/// <summary>Create the RM registry operations as the current user</summary> /// <returns>the service</returns> /// <exception cref="Javax.Security.Auth.Login.LoginException"/> /// <exception cref="System.IO.FileNotFoundException"/> /// <exception cref="System.IO.IOException"/> /// <exception cref="System.Exception"/> public virtual RMRegistryOperationsService StartRMRegistryOperations() { // kerberos secureConf.Set(KeyRegistryClientAuth, RegistryClientAuthKerberos); secureConf.Set(KeyRegistryClientJaasContext, ZookeeperClientContext); RMRegistryOperationsService registryOperations = zookeeperUGI.DoAs(new _PrivilegedExceptionAction_97 (this)); return(registryOperations); }
public virtual void TestZookeeperCanWriteUnderSystem() { RMRegistryOperationsService rmRegistryOperations = StartRMRegistryOperations(); RegistryOperations operations = rmRegistryOperations; operations.Mknode(PathSystemServices + "hdfs", false); ZKPathDumper pathDumper = rmRegistryOperations.DumpPath(true); Log.Info(pathDumper.ToString()); }
public virtual void SetupRegistry() { registry = new RMRegistryOperationsService("yarnRegistry"); operations = registry; registry.Init(CreateRegistryConfiguration()); registry.Start(); operations.Delete("/", true); registry.CreateRootRegistryPaths(); AddToTeardown(registry); }
public virtual void TestAnonNoWriteAccessOffRoot() { RMRegistryOperationsService rmRegistryOperations = StartRMRegistryOperations(); Describe(Log, "testAnonNoWriteAccessOffRoot"); RegistryOperations operations = RegistryOperationsFactory.CreateAnonymousInstance (zkClientConf); AddToTeardown(operations); operations.Start(); NUnit.Framework.Assert.IsFalse("mknode(/)", operations.Mknode("/", false)); ExpectMkNodeFailure(operations, "/sub"); ExpectDeleteFailure(operations, PathSystemServices, true); }
public virtual void TestAnonNoWriteAccess() { RMRegistryOperationsService rmRegistryOperations = StartRMRegistryOperations(); Describe(Log, "testAnonNoWriteAccess"); RegistryOperations operations = RegistryOperationsFactory.CreateAnonymousInstance (zkClientConf); AddToTeardown(operations); operations.Start(); string servicePath = PathSystemServices + "hdfs"; ExpectMkNodeFailure(operations, servicePath); }
public virtual void TestAnonReadAccess() { RMRegistryOperationsService rmRegistryOperations = StartRMRegistryOperations(); Describe(Log, "testAnonReadAccess"); RegistryOperations operations = RegistryOperationsFactory.CreateAnonymousInstance (zkClientConf); AddToTeardown(operations); operations.Start(); NUnit.Framework.Assert.IsFalse("RegistrySecurity.isClientSASLEnabled()==true", RegistrySecurity .IsClientSASLEnabled()); operations.List(PathSystemServices); }
public virtual void TestUserZookeeperHomePathAccess() { RMRegistryOperationsService rmRegistryOperations = StartRMRegistryOperations(); string home = rmRegistryOperations.InitUserRegistry(Zookeeper); Describe(Log, "Creating ZK client"); RegistryOperations operations = zookeeperUGI.DoAs(new _PrivilegedExceptionAction_232 (this)); operations.List(home); string path = home + "/subpath"; operations.Mknode(path, false); operations.Delete(path, true); }
public virtual void TestAlicePathRestrictedAnonAccess() { RMRegistryOperationsService rmRegistryOperations = StartRMRegistryOperations(); string aliceHome = rmRegistryOperations.InitUserRegistry(Alice); Describe(Log, "Creating anonymous accessor"); RegistryOperations anonOperations = RegistryOperationsFactory.CreateAnonymousInstance (zkClientConf); AddToTeardown(anonOperations); anonOperations.Start(); anonOperations.List(aliceHome); ExpectMkNodeFailure(anonOperations, aliceHome + "/anon"); ExpectDeleteFailure(anonOperations, aliceHome, true); }
public virtual void TestDigestAccess() { RMRegistryOperationsService registryAdmin = StartRMRegistryOperations(); string id = "username"; string pass = "******"; registryAdmin.AddWriteAccessor(id, pass); IList <ACL> clientAcls = registryAdmin.GetClientAcls(); Log.Info("Client ACLS=\n{}", RegistrySecurity.AclsToString(clientAcls)); string @base = "/digested"; registryAdmin.Mknode(@base, false); IList <ACL> baseACLs = registryAdmin.ZkGetACLS(@base); string aclset = RegistrySecurity.AclsToString(baseACLs); Log.Info("Base ACLs=\n{}", aclset); ACL found = null; foreach (ACL acl in baseACLs) { if (ZookeeperConfigOptions.SchemeDigest.Equals(acl.GetId().GetScheme())) { found = acl; break; } } NUnit.Framework.Assert.IsNotNull("Did not find digest entry in ACLs " + aclset, found ); zkClientConf.Set(KeyRegistryUserAccounts, "sasl:[email protected], sasl:other" ); RegistryOperations operations = RegistryOperationsFactory.CreateAuthenticatedInstance (zkClientConf, id, pass); AddToTeardown(operations); operations.Start(); RegistryOperationsClient operationsClient = (RegistryOperationsClient)operations; IList <ACL> digestClientACLs = operationsClient.GetClientAcls(); Log.Info("digest client ACLs=\n{}", RegistrySecurity.AclsToString(digestClientACLs )); operations.Stat(@base); operations.Mknode(@base + "/subdir", false); ZKPathDumper pathDumper = registryAdmin.DumpPath(true); Log.Info(pathDumper.ToString()); }
public virtual void TestUserHomedirsPermissionsRestricted() { // test that the /users/$user permissions are restricted RMRegistryOperationsService rmRegistryOperations = StartRMRegistryOperations(); // create Alice's dir, so it should have an ACL for Alice string home = rmRegistryOperations.InitUserRegistry(Alice); IList <ACL> acls = rmRegistryOperations.ZkGetACLS(home); ACL aliceACL = null; foreach (ACL acl in acls) { Log.Info(RegistrySecurity.AclToString(acl)); ID id = acl.GetId(); if (id.GetScheme().Equals(ZookeeperConfigOptions.SchemeSasl) && id.GetId().StartsWith (Alice)) { aliceACL = acl; break; } } NUnit.Framework.Assert.IsNotNull(aliceACL); NUnit.Framework.Assert.AreEqual(RegistryAdminService.UserHomedirAclPermissions, aliceACL .GetPerms()); }