Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.security.token;
019
020import java.io.File;
021import org.apache.hadoop.fs.Path;
022import org.apache.hadoop.hbase.HBaseTestingUtil;
023import org.apache.hadoop.hbase.LocalHBaseCluster;
024import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
025import org.apache.hadoop.hbase.master.ServerManager;
026import org.apache.hadoop.hbase.security.HBaseKerberosUtils;
027import org.apache.hadoop.hbase.util.CommonFSUtils;
028import org.apache.hadoop.minikdc.MiniKdc;
029import org.apache.hadoop.security.UserGroupInformation;
030import org.junit.jupiter.api.AfterAll;
031
032/**
033 * The class for set up a security cluster with kerberos, hdfs, hbase.
034 */
035public class SecureTestCluster {
036  protected static final HBaseTestingUtil TEST_UTIL = new HBaseTestingUtil();
037
038  protected static String USERNAME;
039
040  private static LocalHBaseCluster CLUSTER;
041
042  private static final File KEYTAB_FILE =
043    new File(TEST_UTIL.getDataTestDir("keytab").toUri().getPath());
044  private static MiniKdc KDC;
045
046  private static String HOST = "localhost";
047
048  private static String PRINCIPAL;
049
050  private static String HTTP_PRINCIPAL;
051
052  // When extending SecureTestCluster on downstream projects that refer SecureTestCluster via
053  // hbase-server jar, we need to provide a way for the implementation to refer to its own class
054  // definition, so that KeyStoreTestUtil.getClasspathDir can resolve a valid path in the local FS
055  // to place required SSL config files.
056  private static Class<?> testRunnerClass = SecureTestCluster.class;
057
058  /**
059   * SecureTestCluster extending classes can set their own <code>Class</code> reference type to be
060   * used as the target resource to be looked for on the class loader by
061   * <code>KeyStoreTestUtil</code>, when deciding where to place ssl related config files.
062   * @param testRunnerClass a <code>Class</code> reference from the <code>SecureTestCluster</code>
063   *                        extender.
064   */
065  protected static void setTestRunner(Class<?> testRunnerClass) {
066    SecureTestCluster.testRunnerClass = testRunnerClass;
067  }
068
069  /**
070   * Setup and start kerberos, hbase
071   */
072  protected static void setUpCluster() throws Exception {
073    // Can take a long time for the mini kdc to come up on loaded test cluster. Tolerate this in
074    // test by upping the skew time allowed from 30s to 90s.
075    TEST_UTIL.getConfiguration().setLong(ServerManager.MAX_CLOCK_SKEW_MS, 90000);
076    KDC = TEST_UTIL.setupMiniKdc(KEYTAB_FILE);
077    USERNAME = UserGroupInformation.getLoginUser().getShortUserName();
078    PRINCIPAL = USERNAME + "/" + HOST;
079    HTTP_PRINCIPAL = "HTTP/" + HOST;
080    KDC.createPrincipal(KEYTAB_FILE, PRINCIPAL, HTTP_PRINCIPAL);
081    TEST_UTIL.startMiniZKCluster();
082
083    HBaseKerberosUtils.setSecuredConfiguration(TEST_UTIL.getConfiguration(),
084      PRINCIPAL + "@" + KDC.getRealm(), HTTP_PRINCIPAL + "@" + KDC.getRealm());
085    HBaseKerberosUtils.setSSLConfiguration(TEST_UTIL, testRunnerClass);
086
087    TEST_UTIL.getConfiguration().setStrings(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY,
088      TokenProvider.class.getName());
089    TEST_UTIL.startMiniDFSCluster(1);
090    Path rootdir = TEST_UTIL.getDataTestDirOnTestFS("TestGenerateDelegationToken");
091    CommonFSUtils.setRootDir(TEST_UTIL.getConfiguration(), rootdir);
092    CLUSTER = new LocalHBaseCluster(TEST_UTIL.getConfiguration(), 1);
093    CLUSTER.startup();
094  }
095
096  @AfterAll
097  public static void tearDown() throws Exception {
098    try {
099      if (CLUSTER != null) {
100        CLUSTER.shutdown();
101      }
102      CLUSTER.join();
103      if (KDC != null) {
104        KDC.stop();
105      }
106      TEST_UTIL.shutdownMiniCluster();
107    } finally {
108      setTestRunner(SecureTestCluster.class);
109    }
110  }
111}