hadoop-hdfs-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From omal...@apache.org
Subject svn commit: r910981 - in /hadoop/hdfs/trunk: CHANGES.txt src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationToken.java src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java
Date Wed, 17 Feb 2010 14:07:47 GMT
Author: omalley
Date: Wed Feb 17 14:07:47 2010
New Revision: 910981

URL: http://svn.apache.org/viewvc?rev=910981&view=rev
Log:
HDFS-965. Split TestDelegationToken in to two parts and fix configuration
to allow proxy users in the test. (Jitendra Pandey via omalley)

Added:
    hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java
Modified:
    hadoop/hdfs/trunk/CHANGES.txt
    hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationToken.java

Modified: hadoop/hdfs/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/CHANGES.txt?rev=910981&r1=910980&r2=910981&view=diff
==============================================================================
--- hadoop/hdfs/trunk/CHANGES.txt (original)
+++ hadoop/hdfs/trunk/CHANGES.txt Wed Feb 17 14:07:47 2010
@@ -134,8 +134,11 @@
     HDFS-938. Replace calls to UGI.getUserName() with UGI.getShortUserName()
     (jghoman)
 
-    HDFS-894. DatanodeID.ipcPort is not updated when existing node re-registers.
-    (Todd Lipcon via tomwhite)
+    HDFS-894. DatanodeID.ipcPort is not updated when existing node 
+    re-registers. (Todd Lipcon via tomwhite)
+
+    HDFS-965. Split TestDelegationToken in to two parts and fix configuration
+    to allow proxy users in the test. (Jitendra Pandey via omalley)
 
 Release 0.21.0 - Unreleased
 

Modified: hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationToken.java
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationToken.java?rev=910981&r1=910980&r2=910981&view=diff
==============================================================================
--- hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationToken.java
(original)
+++ hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationToken.java
Wed Feb 17 14:07:47 2010
@@ -34,7 +34,6 @@
 import org.apache.hadoop.hdfs.HdfsConfiguration;
 import org.apache.hadoop.hdfs.MiniDFSCluster;
 import org.apache.hadoop.io.Text;
-import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.security.token.SecretManager.InvalidToken;
 import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
@@ -47,10 +46,6 @@
 public class TestDelegationToken {
   private MiniDFSCluster cluster;
   Configuration config;
-  final private static String GROUP1_NAME = "group1";
-  final private static String GROUP2_NAME = "group2";
-  final private static String[] GROUP_NAMES = new String[] { GROUP1_NAME,
-      GROUP2_NAME };
   
   @Before
   public void setUp() throws Exception {
@@ -132,33 +127,5 @@
     Log.info("A valid token should have non-null password, and should be renewed successfully");
     Assert.assertTrue(null != dtSecretManager.retrievePassword(identifier));
     Assert.assertTrue(dtSecretManager.renewToken(token, "JobTracker"));
-  }
- 
-  @Test
-  public void testDelegationTokenWithRealUser() throws IOException {
-    UserGroupInformation ugi = UserGroupInformation.createUserForTesting(
-        "RealUser", GROUP_NAMES);
-    final UserGroupInformation proxyUgi = UserGroupInformation.createProxyUser(
-        "proxyUser", ugi);
-    try {
-      Token<DelegationTokenIdentifier> token = proxyUgi
-          .doAs(new PrivilegedExceptionAction<Token<DelegationTokenIdentifier>>()
{
-            public Token<DelegationTokenIdentifier> run() throws IOException {
-              DistributedFileSystem dfs = (DistributedFileSystem) cluster
-                  .getFileSystem();
-              return dfs.getDelegationToken(new Text("RenewerUser"));
-            }
-          });
-      DelegationTokenIdentifier identifier = new DelegationTokenIdentifier();
-      byte[] tokenId = token.getIdentifier();
-      identifier.readFields(new DataInputStream(new ByteArrayInputStream(
-          tokenId)));
-      Assert.assertEquals(identifier.getUser().getUserName(), "proxyUser");
-      Assert.assertEquals(identifier.getUser().getRealUser().getUserName(),
-          "RealUser");
-    } catch (InterruptedException e) {
-      //Do Nothing
-    }
-  }
-  
+  } 
 }

Added: hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java?rev=910981&view=auto
==============================================================================
--- hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java
(added)
+++ hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java
Wed Feb 17 14:07:47 2010
@@ -0,0 +1,138 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hdfs.security;
+
+
+
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.NetworkInterface;
+import java.security.PrivilegedExceptionAction;
+import java.util.ArrayList;
+import java.util.Enumeration;
+
+import junit.framework.Assert;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.FileSystem;
+import org.apache.hadoop.hdfs.DFSConfigKeys;
+import org.apache.hadoop.hdfs.DistributedFileSystem;
+import org.apache.hadoop.hdfs.HdfsConfiguration;
+import org.apache.hadoop.hdfs.MiniDFSCluster;
+import org.apache.hadoop.io.Text;
+import org.apache.commons.logging.*;
+import org.apache.hadoop.security.TestDoAsEffectiveUser;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.authorize.ProxyUsers;
+import org.apache.hadoop.security.token.Token;
+import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+public class TestDelegationTokenForProxyUser {
+  private MiniDFSCluster cluster;
+  Configuration config;
+  final private static String GROUP1_NAME = "group1";
+  final private static String GROUP2_NAME = "group2";
+  final private static String[] GROUP_NAMES = new String[] { GROUP1_NAME,
+      GROUP2_NAME };
+  final private static String REAL_USER = "RealUser";
+  final private static String PROXY_USER = "ProxyUser";
+  
+  private static final Log LOG = LogFactory.getLog(TestDoAsEffectiveUser.class);
+  
+  private void configureSuperUserIPAddresses(Configuration conf,
+      String superUserShortName) throws IOException {
+    ArrayList<String> ipList = new ArrayList<String>();
+    Enumeration<NetworkInterface> netInterfaceList = NetworkInterface
+        .getNetworkInterfaces();
+    while (netInterfaceList.hasMoreElements()) {
+      NetworkInterface inf = netInterfaceList.nextElement();
+      Enumeration<InetAddress> addrList = inf.getInetAddresses();
+      while (addrList.hasMoreElements()) {
+        InetAddress addr = addrList.nextElement();
+        ipList.add(addr.getHostAddress());
+      }
+    }
+    StringBuilder builder = new StringBuilder();
+    for (String ip : ipList) {
+      builder.append(ip);
+      builder.append(',');
+    }
+    builder.append("127.0.1.1,");
+    builder.append(InetAddress.getLocalHost().getCanonicalHostName());
+    LOG.info("Local Ip addresses: " + builder.toString());
+    conf.setStrings(ProxyUsers.getProxySuperuserIpConfKey(superUserShortName),
+        builder.toString());
+  }
+  
+  @Before
+  public void setUp() throws Exception {
+    config = new HdfsConfiguration();
+    config.setLong(
+        DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_MAX_LIFETIME_KEY, 10000);
+    config.setLong(
+        DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_RENEW_INTERVAL_KEY, 5000);
+    config.setStrings(ProxyUsers.getProxySuperuserGroupConfKey(REAL_USER),
+        "group1");
+    configureSuperUserIPAddresses(config, REAL_USER);
+    FileSystem.setDefaultUri(config, "hdfs://localhost:" + "0");
+    cluster = new MiniDFSCluster(0, config, 1, true, true, true, null, null,
+        null, null);
+    cluster.waitActive();
+  }
+
+  @After
+  public void tearDown() throws Exception {
+    if(cluster!=null) {
+      cluster.shutdown();
+    }
+  }
+ 
+  @Test
+  public void testDelegationTokenWithRealUser() throws IOException {
+    UserGroupInformation ugi = UserGroupInformation
+        .createRemoteUser(REAL_USER);
+    final UserGroupInformation proxyUgi = UserGroupInformation
+        .createProxyUserForTesting(PROXY_USER, ugi, GROUP_NAMES);
+    try {
+      Token<DelegationTokenIdentifier> token = proxyUgi
+          .doAs(new PrivilegedExceptionAction<Token<DelegationTokenIdentifier>>()
{
+            public Token<DelegationTokenIdentifier> run() throws IOException {
+              DistributedFileSystem dfs = (DistributedFileSystem) cluster
+                  .getFileSystem();
+              return dfs.getDelegationToken(new Text("RenewerUser"));
+            }
+          });
+      DelegationTokenIdentifier identifier = new DelegationTokenIdentifier();
+      byte[] tokenId = token.getIdentifier();
+      identifier.readFields(new DataInputStream(new ByteArrayInputStream(
+          tokenId)));
+      Assert.assertEquals(identifier.getUser().getUserName(), PROXY_USER);
+      Assert.assertEquals(identifier.getUser().getRealUser().getUserName(),
+          REAL_USER);
+    } catch (InterruptedException e) {
+      //Do Nothing
+    }
+  }
+  
+}



Mime
View raw message