Repository: incubator-atlas Updated Branches: refs/heads/master 9d3037433 -> b93fe4a46
ATLAS-86 Jenkins build failing as of build #41 (shwethags) Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/b93fe4a4 Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/b93fe4a4 Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/b93fe4a4 Branch: refs/heads/master Commit: b93fe4a466058597d3c49e1bedf51f13356d2aae Parents: 9d30374 Author: Shwetha GS <[email protected]> Authored: Fri Jul 31 09:22:55 2015 +0530 Committer: Shwetha GS <[email protected]> Committed: Fri Jul 31 09:22:55 2015 +0530 ---------------------------------------------------------------------- addons/hive-bridge/pom.xml | 45 +--- .../atlas/hive/hook/BaseSSLAndKerberosTest.java | 127 ---------- .../hook/NegativeSSLAndKerberosHiveHookIT.java | 163 ------------ .../hive/hook/SSLAndKerberosHiveHookIT.java | 249 ------------------- .../apache/atlas/hive/hook/SSLHiveHookIT.java | 214 ---------------- client/pom.xml | 24 -- .../org/apache/atlas/ApplicationProperties.java | 64 +---- .../atlas/security/SecureClientUtils.java | 2 +- .../src/test/resources/application.properties | 2 +- pom.xml | 25 +- release-log.txt | 1 + src/conf/application.properties | 4 +- webapp/pom.xml | 19 +- .../atlas/web/service/SecureEmbeddedServer.java | 12 +- .../java/org/apache/atlas/web/TestUtils.java | 49 ++++ .../web/security/BaseSSLAndKerberosTest.java | 112 +++++++++ .../atlas/web/security/BaseSecurityTest.java | 33 ++- .../web/security/NegativeSSLAndKerberosIT.java | 127 ++++++++++ .../atlas/web/security/SSLAndKerberosIT.java | 163 ++++++++++++ .../org/apache/atlas/web/security/SSLIT.java | 137 ++++++++++ 20 files changed, 665 insertions(+), 907 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/addons/hive-bridge/pom.xml ---------------------------------------------------------------------- diff --git a/addons/hive-bridge/pom.xml b/addons/hive-bridge/pom.xml index 117d76c..66b5f74 100755 --- a/addons/hive-bridge/pom.xml +++ b/addons/hive-bridge/pom.xml @@ -38,11 +38,6 @@ </properties> <dependencies> - <dependency> - <groupId>org.apache.hadoop</groupId> - <artifactId>hadoop-minikdc</artifactId> - </dependency> - <!-- Logging --> <dependency> <groupId>org.slf4j</groupId> @@ -95,21 +90,20 @@ <dependency> <groupId>org.apache.atlas</groupId> + <artifactId>atlas-typesystem</artifactId> + </dependency> + + <dependency> + <groupId>org.apache.atlas</groupId> <artifactId>atlas-client</artifactId> - <version>${version}</version> - <exclusions> - <exclusion> - <groupId>com.google.guava</groupId> - <artifactId>guava</artifactId> - </exclusion> - </exclusions> - <scope>runtime</scope> - <type>test-jar</type> </dependency> + <!-- to bring up atlas server for integration tests --> <dependency> <groupId>org.apache.atlas</groupId> - <artifactId>atlas-typesystem</artifactId> + <artifactId>atlas-webapp</artifactId> + <type>war</type> + <scope>test</scope> </dependency> <dependency> @@ -128,20 +122,6 @@ </dependency> <dependency> - <groupId>org.apache.atlas</groupId> - <artifactId>atlas-webapp</artifactId> - <classifier>classes</classifier> - </dependency> - - <dependency> - <groupId>org.apache.atlas</groupId> - <artifactId>atlas-webapp</artifactId> - <type>test-jar</type> - <version>${project.version}</version> - <scope>test</scope> - </dependency> - - <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-server</artifactId> <scope>test</scope> @@ -329,13 +309,6 @@ <skip>false</skip> </configuration> </plugin> - - <plugin> - <groupId>org.apache.felix</groupId> - <artifactId>maven-bundle-plugin</artifactId> - <inherited>true</inherited> - <extensions>true</extensions> - </plugin> </plugins> </build> </project> http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/BaseSSLAndKerberosTest.java ---------------------------------------------------------------------- diff --git a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/BaseSSLAndKerberosTest.java b/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/BaseSSLAndKerberosTest.java deleted file mode 100644 index 11163c8..0000000 --- a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/BaseSSLAndKerberosTest.java +++ /dev/null @@ -1,127 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.atlas.hive.hook; - -import org.apache.atlas.web.security.BaseSecurityTest; -import org.apache.atlas.web.service.SecureEmbeddedServer; -import org.apache.commons.configuration.PropertiesConfiguration; -import org.apache.commons.io.FileUtils; -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.fs.Path; -import org.apache.hadoop.hive.conf.HiveConf; -import org.apache.hadoop.security.alias.CredentialProvider; -import org.apache.hadoop.security.alias.CredentialProviderFactory; -import org.eclipse.jetty.server.Server; - -import java.io.File; -import java.io.IOException; - -import static org.apache.atlas.security.SecurityProperties.KEYSTORE_PASSWORD_KEY; -import static org.apache.atlas.security.SecurityProperties.SERVER_CERT_PASSWORD_KEY; -import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_KEY; - -/** - * - */ -public class BaseSSLAndKerberosTest extends BaseSecurityTest { - public static final String TESTUSER = "testuser"; - public static final String TESTPASS = "testpass"; - protected static final String DGI_URL = "https://localhost:21443/";; - protected Path jksPath; - protected String providerUrl; - protected File httpKeytabFile; - private File userKeytabFile; - - class TestSecureEmbeddedServer extends SecureEmbeddedServer { - - public TestSecureEmbeddedServer(int port, String path) throws IOException { - super(port, path); - } - - public Server getServer() { - return server; - } - - @Override - public PropertiesConfiguration getConfiguration() { - return super.getConfiguration(); - } - } - - protected void setupCredentials() throws Exception { - Configuration conf = new Configuration(false); - - File file = new File(jksPath.toUri().getPath()); - file.delete(); - conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl); - - CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); - - // create new aliases - try { - - char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; - provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass); - - char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; - provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass); - - char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'}; - provider.createCredentialEntry("ssl.client.truststore.password", trustpass2); - - char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; - provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass); - - // write out so that it can be found in checks - provider.flush(); - } catch (Exception e) { - e.printStackTrace(); - throw e; - } - } - - public void setupKDCAndPrincipals() throws Exception { - // set up the KDC - File kdcWorkDir = startKDC(); - - userKeytabFile = createKeytab(kdc, kdcWorkDir, "dgi", "dgi.keytab"); - httpKeytabFile = createKeytab(kdc, kdcWorkDir, "HTTP", "spnego.service.keytab"); - - // create a test user principal - kdc.createPrincipal(TESTUSER, TESTPASS); - - StringBuilder jaas = new StringBuilder(1024); - jaas.append("TestUser {\n" + - " com.sun.security.auth.module.Krb5LoginModule required\nuseTicketCache=true;\n" + - "};\n"); - jaas.append(createJAASEntry("Client", "dgi", userKeytabFile)); - jaas.append(createJAASEntry("Server", "HTTP", httpKeytabFile)); - - File jaasFile = new File(kdcWorkDir, "jaas.txt"); - FileUtils.write(jaasFile, jaas.toString()); - bindJVMtoJAASFile(jaasFile); - } - - protected String getWarPath() { - return String.format("/../../webapp/target/atlas-webapp-%s", - System.getProperty("project.version")); - } - - protected HiveConf getHiveConf() { - return HiveHookIT.createHiveConf(DGI_URL); - } -} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/NegativeSSLAndKerberosHiveHookIT.java ---------------------------------------------------------------------- diff --git a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/NegativeSSLAndKerberosHiveHookIT.java b/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/NegativeSSLAndKerberosHiveHookIT.java deleted file mode 100755 index 891e06c..0000000 --- a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/NegativeSSLAndKerberosHiveHookIT.java +++ /dev/null @@ -1,163 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.atlas.hive.hook; - -import org.apache.atlas.security.SecurityProperties; -import org.apache.commons.configuration.PropertiesConfiguration; -import org.apache.commons.lang.RandomStringUtils; -import org.apache.hadoop.fs.Path; -import org.apache.hadoop.hive.conf.HiveConf; -import org.apache.hadoop.hive.ql.Driver; -import org.apache.hadoop.hive.ql.session.SessionState; -import org.apache.hadoop.security.alias.JavaKeyStoreProvider; -import org.apache.hadoop.security.ssl.SSLFactory; -import org.apache.hadoop.security.ssl.SSLHostnameVerifier; -import org.eclipse.jetty.webapp.WebAppContext; -import org.testng.Assert; -import org.testng.annotations.AfterClass; -import org.testng.annotations.BeforeClass; -import org.testng.annotations.Test; - -import java.io.File; -import java.io.FileWriter; -import java.net.URL; -import java.nio.file.Files; - -import static org.apache.atlas.security.SecurityProperties.CERT_STORES_CREDENTIAL_PROVIDER_PATH; -import static org.apache.atlas.security.SecurityProperties.KEYSTORE_FILE_KEY; -import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED; -import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY; - -/** - * Perform all the necessary setup steps for client and server comm over SSL/Kerberos, but then don't estalish a - * kerberos user for the invocation. Need a separate use case since the Jersey layer cached the URL connection handler, - * which indirectly caches the kerberos delegation token. - */ -public class NegativeSSLAndKerberosHiveHookIT extends BaseSSLAndKerberosTest { - - private Driver driver; - private SessionState ss; - private TestSecureEmbeddedServer secureEmbeddedServer; - private String originalConf; - - @BeforeClass - public void setUp() throws Exception { - //Set-up hive session - HiveConf conf = getHiveConf(); - driver = new Driver(conf); - ss = new SessionState(conf, System.getProperty("user.name")); - ss = SessionState.start(ss); - SessionState.setCurrentSessionState(ss); - - jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); - providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); - - String persistDir = null; - URL resource = NegativeSSLAndKerberosHiveHookIT.class.getResource("/"); - if (resource != null) { - persistDir = resource.toURI().getPath(); - } - // delete prior ssl-client.xml file - resource = NegativeSSLAndKerberosHiveHookIT.class.getResource("/" + SecurityProperties.SSL_CLIENT_PROPERTIES); - if (resource != null) { - File sslClientFile = new File(persistDir, SecurityProperties.SSL_CLIENT_PROPERTIES); - if (sslClientFile != null && sslClientFile.exists()) { - sslClientFile.delete(); - } - } - setupKDCAndPrincipals(); - setupCredentials(); - - // client will actually only leverage subset of these properties - final PropertiesConfiguration configuration = new PropertiesConfiguration(); - configuration.setProperty(TLS_ENABLED, true); - configuration.setProperty(TRUSTSTORE_FILE_KEY, "../../webapp/target/atlas.keystore"); - configuration.setProperty(KEYSTORE_FILE_KEY, "../../webapp/target/atlas.keystore"); - configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl); - configuration.setProperty("atlas.http.authentication.type", "kerberos"); - configuration.setProperty(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, - SSLHostnameVerifier.DEFAULT_AND_LOCALHOST.toString()); - - configuration.save(new FileWriter(persistDir + File.separator + "client.properties")); - - String confLocation = System.getProperty("atlas.conf"); - URL url; - if (confLocation == null) { - url = NegativeSSLAndKerberosHiveHookIT.class.getResource("/application.properties"); - } else { - url = new File(confLocation, "application.properties").toURI().toURL(); - } - configuration.load(url); - - configuration.setProperty(TLS_ENABLED, true); - configuration.setProperty("atlas.http.authentication.enabled", "true"); - configuration.setProperty("atlas.http.authentication.kerberos.principal", "HTTP/localhost@" + kdc.getRealm()); - configuration.setProperty("atlas.http.authentication.kerberos.keytab", httpKeytabFile.getAbsolutePath()); - configuration.setProperty("atlas.http.authentication.kerberos.name.rules", - "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT"); - - configuration.save(new FileWriter(persistDir + File.separator + "application.properties")); - - secureEmbeddedServer = new TestSecureEmbeddedServer(21443, "webapp/target/apache-atlas") { - @Override - public PropertiesConfiguration getConfiguration() { - return configuration; - } - }; - WebAppContext webapp = new WebAppContext(); - webapp.setContextPath("/"); - webapp.setWar(System.getProperty("user.dir") + getWarPath()); - secureEmbeddedServer.getServer().setHandler(webapp); - - // save original setting - originalConf = System.getProperty("atlas.conf"); - System.setProperty("atlas.conf", persistDir); - secureEmbeddedServer.getServer().start(); - - } - - @AfterClass - public void tearDown() throws Exception { - if (secureEmbeddedServer != null) { - secureEmbeddedServer.getServer().stop(); - } - - if (kdc != null) { - kdc.stop(); - } - - if (originalConf != null) { - System.setProperty("atlas.conf", originalConf); - } - } - - private void runCommand(final String cmd) throws Exception { - ss.setCommandType(null); - driver.run(cmd); - Assert.assertNotNull(driver.getErrorMsg()); - Assert.assertTrue(driver.getErrorMsg().contains("Mechanism level: Failed to find any Kerberos tgt")); - } - - @Test - public void testUnsecuredCreateDatabase() throws Exception { - String dbName = "db" + RandomStringUtils.randomAlphanumeric(5).toLowerCase(); - runCommand("create database " + dbName); - } - -} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLAndKerberosHiveHookIT.java ---------------------------------------------------------------------- diff --git a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLAndKerberosHiveHookIT.java b/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLAndKerberosHiveHookIT.java deleted file mode 100755 index 7471680..0000000 --- a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLAndKerberosHiveHookIT.java +++ /dev/null @@ -1,249 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.atlas.hive.hook; - -import org.apache.atlas.AtlasClient; -import org.apache.atlas.AtlasException; -import org.apache.atlas.hive.model.HiveDataTypes; -import org.apache.atlas.security.SecurityProperties; -import org.apache.commons.configuration.PropertiesConfiguration; -import org.apache.commons.lang.RandomStringUtils; -import org.apache.hadoop.fs.Path; -import org.apache.hadoop.hive.conf.HiveConf; -import org.apache.hadoop.hive.ql.Driver; -import org.apache.hadoop.hive.ql.session.SessionState; -import org.apache.hadoop.security.UserGroupInformation; -import org.apache.hadoop.security.alias.JavaKeyStoreProvider; -import org.apache.hadoop.security.ssl.SSLFactory; -import org.apache.hadoop.security.ssl.SSLHostnameVerifier; -import org.codehaus.jettison.json.JSONArray; -import org.eclipse.jetty.webapp.WebAppContext; -import org.testng.Assert; -import org.testng.annotations.AfterClass; -import org.testng.annotations.BeforeClass; -import org.testng.annotations.Test; - -import javax.security.auth.Subject; -import javax.security.auth.callback.Callback; -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.callback.NameCallback; -import javax.security.auth.callback.PasswordCallback; -import javax.security.auth.callback.UnsupportedCallbackException; -import javax.security.auth.login.LoginContext; -import javax.security.auth.login.LoginException; -import java.io.File; -import java.io.FileWriter; -import java.io.IOException; -import java.net.URL; -import java.nio.file.Files; -import java.security.PrivilegedExceptionAction; - -import static org.apache.atlas.security.SecurityProperties.CERT_STORES_CREDENTIAL_PROVIDER_PATH; -import static org.apache.atlas.security.SecurityProperties.KEYSTORE_FILE_KEY; -import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED; -import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY; - -public class SSLAndKerberosHiveHookIT extends BaseSSLAndKerberosTest { - public static final String TEST_USER_JAAS_SECTION = "TestUser"; - public static final String TESTUSER = "testuser"; - public static final String TESTPASS = "testpass"; - - private static final String DGI_URL = "https://localhost:21443/";; - private Driver driver; - private AtlasClient dgiCLient; - private SessionState ss; - private TestSecureEmbeddedServer secureEmbeddedServer; - private Subject subject; - private String originalConf; - - @BeforeClass - public void setUp() throws Exception { - //Set-up hive session - HiveConf conf = getHiveConf(); - driver = new Driver(conf); - ss = new SessionState(conf, System.getProperty("user.name")); - ss = SessionState.start(ss); - SessionState.setCurrentSessionState(ss); - - jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); - providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); - - String persistDir = null; - URL resource = SSLAndKerberosHiveHookIT.class.getResource("/"); - if (resource != null) { - persistDir = resource.toURI().getPath(); - } - // delete prior ssl-client.xml file - resource = SSLAndKerberosHiveHookIT.class.getResource("/" + SecurityProperties.SSL_CLIENT_PROPERTIES); - if (resource != null) { - File sslClientFile = new File(persistDir, SecurityProperties.SSL_CLIENT_PROPERTIES); - if (sslClientFile != null && sslClientFile.exists()) { - sslClientFile.delete(); - } - } - setupKDCAndPrincipals(); - setupCredentials(); - - // client will actually only leverage subset of these properties - final PropertiesConfiguration configuration = new PropertiesConfiguration(); - configuration.setProperty(TLS_ENABLED, true); - configuration.setProperty(TRUSTSTORE_FILE_KEY, "../../webapp/target/atlas.keystore"); - configuration.setProperty(KEYSTORE_FILE_KEY, "../../webapp/target/atlas.keystore"); - configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl); - configuration.setProperty("atlas.http.authentication.type", "kerberos"); - configuration.setProperty(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, - SSLHostnameVerifier.DEFAULT_AND_LOCALHOST.toString()); - - configuration.save(new FileWriter(persistDir + File.separator + "client.properties")); - - String confLocation = System.getProperty("atlas.conf"); - URL url; - if (confLocation == null) { - url = SSLAndKerberosHiveHookIT.class.getResource("/application.properties"); - } else { - url = new File(confLocation, "application.properties").toURI().toURL(); - } - configuration.load(url); - configuration.setProperty(TLS_ENABLED, true); - configuration.setProperty("atlas.http.authentication.enabled", "true"); - configuration.setProperty("atlas.http.authentication.kerberos.principal", "HTTP/localhost@" + kdc.getRealm()); - configuration.setProperty("atlas.http.authentication.kerberos.keytab", httpKeytabFile.getAbsolutePath()); - configuration.setProperty("atlas.http.authentication.kerberos.name.rules", - "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT"); - - configuration.save(new FileWriter(persistDir + File.separator + "application.properties")); - - subject = loginTestUser(); - UserGroupInformation.loginUserFromSubject(subject); - UserGroupInformation proxyUser = UserGroupInformation.createProxyUser( - "testUser", - UserGroupInformation.getLoginUser()); - - dgiCLient = proxyUser.doAs(new PrivilegedExceptionAction<AtlasClient>() { - @Override - public AtlasClient run() throws Exception { - return new AtlasClient(DGI_URL) { - @Override - protected PropertiesConfiguration getClientProperties() throws AtlasException { - return configuration; - } - }; - } - }); - - secureEmbeddedServer = new TestSecureEmbeddedServer(21443, "webapp/target/apache-atlas") { - @Override - public PropertiesConfiguration getConfiguration() { - return configuration; - } - }; - WebAppContext webapp = new WebAppContext(); - webapp.setContextPath("/"); - webapp.setWar(System.getProperty("user.dir") + getWarPath()); - secureEmbeddedServer.getServer().setHandler(webapp); - - // save original setting - originalConf = System.getProperty("atlas.conf"); - System.setProperty("atlas.conf", persistDir); - secureEmbeddedServer.getServer().start(); - - } - - @AfterClass - public void tearDown() throws Exception { - if (secureEmbeddedServer != null) { - secureEmbeddedServer.getServer().stop(); - } - - if (kdc != null) { - kdc.stop(); - } - - if (originalConf != null) { - System.setProperty("atlas.conf", originalConf); - } - } - - protected Subject loginTestUser() throws LoginException, IOException { - LoginContext lc = new LoginContext(TEST_USER_JAAS_SECTION, new CallbackHandler() { - - @Override - public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { - for (int i = 0; i < callbacks.length; i++) { - if (callbacks[i] instanceof PasswordCallback) { - PasswordCallback passwordCallback = (PasswordCallback) callbacks[i]; - passwordCallback.setPassword(TESTPASS.toCharArray()); - } - if (callbacks[i] instanceof NameCallback) { - NameCallback nameCallback = (NameCallback) callbacks[i]; - nameCallback.setName(TESTUSER); - } - } - } - }); - // attempt authentication - lc.login(); - return lc.getSubject(); - } - - private void runCommand(final String cmd) throws Exception { - ss.setCommandType(null); - UserGroupInformation.loginUserFromSubject(subject); - UserGroupInformation proxyUser = UserGroupInformation.createProxyUser( - "testUser", - UserGroupInformation.getLoginUser()); - proxyUser.doAs(new PrivilegedExceptionAction<Object>() { - @Override - public Object run() throws Exception { - driver.run(cmd); - - return null; - } - }); - } - - @Test - public void testCreateDatabase() throws Exception { - String dbName = "db" + RandomStringUtils.randomAlphanumeric(5).toLowerCase(); - runCommand("create database " + dbName); - - assertDatabaseIsRegistered(dbName); - } - - private void assertDatabaseIsRegistered(String dbName) throws Exception { - assertInstanceIsRegistered(HiveDataTypes.HIVE_DB.getName(), "name", dbName); - } - - private void assertInstanceIsRegistered(final String typeName, final String colName, final String colValue) - throws Exception { - UserGroupInformation.loginUserFromSubject(subject); - UserGroupInformation proxyUser = UserGroupInformation.createProxyUser( - "testUser", - UserGroupInformation.getLoginUser()); - proxyUser.doAs(new PrivilegedExceptionAction<Object>() { - @Override - public Object run() throws Exception { - JSONArray results = dgiCLient.rawSearch(typeName, colName, colValue); - Assert.assertEquals(results.length(), 1); - - return null; - } - }); - } -} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLHiveHookIT.java ---------------------------------------------------------------------- diff --git a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLHiveHookIT.java b/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLHiveHookIT.java deleted file mode 100755 index b114d5a..0000000 --- a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLHiveHookIT.java +++ /dev/null @@ -1,214 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.atlas.hive.hook; - -import org.apache.atlas.AtlasClient; -import org.apache.atlas.AtlasException; -import org.apache.atlas.hive.bridge.HiveMetaStoreBridge; -import org.apache.atlas.hive.model.HiveDataTypes; -import org.apache.atlas.security.SecurityProperties; -import org.apache.atlas.web.service.SecureEmbeddedServer; -import org.apache.commons.configuration.PropertiesConfiguration; -import org.apache.commons.lang.RandomStringUtils; -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.fs.Path; -import org.apache.hadoop.hive.conf.HiveConf; -import org.apache.hadoop.hive.ql.Driver; -import org.apache.hadoop.hive.ql.session.SessionState; -import org.apache.hadoop.security.alias.CredentialProvider; -import org.apache.hadoop.security.alias.CredentialProviderFactory; -import org.apache.hadoop.security.alias.JavaKeyStoreProvider; -import org.apache.hadoop.security.ssl.SSLFactory; -import org.apache.hadoop.security.ssl.SSLHostnameVerifier; -import org.codehaus.jettison.json.JSONArray; -import org.eclipse.jetty.server.Server; -import org.eclipse.jetty.webapp.WebAppContext; -import org.testng.Assert; -import org.testng.annotations.AfterClass; -import org.testng.annotations.BeforeClass; -import org.testng.annotations.Test; - -import java.io.File; -import java.io.FileWriter; -import java.io.IOException; -import java.net.URL; -import java.nio.file.Files; - -import static org.apache.atlas.security.SecurityProperties.CERT_STORES_CREDENTIAL_PROVIDER_PATH; -import static org.apache.atlas.security.SecurityProperties.KEYSTORE_FILE_KEY; -import static org.apache.atlas.security.SecurityProperties.KEYSTORE_PASSWORD_KEY; -import static org.apache.atlas.security.SecurityProperties.SERVER_CERT_PASSWORD_KEY; -import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED; -import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY; -import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_KEY; - -public class SSLHiveHookIT { - private static final String DGI_URL = "https://localhost:21443/";; - private Driver driver; - private AtlasClient dgiCLient; - private SessionState ss; - private Path jksPath; - private String providerUrl; - private TestSecureEmbeddedServer secureEmbeddedServer; - - class TestSecureEmbeddedServer extends SecureEmbeddedServer { - - public TestSecureEmbeddedServer(int port, String path) throws IOException { - super(port, path); - } - - public Server getServer() { - return server; - } - - @Override - public PropertiesConfiguration getConfiguration() { - return super.getConfiguration(); - } - } - - @BeforeClass - public void setUp() throws Exception { - //Set-up hive session - HiveConf conf = getHiveConf(); - driver = new Driver(conf); - ss = new SessionState(conf, System.getProperty("user.name")); - ss = SessionState.start(ss); - SessionState.setCurrentSessionState(ss); - - jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); - providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); - - String persistDir = null; - URL resource = SSLHiveHookIT.class.getResource("/"); - if (resource != null) { - persistDir = resource.toURI().getPath(); - } - // delete prior ssl-client.xml file - resource = SSLHiveHookIT.class.getResource("/" + SecurityProperties.SSL_CLIENT_PROPERTIES); - if (resource != null) { - File sslClientFile = new File(persistDir, SecurityProperties.SSL_CLIENT_PROPERTIES); - if (sslClientFile != null && sslClientFile.exists()) { - sslClientFile.delete(); - } - } - setupCredentials(); - - final PropertiesConfiguration configuration = new PropertiesConfiguration(); - configuration.setProperty(TLS_ENABLED, true); - configuration.setProperty(TRUSTSTORE_FILE_KEY, "../../webapp/target/atlas.keystore"); - configuration.setProperty(KEYSTORE_FILE_KEY, "../../webapp/target/atlas.keystore"); - configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl); - configuration.setProperty(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, - SSLHostnameVerifier.DEFAULT_AND_LOCALHOST.toString()); - - configuration.save(new FileWriter(persistDir + File.separator + "client.properties")); - - dgiCLient = new AtlasClient(DGI_URL) { - @Override - protected PropertiesConfiguration getClientProperties() throws AtlasException { - return configuration; - } - }; - - secureEmbeddedServer = new TestSecureEmbeddedServer(21443, "webapp/target/apache-atlas") { - @Override - public PropertiesConfiguration getConfiguration() { - return configuration; - } - }; - WebAppContext webapp = new WebAppContext(); - webapp.setContextPath("/"); - webapp.setWar(System.getProperty("user.dir") + getWarPath()); - secureEmbeddedServer.getServer().setHandler(webapp); - - secureEmbeddedServer.getServer().start(); - - } - - @AfterClass - public void tearDown() throws Exception { - if (secureEmbeddedServer != null) { - secureEmbeddedServer.getServer().stop(); - } - } - - protected void setupCredentials() throws Exception { - Configuration conf = new Configuration(false); - - File file = new File(jksPath.toUri().getPath()); - file.delete(); - conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl); - - CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); - - // create new aliases - try { - - char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; - provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass); - - char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; - provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass); - - char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'}; - provider.createCredentialEntry("ssl.client.truststore.password", trustpass2); - - char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; - provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass); - - // write out so that it can be found in checks - provider.flush(); - } catch (Exception e) { - e.printStackTrace(); - throw e; - } - } - - protected String getWarPath() { - return String.format("/../../webapp/target/atlas-webapp-%s", - System.getProperty("project.version")); - } - - private HiveConf getHiveConf() { - return HiveHookIT.createHiveConf(DGI_URL); - } - - private void runCommand(String cmd) throws Exception { - ss.setCommandType(null); - driver.run(cmd); - } - - @Test - public void testCreateDatabase() throws Exception { - String dbName = "db" + RandomStringUtils.randomAlphanumeric(5).toLowerCase(); - runCommand("create database " + dbName); - - assertDatabaseIsRegistered(dbName); - } - - private void assertDatabaseIsRegistered(String dbName) throws Exception { - assertInstanceIsRegistered(HiveDataTypes.HIVE_DB.getName(), "name", dbName); - } - - private void assertInstanceIsRegistered(String typeName, String colName, String colValue) throws Exception { - JSONArray results = dgiCLient.rawSearch(typeName, colName, colValue); - Assert.assertEquals(results.length(), 1); - } -} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/client/pom.xml ---------------------------------------------------------------------- diff --git a/client/pom.xml b/client/pom.xml index be19a71..2f883cd 100755 --- a/client/pom.xml +++ b/client/pom.xml @@ -77,28 +77,4 @@ <artifactId>testng</artifactId> </dependency> </dependencies> - - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-jar-plugin</artifactId> - <executions> - <execution> - <goals> - <goal>test-jar</goal> - </goals> - </execution> - </executions> - </plugin> - - <plugin> - <groupId>org.apache.felix</groupId> - <artifactId>maven-bundle-plugin</artifactId> - <inherited>true</inherited> - <extensions>true</extensions> - </plugin> - </plugins> - </build> - </project> http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/client/src/main/java/org/apache/atlas/ApplicationProperties.java ---------------------------------------------------------------------- diff --git a/client/src/main/java/org/apache/atlas/ApplicationProperties.java b/client/src/main/java/org/apache/atlas/ApplicationProperties.java index ad87d8d..15cca47 100644 --- a/client/src/main/java/org/apache/atlas/ApplicationProperties.java +++ b/client/src/main/java/org/apache/atlas/ApplicationProperties.java @@ -17,8 +17,10 @@ package org.apache.atlas; +import org.apache.commons.configuration.AbstractConfiguration; import org.apache.commons.configuration.Configuration; import org.apache.commons.configuration.ConfigurationException; +import org.apache.commons.configuration.ConfigurationUtils; import org.apache.commons.configuration.PropertiesConfiguration; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -59,66 +61,26 @@ public class ApplicationProperties extends PropertiesConfiguration { : new File(confLocation, fileName).toURI().toURL(); LOG.info("Loading {} from {}", fileName, url); - ApplicationProperties configuration = new ApplicationProperties(url); + Configuration configuration = new ApplicationProperties(url).interpolatedConfiguration(); + logConfiguration(configuration); + return configuration; + } catch (Exception e) { + throw new AtlasException("Failed to load application properties", e); + } + } + + private static void logConfiguration(Configuration configuration) { + if (LOG.isDebugEnabled()) { Iterator<String> keys = configuration.getKeys(); LOG.debug("Configuration loaded:"); - while(keys.hasNext()) { + while (keys.hasNext()) { String key = keys.next(); LOG.debug("{} = {}", key, configuration.getProperty(key)); } - return configuration; - } catch (Exception e) { - throw new AtlasException("Failed to load application properties", e); } } public static final Configuration getSubsetConfiguration(Configuration inConf, String prefix) { return inConf.subset(prefix); } - - @Override - public Object getProperty(String key) { - Object value = super.getProperty(key); - if (value instanceof String) { - value = substituteVars((String) value); - } - return value; - } - - private static final Pattern VAR_PATTERN = Pattern.compile("\\$\\{[^\\}\\$\u0020]+\\}"); - - private static final int MAX_SUBST = 20; - - private String substituteVars(String expr) { - if (expr == null) { - return null; - } - Matcher match = VAR_PATTERN.matcher(""); - String eval = expr; - - for(int s = 0; s < MAX_SUBST; s++) { - match.reset(eval); - if (!match.find()) { - return eval; - } - String var = match.group(); - var = var.substring(2, var.length() - 1); // remove ${ .. } - String val = null; - try { - val = System.getProperty(var); - } catch(SecurityException se) { - LOG.warn("Unexpected SecurityException in Configuration", se); - } - if (val == null) { - val = getString(var); - } - if (val == null) { - return eval; // return literal ${var}: var is unbound - } - - // substitute - eval = eval.substring(0, match.start()) + val + eval.substring(match.end()); - } - throw new IllegalStateException("Variable substitution depth too large: " + MAX_SUBST + " " + expr); - } } http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java ---------------------------------------------------------------------- diff --git a/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java b/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java index b70c5ce..d3b474a 100644 --- a/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java +++ b/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java @@ -64,7 +64,7 @@ public class SecureClientUtils { final UserGroupInformation ugi) { config.getProperties().put(URLConnectionClientHandler.PROPERTY_HTTP_URL_CONNECTION_SET_METHOD_WORKAROUND, true); Configuration conf = new Configuration(); - conf.addResource(conf.get(SSLFactory.SSL_CLIENT_CONF_KEY, "ssl-client.xml")); + conf.addResource(conf.get(SSLFactory.SSL_CLIENT_CONF_KEY, SecurityProperties.SSL_CLIENT_PROPERTIES)); UserGroupInformation.setConfiguration(conf); final ConnectionConfigurator connConfigurator = newConnConfigurator(conf); String authType = "simple"; http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/client/src/test/resources/application.properties ---------------------------------------------------------------------- diff --git a/client/src/test/resources/application.properties b/client/src/test/resources/application.properties index 9672d1e..dbd6002 100644 --- a/client/src/test/resources/application.properties +++ b/client/src/test/resources/application.properties @@ -17,7 +17,7 @@ # #system property -atlas.data=/var/data/${user.name}/atlas +atlas.data=/var/data/${sys:user.name}/atlas #re-use existing property atlas.graph.data=${atlas.data}/graph http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index c201b4c..602e70f 100755 --- a/pom.xml +++ b/pom.xml @@ -353,6 +353,8 @@ <!-- skips checkstyle and find bugs --> <skipCheck>false</skipCheck> + <skipTests>false</skipTests> + <projectBaseDir>${project.basedir}</projectBaseDir> <titan.storage.backend>berkeleyje</titan.storage.backend> <titan.index.backend>elasticsearch</titan.index.backend> </properties> @@ -909,23 +911,15 @@ <dependency> <groupId>org.apache.atlas</groupId> - <artifactId>atlas-webapp</artifactId> - <version>${project.version}</version> - <classifier>classes</classifier> - </dependency> - - <dependency> - <groupId>org.apache.atlas</groupId> <artifactId>atlas-client</artifactId> <version>${project.version}</version> </dependency> <dependency> <groupId>org.apache.atlas</groupId> - <artifactId>atlas-client</artifactId> + <artifactId>atlas-webapp</artifactId> <version>${project.version}</version> - <type>test-jar</type> - <scope>test</scope> + <type>war</type> </dependency> <!--Scala dependencies--> @@ -1303,6 +1297,14 @@ </plugin> <plugin> + <groupId>org.apache.felix</groupId> + <artifactId>maven-bundle-plugin</artifactId> + <version>2.5.4</version> + <inherited>true</inherited> + <extensions>true</extensions> + </plugin> + + <plugin> <artifactId>maven-assembly-plugin</artifactId> <inherited>false</inherited> <configuration> @@ -1349,6 +1351,9 @@ <artifactId>maven-failsafe-plugin</artifactId> <version>2.18.1</version> <configuration> + <systemPropertyVariables> + <projectBaseDir>${projectBaseDir}</projectBaseDir> + </systemPropertyVariables> <redirectTestOutputToFile>true</redirectTestOutputToFile> <argLine>-Djava.awt.headless=true -Dproject.version=${project.version} -Dhadoop.tmp.dir=${project.build.directory}/tmp-hadoop-${user.name} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/release-log.txt ---------------------------------------------------------------------- diff --git a/release-log.txt b/release-log.txt index 7a7329c..93c1288 100644 --- a/release-log.txt +++ b/release-log.txt @@ -8,6 +8,7 @@ ATLAS-54 Rename configs in hive hook (shwethags) ATLAS-3 Mixed Index creation fails with Date types (suma.shivaprasad via shwethags) ALL CHANGES: +ATLAS-86 Jenkins build failing as of build #41 (shwethags) ATLAS-80 Support for variables in application properties (shwethags) ATLAS-37 atlas repository, webapp, hive-bridge tests fails with Hbase and Solr as Titan storage backend (suma.shivaprasad via shwethags) ATLAS-56 atlas_config.py should give an informative error if jar or java binaries can't be found ([email protected] via shwethags) http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/src/conf/application.properties ---------------------------------------------------------------------- diff --git a/src/conf/application.properties b/src/conf/application.properties index 51f2529..5487749 100755 --- a/src/conf/application.properties +++ b/src/conf/application.properties @@ -19,7 +19,7 @@ ######### Graph Database Configs ######### # Graph Storage atlas.graph.storage.backend=berkeleyje -atlas.graph.storage.directory=${atlas.home}/data/berkley +atlas.graph.storage.directory=${sys:atlas.home}/data/berkley #Hbase as stoarge backend #hbase @@ -40,7 +40,7 @@ atlas.graph.storage.directory=${atlas.home}/data/berkley # Graph Search Index atlas.graph.index.search.backend=elasticsearch -atlas.graph.index.search.directory=${atlas.home}/data/es +atlas.graph.index.search.directory=${sys:atlas.home}/data/es atlas.graph.index.search.elasticsearch.client-only=false atlas.graph.index.search.elasticsearch.local-mode=true atlas.graph.index.search.elasticsearch.create.sleep=2000 http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/pom.xml ---------------------------------------------------------------------- diff --git a/webapp/pom.xml b/webapp/pom.xml index 86e1ebf..d558d74 100755 --- a/webapp/pom.xml +++ b/webapp/pom.xml @@ -34,6 +34,7 @@ <packaging>war</packaging> <properties> + <projectBaseDir>${project.basedir}/..</projectBaseDir> <debug.jetty.daemon>true</debug.jetty.daemon> </properties> @@ -51,7 +52,6 @@ <dependency> <groupId>org.apache.atlas</groupId> <artifactId>atlas-client</artifactId> - <type>test-jar</type> </dependency> <dependency> @@ -252,17 +252,6 @@ </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-jar-plugin</artifactId> - <executions> - <execution> - <goals> - <goal>test-jar</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <configuration> <attachClasses>true</attachClasses> @@ -395,12 +384,6 @@ </executions> </plugin> <plugin> - <groupId>org.apache.felix</groupId> - <artifactId>maven-bundle-plugin</artifactId> - <inherited>true</inherited> - <extensions>true</extensions> - </plugin> - <plugin> <groupId>net.alchim31.maven</groupId> <artifactId>scala-maven-plugin</artifactId> </plugin> http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java index ca71293..1b2192c 100755 --- a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java +++ b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java @@ -18,6 +18,8 @@ package org.apache.atlas.web.service; +import org.apache.atlas.ApplicationProperties; +import org.apache.atlas.AtlasException; import org.apache.commons.configuration.ConfigurationException; import org.apache.commons.configuration.PropertiesConfiguration; import org.apache.hadoop.conf.Configuration; @@ -58,7 +60,7 @@ public class SecureEmbeddedServer extends EmbeddedServer { } protected Connector getConnector(int port) throws IOException { - PropertiesConfiguration config = getConfiguration(); + org.apache.commons.configuration.Configuration config = getConfiguration(); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(config.getString(KEYSTORE_FILE_KEY, @@ -102,7 +104,7 @@ public class SecureEmbeddedServer extends EmbeddedServer { * @return the password. * @throws IOException */ - private String getPassword(PropertiesConfiguration config, String key) throws IOException { + private String getPassword(org.apache.commons.configuration.Configuration config, String key) throws IOException { String password; @@ -131,10 +133,10 @@ public class SecureEmbeddedServer extends EmbeddedServer { * Returns the application configuration. * @return */ - protected PropertiesConfiguration getConfiguration() { + protected org.apache.commons.configuration.Configuration getConfiguration() { try { - return new PropertiesConfiguration("application.properties"); - } catch (ConfigurationException e) { + return ApplicationProperties.get(); + } catch (AtlasException e) { throw new RuntimeException("Unable to load configuration: application.properties"); } } http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/test/java/org/apache/atlas/web/TestUtils.java ---------------------------------------------------------------------- diff --git a/webapp/src/test/java/org/apache/atlas/web/TestUtils.java b/webapp/src/test/java/org/apache/atlas/web/TestUtils.java new file mode 100644 index 0000000..ede041e --- /dev/null +++ b/webapp/src/test/java/org/apache/atlas/web/TestUtils.java @@ -0,0 +1,49 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.atlas.web; + +import org.apache.commons.configuration.PropertiesConfiguration; +import org.apache.commons.lang.RandomStringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.File; +import java.io.FileWriter; + +public class TestUtils { + private static final Logger LOG = LoggerFactory.getLogger(TestUtils.class); + + public static String random(){ + return RandomStringUtils.randomAlphanumeric(10); + } + + public static void writeConfiguration(PropertiesConfiguration configuration, String fileName) throws Exception { + LOG.debug("Storing configuration in file {}", fileName); + File file = new File(fileName); + File parentFile = file.getParentFile(); + if (!parentFile.exists() && !parentFile.mkdirs()) { + throw new Exception("Failed to create dir " + parentFile.getAbsolutePath()); + } + file.createNewFile(); + configuration.save(new FileWriter(file)); + } + + public static String getTempDirectory() { + return System.getProperty("projectBaseDir") + "/webapp/target/" + random(); + } +} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java ---------------------------------------------------------------------- diff --git a/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java b/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java new file mode 100644 index 0000000..b5366ff --- /dev/null +++ b/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java @@ -0,0 +1,112 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.atlas.web.security; + +import org.apache.atlas.security.SecurityProperties; +import org.apache.atlas.web.service.SecureEmbeddedServer; +import org.apache.commons.io.FileUtils; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.Path; +import org.apache.hadoop.security.alias.CredentialProvider; +import org.apache.hadoop.security.alias.CredentialProviderFactory; +import org.eclipse.jetty.server.Server; + +import java.io.File; +import java.io.IOException; + +/** + * + */ +public class BaseSSLAndKerberosTest extends BaseSecurityTest { + public static final String TESTUSER = "testuser"; + public static final String TESTPASS = "testpass"; + protected static final String DGI_URL = "https://localhost:21443/";; + protected Path jksPath; + protected String providerUrl; + protected File httpKeytabFile; + private File userKeytabFile; + + class TestSecureEmbeddedServer extends SecureEmbeddedServer { + + public TestSecureEmbeddedServer(int port, String path) throws IOException { + super(port, path); + } + + public Server getServer() { + return server; + } + + @Override + public org.apache.commons.configuration.Configuration getConfiguration() { + return super.getConfiguration(); + } + } + + protected void setupCredentials() throws Exception { + Configuration conf = new Configuration(false); + + File file = new File(jksPath.toUri().getPath()); + file.delete(); + conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl); + + CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); + + // create new aliases + try { + + char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; + provider.createCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY, storepass); + + char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; + provider.createCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY, trustpass); + + char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'}; + provider.createCredentialEntry("ssl.client.truststore.password", trustpass2); + + char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; + provider.createCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY, certpass); + + // write out so that it can be found in checks + provider.flush(); + } catch (Exception e) { + e.printStackTrace(); + throw e; + } + } + + public void setupKDCAndPrincipals() throws Exception { + // set up the KDC + File kdcWorkDir = startKDC(); + + userKeytabFile = createKeytab(kdc, kdcWorkDir, "dgi", "dgi.keytab"); + httpKeytabFile = createKeytab(kdc, kdcWorkDir, "HTTP", "spnego.service.keytab"); + + // create a test user principal + kdc.createPrincipal(TESTUSER, TESTPASS); + + StringBuilder jaas = new StringBuilder(1024); + jaas.append("TestUser {\n" + + " com.sun.security.auth.module.Krb5LoginModule required\nuseTicketCache=true;\n" + + "};\n"); + jaas.append(createJAASEntry("Client", "dgi", userKeytabFile)); + jaas.append(createJAASEntry("Server", "HTTP", httpKeytabFile)); + + File jaasFile = new File(kdcWorkDir, "jaas.txt"); + FileUtils.write(jaasFile, jaas.toString()); + bindJVMtoJAASFile(jaasFile); + } +} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java ---------------------------------------------------------------------- diff --git a/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java b/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java index 67f3901..614638c 100644 --- a/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java +++ b/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java @@ -18,7 +18,10 @@ package org.apache.atlas.web.security; import org.apache.commons.configuration.ConfigurationException; import org.apache.commons.configuration.PropertiesConfiguration; +import org.apache.commons.lang.RandomStringUtils; import org.apache.hadoop.minikdc.MiniKdc; +import org.apache.hadoop.security.ssl.SSLFactory; +import org.apache.hadoop.security.ssl.SSLHostnameVerifier; import org.apache.zookeeper.Environment; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.webapp.WebAppContext; @@ -32,6 +35,11 @@ import java.nio.file.Files; import java.util.Locale; import java.util.Properties; +import static org.apache.atlas.security.SecurityProperties.CERT_STORES_CREDENTIAL_PROVIDER_PATH; +import static org.apache.atlas.security.SecurityProperties.KEYSTORE_FILE_KEY; +import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED; +import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY; + /** * */ @@ -42,11 +50,6 @@ public class BaseSecurityTest { + " useTicketCache=false\n" + " doNotPrompt=true\n" + " storeKey=true;\n" + "}; \n"; protected MiniKdc kdc; - protected String getWarPath() { - return String.format("/target/atlas-webapp-%s.war", - System.getProperty("release.version")); - } - protected void generateTestProperties(Properties props) throws ConfigurationException, IOException { PropertiesConfiguration config = new PropertiesConfiguration(System.getProperty("user.dir") + "/../src/conf/application.properties"); @@ -62,7 +65,7 @@ public class BaseSecurityTest { protected void startEmbeddedServer(Server server) throws Exception { WebAppContext webapp = new WebAppContext(); webapp.setContextPath("/"); - webapp.setWar(System.getProperty("user.dir") + getWarPath()); + webapp.setWar(getWarPath()); server.setHandler(webapp); server.start(); @@ -105,4 +108,22 @@ public class BaseSecurityTest { kdc.createPrincipal(keytab, principal, principal + "/localhost", principal + "/127.0.0.1"); return keytab; } + + protected String getWarPath() { + return System.getProperty("projectBaseDir") + String.format("/webapp/target/atlas-webapp-%s", + System.getProperty("project.version")); + } + + protected PropertiesConfiguration getSSLConfiguration(String providerUrl) { + String projectBaseDirectory = System.getProperty("projectBaseDir"); + final PropertiesConfiguration configuration = new PropertiesConfiguration(); + configuration.setProperty(TLS_ENABLED, true); + configuration.setProperty(TRUSTSTORE_FILE_KEY, projectBaseDirectory + "/webapp/target/atlas.keystore"); + configuration.setProperty(KEYSTORE_FILE_KEY, projectBaseDirectory + "/webapp/target/atlas.keystore"); + configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl); + configuration.setProperty(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, + SSLHostnameVerifier.DEFAULT_AND_LOCALHOST.toString()); + return configuration; + } + } http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosIT.java ---------------------------------------------------------------------- diff --git a/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosIT.java b/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosIT.java new file mode 100755 index 0000000..0b95b7a --- /dev/null +++ b/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosIT.java @@ -0,0 +1,127 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.atlas.web.security; + +import org.apache.atlas.AtlasClient; +import org.apache.atlas.AtlasException; +import org.apache.atlas.web.TestUtils; +import org.apache.commons.configuration.PropertiesConfiguration; +import org.apache.hadoop.fs.Path; +import org.apache.hadoop.security.alias.JavaKeyStoreProvider; +import org.testng.Assert; +import org.testng.annotations.AfterClass; +import org.testng.annotations.BeforeClass; +import org.testng.annotations.Test; + +import java.io.File; +import java.net.URL; +import java.nio.file.Files; + +import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED; + +/** + * Perform all the necessary setup steps for client and server comm over SSL/Kerberos, but then don't estalish a + * kerberos user for the invocation. Need a separate use case since the Jersey layer cached the URL connection handler, + * which indirectly caches the kerberos delegation token. + */ +public class NegativeSSLAndKerberosIT extends BaseSSLAndKerberosTest { + + private TestSecureEmbeddedServer secureEmbeddedServer; + private String originalConf; + private AtlasClient dgiClient; + + @BeforeClass + public void setUp() throws Exception { + jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); + providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); + + String persistDir = TestUtils.getTempDirectory(); + + setupKDCAndPrincipals(); + setupCredentials(); + + // client will actually only leverage subset of these properties + final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl); + configuration.setProperty("atlas.http.authentication.type", "kerberos"); + + TestUtils.writeConfiguration(configuration, persistDir + File.separator + "client.properties"); + + String confLocation = System.getProperty("atlas.conf"); + URL url; + if (confLocation == null) { + url = NegativeSSLAndKerberosIT.class.getResource("/application.properties"); + } else { + url = new File(confLocation, "application.properties").toURI().toURL(); + } + configuration.load(url); + + configuration.setProperty(TLS_ENABLED, true); + configuration.setProperty("atlas.http.authentication.enabled", "true"); + configuration.setProperty("atlas.http.authentication.kerberos.principal", "HTTP/localhost@" + kdc.getRealm()); + configuration.setProperty("atlas.http.authentication.kerberos.keytab", httpKeytabFile.getAbsolutePath()); + configuration.setProperty("atlas.http.authentication.kerberos.name.rules", + "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT"); + + TestUtils.writeConfiguration(configuration, persistDir + File.separator + "application.properties"); + + dgiClient = new AtlasClient(DGI_URL) { + @Override + protected PropertiesConfiguration getClientProperties() throws AtlasException { + return configuration; + } + }; + + // save original setting + originalConf = System.getProperty("atlas.conf"); + System.setProperty("atlas.conf", persistDir); + secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) { + @Override + public PropertiesConfiguration getConfiguration() { + return configuration; + } + }; + secureEmbeddedServer.getServer().start(); + } + + @AfterClass + public void tearDown() throws Exception { + if (secureEmbeddedServer != null) { + secureEmbeddedServer.getServer().stop(); + } + + if (kdc != null) { + kdc.stop(); + } + + if (originalConf != null) { + System.setProperty("atlas.conf", originalConf); + } + } + + @Test + public void testUnsecuredClient() throws Exception { + try { + dgiClient.listTypes(); + Assert.fail("Should have failed with GSSException"); + } catch(Exception e) { + e.printStackTrace(); + Assert.assertTrue(e.getMessage().contains("Mechanism level: Failed to find any Kerberos tgt")); + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosIT.java ---------------------------------------------------------------------- diff --git a/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosIT.java b/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosIT.java new file mode 100755 index 0000000..f00ac64 --- /dev/null +++ b/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosIT.java @@ -0,0 +1,163 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.atlas.web.security; + +import org.apache.atlas.AtlasClient; +import org.apache.atlas.AtlasException; +import org.apache.atlas.web.TestUtils; +import org.apache.commons.configuration.PropertiesConfiguration; +import org.apache.hadoop.fs.Path; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.alias.JavaKeyStoreProvider; +import org.testng.annotations.AfterClass; +import org.testng.annotations.BeforeClass; +import org.testng.annotations.Test; + +import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; +import java.io.File; +import java.io.IOException; +import java.net.URL; +import java.nio.file.Files; +import java.security.PrivilegedExceptionAction; + +import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED; + +public class SSLAndKerberosIT extends BaseSSLAndKerberosTest { + public static final String TEST_USER_JAAS_SECTION = "TestUser"; + public static final String TESTUSER = "testuser"; + public static final String TESTPASS = "testpass"; + + private static final String DGI_URL = "https://localhost:21443/";; + private AtlasClient dgiCLient; + private TestSecureEmbeddedServer secureEmbeddedServer; + private Subject subject; + private String originalConf; + + @BeforeClass + public void setUp() throws Exception { + jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); + providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); + + String persistDir = TestUtils.getTempDirectory(); + + setupKDCAndPrincipals(); + setupCredentials(); + + // client will actually only leverage subset of these properties + final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl); + configuration.setProperty("atlas.http.authentication.type", "kerberos"); + TestUtils.writeConfiguration(configuration, persistDir + File.separator + "client.properties"); + + String confLocation = System.getProperty("atlas.conf"); + URL url; + if (confLocation == null) { + url = SSLAndKerberosIT.class.getResource("/application.properties"); + } else { + url = new File(confLocation, "application.properties").toURI().toURL(); + } + configuration.load(url); + configuration.setProperty(TLS_ENABLED, true); + configuration.setProperty("atlas.http.authentication.enabled", "true"); + configuration.setProperty("atlas.http.authentication.kerberos.principal", "HTTP/localhost@" + kdc.getRealm()); + configuration.setProperty("atlas.http.authentication.kerberos.keytab", httpKeytabFile.getAbsolutePath()); + configuration.setProperty("atlas.http.authentication.kerberos.name.rules", + "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT"); + + TestUtils.writeConfiguration(configuration, persistDir + File.separator + "application.properties"); + + subject = loginTestUser(); + UserGroupInformation.loginUserFromSubject(subject); + UserGroupInformation proxyUser = UserGroupInformation.createProxyUser( + "testUser", + UserGroupInformation.getLoginUser()); + + dgiCLient = proxyUser.doAs(new PrivilegedExceptionAction<AtlasClient>() { + @Override + public AtlasClient run() throws Exception { + return new AtlasClient(DGI_URL) { + @Override + protected PropertiesConfiguration getClientProperties() throws AtlasException { + return configuration; + } + }; + } + }); + + // save original setting + originalConf = System.getProperty("atlas.conf"); + System.setProperty("atlas.conf", persistDir); + secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) { + @Override + public PropertiesConfiguration getConfiguration() { + return configuration; + } + }; + secureEmbeddedServer.getServer().start(); + } + + @AfterClass + public void tearDown() throws Exception { + if (secureEmbeddedServer != null) { + secureEmbeddedServer.getServer().stop(); + } + + if (kdc != null) { + kdc.stop(); + } + + if (originalConf != null) { + System.setProperty("atlas.conf", originalConf); + } + } + + protected Subject loginTestUser() throws LoginException, IOException { + LoginContext lc = new LoginContext(TEST_USER_JAAS_SECTION, new CallbackHandler() { + + @Override + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { + for (int i = 0; i < callbacks.length; i++) { + if (callbacks[i] instanceof PasswordCallback) { + PasswordCallback passwordCallback = (PasswordCallback) callbacks[i]; + passwordCallback.setPassword(TESTPASS.toCharArray()); + } + if (callbacks[i] instanceof NameCallback) { + NameCallback nameCallback = (NameCallback) callbacks[i]; + nameCallback.setName(TESTUSER); + } + } + } + }); + // attempt authentication + lc.login(); + return lc.getSubject(); + } + + @Test + public void testService() throws Exception { + dgiCLient.listTypes(); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/test/java/org/apache/atlas/web/security/SSLIT.java ---------------------------------------------------------------------- diff --git a/webapp/src/test/java/org/apache/atlas/web/security/SSLIT.java b/webapp/src/test/java/org/apache/atlas/web/security/SSLIT.java new file mode 100755 index 0000000..3e23185 --- /dev/null +++ b/webapp/src/test/java/org/apache/atlas/web/security/SSLIT.java @@ -0,0 +1,137 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.atlas.web.security; + +import org.apache.atlas.AtlasClient; +import org.apache.atlas.AtlasException; +import org.apache.atlas.web.TestUtils; +import org.apache.atlas.web.service.SecureEmbeddedServer; +import org.apache.commons.configuration.PropertiesConfiguration; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.Path; +import org.apache.hadoop.security.alias.CredentialProvider; +import org.apache.hadoop.security.alias.CredentialProviderFactory; +import org.apache.hadoop.security.alias.JavaKeyStoreProvider; +import org.eclipse.jetty.server.Server; +import org.testng.annotations.AfterClass; +import org.testng.annotations.BeforeClass; +import org.testng.annotations.Test; + +import java.io.File; +import java.io.IOException; +import java.nio.file.Files; + +import static org.apache.atlas.security.SecurityProperties.KEYSTORE_PASSWORD_KEY; +import static org.apache.atlas.security.SecurityProperties.SERVER_CERT_PASSWORD_KEY; +import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_KEY; + +public class SSLIT extends BaseSSLAndKerberosTest { + private AtlasClient dgiCLient; + private Path jksPath; + private String providerUrl; + private TestSecureEmbeddedServer secureEmbeddedServer; + + class TestSecureEmbeddedServer extends SecureEmbeddedServer { + + public TestSecureEmbeddedServer(int port, String path) throws IOException { + super(port, path); + } + + public Server getServer() { + return server; + } + + @Override + public org.apache.commons.configuration.Configuration getConfiguration() { + return super.getConfiguration(); + } + } + + @BeforeClass + public void setUp() throws Exception { + jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); + providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); + + String persistDir = TestUtils.getTempDirectory(); + + setupCredentials(); + + final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl); + TestUtils.writeConfiguration(configuration, persistDir + File.separator + "client.properties"); + + dgiCLient = new AtlasClient(DGI_URL) { + @Override + protected PropertiesConfiguration getClientProperties() throws AtlasException { + return configuration; + } + }; + + secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) { + @Override + public PropertiesConfiguration getConfiguration() { + return configuration; + } + }; + secureEmbeddedServer.getServer().start(); + } + + @AfterClass + public void tearDown() throws Exception { + if (secureEmbeddedServer != null) { + secureEmbeddedServer.getServer().stop(); + } + } + + protected void setupCredentials() throws Exception { + Configuration conf = new Configuration(false); + + File file = new File(jksPath.toUri().getPath()); + file.delete(); + conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl); + + CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); + + // create new aliases + try { + + char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; + provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass); + + char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; + provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass); + + char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'}; + provider.createCredentialEntry("ssl.client.truststore.password", trustpass2); + + char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; + provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass); + + // write out so that it can be found in checks + provider.flush(); + } catch (Exception e) { + e.printStackTrace(); + throw e; + } + } + + @Test + public void testService() throws Exception { + dgiCLient.listTypes(); + } +}
