
Example #10
| Source File: SecurityUtils.java From Flink-CEPplus with Apache License 2.0 | 4 votes |
|
public static List<SecurityModule> getInstalledModules() {
return installedModules;
}
Example #11
| Source File: SecurityUtilsTest.java From Flink-CEPplus with Apache License 2.0 | 4 votes |
|
@Override
public SecurityModule createModule(SecurityConfiguration securityConfig) {
return new TestSecurityModule();
}
Example #12
| Source File: SecurityUtils.java From flink with Apache License 2.0 | 4 votes |
|
public static List<SecurityModule> getInstalledModules() {
return installedModules;
}
Example #13
| Source File: SecurityUtilsTest.java From flink with Apache License 2.0 | 4 votes |
|
@Override
public SecurityModule createModule(SecurityConfiguration securityConfig) {
return new TestSecurityModule();
}
Example #14
| Source File: SecurityUtils.java From flink with Apache License 2.0 | 4 votes |
|
public static List<SecurityModule> getInstalledModules() {
return installedModules;
}
