public virtual void TestDefaults()
{
KMSACLs acls = new KMSACLs(new Configuration(false));
foreach (KMSACLs.Type type in KMSACLs.Type.Values())
{
Assert.True(acls.HasAccess(type, UserGroupInformation.CreateRemoteUser
("foo")));
}
}
public virtual void TestKeyAclConfigurationLoad()
{
Configuration conf = new Configuration(false);
conf.Set(KeyAuthorizationKeyProvider.KeyAcl + "test_key_1.MANAGEMENT", "CREATE");
conf.Set(KeyAuthorizationKeyProvider.KeyAcl + "test_key_2.ALL", "CREATE");
conf.Set(KeyAuthorizationKeyProvider.KeyAcl + "test_key_3.NONEXISTOPERATION", "CREATE"
);
conf.Set(KMSConfiguration.DefaultKeyAclPrefix + "MANAGEMENT", "ROLLOVER");
conf.Set(KMSConfiguration.WhitelistKeyAclPrefix + "MANAGEMENT", "DECRYPT_EEK");
KMSACLs acls = new KMSACLs(conf);
Assert.True("expected key ACL size is 2 but got " + acls.keyAcls
.Count, acls.keyAcls.Count == 2);
}
public virtual void TestCustom()
{
Configuration conf = new Configuration(false);
foreach (KMSACLs.Type type in KMSACLs.Type.Values())
{
conf.Set(type.GetAclConfigKey(), type.ToString() + " ");
}
KMSACLs acls = new KMSACLs(conf);
foreach (KMSACLs.Type type_1 in KMSACLs.Type.Values())
{
Assert.True(acls.HasAccess(type_1, UserGroupInformation.CreateRemoteUser
(type_1.ToString())));
NUnit.Framework.Assert.IsFalse(acls.HasAccess(type_1, UserGroupInformation.CreateRemoteUser
("foo")));
}
}
public virtual void ContextInitialized(ServletContextEvent sce)
{
try
{
string confDir = Runtime.GetProperty(KMSConfiguration.KmsConfigDir);
if (confDir == null)
{
throw new RuntimeException("System property '" + KMSConfiguration.KmsConfigDir +
"' not defined");
}
kmsConf = KMSConfiguration.GetKMSConf();
InitLogging(confDir);
Log.Info("-------------------------------------------------------------");
Log.Info(" Java runtime version : {}", Runtime.GetProperty("java.runtime.version"
));
Log.Info(" KMS Hadoop Version: " + VersionInfo.GetVersion());
Log.Info("-------------------------------------------------------------");
kmsAcls = new KMSACLs();
kmsAcls.StartReloader();
metricRegistry = new MetricRegistry();
jmxReporter = JmxReporter.ForRegistry(metricRegistry).Build();
jmxReporter.Start();
generateEEKCallsMeter = metricRegistry.Register(GenerateEekMeter, new Meter());
decryptEEKCallsMeter = metricRegistry.Register(DecryptEekMeter, new Meter());
adminCallsMeter = metricRegistry.Register(AdminCallsMeter, new Meter());
keyCallsMeter = metricRegistry.Register(KeyCallsMeter, new Meter());
invalidCallsMeter = metricRegistry.Register(InvalidCallsMeter, new Meter());
unauthorizedCallsMeter = metricRegistry.Register(UnauthorizedCallsMeter, new Meter
());
unauthenticatedCallsMeter = metricRegistry.Register(UnauthenticatedCallsMeter, new
Meter());
kmsAudit = new KMSAudit(kmsConf.GetLong(KMSConfiguration.KmsAuditAggregationWindow
, KMSConfiguration.KmsAuditAggregationWindowDefault));
// this is required for the the JMXJsonServlet to work properly.
// the JMXJsonServlet is behind the authentication filter,
// thus the '*' ACL.
sce.GetServletContext().SetAttribute(HttpServer2.ConfContextAttribute, kmsConf);
sce.GetServletContext().SetAttribute(HttpServer2.AdminsAcl, new AccessControlList
(AccessControlList.WildcardAclValue));
// intializing the KeyProvider
string providerString = kmsConf.Get(KMSConfiguration.KeyProviderUri);
if (providerString == null)
{
throw new InvalidOperationException("No KeyProvider has been defined");
}
KeyProvider keyProvider = KeyProviderFactory.Get(new URI(providerString), kmsConf
);
if (kmsConf.GetBoolean(KMSConfiguration.KeyCacheEnable, KMSConfiguration.KeyCacheEnableDefault
))
{
long keyTimeOutMillis = kmsConf.GetLong(KMSConfiguration.KeyCacheTimeoutKey, KMSConfiguration
.KeyCacheTimeoutDefault);
long currKeyTimeOutMillis = kmsConf.GetLong(KMSConfiguration.CurrKeyCacheTimeoutKey
, KMSConfiguration.CurrKeyCacheTimeoutDefault);
keyProvider = new CachingKeyProvider(keyProvider, keyTimeOutMillis, currKeyTimeOutMillis
);
}
Log.Info("Initialized KeyProvider " + keyProvider);
keyProviderCryptoExtension = KeyProviderCryptoExtension.CreateKeyProviderCryptoExtension
(keyProvider);
keyProviderCryptoExtension = new EagerKeyGeneratorKeyProviderCryptoExtension(kmsConf
, keyProviderCryptoExtension);
if (kmsConf.GetBoolean(KMSConfiguration.KeyAuthorizationEnable, KMSConfiguration.
KeyAuthorizationEnableDefault))
{
keyProviderCryptoExtension = new KeyAuthorizationKeyProvider(keyProviderCryptoExtension
, kmsAcls);
}
Log.Info("Initialized KeyProviderCryptoExtension " + keyProviderCryptoExtension);
int defaultBitlength = kmsConf.GetInt(KeyProvider.DefaultBitlengthName, KeyProvider
.DefaultBitlength);
Log.Info("Default key bitlength is {}", defaultBitlength);
Log.Info("KMS Started");
}
catch (Exception ex)
{
System.Console.Out.WriteLine();
System.Console.Out.WriteLine("ERROR: Hadoop KMS could not be started");
System.Console.Out.WriteLine();
System.Console.Out.WriteLine("REASON: " + ex.ToString());
System.Console.Out.WriteLine();
System.Console.Out.WriteLine("Stacktrace:");
System.Console.Out.WriteLine("---------------------------------------------------"
);
Runtime.PrintStackTrace(ex, System.Console.Out);
System.Console.Out.WriteLine("---------------------------------------------------"
);
System.Console.Out.WriteLine();
System.Environment.Exit(1);
}
}
