Java Code Examples for org.apache.hadoop.security.Groups

The following examples show how to use org.apache.hadoop.security.Groups. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: hadoop   Source File: QueuePlacementPolicy.java    License: Apache License 2.0 6 votes vote down vote up
public QueuePlacementPolicy(List<QueuePlacementRule> rules,
    Map<FSQueueType, Set<String>> configuredQueues, Configuration conf)
    throws AllocationConfigurationException {
  for (int i = 0; i < rules.size()-1; i++) {
    if (rules.get(i).isTerminal()) {
      throw new AllocationConfigurationException("Rules after rule "
          + i + " in queue placement policy can never be reached");
    }
  }
  if (!rules.get(rules.size()-1).isTerminal()) {
    throw new AllocationConfigurationException(
        "Could get past last queue placement rule without assigning");
  }
  this.rules = rules;
  this.configuredQueues = configuredQueues;
  groups = new Groups(conf);
}
 
Example 2
Source Project: hadoop   Source File: QueuePlacementRule.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected String getQueueForApp(String requestedQueue, String user,
    Groups groups, Map<FSQueueType, Set<String>> configuredQueues)
    throws IOException {
  List<String> groupNames = groups.getGroups(user);
  for (int i = 1; i < groupNames.size(); i++) {
    String group = cleanName(groupNames.get(i));
    if (configuredQueues.get(FSQueueType.LEAF).contains("root." + group)
        || configuredQueues.get(FSQueueType.PARENT).contains(
            "root." + group)) {
      return "root." + group;
    }
  }
  
  return "";
}
 
Example 3
Source Project: hadoop   Source File: QueuePlacementRule.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected String getQueueForApp(String requestedQueue, String user,
    Groups groups, Map<FSQueueType, Set<String>> configuredQueues)
    throws IOException {
  // Apply the nested rule
  String queueName = nestedRule.assignAppToQueue(requestedQueue, user,
      groups, configuredQueues);
  
  if (queueName != null && queueName.length() != 0) {
    if (!queueName.startsWith("root.")) {
      queueName = "root." + queueName;
    }
    
    // Verify if the queue returned by the nested rule is an configured leaf queue,
    // if yes then skip to next rule in the queue placement policy
    if (configuredQueues.get(FSQueueType.LEAF).contains(queueName)) {
      return "";
    }
    return queueName + "." + cleanName(user);
  }
  return queueName;
}
 
Example 4
Source Project: hadoop   Source File: AdminService.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public RefreshUserToGroupsMappingsResponse refreshUserToGroupsMappings(
    RefreshUserToGroupsMappingsRequest request)
    throws YarnException, IOException {
  String argName = "refreshUserToGroupsMappings";
  UserGroupInformation user = checkAcls(argName);

  checkRMStatus(user.getShortUserName(), argName, "refresh user-groups.");

  Groups.getUserToGroupsMappingService(
      getConfiguration(new Configuration(false),
          YarnConfiguration.CORE_SITE_CONFIGURATION_FILE)).refresh();

  RMAuditLogger.logSuccess(user.getShortUserName(), argName, "AdminService");

  return recordFactory.newRecordInstance(
      RefreshUserToGroupsMappingsResponse.class);
}
 
Example 5
Source Project: hadoop   Source File: TestHsWebServicesAcls.java    License: Apache License 2.0 6 votes vote down vote up
@Before
public void setup() throws IOException {
  this.conf = new JobConf();
  this.conf.set(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING,
      NullGroupsProvider.class.getName());
  this.conf.setBoolean(MRConfig.MR_ACLS_ENABLED, true);
  Groups.getUserToGroupsMappingService(conf);
  this.ctx = buildHistoryContext(this.conf);
  WebApp webApp = mock(HsWebApp.class);
  when(webApp.name()).thenReturn("hsmockwebapp");
  this.hsWebServices= new HsWebServices(ctx, conf, webApp);
  this.hsWebServices.setResponse(mock(HttpServletResponse.class));

  Job job = ctx.getAllJobs().values().iterator().next();
  this.jobIdStr = job.getID().toString();
  Task task = job.getTasks().values().iterator().next();
  this.taskIdStr = task.getID().toString();
  this.taskAttemptIdStr =
      task.getAttempts().keySet().iterator().next().toString();
}
 
Example 6
Source Project: hadoop   Source File: TestGroupsCaching.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testCachePreventsImplRequest() throws Exception {
  // Disable negative cache.
  conf.setLong(
    CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_NEGATIVE_CACHE_SECS, 0);
  Groups groups = new Groups(conf);
  groups.cacheGroupsAdd(Arrays.asList(myGroups));
  groups.refresh();
  FakeGroupMapping.clearBlackList();

  assertEquals(0, FakeGroupMapping.getRequestCount());

  // First call hits the wire
  assertTrue(groups.getGroups("me").size() == 2);
  assertEquals(1, FakeGroupMapping.getRequestCount());

  // Second count hits cache
  assertTrue(groups.getGroups("me").size() == 2);
  assertEquals(1, FakeGroupMapping.getRequestCount());
}
 
Example 7
Source Project: hadoop   Source File: TestGroupsCaching.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testCacheEntriesExpire() throws Exception {
  conf.setLong(
    CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_SECS, 1);
  FakeTimer timer = new FakeTimer();
  final Groups groups = new Groups(conf, timer);
  groups.cacheGroupsAdd(Arrays.asList(myGroups));
  groups.refresh();
  FakeGroupMapping.clearBlackList();

  // We make an entry
  groups.getGroups("me");
  int startingRequestCount = FakeGroupMapping.getRequestCount();

  timer.advance(20 * 1000);

  // Cache entry has expired so it results in a new fetch
  groups.getGroups("me");
  assertEquals(startingRequestCount + 1, FakeGroupMapping.getRequestCount());
}
 
Example 8
Source Project: hadoop   Source File: TestAccessControlList.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Validate the netgroups, both group membership and ACL
 * functionality
 *
 * Note: assumes a specific acl setup done by testNetgroups
 *
 * @param groups group to user mapping service
 * @param acl ACL set up in a specific way, see testNetgroups
 */
private void validateNetgroups(Groups groups,
  AccessControlList acl) throws Exception {

  // check that the netgroups are working
  List<String> elvisGroups = groups.getGroups("elvis");
  assertTrue(elvisGroups.contains("@lasVegas"));
  assertTrue(elvisGroups.contains("@memphis"));
  List<String> jerryLeeLewisGroups = groups.getGroups("jerryLeeLewis");
  assertTrue(jerryLeeLewisGroups.contains("@memphis"));

  // allowed becuase his netgroup is in ACL
  UserGroupInformation elvis = 
    UserGroupInformation.createRemoteUser("elvis");
  assertUserAllowed(elvis, acl);

  // allowed because he's in ACL
  UserGroupInformation carlPerkins = 
    UserGroupInformation.createRemoteUser("carlPerkins");
  assertUserAllowed(carlPerkins, acl);

  // not allowed because he's not in ACL and has no netgroups
  UserGroupInformation littleRichard = 
    UserGroupInformation.createRemoteUser("littleRichard");
  assertUserNotAllowed(littleRichard, acl);
}
 
Example 9
Source Project: big-c   Source File: QueuePlacementPolicy.java    License: Apache License 2.0 6 votes vote down vote up
public QueuePlacementPolicy(List<QueuePlacementRule> rules,
    Map<FSQueueType, Set<String>> configuredQueues, Configuration conf)
    throws AllocationConfigurationException {
  for (int i = 0; i < rules.size()-1; i++) {
    if (rules.get(i).isTerminal()) {
      throw new AllocationConfigurationException("Rules after rule "
          + i + " in queue placement policy can never be reached");
    }
  }
  if (!rules.get(rules.size()-1).isTerminal()) {
    throw new AllocationConfigurationException(
        "Could get past last queue placement rule without assigning");
  }
  this.rules = rules;
  this.configuredQueues = configuredQueues;
  groups = new Groups(conf);
}
 
Example 10
Source Project: big-c   Source File: QueuePlacementRule.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected String getQueueForApp(String requestedQueue, String user,
    Groups groups, Map<FSQueueType, Set<String>> configuredQueues)
    throws IOException {
  List<String> groupNames = groups.getGroups(user);
  for (int i = 1; i < groupNames.size(); i++) {
    String group = cleanName(groupNames.get(i));
    if (configuredQueues.get(FSQueueType.LEAF).contains("root." + group)
        || configuredQueues.get(FSQueueType.PARENT).contains(
            "root." + group)) {
      return "root." + group;
    }
  }
  
  return "";
}
 
Example 11
Source Project: big-c   Source File: QueuePlacementRule.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected String getQueueForApp(String requestedQueue, String user,
    Groups groups, Map<FSQueueType, Set<String>> configuredQueues)
    throws IOException {
  // Apply the nested rule
  String queueName = nestedRule.assignAppToQueue(requestedQueue, user,
      groups, configuredQueues);
  
  if (queueName != null && queueName.length() != 0) {
    if (!queueName.startsWith("root.")) {
      queueName = "root." + queueName;
    }
    
    // Verify if the queue returned by the nested rule is an configured leaf queue,
    // if yes then skip to next rule in the queue placement policy
    if (configuredQueues.get(FSQueueType.LEAF).contains(queueName)) {
      return "";
    }
    return queueName + "." + cleanName(user);
  }
  return queueName;
}
 
Example 12
Source Project: big-c   Source File: AdminService.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public RefreshUserToGroupsMappingsResponse refreshUserToGroupsMappings(
    RefreshUserToGroupsMappingsRequest request)
    throws YarnException, IOException {
  String argName = "refreshUserToGroupsMappings";
  UserGroupInformation user = checkAcls(argName);

  checkRMStatus(user.getShortUserName(), argName, "refresh user-groups.");

  Groups.getUserToGroupsMappingService(
      getConfiguration(new Configuration(false),
          YarnConfiguration.CORE_SITE_CONFIGURATION_FILE)).refresh();

  RMAuditLogger.logSuccess(user.getShortUserName(), argName, "AdminService");

  return recordFactory.newRecordInstance(
      RefreshUserToGroupsMappingsResponse.class);
}
 
Example 13
Source Project: big-c   Source File: TestHsWebServicesAcls.java    License: Apache License 2.0 6 votes vote down vote up
@Before
public void setup() throws IOException {
  this.conf = new JobConf();
  this.conf.set(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING,
      NullGroupsProvider.class.getName());
  this.conf.setBoolean(MRConfig.MR_ACLS_ENABLED, true);
  Groups.getUserToGroupsMappingService(conf);
  this.ctx = buildHistoryContext(this.conf);
  WebApp webApp = mock(HsWebApp.class);
  when(webApp.name()).thenReturn("hsmockwebapp");
  this.hsWebServices= new HsWebServices(ctx, conf, webApp);
  this.hsWebServices.setResponse(mock(HttpServletResponse.class));

  Job job = ctx.getAllJobs().values().iterator().next();
  this.jobIdStr = job.getID().toString();
  Task task = job.getTasks().values().iterator().next();
  this.taskIdStr = task.getID().toString();
  this.taskAttemptIdStr =
      task.getAttempts().keySet().iterator().next().toString();
}
 
Example 14
Source Project: big-c   Source File: TestGroupsCaching.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testCachePreventsImplRequest() throws Exception {
  // Disable negative cache.
  conf.setLong(
    CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_NEGATIVE_CACHE_SECS, 0);
  Groups groups = new Groups(conf);
  groups.cacheGroupsAdd(Arrays.asList(myGroups));
  groups.refresh();
  FakeGroupMapping.clearBlackList();

  assertEquals(0, FakeGroupMapping.getRequestCount());

  // First call hits the wire
  assertTrue(groups.getGroups("me").size() == 2);
  assertEquals(1, FakeGroupMapping.getRequestCount());

  // Second count hits cache
  assertTrue(groups.getGroups("me").size() == 2);
  assertEquals(1, FakeGroupMapping.getRequestCount());
}
 
Example 15
Source Project: big-c   Source File: TestGroupsCaching.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testCacheEntriesExpire() throws Exception {
  conf.setLong(
    CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_SECS, 1);
  FakeTimer timer = new FakeTimer();
  final Groups groups = new Groups(conf, timer);
  groups.cacheGroupsAdd(Arrays.asList(myGroups));
  groups.refresh();
  FakeGroupMapping.clearBlackList();

  // We make an entry
  groups.getGroups("me");
  int startingRequestCount = FakeGroupMapping.getRequestCount();

  timer.advance(20 * 1000);

  // Cache entry has expired so it results in a new fetch
  groups.getGroups("me");
  assertEquals(startingRequestCount + 1, FakeGroupMapping.getRequestCount());
}
 
Example 16
Source Project: big-c   Source File: TestAccessControlList.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Validate the netgroups, both group membership and ACL
 * functionality
 *
 * Note: assumes a specific acl setup done by testNetgroups
 *
 * @param groups group to user mapping service
 * @param acl ACL set up in a specific way, see testNetgroups
 */
private void validateNetgroups(Groups groups,
  AccessControlList acl) throws Exception {

  // check that the netgroups are working
  List<String> elvisGroups = groups.getGroups("elvis");
  assertTrue(elvisGroups.contains("@lasVegas"));
  assertTrue(elvisGroups.contains("@memphis"));
  List<String> jerryLeeLewisGroups = groups.getGroups("jerryLeeLewis");
  assertTrue(jerryLeeLewisGroups.contains("@memphis"));

  // allowed becuase his netgroup is in ACL
  UserGroupInformation elvis = 
    UserGroupInformation.createRemoteUser("elvis");
  assertUserAllowed(elvis, acl);

  // allowed because he's in ACL
  UserGroupInformation carlPerkins = 
    UserGroupInformation.createRemoteUser("carlPerkins");
  assertUserAllowed(carlPerkins, acl);

  // not allowed because he's not in ACL and has no netgroups
  UserGroupInformation littleRichard = 
    UserGroupInformation.createRemoteUser("littleRichard");
  assertUserNotAllowed(littleRichard, acl);
}
 
Example 17
Source Project: incubator-sentry   Source File: MiniDFS.java    License: Apache License 2.0 6 votes vote down vote up
MiniDFS(File baseDir, String serverType) throws Exception {
  Configuration conf = new Configuration();
  if (HiveServer2Type.InternalMetastore.name().equalsIgnoreCase(serverType)) {
    // set the test group mapping that maps user to a group of same name
    conf.set("hadoop.security.group.mapping",
        "org.apache.sentry.tests.e2e.hive.fs.MiniDFS$PseudoGroupMappingService");
    // set umask for metastore test client can create tables in the warehouse dir
    conf.set("fs.permissions.umask-mode", "000");
    Groups.getUserToGroupsMappingServiceWithLoadedConfiguration(conf);
  }
  File dfsDir = assertCreateDir(new File(baseDir, "dfs"));
  conf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, dfsDir.getPath());
  conf.set("hadoop.security.group.mapping",
      MiniDFS.PseudoGroupMappingService.class.getName());
  Configuration.addDefaultResource("test.xml");
  dfsCluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build();
  fileSystem = dfsCluster.getFileSystem();
  String policyDir = System.getProperty("sentry.e2etest.hive.policy.location", "/user/hive/sentry");
  sentryDir = super.assertCreateDfsDir(new Path(fileSystem.getUri() + policyDir));
  dfsBaseDir = assertCreateDfsDir(new Path(new Path(fileSystem.getUri()), "/base"));
}
 
Example 18
Source Project: hadoop   Source File: QueuePlacementRule.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected String getQueueForApp(String requestedQueue, String user,
    Groups groups, Map<FSQueueType, Set<String>> configuredQueues) {
  if (requestedQueue.equals(YarnConfiguration.DEFAULT_QUEUE_NAME)) {
    return "";
  } else {
    if (!requestedQueue.startsWith("root.")) {
      requestedQueue = "root." + requestedQueue;
    }
    return requestedQueue;
  }
}
 
Example 19
Source Project: hadoop   Source File: TestHSAdminServer.java    License: Apache License 2.0 5 votes vote down vote up
@Before
public void init() throws HadoopIllegalArgumentException, IOException {
  conf = new JobConf();
  conf.set(JHAdminConfig.JHS_ADMIN_ADDRESS, "0.0.0.0:0");
  conf.setClass("hadoop.security.group.mapping", MockUnixGroupsMapping.class,
      GroupMappingServiceProvider.class);
  conf.setLong("hadoop.security.groups.cache.secs", groupRefreshTimeoutSec);
  conf.setBoolean(
        CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION,
        securityEnabled);
  Groups.getUserToGroupsMappingService(conf);
  jobHistoryService = mock(JobHistory.class);
  alds = mock(AggregatedLogDeletionService.class);

  hsAdminServer = new HSAdminServer(alds, jobHistoryService) {

    @Override
    protected Configuration createConf() {
      return conf;
    }
  };
  hsAdminServer.init(conf);
  hsAdminServer.start();
  conf.setSocketAddr(JHAdminConfig.JHS_ADMIN_ADDRESS,
      hsAdminServer.clientRpcServer.getListenerAddress());
  hsAdminClient = new HSAdmin(conf);
}
 
Example 20
Source Project: hadoop   Source File: TestHSAdminServer.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testRefreshUserToGroupsMappings() throws Exception {

  String[] args = new String[] { "-refreshUserToGroupsMappings" };
  Groups groups = Groups.getUserToGroupsMappingService(conf);
  String user = UserGroupInformation.getCurrentUser().getUserName();
  System.out.println("first attempt:");
  List<String> g1 = groups.getGroups(user);
  String[] str_groups = new String[g1.size()];
  g1.toArray(str_groups);
  System.out.println(Arrays.toString(str_groups));

  // Now groups of this user has changed but getGroups returns from the
  // cache,so we would see same groups as before
  System.out.println("second attempt, should be same:");
  List<String> g2 = groups.getGroups(user);
  g2.toArray(str_groups);
  System.out.println(Arrays.toString(str_groups));
  for (int i = 0; i < g2.size(); i++) {
    assertEquals("Should be same group ", g1.get(i), g2.get(i));
  }
  // run the command,which clears the cache
  hsAdminClient.run(args);
  System.out
      .println("third attempt(after refresh command), should be different:");
  // Now get groups should return new groups
  List<String> g3 = groups.getGroups(user);
  g3.toArray(str_groups);
  System.out.println(Arrays.toString(str_groups));
  for (int i = 0; i < g3.size(); i++) {
    assertFalse(
        "Should be different group: " + g1.get(i) + " and " + g3.get(i), g1
            .get(i).equals(g3.get(i)));
  }
}
 
Example 21
Source Project: hadoop   Source File: NNThroughputBenchmark.java    License: Apache License 2.0 5 votes vote down vote up
static void setNameNodeLoggingLevel(Level logLevel) {
  LOG.fatal("Log level = " + logLevel.toString());
  // change log level to NameNode logs
  DFSTestUtil.setNameNodeLogLevel(logLevel);
  GenericTestUtils.setLogLevel(LogManager.getLogger(
          NetworkTopology.class.getName()), logLevel);
  GenericTestUtils.setLogLevel(LogManager.getLogger(
          Groups.class.getName()), logLevel);
}
 
Example 22
Source Project: hadoop   Source File: TestGroupsCaching.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testGroupsCaching() throws Exception {
  // Disable negative cache.
  conf.setLong(
      CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_NEGATIVE_CACHE_SECS, 0);
  Groups groups = new Groups(conf);
  groups.cacheGroupsAdd(Arrays.asList(myGroups));
  groups.refresh();
  FakeGroupMapping.clearBlackList();
  FakeGroupMapping.addToBlackList("user1");

  // regular entry
  assertTrue(groups.getGroups("me").size() == 2);

  // this must be cached. blacklisting should have no effect.
  FakeGroupMapping.addToBlackList("me");
  assertTrue(groups.getGroups("me").size() == 2);

  // ask for a negative entry
  try {
    LOG.error("We are not supposed to get here." + groups.getGroups("user1").toString());
    fail();
  } catch (IOException ioe) {
    if(!ioe.getMessage().startsWith("No groups found")) {
      LOG.error("Got unexpected exception: " + ioe.getMessage());
      fail();
    }
  }

  // this shouldn't be cached. remove from the black list and retry.
  FakeGroupMapping.clearBlackList();
  assertTrue(groups.getGroups("user1").size() == 2);
}
 
Example 23
Source Project: hadoop   Source File: TestGroupsCaching.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testGroupLookupForStaticUsers() throws Exception {
  conf.setClass(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING,
      FakeunPrivilegedGroupMapping.class, ShellBasedUnixGroupsMapping.class);
  conf.set(CommonConfigurationKeys.HADOOP_USER_GROUP_STATIC_OVERRIDES, "me=;user1=group1;user2=group1,group2");
  Groups groups = new Groups(conf);
  List<String> userGroups = groups.getGroups("me");
  assertTrue("non-empty groups for static user", userGroups.isEmpty());
  assertFalse("group lookup done for static user",
      FakeunPrivilegedGroupMapping.invoked);
  
  List<String> expected = new ArrayList<String>();
  expected.add("group1");

  FakeunPrivilegedGroupMapping.invoked = false;
  userGroups = groups.getGroups("user1");
  assertTrue("groups not correct", expected.equals(userGroups));
  assertFalse("group lookup done for unprivileged user",
      FakeunPrivilegedGroupMapping.invoked);

  expected.add("group2");
  FakeunPrivilegedGroupMapping.invoked = false;
  userGroups = groups.getGroups("user2");
  assertTrue("groups not correct", expected.equals(userGroups));
  assertFalse("group lookup done for unprivileged user",
      FakeunPrivilegedGroupMapping.invoked);

  Configuration newConf = new Configuration();
  newConf.set(CommonConfigurationKeys.HADOOP_USER_GROUP_STATIC_OVERRIDES, "me=;user1=group1;user2=group1,group2;user3=group3");
  groups.refresh(newConf);

  expected.clear();
  expected.add("group3");
  FakeunPrivilegedGroupMapping.invoked = false;
  userGroups = groups.getGroups("user3");
  assertTrue("groups not correct", expected.equals(userGroups));
  assertFalse("group lookup done for unprivileged user",
      FakeunPrivilegedGroupMapping.invoked);
}
 
Example 24
Source Project: hadoop   Source File: TestHttpServer.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Verify the access for /logs, /stacks, /conf, /logLevel and /metrics
 * servlets, when authentication filters are set, but authorization is not
 * enabled.
 * @throws Exception 
 */
@Test
public void testDisabledAuthorizationOfDefaultServlets() throws Exception {

  Configuration conf = new Configuration();

  // Authorization is disabled by default
  conf.set(HttpServer2.FILTER_INITIALIZER_PROPERTY,
      DummyFilterInitializer.class.getName());
  conf.set(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING,
      MyGroupsProvider.class.getName());
  Groups.getUserToGroupsMappingService(conf);
  MyGroupsProvider.clearMapping();
  MyGroupsProvider.mapping.put("userA", Arrays.asList("groupA"));
  MyGroupsProvider.mapping.put("userB", Arrays.asList("groupB"));

  HttpServer2 myServer = new HttpServer2.Builder().setName("test")
      .addEndpoint(new URI("http://localhost:0")).setFindPort(true).build();
  myServer.setAttribute(HttpServer2.CONF_CONTEXT_ATTRIBUTE, conf);
  myServer.start();
  String serverURL = "http://" + NetUtils.getHostPortString(myServer.getConnectorAddress(0)) + "/";
  for (String servlet : new String[] { "conf", "logs", "stacks",
      "logLevel", "metrics" }) {
    for (String user : new String[] { "userA", "userB" }) {
      assertEquals(HttpURLConnection.HTTP_OK, getHttpStatusCode(serverURL
          + servlet, user));
    }
  }
  myServer.stop();
}
 
Example 25
Source Project: hadoop   Source File: TestHttpServer.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Verify the administrator access for /logs, /stacks, /conf, /logLevel and
 * /metrics servlets.
 * 
 * @throws Exception
 */
@Test
public void testAuthorizationOfDefaultServlets() throws Exception {
  Configuration conf = new Configuration();
  conf.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION,
      true);
  conf.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_INSTRUMENTATION_REQUIRES_ADMIN,
      true);
  conf.set(HttpServer2.FILTER_INITIALIZER_PROPERTY,
      DummyFilterInitializer.class.getName());

  conf.set(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING,
      MyGroupsProvider.class.getName());
  Groups.getUserToGroupsMappingService(conf);
  MyGroupsProvider.clearMapping();
  MyGroupsProvider.mapping.put("userA", Arrays.asList("groupA"));
  MyGroupsProvider.mapping.put("userB", Arrays.asList("groupB"));
  MyGroupsProvider.mapping.put("userC", Arrays.asList("groupC"));
  MyGroupsProvider.mapping.put("userD", Arrays.asList("groupD"));
  MyGroupsProvider.mapping.put("userE", Arrays.asList("groupE"));

  HttpServer2 myServer = new HttpServer2.Builder().setName("test")
      .addEndpoint(new URI("http://localhost:0")).setFindPort(true).setConf(conf)
      .setACL(new AccessControlList("userA,userB groupC,groupD")).build();
  myServer.setAttribute(HttpServer2.CONF_CONTEXT_ATTRIBUTE, conf);
  myServer.start();

  String serverURL = "http://"
      + NetUtils.getHostPortString(myServer.getConnectorAddress(0)) + "/";
  for (String servlet : new String[] { "conf", "logs", "stacks",
      "logLevel", "metrics" }) {
    for (String user : new String[] { "userA", "userB", "userC", "userD" }) {
      assertEquals(HttpURLConnection.HTTP_OK, getHttpStatusCode(serverURL
          + servlet, user));
    }
    assertEquals(HttpURLConnection.HTTP_FORBIDDEN, getHttpStatusCode(
        serverURL + servlet, "userE"));
  }
  myServer.stop();
}
 
Example 26
Source Project: big-c   Source File: QueuePlacementRule.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected String getQueueForApp(String requestedQueue, String user,
    Groups groups, Map<FSQueueType, Set<String>> configuredQueues) {
  if (requestedQueue.equals(YarnConfiguration.DEFAULT_QUEUE_NAME)) {
    return "";
  } else {
    if (!requestedQueue.startsWith("root.")) {
      requestedQueue = "root." + requestedQueue;
    }
    return requestedQueue;
  }
}
 
Example 27
Source Project: big-c   Source File: TestHSAdminServer.java    License: Apache License 2.0 5 votes vote down vote up
@Before
public void init() throws HadoopIllegalArgumentException, IOException {
  conf = new JobConf();
  conf.set(JHAdminConfig.JHS_ADMIN_ADDRESS, "0.0.0.0:0");
  conf.setClass("hadoop.security.group.mapping", MockUnixGroupsMapping.class,
      GroupMappingServiceProvider.class);
  conf.setLong("hadoop.security.groups.cache.secs", groupRefreshTimeoutSec);
  conf.setBoolean(
        CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION,
        securityEnabled);
  Groups.getUserToGroupsMappingService(conf);
  jobHistoryService = mock(JobHistory.class);
  alds = mock(AggregatedLogDeletionService.class);

  hsAdminServer = new HSAdminServer(alds, jobHistoryService) {

    @Override
    protected Configuration createConf() {
      return conf;
    }
  };
  hsAdminServer.init(conf);
  hsAdminServer.start();
  conf.setSocketAddr(JHAdminConfig.JHS_ADMIN_ADDRESS,
      hsAdminServer.clientRpcServer.getListenerAddress());
  hsAdminClient = new HSAdmin(conf);
}
 
Example 28
Source Project: big-c   Source File: TestHSAdminServer.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testRefreshUserToGroupsMappings() throws Exception {

  String[] args = new String[] { "-refreshUserToGroupsMappings" };
  Groups groups = Groups.getUserToGroupsMappingService(conf);
  String user = UserGroupInformation.getCurrentUser().getUserName();
  System.out.println("first attempt:");
  List<String> g1 = groups.getGroups(user);
  String[] str_groups = new String[g1.size()];
  g1.toArray(str_groups);
  System.out.println(Arrays.toString(str_groups));

  // Now groups of this user has changed but getGroups returns from the
  // cache,so we would see same groups as before
  System.out.println("second attempt, should be same:");
  List<String> g2 = groups.getGroups(user);
  g2.toArray(str_groups);
  System.out.println(Arrays.toString(str_groups));
  for (int i = 0; i < g2.size(); i++) {
    assertEquals("Should be same group ", g1.get(i), g2.get(i));
  }
  // run the command,which clears the cache
  hsAdminClient.run(args);
  System.out
      .println("third attempt(after refresh command), should be different:");
  // Now get groups should return new groups
  List<String> g3 = groups.getGroups(user);
  g3.toArray(str_groups);
  System.out.println(Arrays.toString(str_groups));
  for (int i = 0; i < g3.size(); i++) {
    assertFalse(
        "Should be different group: " + g1.get(i) + " and " + g3.get(i), g1
            .get(i).equals(g3.get(i)));
  }
}
 
Example 29
Source Project: big-c   Source File: NNThroughputBenchmark.java    License: Apache License 2.0 5 votes vote down vote up
static void setNameNodeLoggingLevel(Level logLevel) {
  LOG.fatal("Log level = " + logLevel.toString());
  // change log level to NameNode logs
  DFSTestUtil.setNameNodeLogLevel(logLevel);
  GenericTestUtils.setLogLevel(LogManager.getLogger(
          NetworkTopology.class.getName()), logLevel);
  GenericTestUtils.setLogLevel(LogManager.getLogger(
          Groups.class.getName()), logLevel);
}
 
Example 30
Source Project: big-c   Source File: TestGroupsCaching.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testGroupsCaching() throws Exception {
  // Disable negative cache.
  conf.setLong(
      CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_NEGATIVE_CACHE_SECS, 0);
  Groups groups = new Groups(conf);
  groups.cacheGroupsAdd(Arrays.asList(myGroups));
  groups.refresh();
  FakeGroupMapping.clearBlackList();
  FakeGroupMapping.addToBlackList("user1");

  // regular entry
  assertTrue(groups.getGroups("me").size() == 2);

  // this must be cached. blacklisting should have no effect.
  FakeGroupMapping.addToBlackList("me");
  assertTrue(groups.getGroups("me").size() == 2);

  // ask for a negative entry
  try {
    LOG.error("We are not supposed to get here." + groups.getGroups("user1").toString());
    fail();
  } catch (IOException ioe) {
    if(!ioe.getMessage().startsWith("No groups found")) {
      LOG.error("Got unexpected exception: " + ioe.getMessage());
      fail();
    }
  }

  // this shouldn't be cached. remove from the black list and retry.
  FakeGroupMapping.clearBlackList();
  assertTrue(groups.getGroups("user1").size() == 2);
}