Examples with DFSAdmin org.apache.hadoop.hdfs.tools.DFSAdmin used on opensource projects

Example 41 with DFSAdmin

use of org.apache.hadoop.hdfs.tools.DFSAdmin in project hadoop by apache.

the class TestRefreshUserMappings method testRefreshSuperUserGroupsConfiguration.

@Test
public void testRefreshSuperUserGroupsConfiguration() throws Exception {
    final String SUPER_USER = "super_user";
    final List<String> groupNames1 = new ArrayList<>();
    groupNames1.add("gr1");
    groupNames1.add("gr2");
    final List<String> groupNames2 = new ArrayList<>();
    groupNames2.add("gr3");
    groupNames2.add("gr4");
    //keys in conf
    String userKeyGroups = DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey(SUPER_USER);
    String userKeyHosts = DefaultImpersonationProvider.getTestProvider().getProxySuperuserIpConfKey(SUPER_USER);
    // superuser can proxy for this group
    config.set(userKeyGroups, "gr3,gr4,gr5");
    config.set(userKeyHosts, "127.0.0.1");
    ProxyUsers.refreshSuperUserGroupsConfiguration(config);
    UserGroupInformation ugi1 = mock(UserGroupInformation.class);
    UserGroupInformation ugi2 = mock(UserGroupInformation.class);
    UserGroupInformation suUgi = mock(UserGroupInformation.class);
    when(ugi1.getRealUser()).thenReturn(suUgi);
    when(ugi2.getRealUser()).thenReturn(suUgi);
    // super user
    when(suUgi.getShortUserName()).thenReturn(SUPER_USER);
    // super user
    when(suUgi.getUserName()).thenReturn(SUPER_USER + "L");
    when(ugi1.getShortUserName()).thenReturn("user1");
    when(ugi2.getShortUserName()).thenReturn("user2");
    when(ugi1.getUserName()).thenReturn("userL1");
    when(ugi2.getUserName()).thenReturn("userL2");
    // set groups for users
    when(ugi1.getGroups()).thenReturn(groupNames1);
    when(ugi2.getGroups()).thenReturn(groupNames2);
    // check before
    try {
        ProxyUsers.authorize(ugi1, "127.0.0.1");
        fail("first auth for " + ugi1.getShortUserName() + " should've failed ");
    } catch (AuthorizationException e) {
        // expected
        System.err.println("auth for " + ugi1.getUserName() + " failed");
    }
    try {
        ProxyUsers.authorize(ugi2, "127.0.0.1");
        System.err.println("auth for " + ugi2.getUserName() + " succeeded");
    // expected
    } catch (AuthorizationException e) {
        fail("first auth for " + ugi2.getShortUserName() + " should've succeeded: " + e.getLocalizedMessage());
    }
    // refresh will look at configuration on the server side
    // add additional resource with the new value
    // so the server side will pick it up
    String rsrc = "testGroupMappingRefresh_rsrc.xml";
    addNewConfigResource(rsrc, userKeyGroups, "gr2", userKeyHosts, "127.0.0.1");
    DFSAdmin admin = new DFSAdmin(config);
    String[] args = new String[] { "-refreshSuperUserGroupsConfiguration" };
    admin.run(args);
    try {
        ProxyUsers.authorize(ugi2, "127.0.0.1");
        fail("second auth for " + ugi2.getShortUserName() + " should've failed ");
    } catch (AuthorizationException e) {
        // expected
        System.err.println("auth for " + ugi2.getUserName() + " failed");
    }
    try {
        ProxyUsers.authorize(ugi1, "127.0.0.1");
        System.err.println("auth for " + ugi1.getUserName() + " succeeded");
    // expected
    } catch (AuthorizationException e) {
        fail("second auth for " + ugi1.getShortUserName() + " should've succeeded: " + e.getLocalizedMessage());
    }
}