View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  package org.apache.hadoop.hbase.security.token;
20  
21  import org.apache.hadoop.conf.Configuration;
22  import org.apache.hadoop.fs.Path;
23  import org.apache.hadoop.hbase.HBaseTestingUtility;
24  import org.apache.hadoop.hbase.LocalHBaseCluster;
25  import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
26  import org.apache.hadoop.hbase.http.ssl.KeyStoreTestUtil;
27  import org.apache.hadoop.hbase.security.HBaseKerberosUtils;
28  import org.apache.hadoop.hbase.util.FSUtils;
29  import org.apache.hadoop.hdfs.DFSConfigKeys;
30  import org.apache.hadoop.http.HttpConfig;
31  import org.apache.hadoop.minikdc.MiniKdc;
32  import org.apache.hadoop.security.UserGroupInformation;
33  import org.junit.AfterClass;
34  import org.junit.BeforeClass;
35  
36  import java.io.File;
37  
38  /**
39   * The class for set up a security cluster with kerberos, hdfs, hbase.
40   */
41  public class SecureTestCluster {
42    protected static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
43  
44    protected static String USERNAME;
45  
46    private static LocalHBaseCluster CLUSTER;
47  
48    private static final File KEYTAB_FILE = new File(TEST_UTIL.getDataTestDir("keytab").toUri()
49        .getPath());
50    private static MiniKdc KDC;
51  
52    private static String HOST = "localhost";
53  
54    private static String PRINCIPAL;
55  
56    private static String HTTP_PRINCIPAL;
57  
58    /**
59     * Setup the security configuration for hdfs.
60     */
61    private static void setHdfsSecuredConfiguration(Configuration conf) throws Exception {
62      // change XXX_USER_NAME_KEY to XXX_KERBEROS_PRINCIPAL_KEY after we drop support for hadoop-2.4.1
63      conf.set(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, PRINCIPAL + "@" + KDC.getRealm());
64      conf.set(DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY, KEYTAB_FILE.getAbsolutePath());
65      conf.set(DFSConfigKeys.DFS_DATANODE_USER_NAME_KEY, PRINCIPAL + "@" + KDC.getRealm());
66      conf.set(DFSConfigKeys.DFS_DATANODE_KEYTAB_FILE_KEY, KEYTAB_FILE.getAbsolutePath());
67      conf.set(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY, HTTP_PRINCIPAL + "@"
68          + KDC.getRealm());
69      conf.setBoolean(DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY, true);
70      conf.set(DFSConfigKeys.DFS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTPS_ONLY.name());
71      conf.set(DFSConfigKeys.DFS_NAMENODE_HTTPS_ADDRESS_KEY, "localhost:0");
72      conf.set(DFSConfigKeys.DFS_DATANODE_HTTPS_ADDRESS_KEY, "localhost:0");
73  
74      File keystoresDir = new File(TEST_UTIL.getDataTestDir("keystore").toUri().getPath());
75      keystoresDir.mkdirs();
76      String sslConfDir = KeyStoreTestUtil.getClasspathDir(TestGenerateDelegationToken.class);
77      KeyStoreTestUtil.setupSSLConfig(keystoresDir.getAbsolutePath(), sslConfDir, conf, false);
78  
79      conf.setBoolean("ignore.secure.ports.for.testing", true);
80    }
81  
82    /**
83     * Setup and start kerberos, hbase
84     */
85    @BeforeClass
86    public static void setUp() throws Exception {
87      KDC = TEST_UTIL.setupMiniKdc(KEYTAB_FILE);
88      USERNAME = UserGroupInformation.getLoginUser().getShortUserName();
89      PRINCIPAL = USERNAME + "/" + HOST;
90      HTTP_PRINCIPAL = "HTTP/" + HOST;
91      KDC.createPrincipal(KEYTAB_FILE, PRINCIPAL, HTTP_PRINCIPAL);
92      TEST_UTIL.startMiniZKCluster();
93  
94      HBaseKerberosUtils.setPrincipalForTesting(PRINCIPAL + "@" + KDC.getRealm());
95      HBaseKerberosUtils.setSecuredConfiguration(TEST_UTIL.getConfiguration());
96  
97      setHdfsSecuredConfiguration(TEST_UTIL.getConfiguration());
98      UserGroupInformation.setConfiguration(TEST_UTIL.getConfiguration());
99      TEST_UTIL.getConfiguration().setStrings(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY,
100         TokenProvider.class.getName());
101     TEST_UTIL.startMiniDFSCluster(1);
102     Path rootdir = TEST_UTIL.getDataTestDirOnTestFS("TestGenerateDelegationToken");
103     FSUtils.setRootDir(TEST_UTIL.getConfiguration(), rootdir);
104     CLUSTER = new LocalHBaseCluster(TEST_UTIL.getConfiguration(), 1);
105     CLUSTER.startup();
106   }
107 
108   @AfterClass
109   public static void tearDown() throws Exception {
110     if (CLUSTER != null) {
111       CLUSTER.shutdown();
112       CLUSTER.join();
113     }
114     if (KDC != null) {
115       KDC.stop();
116     }
117     TEST_UTIL.shutdownMiniCluster();
118   }
119 }