Example 1 with CryptoAdmin
use of org.apache.hadoop.hdfs.tools.CryptoAdmin in project hadoop by apache.
the class TestEncryptionZones method testProvisionTrash.
/**
* Make sure hdfs crypto -provisionTrash command creates a trash directory
* with sticky bits.
* @throws Exception
*/
@Test
public void testProvisionTrash() throws Exception {
// create an EZ /zones/zone1
final Path zoneParent = new Path("/zones");
final Path zone1 = new Path(zoneParent, "zone1");
CryptoAdmin cryptoAdmin = new CryptoAdmin(conf);
fsWrapper.mkdir(zone1, FsPermission.getDirDefault(), true);
String[] cryptoArgv = new String[] { "-createZone", "-keyName", TEST_KEY, "-path", zone1.toUri().getPath() };
cryptoAdmin.run(cryptoArgv);
// remove the trash directory
Configuration clientConf = new Configuration(conf);
clientConf.setLong(FS_TRASH_INTERVAL_KEY, 1);
final FsShell shell = new FsShell(clientConf);
final Path trashDir = new Path(zone1, FileSystem.TRASH_PREFIX);
String[] argv = new String[] { "-rmdir", trashDir.toUri().getPath() };
int res = ToolRunner.run(shell, argv);
assertEquals("Unable to delete trash directory.", 0, res);
assertFalse(fsWrapper.exists(trashDir));
// execute -provisionTrash command option and make sure the trash
// directory has sticky bit.
String[] provisionTrashArgv = new String[] { "-provisionTrash", "-path", zone1.toUri().getPath() };
cryptoAdmin.run(provisionTrashArgv);
assertTrue(fsWrapper.exists(trashDir));
FileStatus trashFileStatus = fsWrapper.getFileStatus(trashDir);
assertTrue(trashFileStatus.getPermission().getStickyBit());
}
Also used :
Path(org.apache.hadoop.fs.Path)
FsShell(org.apache.hadoop.fs.FsShell)
FileStatus(org.apache.hadoop.fs.FileStatus)
HdfsFileStatus(org.apache.hadoop.hdfs.protocol.HdfsFileStatus)
Configuration(org.apache.hadoop.conf.Configuration)
CryptoAdmin(org.apache.hadoop.hdfs.tools.CryptoAdmin)
Mockito.anyString(org.mockito.Mockito.anyString)
Test(org.junit.Test)
Example 2 with CryptoAdmin
use of org.apache.hadoop.hdfs.tools.CryptoAdmin in project hadoop by apache.
the class TestEncryptionZones method testTrashStickyBit.
/**
* Make sure hdfs crypto -createZone command creates a trash directory
* with sticky bits.
* @throws Exception
*/
@Test
public void testTrashStickyBit() throws Exception {
// create an EZ /zones/zone1, make it world writable.
final Path zoneParent = new Path("/zones");
final Path zone1 = new Path(zoneParent, "zone1");
CryptoAdmin cryptoAdmin = new CryptoAdmin(conf);
fsWrapper.mkdir(zone1, FsPermission.getDirDefault(), true);
fsWrapper.setPermission(zone1, new FsPermission(FsAction.ALL, FsAction.ALL, FsAction.ALL));
String[] cryptoArgv = new String[] { "-createZone", "-keyName", TEST_KEY, "-path", zone1.toUri().getPath() };
cryptoAdmin.run(cryptoArgv);
// create a file in EZ
final Path ezfile1 = new Path(zone1, "file1");
// Create the encrypted file in zone1
final int len = 8192;
DFSTestUtil.createFile(fs, ezfile1, len, (short) 1, 0xFEED);
// enable trash, delete /zones/zone1/file1,
// which moves the file to
// /zones/zone1/.Trash/$SUPERUSER/Current/zones/zone1/file1
Configuration clientConf = new Configuration(conf);
clientConf.setLong(FS_TRASH_INTERVAL_KEY, 1);
final FsShell shell = new FsShell(clientConf);
String[] argv = new String[] { "-rm", ezfile1.toString() };
int res = ToolRunner.run(shell, argv);
assertEquals("Can't remove a file in EZ as superuser", 0, res);
final Path trashDir = new Path(zone1, FileSystem.TRASH_PREFIX);
assertTrue(fsWrapper.exists(trashDir));
FileStatus trashFileStatus = fsWrapper.getFileStatus(trashDir);
assertTrue(trashFileStatus.getPermission().getStickyBit());
// create a non-privileged user
final UserGroupInformation user = UserGroupInformation.createUserForTesting("user", new String[] { "mygroup" });
user.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
final Path ezfile2 = new Path(zone1, "file2");
final int len = 8192;
// create a file /zones/zone1/file2 in EZ
// this file is owned by user:mygroup
FileSystem fs2 = FileSystem.get(cluster.getConfiguration(0));
DFSTestUtil.createFile(fs2, ezfile2, len, (short) 1, 0xFEED);
// delete /zones/zone1/file2,
// which moves the file to
// /zones/zone1/.Trash/user/Current/zones/zone1/file2
String[] argv = new String[] { "-rm", ezfile2.toString() };
int res = ToolRunner.run(shell, argv);
assertEquals("Can't remove a file in EZ as user:mygroup", 0, res);
return null;
}
});
}
Also used :
Path(org.apache.hadoop.fs.Path)
FileStatus(org.apache.hadoop.fs.FileStatus)
HdfsFileStatus(org.apache.hadoop.hdfs.protocol.HdfsFileStatus)
Configuration(org.apache.hadoop.conf.Configuration)
CryptoAdmin(org.apache.hadoop.hdfs.tools.CryptoAdmin)
Mockito.anyString(org.mockito.Mockito.anyString)
IOException(java.io.IOException)
ExecutionException(java.util.concurrent.ExecutionException)
AccessControlException(org.apache.hadoop.security.AccessControlException)
FsShell(org.apache.hadoop.fs.FsShell)
FileSystem(org.apache.hadoop.fs.FileSystem)
WebHdfsFileSystem(org.apache.hadoop.hdfs.web.WebHdfsFileSystem)
Matchers.anyObject(org.mockito.Matchers.anyObject)
FsPermission(org.apache.hadoop.fs.permission.FsPermission)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Test(org.junit.Test)
Aggregations
Configuration (org.apache.hadoop.conf.Configuration)2
FileStatus (org.apache.hadoop.fs.FileStatus)2
FsShell (org.apache.hadoop.fs.FsShell)2
Path (org.apache.hadoop.fs.Path)2
HdfsFileStatus (org.apache.hadoop.hdfs.protocol.HdfsFileStatus)2
CryptoAdmin (org.apache.hadoop.hdfs.tools.CryptoAdmin)2
Test (org.junit.Test)2
Mockito.anyString (org.mockito.Mockito.anyString)2
IOException (java.io.IOException)1
ExecutionException (java.util.concurrent.ExecutionException)1
FileSystem (org.apache.hadoop.fs.FileSystem)1
FsPermission (org.apache.hadoop.fs.permission.FsPermission)1
WebHdfsFileSystem (org.apache.hadoop.hdfs.web.WebHdfsFileSystem)1
AccessControlException (org.apache.hadoop.security.AccessControlException)1
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1
Matchers.anyObject (org.mockito.Matchers.anyObject)1
