hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cutt...@apache.org
Subject svn commit: r609029 [2/2] - in /lucene/hadoop/trunk: ./ conf/ src/java/org/apache/hadoop/dfs/ src/java/org/apache/hadoop/fs/permission/ src/java/org/apache/hadoop/ipc/ src/java/org/apache/hadoop/security/ src/test/org/apache/hadoop/dfs/ src/test/org/ap...
Date Fri, 04 Jan 2008 22:12:17 GMT
Added: lucene/hadoop/trunk/src/test/org/apache/hadoop/security/TestPermission.java
URL: http://svn.apache.org/viewvc/lucene/hadoop/trunk/src/test/org/apache/hadoop/security/TestPermission.java?rev=609029&view=auto
==============================================================================
--- lucene/hadoop/trunk/src/test/org/apache/hadoop/security/TestPermission.java (added)
+++ lucene/hadoop/trunk/src/test/org/apache/hadoop/security/TestPermission.java Fri Jan  4
14:12:15 2008
@@ -0,0 +1,177 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.security;
+
+import java.io.IOException;
+import java.util.Random;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.dfs.MiniDFSCluster;
+import org.apache.hadoop.fs.*;
+import org.apache.hadoop.fs.permission.*;
+import org.apache.hadoop.ipc.RemoteException;
+
+import junit.framework.TestCase;
+
+/** Unit tests for permission */
+public class TestPermission extends TestCase {
+  public static final Log LOG = LogFactory.getLog(TestPermission.class);
+
+  final private static Path ROOT_PATH = new Path("/data");
+  final private static Path CHILD_DIR1 = new Path(ROOT_PATH, "web1");
+  final private static Path CHILD_DIR2 = new Path(ROOT_PATH, "web2");
+  final private static Path CHILD_FILE1 = new Path(ROOT_PATH, "file1");
+  final private static Path CHILD_FILE2 = new Path(ROOT_PATH, "file2");
+
+  final private static int FILE_LEN = 100;
+  final private static String PERMISSION_EXCEPTION_NAME =
+    AccessControlException.class.getName();
+
+  final private static String USER_NAME = "Who";
+  final private static String GROUP1_NAME = "group1";
+  final private static String GROUP2_NAME = "group2";
+  final private static String[] GROUP_NAMES = {GROUP1_NAME, GROUP2_NAME};
+
+  static FsPermission checkPermission(FileSystem fs,
+      String path, FsPermission expected) throws IOException {
+    FileStatus s = fs.getFileStatus(new Path(path));
+    LOG.info(s.getPath() + ": " + s.isDir() + " " + s.getPermission()
+        + ":" + s.getOwner() + ":" + s.getGroup());
+    if (expected != null) {
+      assertEquals(expected, s.getPermission());
+      assertEquals(expected.toShort(), s.getPermission().toShort());
+    }
+    return s.getPermission();
+  }
+
+  public void testCreate() throws Exception {
+    Configuration conf = new Configuration();
+    conf.setBoolean("dfs.permissions", true);
+    conf.setInt(FsPermission.UMASK_LABEL, 0);
+    MiniDFSCluster cluster = new MiniDFSCluster(conf, 3, true, null);
+    cluster.waitActive();
+    FileSystem fs = FileSystem.get(conf);
+
+    try {
+      FsPermission rootPerm = checkPermission(fs, "/", null);
+      FsPermission inheritPerm = FsPermission.createImmutable(
+          (short)(rootPerm.toShort() | 0300));
+
+      FsPermission dirPerm = new FsPermission((short)0777);
+      fs.mkdirs(new Path("/a1/a2/a3"), dirPerm);
+      checkPermission(fs, "/a1", inheritPerm);
+      checkPermission(fs, "/a1/a2", inheritPerm);
+      checkPermission(fs, "/a1/a2/a3", dirPerm);
+
+      FsPermission filePerm = new FsPermission((short)0444);
+      FSDataOutputStream out = fs.create(new Path("/b1/b2/b3.txt"), filePerm,
+          true, conf.getInt("io.file.buffer.size", 4096),
+          fs.getDefaultReplication(), fs.getDefaultBlockSize(), null);
+      out.write(123);
+      out.close();
+      checkPermission(fs, "/b1", inheritPerm);
+      checkPermission(fs, "/b1/b2", inheritPerm);
+      checkPermission(fs, "/b1/b2/b3.txt", filePerm);
+    }
+    finally {
+      try{fs.close();} catch(Exception e) {}
+      try{cluster.shutdown();} catch(Exception e) {}
+    }
+  }
+
+  public void testFilePermision() throws Exception {
+    Configuration conf = new Configuration();
+    conf.setBoolean("dfs.permissions", true);
+    MiniDFSCluster cluster = new MiniDFSCluster(conf, 3, true, null);
+    cluster.waitActive();
+    FileSystem fs = FileSystem.get(conf);
+
+    try {
+      // following dir/file creations are legal
+      fs.mkdirs(CHILD_DIR1);
+      FSDataOutputStream out = fs.create(CHILD_FILE1);
+      byte data[] = new byte[FILE_LEN];
+      Random r = new Random();
+      r.nextBytes(data);
+      out.write(data);
+      out.close();
+      fs.setPermission(CHILD_FILE1, new FsPermission((short)0700));
+
+      // following read is legal
+      byte dataIn[] = new byte[FILE_LEN];
+      FSDataInputStream fin = fs.open(CHILD_FILE1);
+      fin.read(dataIn);
+      for(int i=0; i<FILE_LEN; i++) {
+        assertEquals(data[i], dataIn[i]);
+      }
+      fs.close();
+
+      // test illegal file/dir creation
+      UnixUserGroupInformation userGroupInfo = new UnixUserGroupInformation(
+          USER_NAME, GROUP_NAMES );
+      conf.set(UnixUserGroupInformation.UGI_PROPERTY_NAME,
+          userGroupInfo.toString());
+      fs = FileSystem.get(conf);
+
+      // illegal mkdir
+      assertTrue(!canMkdirs(fs, CHILD_DIR2));
+
+      // illegal file creation
+      assertTrue(!canCreate(fs, CHILD_FILE2));
+
+      // illegal file open
+      assertTrue(!canOpen(fs, CHILD_FILE1));
+    }
+    finally {
+      try{fs.close();} catch(Exception e) {}
+      try{cluster.shutdown();} catch(Exception e) {}
+    }
+  }
+
+  static boolean canMkdirs(FileSystem fs, Path p) throws IOException {
+    try {
+      fs.mkdirs(p);
+      return true;
+    } catch(RemoteException e) {
+      assertEquals(PERMISSION_EXCEPTION_NAME, e.getClassName());
+      return false;
+    }
+  }
+
+  static boolean canCreate(FileSystem fs, Path p) throws IOException {
+    try {
+      fs.create(p);
+      return true;
+    } catch(RemoteException e) {
+      assertEquals(PERMISSION_EXCEPTION_NAME, e.getClassName());
+      return false;
+    }
+  }
+
+  static boolean canOpen(FileSystem fs, Path p) throws IOException {
+    try {
+      fs.open(p);
+      return true;
+    } catch(RemoteException e) {
+      assertEquals(PERMISSION_EXCEPTION_NAME, e.getClassName());
+      return false;
+    }
+  }
+}



Mime
View raw message