assertUserAllowed(drwho, acl); assertUserAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserNotAllowed(ian, acl); assertUserAllowed(drwho, acl); assertUserNotAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserNotAllowed(ian, acl); assertUserAllowed(drwho, acl); assertUserNotAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserNotAllowed(ian, acl); assertUserAllowed(drwho, acl); assertUserAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserNotAllowed(ian, acl); assertUserAllowed(drwho, acl); assertUserAllowed(susan, acl); assertUserAllowed(barbara, acl); assertUserAllowed(ian, acl);
public void testAclString() { AccessControlList acl; acl = new AccessControlList("*"); assertTrue(acl.toString().equals("All users are allowed")); validateGetAclString(acl); acl = new AccessControlList(" "); assertTrue(acl.toString().equals("No users are allowed")); acl = new AccessControlList("user1,user2"); assertTrue(acl.toString().equals("Users [user1, user2] are allowed")); validateGetAclString(acl); acl = new AccessControlList("user1,user2 ");// with space assertTrue(acl.toString().equals("Users [user1, user2] are allowed")); validateGetAclString(acl); acl = new AccessControlList(" group1,group2"); assertTrue(acl.toString().equals( "Members of the groups [group1, group2] are allowed")); validateGetAclString(acl); acl = new AccessControlList("user1,user2 group1,group2"); assertTrue(acl.toString().equals( "Users [user1, user2] and " + "members of the groups [group1, group2] are allowed")); validateGetAclString(acl); }
Set<String> groups; acl = new AccessControlList(" "); assertEquals(0, acl.getUsers().size()); assertEquals(0, acl.getGroups().size()); assertEquals(" ", acl.getAclString()); assertEquals(users.size(), 1); assertEquals(users.iterator().next(), "drwho"); assertEquals("drwho ", acl.getAclString()); assertEquals(groups.size(), 1); assertEquals(groups.iterator().next(), "tardis"); assertEquals("drwho tardis", acl.getAclString()); assertEquals(users.size(), 2); Iterator<String> iter = users.iterator(); assertEquals(iter.next(), "drwho"); assertEquals(iter.next(), "joe"); groups = acl.getGroups(); assertEquals(groups.size(), 2); iter = groups.iterator(); assertEquals(iter.next(), "tardis"); assertEquals(iter.next(), "users"); assertEquals("drwho,joe tardis,users", acl.getAclString()); assertEquals(users.size(), 1); assertFalse(users.contains("joe")); groups = acl.getGroups(); assertEquals(groups.size(), 1);
th = t; assertNotNull(th); assertTrue(th instanceof IllegalArgumentException); th = t; assertNotNull(th); assertTrue(th instanceof IllegalArgumentException); th = null; try { th = t; assertNotNull(th); assertTrue(th instanceof IllegalArgumentException); th = null; try { th = t; assertNotNull(th); assertTrue(th instanceof IllegalArgumentException);
/** * Tests adding user/group to an wild card acl. */ public void testAddRemoveToWildCardACL() { AccessControlList acl = new AccessControlList(" * "); assertTrue(acl.isAllAllowed()); UserGroupInformation drwho = UserGroupInformation.createUserForTesting("drwho@APACHE.ORG", new String[] { "aliens" }); UserGroupInformation drwho2 = UserGroupInformation.createUserForTesting("drwho2@APACHE.ORG", new String[] { "tardis" }); acl.addUser("drwho"); assertTrue(acl.isAllAllowed()); assertFalse(acl.getAclString().contains("drwho")); acl.addGroup("tardis"); assertTrue(acl.isAllAllowed()); assertFalse(acl.getAclString().contains("tardis")); acl.removeUser("drwho"); assertTrue(acl.isAllAllowed()); assertUserAllowed(drwho, acl); acl.removeGroup("tardis"); assertTrue(acl.isAllAllowed()); assertUserAllowed(drwho2, acl); }
@Test public void testAclString() { AccessControlList acl; acl = new AccessControlList("*"); assertTrue(acl.toString().equals("All users are allowed")); validateGetAclString(acl); acl = new AccessControlList(" "); assertTrue(acl.toString().equals("No users are allowed")); acl = new AccessControlList("user1,user2"); assertTrue(acl.toString().equals("Users [user1, user2] are allowed")); validateGetAclString(acl); acl = new AccessControlList("user1,user2 ");// with space assertTrue(acl.toString().equals("Users [user1, user2] are allowed")); validateGetAclString(acl); acl = new AccessControlList(" group1,group2"); assertTrue(acl.toString().equals( "Members of the groups [group1, group2] are allowed")); validateGetAclString(acl); acl = new AccessControlList("user1,user2 group1,group2"); assertTrue(acl.toString().equals( "Users [user1, user2] and " + "members of the groups [group1, group2] are allowed")); validateGetAclString(acl); }
/** * Tests adding user/group to an wild card acl. */ @Test public void testAddRemoveToWildCardACL() { AccessControlList acl = new AccessControlList(" * "); assertTrue(acl.isAllAllowed()); UserGroupInformation drwho = UserGroupInformation.createUserForTesting("drwho@APACHE.ORG", new String[] { "aliens" }); UserGroupInformation drwho2 = UserGroupInformation.createUserForTesting("drwho2@APACHE.ORG", new String[] { "tardis" }); acl.addUser("drwho"); assertTrue(acl.isAllAllowed()); assertFalse(acl.getAclString().contains("drwho")); acl.addGroup("tardis"); assertTrue(acl.isAllAllowed()); assertFalse(acl.getAclString().contains("tardis")); acl.removeUser("drwho"); assertTrue(acl.isAllAllowed()); assertUserAllowed(drwho, acl); acl.removeGroup("tardis"); assertTrue(acl.isAllAllowed()); assertUserAllowed(drwho2, acl); }
validateNetgroups(groups, acl); groups.refresh(); validateNetgroups(groups, acl);
private void assertUserAllowed(UserGroupInformation ugi, AccessControlList acl) { assertTrue("User " + ugi + " is not granted the access-control!!", acl.isUserAllowed(ugi)); }
private void assertUserNotAllowed(UserGroupInformation ugi, AccessControlList acl) { assertFalse("User " + ugi + " is incorrectly granted the access-control!!", acl.isUserAllowed(ugi)); } }
assertEquals(users.size(), 1); assertEquals(users.iterator().next(), "drwho"); groups = acl.getGroups(); assertEquals(groups.size(), 1); assertEquals(groups.iterator().next(), "tardis"); assertEquals(users.size(), 1); assertEquals(users.iterator().next(), "drwho"); groups = acl.getGroups(); assertEquals(groups.size(), 0); assertEquals(users.size(), 1); assertEquals(users.iterator().next(), "drwho"); groups = acl.getGroups(); assertEquals(groups.size(), 0); assertEquals(users.size(), 0); groups = acl.getGroups(); assertEquals(groups.size(), 1); assertEquals(groups.iterator().next(), "tardis"); assertEquals(users.size(), 2); iter = users.iterator(); assertEquals(iter.next(), "drwho"); assertEquals(iter.next(), "joe"); groups = acl.getGroups(); assertEquals(groups.size(), 2); iter = groups.iterator(); assertEquals(iter.next(), "tardis");
@Test public void testAclString() { AccessControlList acl; acl = new AccessControlList("*"); assertTrue(acl.toString().equals("All users are allowed")); validateGetAclString(acl); acl = new AccessControlList(" "); assertTrue(acl.toString().equals("No users are allowed")); acl = new AccessControlList("user1,user2"); assertTrue(acl.toString().equals("Users [user1, user2] are allowed")); validateGetAclString(acl); acl = new AccessControlList("user1,user2 ");// with space assertTrue(acl.toString().equals("Users [user1, user2] are allowed")); validateGetAclString(acl); acl = new AccessControlList(" group1,group2"); assertTrue(acl.toString().equals( "Members of the groups [group1, group2] are allowed")); validateGetAclString(acl); acl = new AccessControlList("user1,user2 group1,group2"); assertTrue(acl.toString().equals( "Users [user1, user2] and " + "members of the groups [group1, group2] are allowed")); validateGetAclString(acl); }
/** * Tests adding user/group to an wild card acl. */ @Test public void testAddRemoveToWildCardACL() { AccessControlList acl = new AccessControlList(" * "); assertTrue(acl.isAllAllowed()); UserGroupInformation drwho = UserGroupInformation.createUserForTesting("drwho@APACHE.ORG", new String[] { "aliens" }); UserGroupInformation drwho2 = UserGroupInformation.createUserForTesting("drwho2@APACHE.ORG", new String[] { "tardis" }); acl.addUser("drwho"); assertTrue(acl.isAllAllowed()); assertFalse(acl.getAclString().contains("drwho")); acl.addGroup("tardis"); assertTrue(acl.isAllAllowed()); assertFalse(acl.getAclString().contains("tardis")); acl.removeUser("drwho"); assertTrue(acl.isAllAllowed()); assertUserAllowed(drwho, acl); acl.removeGroup("tardis"); assertTrue(acl.isAllAllowed()); assertUserAllowed(drwho2, acl); }
validateNetgroups(groups, acl); groups.refresh(); validateNetgroups(groups, acl);
public void testWildCardAccessControlList() throws Exception { AccessControlList acl; acl = new AccessControlList("*"); assertTrue(acl.isAllAllowed()); acl = new AccessControlList(" * "); assertTrue(acl.isAllAllowed()); acl = new AccessControlList(" *"); assertTrue(acl.isAllAllowed()); acl = new AccessControlList("* "); assertTrue(acl.isAllAllowed()); }
assertUserAllowed(drwho, acl); assertUserAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserNotAllowed(ian, acl); assertUserAllowed(drwho, acl); assertUserNotAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserNotAllowed(ian, acl); assertUserAllowed(drwho, acl); assertUserNotAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserNotAllowed(ian, acl); assertUserAllowed(drwho, acl); assertUserAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserNotAllowed(ian, acl); assertUserAllowed(drwho, acl); assertUserAllowed(susan, acl); assertUserAllowed(barbara, acl); assertUserAllowed(ian, acl);
private void validateGetAclString(AccessControlList acl) { assertTrue(acl.toString().equals( new AccessControlList(acl.getAclString()).toString())); }
assertUserAllowed(drwho, acl); assertUserAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserNotAllowed(ian, acl); assertUserAllowed(drwho, acl); assertUserNotAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserNotAllowed(ian, acl); assertUserAllowed(drwho, acl); assertUserNotAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserNotAllowed(ian, acl); assertUserAllowed(drwho, acl); assertUserAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserNotAllowed(ian, acl); assertUserAllowed(drwho, acl); assertUserAllowed(susan, acl); assertUserAllowed(barbara, acl); assertUserAllowed(ian, acl);
/** * Validate the netgroups, both group membership and ACL * functionality * * Note: assumes a specific acl setup done by testNetgroups * * @param groups group to user mapping service * @param acl ACL set up in a specific way, see testNetgroups */ private void validateNetgroups(Groups groups, AccessControlList acl) throws Exception { // check that the netgroups are working List<String> elvisGroups = groups.getGroups("elvis"); assertTrue(elvisGroups.contains("@lasVegas")); assertTrue(elvisGroups.contains("@memphis")); List<String> jerryLeeLewisGroups = groups.getGroups("jerryLeeLewis"); assertTrue(jerryLeeLewisGroups.contains("@memphis")); // allowed becuase his netgroup is in ACL UserGroupInformation elvis = UserGroupInformation.createRemoteUser("elvis"); assertUserAllowed(elvis, acl); // allowed because he's in ACL UserGroupInformation carlPerkins = UserGroupInformation.createRemoteUser("carlPerkins"); assertUserAllowed(carlPerkins, acl); // not allowed because he's not in ACL and has no netgroups UserGroupInformation littleRichard = UserGroupInformation.createRemoteUser("littleRichard"); assertUserNotAllowed(littleRichard, acl); }
/** * Validate the netgroups, both group membership and ACL * functionality * * Note: assumes a specific acl setup done by testNetgroups * * @param groups group to user mapping service * @param acl ACL set up in a specific way, see testNetgroups */ private void validateNetgroups(Groups groups, AccessControlList acl) throws Exception { // check that the netgroups are working List<String> elvisGroups = groups.getGroups("elvis"); assertTrue(elvisGroups.contains("@lasVegas")); assertTrue(elvisGroups.contains("@memphis")); List<String> jerryLeeLewisGroups = groups.getGroups("jerryLeeLewis"); assertTrue(jerryLeeLewisGroups.contains("@memphis")); // allowed becuase his netgroup is in ACL UserGroupInformation elvis = UserGroupInformation.createRemoteUser("elvis"); assertUserAllowed(elvis, acl); // allowed because he's in ACL UserGroupInformation carlPerkins = UserGroupInformation.createRemoteUser("carlPerkins"); assertUserAllowed(carlPerkins, acl); // not allowed because he's not in ACL and has no netgroups UserGroupInformation littleRichard = UserGroupInformation.createRemoteUser("littleRichard"); assertUserNotAllowed(littleRichard, acl); }