public virtual void TestDefaults() { KMSACLs acls = new KMSACLs(new Configuration(false)); foreach (KMSACLs.Type type in KMSACLs.Type.Values()) { Assert.True(acls.HasAccess(type, UserGroupInformation.CreateRemoteUser ("foo"))); } }
public virtual void TestKeyAclConfigurationLoad() { Configuration conf = new Configuration(false); conf.Set(KeyAuthorizationKeyProvider.KeyAcl + "test_key_1.MANAGEMENT", "CREATE"); conf.Set(KeyAuthorizationKeyProvider.KeyAcl + "test_key_2.ALL", "CREATE"); conf.Set(KeyAuthorizationKeyProvider.KeyAcl + "test_key_3.NONEXISTOPERATION", "CREATE" ); conf.Set(KMSConfiguration.DefaultKeyAclPrefix + "MANAGEMENT", "ROLLOVER"); conf.Set(KMSConfiguration.WhitelistKeyAclPrefix + "MANAGEMENT", "DECRYPT_EEK"); KMSACLs acls = new KMSACLs(conf); Assert.True("expected key ACL size is 2 but got " + acls.keyAcls .Count, acls.keyAcls.Count == 2); }
public virtual void TestCustom() { Configuration conf = new Configuration(false); foreach (KMSACLs.Type type in KMSACLs.Type.Values()) { conf.Set(type.GetAclConfigKey(), type.ToString() + " "); } KMSACLs acls = new KMSACLs(conf); foreach (KMSACLs.Type type_1 in KMSACLs.Type.Values()) { Assert.True(acls.HasAccess(type_1, UserGroupInformation.CreateRemoteUser (type_1.ToString()))); NUnit.Framework.Assert.IsFalse(acls.HasAccess(type_1, UserGroupInformation.CreateRemoteUser ("foo"))); } }
public virtual void ContextInitialized(ServletContextEvent sce) { try { string confDir = Runtime.GetProperty(KMSConfiguration.KmsConfigDir); if (confDir == null) { throw new RuntimeException("System property '" + KMSConfiguration.KmsConfigDir + "' not defined"); } kmsConf = KMSConfiguration.GetKMSConf(); InitLogging(confDir); Log.Info("-------------------------------------------------------------"); Log.Info(" Java runtime version : {}", Runtime.GetProperty("java.runtime.version" )); Log.Info(" KMS Hadoop Version: " + VersionInfo.GetVersion()); Log.Info("-------------------------------------------------------------"); kmsAcls = new KMSACLs(); kmsAcls.StartReloader(); metricRegistry = new MetricRegistry(); jmxReporter = JmxReporter.ForRegistry(metricRegistry).Build(); jmxReporter.Start(); generateEEKCallsMeter = metricRegistry.Register(GenerateEekMeter, new Meter()); decryptEEKCallsMeter = metricRegistry.Register(DecryptEekMeter, new Meter()); adminCallsMeter = metricRegistry.Register(AdminCallsMeter, new Meter()); keyCallsMeter = metricRegistry.Register(KeyCallsMeter, new Meter()); invalidCallsMeter = metricRegistry.Register(InvalidCallsMeter, new Meter()); unauthorizedCallsMeter = metricRegistry.Register(UnauthorizedCallsMeter, new Meter ()); unauthenticatedCallsMeter = metricRegistry.Register(UnauthenticatedCallsMeter, new Meter()); kmsAudit = new KMSAudit(kmsConf.GetLong(KMSConfiguration.KmsAuditAggregationWindow , KMSConfiguration.KmsAuditAggregationWindowDefault)); // this is required for the the JMXJsonServlet to work properly. // the JMXJsonServlet is behind the authentication filter, // thus the '*' ACL. sce.GetServletContext().SetAttribute(HttpServer2.ConfContextAttribute, kmsConf); sce.GetServletContext().SetAttribute(HttpServer2.AdminsAcl, new AccessControlList (AccessControlList.WildcardAclValue)); // intializing the KeyProvider string providerString = kmsConf.Get(KMSConfiguration.KeyProviderUri); if (providerString == null) { throw new InvalidOperationException("No KeyProvider has been defined"); } KeyProvider keyProvider = KeyProviderFactory.Get(new URI(providerString), kmsConf ); if (kmsConf.GetBoolean(KMSConfiguration.KeyCacheEnable, KMSConfiguration.KeyCacheEnableDefault )) { long keyTimeOutMillis = kmsConf.GetLong(KMSConfiguration.KeyCacheTimeoutKey, KMSConfiguration .KeyCacheTimeoutDefault); long currKeyTimeOutMillis = kmsConf.GetLong(KMSConfiguration.CurrKeyCacheTimeoutKey , KMSConfiguration.CurrKeyCacheTimeoutDefault); keyProvider = new CachingKeyProvider(keyProvider, keyTimeOutMillis, currKeyTimeOutMillis ); } Log.Info("Initialized KeyProvider " + keyProvider); keyProviderCryptoExtension = KeyProviderCryptoExtension.CreateKeyProviderCryptoExtension (keyProvider); keyProviderCryptoExtension = new EagerKeyGeneratorKeyProviderCryptoExtension(kmsConf , keyProviderCryptoExtension); if (kmsConf.GetBoolean(KMSConfiguration.KeyAuthorizationEnable, KMSConfiguration. KeyAuthorizationEnableDefault)) { keyProviderCryptoExtension = new KeyAuthorizationKeyProvider(keyProviderCryptoExtension , kmsAcls); } Log.Info("Initialized KeyProviderCryptoExtension " + keyProviderCryptoExtension); int defaultBitlength = kmsConf.GetInt(KeyProvider.DefaultBitlengthName, KeyProvider .DefaultBitlength); Log.Info("Default key bitlength is {}", defaultBitlength); Log.Info("KMS Started"); } catch (Exception ex) { System.Console.Out.WriteLine(); System.Console.Out.WriteLine("ERROR: Hadoop KMS could not be started"); System.Console.Out.WriteLine(); System.Console.Out.WriteLine("REASON: " + ex.ToString()); System.Console.Out.WriteLine(); System.Console.Out.WriteLine("Stacktrace:"); System.Console.Out.WriteLine("---------------------------------------------------" ); Runtime.PrintStackTrace(ex, System.Console.Out); System.Console.Out.WriteLine("---------------------------------------------------" ); System.Console.Out.WriteLine(); System.Environment.Exit(1); } }