hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From xkro...@apache.org
Subject [01/50] hadoop git commit: HADOOP-15395. DefaultImpersonationProvider fails to parse proxy user config if username has . in it. Contributed by Ajay Kumar.
Date Wed, 01 Aug 2018 17:06:17 GMT
Repository: hadoop
Updated Branches:
  refs/heads/HDFS-12943 9b55946e0 -> 2dad24f73


HADOOP-15395. DefaultImpersonationProvider fails to parse proxy user config if username has
. in it. Contributed by Ajay Kumar.


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/5f0b9243
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/5f0b9243
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/5f0b9243

Branch: refs/heads/HDFS-12943
Commit: 5f0b924360b345f491c2d6693882f1069c7f3508
Parents: 3c4fbc6
Author: Mukul Kumar Singh <msingh@apache.org>
Authored: Wed Jul 25 21:09:11 2018 +0530
Committer: Mukul Kumar Singh <msingh@apache.org>
Committed: Wed Jul 25 21:09:11 2018 +0530

----------------------------------------------------------------------
 .../authorize/DefaultImpersonationProvider.java |   4 +-
 .../TestDefaultImpersonationProvider.java       | 100 +++++++++++++++++++
 2 files changed, 102 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/5f0b9243/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java
index 26cd7ab..b766d5c 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java
@@ -75,9 +75,9 @@ public class DefaultImpersonationProvider implements ImpersonationProvider
{
     //   $configPrefix.[ANY].hosts
     //
     String prefixRegEx = configPrefix.replace(".", "\\.");
-    String usersGroupsRegEx = prefixRegEx + "[^.]*(" +
+    String usersGroupsRegEx = prefixRegEx + "[\\S]*(" +
         Pattern.quote(CONF_USERS) + "|" + Pattern.quote(CONF_GROUPS) + ")";
-    String hostsRegEx = prefixRegEx + "[^.]*" + Pattern.quote(CONF_HOSTS);
+    String hostsRegEx = prefixRegEx + "[\\S]*" + Pattern.quote(CONF_HOSTS);
 
   // get list of users and groups per proxyuser
     Map<String,String> allMatchKeys = 

http://git-wip-us.apache.org/repos/asf/hadoop/blob/5f0b9243/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestDefaultImpersonationProvider.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestDefaultImpersonationProvider.java
b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestDefaultImpersonationProvider.java
new file mode 100644
index 0000000..ef86697
--- /dev/null
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestDefaultImpersonationProvider.java
@@ -0,0 +1,100 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.security.authorize;
+
+import static org.mockito.Mockito.when;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.test.LambdaTestUtils;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.Timeout;
+import org.mockito.Mockito;
+
+/**
+ * Test class for @DefaultImpersonationProvider
+ */
+public class TestDefaultImpersonationProvider {
+
+  private String proxyUser;
+  private String user;
+  private DefaultImpersonationProvider provider;
+  private UserGroupInformation userGroupInformation = Mockito
+      .mock(UserGroupInformation.class);
+  private UserGroupInformation realUserUGI = Mockito
+      .mock(UserGroupInformation.class);
+  private Configuration conf;
+  @Rule
+  public Timeout globalTimeout = new Timeout(10000);
+
+  @Before
+  public void setup() {
+    conf = new Configuration();
+    provider = new DefaultImpersonationProvider();
+
+    // Setup 3 proxy users
+    conf.set("hadoop.proxyuser.fakeuser.groups", "*");
+    conf.set("hadoop.proxyuser.fakeuser.hosts", "*");
+    conf.set("hadoop.proxyuser.test.user.groups", "*");
+    conf.set("hadoop.proxyuser.test.user.hosts", "*");
+    conf.set("hadoop.proxyuser.test user2.groups", "*");
+    conf.set("hadoop.proxyuser.test user2.hosts", "*");
+    provider.setConf(conf);
+    provider.init(ProxyUsers.CONF_HADOOP_PROXYUSER);
+  }
+
+  @Test
+  public void testAuthorizationSuccess() throws AuthorizationException {
+    proxyUser = "fakeuser";
+    user = "dummyUser";
+    when(realUserUGI.getShortUserName()).thenReturn(proxyUser);
+    when(userGroupInformation.getRealUser()).thenReturn(realUserUGI);
+    provider.authorize(userGroupInformation, "2.2.2.2");
+
+    user = "somerandomuser";
+    proxyUser = "test.user";
+    when(realUserUGI.getShortUserName()).thenReturn(proxyUser);
+    when(userGroupInformation.getRealUser()).thenReturn(realUserUGI);
+    provider.authorize(userGroupInformation, "2.2.2.2");
+  }
+
+  @Test
+  public void testAuthorizationFailure() throws Exception {
+    user = "dummyUser";
+    proxyUser = "test user2";
+    when(realUserUGI.getShortUserName()).thenReturn(proxyUser);
+    when(realUserUGI.getUserName()).thenReturn(proxyUser);
+    when(userGroupInformation.getUserName()).thenReturn(user);
+    when(userGroupInformation.getRealUser()).thenReturn(realUserUGI);
+    LambdaTestUtils.intercept(AuthorizationException.class, "User: "
+        + proxyUser + " is not allowed to impersonate " + user, () ->
+        provider.authorize(userGroupInformation, "2.2.2.2"));
+  }
+
+  @After
+  public void clear() {
+    provider = null;
+    conf = null;
+    userGroupInformation = null;
+    realUserUGI = null;
+  }
+
+}


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org


Mime
View raw message