public virtual void TestClusterNoAdmins() { IDictionary <JobACL, AccessControlList> tmpJobACLs = new Dictionary <JobACL, AccessControlList >(); Configuration conf = new Configuration(); string jobOwner = "testuser"; conf.Set(JobACL.ViewJob.GetAclName(), string.Empty); conf.SetBoolean(MRConfig.MrAclsEnabled, true); string noAdminUser = "******"; JobACLsManager aclsManager = new JobACLsManager(conf); tmpJobACLs = aclsManager.ConstructJobACLs(conf); IDictionary <JobACL, AccessControlList> jobACLs = tmpJobACLs; UserGroupInformation callerUGI = UserGroupInformation.CreateUserForTesting(noAdminUser , new string[] { }); // random user should not have access bool val = aclsManager.CheckAccess(callerUGI, JobACL.ViewJob, jobOwner, jobACLs[JobACL .ViewJob]); NUnit.Framework.Assert.IsFalse("random user should not have view access", val); val = aclsManager.CheckAccess(callerUGI, JobACL.ModifyJob, jobOwner, jobACLs[JobACL .ModifyJob]); NUnit.Framework.Assert.IsFalse("random user should not have modify access", val); callerUGI = UserGroupInformation.CreateUserForTesting(jobOwner, new string[] { } ); // Owner should have access val = aclsManager.CheckAccess(callerUGI, JobACL.ViewJob, jobOwner, jobACLs[JobACL .ViewJob]); NUnit.Framework.Assert.IsTrue("owner should have view access", val); val = aclsManager.CheckAccess(callerUGI, JobACL.ModifyJob, jobOwner, jobACLs[JobACL .ModifyJob]); NUnit.Framework.Assert.IsTrue("owner should have modify access", val); }
public virtual void TestGroups() { IDictionary <JobACL, AccessControlList> tmpJobACLs = new Dictionary <JobACL, AccessControlList >(); Configuration conf = new Configuration(); string jobOwner = "testuser"; conf.Set(JobACL.ViewJob.GetAclName(), jobOwner); conf.SetBoolean(MRConfig.MrAclsEnabled, true); string user = "******"; string adminGroup = "adminGroup"; conf.Set(MRConfig.MrAdmins, " " + adminGroup); JobACLsManager aclsManager = new JobACLsManager(conf); tmpJobACLs = aclsManager.ConstructJobACLs(conf); IDictionary <JobACL, AccessControlList> jobACLs = tmpJobACLs; UserGroupInformation callerUGI = UserGroupInformation.CreateUserForTesting(user, new string[] { adminGroup }); // acls off so anyone should have access bool val = aclsManager.CheckAccess(callerUGI, JobACL.ViewJob, jobOwner, jobACLs[JobACL .ViewJob]); NUnit.Framework.Assert.IsTrue("user in admin group should have access", val); }