use of org.apache.hadoop.security.UserGroupInformation in project hadoop by apache.
the class FileContextPermissionBase method testUgi.
@Test
public void testUgi() throws IOException, InterruptedException {
UserGroupInformation otherUser = UserGroupInformation.createRemoteUser("otherUser");
FileContext newFc = otherUser.doAs(new PrivilegedExceptionAction<FileContext>() {
@Override
public FileContext run() throws Exception {
FileContext newFc = FileContext.getFileContext();
return newFc;
}
});
assertEquals("otherUser", newFc.getUgi().getUserName());
}
use of org.apache.hadoop.security.UserGroupInformation in project hadoop by apache.
the class KDiag method loginFromKeytab.
/**
* Log in from a keytab, dump the UGI, validate it, then try and log in again.
*
* That second-time login catches JVM/Hadoop compatibility problems.
* @throws IOException Keytab loading problems
*/
private void loginFromKeytab() throws IOException {
UserGroupInformation ugi;
String identity;
if (keytab != null) {
File kt = keytab.getCanonicalFile();
println("Using keytab %s principal %s", kt, principal);
identity = principal;
failif(principal == null, CAT_KERBEROS, "No principal defined");
ugi = loginUserFromKeytabAndReturnUGI(principal, kt.getPath());
dumpUGI(identity, ugi);
validateUGI(principal, ugi);
title("Attempting to relogin");
try {
// package scoped -hence the reason why this class must be in the
// hadoop.security package
setShouldRenewImmediatelyForTests(true);
// attempt a new login
ugi.reloginFromKeytab();
} catch (IllegalAccessError e) {
// if you've built this class into an independent JAR, package-access
// may fail. Downgrade
warn(CAT_UGI, "Failed to reset UGI -and so could not try to relogin");
LOG.debug("Failed to reset UGI: {}", e, e);
}
} else {
println("No keytab: attempting to log in is as current user");
}
}
use of org.apache.hadoop.security.UserGroupInformation in project flink by apache.
the class HadoopUserOverlayTest method testConfigure.
@Test
public void testConfigure() throws Exception {
final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("test");
HadoopUserOverlay overlay = new HadoopUserOverlay(ugi);
ContainerSpecification spec = new ContainerSpecification();
overlay.configure(spec);
assertEquals(ugi.getUserName(), spec.getEnvironmentVariables().get("HADOOP_USER_NAME"));
}
use of org.apache.hadoop.security.UserGroupInformation in project hadoop by apache.
the class TestKMSAudit method testAggregation.
@Test
@SuppressWarnings("checkstyle:linelength")
public void testAggregation() throws Exception {
UserGroupInformation luser = Mockito.mock(UserGroupInformation.class);
Mockito.when(luser.getShortUserName()).thenReturn("luser");
kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.DELETE_KEY, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.ROLL_NEW_VERSION, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.INVALIDATE_CACHE, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
kmsAudit.evictCacheForTesting();
kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
kmsAudit.evictCacheForTesting();
kmsAudit.ok(luser, KMSOp.REENCRYPT_EEK, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.REENCRYPT_EEK, "k1", "testmsg");
kmsAudit.ok(luser, KMSOp.REENCRYPT_EEK, "k1", "testmsg");
kmsAudit.evictCacheForTesting();
String out = getAndResetLogOutput();
System.out.println(out);
Assert.assertTrue(out.matches("OK\\[op=DECRYPT_EEK, key=k1, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg" + // Not aggregated !!
"OK\\[op=DELETE_KEY, key=k1, user=luser\\] testmsg" + "OK\\[op=ROLL_NEW_VERSION, key=k1, user=luser\\] testmsg" + "OK\\[op=INVALIDATE_CACHE, key=k1, user=luser\\] testmsg" + // Aggregated
"OK\\[op=DECRYPT_EEK, key=k1, user=luser, accessCount=6, interval=[^m]{1,4}ms\\] testmsg" + "OK\\[op=DECRYPT_EEK, key=k1, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg" + "OK\\[op=REENCRYPT_EEK, key=k1, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg" + "OK\\[op=REENCRYPT_EEK, key=k1, user=luser, accessCount=3, interval=[^m]{1,4}ms\\] testmsg"));
}
use of org.apache.hadoop.security.UserGroupInformation in project hadoop by apache.
the class TestKMSAudit method testAuditLogFormat.
@Test
@SuppressWarnings("checkstyle:linelength")
public void testAuditLogFormat() throws Exception {
UserGroupInformation luser = Mockito.mock(UserGroupInformation.class);
Mockito.when(luser.getShortUserName()).thenReturn("luser");
kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k4", "testmsg");
kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "testmsg");
kmsAudit.evictCacheForTesting();
kmsAudit.unauthorized(luser, KMSOp.DECRYPT_EEK, "k4");
kmsAudit.error(luser, "method", "url", "testmsg");
kmsAudit.unauthenticated("remotehost", "method", "url", "testmsg");
String out = getAndResetLogOutput();
System.out.println(out);
Assert.assertTrue(out.matches("OK\\[op=GENERATE_EEK, key=k4, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg" + "OK\\[op=GENERATE_EEK, user=luser\\] testmsg" + "OK\\[op=GENERATE_EEK, key=k4, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg" + "UNAUTHORIZED\\[op=DECRYPT_EEK, key=k4, user=luser\\] " + "ERROR\\[user=luser\\] Method:'method' Exception:'testmsg'" + "UNAUTHENTICATED RemoteHost:remotehost Method:method URL:url ErrorMsg:'testmsg'"));
}
Aggregations