List of usage examples for org.apache.hadoop.security UserGroupInformation loginUserFromKeytab
@InterfaceAudience.Public @InterfaceStability.Evolving public static void loginUserFromKeytab(String user, String path) throws IOException
From source file:org.apache.accumulo.test.proxy.SimpleProxyBase.java
License:Apache License
@Test public void attachIteratorsWithScans() throws Exception { if (client.tableExists(creds, "slow")) { client.deleteTable(creds, "slow"); }/*from w w w .j a v a2 s. c o m*/ // create a table that's very slow, so we can look for scans client.createTable(creds, "slow", true, TimeType.MILLIS); IteratorSetting setting = new IteratorSetting(100, "slow", SlowIterator.class.getName(), Collections.singletonMap("sleepTime", "250")); client.attachIterator(creds, "slow", setting, EnumSet.allOf(IteratorScope.class)); // Should take 10 seconds to read every record for (int i = 0; i < 40; i++) { client.updateAndFlush(creds, "slow", mutation("row" + i, "cf", "cq", "value")); } // scan Thread t = new Thread() { @Override public void run() { String scanner; TestProxyClient proxyClient2 = null; try { if (isKerberosEnabled()) { UserGroupInformation.loginUserFromKeytab(clientPrincipal, clientKeytab.getAbsolutePath()); proxyClient2 = new TestProxyClient(hostname, proxyPort, factory, proxyPrimary, UserGroupInformation.getCurrentUser()); } else { proxyClient2 = new TestProxyClient(hostname, proxyPort, factory); } Client client2 = proxyClient2.proxy(); scanner = client2.createScanner(creds, "slow", null); client2.nextK(scanner, 10); client2.closeScanner(scanner); } catch (Exception e) { throw new RuntimeException(e); } finally { if (null != proxyClient2) { proxyClient2.close(); } } } }; t.start(); // look for the scan many times List<ActiveScan> scans = new ArrayList<>(); for (int i = 0; i < 100 && scans.isEmpty(); i++) { for (String tserver : client.getTabletServers(creds)) { List<ActiveScan> scansForServer = client.getActiveScans(creds, tserver); for (ActiveScan scan : scansForServer) { if (clientPrincipal.equals(scan.getUser())) { scans.add(scan); } } if (!scans.isEmpty()) break; sleepUninterruptibly(100, TimeUnit.MILLISECONDS); } } t.join(); assertFalse("Expected to find scans, but found none", scans.isEmpty()); boolean found = false; Map<String, String> map = null; for (int i = 0; i < scans.size() && !found; i++) { ActiveScan scan = scans.get(i); if (clientPrincipal.equals(scan.getUser())) { assertTrue(ScanState.RUNNING.equals(scan.getState()) || ScanState.QUEUED.equals(scan.getState())); assertEquals(ScanType.SINGLE, scan.getType()); assertEquals("slow", scan.getTable()); map = client.tableIdMap(creds); assertEquals(map.get("slow"), scan.getExtent().tableId); assertTrue(scan.getExtent().endRow == null); assertTrue(scan.getExtent().prevEndRow == null); found = true; } } assertTrue("Could not find a scan against the 'slow' table", found); }
From source file:org.apache.accumulo.test.proxy.SimpleProxyBase.java
License:Apache License
@Test public void attachIteratorWithCompactions() throws Exception { if (client.tableExists(creds, "slow")) { client.deleteTable(creds, "slow"); }// w w w .j a v a 2 s . c o m // create a table that's very slow, so we can look for compactions client.createTable(creds, "slow", true, TimeType.MILLIS); IteratorSetting setting = new IteratorSetting(100, "slow", SlowIterator.class.getName(), Collections.singletonMap("sleepTime", "250")); client.attachIterator(creds, "slow", setting, EnumSet.allOf(IteratorScope.class)); // Should take 10 seconds to read every record for (int i = 0; i < 40; i++) { client.updateAndFlush(creds, "slow", mutation("row" + i, "cf", "cq", "value")); } Map<String, String> map = client.tableIdMap(creds); // start a compaction Thread t = new Thread() { @Override public void run() { TestProxyClient proxyClient2 = null; try { if (isKerberosEnabled()) { UserGroupInformation.loginUserFromKeytab(clientPrincipal, clientKeytab.getAbsolutePath()); proxyClient2 = new TestProxyClient(hostname, proxyPort, factory, proxyPrimary, UserGroupInformation.getCurrentUser()); } else { proxyClient2 = new TestProxyClient(hostname, proxyPort, factory); } Client client2 = proxyClient2.proxy(); client2.compactTable(creds, "slow", null, null, null, true, true, null); } catch (Exception e) { throw new RuntimeException(e); } finally { if (null != proxyClient2) { proxyClient2.close(); } } } }; t.start(); final String desiredTableId = map.get("slow"); // Make sure we can find the slow table assertNotNull(desiredTableId); // try to catch it in the act List<ActiveCompaction> compactions = new ArrayList<>(); for (int i = 0; i < 100 && compactions.isEmpty(); i++) { // Iterate over the tservers for (String tserver : client.getTabletServers(creds)) { // And get the compactions on each List<ActiveCompaction> compactionsOnServer = client.getActiveCompactions(creds, tserver); for (ActiveCompaction compact : compactionsOnServer) { // There might be other compactions occurring (e.g. on METADATA) in which // case we want to prune out those that aren't for our slow table if (desiredTableId.equals(compact.getExtent().tableId)) { compactions.add(compact); } } // If we found a compaction for the table we wanted, so we can stop looking if (!compactions.isEmpty()) break; } sleepUninterruptibly(10, TimeUnit.MILLISECONDS); } t.join(); // verify the compaction information assertFalse(compactions.isEmpty()); for (ActiveCompaction c : compactions) { if (desiredTableId.equals(c.getExtent().tableId)) { assertTrue(c.inputFiles.isEmpty()); assertEquals(CompactionType.MINOR, c.getType()); assertEquals(CompactionReason.USER, c.getReason()); assertEquals("", c.localityGroup); assertTrue(c.outputFile.contains("default_tablet")); return; } } fail("Expection to find running compaction for table 'slow' but did not find one"); }
From source file:org.apache.accumulo.test.proxy.SimpleProxyBase.java
License:Apache License
@Test public void userManagement() throws Exception { String user;//from w ww . java2 s .c o m ClusterUser otherClient = null; ByteBuffer password = s2bb("password"); if (isKerberosEnabled()) { otherClient = getKdc().getClientPrincipal(1); user = otherClient.getPrincipal(); } else { user = getUniqueNames(1)[0]; } // create a user client.createLocalUser(creds, user, password); // change auths Set<String> users = client.listLocalUsers(creds); Set<String> expectedUsers = new HashSet<>(Arrays.asList(clientPrincipal, user)); assertTrue("Did not find all expected users: " + expectedUsers, users.containsAll(expectedUsers)); HashSet<ByteBuffer> auths = new HashSet<>(Arrays.asList(s2bb("A"), s2bb("B"))); client.changeUserAuthorizations(creds, user, auths); List<ByteBuffer> update = client.getUserAuthorizations(creds, user); assertEquals(auths, new HashSet<>(update)); // change password if (!isKerberosEnabled()) { password = s2bb(""); client.changeLocalUserPassword(creds, user, password); assertTrue(client.authenticateUser(creds, user, s2pp(ByteBufferUtil.toString(password)))); } if (isKerberosEnabled()) { UserGroupInformation.loginUserFromKeytab(otherClient.getPrincipal(), otherClient.getKeytab().getAbsolutePath()); final UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); // Re-login in and make a new connection. Can't use the previous one TestProxyClient otherProxyClient = null; try { otherProxyClient = new TestProxyClient(hostname, proxyPort, factory, proxyPrimary, ugi); otherProxyClient.proxy().login(user, Collections.<String, String>emptyMap()); } finally { if (null != otherProxyClient) { otherProxyClient.close(); } } } else { // check login with new password client.login(user, s2pp(ByteBufferUtil.toString(password))); } }
From source file:org.apache.accumulo.test.proxy.SimpleProxyBase.java
License:Apache License
@Test public void userPermissions() throws Exception { String userName = getUniqueNames(1)[0]; ClusterUser otherClient = null;/* w w w.ja v a 2 s . c om*/ ByteBuffer password = s2bb("password"); ByteBuffer user; TestProxyClient origProxyClient = null; Client origClient = null; TestProxyClient userProxyClient = null; Client userClient = null; if (isKerberosEnabled()) { otherClient = getKdc().getClientPrincipal(1); userName = otherClient.getPrincipal(); UserGroupInformation.loginUserFromKeytab(otherClient.getPrincipal(), otherClient.getKeytab().getAbsolutePath()); final UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); // Re-login in and make a new connection. Can't use the previous one userProxyClient = new TestProxyClient(hostname, proxyPort, factory, proxyPrimary, ugi); origProxyClient = proxyClient; origClient = client; userClient = client = userProxyClient.proxy(); user = client.login(userName, Collections.<String, String>emptyMap()); } else { userName = getUniqueNames(1)[0]; // create a user client.createLocalUser(creds, userName, password); user = client.login(userName, s2pp(ByteBufferUtil.toString(password))); } // check permission failure try { client.createTable(user, "fail", true, TimeType.MILLIS); fail("should not create the table"); } catch (AccumuloSecurityException ex) { if (isKerberosEnabled()) { // Switch back to original client UserGroupInformation.loginUserFromKeytab(clientPrincipal, clientKeytab.getAbsolutePath()); client = origClient; } assertFalse(client.listTables(creds).contains("fail")); } // grant permissions and test assertFalse(client.hasSystemPermission(creds, userName, SystemPermission.CREATE_TABLE)); client.grantSystemPermission(creds, userName, SystemPermission.CREATE_TABLE); assertTrue(client.hasSystemPermission(creds, userName, SystemPermission.CREATE_TABLE)); if (isKerberosEnabled()) { // Switch back to the extra user UserGroupInformation.loginUserFromKeytab(otherClient.getPrincipal(), otherClient.getKeytab().getAbsolutePath()); client = userClient; } client.createTable(user, "success", true, TimeType.MILLIS); if (isKerberosEnabled()) { // Switch back to original client UserGroupInformation.loginUserFromKeytab(clientPrincipal, clientKeytab.getAbsolutePath()); client = origClient; } assertTrue(client.listTables(creds).contains("success")); // revoke permissions client.revokeSystemPermission(creds, userName, SystemPermission.CREATE_TABLE); assertFalse(client.hasSystemPermission(creds, userName, SystemPermission.CREATE_TABLE)); try { if (isKerberosEnabled()) { // Switch back to the extra user UserGroupInformation.loginUserFromKeytab(otherClient.getPrincipal(), otherClient.getKeytab().getAbsolutePath()); client = userClient; } client.createTable(user, "fail", true, TimeType.MILLIS); fail("should not create the table"); } catch (AccumuloSecurityException ex) { if (isKerberosEnabled()) { // Switch back to original client UserGroupInformation.loginUserFromKeytab(clientPrincipal, clientKeytab.getAbsolutePath()); client = origClient; } assertFalse(client.listTables(creds).contains("fail")); } // denied! try { if (isKerberosEnabled()) { // Switch back to the extra user UserGroupInformation.loginUserFromKeytab(otherClient.getPrincipal(), otherClient.getKeytab().getAbsolutePath()); client = userClient; } String scanner = client.createScanner(user, tableName, null); client.nextK(scanner, 100); fail("stooge should not read table test"); } catch (AccumuloSecurityException ex) { } if (isKerberosEnabled()) { // Switch back to original client UserGroupInformation.loginUserFromKeytab(clientPrincipal, clientKeytab.getAbsolutePath()); client = origClient; } // grant assertFalse(client.hasTablePermission(creds, userName, tableName, TablePermission.READ)); client.grantTablePermission(creds, userName, tableName, TablePermission.READ); assertTrue(client.hasTablePermission(creds, userName, tableName, TablePermission.READ)); if (isKerberosEnabled()) { // Switch back to the extra user UserGroupInformation.loginUserFromKeytab(otherClient.getPrincipal(), otherClient.getKeytab().getAbsolutePath()); client = userClient; } String scanner = client.createScanner(user, tableName, null); client.nextK(scanner, 10); client.closeScanner(scanner); if (isKerberosEnabled()) { // Switch back to original client UserGroupInformation.loginUserFromKeytab(clientPrincipal, clientKeytab.getAbsolutePath()); client = origClient; } // revoke client.revokeTablePermission(creds, userName, tableName, TablePermission.READ); assertFalse(client.hasTablePermission(creds, userName, tableName, TablePermission.READ)); try { if (isKerberosEnabled()) { // Switch back to the extra user UserGroupInformation.loginUserFromKeytab(otherClient.getPrincipal(), otherClient.getKeytab().getAbsolutePath()); client = userClient; } scanner = client.createScanner(user, tableName, null); client.nextK(scanner, 100); fail("stooge should not read table test"); } catch (AccumuloSecurityException ex) { } if (isKerberosEnabled()) { // Switch back to original client UserGroupInformation.loginUserFromKeytab(clientPrincipal, clientKeytab.getAbsolutePath()); client = origClient; } // delete user client.dropLocalUser(creds, userName); Set<String> users = client.listLocalUsers(creds); assertFalse("Should not see user after they are deleted", users.contains(userName)); if (isKerberosEnabled()) { userProxyClient.close(); proxyClient = origProxyClient; client = origClient; } }
From source file:org.apache.accumulo.test.proxy.SimpleProxyBase.java
License:Apache License
@Test public void namespacePermissions() throws Exception { String userName;/* w w w . j a v a 2 s . c o m*/ ClusterUser otherClient = null; ByteBuffer password = s2bb("password"); ByteBuffer user; TestProxyClient origProxyClient = null; Client origClient = null; TestProxyClient userProxyClient = null; Client userClient = null; if (isKerberosEnabled()) { otherClient = getKdc().getClientPrincipal(1); userName = otherClient.getPrincipal(); UserGroupInformation.loginUserFromKeytab(otherClient.getPrincipal(), otherClient.getKeytab().getAbsolutePath()); final UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); // Re-login in and make a new connection. Can't use the previous one userProxyClient = new TestProxyClient(hostname, proxyPort, factory, proxyPrimary, ugi); origProxyClient = proxyClient; origClient = client; userClient = client = userProxyClient.proxy(); user = client.login(userName, Collections.<String, String>emptyMap()); } else { userName = getUniqueNames(1)[0]; // create a user client.createLocalUser(creds, userName, password); user = client.login(userName, s2pp(ByteBufferUtil.toString(password))); } // check permission failure try { client.createTable(user, namespaceName + ".fail", true, TimeType.MILLIS); fail("should not create the table"); } catch (AccumuloSecurityException ex) { if (isKerberosEnabled()) { // Switch back to original client UserGroupInformation.loginUserFromKeytab(clientPrincipal, clientKeytab.getAbsolutePath()); client = origClient; } assertFalse(client.listTables(creds).contains(namespaceName + ".fail")); } // grant permissions and test assertFalse( client.hasNamespacePermission(creds, userName, namespaceName, NamespacePermission.CREATE_TABLE)); client.grantNamespacePermission(creds, userName, namespaceName, NamespacePermission.CREATE_TABLE); assertTrue(client.hasNamespacePermission(creds, userName, namespaceName, NamespacePermission.CREATE_TABLE)); if (isKerberosEnabled()) { // Switch back to the extra user UserGroupInformation.loginUserFromKeytab(otherClient.getPrincipal(), otherClient.getKeytab().getAbsolutePath()); client = userClient; } client.createTable(user, namespaceName + ".success", true, TimeType.MILLIS); if (isKerberosEnabled()) { // Switch back to original client UserGroupInformation.loginUserFromKeytab(clientPrincipal, clientKeytab.getAbsolutePath()); client = origClient; } assertTrue(client.listTables(creds).contains(namespaceName + ".success")); // revoke permissions client.revokeNamespacePermission(creds, userName, namespaceName, NamespacePermission.CREATE_TABLE); assertFalse( client.hasNamespacePermission(creds, userName, namespaceName, NamespacePermission.CREATE_TABLE)); try { if (isKerberosEnabled()) { // Switch back to the extra user UserGroupInformation.loginUserFromKeytab(otherClient.getPrincipal(), otherClient.getKeytab().getAbsolutePath()); client = userClient; } client.createTable(user, namespaceName + ".fail", true, TimeType.MILLIS); fail("should not create the table"); } catch (AccumuloSecurityException ex) { if (isKerberosEnabled()) { // Switch back to original client UserGroupInformation.loginUserFromKeytab(clientPrincipal, clientKeytab.getAbsolutePath()); client = origClient; } assertFalse(client.listTables(creds).contains(namespaceName + ".fail")); } // delete user client.dropLocalUser(creds, userName); Set<String> users = client.listLocalUsers(creds); assertFalse("Should not see user after they are deleted", users.contains(userName)); if (isKerberosEnabled()) { userProxyClient.close(); proxyClient = origProxyClient; client = origClient; } // delete table from namespace otherwise we can't delete namespace during teardown client.deleteTable(creds, namespaceName + ".success"); }
From source file:org.apache.accumulo.test.proxy.SimpleProxyBase.java
License:Apache License
@Test public void testConditionalWriter() throws Exception { log.debug("Adding constraint {} to {}", tableName, NumericValueConstraint.class.getName()); client.addConstraint(creds, tableName, NumericValueConstraint.class.getName()); sleepUninterruptibly(ZOOKEEPER_PROPAGATION_TIME, TimeUnit.MILLISECONDS); // Take the table offline and online to force a config update client.offlineTable(creds, tableName, true); client.onlineTable(creds, tableName, true); while (!client.listConstraints(creds, tableName).containsKey(NumericValueConstraint.class.getName())) { log.info("Failed to see constraint"); Thread.sleep(1000);//from w w w .java 2 s . co m } String cwid = client.createConditionalWriter(creds, tableName, new ConditionalWriterOptions()); Map<ByteBuffer, ConditionalUpdates> updates = new HashMap<>(); updates.put(s2bb("00345"), new ConditionalUpdates(Arrays.asList(newCondition("meta", "seq")), Arrays.asList(newColUpdate("meta", "seq", 10, "1"), newColUpdate("data", "img", "73435435")))); Map<ByteBuffer, ConditionalStatus> results = client.updateRowsConditionally(cwid, updates); assertEquals(1, results.size()); assertEquals(ConditionalStatus.ACCEPTED, results.get(s2bb("00345"))); assertScan(new String[][] { { "00345", "data", "img", "73435435" }, { "00345", "meta", "seq", "1" } }, tableName); // test not setting values on conditions updates.clear(); updates.put(s2bb("00345"), new ConditionalUpdates(Arrays.asList(newCondition("meta", "seq")), Arrays.asList(newColUpdate("meta", "seq", "2")))); updates.put(s2bb("00346"), new ConditionalUpdates(Arrays.asList(newCondition("meta", "seq")), Arrays.asList(newColUpdate("meta", "seq", "1")))); results = client.updateRowsConditionally(cwid, updates); assertEquals(2, results.size()); assertEquals(ConditionalStatus.REJECTED, results.get(s2bb("00345"))); assertEquals(ConditionalStatus.ACCEPTED, results.get(s2bb("00346"))); assertScan(new String[][] { { "00345", "data", "img", "73435435" }, { "00345", "meta", "seq", "1" }, { "00346", "meta", "seq", "1" } }, tableName); // test setting values on conditions updates.clear(); updates.put(s2bb("00345"), new ConditionalUpdates(Arrays.asList(newCondition("meta", "seq", "1")), Arrays.asList(newColUpdate("meta", "seq", 20, "2"), newColUpdate("data", "img", "567890")))); updates.put(s2bb("00346"), new ConditionalUpdates(Arrays.asList(newCondition("meta", "seq", "2")), Arrays.asList(newColUpdate("meta", "seq", "3")))); results = client.updateRowsConditionally(cwid, updates); assertEquals(2, results.size()); assertEquals(ConditionalStatus.ACCEPTED, results.get(s2bb("00345"))); assertEquals(ConditionalStatus.REJECTED, results.get(s2bb("00346"))); assertScan(new String[][] { { "00345", "data", "img", "567890" }, { "00345", "meta", "seq", "2" }, { "00346", "meta", "seq", "1" } }, tableName); // test setting timestamp on condition to a non-existant version updates.clear(); updates.put(s2bb("00345"), new ConditionalUpdates(Arrays.asList(newCondition("meta", "seq", 10, "2")), Arrays.asList(newColUpdate("meta", "seq", 30, "3"), newColUpdate("data", "img", "1234567890")))); results = client.updateRowsConditionally(cwid, updates); assertEquals(1, results.size()); assertEquals(ConditionalStatus.REJECTED, results.get(s2bb("00345"))); assertScan(new String[][] { { "00345", "data", "img", "567890" }, { "00345", "meta", "seq", "2" }, { "00346", "meta", "seq", "1" } }, tableName); // test setting timestamp to an existing version updates.clear(); updates.put(s2bb("00345"), new ConditionalUpdates(Arrays.asList(newCondition("meta", "seq", 20, "2")), Arrays.asList(newColUpdate("meta", "seq", 30, "3"), newColUpdate("data", "img", "1234567890")))); results = client.updateRowsConditionally(cwid, updates); assertEquals(1, results.size()); assertEquals(ConditionalStatus.ACCEPTED, results.get(s2bb("00345"))); assertScan(new String[][] { { "00345", "data", "img", "1234567890" }, { "00345", "meta", "seq", "3" }, { "00346", "meta", "seq", "1" } }, tableName); // run test w/ condition that has iterators // following should fail w/o iterator client.updateAndFlush(creds, tableName, Collections.singletonMap(s2bb("00347"), Arrays.asList(newColUpdate("data", "count", "1")))); client.updateAndFlush(creds, tableName, Collections.singletonMap(s2bb("00347"), Arrays.asList(newColUpdate("data", "count", "1")))); client.updateAndFlush(creds, tableName, Collections.singletonMap(s2bb("00347"), Arrays.asList(newColUpdate("data", "count", "1")))); updates.clear(); updates.put(s2bb("00347"), new ConditionalUpdates(Arrays.asList(newCondition("data", "count", "3")), Arrays.asList(newColUpdate("data", "img", "1234567890")))); results = client.updateRowsConditionally(cwid, updates); assertEquals(1, results.size()); assertEquals(ConditionalStatus.REJECTED, results.get(s2bb("00347"))); assertScan(new String[][] { { "00345", "data", "img", "1234567890" }, { "00345", "meta", "seq", "3" }, { "00346", "meta", "seq", "1" }, { "00347", "data", "count", "1" } }, tableName); // following test w/ iterator setup should succeed Condition iterCond = newCondition("data", "count", "3"); Map<String, String> props = new HashMap<>(); props.put("type", "STRING"); props.put("columns", "data:count"); IteratorSetting is = new IteratorSetting(1, "sumc", SummingCombiner.class.getName(), props); iterCond.setIterators(Arrays.asList(is)); updates.clear(); updates.put(s2bb("00347"), new ConditionalUpdates(Arrays.asList(iterCond), Arrays.asList(newColUpdate("data", "img", "1234567890")))); results = client.updateRowsConditionally(cwid, updates); assertEquals(1, results.size()); assertEquals(ConditionalStatus.ACCEPTED, results.get(s2bb("00347"))); assertScan(new String[][] { { "00345", "data", "img", "1234567890" }, { "00345", "meta", "seq", "3" }, { "00346", "meta", "seq", "1" }, { "00347", "data", "count", "1" }, { "00347", "data", "img", "1234567890" } }, tableName); ConditionalStatus status = null; for (int i = 0; i < 30; i++) { // test a mutation that violated a constraint updates.clear(); updates.put(s2bb("00347"), new ConditionalUpdates(Arrays.asList(newCondition("data", "img", "1234567890")), Arrays.asList(newColUpdate("data", "count", "A")))); results = client.updateRowsConditionally(cwid, updates); assertEquals(1, results.size()); status = results.get(s2bb("00347")); if (ConditionalStatus.VIOLATED != status) { log.info( "ConditionalUpdate was not rejected by server due to table constraint. Sleeping and retrying"); Thread.sleep(5000); continue; } assertEquals(ConditionalStatus.VIOLATED, status); break; } // Final check to make sure we succeeded and didn't exceed the retries assertEquals(ConditionalStatus.VIOLATED, status); assertScan(new String[][] { { "00345", "data", "img", "1234567890" }, { "00345", "meta", "seq", "3" }, { "00346", "meta", "seq", "1" }, { "00347", "data", "count", "1" }, { "00347", "data", "img", "1234567890" } }, tableName); // run test with two conditions // both conditions should fail updates.clear(); updates.put(s2bb("00347"), new ConditionalUpdates( Arrays.asList(newCondition("data", "img", "565"), newCondition("data", "count", "2")), Arrays.asList(newColUpdate("data", "count", "3"), newColUpdate("data", "img", "0987654321")))); results = client.updateRowsConditionally(cwid, updates); assertEquals(1, results.size()); assertEquals(ConditionalStatus.REJECTED, results.get(s2bb("00347"))); assertScan(new String[][] { { "00345", "data", "img", "1234567890" }, { "00345", "meta", "seq", "3" }, { "00346", "meta", "seq", "1" }, { "00347", "data", "count", "1" }, { "00347", "data", "img", "1234567890" } }, tableName); // one condition should fail updates.clear(); updates.put(s2bb("00347"), new ConditionalUpdates( Arrays.asList(newCondition("data", "img", "1234567890"), newCondition("data", "count", "2")), Arrays.asList(newColUpdate("data", "count", "3"), newColUpdate("data", "img", "0987654321")))); results = client.updateRowsConditionally(cwid, updates); assertEquals(1, results.size()); assertEquals(ConditionalStatus.REJECTED, results.get(s2bb("00347"))); assertScan(new String[][] { { "00345", "data", "img", "1234567890" }, { "00345", "meta", "seq", "3" }, { "00346", "meta", "seq", "1" }, { "00347", "data", "count", "1" }, { "00347", "data", "img", "1234567890" } }, tableName); // one condition should fail updates.clear(); updates.put(s2bb("00347"), new ConditionalUpdates( Arrays.asList(newCondition("data", "img", "565"), newCondition("data", "count", "1")), Arrays.asList(newColUpdate("data", "count", "3"), newColUpdate("data", "img", "0987654321")))); results = client.updateRowsConditionally(cwid, updates); assertEquals(1, results.size()); assertEquals(ConditionalStatus.REJECTED, results.get(s2bb("00347"))); assertScan(new String[][] { { "00345", "data", "img", "1234567890" }, { "00345", "meta", "seq", "3" }, { "00346", "meta", "seq", "1" }, { "00347", "data", "count", "1" }, { "00347", "data", "img", "1234567890" } }, tableName); // both conditions should succeed ConditionalStatus result = client.updateRowConditionally(creds, tableName, s2bb("00347"), new ConditionalUpdates( Arrays.asList(newCondition("data", "img", "1234567890"), newCondition("data", "count", "1")), Arrays.asList(newColUpdate("data", "count", "3"), newColUpdate("data", "img", "0987654321")))); assertEquals(ConditionalStatus.ACCEPTED, result); assertScan(new String[][] { { "00345", "data", "img", "1234567890" }, { "00345", "meta", "seq", "3" }, { "00346", "meta", "seq", "1" }, { "00347", "data", "count", "3" }, { "00347", "data", "img", "0987654321" } }, tableName); client.closeConditionalWriter(cwid); try { client.updateRowsConditionally(cwid, updates); fail("conditional writer not closed"); } catch (UnknownWriter uk) { } String principal; ClusterUser cwuser = null; if (isKerberosEnabled()) { cwuser = getKdc().getClientPrincipal(1); principal = cwuser.getPrincipal(); client.createLocalUser(creds, principal, s2bb("unused")); } else { principal = "cwuser"; // run test with colvis client.createLocalUser(creds, principal, s2bb("bestpasswordever")); } client.changeUserAuthorizations(creds, principal, Collections.singleton(s2bb("A"))); client.grantTablePermission(creds, principal, tableName, TablePermission.WRITE); client.grantTablePermission(creds, principal, tableName, TablePermission.READ); TestProxyClient cwuserProxyClient = null; Client origClient = null; Map<String, String> cwProperties; if (isKerberosEnabled()) { UserGroupInformation.loginUserFromKeytab(cwuser.getPrincipal(), cwuser.getKeytab().getAbsolutePath()); final UserGroupInformation cwuserUgi = UserGroupInformation.getCurrentUser(); // Re-login in and make a new connection. Can't use the previous one cwuserProxyClient = new TestProxyClient(hostname, proxyPort, factory, proxyPrimary, cwuserUgi); origClient = client; client = cwuserProxyClient.proxy(); cwProperties = Collections.emptyMap(); } else { cwProperties = Collections.singletonMap("password", "bestpasswordever"); } try { ByteBuffer cwCreds = client.login(principal, cwProperties); cwid = client.createConditionalWriter(cwCreds, tableName, new ConditionalWriterOptions().setAuthorizations(Collections.singleton(s2bb("A")))); updates.clear(); updates.put(s2bb("00348"), new ConditionalUpdates( Arrays.asList(new Condition(new Column(s2bb("data"), s2bb("c"), s2bb("A")))), Arrays.asList(newColUpdate("data", "seq", "1"), newColUpdate("data", "c", "1").setColVisibility(s2bb("A"))))); updates.put(s2bb("00349"), new ConditionalUpdates( Arrays.asList(new Condition(new Column(s2bb("data"), s2bb("c"), s2bb("B")))), Arrays.asList(newColUpdate("data", "seq", "1")))); results = client.updateRowsConditionally(cwid, updates); assertEquals(2, results.size()); assertEquals(ConditionalStatus.ACCEPTED, results.get(s2bb("00348"))); assertEquals(ConditionalStatus.INVISIBLE_VISIBILITY, results.get(s2bb("00349"))); if (isKerberosEnabled()) { UserGroupInformation.loginUserFromKeytab(clientPrincipal, clientKeytab.getAbsolutePath()); client = origClient; } // Verify that the original user can't see the updates with visibilities set assertScan(new String[][] { { "00345", "data", "img", "1234567890" }, { "00345", "meta", "seq", "3" }, { "00346", "meta", "seq", "1" }, { "00347", "data", "count", "3" }, { "00347", "data", "img", "0987654321" }, { "00348", "data", "seq", "1" } }, tableName); if (isKerberosEnabled()) { UserGroupInformation.loginUserFromKeytab(cwuser.getPrincipal(), cwuser.getKeytab().getAbsolutePath()); client = cwuserProxyClient.proxy(); } updates.clear(); updates.clear(); updates.put(s2bb("00348"), new ConditionalUpdates( Arrays.asList( new Condition(new Column(s2bb("data"), s2bb("c"), s2bb("A"))).setValue(s2bb("0"))), Arrays.asList(newColUpdate("data", "seq", "2"), newColUpdate("data", "c", "2").setColVisibility(s2bb("A"))))); results = client.updateRowsConditionally(cwid, updates); assertEquals(1, results.size()); assertEquals(ConditionalStatus.REJECTED, results.get(s2bb("00348"))); if (isKerberosEnabled()) { UserGroupInformation.loginUserFromKeytab(clientPrincipal, clientKeytab.getAbsolutePath()); client = origClient; } // Same results as the original user assertScan(new String[][] { { "00345", "data", "img", "1234567890" }, { "00345", "meta", "seq", "3" }, { "00346", "meta", "seq", "1" }, { "00347", "data", "count", "3" }, { "00347", "data", "img", "0987654321" }, { "00348", "data", "seq", "1" } }, tableName); if (isKerberosEnabled()) { UserGroupInformation.loginUserFromKeytab(cwuser.getPrincipal(), cwuser.getKeytab().getAbsolutePath()); client = cwuserProxyClient.proxy(); } updates.clear(); updates.put(s2bb("00348"), new ConditionalUpdates( Arrays.asList( new Condition(new Column(s2bb("data"), s2bb("c"), s2bb("A"))).setValue(s2bb("1"))), Arrays.asList(newColUpdate("data", "seq", "2"), newColUpdate("data", "c", "2").setColVisibility(s2bb("A"))))); results = client.updateRowsConditionally(cwid, updates); assertEquals(1, results.size()); assertEquals(ConditionalStatus.ACCEPTED, results.get(s2bb("00348"))); if (isKerberosEnabled()) { UserGroupInformation.loginUserFromKeytab(clientPrincipal, clientKeytab.getAbsolutePath()); client = origClient; } assertScan(new String[][] { { "00345", "data", "img", "1234567890" }, { "00345", "meta", "seq", "3" }, { "00346", "meta", "seq", "1" }, { "00347", "data", "count", "3" }, { "00347", "data", "img", "0987654321" }, { "00348", "data", "seq", "2" } }, tableName); if (isKerberosEnabled()) { UserGroupInformation.loginUserFromKeytab(cwuser.getPrincipal(), cwuser.getKeytab().getAbsolutePath()); client = cwuserProxyClient.proxy(); } client.closeConditionalWriter(cwid); try { client.updateRowsConditionally(cwid, updates); fail("conditional writer not closed"); } catch (UnknownWriter uk) { } } finally { if (isKerberosEnabled()) { // Close the other client if (null != cwuserProxyClient) { cwuserProxyClient.close(); } UserGroupInformation.loginUserFromKeytab(clientPrincipal, clientKeytab.getAbsolutePath()); // Re-login and restore the original client client = origClient; } client.dropLocalUser(creds, principal); } }
From source file:org.apache.accumulo.test.randomwalk.Environment.java
License:Apache License
/** * Gets an authentication token based on the configured password. * * @return authentication token//from w w w. j a v a2 s. c o m */ public AuthenticationToken getToken() { String password = getPassword(); if (null != password) { return new PasswordToken(getPassword()); } String keytab = getKeytab(); if (null != keytab) { File keytabFile = new File(keytab); if (!keytabFile.exists() || !keytabFile.isFile()) { throw new IllegalArgumentException("Provided keytab is not a normal file: " + keytab); } try { UserGroupInformation.loginUserFromKeytab(getUserName(), keytabFile.getAbsolutePath()); return new KerberosToken(); } catch (IOException e) { throw new RuntimeException("Failed to login", e); } } throw new IllegalArgumentException("Must provide password or keytab in configuration"); }
From source file:org.apache.accumulo.test.security.KerberosTokenEmbeddedKDCTest.java
License:Apache License
@Test public void test() throws Exception { String user = testName.getMethodName(); File userKeytab = new File(kdc.getKeytabDir(), user + ".keytab"); if (userKeytab.exists() && !userKeytab.delete()) { log.warn("Unable to delete {}", userKeytab); }/*ww w . ja va2s.com*/ kdc.createPrincipal(userKeytab, user); user = kdc.qualifyUser(user); UserGroupInformation.loginUserFromKeytab(user, userKeytab.getAbsolutePath()); KerberosToken token = new KerberosToken(); assertEquals(user, token.getPrincipal()); // Use the long-hand constructor, should be equivalent to short-hand KerberosToken tokenWithPrinc = new KerberosToken(user); assertEquals(token, tokenWithPrinc); assertEquals(token.hashCode(), tokenWithPrinc.hashCode()); }
From source file:org.apache.accumulo.test.security.KerberosTokenEmbeddedKDCTest.java
License:Apache License
@Test public void testDestroy() throws Exception { String user = testName.getMethodName(); File userKeytab = new File(kdc.getKeytabDir(), user + ".keytab"); if (userKeytab.exists() && !userKeytab.delete()) { log.warn("Unable to delete {}", userKeytab); }//from w ww . j a v a 2 s. c o m kdc.createPrincipal(userKeytab, user); user = kdc.qualifyUser(user); UserGroupInformation.loginUserFromKeytab(user, userKeytab.getAbsolutePath()); KerberosToken token = new KerberosToken(); assertEquals(user, token.getPrincipal()); token.destroy(); assertTrue(token.isDestroyed()); assertNull(token.getPrincipal()); }
From source file:org.apache.ambari.servicemonitor.Monitor.java
License:Apache License
/** * Execute the monitor. This method does not exit except by throwing exceptions or by calling System.exit(). * @throws IOException problems/*from w w w . ja va 2 s. c om*/ * @throws ExitMainException an explicit exit exception */ public void execMonitor(Reporter reporter) throws IOException { Configuration conf = getConf(); int probeInterval = conf.getInt(MONITOR_PROBE_INTERVAL, PROBE_INTERVAL_DEFAULT); int reportInterval = conf.getInt(MONITOR_REPORT_INTERVAL, REPORT_INTERVAL_DEFAULT); int probeTimeout = conf.getInt(MONITOR_PROBE_TIMEOUT, PROBE_TIMEOUT_DEFAULT); int bootstrapTimeout = conf.getInt(MONITOR_BOOTSTRAP_TIMEOUT, BOOTSTRAP_TIMEOUT_DEFAULT); boolean krb5Enabled = conf.getBoolean(MONITOR_KRB5_ENABLED, MONITOR_DEFAULT_KRB5_ENABLED); String krb5Principal = conf.get(MONITOR_KRB5_PRINCIPAL, MONITOR_DEFAULT_KRB5_PRINCIPAL); String krb5Keytab = conf.get(MONITOR_KRB5_KEYTAB, MONITOR_DEFAULT_KRB5_KEYTAB); if (LOG.isInfoEnabled()) { LOG.info("krb5Enabled = " + krb5Enabled + ", krb5Principal = " + krb5Principal + ", krb5Keyab = " + krb5Keytab); } if (krb5Enabled) { UserGroupInformation.loginUserFromKeytab(krb5Principal, krb5Keytab); UserGroupInformation.getLoginUser(); } List<Probe> probes = new ArrayList<Probe>(); if (conf.getBoolean(PORT_PROBE_ENABLED, false)) { String probeHost = conf.get(PORT_PROBE_HOST, DEFAULT_PROBE_HOST); int probePort = conf.getInt(PORT_PROBE_PORT, DEFAULT_PROBE_PORT); if (probePort == -1) { URI fsURI = FileSystem.getDefaultUri(conf); probePort = fsURI.getPort(); validateParam(probePort == -1, "No port value in " + fsURI); } PortProbe portProbe = PortProbe.createPortProbe(new Configuration(conf), probeHost, probePort); probes.add(portProbe); } else { LOG.debug("port probe disabled"); } if (conf.getBoolean(PID_PROBE_ENABLED, false)) { Probe probe = PidLiveProbe.createProbe(new Configuration(conf)); probes.add(probe); LOG.debug("Pid probe enabled: " + probe.toString()); } else { LOG.debug("Pid probe disabled"); } if (conf.getBoolean(WEB_PROBE_ENABLED, false)) { HttpProbe httpProbe = HttpProbe.createHttpProbe(new Configuration(conf)); probes.add(httpProbe); } else { LOG.debug("HTTP probe disabled"); } if (conf.getBoolean(LS_PROBE_ENABLED, false)) { String path = conf.get(LS_PROBE_PATH, LS_PROBE_DEFAULT); DfsListProbe lsProbe = new DfsListProbe(new Configuration(conf), path); probes.add(lsProbe); } else { LOG.debug("ls probe disabled"); } if (conf.getBoolean(JT_PROBE_ENABLED, false)) { Probe jtProbe = new JTClusterStatusProbe(new Configuration(conf)); probes.add(jtProbe); } else { LOG.debug("JT probe disabled"); } List<Probe> dependencyProbes = new ArrayList<Probe>(1); if (conf.getBoolean(MONITOR_DEPENDENCY_DFSLIVE, false)) { //there's a dependency on DFS //add a monitor for it LOG.info("Adding a dependency on HDFS being live"); dependencyProbes.add(new DfsSafeModeProbe(new Configuration(conf), true)); } reportingLoop = new ReportingLoop(name, reporter, probes, dependencyProbes, probeInterval, reportInterval, probeTimeout, bootstrapTimeout); if (!reportingLoop.startReporting()) { throw new ExitMainException(name + ": failed to start monitoring with reporter " + reporter); } //start reporting, either in a background thread //or here, directly in the main thread reportingLoop.run(); }