accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ctubb...@apache.org
Subject [accumulo] branch master updated: Fix #529 Drop old SASL user impersonation config
Date Thu, 14 Jun 2018 03:24:15 GMT
This is an automated email from the ASF dual-hosted git repository.

ctubbsii pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/accumulo.git


The following commit(s) were added to refs/heads/master by this push:
     new ae01742  Fix #529 Drop old SASL user impersonation config
ae01742 is described below

commit ae017426eae349aa84e97e5f73dbd116f421a65e
Author: Christopher Tubbs <ctubbsii@apache.org>
AuthorDate: Wed Jun 13 23:23:01 2018 -0400

    Fix #529 Drop old SASL user impersonation config
---
 .../org/apache/accumulo/core/conf/Property.java    |   3 -
 .../server/security/UserImpersonation.java         | 106 +--------
 .../TCredentialsUpdatingInvocationHandlerTest.java |  90 --------
 .../server/security/UserImpersonationTest.java     | 249 +--------------------
 4 files changed, 17 insertions(+), 431 deletions(-)

diff --git a/core/src/main/java/org/apache/accumulo/core/conf/Property.java b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
index fc423ac..ed17bed 100644
--- a/core/src/main/java/org/apache/accumulo/core/conf/Property.java
+++ b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
@@ -227,9 +227,6 @@ public enum Property {
   INSTANCE_RPC_SASL_ENABLED("instance.rpc.sasl.enabled", "false", PropertyType.BOOLEAN,
       "Configures Thrift RPCs to require SASL with GSSAPI which supports "
           + "Kerberos authentication. Mutually exclusive with SSL RPC configuration."),
-  @Deprecated
-  INSTANCE_RPC_SASL_PROXYUSERS("instance.rpc.sasl.impersonation.", null, PropertyType.PREFIX,
-      "Prefix that allows configuration of users that are allowed to impersonate other users"),
   INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION("instance.rpc.sasl.allowed.user.impersonation",
"",
       PropertyType.STRING,
       "One-line configuration property controlling what users are allowed to "
diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/UserImpersonation.java
b/server/base/src/main/java/org/apache/accumulo/server/security/UserImpersonation.java
index 16b536b..187e8b5 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/UserImpersonation.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/UserImpersonation.java
@@ -22,14 +22,11 @@ import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Map;
-import java.util.Map.Entry;
 import java.util.Set;
 
 import org.apache.accumulo.core.conf.AccumuloConfiguration;
 import org.apache.accumulo.core.conf.Property;
 import org.apache.commons.lang.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 /**
  * When SASL is enabled, this parses properties from the site configuration to build up a
set of all
@@ -49,9 +46,8 @@ import org.slf4j.LoggerFactory;
  */
 public class UserImpersonation {
 
-  private static final Logger log = LoggerFactory.getLogger(UserImpersonation.class);
   private static final Set<String> ALWAYS_TRUE = new AlwaysTrueSet<>();
-  private static final String ALL = "*", USERS = "users", HOSTS = "hosts";
+  private static final String ALL = "*";
 
   public static class AlwaysTrueSet<T> implements Set<T> {
 
@@ -178,46 +174,16 @@ public class UserImpersonation {
 
   private final Map<String,UsersWithHosts> proxyUsers;
 
-  @SuppressWarnings("deprecation")
   public UserImpersonation(AccumuloConfiguration conf) {
     proxyUsers = new HashMap<>();
 
-    // Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION is treated as the "new config
style"
-    // switch
-    final String userConfig = conf.get(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION);
-    if (!Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION.getDefaultValue()
-        .equals(userConfig)) {
-      String hostConfig = conf.get(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION);
-      parseOnelineConfiguration(userConfig, hostConfig);
-    } else {
-      // Otherwise, assume the old-style
-      parseMultiPropertyConfiguration(
-          conf.getAllPropertiesWithPrefix(Property.INSTANCE_RPC_SASL_PROXYUSERS));
-    }
-  }
-
-  /**
-   * Parses the impersonation configuration for all users from a single property.
-   *
-   * @param userConfigString
-   *          Semi-colon separated list of {@code remoteUser:alloweduser,alloweduser,...}.
-   * @param hostConfigString
-   *          Semi-colon separated list of hosts.
-   */
-  private void parseOnelineConfiguration(String userConfigString, String hostConfigString)
{
+    final String userConfigString = conf.get(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION);
+    final String hostConfigString = conf.get(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION);
     // Pull out the config values, defaulting to at least one value
-    final String[] userConfigs;
-    if (userConfigString.trim().isEmpty()) {
-      userConfigs = new String[] {""};
-    } else {
-      userConfigs = StringUtils.split(userConfigString, ';');
-    }
-    final String[] hostConfigs;
-    if (hostConfigString.trim().isEmpty()) {
-      hostConfigs = new String[] {""};
-    } else {
-      hostConfigs = StringUtils.split(hostConfigString, ';');
-    }
+    final String[] userConfigs = userConfigString.trim().isEmpty() ? new String[] {""}
+        : StringUtils.split(userConfigString, ';');
+    final String[] hostConfigs = hostConfigString.trim().isEmpty() ? new String[] {""}
+        : StringUtils.split(hostConfigString, ';');
 
     if (userConfigs.length != hostConfigs.length) {
       String msg = String.format("Should have equal number of user and host"
@@ -262,64 +228,6 @@ public class UserImpersonation {
     }
   }
 
-  /**
-   * Parses all properties that start with {@link Property#INSTANCE_RPC_SASL_PROXYUSERS}.
This
-   * approach was the original configuration method, but does not work with Ambari.
-   *
-   * @param configProperties
-   *          The relevant configuration properties for impersonation.
-   */
-  private void parseMultiPropertyConfiguration(Map<String,String> configProperties)
{
-    @SuppressWarnings("deprecation")
-    final String configKey = Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey();
-    for (Entry<String,String> entry : configProperties.entrySet()) {
-      String aclKey = entry.getKey().substring(configKey.length());
-      int index = aclKey.lastIndexOf('.');
-
-      if (-1 == index) {
-        throw new RuntimeException("Expected 2 elements in key suffix: " + aclKey);
-      }
-
-      final String remoteUser = aclKey.substring(0, index).trim(),
-          usersOrHosts = aclKey.substring(index + 1).trim();
-      UsersWithHosts usersWithHosts = proxyUsers.get(remoteUser);
-      if (null == usersWithHosts) {
-        usersWithHosts = new UsersWithHosts();
-        proxyUsers.put(remoteUser, usersWithHosts);
-      }
-
-      if (USERS.equals(usersOrHosts)) {
-        String userString = entry.getValue().trim();
-        if (ALL.equals(userString)) {
-          usersWithHosts.setAcceptAllUsers(true);
-        } else if (!usersWithHosts.acceptsAllUsers()) {
-          Set<String> users = usersWithHosts.getUsers();
-          if (null == users) {
-            users = new HashSet<>();
-            usersWithHosts.setUsers(users);
-          }
-          String[] userValues = StringUtils.split(userString, ',');
-          users.addAll(Arrays.asList(userValues));
-        }
-      } else if (HOSTS.equals(usersOrHosts)) {
-        String hostsString = entry.getValue().trim();
-        if (ALL.equals(hostsString)) {
-          usersWithHosts.setAcceptAllHosts(true);
-        } else if (!usersWithHosts.acceptsAllHosts()) {
-          Set<String> hosts = usersWithHosts.getHosts();
-          if (null == hosts) {
-            hosts = new HashSet<>();
-            usersWithHosts.setHosts(hosts);
-          }
-          String[] hostValues = StringUtils.split(hostsString, ',');
-          hosts.addAll(Arrays.asList(hostValues));
-        }
-      } else {
-        log.debug("Ignoring key {}", aclKey);
-      }
-    }
-  }
-
   public UsersWithHosts get(String remoteUser) {
     return proxyUsers.get(remoteUser);
   }
diff --git a/server/base/src/test/java/org/apache/accumulo/server/rpc/TCredentialsUpdatingInvocationHandlerTest.java
b/server/base/src/test/java/org/apache/accumulo/server/rpc/TCredentialsUpdatingInvocationHandlerTest.java
index 0bb1a3a..f378d87 100644
--- a/server/base/src/test/java/org/apache/accumulo/server/rpc/TCredentialsUpdatingInvocationHandlerTest.java
+++ b/server/base/src/test/java/org/apache/accumulo/server/rpc/TCredentialsUpdatingInvocationHandlerTest.java
@@ -125,22 +125,9 @@ public class TCredentialsUpdatingInvocationHandlerTest {
     proxy.updateArgs(new Object[] {new Object(), tcreds});
   }
 
-  @SuppressWarnings("deprecation")
   @Test
   public void testAllowedAnyImpersonationForAnyUser() throws Exception {
     final String proxyServer = "proxy";
-    cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + proxyServer + ".users", "*");
-    cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + proxyServer + ".hosts", "*");
-    proxy = new TCredentialsUpdatingInvocationHandler<>(new Object(), conf);
-    TCredentials tcreds = new TCredentials("client", KerberosToken.class.getName(),
-        ByteBuffer.allocate(0), UUID.randomUUID().toString());
-    UGIAssumingProcessor.rpcPrincipal.set(proxyServer);
-    proxy.updateArgs(new Object[] {new Object(), tcreds});
-  }
-
-  @Test
-  public void testAllowedAnyImpersonationForAnyUserNewConfig() throws Exception {
-    final String proxyServer = "proxy";
     cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION, proxyServer + ":*");
     cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION, "*");
     proxy = new TCredentialsUpdatingInvocationHandler<>(new Object(), conf);
@@ -150,26 +137,9 @@ public class TCredentialsUpdatingInvocationHandlerTest {
     proxy.updateArgs(new Object[] {new Object(), tcreds});
   }
 
-  @SuppressWarnings("deprecation")
   @Test
   public void testAllowedImpersonationForSpecificUsers() throws Exception {
     final String proxyServer = "proxy";
-    cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + proxyServer + ".users",
-        "client1,client2");
-    cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + proxyServer + ".hosts", "*");
-    proxy = new TCredentialsUpdatingInvocationHandler<>(new Object(), conf);
-    TCredentials tcreds = new TCredentials("client1", KerberosToken.class.getName(),
-        ByteBuffer.allocate(0), UUID.randomUUID().toString());
-    UGIAssumingProcessor.rpcPrincipal.set(proxyServer);
-    proxy.updateArgs(new Object[] {new Object(), tcreds});
-    tcreds = new TCredentials("client2", KerberosToken.class.getName(), ByteBuffer.allocate(0),
-        UUID.randomUUID().toString());
-    proxy.updateArgs(new Object[] {new Object(), tcreds});
-  }
-
-  @Test
-  public void testAllowedImpersonationForSpecificUsersNewConfig() throws Exception {
-    final String proxyServer = "proxy";
     cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION, proxyServer + ":client1,client2");
     cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION, "*");
     proxy = new TCredentialsUpdatingInvocationHandler<>(new Object(), conf);
@@ -182,24 +152,10 @@ public class TCredentialsUpdatingInvocationHandlerTest {
     proxy.updateArgs(new Object[] {new Object(), tcreds});
   }
 
-  @SuppressWarnings("deprecation")
   @Test(expected = ThriftSecurityException.class)
   public void testDisallowedImpersonationForUser() throws Exception {
     final String proxyServer = "proxy";
     // let "otherproxy" impersonate, but not "proxy"
-    cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + "otherproxy" + ".users", "*");
-    cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + "otherproxy" + ".hosts", "*");
-    proxy = new TCredentialsUpdatingInvocationHandler<>(new Object(), conf);
-    TCredentials tcreds = new TCredentials("client", KerberosToken.class.getName(),
-        ByteBuffer.allocate(0), UUID.randomUUID().toString());
-    UGIAssumingProcessor.rpcPrincipal.set(proxyServer);
-    proxy.updateArgs(new Object[] {new Object(), tcreds});
-  }
-
-  @Test(expected = ThriftSecurityException.class)
-  public void testDisallowedImpersonationForUserNewConfig() throws Exception {
-    final String proxyServer = "proxy";
-    // let "otherproxy" impersonate, but not "proxy"
     cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION, "otherproxy:*");
     cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION, "*");
     proxy = new TCredentialsUpdatingInvocationHandler<>(new Object(), conf);
@@ -209,27 +165,10 @@ public class TCredentialsUpdatingInvocationHandlerTest {
     proxy.updateArgs(new Object[] {new Object(), tcreds});
   }
 
-  @SuppressWarnings("deprecation")
   @Test(expected = ThriftSecurityException.class)
   public void testDisallowedImpersonationForMultipleUsers() throws Exception {
     final String proxyServer = "proxy";
     // let "otherproxy" impersonate, but not "proxy"
-    cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + "otherproxy1" + ".users", "*");
-    cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + "otherproxy1" + ".hosts", "*");
-    cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + "otherproxy2" + ".users",
-        "client1,client2");
-    cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + "otherproxy2" + ".hosts", "*");
-    proxy = new TCredentialsUpdatingInvocationHandler<>(new Object(), conf);
-    TCredentials tcreds = new TCredentials("client1", KerberosToken.class.getName(),
-        ByteBuffer.allocate(0), UUID.randomUUID().toString());
-    UGIAssumingProcessor.rpcPrincipal.set(proxyServer);
-    proxy.updateArgs(new Object[] {new Object(), tcreds});
-  }
-
-  @Test(expected = ThriftSecurityException.class)
-  public void testDisallowedImpersonationForMultipleUsersNewConfig() throws Exception {
-    final String proxyServer = "proxy";
-    // let "otherproxy" impersonate, but not "proxy"
     cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION,
         "otherproxy1:*;otherproxy2:client1,client2");
     cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION, "*;*");
@@ -240,23 +179,9 @@ public class TCredentialsUpdatingInvocationHandlerTest {
     proxy.updateArgs(new Object[] {new Object(), tcreds});
   }
 
-  @SuppressWarnings("deprecation")
   @Test
   public void testAllowedImpersonationFromSpecificHost() throws Exception {
     final String proxyServer = "proxy", client = "client", host = "host.domain.com";
-    cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + proxyServer + ".users", client);
-    cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + proxyServer + ".hosts", host);
-    proxy = new TCredentialsUpdatingInvocationHandler<>(new Object(), conf);
-    TCredentials tcreds = new TCredentials("client", KerberosToken.class.getName(),
-        ByteBuffer.allocate(0), UUID.randomUUID().toString());
-    UGIAssumingProcessor.rpcPrincipal.set(proxyServer);
-    TServerUtils.clientAddress.set(host);
-    proxy.updateArgs(new Object[] {new Object(), tcreds});
-  }
-
-  @Test
-  public void testAllowedImpersonationFromSpecificHostNewConfig() throws Exception {
-    final String proxyServer = "proxy", client = "client", host = "host.domain.com";
     cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION, proxyServer + ":" + client);
     cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION, host);
     proxy = new TCredentialsUpdatingInvocationHandler<>(new Object(), conf);
@@ -267,24 +192,9 @@ public class TCredentialsUpdatingInvocationHandlerTest {
     proxy.updateArgs(new Object[] {new Object(), tcreds});
   }
 
-  @SuppressWarnings("deprecation")
   @Test(expected = ThriftSecurityException.class)
   public void testDisallowedImpersonationFromSpecificHost() throws Exception {
     final String proxyServer = "proxy", client = "client", host = "host.domain.com";
-    cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + proxyServer + ".users", client);
-    cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + proxyServer + ".hosts", host);
-    proxy = new TCredentialsUpdatingInvocationHandler<>(new Object(), conf);
-    TCredentials tcreds = new TCredentials("client", KerberosToken.class.getName(),
-        ByteBuffer.allocate(0), UUID.randomUUID().toString());
-    UGIAssumingProcessor.rpcPrincipal.set(proxyServer);
-    // The RPC came from a different host than is allowed
-    TServerUtils.clientAddress.set("otherhost.domain.com");
-    proxy.updateArgs(new Object[] {new Object(), tcreds});
-  }
-
-  @Test(expected = ThriftSecurityException.class)
-  public void testDisallowedImpersonationFromSpecificHostNewConfig() throws Exception {
-    final String proxyServer = "proxy", client = "client", host = "host.domain.com";
     cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION, proxyServer + ":" + client);
     cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION, host);
     proxy = new TCredentialsUpdatingInvocationHandler<>(new Object(), conf);
diff --git a/server/base/src/test/java/org/apache/accumulo/server/security/UserImpersonationTest.java
b/server/base/src/test/java/org/apache/accumulo/server/security/UserImpersonationTest.java
index 873f35b..c76e54b 100644
--- a/server/base/src/test/java/org/apache/accumulo/server/security/UserImpersonationTest.java
+++ b/server/base/src/test/java/org/apache/accumulo/server/security/UserImpersonationTest.java
@@ -67,25 +67,12 @@ public class UserImpersonationTest {
     };
   }
 
-  void setValidHosts(String user, String hosts) {
-    setUsersOrHosts(user, ".hosts", hosts);
-  }
-
-  void setValidUsers(String user, String users) {
-    setUsersOrHosts(user, ".users", users);
-  }
-
-  @SuppressWarnings("deprecation")
-  void setUsersOrHosts(String user, String suffix, String value) {
-    cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + user + suffix, value);
-  }
-
-  void setValidHostsNewConfig(String user, String... hosts) {
+  void setValidHosts(String user, String... hosts) {
     cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION.getKey(),
         Joiner.on(';').join(hosts));
   }
 
-  void setValidUsersNewConfig(Map<String,String> remoteToAllowedUsers) {
+  void setValidUsers(Map<String,String> remoteToAllowedUsers) {
     StringBuilder sb = new StringBuilder();
     for (Entry<String,String> entry : remoteToAllowedUsers.entrySet()) {
       if (sb.length() > 0) {
@@ -100,24 +87,7 @@ public class UserImpersonationTest {
   public void testAnyUserAndHosts() {
     String server = "server";
     setValidHosts(server, "*");
-    setValidUsers(server, "*");
-    UserImpersonation impersonation = new UserImpersonation(conf);
-
-    UsersWithHosts uwh = impersonation.get(server);
-    assertNotNull(uwh);
-
-    assertTrue(uwh.acceptsAllHosts());
-    assertTrue(uwh.acceptsAllUsers());
-
-    assertEquals(AlwaysTrueSet.class, uwh.getHosts().getClass());
-    assertEquals(AlwaysTrueSet.class, uwh.getUsers().getClass());
-  }
-
-  @Test
-  public void testAnyUserAndHostsNewConfig() {
-    String server = "server";
-    setValidHostsNewConfig(server, "*");
-    setValidUsersNewConfig(ImmutableMap.of(server, "*"));
+    setValidUsers(ImmutableMap.of(server, "*"));
     UserImpersonation impersonation = new UserImpersonation(conf);
 
     UsersWithHosts uwh = impersonation.get(server);
@@ -133,23 +103,7 @@ public class UserImpersonationTest {
   @Test
   public void testNoHostByDefault() {
     String server = "server";
-    setValidUsers(server, "*");
-    UserImpersonation impersonation = new UserImpersonation(conf);
-
-    UsersWithHosts uwh = impersonation.get(server);
-    assertNotNull(uwh);
-
-    assertFalse(uwh.acceptsAllHosts());
-    assertTrue(uwh.acceptsAllUsers());
-
-    assertNotEquals(AlwaysTrueSet.class, uwh.getHosts().getClass());
-    assertEquals(AlwaysTrueSet.class, uwh.getUsers().getClass());
-  }
-
-  @Test
-  public void testNoHostByDefaultNewConfig() {
-    String server = "server";
-    setValidUsersNewConfig(ImmutableMap.of(server, "*"));
+    setValidUsers(ImmutableMap.of(server, "*"));
     UserImpersonation impersonation = new UserImpersonation(conf);
 
     UsersWithHosts uwh = impersonation.get(server);
@@ -169,22 +123,6 @@ public class UserImpersonationTest {
     UserImpersonation impersonation = new UserImpersonation(conf);
 
     UsersWithHosts uwh = impersonation.get(server);
-    assertNotNull(uwh);
-
-    assertTrue(uwh.acceptsAllHosts());
-    assertFalse(uwh.acceptsAllUsers());
-
-    assertEquals(AlwaysTrueSet.class, uwh.getHosts().getClass());
-    assertNotEquals(AlwaysTrueSet.class, uwh.getUsers().getClass());
-  }
-
-  @Test
-  public void testNoUsersByDefaultNewConfig() {
-    String server = "server";
-    setValidHostsNewConfig(server, "*");
-    UserImpersonation impersonation = new UserImpersonation(conf);
-
-    UsersWithHosts uwh = impersonation.get(server);
     assertNull("Impersonation config should be drive by user element, not host", uwh);
   }
 
@@ -192,30 +130,7 @@ public class UserImpersonationTest {
   public void testSingleUserAndHost() {
     String server = "server", host = "single_host.domain.com", client = "single_client";
     setValidHosts(server, host);
-    setValidUsers(server, client);
-    UserImpersonation impersonation = new UserImpersonation(conf);
-
-    UsersWithHosts uwh = impersonation.get(server);
-    assertNotNull(uwh);
-
-    assertFalse(uwh.acceptsAllHosts());
-    assertFalse(uwh.acceptsAllUsers());
-
-    assertNotEquals(AlwaysTrueSet.class, uwh.getHosts().getClass());
-    assertNotEquals(AlwaysTrueSet.class, uwh.getUsers().getClass());
-
-    assertTrue(uwh.getUsers().contains(client));
-    assertTrue(uwh.getHosts().contains(host));
-
-    assertFalse(uwh.getUsers().contains("some_other_user"));
-    assertFalse(uwh.getHosts().contains("other_host.domain.com"));
-  }
-
-  @Test
-  public void testSingleUserAndHostNewConfig() {
-    String server = "server", host = "single_host.domain.com", client = "single_client";
-    setValidHostsNewConfig(server, host);
-    setValidUsersNewConfig(ImmutableMap.of(server, client));
+    setValidUsers(ImmutableMap.of(server, client));
     UserImpersonation impersonation = new UserImpersonation(conf);
 
     UsersWithHosts uwh = impersonation.get(server);
@@ -238,29 +153,7 @@ public class UserImpersonationTest {
   public void testMultipleExplicitUsers() {
     String server = "server", client1 = "client1", client2 = "client2", client3 = "client3";
     setValidHosts(server, "*");
-    setValidUsers(server, Joiner.on(',').join(client1, client2, client3));
-    UserImpersonation impersonation = new UserImpersonation(conf);
-
-    UsersWithHosts uwh = impersonation.get(server);
-    assertNotNull(uwh);
-
-    assertTrue(uwh.acceptsAllHosts());
-    assertFalse(uwh.acceptsAllUsers());
-
-    assertEquals(AlwaysTrueSet.class, uwh.getHosts().getClass());
-    assertNotEquals(AlwaysTrueSet.class, uwh.getUsers().getClass());
-
-    assertTrue(uwh.getUsers().contains(client1));
-    assertTrue(uwh.getUsers().contains(client2));
-    assertTrue(uwh.getUsers().contains(client3));
-    assertFalse(uwh.getUsers().contains("other_client"));
-  }
-
-  @Test
-  public void testMultipleExplicitUsersNewConfig() {
-    String server = "server", client1 = "client1", client2 = "client2", client3 = "client3";
-    setValidHostsNewConfig(server, "*");
-    setValidUsersNewConfig(ImmutableMap.of(server, Joiner.on(',').join(client1, client2,
client3)));
+    setValidUsers(ImmutableMap.of(server, Joiner.on(',').join(client1, client2, client3)));
     UserImpersonation impersonation = new UserImpersonation(conf);
 
     UsersWithHosts uwh = impersonation.get(server);
@@ -282,29 +175,7 @@ public class UserImpersonationTest {
   public void testMultipleExplicitHosts() {
     String server = "server", host1 = "host1", host2 = "host2", host3 = "host3";
     setValidHosts(server, Joiner.on(',').join(host1, host2, host3));
-    setValidUsers(server, "*");
-    UserImpersonation impersonation = new UserImpersonation(conf);
-
-    UsersWithHosts uwh = impersonation.get(server);
-    assertNotNull(uwh);
-
-    assertFalse(uwh.acceptsAllHosts());
-    assertTrue(uwh.acceptsAllUsers());
-
-    assertNotEquals(AlwaysTrueSet.class, uwh.getHosts().getClass());
-    assertEquals(AlwaysTrueSet.class, uwh.getUsers().getClass());
-
-    assertTrue(uwh.getHosts().contains(host1));
-    assertTrue(uwh.getHosts().contains(host2));
-    assertTrue(uwh.getHosts().contains(host3));
-    assertFalse(uwh.getHosts().contains("other_host"));
-  }
-
-  @Test
-  public void testMultipleExplicitHostsNewConfig() {
-    String server = "server", host1 = "host1", host2 = "host2", host3 = "host3";
-    setValidHostsNewConfig(server, Joiner.on(',').join(host1, host2, host3));
-    setValidUsersNewConfig(ImmutableMap.of(server, "*"));
+    setValidUsers(ImmutableMap.of(server, "*"));
     UserImpersonation impersonation = new UserImpersonation(conf);
 
     UsersWithHosts uwh = impersonation.get(server);
@@ -327,35 +198,7 @@ public class UserImpersonationTest {
     String server = "server", host1 = "host1", host2 = "host2", host3 = "host3",
         client1 = "client1", client2 = "client2", client3 = "client3";
     setValidHosts(server, Joiner.on(',').join(host1, host2, host3));
-    setValidUsers(server, Joiner.on(',').join(client1, client2, client3));
-    UserImpersonation impersonation = new UserImpersonation(conf);
-
-    UsersWithHosts uwh = impersonation.get(server);
-    assertNotNull(uwh);
-
-    assertFalse(uwh.acceptsAllHosts());
-    assertFalse(uwh.acceptsAllUsers());
-
-    assertNotEquals(AlwaysTrueSet.class, uwh.getHosts().getClass());
-    assertNotEquals(AlwaysTrueSet.class, uwh.getUsers().getClass());
-
-    assertTrue(uwh.getUsers().contains(client1));
-    assertTrue(uwh.getUsers().contains(client2));
-    assertTrue(uwh.getUsers().contains(client3));
-    assertFalse(uwh.getUsers().contains("other_client"));
-
-    assertTrue(uwh.getHosts().contains(host1));
-    assertTrue(uwh.getHosts().contains(host2));
-    assertTrue(uwh.getHosts().contains(host3));
-    assertFalse(uwh.getHosts().contains("other_host"));
-  }
-
-  @Test
-  public void testMultipleExplicitUsersHostsNewConfig() {
-    String server = "server", host1 = "host1", host2 = "host2", host3 = "host3",
-        client1 = "client1", client2 = "client2", client3 = "client3";
-    setValidHostsNewConfig(server, Joiner.on(',').join(host1, host2, host3));
-    setValidUsersNewConfig(ImmutableMap.of(server, Joiner.on(',').join(client1, client2,
client3)));
+    setValidUsers(ImmutableMap.of(server, Joiner.on(',').join(client1, client2, client3)));
     UserImpersonation impersonation = new UserImpersonation(conf);
 
     UsersWithHosts uwh = impersonation.get(server);
@@ -383,63 +226,9 @@ public class UserImpersonationTest {
     String server1 = "server1", server2 = "server2", host1 = "host1", host2 = "host2",
         host3 = "host3", client1 = "client1", client2 = "client2", client3 = "client3";
     // server1 can impersonate client1 and client2 from host1 or host2
-    setValidHosts(server1, Joiner.on(',').join(host1, host2));
-    setValidUsers(server1, Joiner.on(',').join(client1, client2));
     // server2 can impersonate only client3 from host3
-    setValidHosts(server2, host3);
-    setValidUsers(server2, client3);
-    UserImpersonation impersonation = new UserImpersonation(conf);
-
-    UsersWithHosts uwh = impersonation.get(server1);
-    assertNotNull(uwh);
-
-    assertFalse(uwh.acceptsAllHosts());
-    assertFalse(uwh.acceptsAllUsers());
-
-    assertNotEquals(AlwaysTrueSet.class, uwh.getHosts().getClass());
-    assertNotEquals(AlwaysTrueSet.class, uwh.getUsers().getClass());
-
-    assertTrue(uwh.getUsers().contains(client1));
-    assertTrue(uwh.getUsers().contains(client2));
-    assertFalse(uwh.getUsers().contains(client3));
-    assertFalse(uwh.getUsers().contains("other_client"));
-
-    assertTrue(uwh.getHosts().contains(host1));
-    assertTrue(uwh.getHosts().contains(host2));
-    assertFalse(uwh.getHosts().contains(host3));
-    assertFalse(uwh.getHosts().contains("other_host"));
-
-    uwh = impersonation.get(server2);
-    assertNotNull(uwh);
-
-    assertFalse(uwh.acceptsAllHosts());
-    assertFalse(uwh.acceptsAllUsers());
-
-    assertNotEquals(AlwaysTrueSet.class, uwh.getHosts().getClass());
-    assertNotEquals(AlwaysTrueSet.class, uwh.getUsers().getClass());
-
-    assertFalse(uwh.getUsers().contains(client1));
-    assertFalse(uwh.getUsers().contains(client2));
-    assertTrue(uwh.getUsers().contains(client3));
-    assertFalse(uwh.getUsers().contains("other_client"));
-
-    assertFalse(uwh.getHosts().contains(host1));
-    assertFalse(uwh.getHosts().contains(host2));
-    assertTrue(uwh.getHosts().contains(host3));
-    assertFalse(uwh.getHosts().contains("other_host"));
-
-    // client3 is not allowed to impersonate anyone
-    assertNull(impersonation.get(client3));
-  }
-
-  @Test
-  public void testMultipleAllowedImpersonatorsNewConfig() {
-    String server1 = "server1", server2 = "server2", host1 = "host1", host2 = "host2",
-        host3 = "host3", client1 = "client1", client2 = "client2", client3 = "client3";
-    // server1 can impersonate client1 and client2 from host1 or host2
-    // server2 can impersonate only client3 from host3
-    setValidHostsNewConfig(server1, Joiner.on(',').join(host1, host2), host3);
-    setValidUsersNewConfig(
+    setValidHosts(server1, Joiner.on(',').join(host1, host2), host3);
+    setValidUsers(
         ImmutableMap.of(server1, Joiner.on(',').join(client1, client2), server2, client3));
     UserImpersonation impersonation = new UserImpersonation(conf);
 
@@ -485,27 +274,9 @@ public class UserImpersonationTest {
     assertNull(impersonation.get(client3));
   }
 
-  @SuppressWarnings("deprecation")
   @Test
   public void testSingleUser() throws Exception {
     final String server = "server/hostname@EXAMPLE.COM", client = "client@EXAMPLE.COM";
-    cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + server + ".users", client);
-    cc.set(Property.INSTANCE_RPC_SASL_PROXYUSERS.getKey() + server + ".hosts", "*");
-    UserImpersonation impersonation = new UserImpersonation(conf);
-
-    UsersWithHosts uwh = impersonation.get(server);
-
-    assertNotNull(uwh);
-
-    assertTrue(uwh.acceptsAllHosts());
-    assertFalse(uwh.acceptsAllUsers());
-
-    assertTrue(uwh.getUsers().contains(client));
-  }
-
-  @Test
-  public void testSingleUserNewConfig() throws Exception {
-    final String server = "server/hostname@EXAMPLE.COM", client = "client@EXAMPLE.COM";
     cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION, server + ":" + client);
     cc.set(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION, "*");
     UserImpersonation impersonation = new UserImpersonation(conf);

-- 
To stop receiving notification emails like this one, please contact
ctubbsii@apache.org.

Mime
View raw message