/// <exception cref="System.Exception"/>
public virtual void TestValidProxyUser()
{
UserGroupInformation ugi = UserGroupInformation.CreateProxyUser("u1", UserGroupInformation
.GetLoginUser());
ugi.DoAs(new _PrivilegedExceptionAction_135(this));
}
/// <exception cref="System.IO.IOException"/>
private void TryLoginAuthenticationMethod(UserGroupInformation.AuthenticationMethod
method, bool expectSuccess)
{
SecurityUtil.SetAuthenticationMethod(method, conf);
UserGroupInformation.SetConfiguration(conf);
// pick up changed auth
UserGroupInformation ugi = null;
Exception ex = null;
try
{
ugi = UserGroupInformation.GetLoginUser();
}
catch (Exception e)
{
ex = e;
}
if (expectSuccess)
{
NUnit.Framework.Assert.IsNotNull(ugi);
Assert.Equal(method, ugi.GetAuthenticationMethod());
}
else
{
NUnit.Framework.Assert.IsNotNull(ex);
Assert.Equal(typeof(NotSupportedException), ex.GetType());
Assert.Equal(method + " login authentication is not supported"
, ex.Message);
}
}
/// <summary>Initializes the staging directory and returns the path.</summary>
/// <remarks>
/// Initializes the staging directory and returns the path. It also
/// keeps track of all necessary ownership and permissions
/// </remarks>
/// <param name="cluster"/>
/// <param name="conf"/>
/// <exception cref="System.IO.IOException"/>
/// <exception cref="System.Exception"/>
public static Path GetStagingDir(Cluster cluster, Configuration conf)
{
Path stagingArea = cluster.GetStagingAreaDir();
FileSystem fs = stagingArea.GetFileSystem(conf);
string realUser;
string currentUser;
UserGroupInformation ugi = UserGroupInformation.GetLoginUser();
realUser = ugi.GetShortUserName();
currentUser = UserGroupInformation.GetCurrentUser().GetShortUserName();
if (fs.Exists(stagingArea))
{
FileStatus fsStatus = fs.GetFileStatus(stagingArea);
string owner = fsStatus.GetOwner();
if (!(owner.Equals(currentUser) || owner.Equals(realUser)))
{
throw new IOException("The ownership on the staging directory " + stagingArea + " is not as expected. "
+ "It is owned by " + owner + ". The directory must " + "be owned by the submitter "
+ currentUser + " or " + "by " + realUser);
}
if (!fsStatus.GetPermission().Equals(JobDirPermission))
{
Log.Info("Permissions on staging directory " + stagingArea + " are " + "incorrect: "
+ fsStatus.GetPermission() + ". Fixing permissions " + "to correct value " + JobDirPermission
);
fs.SetPermission(stagingArea, JobDirPermission);
}
}
else
{
fs.Mkdirs(stagingArea, new FsPermission(JobDirPermission));
}
return(stagingArea);
}
/// <exception cref="System.Exception"/>
public Void Run()
{
// make sure it is not the same as the login user because we use the
// same UGI object for every instantiation of the login user and you
// won't run into the race condition otherwise
Assert.AssertNotEquals(UserGroupInformation.GetLoginUser(), UserGroupInformation.
GetCurrentUser());
TestUserGroupInformation.GetTokenThread thread = new TestUserGroupInformation.GetTokenThread
();
try
{
thread.Start();
for (int i = 0; i < 100; i++)
{
Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> t = Org.Mockito.Mockito.Mock
<Org.Apache.Hadoop.Security.Token.Token>();
Org.Mockito.Mockito.When(t.GetService()).ThenReturn(new Text("t" + i));
UserGroupInformation.GetCurrentUser().AddToken(t);
NUnit.Framework.Assert.IsNull("ConcurrentModificationException encountered", thread
.cme);
}
}
catch (ConcurrentModificationException cme)
{
Runtime.PrintStackTrace(cme);
NUnit.Framework.Assert.Fail("ConcurrentModificationException encountered");
}
finally
{
thread.runThread = false;
thread.Join(5 * 1000);
}
return(null);
}
/// <exception cref="System.Exception"/>
public virtual void ___testInvalidProxyUser()
{
UserGroupInformation ugi = UserGroupInformation.CreateProxyUser("u2", UserGroupInformation
.GetLoginUser());
ugi.DoAs(new _PrivilegedExceptionAction_147(this));
}
public virtual void TestProxyUserFromEnvironment()
{
string proxyUser = "******";
Runtime.SetProperty(UserGroupInformation.HadoopProxyUser, proxyUser);
UserGroupInformation ugi = UserGroupInformation.GetLoginUser();
Assert.Equal(proxyUser, ugi.GetUserName());
UserGroupInformation realUgi = ugi.GetRealUser();
NUnit.Framework.Assert.IsNotNull(realUgi);
// get the expected real user name
SystemProcess pp = Runtime.GetRuntime().Exec("whoami");
BufferedReader br = new BufferedReader(new InputStreamReader(pp.GetInputStream())
);
string realUser = br.ReadLine().Trim();
// On Windows domain joined machine, whoami returns the username
// in the DOMAIN\\username format, so we trim the domain part before
// the comparison. We don't have to special case for Windows
// given that Unix systems do not allow slashes in usernames.
int backslashIndex = realUser.IndexOf('\\');
if (backslashIndex != -1)
{
realUser = Runtime.Substring(realUser, backslashIndex + 1);
}
Assert.Equal(realUser, realUgi.GetUserName());
}
/// <exception cref="System.IO.IOException"/>
private Org.Apache.Hadoop.Mapreduce.V2.App.Job.Job VerifyAndGetJob(JobId jobID, bool
exceptionThrow)
{
UserGroupInformation loginUgi = null;
Org.Apache.Hadoop.Mapreduce.V2.App.Job.Job job = null;
try
{
loginUgi = UserGroupInformation.GetLoginUser();
job = loginUgi.DoAs(new _PrivilegedExceptionAction_205(this, jobID));
}
catch (Exception e)
{
throw new IOException(e);
}
if (job == null && exceptionThrow)
{
throw new IOException("Unknown Job " + jobID);
}
if (job != null)
{
JobACL operation = JobACL.ViewJob;
this.CheckAccess(job, operation);
}
return(job);
}
/// <exception cref="System.IO.IOException"/>
public virtual void TestSetLoginUser()
{
UserGroupInformation ugi = UserGroupInformation.CreateRemoteUser("test-user");
UserGroupInformation.SetLoginUser(ugi);
Assert.Equal(ugi, UserGroupInformation.GetLoginUser());
}
/// <summary>Test that delegation tokens continue to work after the failover.</summary>
/// <exception cref="System.IO.IOException"/>
public virtual void TestDelegationTokensAfterFailover()
{
Configuration conf = new Configuration();
conf.SetBoolean(DFSConfigKeys.DfsNamenodeDelegationTokenAlwaysUseKey, true);
MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).NnTopology(MiniDFSNNTopology
.SimpleHATopology()).NumDataNodes(0).Build();
try
{
cluster.WaitActive();
cluster.TransitionToActive(0);
NameNode nn1 = cluster.GetNameNode(0);
NameNode nn2 = cluster.GetNameNode(1);
string renewer = UserGroupInformation.GetLoginUser().GetUserName();
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = nn1.GetRpcServer
().GetDelegationToken(new Text(renewer));
Log.Info("Failing over to NN 1");
cluster.TransitionToStandby(0);
cluster.TransitionToActive(1);
nn2.GetRpcServer().RenewDelegationToken(token);
nn2.GetRpcServer().CancelDelegationToken(token);
token = nn2.GetRpcServer().GetDelegationToken(new Text(renewer));
NUnit.Framework.Assert.IsTrue(token != null);
}
finally
{
cluster.Shutdown();
}
}
protected override string GetUserName()
{
try
{
return(UserGroupInformation.GetLoginUser().GetUserName());
}
catch (IOException e)
{
throw new SecurityException("Failed to obtain current username", e);
}
}
/// <exception cref="System.Exception"/>
protected override void ServiceStart()
{
if (UserGroupInformation.IsSecurityEnabled())
{
loginUGI = UserGroupInformation.GetLoginUser();
}
else
{
loginUGI = UserGroupInformation.GetCurrentUser();
}
clientRpcServer.Start();
}
/// <summary>Coordinate a graceful failover to this node.</summary>
/// <exception cref="ServiceFailedException">if the node fails to become active</exception>
/// <exception cref="System.IO.IOException">some other error occurs</exception>
/// <exception cref="Org.Apache.Hadoop.HA.ServiceFailedException"/>
internal virtual void GracefulFailoverToYou()
{
try
{
UserGroupInformation.GetLoginUser().DoAs(new _PrivilegedExceptionAction_601(this)
);
}
catch (Exception e)
{
throw new IOException(e);
}
}
/// <summary>Request from graceful failover to cede active role.</summary>
/// <remarks>
/// Request from graceful failover to cede active role. Causes
/// this ZKFC to transition its local node to standby, then quit
/// the election for the specified period of time, after which it
/// will rejoin iff it is healthy.
/// </remarks>
/// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/>
/// <exception cref="Org.Apache.Hadoop.HA.ServiceFailedException"/>
/// <exception cref="System.IO.IOException"/>
internal virtual void CedeActive(int millisToCede)
{
try
{
UserGroupInformation.GetLoginUser().DoAs(new _PrivilegedExceptionAction_547(this,
millisToCede));
}
catch (Exception e)
{
throw new IOException(e);
}
}
/// <exception cref="System.Exception"/>
public virtual void TestLoginObjectInSubject()
{
UserGroupInformation loginUgi = UserGroupInformation.GetLoginUser();
UserGroupInformation anotherUgi = new UserGroupInformation(loginUgi.GetSubject());
LoginContext login1 = loginUgi.GetSubject().GetPrincipals <User>().GetEnumerator()
.Next().GetLogin();
LoginContext login2 = anotherUgi.GetSubject().GetPrincipals <User>().GetEnumerator
().Next().GetLogin();
//login1 and login2 must be same instances
Assert.True(login1 == login2);
}
/// <exception cref="System.Exception"/>
public virtual void TestLoginModuleCommit()
{
UserGroupInformation loginUgi = UserGroupInformation.GetLoginUser();
User user1 = loginUgi.GetSubject().GetPrincipals <User>().GetEnumerator().Next();
LoginContext login = user1.GetLogin();
login.Logout();
login.Login();
User user2 = loginUgi.GetSubject().GetPrincipals <User>().GetEnumerator().Next();
// user1 and user2 must be same instances.
Assert.True(user1 == user2);
}
public static void Init()
{
baseDir = new FilePath(Runtime.GetProperty("test.build.dir", "target/test-dir"),
typeof(TestSecureNNWithQJM).Name);
FileUtil.FullyDelete(baseDir);
NUnit.Framework.Assert.IsTrue(baseDir.Mkdirs());
Properties kdcConf = MiniKdc.CreateConf();
kdc = new MiniKdc(kdcConf, baseDir);
kdc.Start();
baseConf = new HdfsConfiguration();
SecurityUtil.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.Kerberos
, baseConf);
UserGroupInformation.SetConfiguration(baseConf);
NUnit.Framework.Assert.IsTrue("Expected configuration to enable security", UserGroupInformation
.IsSecurityEnabled());
string userName = UserGroupInformation.GetLoginUser().GetShortUserName();
FilePath keytabFile = new FilePath(baseDir, userName + ".keytab");
string keytab = keytabFile.GetAbsolutePath();
// Windows will not reverse name lookup "127.0.0.1" to "localhost".
string krbInstance = Path.Windows ? "127.0.0.1" : "localhost";
kdc.CreatePrincipal(keytabFile, userName + "/" + krbInstance, "HTTP/" + krbInstance
);
string hdfsPrincipal = userName + "/" + krbInstance + "@" + kdc.GetRealm();
string spnegoPrincipal = "HTTP/" + krbInstance + "@" + kdc.GetRealm();
baseConf.Set(DFSConfigKeys.DfsNamenodeKerberosPrincipalKey, hdfsPrincipal);
baseConf.Set(DFSConfigKeys.DfsNamenodeKeytabFileKey, keytab);
baseConf.Set(DFSConfigKeys.DfsDatanodeKerberosPrincipalKey, hdfsPrincipal);
baseConf.Set(DFSConfigKeys.DfsDatanodeKeytabFileKey, keytab);
baseConf.Set(DFSConfigKeys.DfsWebAuthenticationKerberosPrincipalKey, spnegoPrincipal
);
baseConf.Set(DFSConfigKeys.DfsJournalnodeKeytabFileKey, keytab);
baseConf.Set(DFSConfigKeys.DfsJournalnodeKerberosPrincipalKey, hdfsPrincipal);
baseConf.Set(DFSConfigKeys.DfsJournalnodeKerberosInternalSpnegoPrincipalKey, spnegoPrincipal
);
baseConf.SetBoolean(DFSConfigKeys.DfsBlockAccessTokenEnableKey, true);
baseConf.Set(DFSConfigKeys.DfsDataTransferProtectionKey, "authentication");
baseConf.Set(DFSConfigKeys.DfsHttpPolicyKey, HttpConfig.Policy.HttpsOnly.ToString
());
baseConf.Set(DFSConfigKeys.DfsNamenodeHttpsAddressKey, "localhost:0");
baseConf.Set(DFSConfigKeys.DfsDatanodeHttpsAddressKey, "localhost:0");
baseConf.Set(DFSConfigKeys.DfsJournalnodeHttpsAddressKey, "localhost:0");
baseConf.SetInt(CommonConfigurationKeys.IpcClientConnectMaxRetriesOnSaslKey, 10);
string keystoresDir = baseDir.GetAbsolutePath();
string sslConfDir = KeyStoreTestUtil.GetClasspathDir(typeof(TestSecureNNWithQJM));
KeyStoreTestUtil.SetupSSLConfig(keystoresDir, sslConfDir, baseConf, false);
}
/// <exception cref="System.Exception"/>
private void TestDelegationTokenWithinDoAs(Type fileSystemClass, bool proxyUser)
{
Configuration conf = new Configuration();
conf.Set("hadoop.security.authentication", "kerberos");
UserGroupInformation.SetConfiguration(conf);
UserGroupInformation.LoginUserFromKeytab("client", "/Users/tucu/tucu.keytab");
UserGroupInformation ugi = UserGroupInformation.GetLoginUser();
if (proxyUser)
{
ugi = UserGroupInformation.CreateProxyUser("foo", ugi);
}
conf = new Configuration();
UserGroupInformation.SetConfiguration(conf);
ugi.DoAs(new _PrivilegedExceptionAction_248(this, fileSystemClass));
}
/// <exception cref="System.IO.IOException"/>
internal virtual void StartAll()
{
lock (this)
{
try
{
UserGroupInformation.GetLoginUser().DoAs(new _PrivilegedExceptionAction_128(this)
);
}
catch (Exception ex)
{
IOException ioe = new IOException();
Sharpen.Extensions.InitCause(ioe, ex.InnerException);
throw ioe;
}
}
}
public static void InitKdc()
{
baseDir = new FilePath(Runtime.GetProperty("test.build.dir", "target/test-dir"),
typeof(SaslDataTransferTestCase).Name);
FileUtil.FullyDelete(baseDir);
NUnit.Framework.Assert.IsTrue(baseDir.Mkdirs());
Properties kdcConf = MiniKdc.CreateConf();
kdc = new MiniKdc(kdcConf, baseDir);
kdc.Start();
string userName = UserGroupInformation.GetLoginUser().GetShortUserName();
FilePath keytabFile = new FilePath(baseDir, userName + ".keytab");
keytab = keytabFile.GetAbsolutePath();
kdc.CreatePrincipal(keytabFile, userName + "/localhost", "HTTP/localhost");
hdfsPrincipal = userName + "/localhost@" + kdc.GetRealm();
spnegoPrincipal = "HTTP/localhost@" + kdc.GetRealm();
}
public virtual void SetUp()
{
dfs = new MiniDFSCluster.Builder(conf).NumDataNodes(4).Build();
fs = DfsUgi.DoAs(new _PrivilegedExceptionAction_80(this));
// Home directories for users
Mkdir(fs, "/user", "nobody", "nogroup", (short)0x3ff);
Mkdir(fs, "/user/alice", "alice", "nogroup", (short)0x1ed);
Mkdir(fs, "/user/bob", "bob", "nogroup", (short)0x1ed);
// staging directory root with sticky bit
UserGroupInformation MrUgi = UserGroupInformation.GetLoginUser();
Mkdir(fs, "/staging", MrUgi.GetShortUserName(), "nogroup", (short)0x3ff);
JobConf mrConf = new JobConf();
mrConf.Set(JTConfig.JtStagingAreaRoot, "/staging");
mr = new MiniMRCluster(0, 0, 4, dfs.GetFileSystem().GetUri().ToString(), 1, null,
null, MrUgi, mrConf);
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/>
protected override void CheckRpcAdminAccess()
{
UserGroupInformation ugi = UserGroupInformation.GetCurrentUser();
UserGroupInformation zkfcUgi = UserGroupInformation.GetLoginUser();
if (adminAcl.IsUserAllowed(ugi) || ugi.GetShortUserName().Equals(zkfcUgi.GetShortUserName
()))
{
Log.Info("Allowed RPC access from " + ugi + " at " + Org.Apache.Hadoop.Ipc.Server
.GetRemoteAddress());
return;
}
string msg = "Disallowed RPC access from " + ugi + " at " + Org.Apache.Hadoop.Ipc.Server
.GetRemoteAddress() + ". Not listed in " + DFSConfigKeys.DfsAdmin;
Log.Warn(msg);
throw new AccessControlException(msg);
}
// add a bunch of transactions.
public virtual void Run()
{
FSEditLog editLog = namesystem.GetEditLog();
for (int i = 0; i < numTransactions; i++)
{
try
{
string renewer = UserGroupInformation.GetLoginUser().GetUserName();
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = namesystem
.GetDelegationToken(new Text(renewer));
namesystem.RenewDelegationToken(token);
namesystem.CancelDelegationToken(token);
editLog.LogSync();
}
catch (IOException e)
{
System.Console.Out.WriteLine("Transaction " + i + " encountered exception " + e);
}
}
}
public virtual void TestUGICredentialsPropogation()
{
Credentials creds = new Credentials();
Org.Apache.Hadoop.Security.Token.Token <object> token = Org.Mockito.Mockito.Mock <Org.Apache.Hadoop.Security.Token.Token
>();
Text tokenService = new Text("service");
Text secretName = new Text("secret");
byte[] secret = new byte[] { };
creds.AddToken(tokenService, token);
creds.AddSecretKey(secretName, secret);
UserGroupInformation.GetLoginUser().AddCredentials(creds);
JobConf jobConf = new JobConf();
Job job = new Job(jobConf);
NUnit.Framework.Assert.AreSame(token, job.GetCredentials().GetToken(tokenService)
);
NUnit.Framework.Assert.AreSame(secret, job.GetCredentials().GetSecretKey(secretName
));
}
public virtual void TestUGILoginFromKeytab()
{
UserGroupInformation.SetShouldRenewImmediatelyForTests(true);
string principal = "foo";
FilePath keytab = new FilePath(workDir, "foo.keytab");
kdc.CreatePrincipal(keytab, principal);
UserGroupInformation.LoginUserFromKeytab(principal, keytab.GetPath());
UserGroupInformation ugi = UserGroupInformation.GetLoginUser();
Assert.True("UGI should be configured to login from keytab", ugi
.IsFromKeytab());
// Verify relogin from keytab.
User user = ugi.GetSubject().GetPrincipals <User>().GetEnumerator().Next();
long firstLogin = user.GetLastLogin();
ugi.ReloginFromKeytab();
long secondLogin = user.GetLastLogin();
Assert.True("User should have been able to relogin from keytab"
, secondLogin > firstLogin);
}
/// <summary>Perform the given action as the daemon's login user.</summary>
/// <remarks>
/// Perform the given action as the daemon's login user. If the login
/// user cannot be determined, this will log a FATAL error and exit
/// the whole JVM.
/// </remarks>
public static T DoAsLoginUserOrFatal <T>(PrivilegedAction <T> action)
{
if (UserGroupInformation.IsSecurityEnabled())
{
UserGroupInformation ugi = null;
try
{
ugi = UserGroupInformation.GetLoginUser();
}
catch (IOException e)
{
Log.Fatal("Exception while getting login user", e);
Runtime.PrintStackTrace(e);
Runtime.GetRuntime().Exit(-1);
}
return(ugi.DoAs(action));
}
else
{
return(action.Run());
}
}
/// <summary>Test login method</summary>
/// <exception cref="System.Exception"/>
public virtual void TestLogin()
{
conf.Set(CommonConfigurationKeys.HadoopUserGroupMetricsPercentilesIntervals, PercentilesInterval
.ToString());
UserGroupInformation.SetConfiguration(conf);
// login from unix
UserGroupInformation ugi = UserGroupInformation.GetCurrentUser();
Assert.Equal(UserGroupInformation.GetCurrentUser(), UserGroupInformation
.GetLoginUser());
Assert.True(ugi.GetGroupNames().Length >= 1);
VerifyGroupMetrics(1);
// ensure that doAs works correctly
UserGroupInformation userGroupInfo = UserGroupInformation.CreateUserForTesting(UserName
, GroupNames);
UserGroupInformation curUGI = userGroupInfo.DoAs(new _PrivilegedExceptionAction_185
());
// make sure in the scope of the doAs, the right user is current
Assert.Equal(curUGI, userGroupInfo);
// make sure it is not the same as the login user
NUnit.Framework.Assert.IsFalse(curUGI.Equals(UserGroupInformation.GetLoginUser())
);
}
/// <exception cref="System.IO.IOException"/>
private NamenodeProtocol CreateNNProtocolProxy()
{
return(NameNodeProxies.CreateNonHAProxy <NamenodeProtocol>(GetConf(), otherIpcAddr
, UserGroupInformation.GetLoginUser(), true).GetProxy());
}
/// <exception cref="System.IO.IOException"/>
protected internal virtual bool IsValidRequestor(HttpServletRequest request, Configuration
conf)
{
string remotePrincipal = request.GetUserPrincipal().GetName();
string remoteShortName = request.GetRemoteUser();
if (remotePrincipal == null)
{
// This really shouldn't happen...
Log.Warn("Received null remoteUser while authorizing access to " + "GetJournalEditServlet"
);
return(false);
}
if (Log.IsDebugEnabled())
{
Log.Debug("Validating request made by " + remotePrincipal + " / " + remoteShortName
+ ". This user is: " + UserGroupInformation.GetLoginUser());
}
ICollection <string> validRequestors = new HashSet <string>();
Sharpen.Collections.AddAll(validRequestors, DFSUtil.GetAllNnPrincipals(conf));
try
{
validRequestors.AddItem(SecurityUtil.GetServerPrincipal(conf.Get(DFSConfigKeys.DfsSecondaryNamenodeKerberosPrincipalKey
), SecondaryNameNode.GetHttpAddress(conf).GetHostName()));
}
catch (Exception e)
{
// Don't halt if SecondaryNameNode principal could not be added.
Log.Debug("SecondaryNameNode principal could not be added", e);
string msg = string.Format("SecondaryNameNode principal not considered, %s = %s, %s = %s"
, DFSConfigKeys.DfsSecondaryNamenodeKerberosPrincipalKey, conf.Get(DFSConfigKeys
.DfsSecondaryNamenodeKerberosPrincipalKey), DFSConfigKeys.DfsNamenodeSecondaryHttpAddressKey
, conf.Get(DFSConfigKeys.DfsNamenodeSecondaryHttpAddressKey, DFSConfigKeys.DfsNamenodeSecondaryHttpAddressDefault
));
Log.Warn(msg);
}
// Check the full principal name of all the configured valid requestors.
foreach (string v in validRequestors)
{
if (Log.IsDebugEnabled())
{
Log.Debug("isValidRequestor is comparing to valid requestor: " + v);
}
if (v != null && v.Equals(remotePrincipal))
{
if (Log.IsDebugEnabled())
{
Log.Debug("isValidRequestor is allowing: " + remotePrincipal);
}
return(true);
}
}
// Additionally, we compare the short name of the requestor to this JN's
// username, because we want to allow requests from other JNs during
// recovery, but we can't enumerate the full list of JNs.
if (remoteShortName.Equals(UserGroupInformation.GetLoginUser().GetShortUserName()
))
{
if (Log.IsDebugEnabled())
{
Log.Debug("isValidRequestor is allowing other JN principal: " + remotePrincipal);
}
return(true);
}
if (Log.IsDebugEnabled())
{
Log.Debug("isValidRequestor is rejecting: " + remotePrincipal);
}
return(false);
}
public virtual void TestUserFromEnvironment()
{
Runtime.SetProperty(UserGroupInformation.HadoopUserName, "randomUser");
Assert.Equal("randomUser", UserGroupInformation.GetLoginUser()
.GetUserName());
}
/// <exception cref="System.Exception"/>
private static void SetupKDC()
{
if (!miniKDCStarted)
{
testMiniKDC.Start();
GetKdc().CreatePrincipal(httpSpnegoKeytabFile, "HTTP/localhost", "client", UserGroupInformation
.GetLoginUser().GetShortUserName(), "client2");
miniKDCStarted = true;
}
}
