hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From omal...@apache.org
Subject svn commit: r1077432 - in /hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred: TestJobACLs.java TestQueueManager.java TestWebUIAuthorization.java
Date Fri, 04 Mar 2011 04:14:16 GMT
Author: omalley
Date: Fri Mar  4 04:14:16 2011
New Revision: 1077432

URL: http://svn.apache.org/viewvc?rev=1077432&view=rev
Log:
commit 4cb052b750d63bb9e10ca252b59e0d2a24b1ec87
Author: Chris Douglas <cdouglas@apache.org>
Date:   Wed Apr 28 16:44:55 2010 -0700

    MAPREDUCE:1664 from https://issues.apache.org/jira/secure/attachment/12443139/M1664y20s-testfix.patch

Modified:
    hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestJobACLs.java
    hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestQueueManager.java
    hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestWebUIAuthorization.java

Modified: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestJobACLs.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestJobACLs.java?rev=1077432&r1=1077431&r2=1077432&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestJobACLs.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestJobACLs.java
Fri Mar  4 04:14:16 2011
@@ -30,7 +30,6 @@ import org.apache.hadoop.mapred.JobClien
 import org.apache.hadoop.mapred.JobConf;
 import org.apache.hadoop.mapred.JobPriority;
 import org.apache.hadoop.mapred.JobStatus;
-import org.apache.hadoop.mapred.JobTracker;
 import org.apache.hadoop.mapred.RunningJob;
 import org.apache.hadoop.mapred.QueueManager.QueueOperation;
 import org.apache.hadoop.security.UserGroupInformation;
@@ -56,6 +55,8 @@ public class TestJobACLs {
           TestJobACLs.class.getCanonicalName() + Path.SEPARATOR
               + "completed-job-store");
 
+  private String jobSubmitter = "user1";
+
   /**
    * Start the cluster before running the actual test.
    * 
@@ -76,6 +77,8 @@ public class TestJobACLs {
     // no queue admins for default queue
     conf.set(QueueManager.toFullPropertyName(
         "default", QueueOperation.ADMINISTER_JOBS.getAclName()), " ");
+    conf.set(QueueManager.toFullPropertyName(
+        "default", QueueOperation.SUBMIT_JOB.getAclName()), jobSubmitter);
 
     // Enable CompletedJobStore
     FileSystem fs = FileSystem.getLocal(conf);
@@ -130,10 +133,10 @@ public class TestJobACLs {
 
     // Set the job up.
     final JobConf myConf = mr.createJobConf();
-    myConf.set(JobContext.JOB_ACL_VIEW_JOB, "user1,user3");
+    myConf.set(JobContext.JOB_ACL_VIEW_JOB, "user3");
 
     // Submit the job as user1
-    RunningJob job = submitJobAsUser(myConf, "user1");
+    RunningJob job = submitJobAsUser(myConf, jobSubmitter);
 
     final JobID jobId = job.getID();
 
@@ -269,10 +272,10 @@ public class TestJobACLs {
 
     // Set the job up.
     final JobConf myConf = mr.createJobConf();
-    myConf.set(JobContext.JOB_ACL_MODIFY_JOB, "user1,user3");
+    myConf.set(JobContext.JOB_ACL_MODIFY_JOB, "user3");
 
     // Submit the job as user1
-    RunningJob job = submitJobAsUser(myConf, "user1");
+    RunningJob job = submitJobAsUser(myConf, jobSubmitter);
 
     final JobID jobId = job.getID();
 
@@ -371,10 +374,10 @@ public class TestJobACLs {
 
     // Set the job up.
     final JobConf myConf = mr.createJobConf();
-    myConf.set(JobContext.JOB_ACL_VIEW_JOB, "user1,user2");
+    myConf.set(JobContext.JOB_ACL_VIEW_JOB, "user2");
 
     // Submit the job as user1
-    RunningJob job = submitJobAsUser(myConf, "user1");
+    RunningJob job = submitJobAsUser(myConf, jobSubmitter);
 
     final JobID jobId = job.getID();
 

Modified: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestQueueManager.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestQueueManager.java?rev=1077432&r1=1077431&r2=1077432&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestQueueManager.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestQueueManager.java
Fri Mar  4 04:14:16 2011
@@ -431,12 +431,12 @@ public class TestQueueManager extends Te
       //rewrite the mapred-site.xml
       hadoopConfProps.put(JobConf.MR_ACLS_ENABLED, "true");
       hadoopConfProps.put(QueueManager.toFullPropertyName(
-          "default", submitAcl),
+          "q1", submitAcl),
           ugi.getShortUserName());
       UtilsForTests.setUpConfigFile(hadoopConfProps, hadoopConfigFile);
       queueManager.refreshAcls(conf);
-      assertTrue("User Job Submission failed after refresh and no queue acls file.",
-          queueManager.hasAccess("default", QueueManager.QueueOperation.
+      assertTrue("User Job Submission allowed after refresh and no queue acls file.",
+          queueManager.hasAccess("q1", QueueManager.QueueOperation.
               SUBMIT_JOB, ugi));
     } finally{
       if(queueConfigFile.exists()) {

Modified: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestWebUIAuthorization.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestWebUIAuthorization.java?rev=1077432&r1=1077431&r2=1077432&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestWebUIAuthorization.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestWebUIAuthorization.java
Fri Mar  4 04:14:16 2011
@@ -53,8 +53,12 @@ public class TestWebUIAuthorization exte
   private static final Log LOG = LogFactory.getLog(
       TestWebUIAuthorization.class);
 
-  // user1 submits the jobs
+  // users who submit the jobs
   private static final String jobSubmitter = "user1";
+  private static final String jobSubmitter1 = "user11";
+  private static final String jobSubmitter2 = "user12";
+  private static final String jobSubmitter3 = "user13";
+
   // mrOwner starts the cluster
   private static String mrOwner = null;
   // member of supergroup
@@ -265,6 +269,8 @@ public class TestWebUIAuthorization exte
     props.setProperty(JobConf.MR_ACLS_ENABLED, String.valueOf(true));
     props.setProperty(QueueManager.toFullPropertyName(
         "default", QueueOperation.ADMINISTER_JOBS.getAclName()), qAdmin);
+    props.setProperty(QueueManager.toFullPropertyName(
+        "default", QueueOperation.SUBMIT_JOB.getAclName()), jobSubmitter);
 
     props.setProperty("dfs.permissions", "false");
 
@@ -546,7 +552,7 @@ public class TestWebUIAuthorization exte
     // jobTrackerJSP killJob url
     String url = jobTrackerJSP + "&killJobs=true";
     // view-job-acl doesn't matter for killJob from jobtracker jsp page
-    conf.set(JobContext.JOB_ACL_VIEW_JOB, "");
+    conf.set(JobContext.JOB_ACL_VIEW_JOB, " ");
     
     // Let us start 4 jobs as 4 different users(none of these 4 users is
     // mrOwner and none of these users is a member of superGroup and none of
@@ -556,28 +562,28 @@ public class TestWebUIAuthorization exte
 
     // start 1st job.
     // Out of these 4 users, only jobSubmitter can do killJob on 1st job
-    conf.set(JobContext.JOB_ACL_MODIFY_JOB, "");
+    conf.set(JobContext.JOB_ACL_MODIFY_JOB, " ");
     RunningJob job1 = startSleepJobAsUser(jobSubmitter, conf, cluster);
     org.apache.hadoop.mapreduce.JobID jobid = job1.getID();
     url = url.concat("&jobCheckBox=" + jobid.toString());
 
     // start 2nd job.
-    // Out of these 4 users, only viewColleague can do killJob on 2nd job
-    RunningJob job2 = startSleepJobAsUser(viewColleague, conf, cluster);
+    // Out of these 4 users, only jobSubmitter1 can do killJob on 2nd job
+    RunningJob job2 = startSleepJobAsUser(jobSubmitter1, conf, cluster);
     jobid = job2.getID();
     url = url.concat("&jobCheckBox=" + jobid.toString());
 
     // start 3rd job.
-    // Out of these 4 users, only modifyColleague can do killJob on 3rd job
-    RunningJob job3 = startSleepJobAsUser(modifyColleague, conf, cluster);
+    // Out of these 4 users, only jobSubmitter2 can do killJob on 3rd job
+    RunningJob job3 = startSleepJobAsUser(jobSubmitter2, conf, cluster);
     jobid = job3.getID();
     url = url.concat("&jobCheckBox=" + jobid.toString());
 
     // start 4rd job.
-    // Out of these 4 users, viewColleague and viewAndModifyColleague
+    // Out of these 4 users, jobSubmitter1 and jobSubmitter3
     // can do killJob on 4th job
-    conf.set(JobContext.JOB_ACL_MODIFY_JOB, viewColleague);
-    RunningJob job4 = startSleepJobAsUser(viewAndModifyColleague,
+    conf.set(JobContext.JOB_ACL_MODIFY_JOB, jobSubmitter1);
+    RunningJob job4 = startSleepJobAsUser(jobSubmitter3,
                                           conf, cluster);
     jobid = job4.getID();
     url = url.concat("&jobCheckBox=" + jobid.toString());
@@ -587,7 +593,7 @@ public class TestWebUIAuthorization exte
       // 2nd and 4th jobs. Check if 1st and 3rd jobs are not killed and
       // 2nd and 4th jobs get killed
       assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED,
-          getHttpStatusCode(url, viewColleague, "POST"));
+          getHttpStatusCode(url, jobSubmitter1, "POST"));
       
       waitForKillJobToFinish(job2);
       assertTrue("killJob failed for a job for which user has "
@@ -625,6 +631,10 @@ public class TestWebUIAuthorization exte
     props.setProperty(JobConf.MR_ACLS_ENABLED, String.valueOf(true));
     props.setProperty(QueueManager.toFullPropertyName(
         "default", QueueOperation.ADMINISTER_JOBS.getAclName()), qAdmin);
+    props.setProperty(QueueManager.toFullPropertyName(
+        "default", QueueOperation.SUBMIT_JOB.getAclName()),
+        jobSubmitter + "," + jobSubmitter1 + "," + jobSubmitter2 + "," +
+        jobSubmitter3);
 
     props.setProperty("dfs.permissions", "false");
     // let us have enough map slots so that there won't be waiting for slots
@@ -644,6 +654,10 @@ public class TestWebUIAuthorization exte
     mrOwner = UserGroupInformation.getCurrentUser().getShortUserName();
     MyGroupsProvider.mapping.put(mrOwner, Arrays.asList(
         new String[] { "group5", "group6" }));
+    
+    MyGroupsProvider.mapping.put(jobSubmitter1, Arrays.asList("group7"));
+    MyGroupsProvider.mapping.put(jobSubmitter2, Arrays.asList("group7"));
+    MyGroupsProvider.mapping.put(jobSubmitter3, Arrays.asList("group7"));
 
     startCluster(true, props);
     MiniMRCluster cluster = getMRCluster();



Mime
View raw message