src/kudu/sentry/sentry-test-base.h - kudu - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.

 #pragma once

 #include <string>

 #include "kudu/gutil/strings/substitute.h"
 #include "kudu/rpc/sasl_common.h"
 #include "kudu/security/test/mini_kdc.h"
 #include "kudu/sentry/mini_sentry.h"
 #include "kudu/sentry/sentry_client.h"
 #include "kudu/thrift/client.h"
 #include "kudu/util/net/net_util.h"
 #include "kudu/util/test_macros.h"
 #include "kudu/util/test_util.h"

 namespace kudu {
 namespace sentry {

 class SentryTestBase : public KuduTest {
  public:

   void SetUp() override {
     KuduTest::SetUp();

     thrift::ClientOptions sentry_client_opts;
     sentry_.reset(new MiniSentry());
     std::string host = GetBindIpForDaemon(1, kDefaultBindMode);
     HostPort address(host, 0);
     sentry_->SetAddress(address);
     if (KerberosEnabled()) {
       kdc_.reset(new MiniKdc(MiniKdcOptions()));
       ASSERT_OK(kdc_->Start());

       // Create a service principal for the Sentry, and configure it to use it.
       std::string spn = strings::Substitute("sentry/$0", host);
       std::string ktpath;
       ASSERT_OK(kdc_->CreateServiceKeytab(spn, &ktpath));

       sentry_->EnableKerberos(kdc_->GetEnvVars()["KRB5_CONFIG"],
                               strings::Substitute("$0@KRBTEST.COM", spn),
                               ktpath);

       ASSERT_OK(rpc::SaslInit());
       // Create a principal 'kudu' for the SentryAuthzProvider, and configure it
       // to use it.
       ASSERT_OK(kdc_->CreateUserPrincipal("kudu"));
       ASSERT_OK(kdc_->Kinit("kudu"));
       ASSERT_OK(kdc_->SetKrb5Environment());
       sentry_client_opts.enable_kerberos = true;
       sentry_client_opts.service_principal = "sentry";
     }

     ASSERT_OK(sentry_->Start());
     sentry_client_.reset(new SentryClient(sentry_->address(), sentry_client_opts));
     ASSERT_OK(sentry_client_->Start());
   }

   void TearDown() override {
     if (sentry_client_) {
       ASSERT_OK(sentry_client_->Stop());
     }
     ASSERT_OK(sentry_->Stop());
     KuduTest::TearDown();
   }

   virtual bool KerberosEnabled() const = 0;

  protected:
   std::unique_ptr<MiniKdc> kdc_;
   std::unique_ptr<MiniSentry> sentry_;
   std::unique_ptr<SentryClient> sentry_client_;
 };

 } // namespace sentry
 } // namespace kudu
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.

	#pragma once

	#include <string>

	#include "kudu/gutil/strings/substitute.h"
	#include "kudu/rpc/sasl_common.h"
	#include "kudu/security/test/mini_kdc.h"
	#include "kudu/sentry/mini_sentry.h"
	#include "kudu/sentry/sentry_client.h"
	#include "kudu/thrift/client.h"
	#include "kudu/util/net/net_util.h"
	#include "kudu/util/test_macros.h"
	#include "kudu/util/test_util.h"

	namespace kudu {
	namespace sentry {

	class SentryTestBase : public KuduTest {
	public:

	void SetUp() override {
	KuduTest::SetUp();

	thrift::ClientOptions sentry_client_opts;
	sentry_.reset(new MiniSentry());
	std::string host = GetBindIpForDaemon(1, kDefaultBindMode);
	HostPort address(host, 0);
	sentry_->SetAddress(address);
	if (KerberosEnabled()) {
	kdc_.reset(new MiniKdc(MiniKdcOptions()));
	ASSERT_OK(kdc_->Start());

	// Create a service principal for the Sentry, and configure it to use it.
	std::string spn = strings::Substitute("sentry/$0", host);
	std::string ktpath;
	ASSERT_OK(kdc_->CreateServiceKeytab(spn, &ktpath));

	sentry_->EnableKerberos(kdc_->GetEnvVars()["KRB5_CONFIG"],
	strings::Substitute("$0@KRBTEST.COM", spn),
	ktpath);

	ASSERT_OK(rpc::SaslInit());
	// Create a principal 'kudu' for the SentryAuthzProvider, and configure it
	// to use it.
	ASSERT_OK(kdc_->CreateUserPrincipal("kudu"));
	ASSERT_OK(kdc_->Kinit("kudu"));
	ASSERT_OK(kdc_->SetKrb5Environment());
	sentry_client_opts.enable_kerberos = true;
	sentry_client_opts.service_principal = "sentry";
	}

	ASSERT_OK(sentry_->Start());
	sentry_client_.reset(new SentryClient(sentry_->address(), sentry_client_opts));
	ASSERT_OK(sentry_client_->Start());
	}

	void TearDown() override {
	if (sentry_client_) {
	ASSERT_OK(sentry_client_->Stop());
	}
	ASSERT_OK(sentry_->Stop());
	KuduTest::TearDown();
	}

	virtual bool KerberosEnabled() const = 0;

	protected:
	std::unique_ptr<MiniKdc> kdc_;
	std::unique_ptr<MiniSentry> sentry_;
	std::unique_ptr<SentryClient> sentry_client_;
	};

	} // namespace sentry
	} // namespace kudu