Skip to content
Permalink
Browse files
User can run benchmarks with SecurityManager (#91)
Co-authored-by: Murtuza Boxwala <mboxwala@pivotal.io>
Co-authored-by: Kamilla Aslami <kaslami@pivotal.io>
  • Loading branch information
2 people authored and pivotal-jbarrett committed Jul 22, 2019
1 parent dd05f32 commit 051ec9bcdcacbcedd441841a61c45a7989c403b2
Showing 13 changed files with 243 additions and 53 deletions.
@@ -4,3 +4,5 @@ out
build/
output*/
temp-self-signed.jks
geode-benchmarks/security.json
harness/security.json
@@ -49,15 +49,16 @@ For example:
```

Options:

-Phosts : Hosts used by benchmarks on the order of client,locator,server,server (-Phosts=localhost,localhost,localhost,localhost)
-PoutputDir : Results output directory (-PoutputDir=/tmp/results)
-PtestJVM : Path to an alternative JVM for running the client, locator, and servers. If not specified JAVA_HOME will be used. Note all compilation tasks will still use JAVA_HOME.
-PwithSsl : Flag to run geode with SSL. A self-signed certificate will be generated at runtime.
--tests : Specific benchmarks to run (--tests=PartitionedPutBenchmark)
-d : Debug
-i : Info

```
-Phosts : Hosts used by benchmarks on the order of client,locator,server,server (-Phosts=localhost,localhost,localhost,localhost)
-PoutputDir : Results output directory (-PoutputDir=/tmp/results)
-PtestJVM : Path to an alternative JVM for running the client, locator, and servers. If not specified JAVA_HOME will be used. Note all compilation tasks will still use JAVA_HOME.
-PwithSsl : Flag to run geode with SSL. A self-signed certificate will be generated at runtime.
-PwithSecurityManager : Flag to start Geode with the example implementation of SecurityManager
--tests : Specific benchmarks to run (--tests=PartitionedPutBenchmark)
-d : Debug
-i : Info
```
### Running in aws

This project includes some scripts to automate running benchmarks in AWS. See the
@@ -77,6 +77,7 @@ task benchmark(type: Test) {
systemProperty 'TEST_METADATA', project.findProperty('metadata')
systemProperty 'OUTPUT_DIR', outputDir
systemProperty 'withSsl', project.hasProperty('withSsl')
systemProperty 'withSecurityManager', project.hasProperty('withSecurityManager')
systemProperty 'benchmark.profiler.argument', project.findProperty('benchmark.profiler.argument')

doFirst {
@@ -26,6 +26,7 @@
import static org.apache.geode.distributed.ConfigurationProperties.LOG_LEVEL;
import static org.apache.geode.distributed.ConfigurationProperties.MEMBER_TIMEOUT;
import static org.apache.geode.distributed.ConfigurationProperties.REMOVE_UNRESPONSIVE_CLIENT;
import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
import static org.apache.geode.distributed.ConfigurationProperties.SERIALIZABLE_OBJECT_FILTER;
import static org.apache.geode.distributed.ConfigurationProperties.SSL_ENABLED_COMPONENTS;
import static org.apache.geode.distributed.ConfigurationProperties.STATISTIC_SAMPLING_ENABLED;
@@ -34,6 +35,7 @@

import java.util.Properties;

import org.apache.geode.benchmark.security.ExampleAuthInit;

public class GeodeProperties {

@@ -55,12 +57,12 @@ public static Properties serverProperties() {
properties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
properties.setProperty(SERIALIZABLE_OBJECT_FILTER, "benchmark.geode.data.**");

return properties;
return withOptions(properties);
}

public static Properties locatorProperties() {
// Locator properties are the same as the server properties right now
return serverProperties();
return withOptions(serverProperties());
}

public static Properties clientProperties() {
@@ -71,12 +73,47 @@ public static Properties clientProperties() {
properties.setProperty(STATISTIC_SAMPLING_ENABLED, "true");
properties.setProperty(MEMBER_TIMEOUT, "8000");

return properties;
properties.setProperty("security-username", "superUser");
properties.setProperty("security-password", "123");
properties.setProperty("security-client-auth-init", ExampleAuthInit.class.getName());

return withOptions(properties);
}

public static Properties withSecurityManager(Properties properties) {
properties.setProperty(SECURITY_MANAGER,
"org.apache.geode.examples.security.ExampleSecurityManager");
properties.setProperty("security-username", "superUser");
properties.setProperty("security-password", "123");
return properties;
}

public static Properties withSsl(Properties properties) {
properties.setProperty(SSL_ENABLED_COMPONENTS, ALL);
return properties;
}

private static boolean isSecurityManagerEnabled() {
return isPropertySet("withSecurityManager");
}

private static boolean isSslEnabled() {
return isPropertySet("withSsl");
}

private static boolean isPropertySet(String withSecurityManager) {
String withSecurityManagerArg = System.getProperty(withSecurityManager);
return withSecurityManagerArg != null && withSecurityManagerArg.equals("true");
}

private static Properties withOptions(Properties properties) {
if (isSslEnabled()) {
properties = withSsl(properties);
}

if (isSecurityManagerEnabled()) {
properties = withSecurityManager(properties);
}
return properties;
}
}
@@ -0,0 +1,66 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package org.apache.geode.benchmark.security;

import java.util.Properties;

import org.apache.geode.LogWriter;
import org.apache.geode.distributed.DistributedMember;
import org.apache.geode.security.AuthInitialize;
import org.apache.geode.security.AuthenticationFailedException;

public class ExampleAuthInit implements AuthInitialize {

private static final String USER_NAME = "security-username";
private static final String PASSWORD = "security-password";

private static final String INSECURE_PASSWORD_FOR_EVERY_USER = "123";

/**
* The implementer would use their existing infrastructure (e.g., ldap) here to populate these
* properties with the user credentials. These properties will in turn be handled by the
* implementer's design of SecurityManager to authenticate users and authorize operations.
*/
@Override
public Properties getCredentials(Properties securityProps) throws AuthenticationFailedException {
Properties credentials = new Properties();
String userName = securityProps.getProperty(USER_NAME);
if (userName == null) {
throw new AuthenticationFailedException(
"ExampleAuthInit: user name property [" + USER_NAME + "] not set.");
}
credentials.setProperty(USER_NAME, userName);
credentials.setProperty(PASSWORD, INSECURE_PASSWORD_FOR_EVERY_USER);
return credentials;
}

@Override
public void close() {}

@Override
@Deprecated
public void init(LogWriter systemLogger, LogWriter securityLogger)
throws AuthenticationFailedException {}

@Override
@Deprecated
public Properties getCredentials(Properties securityProps, DistributedMember server,
boolean isPeer) throws AuthenticationFailedException {
return getCredentials(securityProps);
}
}
@@ -18,7 +18,6 @@
package org.apache.geode.benchmark.tasks;

import static org.apache.geode.benchmark.parameters.GeodeProperties.clientProperties;
import static org.apache.geode.benchmark.parameters.GeodeProperties.withSsl;

import java.io.File;
import java.net.InetAddress;
@@ -47,9 +46,7 @@ public void run(TestContext context) throws Exception {
InetAddress locator = context.getHostsForRole("locator").iterator().next();

String statsFile = new File(context.getOutputDir(), "stats.gfs").getAbsolutePath();
String withSslArg = System.getProperty("withSsl");
Properties properties = (withSslArg != null)
? withSsl(clientProperties()) : clientProperties();
Properties properties = clientProperties();

ClientCache clientCache = new ClientCacheFactory(properties)
.setPdxSerializer(new ReflectionBasedAutoSerializer("benchmark.geode.data.*"))
@@ -18,7 +18,6 @@
package org.apache.geode.benchmark.tasks;

import static org.apache.geode.benchmark.parameters.GeodeProperties.locatorProperties;
import static org.apache.geode.benchmark.parameters.GeodeProperties.withSsl;

import java.io.File;
import java.net.InetAddress;
@@ -41,9 +40,7 @@ public StartLocator(int locatorPort) {

@Override
public void run(TestContext context) throws Exception {
String withSslArg = System.getProperty("withSsl");
Properties properties = (withSslArg != null)
? withSsl(locatorProperties()) : locatorProperties();
Properties properties = locatorProperties();

String statsFile = new File(context.getOutputDir(), "stats.gfs").getAbsolutePath();
properties.setProperty(ConfigurationProperties.STATISTIC_ARCHIVE_FILE, statsFile);
@@ -18,7 +18,6 @@
package org.apache.geode.benchmark.tasks;

import static org.apache.geode.benchmark.parameters.GeodeProperties.serverProperties;
import static org.apache.geode.benchmark.parameters.GeodeProperties.withSsl;

import java.io.File;
import java.net.InetAddress;
@@ -45,9 +44,8 @@ public StartServer(int locatorPort) {

@Override
public void run(TestContext context) throws Exception {
String withSslArg = System.getProperty("withSsl");
Properties properties = (withSslArg != null)
? withSsl(serverProperties()) : serverProperties();

Properties properties = serverProperties();

String locatorString = LocatorUtil.getLocatorString(context, locatorPort);
String statsFile = new File(context.getOutputDir(), "stats.gfs").getAbsolutePath();
@@ -49,7 +49,8 @@ public static class Roles {
static final int NUM_LOCATORS = 1;
static final int NUM_SERVERS = 2;
static final int NUM_CLIENTS = 1;
private static final String WITH_SSL_ARGUMENT = "-DwithSsl";
private static final String WITH_SSL_ARGUMENT = "-DwithSsl=true";
private static final String WITH_SECURITY_MANAGER_ARGUMENT = "-DwithSecurityManager=true";

public static void configure(TestConfig testConfig) {
testConfig.role(LOCATOR, NUM_LOCATORS);
@@ -68,19 +69,24 @@ public static void configure(TestConfig testConfig) {
testConfig.jvmArgs(SERVER, JVM8_ARGS);
}

String withSslArg = System.getProperty("withSsl");
if (withSslArg != null && withSslArg.equals("true")) {
logger.info("Configuring JVMs to run with SSL enabled");
testConfig.jvmArgs(CLIENT, Arrays.append(JVM_ARGS, WITH_SSL_ARGUMENT));
testConfig.jvmArgs(LOCATOR, Arrays.append(JVM_ARGS, WITH_SSL_ARGUMENT));
testConfig.jvmArgs(SERVER, Arrays.append(JVM_ARGS, WITH_SSL_ARGUMENT));
}
addToTestConfig(testConfig, "withSsl", WITH_SSL_ARGUMENT);
addToTestConfig(testConfig, "withSecurityManager", WITH_SECURITY_MANAGER_ARGUMENT);

testConfig.before(new StartLocator(LOCATOR_PORT), LOCATOR);
testConfig.before(new StartServer(LOCATOR_PORT), SERVER);
testConfig.before(new StartClient(LOCATOR_PORT), CLIENT);
}

private static void addToTestConfig(TestConfig testConfig, String systemPropertyKey,
String jvmArgument) {
if (Boolean.getBoolean(systemPropertyKey)) {
logger.info("Configuring JVMs to run with " + jvmArgument);
testConfig.jvmArgs(CLIENT, jvmArgument);
testConfig.jvmArgs(LOCATOR, jvmArgument);
testConfig.jvmArgs(SERVER, jvmArgument);
}
}

private static final String[] appendIfNotEmpty(String[] a, String b) {
if (null == b || b.length() == 0) {
return a;
@@ -17,6 +17,7 @@


import static org.apache.geode.benchmark.parameters.JVMParameters.JVM8_ARGS;
import static org.apache.geode.benchmark.parameters.JVMParameters.JVM_ARGS;
import static org.assertj.core.api.Assertions.assertThat;

import org.junit.jupiter.api.AfterEach;
@@ -32,58 +33,67 @@ public class ClientServerTopologyTest {
@AfterEach
public void clearProperties() {
System.clearProperty("withSsl");
System.clearProperty("withSecurityManager");
}

@Test
public void configWithSsl() {
System.setProperty("withSsl", "true");
TestConfig testConfig = new TestConfig();
ClientServerTopology.configure(testConfig);
assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSsl");
assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSsl=true");
}

@Test
public void configWithNoSsl() {
TestConfig testConfig = new TestConfig();
ClientServerTopology.configure(testConfig);
assertThat(testConfig.getJvmArgs().get("client")).doesNotContain("-DwithSsl");
assertThat(testConfig.getJvmArgs().get("client")).doesNotContain("-DwithSsl=true");
}

@Test
public void configWithJava8() {
System.setProperty("java.runtime.version", "1.8.0_212");
TestConfig testConfig = new TestConfig();
ClientServerTopology.configure(testConfig);
assertThat(testConfig.getJvmArgs().get("client")).doesNotContain("-DwithSsl");
assertThat(testConfig.getJvmArgs().get("client")).contains(JVM8_ARGS);
}

@Test
public void configWithJava9OrHigher() {
public void configWithJava9() {
System.setProperty("java.runtime.version", "9.0.1");
TestConfig testConfig = new TestConfig();
ClientServerTopology.configure(testConfig);
assertThat(testConfig.getJvmArgs().get("client")).doesNotContain("-DwithSsl");
assertThat(testConfig.getJvmArgs().get("client")).doesNotContain(JVM8_ARGS);
}

@Test
public void configWithSslAndJava8() {
System.setProperty("withSsl", "true");
System.setProperty("java.runtime.version", "1.8.0_212");
public void configWithoutSecurityManager() {
TestConfig testConfig = new TestConfig();
ClientServerTopology.configure(testConfig);
assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSsl");
assertThat(testConfig.getJvmArgs().get("client")).contains(JVM8_ARGS);
assertThat(testConfig.getJvmArgs().get("client")).doesNotContain("-DwithSecurityManager=true");
}

@Test
public void configWithSslAndJava9() {
System.setProperty("withSsl", "true");
public void configWithSecurityManager() {
System.setProperty("withSecurityManager", "true");
TestConfig testConfig = new TestConfig();
ClientServerTopology.configure(testConfig);
assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSecurityManager=true");
}

@Test
public void configWithSecurityManagerAndSslAndJava9() {
System.setProperty("withSecurityManager", "true");
System.setProperty("java.runtime.version", "9.0.1");
System.setProperty("withSsl", "true");
TestConfig testConfig = new TestConfig();

ClientServerTopology.configure(testConfig);
assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSsl");

assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSecurityManager=true");
assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSsl=true");
assertThat(testConfig.getJvmArgs().get("client")).contains(JVM_ARGS);
assertThat(testConfig.getJvmArgs().get("client")).doesNotContain(JVM8_ARGS);
}
}

0 comments on commit 051ec9b

Please sign in to comment.