private void verifyCaching(DefaultUGIProvider provider, ImpersonationRequest aliceImpRequest, ImpersonationRequest bobImpRequest, UGIWithPrincipal aliceUGIWithPrincipal, UGIWithPrincipal bobUGIWithPrincipal) throws IOException { // Fetch the bob UGI again, it should still return the valid one Assert.assertSame(bobUGIWithPrincipal, provider.getConfiguredUGI(bobImpRequest)); // Invalid the cache, getting of Alice UGI should pass, while getting of Bob should fails provider.invalidCache(); Assert.assertNotSame(aliceUGIWithPrincipal, provider.getConfiguredUGI(aliceImpRequest)); try { provider.getConfiguredUGI(bobImpRequest); Assert.fail("Expected IOException when getting UGI for " + bobImpRequest); } catch (IOException e) { // Expected } }
new File(keytabURI.getPath()) : localizeKeytab(locationFactory.create(keytabURI)); try { String expandedPrincipal = SecurityUtil.expandPrincipal(impersonationRequest.getPrincipal());
DefaultUGIProvider provider = new DefaultUGIProvider(cConf, locationFactory, ownerAdmin, namespaceClient); UGIWithPrincipal eveUGIWithPrincipal = provider.getConfiguredUGI(bobImpRequest); Assert.assertEquals(UserGroupInformation.AuthenticationMethod.KERBEROS, eveUGIWithPrincipal.getUGI().getAuthenticationMethod());
@Test public void testDefaultUGIProviderWithHDFSFiles() throws Exception { // create a location on hdfs for keytabs Location hdfsKeytabDir = locationFactory.create("keytabs"); // set in the cConf so that later it can be used to fetch the keytabs for the given principal setKeytabDir(hdfsKeytabDir.toURI().toString()); Location aliceRemoteKeytabFile = copyFileToHDFS(hdfsKeytabDir, aliceKeytabFile); Location bobRemoteKeytabFile = copyFileToHDFS(hdfsKeytabDir, bobKeytabFile); OwnerAdmin ownerAdmin = getOwnerAdmin(); DefaultUGIProvider provider = new DefaultUGIProvider(cConf, locationFactory, ownerAdmin, namespaceClient); // add some entity owners ownerAdmin.add(aliceEntity, aliceKerberosPrincipalId); ownerAdmin.add(bobEntity, bobKerberosPrincipalId); // Try with keytab file on hdfs ImpersonationRequest aliceImpRequest = new ImpersonationRequest(aliceEntity, ImpersonatedOpType.OTHER); ImpersonationRequest bobImpRequest = new ImpersonationRequest(bobEntity, ImpersonatedOpType.OTHER); UGIWithPrincipal aliceUGIWithPrincipal = verifyAndGetUGI(provider, aliceKerberosPrincipalId, aliceImpRequest); UGIWithPrincipal bobUGIWithPrincipal = verifyAndGetUGI(provider, bobKerberosPrincipalId, bobImpRequest); // delete bob's keytab file on hdfs Assert.assertTrue(bobRemoteKeytabFile.delete()); // verify caching by ensuring that we are able to fetch bob's ugi even after delete but not after invalidating the // cache verifyCaching(provider, aliceImpRequest, bobImpRequest, aliceUGIWithPrincipal, bobUGIWithPrincipal); // cleanup ownerAdmin.delete(aliceEntity); ownerAdmin.delete(bobEntity); }