View Javadoc

1   /*
2    *
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *     http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing, software
14   * distributed under the License is distributed on an "AS IS" BASIS,
15   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16   * See the License for the specific language governing permissions and
17   * limitations under the License.
18   */
19  package org.apache.hadoop.hbase.security;
20  
21  import static org.junit.Assert.assertEquals;
22  import static org.junit.Assert.assertFalse;
23  import static org.junit.Assert.assertNotNull;
24  import static org.junit.Assert.assertTrue;
25  
26  import java.io.IOException;
27  import java.security.PrivilegedAction;
28  import java.security.PrivilegedExceptionAction;
29  
30  import org.apache.commons.logging.Log;
31  import org.apache.commons.logging.LogFactory;
32  import org.apache.hadoop.conf.Configuration;
33  import org.apache.hadoop.fs.CommonConfigurationKeys;
34  import org.apache.hadoop.hbase.HBaseConfiguration;
35  import org.apache.hadoop.hbase.SmallTests;
36  import org.junit.Test;
37  import org.junit.experimental.categories.Category;
38  
39  import com.google.common.collect.ImmutableSet;
40  
41  @Category(SmallTests.class)
42  public class TestUser {
43    private static Log LOG = LogFactory.getLog(TestUser.class);
44  
45    @Test
46    public void testBasicAttributes() throws Exception {
47      Configuration conf = HBaseConfiguration.create();
48      User user = User.createUserForTesting(conf, "simple", new String[]{"foo"});
49      assertEquals("Username should match", "simple", user.getName());
50      assertEquals("Short username should match", "simple", user.getShortName());
51      // don't test shortening of kerberos names because regular Hadoop doesn't support them
52    }
53  
54    @Test
55    public void testRunAs() throws Exception {
56      Configuration conf = HBaseConfiguration.create();
57      final User user = User.createUserForTesting(conf, "testuser", new String[]{"foo"});
58      final PrivilegedExceptionAction<String> action = new PrivilegedExceptionAction<String>(){
59        public String run() throws IOException {
60            User u = User.getCurrent();
61            return u.getName();
62        }
63      };
64  
65      String username = user.runAs(action);
66      assertEquals("Current user within runAs() should match",
67          "testuser", username);
68  
69      // ensure the next run is correctly set
70      User user2 = User.createUserForTesting(conf, "testuser2", new String[]{"foo"});
71      String username2 = user2.runAs(action);
72      assertEquals("Second username should match second user",
73          "testuser2", username2);
74  
75      // check the exception version
76      username = user.runAs(new PrivilegedExceptionAction<String>(){
77        public String run() throws Exception {
78          return User.getCurrent().getName();
79        }
80      });
81      assertEquals("User name in runAs() should match", "testuser", username);
82  
83      // verify that nested contexts work
84      user2.runAs(new PrivilegedExceptionAction<Object>(){
85        public Object run() throws IOException, InterruptedException{
86          String nestedName = user.runAs(action);
87          assertEquals("Nest name should match nested user", "testuser", nestedName);
88          assertEquals("Current name should match current user",
89              "testuser2", User.getCurrent().getName());
90          return null;
91        }
92      });
93  
94      username = user.runAs(new PrivilegedAction<String>(){
95        String result = null;
96        @Override
97        public String run() {
98          try {
99            return User.getCurrent().getName();
100         } catch (IOException e) {
101           result = "empty";
102         }
103         return result;
104       }
105     });
106 
107     assertEquals("Current user within runAs() should match",
108         "testuser", username);
109   }
110 
111   /**
112    * Make sure that we're returning a result for the current user.
113    * Previously getCurrent() was returning null if not initialized on
114    * non-secure Hadoop variants.
115    */
116   @Test
117   public void testGetCurrent() throws Exception {
118     User user1 = User.getCurrent();
119     assertNotNull(user1.ugi);
120     LOG.debug("User1 is "+user1.getName());
121 
122     for (int i =0 ; i< 100; i++) {
123       User u = User.getCurrent();
124       assertNotNull(u);
125       assertEquals(user1.getName(), u.getName());
126       assertEquals(user1, u);
127       assertEquals(user1.hashCode(), u.hashCode());
128     }
129   }
130 
131   @Test
132   public void testUserGroupNames() throws Exception {
133     final String username = "testuser";
134     final ImmutableSet<String> singleGroups = ImmutableSet.of("group");
135     final Configuration conf = HBaseConfiguration.create();
136     User user = User.createUserForTesting(conf, username, singleGroups.toArray(new String[]{}));
137     assertUserGroup(user, singleGroups);
138 
139     final ImmutableSet<String> multiGroups = ImmutableSet.of("group", "group1", "group2");
140     user = User.createUserForTesting(conf, username, multiGroups.toArray(new String[]{}));
141     assertUserGroup(user, multiGroups);
142   }
143 
144   private void assertUserGroup(User user, ImmutableSet<String> groups) {
145     assertNotNull("GroupNames should be not null", user.getGroupNames());
146     assertTrue("UserGroupNames length should be == " + groups.size(),
147         user.getGroupNames().length == groups.size());
148 
149     for (String group : user.getGroupNames()) {
150       assertTrue("groupName should be in set ", groups.contains(group));
151     }
152   }
153 
154   @Test
155   public void testSecurityForNonSecureHadoop() {
156     assertFalse("Security should be disable in non-secure Hadoop",
157         User.isSecurityEnabled());
158 
159     Configuration conf = HBaseConfiguration.create();
160     conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
161     conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos");
162     assertTrue("Security should be enabled", User.isHBaseSecurityEnabled(conf));
163 
164     conf = HBaseConfiguration.create();
165     conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
166     assertFalse("HBase security should not be enabled if " 
167         + User.HBASE_SECURITY_CONF_KEY + " is not set accordingly",
168         User.isHBaseSecurityEnabled(conf));
169 
170     conf = HBaseConfiguration.create();
171     conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos");
172     assertTrue("HBase security should be enabled regardless of underlying "
173         + "HDFS settings", User.isHBaseSecurityEnabled(conf));
174   }
175 }