accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From els...@apache.org
Subject [2/3] accumulo git commit: ACCUMULO-4135 Some extra tests and deprecation suppressions.
Date Mon, 08 Feb 2016 03:08:54 GMT
ACCUMULO-4135 Some extra tests and deprecation suppressions.


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/c85e04f5
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/c85e04f5
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/c85e04f5

Branch: refs/heads/master
Commit: c85e04f5eba2d0f66ce2263add117b8d6f1028f7
Parents: e43e927
Author: Josh Elser <elserj@apache.org>
Authored: Sun Feb 7 21:12:10 2016 -0500
Committer: Josh Elser <elserj@apache.org>
Committed: Sun Feb 7 21:35:23 2016 -0500

----------------------------------------------------------------------
 ...redentialsUpdatingInvocationHandlerTest.java | 79 ++++++++++++++++++++
 .../test/functional/KerberosProxyIT.java        |  4 +-
 2 files changed, 81 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/c85e04f5/server/base/src/test/java/org/apache/accumulo/server/rpc/TCredentialsUpdatingInvocationHandlerTest.java
----------------------------------------------------------------------
diff --git a/server/base/src/test/java/org/apache/accumulo/server/rpc/TCredentialsUpdatingInvocationHandlerTest.java
b/server/base/src/test/java/org/apache/accumulo/server/rpc/TCredentialsUpdatingInvocationHandlerTest.java
index 740acd9..c4340c6 100644
--- a/server/base/src/test/java/org/apache/accumulo/server/rpc/TCredentialsUpdatingInvocationHandlerTest.java
+++ b/server/base/src/test/java/org/apache/accumulo/server/rpc/TCredentialsUpdatingInvocationHandlerTest.java
@@ -117,6 +117,7 @@ public class TCredentialsUpdatingInvocationHandlerTest {
     proxy.updateArgs(new Object[] {new Object(), tcreds});
   }
 
+  @SuppressWarnings("deprecation")
   @Test
   public void testAllowedAnyImpersonationForAnyUser() throws Exception {
     final String proxyServer = "proxy";
@@ -129,6 +130,18 @@ public class TCredentialsUpdatingInvocationHandlerTest {
   }
 
   @Test
+  public void testAllowedAnyImpersonationForAnyUserNewConfig() throws Exception {
+    final String proxyServer = "proxy";
+    cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION, proxyServer + ":*");
+    cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION, "*");
+    proxy = new TCredentialsUpdatingInvocationHandler<Object>(new Object(), conf);
+    TCredentials tcreds = new TCredentials("client", KerberosToken.class.getName(), ByteBuffer.allocate(0),
UUID.randomUUID().toString());
+    UGIAssumingProcessor.rpcPrincipal.set(proxyServer);
+    proxy.updateArgs(new Object[] {new Object(), tcreds});
+  }
+
+  @SuppressWarnings("deprecation")
+  @Test
   public void testAllowedImpersonationForSpecificUsers() throws Exception {
     final String proxyServer = "proxy";
     cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + proxyServer + ".users", "client1,client2");
@@ -141,6 +154,20 @@ public class TCredentialsUpdatingInvocationHandlerTest {
     proxy.updateArgs(new Object[] {new Object(), tcreds});
   }
 
+  @Test
+  public void testAllowedImpersonationForSpecificUsersNewConfig() throws Exception {
+    final String proxyServer = "proxy";
+    cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION, proxyServer + ":client1,client2");
+    cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION, "*");
+    proxy = new TCredentialsUpdatingInvocationHandler<Object>(new Object(), conf);
+    TCredentials tcreds = new TCredentials("client1", KerberosToken.class.getName(), ByteBuffer.allocate(0),
UUID.randomUUID().toString());
+    UGIAssumingProcessor.rpcPrincipal.set(proxyServer);
+    proxy.updateArgs(new Object[] {new Object(), tcreds});
+    tcreds = new TCredentials("client2", KerberosToken.class.getName(), ByteBuffer.allocate(0),
UUID.randomUUID().toString());
+    proxy.updateArgs(new Object[] {new Object(), tcreds});
+  }
+
+  @SuppressWarnings("deprecation")
   @Test(expected = ThriftSecurityException.class)
   public void testDisallowedImpersonationForUser() throws Exception {
     final String proxyServer = "proxy";
@@ -154,6 +181,19 @@ public class TCredentialsUpdatingInvocationHandlerTest {
   }
 
   @Test(expected = ThriftSecurityException.class)
+  public void testDisallowedImpersonationForUserNewConfig() throws Exception {
+    final String proxyServer = "proxy";
+    // let "otherproxy" impersonate, but not "proxy"
+    cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION, "otherproxy:*");
+    cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION, "*");
+    proxy = new TCredentialsUpdatingInvocationHandler<Object>(new Object(), conf);
+    TCredentials tcreds = new TCredentials("client", KerberosToken.class.getName(), ByteBuffer.allocate(0),
UUID.randomUUID().toString());
+    UGIAssumingProcessor.rpcPrincipal.set(proxyServer);
+    proxy.updateArgs(new Object[] {new Object(), tcreds});
+  }
+
+  @SuppressWarnings("deprecation")
+  @Test(expected = ThriftSecurityException.class)
   public void testDisallowedImpersonationForMultipleUsers() throws Exception {
     final String proxyServer = "proxy";
     // let "otherproxy" impersonate, but not "proxy"
@@ -167,6 +207,19 @@ public class TCredentialsUpdatingInvocationHandlerTest {
     proxy.updateArgs(new Object[] {new Object(), tcreds});
   }
 
+  @Test(expected = ThriftSecurityException.class)
+  public void testDisallowedImpersonationForMultipleUsersNewConfig() throws Exception {
+    final String proxyServer = "proxy";
+    // let "otherproxy" impersonate, but not "proxy"
+    cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION, "otherproxy1:*;otherproxy2:client1,client2");
+    cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION, "*;*");
+    proxy = new TCredentialsUpdatingInvocationHandler<Object>(new Object(), conf);
+    TCredentials tcreds = new TCredentials("client1", KerberosToken.class.getName(), ByteBuffer.allocate(0),
UUID.randomUUID().toString());
+    UGIAssumingProcessor.rpcPrincipal.set(proxyServer);
+    proxy.updateArgs(new Object[] {new Object(), tcreds});
+  }
+
+  @SuppressWarnings("deprecation")
   @Test
   public void testAllowedImpersonationFromSpecificHost() throws Exception {
     final String proxyServer = "proxy", client = "client", host = "host.domain.com";
@@ -179,6 +232,19 @@ public class TCredentialsUpdatingInvocationHandlerTest {
     proxy.updateArgs(new Object[] {new Object(), tcreds});
   }
 
+  @Test
+  public void testAllowedImpersonationFromSpecificHostNewConfig() throws Exception {
+    final String proxyServer = "proxy", client = "client", host = "host.domain.com";
+    cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION, proxyServer + ":" + client);
+    cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION, host);
+    proxy = new TCredentialsUpdatingInvocationHandler<Object>(new Object(), conf);
+    TCredentials tcreds = new TCredentials("client", KerberosToken.class.getName(), ByteBuffer.allocate(0),
UUID.randomUUID().toString());
+    UGIAssumingProcessor.rpcPrincipal.set(proxyServer);
+    TServerUtils.clientAddress.set(host);
+    proxy.updateArgs(new Object[] {new Object(), tcreds});
+  }
+
+  @SuppressWarnings("deprecation")
   @Test(expected = ThriftSecurityException.class)
   public void testDisallowedImpersonationFromSpecificHost() throws Exception {
     final String proxyServer = "proxy", client = "client", host = "host.domain.com";
@@ -191,4 +257,17 @@ public class TCredentialsUpdatingInvocationHandlerTest {
     TServerUtils.clientAddress.set("otherhost.domain.com");
     proxy.updateArgs(new Object[] {new Object(), tcreds});
   }
+
+  @Test(expected = ThriftSecurityException.class)
+  public void testDisallowedImpersonationFromSpecificHostNewConfig() throws Exception {
+    final String proxyServer = "proxy", client = "client", host = "host.domain.com";
+    cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION, proxyServer + ":" + client);
+    cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION, host);
+    proxy = new TCredentialsUpdatingInvocationHandler<Object>(new Object(), conf);
+    TCredentials tcreds = new TCredentials("client", KerberosToken.class.getName(), ByteBuffer.allocate(0),
UUID.randomUUID().toString());
+    UGIAssumingProcessor.rpcPrincipal.set(proxyServer);
+    // The RPC came from a different host than is allowed
+    TServerUtils.clientAddress.set("otherhost.domain.com");
+    proxy.updateArgs(new Object[] {new Object(), tcreds});
+  }
 }

http://git-wip-us.apache.org/repos/asf/accumulo/blob/c85e04f5/test/src/test/java/org/apache/accumulo/test/functional/KerberosProxyIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/KerberosProxyIT.java b/test/src/test/java/org/apache/accumulo/test/functional/KerberosProxyIT.java
index bbaf247..b9274e0 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/KerberosProxyIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/KerberosProxyIT.java
@@ -139,8 +139,8 @@ public class KerberosProxyIT extends AccumuloIT {
         cfg.setNumTservers(1);
         Map<String,String> siteCfg = cfg.getSiteConfig();
         // Allow the proxy to impersonate the client user, but no one else
-        siteCfg.put(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + proxyPrincipal + ".users",
kdc.getRootUser().getPrincipal());
-        siteCfg.put(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + proxyPrincipal + ".hosts",
"*");
+        siteCfg.put(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION.getKey(), proxyPrincipal
+ ":" + kdc.getRootUser().getPrincipal());
+        siteCfg.put(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION.getKey(), "*");
         cfg.setSiteConfig(siteCfg);
       }
 


Mime
View raw message