/// <summary>Create the RM registry operations as the current user</summary>
/// <returns>the service</returns>
/// <exception cref="Javax.Security.Auth.Login.LoginException"/>
/// <exception cref="System.IO.FileNotFoundException"/>
/// <exception cref="System.IO.IOException"/>
/// <exception cref="System.Exception"/>
public virtual RMRegistryOperationsService StartRMRegistryOperations()
{
// kerberos
secureConf.Set(KeyRegistryClientAuth, RegistryClientAuthKerberos);
secureConf.Set(KeyRegistryClientJaasContext, ZookeeperClientContext);
RMRegistryOperationsService registryOperations = zookeeperUGI.DoAs(new _PrivilegedExceptionAction_97
(this));
return(registryOperations);
}
public virtual void TestZookeeperCanWriteUnderSystem()
{
RMRegistryOperationsService rmRegistryOperations = StartRMRegistryOperations();
RegistryOperations operations = rmRegistryOperations;
operations.Mknode(PathSystemServices + "hdfs", false);
ZKPathDumper pathDumper = rmRegistryOperations.DumpPath(true);
Log.Info(pathDumper.ToString());
}
public virtual void SetupRegistry()
{
registry = new RMRegistryOperationsService("yarnRegistry");
operations = registry;
registry.Init(CreateRegistryConfiguration());
registry.Start();
operations.Delete("/", true);
registry.CreateRootRegistryPaths();
AddToTeardown(registry);
}
public virtual void TestAnonNoWriteAccessOffRoot()
{
RMRegistryOperationsService rmRegistryOperations = StartRMRegistryOperations();
Describe(Log, "testAnonNoWriteAccessOffRoot");
RegistryOperations operations = RegistryOperationsFactory.CreateAnonymousInstance
(zkClientConf);
AddToTeardown(operations);
operations.Start();
NUnit.Framework.Assert.IsFalse("mknode(/)", operations.Mknode("/", false));
ExpectMkNodeFailure(operations, "/sub");
ExpectDeleteFailure(operations, PathSystemServices, true);
}
public virtual void TestAnonNoWriteAccess()
{
RMRegistryOperationsService rmRegistryOperations = StartRMRegistryOperations();
Describe(Log, "testAnonNoWriteAccess");
RegistryOperations operations = RegistryOperationsFactory.CreateAnonymousInstance
(zkClientConf);
AddToTeardown(operations);
operations.Start();
string servicePath = PathSystemServices + "hdfs";
ExpectMkNodeFailure(operations, servicePath);
}
public virtual void TestAnonReadAccess()
{
RMRegistryOperationsService rmRegistryOperations = StartRMRegistryOperations();
Describe(Log, "testAnonReadAccess");
RegistryOperations operations = RegistryOperationsFactory.CreateAnonymousInstance
(zkClientConf);
AddToTeardown(operations);
operations.Start();
NUnit.Framework.Assert.IsFalse("RegistrySecurity.isClientSASLEnabled()==true", RegistrySecurity
.IsClientSASLEnabled());
operations.List(PathSystemServices);
}
public virtual void TestUserZookeeperHomePathAccess()
{
RMRegistryOperationsService rmRegistryOperations = StartRMRegistryOperations();
string home = rmRegistryOperations.InitUserRegistry(Zookeeper);
Describe(Log, "Creating ZK client");
RegistryOperations operations = zookeeperUGI.DoAs(new _PrivilegedExceptionAction_232
(this));
operations.List(home);
string path = home + "/subpath";
operations.Mknode(path, false);
operations.Delete(path, true);
}
public virtual void TestAlicePathRestrictedAnonAccess()
{
RMRegistryOperationsService rmRegistryOperations = StartRMRegistryOperations();
string aliceHome = rmRegistryOperations.InitUserRegistry(Alice);
Describe(Log, "Creating anonymous accessor");
RegistryOperations anonOperations = RegistryOperationsFactory.CreateAnonymousInstance
(zkClientConf);
AddToTeardown(anonOperations);
anonOperations.Start();
anonOperations.List(aliceHome);
ExpectMkNodeFailure(anonOperations, aliceHome + "/anon");
ExpectDeleteFailure(anonOperations, aliceHome, true);
}
public virtual void TestDigestAccess()
{
RMRegistryOperationsService registryAdmin = StartRMRegistryOperations();
string id = "username";
string pass = "******";
registryAdmin.AddWriteAccessor(id, pass);
IList <ACL> clientAcls = registryAdmin.GetClientAcls();
Log.Info("Client ACLS=\n{}", RegistrySecurity.AclsToString(clientAcls));
string @base = "/digested";
registryAdmin.Mknode(@base, false);
IList <ACL> baseACLs = registryAdmin.ZkGetACLS(@base);
string aclset = RegistrySecurity.AclsToString(baseACLs);
Log.Info("Base ACLs=\n{}", aclset);
ACL found = null;
foreach (ACL acl in baseACLs)
{
if (ZookeeperConfigOptions.SchemeDigest.Equals(acl.GetId().GetScheme()))
{
found = acl;
break;
}
}
NUnit.Framework.Assert.IsNotNull("Did not find digest entry in ACLs " + aclset, found
);
zkClientConf.Set(KeyRegistryUserAccounts, "sasl:[email protected], sasl:other"
);
RegistryOperations operations = RegistryOperationsFactory.CreateAuthenticatedInstance
(zkClientConf, id, pass);
AddToTeardown(operations);
operations.Start();
RegistryOperationsClient operationsClient = (RegistryOperationsClient)operations;
IList <ACL> digestClientACLs = operationsClient.GetClientAcls();
Log.Info("digest client ACLs=\n{}", RegistrySecurity.AclsToString(digestClientACLs
));
operations.Stat(@base);
operations.Mknode(@base + "/subdir", false);
ZKPathDumper pathDumper = registryAdmin.DumpPath(true);
Log.Info(pathDumper.ToString());
}
public virtual void TestUserHomedirsPermissionsRestricted()
{
// test that the /users/$user permissions are restricted
RMRegistryOperationsService rmRegistryOperations = StartRMRegistryOperations();
// create Alice's dir, so it should have an ACL for Alice
string home = rmRegistryOperations.InitUserRegistry(Alice);
IList <ACL> acls = rmRegistryOperations.ZkGetACLS(home);
ACL aliceACL = null;
foreach (ACL acl in acls)
{
Log.Info(RegistrySecurity.AclToString(acl));
ID id = acl.GetId();
if (id.GetScheme().Equals(ZookeeperConfigOptions.SchemeSasl) && id.GetId().StartsWith
(Alice))
{
aliceACL = acl;
break;
}
}
NUnit.Framework.Assert.IsNotNull(aliceACL);
NUnit.Framework.Assert.AreEqual(RegistryAdminService.UserHomedirAclPermissions, aliceACL
.GetPerms());
}
