Example 11 with UserGroupInformation
use of org.apache.hadoop.security.UserGroupInformation in project hadoop by apache.
the class FileContextPermissionBase method testUgi.
@Test
public void testUgi() throws IOException, InterruptedException {
UserGroupInformation otherUser = UserGroupInformation.createRemoteUser("otherUser");
FileContext newFc = otherUser.doAs(new PrivilegedExceptionAction<FileContext>() {
@Override
public FileContext run() throws Exception {
FileContext newFc = FileContext.getFileContext();
return newFc;
}
});
assertEquals("otherUser", newFc.getUgi().getUserName());
}
Also used :
IOException(java.io.IOException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Test(org.junit.Test)
Example 12 with UserGroupInformation
use of org.apache.hadoop.security.UserGroupInformation in project hadoop by apache.
the class KDiag method loginFromKeytab.
/**
* Log in from a keytab, dump the UGI, validate it, then try and log in again.
*
* That second-time login catches JVM/Hadoop compatibility problems.
* @throws IOException Keytab loading problems
*/
private void loginFromKeytab() throws IOException {
UserGroupInformation ugi;
String identity;
if (keytab != null) {
File kt = keytab.getCanonicalFile();
println("Using keytab %s principal %s", kt, principal);
identity = principal;
failif(principal == null, CAT_KERBEROS, "No principal defined");
ugi = loginUserFromKeytabAndReturnUGI(principal, kt.getPath());
dumpUGI(identity, ugi);
validateUGI(principal, ugi);
title("Attempting to relogin");
try {
// package scoped -hence the reason why this class must be in the
// hadoop.security package
setShouldRenewImmediatelyForTests(true);
// attempt a new login
ugi.reloginFromKeytab();
} catch (IllegalAccessError e) {
// if you've built this class into an independent JAR, package-access
// may fail. Downgrade
warn(CAT_UGI, "Failed to reset UGI -and so could not try to relogin");
LOG.debug("Failed to reset UGI: {}", e, e);
}
} else {
println("No keytab: attempting to log in is as current user");
}
}
Also used :
File(java.io.File)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 13 with UserGroupInformation
use of org.apache.hadoop.security.UserGroupInformation in project flink by apache.
the class HadoopUserOverlayTest method testConfigure.
@Test
public void testConfigure() throws Exception {
final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("test");
HadoopUserOverlay overlay = new HadoopUserOverlay(ugi);
ContainerSpecification spec = new ContainerSpecification();
overlay.configure(spec);
assertEquals(ugi.getUserName(), spec.getEnvironmentVariables().get("HADOOP_USER_NAME"));
}
Also used :
ContainerSpecification(org.apache.flink.runtime.clusterframework.ContainerSpecification)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Test(org.junit.Test)
Example 14 with UserGroupInformation
use of org.apache.hadoop.security.UserGroupInformation in project hadoop by apache.
the class TestKMSAudit method testAggregation.
@Test
@SuppressWarnings("checkstyle:linelength")
public void testAggregation() throws Exception {
UserGroupInformation luser = Mockito.mock(UserGroupInformation.class);
Mockito.when(luser.getShortUserName()).thenReturn("luser");
kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.DELETE_KEY, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.ROLL_NEW_VERSION, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.INVALIDATE_CACHE, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
kmsAudit.evictCacheForTesting();
kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
kmsAudit.evictCacheForTesting();
kmsAudit.ok(luser, KMSOp.REENCRYPT_EEK, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.REENCRYPT_EEK, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.REENCRYPT_EEK, "k1", "testmsg");
kmsAudit.evictCacheForTesting();
String out = getAndResetLogOutput();
System.out.println(out);
Assert.assertTrue(out.matches("OK\\[op=DECRYPT_EEK, key=k1, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg" + // Not aggregated !!
"OK\\[op=DELETE_KEY, key=k1, user=luser\\] testmsg" + "OK\\[op=ROLL_NEW_VERSION, key=k1, user=luser\\] testmsg" + "OK\\[op=INVALIDATE_CACHE, key=k1, user=luser\\] testmsg" + // Aggregated
"OK\\[op=DECRYPT_EEK, key=k1, user=luser, accessCount=6, interval=[^m]{1,4}ms\\] testmsg" + "OK\\[op=DECRYPT_EEK, key=k1, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg" + "OK\\[op=REENCRYPT_EEK, key=k1, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg" + "OK\\[op=REENCRYPT_EEK, key=k1, user=luser, accessCount=3, interval=[^m]{1,4}ms\\] testmsg"));
}
Also used :
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Test(org.junit.Test)
Example 15 with UserGroupInformation
use of org.apache.hadoop.security.UserGroupInformation in project hadoop by apache.
the class TestKMSAudit method testAuditLogFormat.
@Test
@SuppressWarnings("checkstyle:linelength")
public void testAuditLogFormat() throws Exception {
UserGroupInformation luser = Mockito.mock(UserGroupInformation.class);
Mockito.when(luser.getShortUserName()).thenReturn("luser");
kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k4", "testmsg");
kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "testmsg");
kmsAudit.evictCacheForTesting();
kmsAudit.unauthorized(luser, KMSOp.DECRYPT_EEK, "k4");
kmsAudit.error(luser, "method", "url", "testmsg");
kmsAudit.unauthenticated("remotehost", "method", "url", "testmsg");
String out = getAndResetLogOutput();
System.out.println(out);
Assert.assertTrue(out.matches("OK\\[op=GENERATE_EEK, key=k4, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg" + "OK\\[op=GENERATE_EEK, user=luser\\] testmsg" + "OK\\[op=GENERATE_EEK, key=k4, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg" + "UNAUTHORIZED\\[op=DECRYPT_EEK, key=k4, user=luser\\] " + "ERROR\\[user=luser\\] Method:'method' Exception:'testmsg'" + "UNAUTHENTICATED RemoteHost:remotehost Method:method URL:url ErrorMsg:'testmsg'"));
}
Also used :
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Test(org.junit.Test)
Aggregations
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)621
IOException (java.io.IOException)274
Test (org.junit.Test)220
Configuration (org.apache.hadoop.conf.Configuration)138
Path (org.apache.hadoop.fs.Path)91
FileSystem (org.apache.hadoop.fs.FileSystem)59
YarnException (org.apache.hadoop.yarn.exceptions.YarnException)57
AccessControlException (org.apache.hadoop.security.AccessControlException)54
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)50
Path (javax.ws.rs.Path)47
Produces (javax.ws.rs.Produces)45
ApplicationId (org.apache.hadoop.yarn.api.records.ApplicationId)45
RMApp (org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)43
AuthorizationException (org.apache.hadoop.security.authorize.AuthorizationException)39
Token (org.apache.hadoop.security.token.Token)39
ArrayList (java.util.ArrayList)38
FsPermission (org.apache.hadoop.fs.permission.FsPermission)36
ApplicationAttemptId (org.apache.hadoop.yarn.api.records.ApplicationAttemptId)36
YarnConfiguration (org.apache.hadoop.yarn.conf.YarnConfiguration)35
Text (org.apache.hadoop.io.Text)34
