public virtual void TestDefaultAcl()
{
ServiceAuthorizationManager serviceAuthorizationManager = new ServiceAuthorizationManager
();
Configuration conf = new Configuration();
// test without setting a default acl
conf.Set(AclConfig, "user1 group1");
serviceAuthorizationManager.Refresh(conf, new TestServiceAuthorization.TestPolicyProvider
());
AccessControlList acl = serviceAuthorizationManager.GetProtocolsAcls(typeof(TestRPC.TestProtocol
));
Assert.Equal("user1 group1", acl.GetAclString());
acl = serviceAuthorizationManager.GetProtocolsAcls(typeof(TestServiceAuthorization.TestProtocol1
));
Assert.Equal(AccessControlList.WildcardAclValue, acl.GetAclString
());
// test with a default acl
conf.Set(CommonConfigurationKeys.HadoopSecurityServiceAuthorizationDefaultAcl, "user2 group2"
);
serviceAuthorizationManager.Refresh(conf, new TestServiceAuthorization.TestPolicyProvider
());
acl = serviceAuthorizationManager.GetProtocolsAcls(typeof(TestRPC.TestProtocol));
Assert.Equal("user1 group1", acl.GetAclString());
acl = serviceAuthorizationManager.GetProtocolsAcls(typeof(TestServiceAuthorization.TestProtocol1
));
Assert.Equal("user2 group2", acl.GetAclString());
}
private void VerifyServiceACLsRefresh(ServiceAuthorizationManager manager, Type protocol
, string aclString)
{
foreach (Type protocolClass in manager.GetProtocolsWithAcls())
{
AccessControlList accessList = manager.GetProtocolsAcls(protocolClass);
if (protocolClass == protocol)
{
NUnit.Framework.Assert.AreEqual(accessList.GetAclString(), aclString);
}
else
{
NUnit.Framework.Assert.AreEqual(accessList.GetAclString(), "*");
}
}
}