accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From els...@apache.org
Subject [1/2] accumulo git commit: ACCUMULO-3703 Support keytab in module setup
Date Wed, 01 Apr 2015 22:07:40 GMT
Repository: accumulo
Updated Branches:
  refs/heads/master 24c5dd1fb -> 91c297fa3


ACCUMULO-3703 Support keytab in module setup

Gets most of the randomwalk modules working, the
edge case being Security.xml as it does a bunch of
custom authentication based on passwords.


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/579a3fae
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/579a3fae
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/579a3fae

Branch: refs/heads/master
Commit: 579a3fae9fbba2dec5e865320f37a6160ee195b8
Parents: 24c5dd1
Author: Josh Elser <elserj@apache.org>
Authored: Wed Apr 1 15:51:03 2015 -0400
Committer: Josh Elser <elserj@apache.org>
Committed: Wed Apr 1 15:51:03 2015 -0400

----------------------------------------------------------------------
 .../accumulo/test/randomwalk/Environment.java   | 36 ++++++++++++++++++--
 .../randomwalk/security/SecurityFixture.java    |  8 +++++
 2 files changed, 42 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/579a3fae/test/src/main/java/org/apache/accumulo/test/randomwalk/Environment.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/Environment.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/Environment.java
index 7122b4e..992c08a 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/Environment.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/Environment.java
@@ -18,6 +18,8 @@ package org.apache.accumulo.test.randomwalk;
 
 import static com.google.common.base.Preconditions.checkNotNull;
 
+import java.io.File;
+import java.io.IOException;
 import java.lang.management.ManagementFactory;
 import java.util.Properties;
 import java.util.concurrent.TimeUnit;
@@ -31,6 +33,7 @@ import org.apache.accumulo.core.client.Instance;
 import org.apache.accumulo.core.client.MultiTableBatchWriter;
 import org.apache.accumulo.core.client.ZooKeeperInstance;
 import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
+import org.apache.accumulo.core.client.security.tokens.KerberosToken;
 import org.apache.accumulo.core.client.security.tokens.PasswordToken;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -49,6 +52,10 @@ public class Environment {
    */
   public static final String KEY_PASSWORD = "PASSWORD";
   /**
+   * The configuration property key for a keytab
+   */
+  public static final String KEY_KEYTAB = "KEYTAB";
+  /**
    * The configuration property key for the instance name.
    */
   public static final String KEY_INSTANCE = "INSTANCE";
@@ -128,6 +135,15 @@ public class Environment {
   }
 
   /**
+   * Gets the configured keytab.
+   *
+   * @return path to keytab
+   */
+  public String getKeytab() {
+    return p.getProperty(KEY_KEYTAB);
+  }
+
+  /**
    * Gets this process's ID.
    *
    * @return pid
@@ -142,7 +158,23 @@ public class Environment {
    * @return authentication token
    */
   public AuthenticationToken getToken() {
-    return new PasswordToken(getPassword());
+    String password = getPassword();
+    if (null != password) {
+      return new PasswordToken(getPassword());
+    }
+    String keytab = getKeytab();
+    if (null != keytab) {
+      File keytabFile = new File(keytab);
+      if (!keytabFile.exists() || !keytabFile.isFile()) {
+        throw new IllegalArgumentException("Provided keytab is not a normal file: "+ keytab);
+      }
+      try {
+        return new KerberosToken(getUserName(), keytabFile);
+      } catch (IOException e) {
+        throw new RuntimeException("Failed to login", e);
+      }
+    }
+    throw new IllegalArgumentException("Must provide password or keytab in configuration");
   }
 
   /**
@@ -154,7 +186,7 @@ public class Environment {
     if (instance == null) {
       String instance = p.getProperty(KEY_INSTANCE);
       String zookeepers = p.getProperty(KEY_ZOOKEEPERS);
-      this.instance = new ZooKeeperInstance(new ClientConfiguration().withInstance(instance).withZkHosts(zookeepers));
+      this.instance = new ZooKeeperInstance(ClientConfiguration.loadDefault().withInstance(instance).withZkHosts(zookeepers));
     }
     return instance;
   }

http://git-wip-us.apache.org/repos/asf/accumulo/blob/579a3fae/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
index 915eca0..4dced96 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
@@ -19,6 +19,8 @@ package org.apache.accumulo.test.randomwalk.security;
 import java.net.InetAddress;
 import java.util.Set;
 
+import org.apache.accumulo.core.client.ClientConfiguration;
+import org.apache.accumulo.core.client.ClientConfiguration.ClientProperty;
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.security.tokens.PasswordToken;
 import org.apache.accumulo.core.security.Authorizations;
@@ -33,6 +35,12 @@ public class SecurityFixture extends Fixture {
   @Override
   public void setUp(State state, Environment env) throws Exception {
     String secTableName, systemUserName, tableUserName, secNamespaceName;
+    // A best-effort sanity check to guard against not password-based auth
+    ClientConfiguration clientConf = ClientConfiguration.loadDefault();
+    if (clientConf.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false))
{
+      throw new IllegalStateException("Security module currently cannot support Kerberos/SASL
instances");
+    }
+
     Connector conn = env.getConnector();
 
     String hostname = InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_");


Mime
View raw message