Java Code Examples for org.apache.hadoop.security.UserGroupInformation#createUserForTesting()

The following examples show how to use org.apache.hadoop.security.UserGroupInformation#createUserForTesting() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: ranger   File: HIVERangerAuthorizerTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testHiveSelectSpecificColumnAsAlice() throws Exception {

    UserGroupInformation ugi = UserGroupInformation.createUserForTesting("alice", new String[] {"IT"});
    ugi.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            String url = "jdbc:hive2://localhost:" + port + "/rangerauthz";
            Connection connection = DriverManager.getConnection(url, "alice", "alice");
            Statement statement = connection.createStatement();

            ResultSet resultSet = statement.executeQuery("SELECT count FROM words where count == '100'");
            if (resultSet.next()) {
                Assert.assertEquals(100, resultSet.getInt(1));
            } else {
                Assert.fail("No ResultSet found");
            }

            statement.close();
            connection.close();
            return null;
        }
    });
}
 
Example 2
/**
 * apex.dfsRootDirectory set: absolute path with %USER_NAME% and scheme e.g. file:/x/%USER_NAME%/z
 * @throws IOException
 * @throws InterruptedException
 *
 */
@Test
public void getApexDFSRootDirWithSchemeAndVar() throws IOException, InterruptedException
{
  final Configuration conf = new YarnConfiguration(new Configuration(false));
  conf.set(StramClientUtils.APEX_APP_DFS_ROOT_DIR, "file:/x/%USER_NAME%/z");
  conf.setBoolean(StramUserLogin.DT_APP_PATH_IMPERSONATED, true);

  final FileSystem fs = FileSystem.newInstance(conf);
  UserGroupInformation testUser = UserGroupInformation.createUserForTesting("testUser1", new String[]{""});
  UserGroupInformation.setLoginUser(testUser);
  UserGroupInformation doAsUser = UserGroupInformation.createUserForTesting("impersonated", new String[]{""});

  doAsUser.doAs(new PrivilegedExceptionAction<Void>()
  {
    @Override
    public Void run() throws Exception
    {
      Path path = StramClientUtils.getApexDFSRootDir(fs, conf);
      Assert.assertEquals("file:/x/impersonated/z", path.toString());
      return null;
    }
  });
}
 
Example 3
@Test
public void testReadRowFromColFam2AsGroupIT() throws Exception {
    final Configuration conf = HBaseConfiguration.create();
    conf.set("hbase.zookeeper.quorum", "localhost");
    conf.set("hbase.zookeeper.property.clientPort", "" + port);
    conf.set("zookeeper.znode.parent", "/hbase-unsecure");

    String user = "public";

    UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] {"IT"});
    ugi.doAs(new PrivilegedExceptionAction<Void>() {
        public Void run() throws Exception {
            Connection conn = ConnectionFactory.createConnection(conf);
            Table table = conn.getTable(TableName.valueOf("temp"));
            
            // Read a row
            Get get = new Get(Bytes.toBytes("row1"));
            Result result = table.get(get);
            byte[] valResult = result.getValue(Bytes.toBytes("colfam2"), Bytes.toBytes("col1"));
            Assert.assertNull(valResult);

            conn.close();
            return null;
        }
    });
}
 
Example 4
Source Project: hadoop   File: TestReadWhileWriting.java    License: Apache License 2.0 6 votes vote down vote up
static void checkFile(Path p, int expectedsize, final Configuration conf
    ) throws IOException, InterruptedException {
  //open the file with another user account
  final String username = UserGroupInformation.getCurrentUser().getShortUserName()
      + "_" + ++userCount;

  UserGroupInformation ugi = UserGroupInformation.createUserForTesting(username, 
                               new String[] {"supergroup"});
  
  final FileSystem fs = DFSTestUtil.getFileSystemAs(ugi, conf);
  
  final HdfsDataInputStream in = (HdfsDataInputStream)fs.open(p);

  //Check visible length
  Assert.assertTrue(in.getVisibleLength() >= expectedsize);

  //Able to read?
  for(int i = 0; i < expectedsize; i++) {
    Assert.assertEquals((byte)i, (byte)in.read());  
  }

  in.close();
}
 
Example 5
private void verifyAccessToPath(String user, String group, String path, boolean hasPermission) throws Exception{
  Path p = new Path(path);
  UserGroupInformation hadoopUser =
      UserGroupInformation.createUserForTesting(user, new String[] {group});
  FileSystem fs = DFSTestUtil.getFileSystemAs(hadoopUser, hadoopConf);
  try {
    fs.listFiles(p, true);
    if(!hasPermission) {
      Assert.assertFalse("Expected listing files to fail", false);
    }
  } catch (Exception e) {
    if(hasPermission) {
      throw e;
    }
  }
}
 
Example 6
@Test
public void testGetProxyUser() throws Exception {
  final UserGroupInformation fooUgi = UserGroupInformation.createUserForTesting("foo", new String[] { "all" });
  Stage.Context context = mock(Stage.Context.class);
  com.streamsets.pipeline.api.Configuration configuration = mock(com.streamsets.pipeline.api.Configuration.class);
  when(context.getConfiguration()).thenReturn(configuration);
  List<Stage.ConfigIssue> issues = new ArrayList<>();

  UserGroupInformation ugi = HadoopSecurityUtil.getProxyUser(
    "proxy",
    context,
    fooUgi,
    issues,
    "config",
    "userName"
  );
  Assert.assertEquals("proxy", ugi.getUserName());
}
 
Example 7
/**
 * apex.dfsRootDirectory set: absolute path e.g. /x/y/z
 * @throws IOException
 *
 */
@Test
public void getApexDFSRootDirAbsPath() throws IOException
{
  Configuration conf = new YarnConfiguration(new Configuration(false));
  conf.set(StramClientUtils.APEX_APP_DFS_ROOT_DIR, "/x/y/z");
  conf.setBoolean(StramUserLogin.DT_APP_PATH_IMPERSONATED, false);

  FileSystem fs = FileSystem.newInstance(conf);
  UserGroupInformation testUser = UserGroupInformation.createUserForTesting("testUser1", new String[]{""});
  UserGroupInformation.setLoginUser(testUser);
  Path path = StramClientUtils.getApexDFSRootDir(fs, conf);
  Assert.assertEquals(fs.getHomeDirectory() + "/datatorrent", path.toString());
}
 
Example 8
Source Project: ranger   File: RangerHdfsAuthorizerTest.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Checks that the <b>directory</b> access is <b>allowed</b> for the given user in the given groups.
 * Throws an exception, if not.
 */
public void checkDirAccess(FsAction access, String userName, String... groups) throws AccessControlException {
    final UserGroupInformation user = UserGroupInformation.createUserForTesting(userName, groups);
    rangerControlEnforcer.checkPermission(FILE_OWNER, FILE_GROUP, user,
            Arrays.copyOf(attributes, attributes.length - 1), Arrays.copyOf(nodes, nodes.length - 1),
            new byte[0][0], SNAPSHOT_ID, path, ancestorIndex - 1, false /* doCheckOwner */,
            null /* ancestorAccess */, null /* parentAccess */ , access, null /* subAccess */ ,
            false /* ignoreEmptyDir */);
}
 
Example 9
/**
 * apex.dfsRootDirectory set: absolute path with scheme e.g. file:/p/q/r
 * @throws IOException
 *
 */
@Test
public void getApexDFSRootDirScheme() throws IOException
{
  Configuration conf = new YarnConfiguration(new Configuration(false));
  conf.set(StramClientUtils.APEX_APP_DFS_ROOT_DIR, "file:/p/q/r");
  conf.setBoolean(StramUserLogin.DT_APP_PATH_IMPERSONATED, false);

  FileSystem fs = FileSystem.newInstance(conf);
  UserGroupInformation testUser = UserGroupInformation.createUserForTesting("testUser1", new String[]{""});
  UserGroupInformation.setLoginUser(testUser);
  Path path = StramClientUtils.getApexDFSRootDir(fs, conf);
  Assert.assertEquals(fs.getHomeDirectory() + "/datatorrent", path.toString());
}
 
Example 10
Source Project: hadoop   File: TestEncryptionZones.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Test listing encryption zones as a non super user.
 */
@Test(timeout = 60000)
public void testListEncryptionZonesAsNonSuperUser() throws Exception {

  final UserGroupInformation user = UserGroupInformation.
      createUserForTesting("user", new String[] { "mygroup" });

  final Path testRoot = new Path("/tmp/TestEncryptionZones");
  final Path superPath = new Path(testRoot, "superuseronly");
  final Path allPath = new Path(testRoot, "accessall");

  fsWrapper.mkdir(superPath, new FsPermission((short) 0700), true);
  dfsAdmin.createEncryptionZone(superPath, TEST_KEY);

  fsWrapper.mkdir(allPath, new FsPermission((short) 0707), true);
  dfsAdmin.createEncryptionZone(allPath, TEST_KEY);

  user.doAs(new PrivilegedExceptionAction<Object>() {
    @Override
    public Object run() throws Exception {
      final HdfsAdmin userAdmin =
          new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
      try {
        userAdmin.listEncryptionZones();
      } catch (AccessControlException e) {
        assertExceptionContains("Superuser privilege is required", e);
      }
      return null;
    }
  });
}
 
Example 11
Source Project: big-c   File: GetGroupsTestBase.java    License: Apache License 2.0 5 votes vote down vote up
@Before
public void setUpUsers() throws IOException {
  // Make sure the current user's info is in the list of test users.
  UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
  UserGroupInformation.createUserForTesting(currentUser.getUserName(), currentUser.getGroupNames());
  
  testUser1 = UserGroupInformation.createUserForTesting("foo", new String[]{"bar", "baz"});
  testUser2 = UserGroupInformation.createUserForTesting("fiz", new String[]{"buz", "boz"});
}
 
Example 12
Source Project: hadoop   File: TestLease.java    License: Apache License 2.0 5 votes vote down vote up
@SuppressWarnings("unchecked")
@Test
public void testFactory() throws Exception {
  final String[] groups = new String[]{"supergroup"};
  final UserGroupInformation[] ugi = new UserGroupInformation[3];
  for(int i = 0; i < ugi.length; i++) {
    ugi[i] = UserGroupInformation.createUserForTesting("user" + i, groups);
  }

  Mockito.doReturn(
      new HdfsFileStatus(0, false, 1, 1024, 0, 0, new FsPermission(
          (short) 777), "owner", "group", new byte[0], new byte[0],
          1010, 0, null, (byte) 0)).when(mcp).getFileInfo(anyString());
  Mockito
      .doReturn(
          new HdfsFileStatus(0, false, 1, 1024, 0, 0, new FsPermission(
              (short) 777), "owner", "group", new byte[0], new byte[0],
              1010, 0, null, (byte) 0))
      .when(mcp)
      .create(anyString(), (FsPermission) anyObject(), anyString(),
          (EnumSetWritable<CreateFlag>) anyObject(), anyBoolean(),
          anyShort(), anyLong(), (CryptoProtocolVersion[]) anyObject());

  final Configuration conf = new Configuration();
  final DFSClient c1 = createDFSClientAs(ugi[0], conf);
  FSDataOutputStream out1 = createFsOut(c1, "/out1");
  final DFSClient c2 = createDFSClientAs(ugi[0], conf);
  FSDataOutputStream out2 = createFsOut(c2, "/out2");
  Assert.assertEquals(c1.getLeaseRenewer(), c2.getLeaseRenewer());
  final DFSClient c3 = createDFSClientAs(ugi[1], conf);
  FSDataOutputStream out3 = createFsOut(c3, "/out3");
  Assert.assertTrue(c1.getLeaseRenewer() != c3.getLeaseRenewer());
  final DFSClient c4 = createDFSClientAs(ugi[1], conf);
  FSDataOutputStream out4 = createFsOut(c4, "/out4");
  Assert.assertEquals(c3.getLeaseRenewer(), c4.getLeaseRenewer());
  final DFSClient c5 = createDFSClientAs(ugi[2], conf);
  FSDataOutputStream out5 = createFsOut(c5, "/out5");
  Assert.assertTrue(c1.getLeaseRenewer() != c5.getLeaseRenewer());
  Assert.assertTrue(c3.getLeaseRenewer() != c5.getLeaseRenewer());
}
 
Example 13
Source Project: hbase   File: TestSecureIPC.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testRpcFallbackToSimpleAuth() throws Exception {
  String clientUsername = "testuser";
  UserGroupInformation clientUgi = UserGroupInformation.createUserForTesting(clientUsername,
    new String[] { clientUsername });

  // check that the client user is insecure
  assertNotSame(ugi, clientUgi);
  assertEquals(AuthenticationMethod.SIMPLE, clientUgi.getAuthenticationMethod());
  assertEquals(clientUsername, clientUgi.getUserName());

  clientConf.set(User.HBASE_SECURITY_CONF_KEY, "simple");
  serverConf.setBoolean(RpcServer.FALLBACK_TO_INSECURE_CLIENT_AUTH, true);
  callRpcService(User.create(clientUgi));
}
 
Example 14
Source Project: hbase   File: TestHFileArchiving.java    License: Apache License 2.0 5 votes vote down vote up
@Test(expected=IOException.class)
public void testArchiveRegionsWhenPermissionDenied() throws Exception {
  final TableName tableName = TableName.valueOf(name.getMethodName());
  List<HRegion> regions = initTableForArchivingRegions(tableName);

  // now attempt to depose the regions
  Path rootDir = CommonFSUtils.getRootDir(UTIL.getConfiguration());
  Path tableDir = CommonFSUtils.getTableDir(rootDir, regions.get(0).getRegionInfo().getTable());
  List<Path> regionDirList = regions.stream()
    .map(region -> FSUtils.getRegionDirFromTableDir(tableDir, region.getRegionInfo()))
    .collect(Collectors.toList());

  // To create a permission denied error, we do archive regions as a non-current user
  UserGroupInformation
    ugi = UserGroupInformation.createUserForTesting("foo1234", new String[]{"group1"});

  try {
    ugi.doAs((PrivilegedExceptionAction<Void>) () -> {
      FileSystem fs = UTIL.getTestFileSystem();
      HFileArchiver.archiveRegions(UTIL.getConfiguration(), fs, rootDir, tableDir,
        regionDirList);
      return null;
    });
  } catch (IOException e) {
    assertTrue(e.getCause().getMessage().contains("Permission denied"));
    throw e;
  } finally {
    UTIL.deleteTable(tableName);
  }
}
 
Example 15
@Test
public void testCreateOzoneContainer() throws Exception {
  LOG.info("Test case: requireBlockToken: {} hasBlockToken: {} " +
      "blockTokenExpired: {}.", requireBlockToken, hasBlockToken,
      blockTokeExpired);
  conf.setBoolean(HddsConfigKeys.HDDS_BLOCK_TOKEN_ENABLED,
      requireBlockToken);

  long containerID = ContainerTestHelper.getTestContainerID();
  OzoneContainer container = null;
  System.out.println(System.getProperties().getProperty("java.library.path"));
  try {
    Pipeline pipeline = MockPipeline.createSingleNodePipeline();
    conf.set(HDDS_DATANODE_DIR_KEY, tempFolder.getRoot().getPath());
    conf.setInt(OzoneConfigKeys.DFS_CONTAINER_IPC_PORT, pipeline
        .getFirstNode().getPort(DatanodeDetails.Port.Name.STANDALONE)
        .getValue());
    conf.setBoolean(
        OzoneConfigKeys.DFS_CONTAINER_IPC_RANDOM_PORT, false);

    DatanodeDetails dn = MockDatanodeDetails.randomDatanodeDetails();
    container = new OzoneContainer(dn, conf, getContext(dn), caClient);
    //Set scmId and manually start ozone container.
    container.start(UUID.randomUUID().toString());

    UserGroupInformation ugi = UserGroupInformation.createUserForTesting(
        "user1",  new String[] {"usergroup"});
    long expiryDate = (blockTokeExpired) ?
        Time.now() - 60 * 60 * 2 : Time.now() + 60 * 60 * 24;

    OzoneBlockTokenIdentifier tokenId = new OzoneBlockTokenIdentifier(
        "testUser", "cid:lud:bcsid",
        EnumSet.allOf(AccessModeProto.class),
        expiryDate, "1234", 128L);

    int port = dn.getPort(DatanodeDetails.Port.Name.STANDALONE).getValue();
    if (port == 0) {
      port = secConfig.getConfiguration().getInt(OzoneConfigKeys
              .DFS_CONTAINER_IPC_PORT, DFS_CONTAINER_IPC_PORT_DEFAULT);
    }
    secretManager.start(caClient);
    Token<OzoneBlockTokenIdentifier> token = secretManager.generateToken(
        "123", EnumSet.allOf(AccessModeProto.class), RandomUtils.nextLong());
    if (hasBlockToken) {
      ugi.addToken(token);
    }

    ugi.doAs((PrivilegedAction<Void>) () -> {
      try {
        XceiverClientGrpc client = new XceiverClientGrpc(pipeline, conf);
        client.connect(token.encodeToUrlString());
        if (hasBlockToken) {
          createContainerForTesting(client, containerID, token);
        } else {
          createContainerForTesting(client, containerID, null);
        }

      } catch (Exception e) {
        if (requireBlockToken && hasBlockToken && !blockTokeExpired) {
          LOG.error("Unexpected error. ", e);
          fail("Client with BlockToken should succeed when block token is" +
              " required.");
        }
        if (requireBlockToken && hasBlockToken && blockTokeExpired) {
          assertTrue("Receive expected exception",
              e instanceof SCMSecurityException);
        }
        if (requireBlockToken && !hasBlockToken) {
          assertTrue("Receive expected exception", e instanceof
              IOException);
        }
      }
      return null;
    });
  } finally {
    if (container != null) {
      container.stop();
    }
  }
}
 
Example 16
Source Project: big-c   File: TestFsShellPermission.java    License: Apache License 2.0 4 votes vote down vote up
static UserGroupInformation createUGI(String ownername, String groupName) {
  return UserGroupInformation.createUserForTesting(ownername,
      new String[]{groupName});
}
 
Example 17
/**
 * Test the listing with different user names to make sure only directories
 * that are owned by the user are listed.
 */
@Test (timeout=60000)
public void testListWithDifferentUser() throws Exception {
  cluster.getNamesystem().getSnapshotManager().setAllowNestedSnapshots(true);

  // first make dir1 and dir2 snapshottable
  hdfs.allowSnapshot(dir1);
  hdfs.allowSnapshot(dir2);
  hdfs.setPermission(root, FsPermission.valueOf("-rwxrwxrwx"));
  
  // create two dirs and make them snapshottable under the name of user1
  UserGroupInformation ugi1 = UserGroupInformation.createUserForTesting(
      "user1", new String[] { "group1" });
  DistributedFileSystem fs1 = (DistributedFileSystem) DFSTestUtil
      .getFileSystemAs(ugi1, conf);
  Path dir1_user1 = new Path("/dir1_user1");
  Path dir2_user1 = new Path("/dir2_user1");
  fs1.mkdirs(dir1_user1);
  fs1.mkdirs(dir2_user1);
  hdfs.allowSnapshot(dir1_user1);
  hdfs.allowSnapshot(dir2_user1);
  
  // user2
  UserGroupInformation ugi2 = UserGroupInformation.createUserForTesting(
      "user2", new String[] { "group2" });
  DistributedFileSystem fs2 = (DistributedFileSystem) DFSTestUtil
      .getFileSystemAs(ugi2, conf);
  Path dir_user2 = new Path("/dir_user2");
  Path subdir_user2 = new Path(dir_user2, "subdir");
  fs2.mkdirs(dir_user2);
  fs2.mkdirs(subdir_user2);
  hdfs.allowSnapshot(dir_user2);
  hdfs.allowSnapshot(subdir_user2);
  
  // super user
  String supergroup = conf.get(DFS_PERMISSIONS_SUPERUSERGROUP_KEY,
      DFS_PERMISSIONS_SUPERUSERGROUP_DEFAULT);
  UserGroupInformation superUgi = UserGroupInformation.createUserForTesting(
      "superuser", new String[] { supergroup });
  DistributedFileSystem fs3 = (DistributedFileSystem) DFSTestUtil
      .getFileSystemAs(superUgi, conf);
  
  // list the snapshottable dirs for superuser
  SnapshottableDirectoryStatus[] dirs = fs3.getSnapshottableDirListing();
  // 6 snapshottable dirs: dir1, dir2, dir1_user1, dir2_user1, dir_user2, and
  // subdir_user2
  assertEquals(6, dirs.length);
  
  // list the snapshottable dirs for user1
  dirs = fs1.getSnapshottableDirListing();
  // 2 dirs owned by user1: dir1_user1 and dir2_user1
  assertEquals(2, dirs.length);
  assertEquals(dir1_user1, dirs[0].getFullPath());
  assertEquals(dir2_user1, dirs[1].getFullPath());
  
  // list the snapshottable dirs for user2
  dirs = fs2.getSnapshottableDirListing();
  // 2 dirs owned by user2: dir_user2 and subdir_user2
  assertEquals(2, dirs.length);
  assertEquals(dir_user2, dirs[0].getFullPath());
  assertEquals(subdir_user2, dirs[1].getFullPath());
}
 
Example 18
@org.junit.BeforeClass
 public static void setup() throws Exception {
     String basedir = System.getProperty("basedir");
     if (basedir == null) {
         basedir = new File(".").getCanonicalPath();
     }
     System.out.println("Base Dir " + basedir);

     configureKerby(basedir);

     // JAAS Config file - We need to point to the correct keytab files
     Path path = FileSystems.getDefault().getPath(basedir, "/src/test/resources/kafka_kerberos.jaas");
     String content = new String(Files.readAllBytes(path), StandardCharsets.UTF_8);
     content = content.replaceAll("<basedir>", basedir);
     //content = content.replaceAll("zookeeper/localhost", "zookeeper/" + address);

     Path path2 = FileSystems.getDefault().getPath(basedir, "/target/test-classes/kafka_kerberos.jaas");
     Files.write(path2, content.getBytes(StandardCharsets.UTF_8));

     System.setProperty("java.security.auth.login.config", path2.toString());

     // Set up Zookeeper to require SASL
     Map<String,Object> zookeeperProperties = new HashMap<>();
     zookeeperProperties.put("authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
     zookeeperProperties.put("requireClientAuthScheme", "sasl");
     zookeeperProperties.put("jaasLoginRenew", "3600000");

     InstanceSpec instanceSpec = new InstanceSpec(null, -1, -1, -1, true, 1,-1, -1, zookeeperProperties, "localhost");

     zkServer = new TestingServer(instanceSpec, true);

     // Get a random port
     ServerSocket serverSocket = new ServerSocket(0);
     port = serverSocket.getLocalPort();
     serverSocket.close();

     tempDir = Files.createTempDirectory("kafka");

     LOG.info("Port is {}", port);
     LOG.info("Temporary directory is at {}", tempDir);

     final Properties props = new Properties();
     props.put("broker.id", 1);
     props.put("host.name", "localhost");
     props.put("port", port);
     props.put("log.dir", tempDir.toString());
     props.put("zookeeper.connect", zkServer.getConnectString());
     props.put("replica.socket.timeout.ms", "1500");
     props.put("controlled.shutdown.enable", Boolean.TRUE.toString());
     // Enable SASL_PLAINTEXT
     props.put("listeners", "SASL_PLAINTEXT://localhost:" + port);
     props.put("security.inter.broker.protocol", "SASL_PLAINTEXT");
     props.put("sasl.enabled.mechanisms", "GSSAPI");
     props.put("sasl.mechanism.inter.broker.protocol", "GSSAPI");
     props.put("sasl.kerberos.service.name", "kafka");
     props.put("offsets.topic.replication.factor", (short) 1);
     props.put("offsets.topic.num.partitions", 1);

     // Plug in Apache Ranger authorizer
     props.put("authorizer.class.name", "org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer");

     // Create users for testing
     UserGroupInformation.createUserForTesting("[email protected]", new String[] {"public"});
     UserGroupInformation.createUserForTesting("kafka/[email protected]", new String[] {"IT"});

     KafkaConfig config = new KafkaConfig(props);
     kafkaServer = new KafkaServerStartable(config);
     kafkaServer.startup();
}
 
Example 19
@org.junit.BeforeClass
public static void setup() throws Exception {
	// JAAS Config file
    String basedir = System.getProperty("basedir");
    if (basedir == null) {
        basedir = new File(".").getCanonicalPath();
    }

    File f = new File(basedir + "/src/test/resources/kafka_plain.jaas");
    System.setProperty("java.security.auth.login.config", f.getPath());
    
	// Create keys
	String serviceDN = "CN=Service,O=Apache,L=Dublin,ST=Leinster,C=IE";
	String clientDN = "CN=Client,O=Apache,L=Dublin,ST=Leinster,C=IE";
	
	// Create a truststore
	KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
	keystore.load(null, "security".toCharArray());
	
	serviceKeystorePath = 
			KafkaTestUtils.createAndStoreKey(serviceDN, serviceDN, BigInteger.valueOf(30), 
					"sspass", "myservicekey", "skpass", keystore);
	clientKeystorePath = 
			KafkaTestUtils.createAndStoreKey(clientDN, clientDN, BigInteger.valueOf(31), 
					"cspass", "myclientkey", "ckpass", keystore);
	
	File truststoreFile = File.createTempFile("kafkatruststore", ".jks");
	try (OutputStream output = new FileOutputStream(truststoreFile)) {
		keystore.store(output, "security".toCharArray());
	}
	truststorePath = truststoreFile.getPath();
			
    zkServer = new TestingServer();
    
    // Get a random port
    ServerSocket serverSocket = new ServerSocket(0);
    port = serverSocket.getLocalPort();
    serverSocket.close();
    
    final Properties props = new Properties();
    props.put("broker.id", 1);
    props.put("host.name", "localhost");
    props.put("port", port);
    props.put("log.dir", "/tmp/kafka");
    props.put("zookeeper.connect", zkServer.getConnectString());
    props.put("replica.socket.timeout.ms", "1500");
    props.put("controlled.shutdown.enable", Boolean.TRUE.toString());
    // Enable SASL_SSL
    props.put("listeners", "SASL_SSL://localhost:" + port);
    props.put("security.inter.broker.protocol", "SASL_SSL");
    props.put("sasl.enabled.mechanisms", "PLAIN");
    props.put("sasl.mechanism.inter.broker.protocol", "PLAIN");

    props.put("offsets.topic.replication.factor", (short) 1);
    props.put("offsets.topic.num.partitions", 1);

    props.put("ssl.keystore.location", serviceKeystorePath);
    props.put("ssl.keystore.password", "sspass");
    props.put("ssl.key.password", "skpass");
    props.put("ssl.truststore.location", truststorePath);
    props.put("ssl.truststore.password", "security");
    
    // Plug in Apache Ranger authorizer
    props.put("authorizer.class.name", "org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer");
    
    // Create users for testing
    UserGroupInformation.createUserForTesting("alice", new String[] {"IT"});
    
    KafkaConfig config = new KafkaConfig(props);
    kafkaServer = new KafkaServerStartable(config);
    kafkaServer.startup();

    // Create some topics
    KafkaTestUtils.createSomeTopics(zkServer.getConnectString());
}
 
Example 20
static UserGroupInformation createUGI(String name, boolean issuper) {
  String group = issuper? "supergroup": name;
  
  return UserGroupInformation.createUserForTesting(name, new String[]{group});
}