public override string ToString()
{
if (ugi == null)
{
return("(null ugi)");
}
StringBuilder builder = new StringBuilder();
builder.Append(ugi.GetUserName()).Append(": ");
builder.Append(ugi.ToString());
builder.Append(" hasKerberosCredentials=").Append(ugi.HasKerberosCredentials());
builder.Append(" isFromKeytab=").Append(ugi.IsFromKeytab());
builder.Append(" kerberos is enabled in Hadoop =").Append(UserGroupInformation.IsSecurityEnabled
());
return(builder.ToString());
}
public virtual void TestUGILogin()
{
UserGroupInformation ugi = LoginUGI(Zookeeper, keytab_zk);
RegistrySecurity.UgiInfo ugiInfo = new RegistrySecurity.UgiInfo(ugi);
Log.Info("logged in as: {}", ugiInfo);
NUnit.Framework.Assert.IsTrue("security is not enabled: " + ugiInfo, UserGroupInformation
.IsSecurityEnabled());
NUnit.Framework.Assert.IsTrue("login is keytab based: " + ugiInfo, ugi.IsFromKeytab
());
// now we are here, build a SASL ACL
ACL acl = ugi.DoAs(new _PrivilegedExceptionAction_202());
NUnit.Framework.Assert.AreEqual(ZookeeperRealm, acl.GetId().GetId());
NUnit.Framework.Assert.AreEqual(ZookeeperConfigOptions.SchemeSasl, acl.GetId().GetScheme
());
registrySecurity.AddSystemACL(acl);
}
public virtual void TestUGILoginFromKeytab()
{
UserGroupInformation.SetShouldRenewImmediatelyForTests(true);
string principal = "foo";
FilePath keytab = new FilePath(workDir, "foo.keytab");
kdc.CreatePrincipal(keytab, principal);
UserGroupInformation.LoginUserFromKeytab(principal, keytab.GetPath());
UserGroupInformation ugi = UserGroupInformation.GetLoginUser();
Assert.True("UGI should be configured to login from keytab", ugi
.IsFromKeytab());
// Verify relogin from keytab.
User user = ugi.GetSubject().GetPrincipals <User>().GetEnumerator().Next();
long firstLogin = user.GetLastLogin();
ugi.ReloginFromKeytab();
long secondLogin = user.GetLastLogin();
Assert.True("User should have been able to relogin from keytab"
, secondLogin > firstLogin);
}
