Ejemplo n.º 1
0
        public virtual void TestClusterNoAdmins()
        {
            IDictionary <JobACL, AccessControlList> tmpJobACLs = new Dictionary <JobACL, AccessControlList
                                                                                 >();
            Configuration conf     = new Configuration();
            string        jobOwner = "testuser";

            conf.Set(JobACL.ViewJob.GetAclName(), string.Empty);
            conf.SetBoolean(MRConfig.MrAclsEnabled, true);
            string         noAdminUser = "******";
            JobACLsManager aclsManager = new JobACLsManager(conf);

            tmpJobACLs = aclsManager.ConstructJobACLs(conf);
            IDictionary <JobACL, AccessControlList> jobACLs = tmpJobACLs;
            UserGroupInformation callerUGI = UserGroupInformation.CreateUserForTesting(noAdminUser
                                                                                       , new string[] {  });
            // random user should not have access
            bool val = aclsManager.CheckAccess(callerUGI, JobACL.ViewJob, jobOwner, jobACLs[JobACL
                                                                                            .ViewJob]);

            NUnit.Framework.Assert.IsFalse("random user should not have view access", val);
            val = aclsManager.CheckAccess(callerUGI, JobACL.ModifyJob, jobOwner, jobACLs[JobACL
                                                                                         .ModifyJob]);
            NUnit.Framework.Assert.IsFalse("random user should not have modify access", val);
            callerUGI = UserGroupInformation.CreateUserForTesting(jobOwner, new string[] {  }
                                                                  );
            // Owner should have access
            val = aclsManager.CheckAccess(callerUGI, JobACL.ViewJob, jobOwner, jobACLs[JobACL
                                                                                       .ViewJob]);
            NUnit.Framework.Assert.IsTrue("owner should have view access", val);
            val = aclsManager.CheckAccess(callerUGI, JobACL.ModifyJob, jobOwner, jobACLs[JobACL
                                                                                         .ModifyJob]);
            NUnit.Framework.Assert.IsTrue("owner should have modify access", val);
        }
Ejemplo n.º 2
0
        public virtual void TestGroups()
        {
            IDictionary <JobACL, AccessControlList> tmpJobACLs = new Dictionary <JobACL, AccessControlList
                                                                                 >();
            Configuration conf     = new Configuration();
            string        jobOwner = "testuser";

            conf.Set(JobACL.ViewJob.GetAclName(), jobOwner);
            conf.SetBoolean(MRConfig.MrAclsEnabled, true);
            string user       = "******";
            string adminGroup = "adminGroup";

            conf.Set(MRConfig.MrAdmins, " " + adminGroup);
            JobACLsManager aclsManager = new JobACLsManager(conf);

            tmpJobACLs = aclsManager.ConstructJobACLs(conf);
            IDictionary <JobACL, AccessControlList> jobACLs = tmpJobACLs;
            UserGroupInformation callerUGI = UserGroupInformation.CreateUserForTesting(user,
                                                                                       new string[] { adminGroup });
            // acls off so anyone should have access
            bool val = aclsManager.CheckAccess(callerUGI, JobACL.ViewJob, jobOwner, jobACLs[JobACL
                                                                                            .ViewJob]);

            NUnit.Framework.Assert.IsTrue("user in admin group should have access", val);
        }