You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by sh...@apache.org on 2015/07/31 05:53:04 UTC
incubator-atlas git commit: ATLAS-86 Jenkins build failing as of
build #41 (shwethags)
Repository: incubator-atlas
Updated Branches:
refs/heads/master 9d3037433 -> b93fe4a46
ATLAS-86 Jenkins build failing as of build #41 (shwethags)
Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/b93fe4a4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/b93fe4a4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/b93fe4a4
Branch: refs/heads/master
Commit: b93fe4a466058597d3c49e1bedf51f13356d2aae
Parents: 9d30374
Author: Shwetha GS <ss...@hortonworks.com>
Authored: Fri Jul 31 09:22:55 2015 +0530
Committer: Shwetha GS <ss...@hortonworks.com>
Committed: Fri Jul 31 09:22:55 2015 +0530
----------------------------------------------------------------------
addons/hive-bridge/pom.xml | 45 +---
.../atlas/hive/hook/BaseSSLAndKerberosTest.java | 127 ----------
.../hook/NegativeSSLAndKerberosHiveHookIT.java | 163 ------------
.../hive/hook/SSLAndKerberosHiveHookIT.java | 249 -------------------
.../apache/atlas/hive/hook/SSLHiveHookIT.java | 214 ----------------
client/pom.xml | 24 --
.../org/apache/atlas/ApplicationProperties.java | 64 +----
.../atlas/security/SecureClientUtils.java | 2 +-
.../src/test/resources/application.properties | 2 +-
pom.xml | 25 +-
release-log.txt | 1 +
src/conf/application.properties | 4 +-
webapp/pom.xml | 19 +-
.../atlas/web/service/SecureEmbeddedServer.java | 12 +-
.../java/org/apache/atlas/web/TestUtils.java | 49 ++++
.../web/security/BaseSSLAndKerberosTest.java | 112 +++++++++
.../atlas/web/security/BaseSecurityTest.java | 33 ++-
.../web/security/NegativeSSLAndKerberosIT.java | 127 ++++++++++
.../atlas/web/security/SSLAndKerberosIT.java | 163 ++++++++++++
.../org/apache/atlas/web/security/SSLIT.java | 137 ++++++++++
20 files changed, 665 insertions(+), 907 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/addons/hive-bridge/pom.xml
----------------------------------------------------------------------
diff --git a/addons/hive-bridge/pom.xml b/addons/hive-bridge/pom.xml
index 117d76c..66b5f74 100755
--- a/addons/hive-bridge/pom.xml
+++ b/addons/hive-bridge/pom.xml
@@ -38,11 +38,6 @@
</properties>
<dependencies>
- <dependency>
- <groupId>org.apache.hadoop</groupId>
- <artifactId>hadoop-minikdc</artifactId>
- </dependency>
-
<!-- Logging -->
<dependency>
<groupId>org.slf4j</groupId>
@@ -95,21 +90,20 @@
<dependency>
<groupId>org.apache.atlas</groupId>
+ <artifactId>atlas-typesystem</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.atlas</groupId>
<artifactId>atlas-client</artifactId>
- <version>${version}</version>
- <exclusions>
- <exclusion>
- <groupId>com.google.guava</groupId>
- <artifactId>guava</artifactId>
- </exclusion>
- </exclusions>
- <scope>runtime</scope>
- <type>test-jar</type>
</dependency>
+ <!-- to bring up atlas server for integration tests -->
<dependency>
<groupId>org.apache.atlas</groupId>
- <artifactId>atlas-typesystem</artifactId>
+ <artifactId>atlas-webapp</artifactId>
+ <type>war</type>
+ <scope>test</scope>
</dependency>
<dependency>
@@ -128,20 +122,6 @@
</dependency>
<dependency>
- <groupId>org.apache.atlas</groupId>
- <artifactId>atlas-webapp</artifactId>
- <classifier>classes</classifier>
- </dependency>
-
- <dependency>
- <groupId>org.apache.atlas</groupId>
- <artifactId>atlas-webapp</artifactId>
- <type>test-jar</type>
- <version>${project.version}</version>
- <scope>test</scope>
- </dependency>
-
- <dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
<scope>test</scope>
@@ -329,13 +309,6 @@
<skip>false</skip>
</configuration>
</plugin>
-
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-bundle-plugin</artifactId>
- <inherited>true</inherited>
- <extensions>true</extensions>
- </plugin>
</plugins>
</build>
</project>
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/BaseSSLAndKerberosTest.java
----------------------------------------------------------------------
diff --git a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/BaseSSLAndKerberosTest.java b/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/BaseSSLAndKerberosTest.java
deleted file mode 100644
index 11163c8..0000000
--- a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/BaseSSLAndKerberosTest.java
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.atlas.hive.hook;
-
-import org.apache.atlas.web.security.BaseSecurityTest;
-import org.apache.atlas.web.service.SecureEmbeddedServer;
-import org.apache.commons.configuration.PropertiesConfiguration;
-import org.apache.commons.io.FileUtils;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.hive.conf.HiveConf;
-import org.apache.hadoop.security.alias.CredentialProvider;
-import org.apache.hadoop.security.alias.CredentialProviderFactory;
-import org.eclipse.jetty.server.Server;
-
-import java.io.File;
-import java.io.IOException;
-
-import static org.apache.atlas.security.SecurityProperties.KEYSTORE_PASSWORD_KEY;
-import static org.apache.atlas.security.SecurityProperties.SERVER_CERT_PASSWORD_KEY;
-import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_KEY;
-
-/**
- *
- */
-public class BaseSSLAndKerberosTest extends BaseSecurityTest {
- public static final String TESTUSER = "testuser";
- public static final String TESTPASS = "testpass";
- protected static final String DGI_URL = "https://localhost:21443/";
- protected Path jksPath;
- protected String providerUrl;
- protected File httpKeytabFile;
- private File userKeytabFile;
-
- class TestSecureEmbeddedServer extends SecureEmbeddedServer {
-
- public TestSecureEmbeddedServer(int port, String path) throws IOException {
- super(port, path);
- }
-
- public Server getServer() {
- return server;
- }
-
- @Override
- public PropertiesConfiguration getConfiguration() {
- return super.getConfiguration();
- }
- }
-
- protected void setupCredentials() throws Exception {
- Configuration conf = new Configuration(false);
-
- File file = new File(jksPath.toUri().getPath());
- file.delete();
- conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);
-
- CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
-
- // create new aliases
- try {
-
- char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
- provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);
-
- char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
- provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);
-
- char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
- provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);
-
- char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
- provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);
-
- // write out so that it can be found in checks
- provider.flush();
- } catch (Exception e) {
- e.printStackTrace();
- throw e;
- }
- }
-
- public void setupKDCAndPrincipals() throws Exception {
- // set up the KDC
- File kdcWorkDir = startKDC();
-
- userKeytabFile = createKeytab(kdc, kdcWorkDir, "dgi", "dgi.keytab");
- httpKeytabFile = createKeytab(kdc, kdcWorkDir, "HTTP", "spnego.service.keytab");
-
- // create a test user principal
- kdc.createPrincipal(TESTUSER, TESTPASS);
-
- StringBuilder jaas = new StringBuilder(1024);
- jaas.append("TestUser {\n" +
- " com.sun.security.auth.module.Krb5LoginModule required\nuseTicketCache=true;\n" +
- "};\n");
- jaas.append(createJAASEntry("Client", "dgi", userKeytabFile));
- jaas.append(createJAASEntry("Server", "HTTP", httpKeytabFile));
-
- File jaasFile = new File(kdcWorkDir, "jaas.txt");
- FileUtils.write(jaasFile, jaas.toString());
- bindJVMtoJAASFile(jaasFile);
- }
-
- protected String getWarPath() {
- return String.format("/../../webapp/target/atlas-webapp-%s",
- System.getProperty("project.version"));
- }
-
- protected HiveConf getHiveConf() {
- return HiveHookIT.createHiveConf(DGI_URL);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/NegativeSSLAndKerberosHiveHookIT.java
----------------------------------------------------------------------
diff --git a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/NegativeSSLAndKerberosHiveHookIT.java b/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/NegativeSSLAndKerberosHiveHookIT.java
deleted file mode 100755
index 891e06c..0000000
--- a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/NegativeSSLAndKerberosHiveHookIT.java
+++ /dev/null
@@ -1,163 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.atlas.hive.hook;
-
-import org.apache.atlas.security.SecurityProperties;
-import org.apache.commons.configuration.PropertiesConfiguration;
-import org.apache.commons.lang.RandomStringUtils;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.hive.conf.HiveConf;
-import org.apache.hadoop.hive.ql.Driver;
-import org.apache.hadoop.hive.ql.session.SessionState;
-import org.apache.hadoop.security.alias.JavaKeyStoreProvider;
-import org.apache.hadoop.security.ssl.SSLFactory;
-import org.apache.hadoop.security.ssl.SSLHostnameVerifier;
-import org.eclipse.jetty.webapp.WebAppContext;
-import org.testng.Assert;
-import org.testng.annotations.AfterClass;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.Test;
-
-import java.io.File;
-import java.io.FileWriter;
-import java.net.URL;
-import java.nio.file.Files;
-
-import static org.apache.atlas.security.SecurityProperties.CERT_STORES_CREDENTIAL_PROVIDER_PATH;
-import static org.apache.atlas.security.SecurityProperties.KEYSTORE_FILE_KEY;
-import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED;
-import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY;
-
-/**
- * Perform all the necessary setup steps for client and server comm over SSL/Kerberos, but then don't estalish a
- * kerberos user for the invocation. Need a separate use case since the Jersey layer cached the URL connection handler,
- * which indirectly caches the kerberos delegation token.
- */
-public class NegativeSSLAndKerberosHiveHookIT extends BaseSSLAndKerberosTest {
-
- private Driver driver;
- private SessionState ss;
- private TestSecureEmbeddedServer secureEmbeddedServer;
- private String originalConf;
-
- @BeforeClass
- public void setUp() throws Exception {
- //Set-up hive session
- HiveConf conf = getHiveConf();
- driver = new Driver(conf);
- ss = new SessionState(conf, System.getProperty("user.name"));
- ss = SessionState.start(ss);
- SessionState.setCurrentSessionState(ss);
-
- jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks");
- providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();
-
- String persistDir = null;
- URL resource = NegativeSSLAndKerberosHiveHookIT.class.getResource("/");
- if (resource != null) {
- persistDir = resource.toURI().getPath();
- }
- // delete prior ssl-client.xml file
- resource = NegativeSSLAndKerberosHiveHookIT.class.getResource("/" + SecurityProperties.SSL_CLIENT_PROPERTIES);
- if (resource != null) {
- File sslClientFile = new File(persistDir, SecurityProperties.SSL_CLIENT_PROPERTIES);
- if (sslClientFile != null && sslClientFile.exists()) {
- sslClientFile.delete();
- }
- }
- setupKDCAndPrincipals();
- setupCredentials();
-
- // client will actually only leverage subset of these properties
- final PropertiesConfiguration configuration = new PropertiesConfiguration();
- configuration.setProperty(TLS_ENABLED, true);
- configuration.setProperty(TRUSTSTORE_FILE_KEY, "../../webapp/target/atlas.keystore");
- configuration.setProperty(KEYSTORE_FILE_KEY, "../../webapp/target/atlas.keystore");
- configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl);
- configuration.setProperty("atlas.http.authentication.type", "kerberos");
- configuration.setProperty(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY,
- SSLHostnameVerifier.DEFAULT_AND_LOCALHOST.toString());
-
- configuration.save(new FileWriter(persistDir + File.separator + "client.properties"));
-
- String confLocation = System.getProperty("atlas.conf");
- URL url;
- if (confLocation == null) {
- url = NegativeSSLAndKerberosHiveHookIT.class.getResource("/application.properties");
- } else {
- url = new File(confLocation, "application.properties").toURI().toURL();
- }
- configuration.load(url);
-
- configuration.setProperty(TLS_ENABLED, true);
- configuration.setProperty("atlas.http.authentication.enabled", "true");
- configuration.setProperty("atlas.http.authentication.kerberos.principal", "HTTP/localhost@" + kdc.getRealm());
- configuration.setProperty("atlas.http.authentication.kerberos.keytab", httpKeytabFile.getAbsolutePath());
- configuration.setProperty("atlas.http.authentication.kerberos.name.rules",
- "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT");
-
- configuration.save(new FileWriter(persistDir + File.separator + "application.properties"));
-
- secureEmbeddedServer = new TestSecureEmbeddedServer(21443, "webapp/target/apache-atlas") {
- @Override
- public PropertiesConfiguration getConfiguration() {
- return configuration;
- }
- };
- WebAppContext webapp = new WebAppContext();
- webapp.setContextPath("/");
- webapp.setWar(System.getProperty("user.dir") + getWarPath());
- secureEmbeddedServer.getServer().setHandler(webapp);
-
- // save original setting
- originalConf = System.getProperty("atlas.conf");
- System.setProperty("atlas.conf", persistDir);
- secureEmbeddedServer.getServer().start();
-
- }
-
- @AfterClass
- public void tearDown() throws Exception {
- if (secureEmbeddedServer != null) {
- secureEmbeddedServer.getServer().stop();
- }
-
- if (kdc != null) {
- kdc.stop();
- }
-
- if (originalConf != null) {
- System.setProperty("atlas.conf", originalConf);
- }
- }
-
- private void runCommand(final String cmd) throws Exception {
- ss.setCommandType(null);
- driver.run(cmd);
- Assert.assertNotNull(driver.getErrorMsg());
- Assert.assertTrue(driver.getErrorMsg().contains("Mechanism level: Failed to find any Kerberos tgt"));
- }
-
- @Test
- public void testUnsecuredCreateDatabase() throws Exception {
- String dbName = "db" + RandomStringUtils.randomAlphanumeric(5).toLowerCase();
- runCommand("create database " + dbName);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLAndKerberosHiveHookIT.java
----------------------------------------------------------------------
diff --git a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLAndKerberosHiveHookIT.java b/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLAndKerberosHiveHookIT.java
deleted file mode 100755
index 7471680..0000000
--- a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLAndKerberosHiveHookIT.java
+++ /dev/null
@@ -1,249 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.atlas.hive.hook;
-
-import org.apache.atlas.AtlasClient;
-import org.apache.atlas.AtlasException;
-import org.apache.atlas.hive.model.HiveDataTypes;
-import org.apache.atlas.security.SecurityProperties;
-import org.apache.commons.configuration.PropertiesConfiguration;
-import org.apache.commons.lang.RandomStringUtils;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.hive.conf.HiveConf;
-import org.apache.hadoop.hive.ql.Driver;
-import org.apache.hadoop.hive.ql.session.SessionState;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.hadoop.security.alias.JavaKeyStoreProvider;
-import org.apache.hadoop.security.ssl.SSLFactory;
-import org.apache.hadoop.security.ssl.SSLHostnameVerifier;
-import org.codehaus.jettison.json.JSONArray;
-import org.eclipse.jetty.webapp.WebAppContext;
-import org.testng.Assert;
-import org.testng.annotations.AfterClass;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.Test;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-import java.io.File;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.net.URL;
-import java.nio.file.Files;
-import java.security.PrivilegedExceptionAction;
-
-import static org.apache.atlas.security.SecurityProperties.CERT_STORES_CREDENTIAL_PROVIDER_PATH;
-import static org.apache.atlas.security.SecurityProperties.KEYSTORE_FILE_KEY;
-import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED;
-import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY;
-
-public class SSLAndKerberosHiveHookIT extends BaseSSLAndKerberosTest {
- public static final String TEST_USER_JAAS_SECTION = "TestUser";
- public static final String TESTUSER = "testuser";
- public static final String TESTPASS = "testpass";
-
- private static final String DGI_URL = "https://localhost:21443/";
- private Driver driver;
- private AtlasClient dgiCLient;
- private SessionState ss;
- private TestSecureEmbeddedServer secureEmbeddedServer;
- private Subject subject;
- private String originalConf;
-
- @BeforeClass
- public void setUp() throws Exception {
- //Set-up hive session
- HiveConf conf = getHiveConf();
- driver = new Driver(conf);
- ss = new SessionState(conf, System.getProperty("user.name"));
- ss = SessionState.start(ss);
- SessionState.setCurrentSessionState(ss);
-
- jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks");
- providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();
-
- String persistDir = null;
- URL resource = SSLAndKerberosHiveHookIT.class.getResource("/");
- if (resource != null) {
- persistDir = resource.toURI().getPath();
- }
- // delete prior ssl-client.xml file
- resource = SSLAndKerberosHiveHookIT.class.getResource("/" + SecurityProperties.SSL_CLIENT_PROPERTIES);
- if (resource != null) {
- File sslClientFile = new File(persistDir, SecurityProperties.SSL_CLIENT_PROPERTIES);
- if (sslClientFile != null && sslClientFile.exists()) {
- sslClientFile.delete();
- }
- }
- setupKDCAndPrincipals();
- setupCredentials();
-
- // client will actually only leverage subset of these properties
- final PropertiesConfiguration configuration = new PropertiesConfiguration();
- configuration.setProperty(TLS_ENABLED, true);
- configuration.setProperty(TRUSTSTORE_FILE_KEY, "../../webapp/target/atlas.keystore");
- configuration.setProperty(KEYSTORE_FILE_KEY, "../../webapp/target/atlas.keystore");
- configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl);
- configuration.setProperty("atlas.http.authentication.type", "kerberos");
- configuration.setProperty(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY,
- SSLHostnameVerifier.DEFAULT_AND_LOCALHOST.toString());
-
- configuration.save(new FileWriter(persistDir + File.separator + "client.properties"));
-
- String confLocation = System.getProperty("atlas.conf");
- URL url;
- if (confLocation == null) {
- url = SSLAndKerberosHiveHookIT.class.getResource("/application.properties");
- } else {
- url = new File(confLocation, "application.properties").toURI().toURL();
- }
- configuration.load(url);
- configuration.setProperty(TLS_ENABLED, true);
- configuration.setProperty("atlas.http.authentication.enabled", "true");
- configuration.setProperty("atlas.http.authentication.kerberos.principal", "HTTP/localhost@" + kdc.getRealm());
- configuration.setProperty("atlas.http.authentication.kerberos.keytab", httpKeytabFile.getAbsolutePath());
- configuration.setProperty("atlas.http.authentication.kerberos.name.rules",
- "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT");
-
- configuration.save(new FileWriter(persistDir + File.separator + "application.properties"));
-
- subject = loginTestUser();
- UserGroupInformation.loginUserFromSubject(subject);
- UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(
- "testUser",
- UserGroupInformation.getLoginUser());
-
- dgiCLient = proxyUser.doAs(new PrivilegedExceptionAction<AtlasClient>() {
- @Override
- public AtlasClient run() throws Exception {
- return new AtlasClient(DGI_URL) {
- @Override
- protected PropertiesConfiguration getClientProperties() throws AtlasException {
- return configuration;
- }
- };
- }
- });
-
- secureEmbeddedServer = new TestSecureEmbeddedServer(21443, "webapp/target/apache-atlas") {
- @Override
- public PropertiesConfiguration getConfiguration() {
- return configuration;
- }
- };
- WebAppContext webapp = new WebAppContext();
- webapp.setContextPath("/");
- webapp.setWar(System.getProperty("user.dir") + getWarPath());
- secureEmbeddedServer.getServer().setHandler(webapp);
-
- // save original setting
- originalConf = System.getProperty("atlas.conf");
- System.setProperty("atlas.conf", persistDir);
- secureEmbeddedServer.getServer().start();
-
- }
-
- @AfterClass
- public void tearDown() throws Exception {
- if (secureEmbeddedServer != null) {
- secureEmbeddedServer.getServer().stop();
- }
-
- if (kdc != null) {
- kdc.stop();
- }
-
- if (originalConf != null) {
- System.setProperty("atlas.conf", originalConf);
- }
- }
-
- protected Subject loginTestUser() throws LoginException, IOException {
- LoginContext lc = new LoginContext(TEST_USER_JAAS_SECTION, new CallbackHandler() {
-
- @Override
- public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
- for (int i = 0; i < callbacks.length; i++) {
- if (callbacks[i] instanceof PasswordCallback) {
- PasswordCallback passwordCallback = (PasswordCallback) callbacks[i];
- passwordCallback.setPassword(TESTPASS.toCharArray());
- }
- if (callbacks[i] instanceof NameCallback) {
- NameCallback nameCallback = (NameCallback) callbacks[i];
- nameCallback.setName(TESTUSER);
- }
- }
- }
- });
- // attempt authentication
- lc.login();
- return lc.getSubject();
- }
-
- private void runCommand(final String cmd) throws Exception {
- ss.setCommandType(null);
- UserGroupInformation.loginUserFromSubject(subject);
- UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(
- "testUser",
- UserGroupInformation.getLoginUser());
- proxyUser.doAs(new PrivilegedExceptionAction<Object>() {
- @Override
- public Object run() throws Exception {
- driver.run(cmd);
-
- return null;
- }
- });
- }
-
- @Test
- public void testCreateDatabase() throws Exception {
- String dbName = "db" + RandomStringUtils.randomAlphanumeric(5).toLowerCase();
- runCommand("create database " + dbName);
-
- assertDatabaseIsRegistered(dbName);
- }
-
- private void assertDatabaseIsRegistered(String dbName) throws Exception {
- assertInstanceIsRegistered(HiveDataTypes.HIVE_DB.getName(), "name", dbName);
- }
-
- private void assertInstanceIsRegistered(final String typeName, final String colName, final String colValue)
- throws Exception {
- UserGroupInformation.loginUserFromSubject(subject);
- UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(
- "testUser",
- UserGroupInformation.getLoginUser());
- proxyUser.doAs(new PrivilegedExceptionAction<Object>() {
- @Override
- public Object run() throws Exception {
- JSONArray results = dgiCLient.rawSearch(typeName, colName, colValue);
- Assert.assertEquals(results.length(), 1);
-
- return null;
- }
- });
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLHiveHookIT.java
----------------------------------------------------------------------
diff --git a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLHiveHookIT.java b/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLHiveHookIT.java
deleted file mode 100755
index b114d5a..0000000
--- a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLHiveHookIT.java
+++ /dev/null
@@ -1,214 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.atlas.hive.hook;
-
-import org.apache.atlas.AtlasClient;
-import org.apache.atlas.AtlasException;
-import org.apache.atlas.hive.bridge.HiveMetaStoreBridge;
-import org.apache.atlas.hive.model.HiveDataTypes;
-import org.apache.atlas.security.SecurityProperties;
-import org.apache.atlas.web.service.SecureEmbeddedServer;
-import org.apache.commons.configuration.PropertiesConfiguration;
-import org.apache.commons.lang.RandomStringUtils;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.hive.conf.HiveConf;
-import org.apache.hadoop.hive.ql.Driver;
-import org.apache.hadoop.hive.ql.session.SessionState;
-import org.apache.hadoop.security.alias.CredentialProvider;
-import org.apache.hadoop.security.alias.CredentialProviderFactory;
-import org.apache.hadoop.security.alias.JavaKeyStoreProvider;
-import org.apache.hadoop.security.ssl.SSLFactory;
-import org.apache.hadoop.security.ssl.SSLHostnameVerifier;
-import org.codehaus.jettison.json.JSONArray;
-import org.eclipse.jetty.server.Server;
-import org.eclipse.jetty.webapp.WebAppContext;
-import org.testng.Assert;
-import org.testng.annotations.AfterClass;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.Test;
-
-import java.io.File;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.net.URL;
-import java.nio.file.Files;
-
-import static org.apache.atlas.security.SecurityProperties.CERT_STORES_CREDENTIAL_PROVIDER_PATH;
-import static org.apache.atlas.security.SecurityProperties.KEYSTORE_FILE_KEY;
-import static org.apache.atlas.security.SecurityProperties.KEYSTORE_PASSWORD_KEY;
-import static org.apache.atlas.security.SecurityProperties.SERVER_CERT_PASSWORD_KEY;
-import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED;
-import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY;
-import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_KEY;
-
-public class SSLHiveHookIT {
- private static final String DGI_URL = "https://localhost:21443/";
- private Driver driver;
- private AtlasClient dgiCLient;
- private SessionState ss;
- private Path jksPath;
- private String providerUrl;
- private TestSecureEmbeddedServer secureEmbeddedServer;
-
- class TestSecureEmbeddedServer extends SecureEmbeddedServer {
-
- public TestSecureEmbeddedServer(int port, String path) throws IOException {
- super(port, path);
- }
-
- public Server getServer() {
- return server;
- }
-
- @Override
- public PropertiesConfiguration getConfiguration() {
- return super.getConfiguration();
- }
- }
-
- @BeforeClass
- public void setUp() throws Exception {
- //Set-up hive session
- HiveConf conf = getHiveConf();
- driver = new Driver(conf);
- ss = new SessionState(conf, System.getProperty("user.name"));
- ss = SessionState.start(ss);
- SessionState.setCurrentSessionState(ss);
-
- jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks");
- providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();
-
- String persistDir = null;
- URL resource = SSLHiveHookIT.class.getResource("/");
- if (resource != null) {
- persistDir = resource.toURI().getPath();
- }
- // delete prior ssl-client.xml file
- resource = SSLHiveHookIT.class.getResource("/" + SecurityProperties.SSL_CLIENT_PROPERTIES);
- if (resource != null) {
- File sslClientFile = new File(persistDir, SecurityProperties.SSL_CLIENT_PROPERTIES);
- if (sslClientFile != null && sslClientFile.exists()) {
- sslClientFile.delete();
- }
- }
- setupCredentials();
-
- final PropertiesConfiguration configuration = new PropertiesConfiguration();
- configuration.setProperty(TLS_ENABLED, true);
- configuration.setProperty(TRUSTSTORE_FILE_KEY, "../../webapp/target/atlas.keystore");
- configuration.setProperty(KEYSTORE_FILE_KEY, "../../webapp/target/atlas.keystore");
- configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl);
- configuration.setProperty(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY,
- SSLHostnameVerifier.DEFAULT_AND_LOCALHOST.toString());
-
- configuration.save(new FileWriter(persistDir + File.separator + "client.properties"));
-
- dgiCLient = new AtlasClient(DGI_URL) {
- @Override
- protected PropertiesConfiguration getClientProperties() throws AtlasException {
- return configuration;
- }
- };
-
- secureEmbeddedServer = new TestSecureEmbeddedServer(21443, "webapp/target/apache-atlas") {
- @Override
- public PropertiesConfiguration getConfiguration() {
- return configuration;
- }
- };
- WebAppContext webapp = new WebAppContext();
- webapp.setContextPath("/");
- webapp.setWar(System.getProperty("user.dir") + getWarPath());
- secureEmbeddedServer.getServer().setHandler(webapp);
-
- secureEmbeddedServer.getServer().start();
-
- }
-
- @AfterClass
- public void tearDown() throws Exception {
- if (secureEmbeddedServer != null) {
- secureEmbeddedServer.getServer().stop();
- }
- }
-
- protected void setupCredentials() throws Exception {
- Configuration conf = new Configuration(false);
-
- File file = new File(jksPath.toUri().getPath());
- file.delete();
- conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);
-
- CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
-
- // create new aliases
- try {
-
- char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
- provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);
-
- char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
- provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);
-
- char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
- provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);
-
- char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
- provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);
-
- // write out so that it can be found in checks
- provider.flush();
- } catch (Exception e) {
- e.printStackTrace();
- throw e;
- }
- }
-
- protected String getWarPath() {
- return String.format("/../../webapp/target/atlas-webapp-%s",
- System.getProperty("project.version"));
- }
-
- private HiveConf getHiveConf() {
- return HiveHookIT.createHiveConf(DGI_URL);
- }
-
- private void runCommand(String cmd) throws Exception {
- ss.setCommandType(null);
- driver.run(cmd);
- }
-
- @Test
- public void testCreateDatabase() throws Exception {
- String dbName = "db" + RandomStringUtils.randomAlphanumeric(5).toLowerCase();
- runCommand("create database " + dbName);
-
- assertDatabaseIsRegistered(dbName);
- }
-
- private void assertDatabaseIsRegistered(String dbName) throws Exception {
- assertInstanceIsRegistered(HiveDataTypes.HIVE_DB.getName(), "name", dbName);
- }
-
- private void assertInstanceIsRegistered(String typeName, String colName, String colValue) throws Exception {
- JSONArray results = dgiCLient.rawSearch(typeName, colName, colValue);
- Assert.assertEquals(results.length(), 1);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/client/pom.xml
----------------------------------------------------------------------
diff --git a/client/pom.xml b/client/pom.xml
index be19a71..2f883cd 100755
--- a/client/pom.xml
+++ b/client/pom.xml
@@ -77,28 +77,4 @@
<artifactId>testng</artifactId>
</dependency>
</dependencies>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-jar-plugin</artifactId>
- <executions>
- <execution>
- <goals>
- <goal>test-jar</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
-
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-bundle-plugin</artifactId>
- <inherited>true</inherited>
- <extensions>true</extensions>
- </plugin>
- </plugins>
- </build>
-
</project>
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/client/src/main/java/org/apache/atlas/ApplicationProperties.java
----------------------------------------------------------------------
diff --git a/client/src/main/java/org/apache/atlas/ApplicationProperties.java b/client/src/main/java/org/apache/atlas/ApplicationProperties.java
index ad87d8d..15cca47 100644
--- a/client/src/main/java/org/apache/atlas/ApplicationProperties.java
+++ b/client/src/main/java/org/apache/atlas/ApplicationProperties.java
@@ -17,8 +17,10 @@
package org.apache.atlas;
+import org.apache.commons.configuration.AbstractConfiguration;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.ConfigurationException;
+import org.apache.commons.configuration.ConfigurationUtils;
import org.apache.commons.configuration.PropertiesConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -59,66 +61,26 @@ public class ApplicationProperties extends PropertiesConfiguration {
: new File(confLocation, fileName).toURI().toURL();
LOG.info("Loading {} from {}", fileName, url);
- ApplicationProperties configuration = new ApplicationProperties(url);
+ Configuration configuration = new ApplicationProperties(url).interpolatedConfiguration();
+ logConfiguration(configuration);
+ return configuration;
+ } catch (Exception e) {
+ throw new AtlasException("Failed to load application properties", e);
+ }
+ }
+
+ private static void logConfiguration(Configuration configuration) {
+ if (LOG.isDebugEnabled()) {
Iterator<String> keys = configuration.getKeys();
LOG.debug("Configuration loaded:");
- while(keys.hasNext()) {
+ while (keys.hasNext()) {
String key = keys.next();
LOG.debug("{} = {}", key, configuration.getProperty(key));
}
- return configuration;
- } catch (Exception e) {
- throw new AtlasException("Failed to load application properties", e);
}
}
public static final Configuration getSubsetConfiguration(Configuration inConf, String prefix) {
return inConf.subset(prefix);
}
-
- @Override
- public Object getProperty(String key) {
- Object value = super.getProperty(key);
- if (value instanceof String) {
- value = substituteVars((String) value);
- }
- return value;
- }
-
- private static final Pattern VAR_PATTERN = Pattern.compile("\\$\\{[^\\}\\$\u0020]+\\}");
-
- private static final int MAX_SUBST = 20;
-
- private String substituteVars(String expr) {
- if (expr == null) {
- return null;
- }
- Matcher match = VAR_PATTERN.matcher("");
- String eval = expr;
-
- for(int s = 0; s < MAX_SUBST; s++) {
- match.reset(eval);
- if (!match.find()) {
- return eval;
- }
- String var = match.group();
- var = var.substring(2, var.length() - 1); // remove ${ .. }
- String val = null;
- try {
- val = System.getProperty(var);
- } catch(SecurityException se) {
- LOG.warn("Unexpected SecurityException in Configuration", se);
- }
- if (val == null) {
- val = getString(var);
- }
- if (val == null) {
- return eval; // return literal ${var}: var is unbound
- }
-
- // substitute
- eval = eval.substring(0, match.start()) + val + eval.substring(match.end());
- }
- throw new IllegalStateException("Variable substitution depth too large: " + MAX_SUBST + " " + expr);
- }
}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java
----------------------------------------------------------------------
diff --git a/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java b/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java
index b70c5ce..d3b474a 100644
--- a/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java
+++ b/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java
@@ -64,7 +64,7 @@ public class SecureClientUtils {
final UserGroupInformation ugi) {
config.getProperties().put(URLConnectionClientHandler.PROPERTY_HTTP_URL_CONNECTION_SET_METHOD_WORKAROUND, true);
Configuration conf = new Configuration();
- conf.addResource(conf.get(SSLFactory.SSL_CLIENT_CONF_KEY, "ssl-client.xml"));
+ conf.addResource(conf.get(SSLFactory.SSL_CLIENT_CONF_KEY, SecurityProperties.SSL_CLIENT_PROPERTIES));
UserGroupInformation.setConfiguration(conf);
final ConnectionConfigurator connConfigurator = newConnConfigurator(conf);
String authType = "simple";
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/client/src/test/resources/application.properties
----------------------------------------------------------------------
diff --git a/client/src/test/resources/application.properties b/client/src/test/resources/application.properties
index 9672d1e..dbd6002 100644
--- a/client/src/test/resources/application.properties
+++ b/client/src/test/resources/application.properties
@@ -17,7 +17,7 @@
#
#system property
-atlas.data=/var/data/${user.name}/atlas
+atlas.data=/var/data/${sys:user.name}/atlas
#re-use existing property
atlas.graph.data=${atlas.data}/graph
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index c201b4c..602e70f 100755
--- a/pom.xml
+++ b/pom.xml
@@ -353,6 +353,8 @@
<!-- skips checkstyle and find bugs -->
<skipCheck>false</skipCheck>
+ <skipTests>false</skipTests>
+ <projectBaseDir>${project.basedir}</projectBaseDir>
<titan.storage.backend>berkeleyje</titan.storage.backend>
<titan.index.backend>elasticsearch</titan.index.backend>
</properties>
@@ -909,23 +911,15 @@
<dependency>
<groupId>org.apache.atlas</groupId>
- <artifactId>atlas-webapp</artifactId>
- <version>${project.version}</version>
- <classifier>classes</classifier>
- </dependency>
-
- <dependency>
- <groupId>org.apache.atlas</groupId>
<artifactId>atlas-client</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.apache.atlas</groupId>
- <artifactId>atlas-client</artifactId>
+ <artifactId>atlas-webapp</artifactId>
<version>${project.version}</version>
- <type>test-jar</type>
- <scope>test</scope>
+ <type>war</type>
</dependency>
<!--Scala dependencies-->
@@ -1303,6 +1297,14 @@
</plugin>
<plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>2.5.4</version>
+ <inherited>true</inherited>
+ <extensions>true</extensions>
+ </plugin>
+
+ <plugin>
<artifactId>maven-assembly-plugin</artifactId>
<inherited>false</inherited>
<configuration>
@@ -1349,6 +1351,9 @@
<artifactId>maven-failsafe-plugin</artifactId>
<version>2.18.1</version>
<configuration>
+ <systemPropertyVariables>
+ <projectBaseDir>${projectBaseDir}</projectBaseDir>
+ </systemPropertyVariables>
<redirectTestOutputToFile>true</redirectTestOutputToFile>
<argLine>-Djava.awt.headless=true -Dproject.version=${project.version}
-Dhadoop.tmp.dir=${project.build.directory}/tmp-hadoop-${user.name}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index 7a7329c..93c1288 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -8,6 +8,7 @@ ATLAS-54 Rename configs in hive hook (shwethags)
ATLAS-3 Mixed Index creation fails with Date types (suma.shivaprasad via shwethags)
ALL CHANGES:
+ATLAS-86 Jenkins build failing as of build #41 (shwethags)
ATLAS-80 Support for variables in application properties (shwethags)
ATLAS-37 atlas repository, webapp, hive-bridge tests fails with Hbase and Solr as Titan storage backend (suma.shivaprasad via shwethags)
ATLAS-56 atlas_config.py should give an informative error if jar or java binaries can't be found (dossett@gmail.com via shwethags)
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/src/conf/application.properties
----------------------------------------------------------------------
diff --git a/src/conf/application.properties b/src/conf/application.properties
index 51f2529..5487749 100755
--- a/src/conf/application.properties
+++ b/src/conf/application.properties
@@ -19,7 +19,7 @@
######### Graph Database Configs #########
# Graph Storage
atlas.graph.storage.backend=berkeleyje
-atlas.graph.storage.directory=${atlas.home}/data/berkley
+atlas.graph.storage.directory=${sys:atlas.home}/data/berkley
#Hbase as stoarge backend
#hbase
@@ -40,7 +40,7 @@ atlas.graph.storage.directory=${atlas.home}/data/berkley
# Graph Search Index
atlas.graph.index.search.backend=elasticsearch
-atlas.graph.index.search.directory=${atlas.home}/data/es
+atlas.graph.index.search.directory=${sys:atlas.home}/data/es
atlas.graph.index.search.elasticsearch.client-only=false
atlas.graph.index.search.elasticsearch.local-mode=true
atlas.graph.index.search.elasticsearch.create.sleep=2000
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/pom.xml
----------------------------------------------------------------------
diff --git a/webapp/pom.xml b/webapp/pom.xml
index 86e1ebf..d558d74 100755
--- a/webapp/pom.xml
+++ b/webapp/pom.xml
@@ -34,6 +34,7 @@
<packaging>war</packaging>
<properties>
+ <projectBaseDir>${project.basedir}/..</projectBaseDir>
<debug.jetty.daemon>true</debug.jetty.daemon>
</properties>
@@ -51,7 +52,6 @@
<dependency>
<groupId>org.apache.atlas</groupId>
<artifactId>atlas-client</artifactId>
- <type>test-jar</type>
</dependency>
<dependency>
@@ -252,17 +252,6 @@
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-jar-plugin</artifactId>
- <executions>
- <execution>
- <goals>
- <goal>test-jar</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<configuration>
<attachClasses>true</attachClasses>
@@ -395,12 +384,6 @@
</executions>
</plugin>
<plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-bundle-plugin</artifactId>
- <inherited>true</inherited>
- <extensions>true</extensions>
- </plugin>
- <plugin>
<groupId>net.alchim31.maven</groupId>
<artifactId>scala-maven-plugin</artifactId>
</plugin>
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
index ca71293..1b2192c 100755
--- a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
+++ b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
@@ -18,6 +18,8 @@
package org.apache.atlas.web.service;
+import org.apache.atlas.ApplicationProperties;
+import org.apache.atlas.AtlasException;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.configuration.PropertiesConfiguration;
import org.apache.hadoop.conf.Configuration;
@@ -58,7 +60,7 @@ public class SecureEmbeddedServer extends EmbeddedServer {
}
protected Connector getConnector(int port) throws IOException {
- PropertiesConfiguration config = getConfiguration();
+ org.apache.commons.configuration.Configuration config = getConfiguration();
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(config.getString(KEYSTORE_FILE_KEY,
@@ -102,7 +104,7 @@ public class SecureEmbeddedServer extends EmbeddedServer {
* @return the password.
* @throws IOException
*/
- private String getPassword(PropertiesConfiguration config, String key) throws IOException {
+ private String getPassword(org.apache.commons.configuration.Configuration config, String key) throws IOException {
String password;
@@ -131,10 +133,10 @@ public class SecureEmbeddedServer extends EmbeddedServer {
* Returns the application configuration.
* @return
*/
- protected PropertiesConfiguration getConfiguration() {
+ protected org.apache.commons.configuration.Configuration getConfiguration() {
try {
- return new PropertiesConfiguration("application.properties");
- } catch (ConfigurationException e) {
+ return ApplicationProperties.get();
+ } catch (AtlasException e) {
throw new RuntimeException("Unable to load configuration: application.properties");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/test/java/org/apache/atlas/web/TestUtils.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/TestUtils.java b/webapp/src/test/java/org/apache/atlas/web/TestUtils.java
new file mode 100644
index 0000000..ede041e
--- /dev/null
+++ b/webapp/src/test/java/org/apache/atlas/web/TestUtils.java
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.web;
+
+import org.apache.commons.configuration.PropertiesConfiguration;
+import org.apache.commons.lang.RandomStringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.FileWriter;
+
+public class TestUtils {
+ private static final Logger LOG = LoggerFactory.getLogger(TestUtils.class);
+
+ public static String random(){
+ return RandomStringUtils.randomAlphanumeric(10);
+ }
+
+ public static void writeConfiguration(PropertiesConfiguration configuration, String fileName) throws Exception {
+ LOG.debug("Storing configuration in file {}", fileName);
+ File file = new File(fileName);
+ File parentFile = file.getParentFile();
+ if (!parentFile.exists() && !parentFile.mkdirs()) {
+ throw new Exception("Failed to create dir " + parentFile.getAbsolutePath());
+ }
+ file.createNewFile();
+ configuration.save(new FileWriter(file));
+ }
+
+ public static String getTempDirectory() {
+ return System.getProperty("projectBaseDir") + "/webapp/target/" + random();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java b/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java
new file mode 100644
index 0000000..b5366ff
--- /dev/null
+++ b/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java
@@ -0,0 +1,112 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.atlas.web.security;
+
+import org.apache.atlas.security.SecurityProperties;
+import org.apache.atlas.web.service.SecureEmbeddedServer;
+import org.apache.commons.io.FileUtils;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.security.alias.CredentialProvider;
+import org.apache.hadoop.security.alias.CredentialProviderFactory;
+import org.eclipse.jetty.server.Server;
+
+import java.io.File;
+import java.io.IOException;
+
+/**
+ *
+ */
+public class BaseSSLAndKerberosTest extends BaseSecurityTest {
+ public static final String TESTUSER = "testuser";
+ public static final String TESTPASS = "testpass";
+ protected static final String DGI_URL = "https://localhost:21443/";
+ protected Path jksPath;
+ protected String providerUrl;
+ protected File httpKeytabFile;
+ private File userKeytabFile;
+
+ class TestSecureEmbeddedServer extends SecureEmbeddedServer {
+
+ public TestSecureEmbeddedServer(int port, String path) throws IOException {
+ super(port, path);
+ }
+
+ public Server getServer() {
+ return server;
+ }
+
+ @Override
+ public org.apache.commons.configuration.Configuration getConfiguration() {
+ return super.getConfiguration();
+ }
+ }
+
+ protected void setupCredentials() throws Exception {
+ Configuration conf = new Configuration(false);
+
+ File file = new File(jksPath.toUri().getPath());
+ file.delete();
+ conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);
+
+ CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
+
+ // create new aliases
+ try {
+
+ char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
+ provider.createCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY, storepass);
+
+ char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
+ provider.createCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY, trustpass);
+
+ char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
+ provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);
+
+ char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
+ provider.createCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY, certpass);
+
+ // write out so that it can be found in checks
+ provider.flush();
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw e;
+ }
+ }
+
+ public void setupKDCAndPrincipals() throws Exception {
+ // set up the KDC
+ File kdcWorkDir = startKDC();
+
+ userKeytabFile = createKeytab(kdc, kdcWorkDir, "dgi", "dgi.keytab");
+ httpKeytabFile = createKeytab(kdc, kdcWorkDir, "HTTP", "spnego.service.keytab");
+
+ // create a test user principal
+ kdc.createPrincipal(TESTUSER, TESTPASS);
+
+ StringBuilder jaas = new StringBuilder(1024);
+ jaas.append("TestUser {\n" +
+ " com.sun.security.auth.module.Krb5LoginModule required\nuseTicketCache=true;\n" +
+ "};\n");
+ jaas.append(createJAASEntry("Client", "dgi", userKeytabFile));
+ jaas.append(createJAASEntry("Server", "HTTP", httpKeytabFile));
+
+ File jaasFile = new File(kdcWorkDir, "jaas.txt");
+ FileUtils.write(jaasFile, jaas.toString());
+ bindJVMtoJAASFile(jaasFile);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java b/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java
index 67f3901..614638c 100644
--- a/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java
@@ -18,7 +18,10 @@ package org.apache.atlas.web.security;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.configuration.PropertiesConfiguration;
+import org.apache.commons.lang.RandomStringUtils;
import org.apache.hadoop.minikdc.MiniKdc;
+import org.apache.hadoop.security.ssl.SSLFactory;
+import org.apache.hadoop.security.ssl.SSLHostnameVerifier;
import org.apache.zookeeper.Environment;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.webapp.WebAppContext;
@@ -32,6 +35,11 @@ import java.nio.file.Files;
import java.util.Locale;
import java.util.Properties;
+import static org.apache.atlas.security.SecurityProperties.CERT_STORES_CREDENTIAL_PROVIDER_PATH;
+import static org.apache.atlas.security.SecurityProperties.KEYSTORE_FILE_KEY;
+import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED;
+import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY;
+
/**
*
*/
@@ -42,11 +50,6 @@ public class BaseSecurityTest {
+ " useTicketCache=false\n" + " doNotPrompt=true\n" + " storeKey=true;\n" + "}; \n";
protected MiniKdc kdc;
- protected String getWarPath() {
- return String.format("/target/atlas-webapp-%s.war",
- System.getProperty("release.version"));
- }
-
protected void generateTestProperties(Properties props) throws ConfigurationException, IOException {
PropertiesConfiguration config =
new PropertiesConfiguration(System.getProperty("user.dir") + "/../src/conf/application.properties");
@@ -62,7 +65,7 @@ public class BaseSecurityTest {
protected void startEmbeddedServer(Server server) throws Exception {
WebAppContext webapp = new WebAppContext();
webapp.setContextPath("/");
- webapp.setWar(System.getProperty("user.dir") + getWarPath());
+ webapp.setWar(getWarPath());
server.setHandler(webapp);
server.start();
@@ -105,4 +108,22 @@ public class BaseSecurityTest {
kdc.createPrincipal(keytab, principal, principal + "/localhost", principal + "/127.0.0.1");
return keytab;
}
+
+ protected String getWarPath() {
+ return System.getProperty("projectBaseDir") + String.format("/webapp/target/atlas-webapp-%s",
+ System.getProperty("project.version"));
+ }
+
+ protected PropertiesConfiguration getSSLConfiguration(String providerUrl) {
+ String projectBaseDirectory = System.getProperty("projectBaseDir");
+ final PropertiesConfiguration configuration = new PropertiesConfiguration();
+ configuration.setProperty(TLS_ENABLED, true);
+ configuration.setProperty(TRUSTSTORE_FILE_KEY, projectBaseDirectory + "/webapp/target/atlas.keystore");
+ configuration.setProperty(KEYSTORE_FILE_KEY, projectBaseDirectory + "/webapp/target/atlas.keystore");
+ configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl);
+ configuration.setProperty(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY,
+ SSLHostnameVerifier.DEFAULT_AND_LOCALHOST.toString());
+ return configuration;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosIT.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosIT.java b/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosIT.java
new file mode 100755
index 0000000..0b95b7a
--- /dev/null
+++ b/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosIT.java
@@ -0,0 +1,127 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.web.security;
+
+import org.apache.atlas.AtlasClient;
+import org.apache.atlas.AtlasException;
+import org.apache.atlas.web.TestUtils;
+import org.apache.commons.configuration.PropertiesConfiguration;
+import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.security.alias.JavaKeyStoreProvider;
+import org.testng.Assert;
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+
+import java.io.File;
+import java.net.URL;
+import java.nio.file.Files;
+
+import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED;
+
+/**
+ * Perform all the necessary setup steps for client and server comm over SSL/Kerberos, but then don't estalish a
+ * kerberos user for the invocation. Need a separate use case since the Jersey layer cached the URL connection handler,
+ * which indirectly caches the kerberos delegation token.
+ */
+public class NegativeSSLAndKerberosIT extends BaseSSLAndKerberosTest {
+
+ private TestSecureEmbeddedServer secureEmbeddedServer;
+ private String originalConf;
+ private AtlasClient dgiClient;
+
+ @BeforeClass
+ public void setUp() throws Exception {
+ jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks");
+ providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();
+
+ String persistDir = TestUtils.getTempDirectory();
+
+ setupKDCAndPrincipals();
+ setupCredentials();
+
+ // client will actually only leverage subset of these properties
+ final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl);
+ configuration.setProperty("atlas.http.authentication.type", "kerberos");
+
+ TestUtils.writeConfiguration(configuration, persistDir + File.separator + "client.properties");
+
+ String confLocation = System.getProperty("atlas.conf");
+ URL url;
+ if (confLocation == null) {
+ url = NegativeSSLAndKerberosIT.class.getResource("/application.properties");
+ } else {
+ url = new File(confLocation, "application.properties").toURI().toURL();
+ }
+ configuration.load(url);
+
+ configuration.setProperty(TLS_ENABLED, true);
+ configuration.setProperty("atlas.http.authentication.enabled", "true");
+ configuration.setProperty("atlas.http.authentication.kerberos.principal", "HTTP/localhost@" + kdc.getRealm());
+ configuration.setProperty("atlas.http.authentication.kerberos.keytab", httpKeytabFile.getAbsolutePath());
+ configuration.setProperty("atlas.http.authentication.kerberos.name.rules",
+ "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT");
+
+ TestUtils.writeConfiguration(configuration, persistDir + File.separator + "application.properties");
+
+ dgiClient = new AtlasClient(DGI_URL) {
+ @Override
+ protected PropertiesConfiguration getClientProperties() throws AtlasException {
+ return configuration;
+ }
+ };
+
+ // save original setting
+ originalConf = System.getProperty("atlas.conf");
+ System.setProperty("atlas.conf", persistDir);
+ secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) {
+ @Override
+ public PropertiesConfiguration getConfiguration() {
+ return configuration;
+ }
+ };
+ secureEmbeddedServer.getServer().start();
+ }
+
+ @AfterClass
+ public void tearDown() throws Exception {
+ if (secureEmbeddedServer != null) {
+ secureEmbeddedServer.getServer().stop();
+ }
+
+ if (kdc != null) {
+ kdc.stop();
+ }
+
+ if (originalConf != null) {
+ System.setProperty("atlas.conf", originalConf);
+ }
+ }
+
+ @Test
+ public void testUnsecuredClient() throws Exception {
+ try {
+ dgiClient.listTypes();
+ Assert.fail("Should have failed with GSSException");
+ } catch(Exception e) {
+ e.printStackTrace();
+ Assert.assertTrue(e.getMessage().contains("Mechanism level: Failed to find any Kerberos tgt"));
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosIT.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosIT.java b/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosIT.java
new file mode 100755
index 0000000..f00ac64
--- /dev/null
+++ b/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosIT.java
@@ -0,0 +1,163 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.web.security;
+
+import org.apache.atlas.AtlasClient;
+import org.apache.atlas.AtlasException;
+import org.apache.atlas.web.TestUtils;
+import org.apache.commons.configuration.PropertiesConfiguration;
+import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.alias.JavaKeyStoreProvider;
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import java.io.File;
+import java.io.IOException;
+import java.net.URL;
+import java.nio.file.Files;
+import java.security.PrivilegedExceptionAction;
+
+import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED;
+
+public class SSLAndKerberosIT extends BaseSSLAndKerberosTest {
+ public static final String TEST_USER_JAAS_SECTION = "TestUser";
+ public static final String TESTUSER = "testuser";
+ public static final String TESTPASS = "testpass";
+
+ private static final String DGI_URL = "https://localhost:21443/";
+ private AtlasClient dgiCLient;
+ private TestSecureEmbeddedServer secureEmbeddedServer;
+ private Subject subject;
+ private String originalConf;
+
+ @BeforeClass
+ public void setUp() throws Exception {
+ jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks");
+ providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();
+
+ String persistDir = TestUtils.getTempDirectory();
+
+ setupKDCAndPrincipals();
+ setupCredentials();
+
+ // client will actually only leverage subset of these properties
+ final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl);
+ configuration.setProperty("atlas.http.authentication.type", "kerberos");
+ TestUtils.writeConfiguration(configuration, persistDir + File.separator + "client.properties");
+
+ String confLocation = System.getProperty("atlas.conf");
+ URL url;
+ if (confLocation == null) {
+ url = SSLAndKerberosIT.class.getResource("/application.properties");
+ } else {
+ url = new File(confLocation, "application.properties").toURI().toURL();
+ }
+ configuration.load(url);
+ configuration.setProperty(TLS_ENABLED, true);
+ configuration.setProperty("atlas.http.authentication.enabled", "true");
+ configuration.setProperty("atlas.http.authentication.kerberos.principal", "HTTP/localhost@" + kdc.getRealm());
+ configuration.setProperty("atlas.http.authentication.kerberos.keytab", httpKeytabFile.getAbsolutePath());
+ configuration.setProperty("atlas.http.authentication.kerberos.name.rules",
+ "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT");
+
+ TestUtils.writeConfiguration(configuration, persistDir + File.separator + "application.properties");
+
+ subject = loginTestUser();
+ UserGroupInformation.loginUserFromSubject(subject);
+ UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(
+ "testUser",
+ UserGroupInformation.getLoginUser());
+
+ dgiCLient = proxyUser.doAs(new PrivilegedExceptionAction<AtlasClient>() {
+ @Override
+ public AtlasClient run() throws Exception {
+ return new AtlasClient(DGI_URL) {
+ @Override
+ protected PropertiesConfiguration getClientProperties() throws AtlasException {
+ return configuration;
+ }
+ };
+ }
+ });
+
+ // save original setting
+ originalConf = System.getProperty("atlas.conf");
+ System.setProperty("atlas.conf", persistDir);
+ secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) {
+ @Override
+ public PropertiesConfiguration getConfiguration() {
+ return configuration;
+ }
+ };
+ secureEmbeddedServer.getServer().start();
+ }
+
+ @AfterClass
+ public void tearDown() throws Exception {
+ if (secureEmbeddedServer != null) {
+ secureEmbeddedServer.getServer().stop();
+ }
+
+ if (kdc != null) {
+ kdc.stop();
+ }
+
+ if (originalConf != null) {
+ System.setProperty("atlas.conf", originalConf);
+ }
+ }
+
+ protected Subject loginTestUser() throws LoginException, IOException {
+ LoginContext lc = new LoginContext(TEST_USER_JAAS_SECTION, new CallbackHandler() {
+
+ @Override
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof PasswordCallback) {
+ PasswordCallback passwordCallback = (PasswordCallback) callbacks[i];
+ passwordCallback.setPassword(TESTPASS.toCharArray());
+ }
+ if (callbacks[i] instanceof NameCallback) {
+ NameCallback nameCallback = (NameCallback) callbacks[i];
+ nameCallback.setName(TESTUSER);
+ }
+ }
+ }
+ });
+ // attempt authentication
+ lc.login();
+ return lc.getSubject();
+ }
+
+ @Test
+ public void testService() throws Exception {
+ dgiCLient.listTypes();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/test/java/org/apache/atlas/web/security/SSLIT.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/SSLIT.java b/webapp/src/test/java/org/apache/atlas/web/security/SSLIT.java
new file mode 100755
index 0000000..3e23185
--- /dev/null
+++ b/webapp/src/test/java/org/apache/atlas/web/security/SSLIT.java
@@ -0,0 +1,137 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.web.security;
+
+import org.apache.atlas.AtlasClient;
+import org.apache.atlas.AtlasException;
+import org.apache.atlas.web.TestUtils;
+import org.apache.atlas.web.service.SecureEmbeddedServer;
+import org.apache.commons.configuration.PropertiesConfiguration;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.security.alias.CredentialProvider;
+import org.apache.hadoop.security.alias.CredentialProviderFactory;
+import org.apache.hadoop.security.alias.JavaKeyStoreProvider;
+import org.eclipse.jetty.server.Server;
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Files;
+
+import static org.apache.atlas.security.SecurityProperties.KEYSTORE_PASSWORD_KEY;
+import static org.apache.atlas.security.SecurityProperties.SERVER_CERT_PASSWORD_KEY;
+import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_KEY;
+
+public class SSLIT extends BaseSSLAndKerberosTest {
+ private AtlasClient dgiCLient;
+ private Path jksPath;
+ private String providerUrl;
+ private TestSecureEmbeddedServer secureEmbeddedServer;
+
+ class TestSecureEmbeddedServer extends SecureEmbeddedServer {
+
+ public TestSecureEmbeddedServer(int port, String path) throws IOException {
+ super(port, path);
+ }
+
+ public Server getServer() {
+ return server;
+ }
+
+ @Override
+ public org.apache.commons.configuration.Configuration getConfiguration() {
+ return super.getConfiguration();
+ }
+ }
+
+ @BeforeClass
+ public void setUp() throws Exception {
+ jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks");
+ providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();
+
+ String persistDir = TestUtils.getTempDirectory();
+
+ setupCredentials();
+
+ final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl);
+ TestUtils.writeConfiguration(configuration, persistDir + File.separator + "client.properties");
+
+ dgiCLient = new AtlasClient(DGI_URL) {
+ @Override
+ protected PropertiesConfiguration getClientProperties() throws AtlasException {
+ return configuration;
+ }
+ };
+
+ secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) {
+ @Override
+ public PropertiesConfiguration getConfiguration() {
+ return configuration;
+ }
+ };
+ secureEmbeddedServer.getServer().start();
+ }
+
+ @AfterClass
+ public void tearDown() throws Exception {
+ if (secureEmbeddedServer != null) {
+ secureEmbeddedServer.getServer().stop();
+ }
+ }
+
+ protected void setupCredentials() throws Exception {
+ Configuration conf = new Configuration(false);
+
+ File file = new File(jksPath.toUri().getPath());
+ file.delete();
+ conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);
+
+ CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
+
+ // create new aliases
+ try {
+
+ char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
+ provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);
+
+ char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
+ provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);
+
+ char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
+ provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);
+
+ char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
+ provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);
+
+ // write out so that it can be found in checks
+ provider.flush();
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw e;
+ }
+ }
+
+ @Test
+ public void testService() throws Exception {
+ dgiCLient.listTypes();
+ }
+}