hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From xg...@apache.org
Subject git commit: YARN-2279. Add UTs to cover timeline server authentication. Contributed by Zhijie Shen
Date Tue, 28 Oct 2014 18:21:28 GMT
Repository: hadoop
Updated Branches:
  refs/heads/branch-2.6 f5361a835 -> 615af9e45


YARN-2279. Add UTs to cover timeline server authentication. Contributed by Zhijie Shen


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/615af9e4
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/615af9e4
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/615af9e4

Branch: refs/heads/branch-2.6
Commit: 615af9e4547ff28c138d3993dec2434c929cf31d
Parents: f5361a8
Author: Xuan <xgong@apache.org>
Authored: Tue Oct 28 11:20:46 2014 -0700
Committer: Xuan <xgong@apache.org>
Committed: Tue Oct 28 11:20:46 2014 -0700

----------------------------------------------------------------------
 hadoop-yarn-project/CHANGES.txt                 |   3 +
 .../TestTimelineAuthenticationFilter.java       | 108 ++++++++++++++-----
 2 files changed, 86 insertions(+), 25 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/615af9e4/hadoop-yarn-project/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt
index f4499b3..8af8032 100644
--- a/hadoop-yarn-project/CHANGES.txt
+++ b/hadoop-yarn-project/CHANGES.txt
@@ -712,6 +712,9 @@ Release 2.6.0 - UNRELEASED
     YARN-2591. Fixed AHSWebServices to return FORBIDDEN(403) if the request user
     doesn't have access to the history data. (Zhijie Shen via jianhe)
 
+    YARN-2279. Add UTs to cover timeline server authentication.
+    (Zhijie Shen via xgong)
+
 Release 2.5.1 - 2014-09-05
 
   INCOMPATIBLE CHANGES

http://git-wip-us.apache.org/repos/asf/hadoop/blob/615af9e4/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/security/TestTimelineAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/security/TestTimelineAuthenticationFilter.java
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/security/TestTimelineAuthenticationFilter.java
index 8299242..d41a35c 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/security/TestTimelineAuthenticationFilter.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/security/TestTimelineAuthenticationFilter.java
@@ -22,17 +22,23 @@ import static org.junit.Assert.assertTrue;
 
 import java.io.File;
 import java.security.PrivilegedExceptionAction;
+import java.util.Arrays;
+import java.util.Collection;
 import java.util.concurrent.Callable;
 
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
+import org.apache.hadoop.fs.FileUtil;
+import org.apache.hadoop.http.HttpConfig;
 import org.apache.hadoop.io.Text;
 import org.apache.hadoop.minikdc.MiniKdc;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.authentication.KerberosTestUtils;
 import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
 import org.apache.hadoop.security.authorize.AuthorizationException;
+import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
 import org.apache.hadoop.security.token.Token;
+import org.apache.hadoop.yarn.api.records.timeline.TimelineDomain;
 import org.apache.hadoop.yarn.api.records.timeline.TimelineEntity;
 import org.apache.hadoop.yarn.api.records.timeline.TimelinePutResponse;
 import org.apache.hadoop.yarn.client.api.TimelineClient;
@@ -42,30 +48,49 @@ import org.apache.hadoop.yarn.server.applicationhistoryservice.ApplicationHistor
 import org.apache.hadoop.yarn.server.timeline.MemoryTimelineStore;
 import org.apache.hadoop.yarn.server.timeline.TimelineStore;
 import org.junit.After;
-import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.Before;
-import org.junit.BeforeClass;
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
 
+@RunWith(Parameterized.class)
 public class TestTimelineAuthenticationFilter {
 
   private static final String FOO_USER = "foo";
   private static final String BAR_USER = "bar";
   private static final String HTTP_USER = "HTTP";
 
-  private static final File testRootDir = new File("target",
+  private static final File testRootDir = new File(
+      System.getProperty("test.build.dir", "target/test-dir"),
       TestTimelineAuthenticationFilter.class.getName() + "-root");
   private static File httpSpnegoKeytabFile = new File(
       KerberosTestUtils.getKeytabFile());
   private static String httpSpnegoPrincipal =
       KerberosTestUtils.getServerPrincipal();
-  private static MiniKdc testMiniKDC;
-  private static ApplicationHistoryServer testTimelineServer;
-  private static Configuration conf;
+  private static final String BASEDIR =
+      System.getProperty("test.build.dir", "target/test-dir") + "/"
+          + TestTimelineAuthenticationFilter.class.getSimpleName();
 
-  @BeforeClass
-  public static void setupClass() {
+  @Parameterized.Parameters
+  public static Collection<Object[]> withSsl() {
+    return Arrays.asList(new Object[][] { { false }, { true } });
+  }
+
+  private MiniKdc testMiniKDC;
+  private String keystoresDir;
+  private String sslConfDir;
+  private ApplicationHistoryServer testTimelineServer;
+  private Configuration conf;
+  private TimelineClient client;
+  private boolean withSsl;
+
+  public TestTimelineAuthenticationFilter(boolean withSsl) {
+    this.withSsl = withSsl;
+  }
+
+  @Before
+  public void setup() {
     try {
       testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
       testMiniKDC.start();
@@ -77,7 +102,7 @@ public class TestTimelineAuthenticationFilter {
 
     try {
       testTimelineServer = new ApplicationHistoryServer();
-      conf = new YarnConfiguration();
+      conf = new Configuration(false);
       conf.setStrings(TimelineAuthenticationFilterInitializer.PREFIX + "type",
           "kerberos");
       conf.set(TimelineAuthenticationFilterInitializer.PREFIX +
@@ -98,18 +123,37 @@ public class TestTimelineAuthenticationFilter {
           "localhost:10200");
       conf.set(YarnConfiguration.TIMELINE_SERVICE_WEBAPP_ADDRESS,
           "localhost:8188");
+      conf.set(YarnConfiguration.TIMELINE_SERVICE_WEBAPP_HTTPS_ADDRESS,
+          "localhost:8190");
       conf.set("hadoop.proxyuser.HTTP.hosts", "*");
       conf.set("hadoop.proxyuser.HTTP.users", FOO_USER);
+
+      if (withSsl) {
+        conf.set(YarnConfiguration.YARN_HTTP_POLICY_KEY,
+            HttpConfig.Policy.HTTPS_ONLY.name());
+        File base = new File(BASEDIR);
+        FileUtil.fullyDelete(base);
+        base.mkdirs();
+        keystoresDir = new File(BASEDIR).getAbsolutePath();
+        sslConfDir =
+            KeyStoreTestUtil.getClasspathDir(TestTimelineAuthenticationFilter.class);
+        KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);
+      }
+
       UserGroupInformation.setConfiguration(conf);
       testTimelineServer.init(conf);
       testTimelineServer.start();
     } catch (Exception e) {
       assertTrue("Couldn't setup TimelineServer", false);
     }
+
+    client = TimelineClient.createTimelineClient();
+    client.init(conf);
+    client.start();
   }
 
-  @AfterClass
-  public static void tearDownClass() {
+  @After
+  public void tearDown() throws Exception {
     if (testMiniKDC != null) {
       testMiniKDC.stop();
     }
@@ -117,22 +161,16 @@ public class TestTimelineAuthenticationFilter {
     if (testTimelineServer != null) {
       testTimelineServer.stop();
     }
-  }
-
-  private TimelineClient client;
 
-  @Before
-  public void setup() throws Exception {
-    client = TimelineClient.createTimelineClient();
-    client.init(conf);
-    client.start();
-  }
-
-  @After
-  public void tearDown() throws Exception {
     if (client != null) {
       client.stop();
     }
+
+    if (withSsl) {
+      KeyStoreTestUtil.cleanupSSLConfig(keystoresDir, sslConfDir);
+      File base = new File(BASEDIR);
+      FileUtil.fullyDelete(base);
+    }
   }
 
   @Test
@@ -141,14 +179,15 @@ public class TestTimelineAuthenticationFilter {
       @Override
       public Void call() throws Exception {
         TimelineEntity entityToStore = new TimelineEntity();
-        entityToStore.setEntityType("TestTimelineAuthenticationFilter");
+        entityToStore.setEntityType(
+            TestTimelineAuthenticationFilter.class.getName());
         entityToStore.setEntityId("entity1");
         entityToStore.setStartTime(0L);
         TimelinePutResponse putResponse = client.putEntities(entityToStore);
         Assert.assertEquals(0, putResponse.getErrors().size());
         TimelineEntity entityToRead =
             testTimelineServer.getTimelineStore().getEntity(
-                "entity1", "TestTimelineAuthenticationFilter", null);
+                "entity1", TestTimelineAuthenticationFilter.class.getName(), null);
         Assert.assertNotNull(entityToRead);
         return null;
       }
@@ -156,6 +195,25 @@ public class TestTimelineAuthenticationFilter {
   }
 
   @Test
+  public void testPutDomains() throws Exception {
+    KerberosTestUtils.doAs(HTTP_USER + "/localhost", new Callable<Void>() {
+      @Override
+      public Void call() throws Exception {
+        TimelineDomain domainToStore = new TimelineDomain();
+        domainToStore.setId(TestTimelineAuthenticationFilter.class.getName());
+        domainToStore.setReaders("*");
+        domainToStore.setWriters("*");
+        client.putDomain(domainToStore);
+        TimelineDomain domainToRead =
+            testTimelineServer.getTimelineStore().getDomain(
+                TestTimelineAuthenticationFilter.class.getName());
+        Assert.assertNotNull(domainToRead);
+        return null;
+      }
+    });
+  }
+
+  @Test
   public void testGetDelegationToken() throws Exception {
     KerberosTestUtils.doAs(HTTP_USER + "/localhost", new Callable<Void>() {
       @Override


Mime
View raw message