Java Code Examples for org.apache.flink.runtime.security.modules.SecurityModule

The following examples show how to use org.apache.flink.runtime.security.modules.SecurityModule. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: Flink-CEPplus   Source File: YarnTaskExecutorRunnerTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testKerberosKeytabConfiguration() throws Exception {
	final String resourceDirPath = Paths.get("src", "test", "resources").toAbsolutePath().toString();

	final Map<String, String> envs = new HashMap<>(2);
	envs.put(YarnConfigKeys.KEYTAB_PRINCIPAL, "[email protected]");
	envs.put(YarnConfigKeys.KEYTAB_PATH, resourceDirPath);

	Configuration configuration = new Configuration();
	YarnTaskExecutorRunner.setupConfigurationAndInstallSecurityContext(configuration, resourceDirPath, envs);

	final List<SecurityModule> modules = SecurityUtils.getInstalledModules();
	Optional<SecurityModule> moduleOpt = modules.stream().filter(module -> module instanceof HadoopModule).findFirst();

	if (moduleOpt.isPresent()) {
		HadoopModule hadoopModule = (HadoopModule) moduleOpt.get();
		assertThat(hadoopModule.getSecurityConfig().getPrincipal(), is("[email protected]"));
		assertThat(hadoopModule.getSecurityConfig().getKeytab(), is(new File(resourceDirPath, Utils.KEYTAB_FILE_NAME).getAbsolutePath()));
	} else {
		fail("Can not find HadoopModule!");
	}

	assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_KEYTAB), is(new File(resourceDirPath, Utils.KEYTAB_FILE_NAME).getAbsolutePath()));
	assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL), is("[email protected]"));
}
 
Example 2
Source Project: Flink-CEPplus   Source File: SecurityUtils.java    License: Apache License 2.0 6 votes vote down vote up
static void uninstall() {
	if (installedModules != null) {
		// uninstall them in reverse order
		for (int i = installedModules.size() - 1; i >= 0; i--) {
			SecurityModule module = installedModules.get(i);
			try {
				module.uninstall();
			}
			catch (UnsupportedOperationException ignored) {
			}
			catch (SecurityModule.SecurityInstallException e) {
				LOG.warn("unable to uninstall a security module", e);
			}
		}
		installedModules = null;
	}

	installedContext = new NoOpSecurityContext();
}
 
Example 3
Source Project: flink   Source File: YarnTaskExecutorRunnerTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testKerberosKeytabConfiguration() throws Exception {
	final String resourceDirPath = Paths.get("src", "test", "resources").toAbsolutePath().toString();

	final Map<String, String> envs = new HashMap<>(2);
	envs.put(YarnConfigKeys.KEYTAB_PRINCIPAL, "[email protected]");
	envs.put(YarnConfigKeys.KEYTAB_PATH, resourceDirPath);

	Configuration configuration = new Configuration();
	YarnTaskExecutorRunner.setupConfigurationAndInstallSecurityContext(configuration, resourceDirPath, envs);

	final List<SecurityModule> modules = SecurityUtils.getInstalledModules();
	Optional<SecurityModule> moduleOpt = modules.stream().filter(module -> module instanceof HadoopModule).findFirst();

	if (moduleOpt.isPresent()) {
		HadoopModule hadoopModule = (HadoopModule) moduleOpt.get();
		assertThat(hadoopModule.getSecurityConfig().getPrincipal(), is("[email protected]"));
		assertThat(hadoopModule.getSecurityConfig().getKeytab(), is(new File(resourceDirPath, Utils.KEYTAB_FILE_NAME).getAbsolutePath()));
	} else {
		fail("Can not find HadoopModule!");
	}

	assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_KEYTAB), is(new File(resourceDirPath, Utils.KEYTAB_FILE_NAME).getAbsolutePath()));
	assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL), is("[email protected]"));
}
 
Example 4
Source Project: flink   Source File: SecurityUtils.java    License: Apache License 2.0 6 votes vote down vote up
static void uninstall() {
	if (installedModules != null) {
		// uninstall them in reverse order
		for (int i = installedModules.size() - 1; i >= 0; i--) {
			SecurityModule module = installedModules.get(i);
			try {
				module.uninstall();
			}
			catch (UnsupportedOperationException ignored) {
			}
			catch (SecurityModule.SecurityInstallException e) {
				LOG.warn("unable to uninstall a security module", e);
			}
		}
		installedModules = null;
	}

	installedContext = new NoOpSecurityContext();
}
 
Example 5
Source Project: flink   Source File: SecurityUtils.java    License: Apache License 2.0 6 votes vote down vote up
static void installModules(SecurityConfiguration config) throws Exception {

		// install the security module factories
		List<SecurityModule> modules = new ArrayList<>();
		for (String moduleFactoryClass : config.getSecurityModuleFactories()) {
			SecurityModuleFactory moduleFactory = null;
			try {
				moduleFactory = SecurityFactoryServiceLoader.findModuleFactory(moduleFactoryClass);
			} catch (NoMatchSecurityFactoryException ne) {
				LOG.error("Unable to instantiate security module factory {}", moduleFactoryClass);
				throw new IllegalArgumentException("Unable to find module factory class", ne);
			}
			SecurityModule module = moduleFactory.createModule(config);
			// can be null if a SecurityModule is not supported in the current environment
			if (module != null) {
				module.install();
				modules.add(module);
			}
		}
		installedModules = modules;
	}
 
Example 6
Source Project: flink   Source File: SecurityUtils.java    License: Apache License 2.0 6 votes vote down vote up
static void uninstall() {
	if (installedModules != null) {
		// uninstall them in reverse order
		for (int i = installedModules.size() - 1; i >= 0; i--) {
			SecurityModule module = installedModules.get(i);
			try {
				module.uninstall();
			}
			catch (UnsupportedOperationException ignored) {
			}
			catch (SecurityModule.SecurityInstallException e) {
				LOG.warn("unable to uninstall a security module", e);
			}
		}
		installedModules = null;
	}

	installedContext = new NoOpSecurityContext();
}
 
Example 7
Source Project: flink   Source File: YarnTaskExecutorRunnerTest.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testDefaultKerberosKeytabConfiguration() throws Exception {
	final String resourceDirPath = Paths.get("src", "test", "resources").toAbsolutePath().toString();

	final Map<String, String> envs = new HashMap<>(2);
	envs.put(YarnConfigKeys.KEYTAB_PRINCIPAL, "[email protected]");
	envs.put(YarnConfigKeys.REMOTE_KEYTAB_PATH, resourceDirPath);
	// Local keytab path will be populated from default YarnConfigOptions.LOCALIZED_KEYTAB_PATH
	envs.put(YarnConfigKeys.LOCAL_KEYTAB_PATH, YarnConfigOptions.LOCALIZED_KEYTAB_PATH.defaultValue());

	Configuration configuration = new Configuration();
	YarnTaskExecutorRunner.setupConfigurationAndInstallSecurityContext(configuration, resourceDirPath, envs);

	final List<SecurityModule> modules = SecurityUtils.getInstalledModules();
	Optional<SecurityModule> moduleOpt = modules.stream().filter(module -> module instanceof HadoopModule).findFirst();

	if (moduleOpt.isPresent()) {
		HadoopModule hadoopModule = (HadoopModule) moduleOpt.get();
		assertThat(hadoopModule.getSecurityConfig().getPrincipal(), is("[email protected]"));
		assertThat(hadoopModule.getSecurityConfig().getKeytab(), is(new File(resourceDirPath, YarnConfigOptions.LOCALIZED_KEYTAB_PATH.defaultValue()).getAbsolutePath()));
	} else {
		fail("Can not find HadoopModule!");
	}

	assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_KEYTAB), is(new File(resourceDirPath, YarnConfigOptions.LOCALIZED_KEYTAB_PATH.defaultValue()).getAbsolutePath()));
	assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL), is("[email protected]"));
}
 
Example 8
Source Project: flink   Source File: YarnTaskExecutorRunnerTest.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testPreInstallKerberosKeytabConfiguration() throws Exception {
	final String resourceDirPath = Paths.get("src", "test", "resources").toAbsolutePath().toString();

	final Map<String, String> envs = new HashMap<>(2);
	envs.put(YarnConfigKeys.KEYTAB_PRINCIPAL, "[email protected]");
	// Try directly resolving local path when no remote keytab path is provided.
	envs.put(YarnConfigKeys.LOCAL_KEYTAB_PATH, "src/test/resources/krb5.keytab");

	Configuration configuration = new Configuration();
	YarnTaskExecutorRunner.setupConfigurationAndInstallSecurityContext(configuration, resourceDirPath, envs);

	final List<SecurityModule> modules = SecurityUtils.getInstalledModules();
	Optional<SecurityModule> moduleOpt = modules.stream().filter(module -> module instanceof HadoopModule).findFirst();

	if (moduleOpt.isPresent()) {
		HadoopModule hadoopModule = (HadoopModule) moduleOpt.get();
		assertThat(hadoopModule.getSecurityConfig().getPrincipal(), is("[email protected]"));
		// Using containString verification as the absolute path varies depending on runtime environment
		assertThat(hadoopModule.getSecurityConfig().getKeytab(), containsString("src/test/resources/krb5.keytab"));
	} else {
		fail("Can not find HadoopModule!");
	}

	assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_KEYTAB), containsString("src/test/resources/krb5.keytab"));
	assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL), is("[email protected]"));

}
 
Example 9
Source Project: flink   Source File: TestHadoopModuleFactory.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public SecurityModule createModule(SecurityConfiguration securityConfig) {
	if (hadoopConfiguration == null) {
		throw new IllegalStateException("Cannot instantiate test module, hadoop config not set!");
	}
	return new HadoopModule(securityConfig, hadoopConfiguration);
}
 
Example 10
Source Project: Flink-CEPplus   Source File: SecurityUtils.java    License: Apache License 2.0 4 votes vote down vote up
public static List<SecurityModule> getInstalledModules() {
	return installedModules;
}
 
Example 11
Source Project: Flink-CEPplus   Source File: SecurityUtilsTest.java    License: Apache License 2.0 4 votes vote down vote up
@Override
public SecurityModule createModule(SecurityConfiguration securityConfig) {
	return new TestSecurityModule();
}
 
Example 12
Source Project: flink   Source File: SecurityUtils.java    License: Apache License 2.0 4 votes vote down vote up
public static List<SecurityModule> getInstalledModules() {
	return installedModules;
}
 
Example 13
Source Project: flink   Source File: SecurityUtilsTest.java    License: Apache License 2.0 4 votes vote down vote up
@Override
public SecurityModule createModule(SecurityConfiguration securityConfig) {
	return new TestSecurityModule();
}
 
Example 14
Source Project: flink   Source File: SecurityUtils.java    License: Apache License 2.0 4 votes vote down vote up
public static List<SecurityModule> getInstalledModules() {
	return installedModules;
}