List of usage examples for org.apache.hadoop.security UserGroupInformation createUserForTesting
@InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation createUserForTesting(String user, String[] userGroups)
From source file:org.apache.coheigea.bigdata.kms.ranger.RangerKmsAuthorizerTest.java
License:Apache License
@org.junit.Test public void testCreateKeys() throws Throwable { // bob should have permission to create final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob"); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { KMSWebApp.getACLs().assertAccess(Type.CREATE, ugi, KMSOp.CREATE_KEY, "newkey1", "127.0.0.1"); return null; }/*w w w .j ava 2 s . c o m*/ }); // "eve" should not have permission to create final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve"); ugi2.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.CREATE, ugi2, KMSOp.CREATE_KEY, "newkey2", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); // the IT group should not have permission to create final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" }); ugi3.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.CREATE, ugi3, KMSOp.CREATE_KEY, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); }
From source file:org.apache.coheigea.bigdata.kms.ranger.RangerKmsAuthorizerTest.java
License:Apache License
@org.junit.Test public void testDeleteKeys() throws Throwable { // bob should have permission to delete final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob"); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { KMSWebApp.getACLs().assertAccess(Type.DELETE, ugi, KMSOp.DELETE_KEY, "newkey1", "127.0.0.1"); return null; }//from w w w . j a v a2 s. c om }); // "eve" should not have permission to delete final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve"); ugi2.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.DELETE, ugi2, KMSOp.DELETE_KEY, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); // the IT group should not have permission to delete final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" }); ugi3.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.DELETE, ugi3, KMSOp.DELETE_KEY, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); }
From source file:org.apache.coheigea.bigdata.kms.ranger.RangerKmsAuthorizerTest.java
License:Apache License
@org.junit.Test public void testRollover() throws Throwable { // bob should have permission to rollover final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob"); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { KMSWebApp.getACLs().assertAccess(Type.ROLLOVER, ugi, KMSOp.ROLL_NEW_VERSION, "newkey1", "127.0.0.1"); return null; }//from w ww. j a va 2s . c om }); // "eve" should not have permission to rollover final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve"); ugi2.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.ROLLOVER, ugi2, KMSOp.ROLL_NEW_VERSION, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); // the IT group should not have permission to rollover final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" }); ugi3.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.ROLLOVER, ugi3, KMSOp.ROLL_NEW_VERSION, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); }
From source file:org.apache.coheigea.bigdata.kms.ranger.RangerKmsAuthorizerTest.java
License:Apache License
@org.junit.Test public void testGetKeys() throws Throwable { // bob should have permission to get keys final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob"); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { KMSWebApp.getACLs().assertAccess(Type.GET_KEYS, ugi, KMSOp.GET_KEYS, "newkey1", "127.0.0.1"); return null; }//from ww w. ja va2s. co m }); // "eve" should not have permission to get keys final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve"); ugi2.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.GET_KEYS, ugi2, KMSOp.GET_KEYS, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); // the IT group should have permission to get keys final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" }); ugi3.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { KMSWebApp.getACLs().assertAccess(Type.GET_KEYS, ugi3, KMSOp.GET_KEYS, "newkey1", "127.0.0.1"); return null; } }); }
From source file:org.apache.coheigea.bigdata.kms.ranger.RangerKmsAuthorizerTest.java
License:Apache License
@org.junit.Test public void testGetMetadata() throws Throwable { // bob should have permission to get the metadata final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob"); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { KMSWebApp.getACLs().assertAccess(Type.GET_METADATA, ugi, KMSOp.GET_METADATA, "newkey1", "127.0.0.1"); return null; }/*from w w w . j a va 2s .com*/ }); // "eve" should not have permission to get the metadata final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve"); ugi2.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.GET_METADATA, ugi2, KMSOp.GET_METADATA, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); // the IT group should have permission to get the metadata final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" }); ugi3.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { KMSWebApp.getACLs().assertAccess(Type.GET_METADATA, ugi3, KMSOp.GET_METADATA, "newkey1", "127.0.0.1"); return null; } }); }
From source file:org.apache.coheigea.bigdata.kms.ranger.RangerKmsAuthorizerTest.java
License:Apache License
@org.junit.Test public void testGenerateEEK() throws Throwable { // bob should have permission to generate EEK final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob"); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { KMSWebApp.getACLs().assertAccess(Type.GENERATE_EEK, ugi, KMSOp.GENERATE_EEK, "newkey1", "127.0.0.1"); return null; }//from w w w . j a v a 2 s .co m }); // "eve" should not have permission to generate EEK final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve"); ugi2.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.GENERATE_EEK, ugi2, KMSOp.GENERATE_EEK, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); // the IT group should not have permission to generate EEK final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" }); ugi3.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.GENERATE_EEK, ugi3, KMSOp.GENERATE_EEK, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); }
From source file:org.apache.coheigea.bigdata.kms.ranger.RangerKmsAuthorizerTest.java
License:Apache License
@org.junit.Test public void testDecryptEEK() throws Throwable { // bob should have permission to generate EEK final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob"); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { KMSWebApp.getACLs().assertAccess(Type.DECRYPT_EEK, ugi, KMSOp.DECRYPT_EEK, "newkey1", "127.0.0.1"); return null; }/*from w ww. j a v a 2s. c om*/ }); // "eve" should not have permission to decrypt EEK final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve"); ugi2.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.DECRYPT_EEK, ugi2, KMSOp.DECRYPT_EEK, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); // the IT group should not have permission to decrypt EEK final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" }); ugi3.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.DECRYPT_EEK, ugi3, KMSOp.DECRYPT_EEK, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); }
From source file:org.apache.coheigea.bigdata.solr.ranger.RangerSolrCloudTest.java
License:Apache License
private void performQuery(String user, String group, boolean exceptionExpected) throws Exception { final CloudSolrClient cloudSolrClient = server.getSolrClient(); cloudSolrClient.setDefaultCollection("docs"); ModifiableSolrParams params = new ModifiableSolrParams(); params.set("q", "*"); final QueryRequest queryRequest = new QueryRequest(params); queryRequest.setBasicAuthCredentials(user, "SolrRocks"); try {//from w w w .j a v a2 s.c o m if (group != null) { UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { group }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { cloudSolrClient.request(queryRequest); return null; } }); } else { cloudSolrClient.request(queryRequest); } } catch (Exception ex) { if (!exceptionExpected) { throw ex; } return; } Assert.assertFalse(exceptionExpected); }
From source file:org.apache.coheigea.bigdata.solr.ranger.SolrAuthorizationMockTest.java
License:Apache License
private void performTest(final int expectedStatus, String user, String group, RequestType requestType, String ipAddress) throws Exception { Map<String, Object> requestParameters = new HashMap<>(); requestParameters.put("userPrincipal", user); requestParameters.put("collectionRequests", "docs"); requestParameters.put("requestType", requestType); if (ipAddress != null) { requestParameters.put("ipAddress", ipAddress); }/*from w ww . j a v a 2 s .c om*/ final AuthorizationContext context = new MockAuthorizationContext(requestParameters); if (group != null) { UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { group }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { AuthorizationResponse authResp = plugin.authorize(context); Assert.assertEquals(expectedStatus, authResp.statusCode); return null; } }); } else { AuthorizationResponse authResp = plugin.authorize(context); Assert.assertEquals(expectedStatus, authResp.statusCode); } }
From source file:org.apache.coheigea.bigdata.storm.StormTest.java
License:Apache License
@org.junit.Test public void testStorm() throws Exception { final TopologyBuilder builder = new TopologyBuilder(); builder.setSpout("words", new WordSpout()); builder.setBolt("counter", new WordCounterBolt()).shuffleGrouping("words"); final Config conf = new Config(); conf.setDebug(true);/*from ww w .j a v a 2 s . c o m*/ final LocalCluster cluster = new LocalCluster(); UserGroupInformation ugi = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { cluster.submitTopology("word-count", conf, builder.createTopology()); return null; } }); Utils.sleep(10000); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { cluster.killTopology("word-count"); return null; } }); cluster.shutdown(); }