/** * Add group to the names of groups allowed for this service. * * @param group * The group name */ public void addGroup(String group) { if (isWildCardACLValue(group)) { throw new IllegalArgumentException("Group " + group + " can not be added"); } if (!isAllAllowed()) { List<String> groupsList = new LinkedList<String>(); groupsList.add(group); groupsMapping.cacheGroupsAdd(groupsList); groups.add(group); } }
/** * Build ACL from the given two Strings. * The Strings contain comma separated values. * * @param aclString build ACL from array of Strings */ private void buildACL(String[] userGroupStrings) { users = new HashSet<String>(); groups = new HashSet<String>(); for (String aclPart : userGroupStrings) { if (aclPart != null && isWildCardACLValue(aclPart)) { allAllowed = true; break; } } if (!allAllowed) { if (userGroupStrings.length >= 1 && userGroupStrings[0] != null) { users = StringUtils.getTrimmedStringCollection(userGroupStrings[0]); } if (userGroupStrings.length == 2 && userGroupStrings[1] != null) { groups = StringUtils.getTrimmedStringCollection(userGroupStrings[1]); groupsMapping.cacheGroupsAdd(new LinkedList<String>(groups)); } } }
/** * Add group to the names of groups allowed for this service. * * @param group * The group name */ public void addGroup(String group) { if (isWildCardACLValue(group)) { throw new IllegalArgumentException("Group " + group + " can not be added"); } if (!isAllAllowed()) { List<String> groupsList = new LinkedList<String>(); groupsList.add(group); groupsMapping.cacheGroupsAdd(groupsList); groups.add(group); } }
/** * Add group to the names of groups allowed for this service. * * @param group * The group name */ public void addGroup(String group) { if (isWildCardACLValue(group)) { throw new IllegalArgumentException("Group " + group + " can not be added"); } if (!isAllAllowed()) { List<String> groupsList = new LinkedList<String>(); groupsList.add(group); groupsMapping.cacheGroupsAdd(groupsList); groups.add(group); } }
/** * Add group to the names of groups allowed for this service. * * @param group * The group name */ public void addGroup(String group) { if (isWildCardACLValue(group)) { throw new IllegalArgumentException("Group " + group + " can not be added"); } if (!isAllAllowed()) { List<String> groupsList = new LinkedList<String>(); groupsList.add(group); groupsMapping.cacheGroupsAdd(groupsList); groups.add(group); } }
/** * Add group to the names of groups allowed for this service. * * @param group * The group name */ public void addGroup(String group) { if (isWildCardACLValue(group)) { throw new IllegalArgumentException("Group " + group + " can not be added"); } if (!isAllAllowed()) { List<String> groupsList = new LinkedList<String>(); groupsList.add(group); groupsMapping.cacheGroupsAdd(groupsList); groups.add(group); } }
/** * Build ACL from the given two Strings. * The Strings contain comma separated values. * * @param aclString build ACL from array of Strings */ private void buildACL(String[] userGroupStrings) { users = new HashSet<String>(); groups = new HashSet<String>(); for (String aclPart : userGroupStrings) { if (aclPart != null && isWildCardACLValue(aclPart)) { allAllowed = true; break; } } if (!allAllowed) { if (userGroupStrings.length >= 1 && userGroupStrings[0] != null) { users = StringUtils.getTrimmedStringCollection(userGroupStrings[0]); } if (userGroupStrings.length == 2 && userGroupStrings[1] != null) { groups = StringUtils.getTrimmedStringCollection(userGroupStrings[1]); groupsMapping.cacheGroupsAdd(new LinkedList<String>(groups)); } } }
/** * Build ACL from the given two Strings. * The Strings contain comma separated values. * * @param aclString build ACL from array of Strings */ private void buildACL(String[] userGroupStrings) { users = new HashSet<String>(); groups = new HashSet<String>(); for (String aclPart : userGroupStrings) { if (aclPart != null && isWildCardACLValue(aclPart)) { allAllowed = true; break; } } if (!allAllowed) { if (userGroupStrings.length >= 1 && userGroupStrings[0] != null) { users = StringUtils.getTrimmedStringCollection(userGroupStrings[0]); } if (userGroupStrings.length == 2 && userGroupStrings[1] != null) { groups = StringUtils.getTrimmedStringCollection(userGroupStrings[1]); groupsMapping.cacheGroupsAdd(new LinkedList<String>(groups)); } } }
/** * Build ACL from the given two Strings. * The Strings contain comma separated values. * * @param aclString build ACL from array of Strings */ private void buildACL(String[] userGroupStrings) { users = new HashSet<String>(); groups = new HashSet<String>(); for (String aclPart : userGroupStrings) { if (aclPart != null && isWildCardACLValue(aclPart)) { allAllowed = true; break; } } if (!allAllowed) { if (userGroupStrings.length >= 1 && userGroupStrings[0] != null) { users = StringUtils.getTrimmedStringCollection(userGroupStrings[0]); } if (userGroupStrings.length == 2 && userGroupStrings[1] != null) { groups = StringUtils.getTrimmedStringCollection(userGroupStrings[1]); groupsMapping.cacheGroupsAdd(new LinkedList<String>(groups)); } } }
/** * Build ACL from the given two Strings. * The Strings contain comma separated values. * * @param aclString build ACL from array of Strings */ private void buildACL(String[] userGroupStrings) { users = new HashSet<String>(); groups = new HashSet<String>(); for (String aclPart : userGroupStrings) { if (aclPart != null && isWildCardACLValue(aclPart)) { allAllowed = true; break; } } if (!allAllowed) { if (userGroupStrings.length >= 1 && userGroupStrings[0] != null) { users = StringUtils.getTrimmedStringCollection(userGroupStrings[0]); } if (userGroupStrings.length == 2 && userGroupStrings[1] != null) { groups = StringUtils.getTrimmedStringCollection(userGroupStrings[1]); groupsMapping.cacheGroupsAdd(new LinkedList<String>(groups)); } } }
@Test public void testGroupsCaching() throws Exception { // Disable negative cache. conf.setLong( CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_NEGATIVE_CACHE_SECS, 0); Groups groups = new Groups(conf); groups.cacheGroupsAdd(Arrays.asList(myGroups)); groups.refresh(); FakeGroupMapping.clearBlackList(); FakeGroupMapping.addToBlackList("user1"); // regular entry assertTrue(groups.getGroups("me").size() == 2); // this must be cached. blacklisting should have no effect. FakeGroupMapping.addToBlackList("me"); assertTrue(groups.getGroups("me").size() == 2); // ask for a negative entry try { LOG.error("We are not supposed to get here." + groups.getGroups("user1").toString()); fail(); } catch (IOException ioe) { if(!ioe.getMessage().startsWith("No groups found")) { LOG.error("Got unexpected exception: " + ioe.getMessage()); fail(); } } // this shouldn't be cached. remove from the black list and retry. FakeGroupMapping.clearBlackList(); assertTrue(groups.getGroups("user1").size() == 2); }
@Test public void testGroupsCaching() throws Exception { // Disable negative cache. conf.setLong( CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_NEGATIVE_CACHE_SECS, 0); Groups groups = new Groups(conf); groups.cacheGroupsAdd(Arrays.asList(myGroups)); groups.refresh(); FakeGroupMapping.clearBlackList(); FakeGroupMapping.addToBlackList("user1"); // regular entry assertTrue(groups.getGroups("me").size() == 2); // this must be cached. blacklisting should have no effect. FakeGroupMapping.addToBlackList("me"); assertTrue(groups.getGroups("me").size() == 2); // ask for a negative entry try { LOG.error("We are not supposed to get here." + groups.getGroups("user1").toString()); fail(); } catch (IOException ioe) { if(!ioe.getMessage().startsWith("No groups found")) { LOG.error("Got unexpected exception: " + ioe.getMessage()); fail(); } } // this shouldn't be cached. remove from the black list and retry. FakeGroupMapping.clearBlackList(); assertTrue(groups.getGroups("user1").size() == 2); }
@Test public void testCachePreventsImplRequest() throws Exception { // Disable negative cache. conf.setLong( CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_NEGATIVE_CACHE_SECS, 0); Groups groups = new Groups(conf); groups.cacheGroupsAdd(Arrays.asList(myGroups)); groups.refresh(); FakeGroupMapping.clearBlackList(); assertEquals(0, FakeGroupMapping.getRequestCount()); // First call hits the wire assertTrue(groups.getGroups("me").size() == 2); assertEquals(1, FakeGroupMapping.getRequestCount()); // Second count hits cache assertTrue(groups.getGroups("me").size() == 2); assertEquals(1, FakeGroupMapping.getRequestCount()); }
@Test public void testCachePreventsImplRequest() throws Exception { // Disable negative cache. conf.setLong( CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_NEGATIVE_CACHE_SECS, 0); Groups groups = new Groups(conf); groups.cacheGroupsAdd(Arrays.asList(myGroups)); groups.refresh(); FakeGroupMapping.clearBlackList(); assertEquals(0, FakeGroupMapping.getRequestCount()); // First call hits the wire assertTrue(groups.getGroups("me").size() == 2); assertEquals(1, FakeGroupMapping.getRequestCount()); // Second count hits cache assertTrue(groups.getGroups("me").size() == 2); assertEquals(1, FakeGroupMapping.getRequestCount()); }
@Test public void testCacheEntriesExpire() throws Exception { conf.setLong( CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_SECS, 1); FakeTimer timer = new FakeTimer(); final Groups groups = new Groups(conf, timer); groups.cacheGroupsAdd(Arrays.asList(myGroups)); groups.refresh(); FakeGroupMapping.clearBlackList(); // We make an entry groups.getGroups("me"); int startingRequestCount = FakeGroupMapping.getRequestCount(); timer.advance(20 * 1000); // Cache entry has expired so it results in a new fetch groups.getGroups("me"); assertEquals(startingRequestCount + 1, FakeGroupMapping.getRequestCount()); }
@Test public void testCacheEntriesExpire() throws Exception { conf.setLong( CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_SECS, 1); FakeTimer timer = new FakeTimer(); final Groups groups = new Groups(conf, timer); groups.cacheGroupsAdd(Arrays.asList(myGroups)); groups.refresh(); FakeGroupMapping.clearBlackList(); // We make an entry groups.getGroups("me"); int startingRequestCount = FakeGroupMapping.getRequestCount(); timer.advance(20 * 1000); // Cache entry has expired so it results in a new fetch groups.getGroups("me"); assertEquals(startingRequestCount + 1, FakeGroupMapping.getRequestCount()); }
@Test public void testNegativeCacheClearedOnRefresh() throws Exception { conf.setLong( CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_NEGATIVE_CACHE_SECS, 100); final Groups groups = new Groups(conf); groups.cacheGroupsAdd(Arrays.asList(myGroups)); groups.refresh(); FakeGroupMapping.clearBlackList(); FakeGroupMapping.addToBlackList("dne"); try { groups.getGroups("dne"); fail("Should have failed to find this group"); } catch (IOException e) { // pass } int startingRequestCount = FakeGroupMapping.getRequestCount(); groups.refresh(); FakeGroupMapping.addToBlackList("dne"); try { List<String> g = groups.getGroups("dne"); fail("Should have failed to find this group"); } catch (IOException e) { // pass } assertEquals(startingRequestCount + 1, FakeGroupMapping.getRequestCount()); }
@Test public void testExceptionsFromImplNotCachedInNegativeCache() { conf.setClass(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING, ExceptionalGroupMapping.class, ShellBasedUnixGroupsMapping.class); conf.setLong(CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_NEGATIVE_CACHE_SECS, 10000); Groups groups = new Groups(conf); groups.cacheGroupsAdd(Arrays.asList(myGroups)); groups.refresh(); assertEquals(0, ExceptionalGroupMapping.getRequestCount()); // First call should hit the wire try { groups.getGroups("anything"); fail("Should have thrown"); } catch (IOException e) { // okay } assertEquals(1, ExceptionalGroupMapping.getRequestCount()); // Second call should hit the wire (no negative caching) try { groups.getGroups("anything"); fail("Should have thrown"); } catch (IOException e) { // okay } assertEquals(2, ExceptionalGroupMapping.getRequestCount()); }
@Test public void testNegativeCacheClearedOnRefresh() throws Exception { conf.setLong( CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_NEGATIVE_CACHE_SECS, 100); final Groups groups = new Groups(conf); groups.cacheGroupsAdd(Arrays.asList(myGroups)); groups.refresh(); FakeGroupMapping.clearBlackList(); FakeGroupMapping.addToBlackList("dne"); try { groups.getGroups("dne"); fail("Should have failed to find this group"); } catch (IOException e) { // pass } int startingRequestCount = FakeGroupMapping.getRequestCount(); groups.refresh(); FakeGroupMapping.addToBlackList("dne"); try { List<String> g = groups.getGroups("dne"); fail("Should have failed to find this group"); } catch (IOException e) { // pass } assertEquals(startingRequestCount + 1, FakeGroupMapping.getRequestCount()); }
@Test public void testExceptionsFromImplNotCachedInNegativeCache() { conf.setClass(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING, ExceptionalGroupMapping.class, ShellBasedUnixGroupsMapping.class); conf.setLong(CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_NEGATIVE_CACHE_SECS, 10000); Groups groups = new Groups(conf); groups.cacheGroupsAdd(Arrays.asList(myGroups)); groups.refresh(); assertEquals(0, ExceptionalGroupMapping.getRequestCount()); // First call should hit the wire try { groups.getGroups("anything"); fail("Should have thrown"); } catch (IOException e) { // okay } assertEquals(1, ExceptionalGroupMapping.getRequestCount()); // Second call should hit the wire (no negative caching) try { groups.getGroups("anything"); fail("Should have thrown"); } catch (IOException e) { // okay } assertEquals(2, ExceptionalGroupMapping.getRequestCount()); }