Examples of org.apache.hadoop.security.Groups

org.apache.hadoop.security.Groups
A user-to-groups mapping service. {@link Groups} allows for server to get the various group membershipsof a given user via the {@link #getGroups(String)} call, thus ensuring a consistent user-to-groups mapping and protects against vagaries of different mappings on servers and clients in a Hadoop cluster.

      throw new AllocationConfigurationException(
          "Could get past last queue placement rule without assigning");
    }
    this.rules = rules;
    this.configuredQueues = configuredQueues;
    groups = new Groups(conf);
  }

View Full Code Here

    conf.set(
        DefaultImpersonationProvider.getProxySuperuserIpConfKey(REAL_USER_NAME),
        PROXY_IP);
    
    ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
    Groups groups = Groups.getUserToGroupsMappingService(conf);


    // try proxying a group that's allowed
    UserGroupInformation realUserUgi = UserGroupInformation
    .createRemoteUser(REAL_USER_NAME);


    UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
        PROXY_USER_NAME, realUserUgi, groups.getGroups(PROXY_USER_NAME).toArray(
            new String[groups.getGroups(PROXY_USER_NAME).size()]));


    assertAuthorized(proxyUserUgi, PROXY_IP);
  }

View Full Code Here


    Configuration conf = new Configuration();
    conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_GROUP_MAPPING,
      groupMappingClassName);


    Groups groups = Groups.getUserToGroupsMappingService(conf);


    AccessControlList acl;


    // create these ACLs to populate groups cache
    acl = new AccessControlList("ja my"); // plain
    acl = new AccessControlList("sinatra ratpack,@lasVegas"); // netgroup
    acl = new AccessControlList(" somegroup,@someNetgroup"); // no user


    // this ACL will be used for testing ACLs
    acl = new AccessControlList("carlPerkins ratpack,@lasVegas");
    acl.addGroup("@memphis");


    // validate the netgroups before and after rehresh to make
    // sure refresh works correctly
    validateNetgroups(groups, acl);
    groups.refresh();
    validateNetgroups(groups, acl);


  }

View Full Code Here


  @Test
  public void testRefreshUserToGroupsMappings() throws Exception {


    String[] args = new String[] { "-refreshUserToGroupsMappings" };
    Groups groups = Groups.getUserToGroupsMappingService(conf);
    String user = UserGroupInformation.getCurrentUser().getUserName();
    System.out.println("first attempt:");
    List<String> g1 = groups.getGroups(user);
    String[] str_groups = new String[g1.size()];
    g1.toArray(str_groups);
    System.out.println(Arrays.toString(str_groups));


    // Now groups of this user has changed but getGroups returns from the
    // cache,so we would see same groups as before
    System.out.println("second attempt, should be same:");
    List<String> g2 = groups.getGroups(user);
    g2.toArray(str_groups);
    System.out.println(Arrays.toString(str_groups));
    for (int i = 0; i < g2.size(); i++) {
      assertEquals("Should be same group ", g1.get(i), g2.get(i));
    }
    // run the command,which clears the cache
    hsAdminClient.run(args);
    System.out
        .println("third attempt(after refresh command), should be different:");
    // Now get groups should return new groups
    List<String> g3 = groups.getGroups(user);
    g3.toArray(str_groups);
    System.out.println(Arrays.toString(str_groups));
    for (int i = 0; i < g3.size(); i++) {
      assertFalse(
          "Should be different group: " + g1.get(i) + " and " + g3.get(i), g1

View Full Code Here

      throw new NotAuthorizedException(
          MessageFormat.format(
            "Unauthorized proxyuser [{0}] for doAsUser [{1}], not in proxyuser groups",
            proxyUser, doAsUser));
    }
    Groups groupsInfo = new Groups(Main.getAppConfigInstance());
    try {
      List<String> userGroups = groupsInfo.getGroups(doAsUser);
      for (String g : validGroups) {
        if (userGroups.contains(g)) {
          return;
        }
      }

View Full Code Here

    // ShellBasedUnixGroupsMappingTestWrapper
    Configuration conf = new Configuration();
    conf.set("hadoop.security.group.mapping",
      "org.apache.hadoop.security.ShellBasedUnixGroupsNetgroupMappingTestWrapper");


    Groups groups = Groups.getUserToGroupsMappingService(conf);


    AccessControlList acl;


    // create these ACLs to populate groups cache
    acl = new AccessControlList("ja my"); // plain
    acl = new AccessControlList("sinatra ratpack,@lasVegas"); // netgroup
    acl = new AccessControlList(" somegroups,@somenetgroup"); // no user


    // check that the netgroups are working
    List<String> elvisGroups = groups.getGroups("elvis");
    assertTrue(elvisGroups.contains("@lasVegas"));


    // refresh cache - not testing this directly but if the results are ok
    // after the refresh that means it worked fine (very likely)
    groups.refresh();


    // create an ACL with netgroups (@xxx)
    acl = new AccessControlList("ja ratpack,@lasVegas");
    // elvis is in @lasVegas
    UserGroupInformation elvis =

View Full Code Here

    }
  }


  @Test
  public void testGroupsCaching() throws Exception {
    Groups groups = new Groups(conf);
    groups.cacheGroupsAdd(Arrays.asList(myGroups));
    groups.refresh();
    FakeGroupMapping.clearBlackList();
    FakeGroupMapping.addToBlackList("user1");


    // regular entry
    assertTrue(groups.getGroups("me").size() == 2);


    // this must be cached. blacklisting should have no effect.
    FakeGroupMapping.addToBlackList("me");
    assertTrue(groups.getGroups("me").size() == 2);


    // ask for a negative entry
    try {
      LOG.error("We are not supposed to get here." + groups.getGroups("user1").toString());
      fail();
    } catch (IOException ioe) {
      if(!ioe.getMessage().startsWith("No groups found")) {
        LOG.error("Got unexpected exception: " + ioe.getMessage());
        fail();
      }
    }


    // this shouldn't be cached. remove from the black list and retry.
    FakeGroupMapping.clearBlackList();
    assertTrue(groups.getGroups("user1").size() == 2);
  }

View Full Code Here

  @Test
  public void testGroupLookupForStaticUsers() throws Exception {
    conf.setClass(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING,
        FakeunPrivilegedGroupMapping.class, ShellBasedUnixGroupsMapping.class);
    conf.set(CommonConfigurationKeys.HADOOP_USER_GROUP_STATIC_OVERRIDES, "me=;user1=group1;user2=group1,group2");
    Groups groups = new Groups(conf);
    List<String> userGroups = groups.getGroups("me");
    assertTrue("non-empty groups for static user", userGroups.isEmpty());
    assertFalse("group lookup done for static user",
        FakeunPrivilegedGroupMapping.invoked);
    
    List<String> expected = new ArrayList<String>();
    expected.add("group1");


    FakeunPrivilegedGroupMapping.invoked = false;
    userGroups = groups.getGroups("user1");
    assertTrue("groups not correct", expected.equals(userGroups));
    assertFalse("group lookup done for unprivileged user",
        FakeunPrivilegedGroupMapping.invoked);


    expected.add("group2");
    FakeunPrivilegedGroupMapping.invoked = false;
    userGroups = groups.getGroups("user2");
    assertTrue("groups not correct", expected.equals(userGroups));
    assertFalse("group lookup done for unprivileged user",
        FakeunPrivilegedGroupMapping.invoked);


  }

View Full Code Here

    }
  }


  @Test
  public void TestGroupsCaching() throws Exception {
    Groups groups = new Groups(conf);
    groups.cacheGroupsAdd(Arrays.asList(myGroups));
    groups.refresh();
    FakeGroupMapping.clearBlackList();
    FakeGroupMapping.addToBlackList("user1");


    // regular entry
    assertTrue(groups.getGroups("me").size() == 2);


    // this must be cached. blacklisting should have no effect.
    FakeGroupMapping.addToBlackList("me");
    assertTrue(groups.getGroups("me").size() == 2);


    // ask for a negative entry
    try {
      LOG.error("We are not supposed to get here." + groups.getGroups("user1").toString());
      fail();
    } catch (IOException ioe) {
      if(!ioe.getMessage().startsWith("No groups found")) {
        LOG.error("Got unexpected exception: " + ioe.getMessage());
        fail();
      }
    }


    // this shouldn't be cached. remove from the black list and retry.
    FakeGroupMapping.clearBlackList();
    assertTrue(groups.getGroups("user1").size() == 2);
  }

View Full Code Here


    Configuration conf = new Configuration();
    conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_GROUP_MAPPING,
      groupMappingClassName);


    Groups groups = Groups.getUserToGroupsMappingService(conf);


    AccessControlList acl;


    // create these ACLs to populate groups cache
    acl = new AccessControlList("ja my"); // plain
    acl = new AccessControlList("sinatra ratpack,@lasVegas"); // netgroup
    acl = new AccessControlList(" somegroup,@someNetgroup"); // no user


    // this ACL will be used for testing ACLs
    acl = new AccessControlList("carlPerkins ratpack,@lasVegas");
    acl.addGroup("@memphis");


    // validate the netgroups before and after rehresh to make
    // sure refresh works correctly
    validateNetgroups(groups, acl);
    groups.refresh();
    validateNetgroups(groups, acl);


  }

View Full Code Here

0 1

TOP

Related Classes of org.apache.hadoop.security.Groups

org.apache.hadoop.conf.Configuration

org.apache.hadoop.mapreduce.v2.hs.server.TestHSAdminServer

org.apache.hadoop.security.authorize.AccessControlList

org.apache.hadoop.security.authorize.TestAccessControlList

org.apache.hadoop.security.authorize.TestProxyUsers

org.apache.hadoop.security.TestGroupsCaching

org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.QueuePlacementPolicy

org.apache.hive.hcatalog.templeton.ProxyUserSupport

org.apache.hadoop.HadoopIllegalArgumentException

java.io.IOException

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.