hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From omal...@apache.org
Subject svn commit: r1076945 - in /hadoop/common/branches/branch-0.20-security-patches/src/test: mapred/org/apache/hadoop/mapred/TestQueueAclsForCurrentUser.java org/apache/hadoop/mapred/TestQueueAclsForCurrentUser.java
Date Fri, 04 Mar 2011 03:24:44 GMT
Author: omalley
Date: Fri Mar  4 03:24:44 2011
New Revision: 1076945

URL: http://svn.apache.org/viewvc?rev=1076945&view=rev
Log:
commit ca0ace8614d465a18a25c1cce3ef17fe94136783
Author: Lee Tucker <ltucker@yahoo-inc.com>
Date:   Thu Jul 30 17:40:29 2009 -0700

    Applying patch 2775550.5419.patch

Added:
    hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestQueueAclsForCurrentUser.java
Removed:
    hadoop/common/branches/branch-0.20-security-patches/src/test/mapred/org/apache/hadoop/mapred/TestQueueAclsForCurrentUser.java

Added: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestQueueAclsForCurrentUser.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestQueueAclsForCurrentUser.java?rev=1076945&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestQueueAclsForCurrentUser.java
(added)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestQueueAclsForCurrentUser.java
Fri Mar  4 03:24:44 2011
@@ -0,0 +1,174 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.mapred;
+
+import java.io.IOException;
+import javax.security.auth.login.LoginException;
+import junit.framework.TestCase;
+import org.apache.hadoop.security.UnixUserGroupInformation;
+import org.apache.hadoop.security.UserGroupInformation;
+
+/**
+ * Unit test class to test queue acls
+ *
+ */
+public class TestQueueAclsForCurrentUser extends TestCase {
+
+  private QueueManager queueManager;
+  private JobConf conf = null;
+  UserGroupInformation currentUGI = null;
+  String submitAcl = QueueManager.QueueOperation.SUBMIT_JOB.getAclName();
+  String adminAcl  = QueueManager.QueueOperation.ADMINISTER_JOBS.getAclName();
+
+  private void setupConfForNoAccess() throws IOException,LoginException {
+    currentUGI = UnixUserGroupInformation.login();
+    String userName = currentUGI.getUserName();
+    conf = new JobConf();
+
+    conf.setBoolean("mapred.acls.enabled",true);
+
+    conf.set("mapred.queue.names", "qu1,qu2");
+    //Only user u1 has access
+    conf.set("mapred.queue.qu1.acl-submit-job", "u1");
+    conf.set("mapred.queue.qu1.acl-administer-jobs", "u1");
+    //q2 only group g2 has acls for the queues
+    conf.set("mapred.queue.qu2.acl-submit-job", " g2");
+    conf.set("mapred.queue.qu2.acl-administer-jobs", " g2");
+    queueManager = new QueueManager(conf);
+
+  }
+
+  /**
+   *  sets up configuration for acls test.
+   * @return
+   */
+  private void setupConf(boolean aclSwitch) throws IOException,LoginException{
+    currentUGI = UnixUserGroupInformation.login();
+    String userName = currentUGI.getUserName();
+    conf = new JobConf();
+
+    conf.setBoolean("mapred.acls.enabled", aclSwitch);
+
+    conf.set("mapred.queue.names", "qu1,qu2,qu3,qu4,qu5,qu6,qu7");
+    //q1 Has acls for all the users, supports both submit and administer
+    conf.set("mapred.queue.qu1.acl-submit-job", "*");
+    conf.set("mapred.queue.qu1-acl-administer-jobs", "*");
+    //q2 only u2 has acls for the queues
+    conf.set("mapred.queue.qu2.acl-submit-job", "u2");
+    conf.set("mapred.queue.qu2.acl-administer-jobs", "u2");
+    //q3  Only u2 has submit operation access rest all have administer access
+    conf.set("mapred.queue.qu3.acl-submit-job", "u2");
+    conf.set("mapred.queue.qu3.acl-administer-jobs", "*");
+    //q4 Only u2 has administer access , anyone can do submit
+    conf.set("mapred.queue.qu4.acl-submit-job", "*");
+    conf.set("mapred.queue.qu4.acl-administer-jobs", "u2");
+    //qu6 only current user has submit access
+    conf.set("mapred.queue.qu6.acl-submit-job",userName);
+    conf.set("mapred.queue.qu6.acl-administrator-jobs","u2");
+    //qu7 only current user has administrator access
+    conf.set("mapred.queue.qu7.acl-submit-job","u2");
+    conf.set("mapred.queue.qu7.acl-administrator-jobs",userName);
+    //qu8 only current group has access
+    StringBuilder groupNames = new StringBuilder("");
+    String[] ugiGroupNames = currentUGI.getGroupNames();
+    int max = ugiGroupNames.length-1;
+    for(int j=0;j< ugiGroupNames.length;j++) {
+      groupNames.append(ugiGroupNames[j]);
+      if(j<max) {
+        groupNames.append(",");
+      }
+    }
+    conf.set("mapred.queue.qu5.acl-submit-job"," "+groupNames.toString());
+    conf.set("mapred.queue.qu5.acl-administrator-jobs"," "
+            +groupNames.toString());
+
+    queueManager = new QueueManager(conf);
+  }
+
+  public void testQueueAclsForCurrentuser() throws IOException,LoginException {
+    setupConf(true);
+    QueueAclsInfo[] queueAclsInfoList =
+            queueManager.getQueueAcls(currentUGI);
+    checkQueueAclsInfo(queueAclsInfoList);
+  }
+
+  public void testQueueAclsForCurrentUserAclsDisabled() throws IOException,
+          LoginException {
+    setupConf(false);
+    //fetch the acls info for current user.
+    QueueAclsInfo[] queueAclsInfoList = queueManager.
+            getQueueAcls(currentUGI);
+    checkQueueAclsInfo(queueAclsInfoList);
+  }
+
+  public void testQueueAclsForNoAccess() throws IOException,LoginException {
+    setupConfForNoAccess();
+    QueueAclsInfo[] queueAclsInfoList = queueManager.
+            getQueueAcls(currentUGI);
+    assertTrue(queueAclsInfoList.length == 0);
+  }
+
+  private void checkQueueAclsInfo(QueueAclsInfo[] queueAclsInfoList)
+          throws IOException {
+    if (conf.get("mapred.acls.enabled").equalsIgnoreCase("true")) {
+      for (int i = 0; i < queueAclsInfoList.length; i++) {
+        QueueAclsInfo acls = queueAclsInfoList[i];
+        String queueName = acls.getQueueName();
+        assertFalse(queueName.contains("qu2"));
+        if (queueName.equals("qu1")) {
+          assertTrue(acls.getOperations().length == 2);
+          assertTrue(checkAll(acls.getOperations()));
+        } else if (queueName.equals("qu3")) {
+          assertTrue(acls.getOperations().length == 1);
+          assertTrue(acls.getOperations()[0].equalsIgnoreCase(adminAcl));
+        } else if (queueName.equals("qu4")) {
+          assertTrue(acls.getOperations().length == 1);
+          assertTrue(acls.getOperations()[0].equalsIgnoreCase(submitAcl));
+        } else if (queueName.equals("qu5")) {
+          assertTrue(acls.getOperations().length == 2);
+          assertTrue(checkAll(acls.getOperations()));
+        } else if(queueName.equals("qu6")) {
+          assertTrue(acls.getOperations()[0].equals(submitAcl));
+        } else if(queueName.equals("qu7")) {
+          assertTrue(acls.getOperations()[0].equals(adminAcl));
+        } 
+      }
+    } else {
+      for (int i = 0; i < queueAclsInfoList.length; i++) {
+        QueueAclsInfo acls = queueAclsInfoList[i];
+        String queueName = acls.getQueueName();
+        assertTrue(acls.getOperations().length == 2);
+        assertTrue(checkAll(acls.getOperations()));
+      }
+    }
+  }
+
+  private boolean checkAll(String[] operations){
+    boolean submit = false;
+    boolean admin = false;
+
+    for(String val: operations){
+      if(val.equalsIgnoreCase(submitAcl))
+        submit = true;
+      else if(val.equalsIgnoreCase(adminAcl))
+        admin = true;
+    }
+    if(submit && admin) return true;
+    return false;
+  }
+}



Mime
View raw message