Author: omalley
Date: Wed Feb 17 14:07:47 2010
New Revision: 910981
URL: http://svn.apache.org/viewvc?rev=910981&view=rev
Log:
HDFS-965. Split TestDelegationToken in to two parts and fix configuration
to allow proxy users in the test. (Jitendra Pandey via omalley)
Added:
hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java
Modified:
hadoop/hdfs/trunk/CHANGES.txt
hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationToken.java
Modified: hadoop/hdfs/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/CHANGES.txt?rev=910981&r1=910980&r2=910981&view=diff
==============================================================================
--- hadoop/hdfs/trunk/CHANGES.txt (original)
+++ hadoop/hdfs/trunk/CHANGES.txt Wed Feb 17 14:07:47 2010
@@ -134,8 +134,11 @@
HDFS-938. Replace calls to UGI.getUserName() with UGI.getShortUserName()
(jghoman)
- HDFS-894. DatanodeID.ipcPort is not updated when existing node re-registers.
- (Todd Lipcon via tomwhite)
+ HDFS-894. DatanodeID.ipcPort is not updated when existing node
+ re-registers. (Todd Lipcon via tomwhite)
+
+ HDFS-965. Split TestDelegationToken in to two parts and fix configuration
+ to allow proxy users in the test. (Jitendra Pandey via omalley)
Release 0.21.0 - Unreleased
Modified: hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationToken.java
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationToken.java?rev=910981&r1=910980&r2=910981&view=diff
==============================================================================
--- hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationToken.java
(original)
+++ hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationToken.java
Wed Feb 17 14:07:47 2010
@@ -34,7 +34,6 @@
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.io.Text;
-import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.SecretManager.InvalidToken;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
@@ -47,10 +46,6 @@
public class TestDelegationToken {
private MiniDFSCluster cluster;
Configuration config;
- final private static String GROUP1_NAME = "group1";
- final private static String GROUP2_NAME = "group2";
- final private static String[] GROUP_NAMES = new String[] { GROUP1_NAME,
- GROUP2_NAME };
@Before
public void setUp() throws Exception {
@@ -132,33 +127,5 @@
Log.info("A valid token should have non-null password, and should be renewed successfully");
Assert.assertTrue(null != dtSecretManager.retrievePassword(identifier));
Assert.assertTrue(dtSecretManager.renewToken(token, "JobTracker"));
- }
-
- @Test
- public void testDelegationTokenWithRealUser() throws IOException {
- UserGroupInformation ugi = UserGroupInformation.createUserForTesting(
- "RealUser", GROUP_NAMES);
- final UserGroupInformation proxyUgi = UserGroupInformation.createProxyUser(
- "proxyUser", ugi);
- try {
- Token<DelegationTokenIdentifier> token = proxyUgi
- .doAs(new PrivilegedExceptionAction<Token<DelegationTokenIdentifier>>()
{
- public Token<DelegationTokenIdentifier> run() throws IOException {
- DistributedFileSystem dfs = (DistributedFileSystem) cluster
- .getFileSystem();
- return dfs.getDelegationToken(new Text("RenewerUser"));
- }
- });
- DelegationTokenIdentifier identifier = new DelegationTokenIdentifier();
- byte[] tokenId = token.getIdentifier();
- identifier.readFields(new DataInputStream(new ByteArrayInputStream(
- tokenId)));
- Assert.assertEquals(identifier.getUser().getUserName(), "proxyUser");
- Assert.assertEquals(identifier.getUser().getRealUser().getUserName(),
- "RealUser");
- } catch (InterruptedException e) {
- //Do Nothing
- }
- }
-
+ }
}
Added: hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java?rev=910981&view=auto
==============================================================================
--- hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java
(added)
+++ hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java
Wed Feb 17 14:07:47 2010
@@ -0,0 +1,138 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hdfs.security;
+
+
+
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.NetworkInterface;
+import java.security.PrivilegedExceptionAction;
+import java.util.ArrayList;
+import java.util.Enumeration;
+
+import junit.framework.Assert;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.FileSystem;
+import org.apache.hadoop.hdfs.DFSConfigKeys;
+import org.apache.hadoop.hdfs.DistributedFileSystem;
+import org.apache.hadoop.hdfs.HdfsConfiguration;
+import org.apache.hadoop.hdfs.MiniDFSCluster;
+import org.apache.hadoop.io.Text;
+import org.apache.commons.logging.*;
+import org.apache.hadoop.security.TestDoAsEffectiveUser;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.authorize.ProxyUsers;
+import org.apache.hadoop.security.token.Token;
+import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+public class TestDelegationTokenForProxyUser {
+ private MiniDFSCluster cluster;
+ Configuration config;
+ final private static String GROUP1_NAME = "group1";
+ final private static String GROUP2_NAME = "group2";
+ final private static String[] GROUP_NAMES = new String[] { GROUP1_NAME,
+ GROUP2_NAME };
+ final private static String REAL_USER = "RealUser";
+ final private static String PROXY_USER = "ProxyUser";
+
+ private static final Log LOG = LogFactory.getLog(TestDoAsEffectiveUser.class);
+
+ private void configureSuperUserIPAddresses(Configuration conf,
+ String superUserShortName) throws IOException {
+ ArrayList<String> ipList = new ArrayList<String>();
+ Enumeration<NetworkInterface> netInterfaceList = NetworkInterface
+ .getNetworkInterfaces();
+ while (netInterfaceList.hasMoreElements()) {
+ NetworkInterface inf = netInterfaceList.nextElement();
+ Enumeration<InetAddress> addrList = inf.getInetAddresses();
+ while (addrList.hasMoreElements()) {
+ InetAddress addr = addrList.nextElement();
+ ipList.add(addr.getHostAddress());
+ }
+ }
+ StringBuilder builder = new StringBuilder();
+ for (String ip : ipList) {
+ builder.append(ip);
+ builder.append(',');
+ }
+ builder.append("127.0.1.1,");
+ builder.append(InetAddress.getLocalHost().getCanonicalHostName());
+ LOG.info("Local Ip addresses: " + builder.toString());
+ conf.setStrings(ProxyUsers.getProxySuperuserIpConfKey(superUserShortName),
+ builder.toString());
+ }
+
+ @Before
+ public void setUp() throws Exception {
+ config = new HdfsConfiguration();
+ config.setLong(
+ DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_MAX_LIFETIME_KEY, 10000);
+ config.setLong(
+ DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_RENEW_INTERVAL_KEY, 5000);
+ config.setStrings(ProxyUsers.getProxySuperuserGroupConfKey(REAL_USER),
+ "group1");
+ configureSuperUserIPAddresses(config, REAL_USER);
+ FileSystem.setDefaultUri(config, "hdfs://localhost:" + "0");
+ cluster = new MiniDFSCluster(0, config, 1, true, true, true, null, null,
+ null, null);
+ cluster.waitActive();
+ }
+
+ @After
+ public void tearDown() throws Exception {
+ if(cluster!=null) {
+ cluster.shutdown();
+ }
+ }
+
+ @Test
+ public void testDelegationTokenWithRealUser() throws IOException {
+ UserGroupInformation ugi = UserGroupInformation
+ .createRemoteUser(REAL_USER);
+ final UserGroupInformation proxyUgi = UserGroupInformation
+ .createProxyUserForTesting(PROXY_USER, ugi, GROUP_NAMES);
+ try {
+ Token<DelegationTokenIdentifier> token = proxyUgi
+ .doAs(new PrivilegedExceptionAction<Token<DelegationTokenIdentifier>>()
{
+ public Token<DelegationTokenIdentifier> run() throws IOException {
+ DistributedFileSystem dfs = (DistributedFileSystem) cluster
+ .getFileSystem();
+ return dfs.getDelegationToken(new Text("RenewerUser"));
+ }
+ });
+ DelegationTokenIdentifier identifier = new DelegationTokenIdentifier();
+ byte[] tokenId = token.getIdentifier();
+ identifier.readFields(new DataInputStream(new ByteArrayInputStream(
+ tokenId)));
+ Assert.assertEquals(identifier.getUser().getUserName(), PROXY_USER);
+ Assert.assertEquals(identifier.getUser().getRealUser().getUserName(),
+ REAL_USER);
+ } catch (InterruptedException e) {
+ //Do Nothing
+ }
+ }
+
+}
|