@Test public void testUserZookeeperHomePathAccess() throws Throwable { RMRegistryOperationsService rmRegistryOperations = startRMRegistryOperations(); final String home = rmRegistryOperations.initUserRegistry(ZOOKEEPER); describe(LOG, "Creating ZK client"); RegistryOperations operations = zookeeperUGI.doAs( new PrivilegedExceptionAction<RegistryOperations>() { @Override public RegistryOperations run() throws Exception { RegistryOperations operations = RegistryOperationsFactory.createKerberosInstance(zkClientConf, ZOOKEEPER_CLIENT_CONTEXT); addToTeardown(operations); operations.start(); return operations; } }); operations.list(home); String path = home + "/subpath"; operations.mknode(path, false); operations.delete(path, true); }
@Test public void testUserHomedirsPermissionsRestricted() throws Throwable { // test that the /users/$user permissions are restricted RMRegistryOperationsService rmRegistryOperations = startRMRegistryOperations(); // create Alice's dir, so it should have an ACL for Alice final String home = rmRegistryOperations.initUserRegistry(ALICE); List<ACL> acls = rmRegistryOperations.zkGetACLS(home); ACL aliceACL = null; for (ACL acl : acls) { LOG.info(RegistrySecurity.aclToString(acl)); Id id = acl.getId(); if (id.getScheme().equals(ZookeeperConfigOptions.SCHEME_SASL) && id.getId().startsWith(ALICE)) { aliceACL = acl; break; } } assertNotNull(aliceACL); assertEquals(RegistryAdminService.USER_HOMEDIR_ACL_PERMISSIONS, aliceACL.getPerms()); }
@Test public void testAlicePathRestrictedAnonAccess() throws Throwable { RMRegistryOperationsService rmRegistryOperations = startRMRegistryOperations(); String aliceHome = rmRegistryOperations.initUserRegistry(ALICE); describe(LOG, "Creating anonymous accessor"); RegistryOperations anonOperations = RegistryOperationsFactory.createAnonymousInstance(zkClientConf); addToTeardown(anonOperations); anonOperations.start(); anonOperations.list(aliceHome); expectMkNodeFailure(anonOperations, aliceHome + "/anon"); expectDeleteFailure(anonOperations, aliceHome, true); }