public virtual void TestProxyUsersWithCustomPrefix() { Configuration conf = new Configuration(false); conf.Set("x." + RealUserName + ".users", StringUtils.Join(",", Arrays.AsList(AuthorizedProxyUserName ))); conf.Set("x." + RealUserName + ".hosts", ProxyIp); ProxyUsers.RefreshSuperUserGroupsConfiguration(conf, "x"); // First try proxying a user that's allowed UserGroupInformation realUserUgi = UserGroupInformation.CreateRemoteUser(RealUserName ); UserGroupInformation proxyUserUgi = UserGroupInformation.CreateProxyUserForTesting (AuthorizedProxyUserName, realUserUgi, GroupNames); // From good IP AssertAuthorized(proxyUserUgi, "1.2.3.4"); // From bad IP AssertNotAuthorized(proxyUserUgi, "1.2.3.5"); // Now try proxying a user that's not allowed realUserUgi = UserGroupInformation.CreateRemoteUser(RealUserName); proxyUserUgi = UserGroupInformation.CreateProxyUserForTesting(ProxyUserName, realUserUgi , GroupNames); // From good IP AssertNotAuthorized(proxyUserUgi, "1.2.3.4"); // From bad IP AssertNotAuthorized(proxyUserUgi, "1.2.3.5"); }
public static void LoadTest(string ipString, int testRange) { Configuration conf = new Configuration(); conf.Set(DefaultImpersonationProvider.GetTestProvider().GetProxySuperuserGroupConfKey (RealUserName), StringUtils.Join(",", Arrays.AsList(GroupNames))); conf.Set(DefaultImpersonationProvider.GetTestProvider().GetProxySuperuserIpConfKey (RealUserName), ipString); ProxyUsers.RefreshSuperUserGroupsConfiguration(conf); // First try proxying a group that's allowed UserGroupInformation realUserUgi = UserGroupInformation.CreateRemoteUser(RealUserName ); UserGroupInformation proxyUserUgi = UserGroupInformation.CreateProxyUserForTesting (ProxyUserName, realUserUgi, GroupNames); long startTime = Runtime.NanoTime(); SecureRandom sr = new SecureRandom(); for (int i = 1; i < 1000000; i++) { try { ProxyUsers.Authorize(proxyUserUgi, "1.2.3." + sr.Next(testRange)); } catch (AuthorizationException) { } } long stopTime = Runtime.NanoTime(); long elapsedTime = stopTime - startTime; System.Console.Out.WriteLine(elapsedTime / 1000000 + " ms"); }
public virtual void TestProxyUsersWithProviderOverride() { Configuration conf = new Configuration(); conf.Set(CommonConfigurationKeysPublic.HadoopSecurityImpersonationProviderClass, "org.apache.hadoop.security.authorize.TestProxyUsers$TestDummyImpersonationProvider" ); ProxyUsers.RefreshSuperUserGroupsConfiguration(conf); // First try proxying a group that's allowed UserGroupInformation realUserUgi = UserGroupInformation.CreateUserForTesting(RealUserName , SudoGroupNames); UserGroupInformation proxyUserUgi = UserGroupInformation.CreateProxyUserForTesting (ProxyUserName, realUserUgi, GroupNames); // From good IP AssertAuthorized(proxyUserUgi, "1.2.3.4"); // From bad IP AssertAuthorized(proxyUserUgi, "1.2.3.5"); // Now try proxying a group that's not allowed realUserUgi = UserGroupInformation.CreateUserForTesting(RealUserName, GroupNames); proxyUserUgi = UserGroupInformation.CreateProxyUserForTesting(ProxyUserName, realUserUgi , GroupNames); // From good IP AssertNotAuthorized(proxyUserUgi, "1.2.3.4"); // From bad IP AssertNotAuthorized(proxyUserUgi, "1.2.3.5"); }
public virtual void TestWildcardIP() { Configuration conf = new Configuration(); conf.Set(DefaultImpersonationProvider.GetTestProvider().GetProxySuperuserGroupConfKey (RealUserName), StringUtils.Join(",", Arrays.AsList(GroupNames))); conf.Set(DefaultImpersonationProvider.GetTestProvider().GetProxySuperuserIpConfKey (RealUserName), "*"); ProxyUsers.RefreshSuperUserGroupsConfiguration(conf); // First try proxying a group that's allowed UserGroupInformation realUserUgi = UserGroupInformation.CreateRemoteUser(RealUserName ); UserGroupInformation proxyUserUgi = UserGroupInformation.CreateProxyUserForTesting (ProxyUserName, realUserUgi, GroupNames); // From either IP should be fine AssertAuthorized(proxyUserUgi, "1.2.3.4"); AssertAuthorized(proxyUserUgi, "1.2.3.5"); // Now set up an unallowed group realUserUgi = UserGroupInformation.CreateRemoteUser(RealUserName); proxyUserUgi = UserGroupInformation.CreateProxyUserForTesting(ProxyUserName, realUserUgi , OtherGroupNames); // Neither IP should be OK AssertNotAuthorized(proxyUserUgi, "1.2.3.4"); AssertNotAuthorized(proxyUserUgi, "1.2.3.5"); }
public virtual void TestWildcardUser() { Configuration conf = new Configuration(); conf.Set(DefaultImpersonationProvider.GetTestProvider().GetProxySuperuserUserConfKey (RealUserName), "*"); conf.Set(DefaultImpersonationProvider.GetTestProvider().GetProxySuperuserIpConfKey (RealUserName), ProxyIp); ProxyUsers.RefreshSuperUserGroupsConfiguration(conf); // First try proxying a user that's allowed UserGroupInformation realUserUgi = UserGroupInformation.CreateRemoteUser(RealUserName ); UserGroupInformation proxyUserUgi = UserGroupInformation.CreateProxyUserForTesting (AuthorizedProxyUserName, realUserUgi, GroupNames); // From good IP AssertAuthorized(proxyUserUgi, "1.2.3.4"); // From bad IP AssertNotAuthorized(proxyUserUgi, "1.2.3.5"); // Now try proxying a different user (just to make sure we aren't getting spill over // from the other test case!) realUserUgi = UserGroupInformation.CreateRemoteUser(RealUserName); proxyUserUgi = UserGroupInformation.CreateProxyUserForTesting(ProxyUserName, realUserUgi , OtherGroupNames); // From good IP AssertAuthorized(proxyUserUgi, "1.2.3.4"); // From bad IP AssertNotAuthorized(proxyUserUgi, "1.2.3.5"); }
public virtual void TestProxyUsersWithUserConf() { Configuration conf = new Configuration(); conf.Set(DefaultImpersonationProvider.GetTestProvider().GetProxySuperuserUserConfKey (RealUserName), StringUtils.Join(",", Arrays.AsList(AuthorizedProxyUserName))); conf.Set(DefaultImpersonationProvider.GetTestProvider().GetProxySuperuserIpConfKey (RealUserName), ProxyIp); ProxyUsers.RefreshSuperUserGroupsConfiguration(conf); // First try proxying a user that's allowed UserGroupInformation realUserUgi = UserGroupInformation.CreateRemoteUser(RealUserName ); UserGroupInformation proxyUserUgi = UserGroupInformation.CreateProxyUserForTesting (AuthorizedProxyUserName, realUserUgi, GroupNames); // From good IP AssertAuthorized(proxyUserUgi, "1.2.3.4"); // From bad IP AssertNotAuthorized(proxyUserUgi, "1.2.3.5"); // Now try proxying a user that's not allowed realUserUgi = UserGroupInformation.CreateRemoteUser(RealUserName); proxyUserUgi = UserGroupInformation.CreateProxyUserForTesting(ProxyUserName, realUserUgi , GroupNames); // From good IP AssertNotAuthorized(proxyUserUgi, "1.2.3.4"); // From bad IP AssertNotAuthorized(proxyUserUgi, "1.2.3.5"); }
public virtual void TestProxyServer() { Configuration conf = new Configuration(); NUnit.Framework.Assert.IsFalse(ProxyServers.IsProxyServer("1.1.1.1")); conf.Set(ProxyServers.ConfHadoopProxyservers, "2.2.2.2, 3.3.3.3"); ProxyUsers.RefreshSuperUserGroupsConfiguration(conf); NUnit.Framework.Assert.IsFalse(ProxyServers.IsProxyServer("1.1.1.1")); Assert.True(ProxyServers.IsProxyServer("2.2.2.2")); Assert.True(ProxyServers.IsProxyServer("3.3.3.3")); }
// Expected private void AssertAuthorized(UserGroupInformation proxyUgi, string host) { try { ProxyUsers.Authorize(proxyUgi, host); } catch (AuthorizationException) { NUnit.Framework.Assert.Fail("Did not allow authorization of " + proxyUgi + " from " + host); } }
public virtual void TestNoHostsForUsers() { Configuration conf = new Configuration(false); conf.Set("y." + RealUserName + ".users", StringUtils.Join(",", Arrays.AsList(AuthorizedProxyUserName ))); ProxyUsers.RefreshSuperUserGroupsConfiguration(conf, "y"); UserGroupInformation realUserUgi = UserGroupInformation.CreateRemoteUser(RealUserName ); UserGroupInformation proxyUserUgi = UserGroupInformation.CreateProxyUserForTesting (AuthorizedProxyUserName, realUserUgi, GroupNames); // IP doesn't matter AssertNotAuthorized(proxyUserUgi, "1.2.3.4"); }
public virtual void TestWithDuplicateProxyHosts() { Configuration conf = new Configuration(); conf.Set(DefaultImpersonationProvider.GetTestProvider().GetProxySuperuserGroupConfKey (RealUserName), StringUtils.Join(",", Arrays.AsList(GroupNames))); conf.Set(DefaultImpersonationProvider.GetTestProvider().GetProxySuperuserIpConfKey (RealUserName), StringUtils.Join(",", Arrays.AsList(ProxyIp, ProxyIp))); ProxyUsers.RefreshSuperUserGroupsConfiguration(conf); ICollection <string> hosts = ProxyUsers.GetDefaultImpersonationProvider().GetProxyHosts ()[DefaultImpersonationProvider.GetTestProvider().GetProxySuperuserIpConfKey(RealUserName )]; Assert.Equal(1, hosts.Count); }
public virtual void TestWithProxyGroupsAndUsersWithSpaces() { Configuration conf = new Configuration(); conf.Set(DefaultImpersonationProvider.GetTestProvider().GetProxySuperuserUserConfKey (RealUserName), StringUtils.Join(",", Arrays.AsList(ProxyUserName + " ", AuthorizedProxyUserName , "ONEMORE"))); conf.Set(DefaultImpersonationProvider.GetTestProvider().GetProxySuperuserGroupConfKey (RealUserName), StringUtils.Join(",", Arrays.AsList(GroupNames))); conf.Set(DefaultImpersonationProvider.GetTestProvider().GetProxySuperuserIpConfKey (RealUserName), ProxyIp); ProxyUsers.RefreshSuperUserGroupsConfiguration(conf); ICollection <string> groupsToBeProxied = ProxyUsers.GetDefaultImpersonationProvider ().GetProxyGroups()[DefaultImpersonationProvider.GetTestProvider().GetProxySuperuserGroupConfKey (RealUserName)]; Assert.Equal(GroupNames.Length, groupsToBeProxied.Count); }
public virtual void TestIPRange() { Configuration conf = new Configuration(); conf.Set(DefaultImpersonationProvider.GetTestProvider().GetProxySuperuserGroupConfKey (RealUserName), "*"); conf.Set(DefaultImpersonationProvider.GetTestProvider().GetProxySuperuserIpConfKey (RealUserName), ProxyIpRange); ProxyUsers.RefreshSuperUserGroupsConfiguration(conf); // First try proxying a group that's allowed UserGroupInformation realUserUgi = UserGroupInformation.CreateRemoteUser(RealUserName ); UserGroupInformation proxyUserUgi = UserGroupInformation.CreateProxyUserForTesting (ProxyUserName, realUserUgi, GroupNames); // From good IP AssertAuthorized(proxyUserUgi, "10.222.0.0"); // From bad IP AssertNotAuthorized(proxyUserUgi, "10.221.0.0"); }
public virtual void TestNetgroups() { if (!NativeCodeLoader.IsNativeCodeLoaded()) { Log.Info("Not testing netgroups, " + "this test only runs when native code is compiled" ); return; } string groupMappingClassName = Runtime.GetProperty("TestProxyUsersGroupMapping"); if (groupMappingClassName == null) { Log.Info("Not testing netgroups, no group mapping class specified, " + "use -DTestProxyUsersGroupMapping=$className to specify " + "group mapping class (must implement GroupMappingServiceProvider " + "interface and support netgroups)" ); return; } Log.Info("Testing netgroups using: " + groupMappingClassName); Configuration conf = new Configuration(); conf.Set(CommonConfigurationKeysPublic.HadoopSecurityGroupMapping, groupMappingClassName ); conf.Set(DefaultImpersonationProvider.GetTestProvider().GetProxySuperuserGroupConfKey (RealUserName), StringUtils.Join(",", Arrays.AsList(NetgroupNames))); conf.Set(DefaultImpersonationProvider.GetTestProvider().GetProxySuperuserIpConfKey (RealUserName), ProxyIp); ProxyUsers.RefreshSuperUserGroupsConfiguration(conf); Groups groups = Groups.GetUserToGroupsMappingService(conf); // try proxying a group that's allowed UserGroupInformation realUserUgi = UserGroupInformation.CreateRemoteUser(RealUserName ); UserGroupInformation proxyUserUgi = UserGroupInformation.CreateProxyUserForTesting (ProxyUserName, realUserUgi, Collections.ToArray(groups.GetGroups(ProxyUserName ), new string[groups.GetGroups(ProxyUserName).Count])); AssertAuthorized(proxyUserUgi, ProxyIp); }
/// <exception cref="System.Exception"/> public virtual void TestProxyUsersWithEmptyPrefix() { ProxyUsers.RefreshSuperUserGroupsConfiguration(new Configuration(false), string.Empty ); }
/// <exception cref="System.Exception"/> public virtual void TestProxyUsersWithNullPrefix() { ProxyUsers.RefreshSuperUserGroupsConfiguration(new Configuration(false), null); }