hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From omal...@apache.org
Subject svn commit: r1077511 - in /hadoop/common/branches/branch-0.20-security-patches/src: core/org/apache/hadoop/security/ core/org/apache/hadoop/security/authorize/ hdfs/org/apache/hadoop/hdfs/server/namenode/ hdfs/org/apache/hadoop/hdfs/tools/ mapred/org/a...
Date Fri, 04 Mar 2011 04:22:20 GMT
Author: omalley
Date: Fri Mar  4 04:22:20 2011
New Revision: 1077511

URL: http://svn.apache.org/viewvc?rev=1077511&view=rev
Log:
commit d3042af8bdc76770c30715c16d4408960714a884
Author: Boris Shkolnik <borya@yahoo-inc.com>
Date:   Wed Jun 23 11:23:09 2010 -0700

    HADOOP:6815 from https://issues.apache.org/jira/secure/attachment/12447718/HADOOP-6815-YH20-1.patch
    
    +++ b/YAHOO-CHANGES.txt
    +    HADOOP-6815. refreshSuperUserGroupsConfiguration should use
    +    server side configuration for the refresh( boryas)

Modified:
    hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/Groups.java
    hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/RefreshUserMappingsProtocol.java
    hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/authorize/ProxyUsers.java
    hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java
    hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/tools/DFSAdmin.java
    hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobTracker.java
    hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/tools/MRAdmin.java
    hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java
    hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/NNThroughputBenchmark.java
    hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestDoAsEffectiveUser.java
    hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestMapredGroupMappingServiceRefresh.java
    hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestRefreshUserMappings.java

Modified: hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/Groups.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/Groups.java?rev=1077511&r1=1077510&r2=1077511&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/Groups.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/Groups.java
Fri Mar  4 04:22:20 2011
@@ -114,6 +114,10 @@ public class Groups {
    * Get the groups being used to map user-to-groups.
    * @return the groups being used to map user-to-groups.
    */
+  public static Groups getUserToGroupsMappingService() {
+    return getUserToGroupsMappingService(new Configuration()); 
+  }
+
   public static Groups getUserToGroupsMappingService(Configuration conf) {
     if(GROUPS == null) {
       LOG.debug(" Creating new Groups object");

Modified: hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/RefreshUserMappingsProtocol.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/RefreshUserMappingsProtocol.java?rev=1077511&r1=1077510&r2=1077511&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/RefreshUserMappingsProtocol.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/RefreshUserMappingsProtocol.java
Fri Mar  4 04:22:20 2011
@@ -41,13 +41,12 @@ public interface RefreshUserMappingsProt
    * @param conf
    * @throws IOException
    */
-  public void refreshUserToGroupsMappings(Configuration conf) throws IOException;
+  public void refreshUserToGroupsMappings() throws IOException;
   
   /**
    * Refresh superuser proxy group list
-   * @param conf
    * @throws IOException
    */
-  public void refreshSuperUserGroupsConfiguration(Configuration conf) 
+  public void refreshSuperUserGroupsConfiguration() 
   throws IOException;
 }

Modified: hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/authorize/ProxyUsers.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/authorize/ProxyUsers.java?rev=1077511&r1=1077510&r2=1077511&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/authorize/ProxyUsers.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/authorize/ProxyUsers.java
Fri Mar  4 04:22:20 2011
@@ -34,7 +34,7 @@ public class ProxyUsers {
   public static final String CONF_GROUPS = ".groups";
   public static final String CONF_HADOOP_PROXYUSER = "hadoop.proxyuser.";
   public static final String CONF_HADOOP_PROXYUSER_RE = "hadoop\\.proxyuser\\.";
-  private static Configuration conf=null;
+  private static boolean init = false;
   // list of groups and hosts per proxyuser
   private static Map<String, Collection<String>> proxyGroups = 
     new HashMap<String, Collection<String>>();
@@ -44,13 +44,20 @@ public class ProxyUsers {
   /**
    * reread the conf and get new values for "hadoop.proxyuser.*.groups/hosts"
    */
-  public static synchronized void refreshSuperUserGroupsConfiguration(Configuration cn) {
-    conf = cn;
-    
+  public static void refreshSuperUserGroupsConfiguration() {
+    //load server side configuration;
+    refreshSuperUserGroupsConfiguration(new Configuration());
+  }
+
+  /**
+   * refresh configuration
+   * @param conf
+   */
+  public static synchronized void refreshSuperUserGroupsConfiguration(Configuration conf)
{
     // remove alle existing stuff
     proxyGroups.clear();
     proxyHosts.clear();
-    
+
     // get all the new keys for groups
     String regex = CONF_HADOOP_PROXYUSER_RE+"[^.]*\\"+CONF_GROUPS;
     Map<String,String> allMatchKeys = conf.getValByRegex(regex);
@@ -66,6 +73,8 @@ public class ProxyUsers {
       proxyHosts.put(entry.getKey(),
           StringUtils.getStringCollection(entry.getValue()));
     }
+    
+    init = true;
   }
 
   /**
@@ -99,8 +108,8 @@ public class ProxyUsers {
   public static synchronized void authorize(UserGroupInformation user, String remoteAddress,
       Configuration newConf) throws AuthorizationException {
     
-    if(conf == null) {
-      refreshSuperUserGroupsConfiguration(newConf); 
+    if(!init) {
+      refreshSuperUserGroupsConfiguration(); 
     }
 
     if (user.getRealUser() == null) {
@@ -113,7 +122,7 @@ public class ProxyUsers {
     Collection<String> allowedUserGroups = proxyGroups.get(
         getProxySuperuserGroupConfKey(superUser.getShortUserName()));
     
-    if (!allowedUserGroups.isEmpty()) {
+    if (allowedUserGroups != null && !allowedUserGroups.isEmpty()) {
       for (String group : user.getGroupNames()) {
         if (allowedUserGroups.contains(group)) {
           groupAuthorized = true;
@@ -130,7 +139,7 @@ public class ProxyUsers {
     Collection<String> ipList = proxyHosts.get(
         getProxySuperuserIpConfKey(superUser.getShortUserName()));
     
-    if (!ipList.isEmpty()) {
+    if (ipList != null && !ipList.isEmpty()) {
       for (String allowedHost : ipList) {
         InetAddress hostAddr;
         try {

Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java?rev=1077511&r1=1077510&r2=1077511&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java
Fri Mar  4 04:22:20 2011
@@ -1017,17 +1017,17 @@ public class NameNode implements ClientP
   }
 
   @Override
-  public void refreshUserToGroupsMappings(Configuration conf) throws IOException {
+  public void refreshUserToGroupsMappings() throws IOException {
     LOG.info("Refreshing all user-to-groups mappings. Requested by user: " + 
              UserGroupInformation.getCurrentUser().getShortUserName());
-    Groups.getUserToGroupsMappingService(conf).refresh();
+    Groups.getUserToGroupsMappingService().refresh();
   }
   
   @Override
-  public void refreshSuperUserGroupsConfiguration(Configuration conf) {
+  public void refreshSuperUserGroupsConfiguration() {
     LOG.info("Refreshing SuperUser proxy group mapping list ");
     
-    ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
+    ProxyUsers.refreshSuperUserGroupsConfiguration();
   }
 
   private static void printUsage() {

Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/tools/DFSAdmin.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/tools/DFSAdmin.java?rev=1077511&r1=1077510&r2=1077511&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/tools/DFSAdmin.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/tools/DFSAdmin.java
Fri Mar  4 04:22:20 2011
@@ -681,7 +681,7 @@ public class DFSAdmin extends FsShell {
                                              RefreshUserMappingsProtocol.class));
     
     // Refresh the user-to-groups mappings
-    refreshProtocol.refreshUserToGroupsMappings(conf);
+    refreshProtocol.refreshUserToGroupsMappings();
     
     return 0;
   }
@@ -711,7 +711,7 @@ public class DFSAdmin extends FsShell {
                        RefreshUserMappingsProtocol.class));
     
     // Refresh the user-to-groups mappings
-    refreshProtocol.refreshSuperUserGroupsConfiguration(conf);
+    refreshProtocol.refreshSuperUserGroupsConfiguration();
     
     return 0;
   }

Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobTracker.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobTracker.java?rev=1077511&r1=1077510&r2=1077511&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobTracker.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobTracker.java
Fri Mar  4 04:22:20 2011
@@ -4802,18 +4802,18 @@ public class JobTracker implements MRCon
   }
 
   @Override
-  public void refreshSuperUserGroupsConfiguration(Configuration conf) {
+  public void refreshSuperUserGroupsConfiguration() {
     LOG.info("Refreshing superuser proxy groups mapping ");
     
-    ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
+    ProxyUsers.refreshSuperUserGroupsConfiguration();
   }
     
   @Override
-  public void refreshUserToGroupsMappings(Configuration conf) throws IOException {
+  public void refreshUserToGroupsMappings() throws IOException {
     LOG.info("Refreshing all user-to-groups mappings. Requested by user: " + 
              UserGroupInformation.getCurrentUser().getShortUserName());
     
-    Groups.getUserToGroupsMappingService(conf).refresh();
+    Groups.getUserToGroupsMappingService().refresh();
   }
   
   private boolean perTaskMemoryConfigurationSetOnJT() {

Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/tools/MRAdmin.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/tools/MRAdmin.java?rev=1077511&r1=1077510&r2=1077511&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/tools/MRAdmin.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/tools/MRAdmin.java
Fri Mar  4 04:22:20 2011
@@ -236,7 +236,7 @@ public class MRAdmin extends Configured 
                        RefreshUserMappingsProtocol.class));
     
     // Refresh the user-to-groups mappings
-    refreshProtocol.refreshSuperUserGroupsConfiguration(conf);
+    refreshProtocol.refreshSuperUserGroupsConfiguration();
     
     return 0;
   }
@@ -269,7 +269,7 @@ public class MRAdmin extends Configured 
                                              RefreshUserMappingsProtocol.class));
 
     // Refresh the user-to-groups mappings
-    refreshProtocol.refreshUserToGroupsMappings(conf);
+    refreshProtocol.refreshUserToGroupsMappings();
 
     return 0;
   }

Modified: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java?rev=1077511&r1=1077510&r2=1077511&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java
Fri Mar  4 04:22:20 2011
@@ -99,6 +99,7 @@ public class TestDelegationTokenForProxy
         null, null);
     cluster.waitActive();
     cluster.getNameNode().getNamesystem().getDelegationTokenSecretManager().startThreads();
+    ProxyUsers.refreshSuperUserGroupsConfiguration(config);
   }
 
   @After

Modified: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/NNThroughputBenchmark.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/NNThroughputBenchmark.java?rev=1077511&r1=1077510&r2=1077511&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/NNThroughputBenchmark.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/NNThroughputBenchmark.java
Fri Mar  4 04:22:20 2011
@@ -388,7 +388,7 @@ public class NNThroughputBenchmark {
     void benchmarkOne() throws IOException {
       for(int idx = 0; idx < opsPerThread; idx++) {
         if((localNumOpsExecuted+1) % statsOp.ugcRefreshCount == 0)
-          nameNode.refreshUserToGroupsMappings(config);
+          nameNode.refreshUserToGroupsMappings();
         long stat = statsOp.executeOp(daemonId, idx, arg1);
         localNumOpsExecuted++;
         localCumulativeTime += stat;

Modified: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestDoAsEffectiveUser.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestDoAsEffectiveUser.java?rev=1077511&r1=1077510&r2=1077511&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestDoAsEffectiveUser.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestDoAsEffectiveUser.java
Fri Mar  4 04:22:20 2011
@@ -148,6 +148,8 @@ public class TestDoAsEffectiveUser {
     Server server = RPC.getServer(new TestImpl(), ADDRESS,
         0, 5, true, conf, null);
 
+    refreshConf(conf);
+    
     try {
       server.start();
 
@@ -188,6 +190,8 @@ public class TestDoAsEffectiveUser {
     Server server = RPC.getServer(new TestImpl(), ADDRESS,
         0, 2, false, conf, null);
 
+    refreshConf(conf);
+    
     try {
       server.start();
 
@@ -274,6 +278,8 @@ public class TestDoAsEffectiveUser {
     Server server = RPC.getServer(new TestImpl(), ADDRESS,
         0, 2, false, conf, null);
 
+    refreshConf(conf);
+    
     try {
       server.start();
 
@@ -312,6 +318,8 @@ public class TestDoAsEffectiveUser {
     Server server = RPC.getServer(new TestImpl(), ADDRESS,
         0, 2, false, conf, null);
 
+    refreshConf(conf);
+    
     try {
       server.start();
 
@@ -352,6 +360,8 @@ public class TestDoAsEffectiveUser {
     Server server = RPC.getServer(new TestImpl(), ADDRESS,
         0, 2, false, conf, null);
 
+    refreshConf(conf);
+    
     try {
       server.start();
 

Modified: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestMapredGroupMappingServiceRefresh.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestMapredGroupMappingServiceRefresh.java?rev=1077511&r1=1077510&r2=1077511&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestMapredGroupMappingServiceRefresh.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestMapredGroupMappingServiceRefresh.java
Fri Mar  4 04:22:20 2011
@@ -20,9 +20,17 @@ package org.apache.hadoop.security;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.fail;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
 
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
 import java.io.IOException;
+import java.io.PrintWriter;
 import java.net.URI;
+import java.net.URL;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -31,10 +39,13 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.FileSystem;
+import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.hdfs.MiniDFSCluster;
 import org.apache.hadoop.mapred.JobConf;
 import org.apache.hadoop.mapred.MiniMRCluster;
 import org.apache.hadoop.mapred.tools.MRAdmin;
+import org.apache.hadoop.security.authorize.AuthorizationException;
+import org.apache.hadoop.security.authorize.ProxyUsers;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -43,6 +54,7 @@ public class TestMapredGroupMappingServi
   private MiniDFSCluster cluster;
   JobConf config;
   private static long groupRefreshTimeoutSec = 2;
+  private String tempResource = null;
   private static final Log LOG = LogFactory
       .getLog(TestMapredGroupMappingServiceRefresh.class);
   
@@ -89,6 +101,7 @@ public class TestMapredGroupMappingServi
       3, null, null, config);
     
     config.set("mapred.job.tracker", "localhost:"+miniMRCluster.getJobTrackerPort());
+    ProxyUsers.refreshSuperUserGroupsConfiguration(config);
   }
 
   @After
@@ -96,6 +109,10 @@ public class TestMapredGroupMappingServi
     if(cluster!=null) {
       cluster.shutdown();
     }
+    if(tempResource!=null) {
+      File f = new File(tempResource);
+      f.delete();
+    }
   }
   
   @Test
@@ -140,4 +157,103 @@ public class TestMapredGroupMappingServi
       assertFalse("Should be different group ", g3.get(i).equals(g4.get(i)));
     }
   }
+  
+  @Test
+  public void testRefreshSuperUserGroupsConfiguration() throws Exception {
+    final String SUPER_USER = "super_user";
+    final String [] GROUP_NAMES1 = new String [] {"gr1" , "gr2"};
+    final String [] GROUP_NAMES2 = new String [] {"gr3" , "gr4"};
+
+    //keys in conf
+    String userKeyGroups = ProxyUsers.getProxySuperuserGroupConfKey(SUPER_USER);
+    String userKeyHosts = ProxyUsers.getProxySuperuserIpConfKey (SUPER_USER);
+
+    config.set(userKeyGroups, "gr3,gr4,gr5"); // superuser can proxy for this group
+    config.set(userKeyHosts,"127.0.0.1");
+    ProxyUsers.refreshSuperUserGroupsConfiguration(config);
+
+    UserGroupInformation ugi1 = mock(UserGroupInformation.class);
+    UserGroupInformation ugi2 = mock(UserGroupInformation.class);
+    UserGroupInformation suUgi = mock(UserGroupInformation.class);
+    when(ugi1.getRealUser()).thenReturn(suUgi);
+    when(ugi2.getRealUser()).thenReturn(suUgi);
+
+    when(suUgi.getShortUserName()).thenReturn(SUPER_USER); // super user
+    when(suUgi.getUserName()).thenReturn(SUPER_USER+"L"); // super user
+
+    when(ugi1.getShortUserName()).thenReturn("user1");
+    when(ugi2.getShortUserName()).thenReturn("user2");
+
+    when(ugi1.getUserName()).thenReturn("userL1");
+    when(ugi2.getUserName()).thenReturn("userL2");
+
+    // set groups for users
+    when(ugi1.getGroupNames()).thenReturn(GROUP_NAMES1);
+    when(ugi2.getGroupNames()).thenReturn(GROUP_NAMES2);
+
+
+    // check before
+    try {
+      ProxyUsers.authorize(ugi1, "127.0.0.1", config);
+      fail("first auth for " + ugi1.getShortUserName() + " should've failed ");
+    } catch (AuthorizationException e) {
+      // expected
+      System.err.println("auth for " + ugi1.getUserName() + " failed");
+    }
+    try {
+      ProxyUsers.authorize(ugi2, "127.0.0.1", config);
+      System.err.println("auth for " + ugi2.getUserName() + " succeeded");
+      // expected
+    } catch (AuthorizationException e) {
+      fail("first auth for " + ugi2.getShortUserName() + " should've succeeded: " + e.getLocalizedMessage());
+    }
+
+    // refresh will look at configuration on the server side
+    // add additional resource with the new value
+    // so the server side will pick it up
+    String rsrc = "testRefreshSuperUserGroupsConfiguration_rsrc.xml";
+    addNewConfigResource(rsrc, userKeyGroups, "gr2", userKeyHosts, "127.0.0.1");  
+
+    MRAdmin admin = new MRAdmin(config);
+    String [] args = new String[]{"-refreshSuperUserGroupsConfiguration"};
+    admin.run(args);
+
+    try {
+      ProxyUsers.authorize(ugi2, "127.0.0.1", config);
+      fail("second auth for " + ugi2.getShortUserName() + " should've failed ");
+    } catch (AuthorizationException e) {
+      // expected
+      System.err.println("auth for " + ugi2.getUserName() + " failed");
+    }
+    try {
+      ProxyUsers.authorize(ugi1, "127.0.0.1", config);
+      System.err.println("auth for " + ugi1.getUserName() + " succeeded");
+      // expected
+    } catch (AuthorizationException e) {
+      fail("second auth for " + ugi1.getShortUserName() + " should've succeeded: " + e.getLocalizedMessage());
+    }    
+  }
+
+  private void addNewConfigResource(String rsrcName, String keyGroup,
+      String groups, String keyHosts, String hosts)  throws FileNotFoundException {
+    // location for temp resource should be in CLASSPATH
+    URL url = config.getResource("mapred-default.xml");
+    Path p = new Path(url.getPath());
+    Path dir = p.getParent();
+    tempResource = dir.toString() + "/" + rsrcName;
+
+
+    String newResource =
+      "<configuration>"+
+      "<property><name>" + keyGroup + "</name><value>"+groups+"</value></property>"
+
+      "<property><name>" + keyHosts + "</name><value>"+hosts+"</value></property>"
+
+      "</configuration>";
+    PrintWriter writer = new PrintWriter(new FileOutputStream(tempResource));
+    writer.println(newResource);
+    writer.close();
+
+    Configuration.addDefaultResource(rsrcName);
+  }                                                                                     
                                                                               
+
+
 }

Modified: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestRefreshUserMappings.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestRefreshUserMappings.java?rev=1077511&r1=1077510&r2=1077511&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestRefreshUserMappings.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestRefreshUserMappings.java
Fri Mar  4 04:22:20 2011
@@ -25,15 +25,20 @@ import static org.junit.Assert.fail;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
 import java.io.IOException;
+import java.io.PrintWriter;
+import java.net.URL;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.FileSystem;
+import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.hdfs.MiniDFSCluster;
-import org.apache.hadoop.hdfs.server.namenode.NameNode;
 import org.apache.hadoop.hdfs.tools.DFSAdmin;
 import org.apache.hadoop.security.authorize.AuthorizationException;
 import org.apache.hadoop.security.authorize.ProxyUsers;
@@ -45,6 +50,7 @@ public class TestRefreshUserMappings {
   private MiniDFSCluster cluster;
   Configuration config;
   private static long groupRefreshTimeoutSec = 1;
+  private String tempResource = null;
   
   public static class MockUnixGroupsMapping implements GroupMappingServiceProvider {
     private int i=0;
@@ -81,6 +87,10 @@ public class TestRefreshUserMappings {
     if(cluster!=null) {
       cluster.shutdown();
     }
+    if(tempResource!=null) {
+      File f = new File(tempResource);
+      f.delete();
+    }
   }
     
   @Test
@@ -135,6 +145,7 @@ public class TestRefreshUserMappings {
     
     config.set(userKeyGroups, "gr3,gr4,gr5"); // superuser can proxy for this group
     config.set(userKeyHosts,"127.0.0.1");
+    ProxyUsers.refreshSuperUserGroupsConfiguration(config);
     
     UserGroupInformation ugi1 = mock(UserGroupInformation.class);
     UserGroupInformation ugi2 = mock(UserGroupInformation.class);
@@ -172,16 +183,21 @@ public class TestRefreshUserMappings {
       fail("first auth for " + ugi2.getShortUserName() + " should've succeeded: " + e.getLocalizedMessage());
     }
     
+    // refresh will look at configuration on the server side
+    // add additional resource with the new value
+    // so the server side will pick it up
+    String rsrc = "testGroupMappingRefresh_rsrc.xml";
+    addNewConfigResource(rsrc, userKeyGroups, "gr2", userKeyHosts, "127.0.0.1");  
+
+    
     DFSAdmin admin = new DFSAdmin(config);
     String [] args = new String[]{"-refreshSuperUserGroupsConfiguration"};
-    NameNode nn = cluster.getNameNode();
-    Configuration conf = new Configuration(config);
-    conf.set(userKeyGroups, "gr2"); // superuser can proxy for this group
-    admin.setConf(conf);
+    //NameNode nn = cluster.getNameNode();
+    //Configuration conf = new Configuration(config);
+    //conf.set(userKeyGroups, "gr2"); // superuser can proxy for this group
+    //admin.setConf(conf);
     admin.run(args);
     
-    //check after...
-    
     try {
       ProxyUsers.authorize(ugi2, "127.0.0.1", config);
       fail("second auth for " + ugi2.getShortUserName() + " should've failed ");
@@ -197,5 +213,27 @@ public class TestRefreshUserMappings {
       fail("second auth for " + ugi1.getShortUserName() + " should've succeeded: " + e.getLocalizedMessage());
     }    
   }
+  
+  // create a resource file with the new settings
+  private void addNewConfigResource(String rsrcName, String keyGroup,
+      String groups, String keyHosts, String hosts)  throws FileNotFoundException {
+    // location for temp resource should be in CLASSPATH
+    Configuration conf = new Configuration();
+    URL url = conf.getResource("hdfs-default.xml");
+    Path p = new Path(url.getPath());
+    Path dir = p.getParent();
+    tempResource = dir.toString() + "/" + rsrcName;
+
+
+    String newResource =
+      "<configuration>"+
+      "<property><name>" + keyGroup + "</name><value>"+groups+"</value></property>"
+
+      "<property><name>" + keyHosts + "</name><value>"+hosts+"</value></property>"
+
+      "</configuration>";
+    PrintWriter writer = new PrintWriter(new FileOutputStream(tempResource));
+    writer.println(newResource);
+    writer.close();
 
+    Configuration.addDefaultResource(rsrcName);
+  }
 }



Mime
View raw message