/// <exception cref="System.IO.IOException"/>
private void TryLoginAuthenticationMethod(UserGroupInformation.AuthenticationMethod
method, bool expectSuccess)
{
SecurityUtil.SetAuthenticationMethod(method, conf);
UserGroupInformation.SetConfiguration(conf);
// pick up changed auth
UserGroupInformation ugi = null;
Exception ex = null;
try
{
ugi = UserGroupInformation.GetLoginUser();
}
catch (Exception e)
{
ex = e;
}
if (expectSuccess)
{
NUnit.Framework.Assert.IsNotNull(ugi);
Assert.Equal(method, ugi.GetAuthenticationMethod());
}
else
{
NUnit.Framework.Assert.IsNotNull(ex);
Assert.Equal(typeof(NotSupportedException), ex.GetType());
Assert.Equal(method + " login authentication is not supported"
, ex.Message);
}
}
/// <summary>test constructor</summary>
/// <exception cref="System.Exception"/>
public virtual void TestConstructorWithKerberos()
{
// security on, default is remove default realm
SecurityUtil.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.Kerberos
, conf);
UserGroupInformation.SetConfiguration(conf);
TestConstructorSuccess("user1", "user1");
TestConstructorSuccess("*****@*****.**", "user2");
TestConstructorSuccess("user3/[email protected]", "user3");
// failure test
TestConstructorFailures("*****@*****.**");
TestConstructorFailures("user5/[email protected]");
TestConstructorFailures(null);
TestConstructorFailures(string.Empty);
}
/// <summary>test constructor</summary>
/// <exception cref="System.Exception"/>
public virtual void TestConstructorWithKerberosRules()
{
// security on, explicit rules
SecurityUtil.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.Kerberos
, conf);
conf.Set(CommonConfigurationKeysPublic.HadoopSecurityAuthToLocal, "RULE:[2:$1@$0](.*@OTHER.REALM)s/(.*)@.*/other-$1/"
+ "RULE:[1:$1@$0](.*@OTHER.REALM)s/(.*)@.*/other-$1/" + "DEFAULT");
UserGroupInformation.SetConfiguration(conf);
TestConstructorSuccess("user1", "user1");
TestConstructorSuccess("*****@*****.**", "user2");
TestConstructorSuccess("user3/[email protected]", "user3");
TestConstructorSuccess("*****@*****.**", "other-user4");
TestConstructorSuccess("user5/[email protected]", "other-user5");
// failure test
TestConstructorFailures(null);
TestConstructorFailures(string.Empty);
}
public virtual void TestSetAuthenticationMethod()
{
Configuration conf = new Configuration();
// default
SecurityUtil.SetAuthenticationMethod(null, conf);
Assert.Equal("simple", conf.Get(CommonConfigurationKeysPublic.
HadoopSecurityAuthentication));
// simple
SecurityUtil.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.Simple
, conf);
Assert.Equal("simple", conf.Get(CommonConfigurationKeysPublic.
HadoopSecurityAuthentication));
// kerberos
SecurityUtil.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.Kerberos
, conf);
Assert.Equal("kerberos", conf.Get(CommonConfigurationKeysPublic
.HadoopSecurityAuthentication));
}
public virtual void TestStartsWithIncorrectSettings()
{
Configuration conf = new Configuration();
SecurityUtil.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.Kerberos
, conf);
string keyTabKey = "key";
conf.Set(keyTabKey, string.Empty);
UserGroupInformation.SetConfiguration(conf);
bool gotException = false;
try
{
SecurityUtil.Login(conf, keyTabKey, string.Empty, string.Empty);
}
catch (IOException)
{
// expected
gotException = true;
}
Assert.True("Exception for empty keytabfile name was expected",
gotException);
}
