1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase.security;
20
21 import static org.junit.Assert.assertEquals;
22 import static org.junit.Assert.assertFalse;
23 import static org.junit.Assert.assertNotNull;
24 import static org.junit.Assert.assertTrue;
25
26 import java.io.IOException;
27 import java.security.PrivilegedAction;
28 import java.security.PrivilegedExceptionAction;
29
30 import org.apache.commons.logging.Log;
31 import org.apache.commons.logging.LogFactory;
32 import org.apache.hadoop.conf.Configuration;
33 import org.apache.hadoop.fs.CommonConfigurationKeys;
34 import org.apache.hadoop.hbase.HBaseConfiguration;
35 import org.apache.hadoop.hbase.testclassification.SmallTests;
36 import org.junit.Test;
37 import org.junit.experimental.categories.Category;
38
39 import com.google.common.collect.ImmutableSet;
40
41 @Category(SmallTests.class)
42 public class TestUser {
43 private static Log LOG = LogFactory.getLog(TestUser.class);
44
45 @Test
46 public void testBasicAttributes() throws Exception {
47 Configuration conf = HBaseConfiguration.create();
48 User user = User.createUserForTesting(conf, "simple", new String[]{"foo"});
49 assertEquals("Username should match", "simple", user.getName());
50 assertEquals("Short username should match", "simple", user.getShortName());
51
52 }
53
54 @Test
55 public void testRunAs() throws Exception {
56 Configuration conf = HBaseConfiguration.create();
57 final User user = User.createUserForTesting(conf, "testuser", new String[]{"foo"});
58 final PrivilegedExceptionAction<String> action = new PrivilegedExceptionAction<String>(){
59 public String run() throws IOException {
60 User u = User.getCurrent();
61 return u.getName();
62 }
63 };
64
65 String username = user.runAs(action);
66 assertEquals("Current user within runAs() should match",
67 "testuser", username);
68
69
70 User user2 = User.createUserForTesting(conf, "testuser2", new String[]{"foo"});
71 String username2 = user2.runAs(action);
72 assertEquals("Second username should match second user",
73 "testuser2", username2);
74
75
76 username = user.runAs(new PrivilegedExceptionAction<String>(){
77 public String run() throws Exception {
78 return User.getCurrent().getName();
79 }
80 });
81 assertEquals("User name in runAs() should match", "testuser", username);
82
83
84 user2.runAs(new PrivilegedExceptionAction<Object>(){
85 public Object run() throws IOException, InterruptedException{
86 String nestedName = user.runAs(action);
87 assertEquals("Nest name should match nested user", "testuser", nestedName);
88 assertEquals("Current name should match current user",
89 "testuser2", User.getCurrent().getName());
90 return null;
91 }
92 });
93
94 username = user.runAs(new PrivilegedAction<String>(){
95 String result = null;
96 @Override
97 public String run() {
98 try {
99 return User.getCurrent().getName();
100 } catch (IOException e) {
101 result = "empty";
102 }
103 return result;
104 }
105 });
106
107 assertEquals("Current user within runAs() should match",
108 "testuser", username);
109 }
110
111
112
113
114
115
116 @Test
117 public void testGetCurrent() throws Exception {
118 User user1 = User.getCurrent();
119 assertNotNull(user1.ugi);
120 LOG.debug("User1 is "+user1.getName());
121
122 for (int i =0 ; i< 100; i++) {
123 User u = User.getCurrent();
124 assertNotNull(u);
125 assertEquals(user1.getName(), u.getName());
126 assertEquals(user1, u);
127 assertEquals(user1.hashCode(), u.hashCode());
128 }
129 }
130
131 @Test
132 public void testUserGroupNames() throws Exception {
133 final String username = "testuser";
134 final ImmutableSet<String> singleGroups = ImmutableSet.of("group");
135 final Configuration conf = HBaseConfiguration.create();
136 User user = User.createUserForTesting(conf, username,
137 singleGroups.toArray(new String[singleGroups.size()]));
138 assertUserGroup(user, singleGroups);
139
140 final ImmutableSet<String> multiGroups = ImmutableSet.of("group", "group1", "group2");
141 user = User.createUserForTesting(conf, username,
142 multiGroups.toArray(new String[multiGroups.size()]));
143 assertUserGroup(user, multiGroups);
144 }
145
146 private void assertUserGroup(User user, ImmutableSet<String> groups) {
147 assertNotNull("GroupNames should be not null", user.getGroupNames());
148 assertTrue("UserGroupNames length should be == " + groups.size(),
149 user.getGroupNames().length == groups.size());
150
151 for (String group : user.getGroupNames()) {
152 assertTrue("groupName should be in set ", groups.contains(group));
153 }
154 }
155
156 @Test
157 public void testSecurityForNonSecureHadoop() {
158 assertFalse("Security should be disable in non-secure Hadoop",
159 User.isSecurityEnabled());
160
161 Configuration conf = HBaseConfiguration.create();
162 conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
163 conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos");
164 assertTrue("Security should be enabled", User.isHBaseSecurityEnabled(conf));
165
166 conf = HBaseConfiguration.create();
167 conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
168 assertFalse("HBase security should not be enabled if "
169 + User.HBASE_SECURITY_CONF_KEY + " is not set accordingly",
170 User.isHBaseSecurityEnabled(conf));
171
172 conf = HBaseConfiguration.create();
173 conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos");
174 assertTrue("HBase security should be enabled regardless of underlying "
175 + "HDFS settings", User.isHBaseSecurityEnabled(conf));
176 }
177 }