assertUserAllowed(drwho, acl); assertUserAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserNotAllowed(ian, acl); assertUserAllowed(drwho, acl); assertUserNotAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserAllowed(drwho, acl); assertUserNotAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserAllowed(drwho, acl); assertUserAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserNotAllowed(ian, acl); assertUserAllowed(drwho, acl); assertUserAllowed(susan, acl); assertUserAllowed(barbara, acl); assertUserAllowed(ian, acl);
assertUserAllowed(drwho, acl); assertUserAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserNotAllowed(ian, acl); assertUserAllowed(drwho, acl); assertUserNotAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserAllowed(drwho, acl); assertUserNotAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserAllowed(drwho, acl); assertUserAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserNotAllowed(ian, acl); assertUserAllowed(drwho, acl); assertUserAllowed(susan, acl); assertUserAllowed(barbara, acl); assertUserAllowed(ian, acl);
assertUserAllowed(drwho, acl); assertUserAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserNotAllowed(ian, acl); assertUserAllowed(drwho, acl); assertUserNotAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserAllowed(drwho, acl); assertUserNotAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserAllowed(drwho, acl); assertUserAllowed(susan, acl); assertUserNotAllowed(barbara, acl); assertUserNotAllowed(ian, acl); assertUserAllowed(drwho, acl); assertUserAllowed(susan, acl); assertUserAllowed(barbara, acl); assertUserAllowed(ian, acl);
/** * Validate the netgroups, both group membership and ACL * functionality * * Note: assumes a specific acl setup done by testNetgroups * * @param groups group to user mapping service * @param acl ACL set up in a specific way, see testNetgroups */ private void validateNetgroups(Groups groups, AccessControlList acl) throws Exception { // check that the netgroups are working List<String> elvisGroups = groups.getGroups("elvis"); assertTrue(elvisGroups.contains("@lasVegas")); assertTrue(elvisGroups.contains("@memphis")); List<String> jerryLeeLewisGroups = groups.getGroups("jerryLeeLewis"); assertTrue(jerryLeeLewisGroups.contains("@memphis")); // allowed becuase his netgroup is in ACL UserGroupInformation elvis = UserGroupInformation.createRemoteUser("elvis"); assertUserAllowed(elvis, acl); // allowed because he's in ACL UserGroupInformation carlPerkins = UserGroupInformation.createRemoteUser("carlPerkins"); assertUserAllowed(carlPerkins, acl); // not allowed because he's not in ACL and has no netgroups UserGroupInformation littleRichard = UserGroupInformation.createRemoteUser("littleRichard"); assertUserNotAllowed(littleRichard, acl); }
/** * Tests adding user/group to an wild card acl. */ public void testAddRemoveToWildCardACL() { AccessControlList acl = new AccessControlList(" * "); assertTrue(acl.isAllAllowed()); UserGroupInformation drwho = UserGroupInformation.createUserForTesting("drwho@APACHE.ORG", new String[] { "aliens" }); UserGroupInformation drwho2 = UserGroupInformation.createUserForTesting("drwho2@APACHE.ORG", new String[] { "tardis" }); acl.addUser("drwho"); assertTrue(acl.isAllAllowed()); assertFalse(acl.getAclString().contains("drwho")); acl.addGroup("tardis"); assertTrue(acl.isAllAllowed()); assertFalse(acl.getAclString().contains("tardis")); acl.removeUser("drwho"); assertTrue(acl.isAllAllowed()); assertUserAllowed(drwho, acl); acl.removeGroup("tardis"); assertTrue(acl.isAllAllowed()); assertUserAllowed(drwho2, acl); }
/** * Validate the netgroups, both group membership and ACL * functionality * * Note: assumes a specific acl setup done by testNetgroups * * @param groups group to user mapping service * @param acl ACL set up in a specific way, see testNetgroups */ private void validateNetgroups(Groups groups, AccessControlList acl) throws Exception { // check that the netgroups are working List<String> elvisGroups = groups.getGroups("elvis"); assertTrue(elvisGroups.contains("@lasVegas")); assertTrue(elvisGroups.contains("@memphis")); List<String> jerryLeeLewisGroups = groups.getGroups("jerryLeeLewis"); assertTrue(jerryLeeLewisGroups.contains("@memphis")); // allowed becuase his netgroup is in ACL UserGroupInformation elvis = UserGroupInformation.createRemoteUser("elvis"); assertUserAllowed(elvis, acl); // allowed because he's in ACL UserGroupInformation carlPerkins = UserGroupInformation.createRemoteUser("carlPerkins"); assertUserAllowed(carlPerkins, acl); // not allowed because he's not in ACL and has no netgroups UserGroupInformation littleRichard = UserGroupInformation.createRemoteUser("littleRichard"); assertUserNotAllowed(littleRichard, acl); }
/** * Tests adding user/group to an wild card acl. */ @Test public void testAddRemoveToWildCardACL() { AccessControlList acl = new AccessControlList(" * "); assertTrue(acl.isAllAllowed()); UserGroupInformation drwho = UserGroupInformation.createUserForTesting("drwho@APACHE.ORG", new String[] { "aliens" }); UserGroupInformation drwho2 = UserGroupInformation.createUserForTesting("drwho2@APACHE.ORG", new String[] { "tardis" }); acl.addUser("drwho"); assertTrue(acl.isAllAllowed()); assertFalse(acl.getAclString().contains("drwho")); acl.addGroup("tardis"); assertTrue(acl.isAllAllowed()); assertFalse(acl.getAclString().contains("tardis")); acl.removeUser("drwho"); assertTrue(acl.isAllAllowed()); assertUserAllowed(drwho, acl); acl.removeGroup("tardis"); assertTrue(acl.isAllAllowed()); assertUserAllowed(drwho2, acl); }
/** * Tests adding user/group to an wild card acl. */ @Test public void testAddRemoveToWildCardACL() { AccessControlList acl = new AccessControlList(" * "); assertTrue(acl.isAllAllowed()); UserGroupInformation drwho = UserGroupInformation.createUserForTesting("drwho@APACHE.ORG", new String[] { "aliens" }); UserGroupInformation drwho2 = UserGroupInformation.createUserForTesting("drwho2@APACHE.ORG", new String[] { "tardis" }); acl.addUser("drwho"); assertTrue(acl.isAllAllowed()); assertFalse(acl.getAclString().contains("drwho")); acl.addGroup("tardis"); assertTrue(acl.isAllAllowed()); assertFalse(acl.getAclString().contains("tardis")); acl.removeUser("drwho"); assertTrue(acl.isAllAllowed()); assertUserAllowed(drwho, acl); acl.removeGroup("tardis"); assertTrue(acl.isAllAllowed()); assertUserAllowed(drwho2, acl); }