1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase.security;
20
21 import static org.junit.Assert.assertEquals;
22 import static org.junit.Assert.assertFalse;
23 import static org.junit.Assert.assertNotNull;
24 import static org.junit.Assert.assertTrue;
25
26 import java.io.IOException;
27 import java.security.PrivilegedAction;
28 import java.security.PrivilegedExceptionAction;
29
30 import org.apache.commons.logging.Log;
31 import org.apache.commons.logging.LogFactory;
32 import org.apache.hadoop.conf.Configuration;
33 import org.apache.hadoop.fs.CommonConfigurationKeys;
34 import org.apache.hadoop.hbase.HBaseConfiguration;
35 import org.apache.hadoop.hbase.SmallTests;
36 import org.junit.Test;
37 import org.junit.experimental.categories.Category;
38
39 import com.google.common.collect.ImmutableSet;
40
41 @Category(SmallTests.class)
42 public class TestUser {
43 private static Log LOG = LogFactory.getLog(TestUser.class);
44
45 @Test
46 public void testBasicAttributes() throws Exception {
47 Configuration conf = HBaseConfiguration.create();
48 User user = User.createUserForTesting(conf, "simple", new String[]{"foo"});
49 assertEquals("Username should match", "simple", user.getName());
50 assertEquals("Short username should match", "simple", user.getShortName());
51
52 }
53
54 @Test
55 public void testRunAs() throws Exception {
56 Configuration conf = HBaseConfiguration.create();
57 final User user = User.createUserForTesting(conf, "testuser", new String[]{"foo"});
58 final PrivilegedExceptionAction<String> action = new PrivilegedExceptionAction<String>(){
59 public String run() throws IOException {
60 User u = User.getCurrent();
61 return u.getName();
62 }
63 };
64
65 String username = user.runAs(action);
66 assertEquals("Current user within runAs() should match",
67 "testuser", username);
68
69
70 User user2 = User.createUserForTesting(conf, "testuser2", new String[]{"foo"});
71 String username2 = user2.runAs(action);
72 assertEquals("Second username should match second user",
73 "testuser2", username2);
74
75
76 username = user.runAs(new PrivilegedExceptionAction<String>(){
77 public String run() throws Exception {
78 return User.getCurrent().getName();
79 }
80 });
81 assertEquals("User name in runAs() should match", "testuser", username);
82
83
84 user2.runAs(new PrivilegedExceptionAction<Object>(){
85 public Object run() throws IOException, InterruptedException{
86 String nestedName = user.runAs(action);
87 assertEquals("Nest name should match nested user", "testuser", nestedName);
88 assertEquals("Current name should match current user",
89 "testuser2", User.getCurrent().getName());
90 return null;
91 }
92 });
93
94 username = user.runAs(new PrivilegedAction<String>(){
95 String result = null;
96 @Override
97 public String run() {
98 try {
99 return User.getCurrent().getName();
100 } catch (IOException e) {
101 result = "empty";
102 }
103 return result;
104 }
105 });
106
107 assertEquals("Current user within runAs() should match",
108 "testuser", username);
109 }
110
111
112
113
114
115
116 @Test
117 public void testGetCurrent() throws Exception {
118 User user1 = User.getCurrent();
119 assertNotNull(user1.ugi);
120 LOG.debug("User1 is "+user1.getName());
121
122 for (int i =0 ; i< 100; i++) {
123 User u = User.getCurrent();
124 assertNotNull(u);
125 assertEquals(user1.getName(), u.getName());
126 assertEquals(user1, u);
127 assertEquals(user1.hashCode(), u.hashCode());
128 }
129 }
130
131 @Test
132 public void testUserGroupNames() throws Exception {
133 final String username = "testuser";
134 final ImmutableSet<String> singleGroups = ImmutableSet.of("group");
135 final Configuration conf = HBaseConfiguration.create();
136 User user = User.createUserForTesting(conf, username, singleGroups.toArray(new String[]{}));
137 assertUserGroup(user, singleGroups);
138
139 final ImmutableSet<String> multiGroups = ImmutableSet.of("group", "group1", "group2");
140 user = User.createUserForTesting(conf, username, multiGroups.toArray(new String[]{}));
141 assertUserGroup(user, multiGroups);
142 }
143
144 private void assertUserGroup(User user, ImmutableSet<String> groups) {
145 assertNotNull("GroupNames should be not null", user.getGroupNames());
146 assertTrue("UserGroupNames length should be == " + groups.size(),
147 user.getGroupNames().length == groups.size());
148
149 for (String group : user.getGroupNames()) {
150 assertTrue("groupName should be in set ", groups.contains(group));
151 }
152 }
153
154 @Test
155 public void testSecurityForNonSecureHadoop() {
156 assertFalse("Security should be disable in non-secure Hadoop",
157 User.isSecurityEnabled());
158
159 Configuration conf = HBaseConfiguration.create();
160 conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
161 conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos");
162 assertTrue("Security should be enabled", User.isHBaseSecurityEnabled(conf));
163
164 conf = HBaseConfiguration.create();
165 conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
166 assertFalse("HBase security should not be enabled if "
167 + User.HBASE_SECURITY_CONF_KEY + " is not set accordingly",
168 User.isHBaseSecurityEnabled(conf));
169
170 conf = HBaseConfiguration.create();
171 conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos");
172 assertTrue("HBase security should be enabled regardless of underlying "
173 + "HDFS settings", User.isHBaseSecurityEnabled(conf));
174 }
175 }