Example 16 with Groups
use of org.apache.hadoop.security.Groups in project hadoop by apache.
the class TestGroupsCaching method testThreadNotBlockedWhenExpiredEntryExistsWithBackgroundRefresh.
@Test
public void testThreadNotBlockedWhenExpiredEntryExistsWithBackgroundRefresh() throws Exception {
conf.setLong(CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_SECS, 1);
conf.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_BACKGROUND_RELOAD, true);
FakeTimer timer = new FakeTimer();
final Groups groups = new Groups(conf, timer);
groups.cacheGroupsAdd(Arrays.asList(myGroups));
groups.refresh();
FakeGroupMapping.clearBlackList();
// We make an initial request to populate the cache
groups.getGroups("me");
// Further lookups will have a delay
FakeGroupMapping.setGetGroupsDelayMs(100);
// add another groups
groups.cacheGroupsAdd(Arrays.asList("grp3"));
int startingRequestCount = FakeGroupMapping.getRequestCount();
// Then expire that entry
timer.advance(4 * 1000);
// Now get the cache entry - it should return immediately
// with the old value and the cache will not have completed
// a request to getGroups yet.
assertEquals(groups.getGroups("me").size(), 2);
assertEquals(startingRequestCount, FakeGroupMapping.getRequestCount());
// Now sleep for over the delay time and the request count should
// have completed
Thread.sleep(110);
assertEquals(startingRequestCount + 1, FakeGroupMapping.getRequestCount());
// Another call to get groups should give 3 groups instead of 2
assertEquals(groups.getGroups("me").size(), 3);
}Example 17 with Groups
use of org.apache.hadoop.security.Groups in project hadoop by apache.
the class TestGroupsCaching method testEntriesExpireIfBackgroundRefreshFails.
@Test
public void testEntriesExpireIfBackgroundRefreshFails() throws Exception {
conf.setLong(CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_SECS, 1);
conf.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_BACKGROUND_RELOAD, true);
FakeTimer timer = new FakeTimer();
final Groups groups = new Groups(conf, timer);
groups.cacheGroupsAdd(Arrays.asList(myGroups));
groups.refresh();
FakeGroupMapping.clearBlackList();
// We make an initial request to populate the cache
groups.getGroups("me");
// Now make all calls to the FakeGroupMapper throw exceptions
FakeGroupMapping.setThrowException(true);
// will be retrievable until it is evicted after about 10 seconds.
for (int i = 0; i < 9; i++) {
assertEquals(groups.getGroups("me").size(), 2);
timer.advance(1 * 1000);
}
// Wait until the 11th second. The call to getGroups should throw
// an exception as the key will have been evicted and FakeGroupMapping
// will throw IO Exception when it is asked for new groups. In this case
// load must be called synchronously as there is no key present
timer.advance(2 * 1000);
try {
groups.getGroups("me");
fail("Should have thrown an exception here");
} catch (Exception e) {
// pass
}
// Finally check groups are retrieve again after FakeGroupMapping
// stops throw exceptions
FakeGroupMapping.setThrowException(false);
assertEquals(groups.getGroups("me").size(), 2);
}
Also used :
Groups(org.apache.hadoop.security.Groups)
FakeTimer(org.apache.hadoop.util.FakeTimer)
TimeoutException(java.util.concurrent.TimeoutException)
IOException(java.io.IOException)
Test(org.junit.Test)
Example 18 with Groups
use of org.apache.hadoop.security.Groups in project hadoop by apache.
the class TestGroupsCaching method testGroupLookupForStaticUsers.
/*
* Group lookup should not happen for static users
*/
@Test
public void testGroupLookupForStaticUsers() throws Exception {
conf.setClass(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING, FakeunPrivilegedGroupMapping.class, ShellBasedUnixGroupsMapping.class);
conf.set(CommonConfigurationKeys.HADOOP_USER_GROUP_STATIC_OVERRIDES, "me=;user1=group1;user2=group1,group2");
Groups groups = new Groups(conf);
List<String> userGroups = groups.getGroups("me");
assertTrue("non-empty groups for static user", userGroups.isEmpty());
assertFalse("group lookup done for static user", FakeunPrivilegedGroupMapping.invoked);
List<String> expected = new ArrayList<String>();
expected.add("group1");
FakeunPrivilegedGroupMapping.invoked = false;
userGroups = groups.getGroups("user1");
assertTrue("groups not correct", expected.equals(userGroups));
assertFalse("group lookup done for unprivileged user", FakeunPrivilegedGroupMapping.invoked);
expected.add("group2");
FakeunPrivilegedGroupMapping.invoked = false;
userGroups = groups.getGroups("user2");
assertTrue("groups not correct", expected.equals(userGroups));
assertFalse("group lookup done for unprivileged user", FakeunPrivilegedGroupMapping.invoked);
}Example 19 with Groups
use of org.apache.hadoop.security.Groups in project hadoop by apache.
the class TestGroupsCaching method testBackgroundRefreshCounters.
@Test
public void testBackgroundRefreshCounters() throws IOException, InterruptedException {
conf.setLong(CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_SECS, 1);
conf.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_BACKGROUND_RELOAD, true);
conf.setInt(CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_BACKGROUND_RELOAD_THREADS, 2);
FakeTimer timer = new FakeTimer();
final Groups groups = new Groups(conf, timer);
groups.cacheGroupsAdd(Arrays.asList(myGroups));
groups.refresh();
FakeGroupMapping.clearBlackList();
// populate the cache
String[] grps = { "one", "two", "three", "four", "five" };
for (String g : grps) {
groups.getGroups(g);
}
// expire the cache
timer.advance(2 * 1000);
FakeGroupMapping.pause();
// 3 should get queued and 2 should be running
for (String g : grps) {
groups.getGroups(g);
}
waitForGroupCounters(groups, 3, 2, 0, 0);
FakeGroupMapping.resume();
// Once resumed, all results should be returned immediately
waitForGroupCounters(groups, 0, 0, 5, 0);
// Now run again, this time throwing exceptions but no delay
timer.advance(2 * 1000);
FakeGroupMapping.setGetGroupsDelayMs(0);
FakeGroupMapping.setThrowException(true);
for (String g : grps) {
groups.getGroups(g);
}
waitForGroupCounters(groups, 0, 0, 5, 5);
}Example 20 with Groups
use of org.apache.hadoop.security.Groups in project hadoop by apache.
the class TestGroupsCaching method testNegativeGroupCaching.
@Test
public void testNegativeGroupCaching() throws Exception {
final String user = "negcache";
final String failMessage = "Did not throw IOException: ";
conf.setLong(CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_NEGATIVE_CACHE_SECS, 2);
FakeTimer timer = new FakeTimer();
Groups groups = new Groups(conf, timer);
groups.cacheGroupsAdd(Arrays.asList(myGroups));
groups.refresh();
FakeGroupMapping.addToBlackList(user);
// In the first attempt, the user will be put in the negative cache.
try {
groups.getGroups(user);
fail(failMessage + "Failed to obtain groups from FakeGroupMapping.");
} catch (IOException e) {
// Expects to raise exception for the first time. But the user will be
// put into the negative cache
GenericTestUtils.assertExceptionContains("No groups found for user", e);
}
// The second time, the user is in the negative cache.
try {
groups.getGroups(user);
fail(failMessage + "The user is in the negative cache.");
} catch (IOException e) {
GenericTestUtils.assertExceptionContains("No groups found for user", e);
}
// Brings back the backend user-group mapping service.
FakeGroupMapping.clearBlackList();
// It should still get groups from the negative cache.
try {
groups.getGroups(user);
fail(failMessage + "The user is still in the negative cache, even " + "FakeGroupMapping has resumed.");
} catch (IOException e) {
GenericTestUtils.assertExceptionContains("No groups found for user", e);
}
// Let the elements in the negative cache expire.
timer.advance(4 * 1000);
// The groups for the user is expired in the negative cache, a new copy of
// groups for the user is fetched.
assertEquals(Arrays.asList(myGroups), groups.getGroups(user));
}
Also used :
Groups(org.apache.hadoop.security.Groups)
IOException(java.io.IOException)
FakeTimer(org.apache.hadoop.util.FakeTimer)
Test(org.junit.Test)
Aggregations
Groups (org.apache.hadoop.security.Groups)29
Test (org.junit.Test)19
IOException (java.io.IOException)14
FakeTimer (org.apache.hadoop.util.FakeTimer)10
Configuration (org.apache.hadoop.conf.Configuration)8
ArrayList (java.util.ArrayList)5
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)3
ServletException (javax.servlet.ServletException)2
GrantedAuthority (org.springframework.security.core.GrantedAuthority)2
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)2
VisibleForTesting (com.google.common.annotations.VisibleForTesting)1
File (java.io.File)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
Principal (java.security.Principal)1
PrivilegedActionException (java.security.PrivilegedActionException)1
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)1
CertificateException (java.security.cert.CertificateException)1
ParseException (java.text.ParseException)1
TimeoutException (java.util.concurrent.TimeoutException)1
Subject (javax.security.auth.Subject)1
