Java Code Examples for org.apache.hadoop.security.Groups#getGroups()

The following examples show how to use org.apache.hadoop.security.Groups#getGroups() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: QueuePlacementRule.java    From hadoop with Apache License 2.0 6 votes vote down vote up 
@Override
protected String getQueueForApp(String requestedQueue, String user,
    Groups groups, Map<FSQueueType, Set<String>> configuredQueues)
    throws IOException {
  List<String> groupNames = groups.getGroups(user);
  for (int i = 1; i < groupNames.size(); i++) {
    String group = cleanName(groupNames.get(i));
    if (configuredQueues.get(FSQueueType.LEAF).contains("root." + group)
        || configuredQueues.get(FSQueueType.PARENT).contains(
            "root." + group)) {
      return "root." + group;
    }
  }
  
  return "";
}
Example 2
Source File: TestGroupsCaching.java    From hadoop with Apache License 2.0 6 votes vote down vote up 
@Test
public void testCacheEntriesExpire() throws Exception {
  conf.setLong(
    CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_SECS, 1);
  FakeTimer timer = new FakeTimer();
  final Groups groups = new Groups(conf, timer);
  groups.cacheGroupsAdd(Arrays.asList(myGroups));
  groups.refresh();
  FakeGroupMapping.clearBlackList();

  // We make an entry
  groups.getGroups("me");
  int startingRequestCount = FakeGroupMapping.getRequestCount();

  timer.advance(20 * 1000);

  // Cache entry has expired so it results in a new fetch
  groups.getGroups("me");
  assertEquals(startingRequestCount + 1, FakeGroupMapping.getRequestCount());
}
Example 3
Source File: TestAccessControlList.java    From hadoop with Apache License 2.0 6 votes vote down vote up 
/**
 * Validate the netgroups, both group membership and ACL
 * functionality
 *
 * Note: assumes a specific acl setup done by testNetgroups
 *
 * @param groups group to user mapping service
 * @param acl ACL set up in a specific way, see testNetgroups
 */
private void validateNetgroups(Groups groups,
  AccessControlList acl) throws Exception {

  // check that the netgroups are working
  List<String> elvisGroups = groups.getGroups("elvis");
  assertTrue(elvisGroups.contains("@lasVegas"));
  assertTrue(elvisGroups.contains("@memphis"));
  List<String> jerryLeeLewisGroups = groups.getGroups("jerryLeeLewis");
  assertTrue(jerryLeeLewisGroups.contains("@memphis"));

  // allowed becuase his netgroup is in ACL
  UserGroupInformation elvis = 
    UserGroupInformation.createRemoteUser("elvis");
  assertUserAllowed(elvis, acl);

  // allowed because he's in ACL
  UserGroupInformation carlPerkins = 
    UserGroupInformation.createRemoteUser("carlPerkins");
  assertUserAllowed(carlPerkins, acl);

  // not allowed because he's not in ACL and has no netgroups
  UserGroupInformation littleRichard = 
    UserGroupInformation.createRemoteUser("littleRichard");
  assertUserNotAllowed(littleRichard, acl);
}
Example 4
Source File: QueuePlacementRule.java    From big-c with Apache License 2.0 6 votes vote down vote up 
@Override
protected String getQueueForApp(String requestedQueue, String user,
    Groups groups, Map<FSQueueType, Set<String>> configuredQueues)
    throws IOException {
  List<String> groupNames = groups.getGroups(user);
  for (int i = 1; i < groupNames.size(); i++) {
    String group = cleanName(groupNames.get(i));
    if (configuredQueues.get(FSQueueType.LEAF).contains("root." + group)
        || configuredQueues.get(FSQueueType.PARENT).contains(
            "root." + group)) {
      return "root." + group;
    }
  }
  
  return "";
}
Example 5
Source File: TestGroupsCaching.java    From big-c with Apache License 2.0 6 votes vote down vote up 
@Test
public void testCacheEntriesExpire() throws Exception {
  conf.setLong(
    CommonConfigurationKeys.HADOOP_SECURITY_GROUPS_CACHE_SECS, 1);
  FakeTimer timer = new FakeTimer();
  final Groups groups = new Groups(conf, timer);
  groups.cacheGroupsAdd(Arrays.asList(myGroups));
  groups.refresh();
  FakeGroupMapping.clearBlackList();

  // We make an entry
  groups.getGroups("me");
  int startingRequestCount = FakeGroupMapping.getRequestCount();

  timer.advance(20 * 1000);

  // Cache entry has expired so it results in a new fetch
  groups.getGroups("me");
  assertEquals(startingRequestCount + 1, FakeGroupMapping.getRequestCount());
}
Example 6
Source File: TestAccessControlList.java    From big-c with Apache License 2.0 6 votes vote down vote up 
/**
 * Validate the netgroups, both group membership and ACL
 * functionality
 *
 * Note: assumes a specific acl setup done by testNetgroups
 *
 * @param groups group to user mapping service
 * @param acl ACL set up in a specific way, see testNetgroups
 */
private void validateNetgroups(Groups groups,
  AccessControlList acl) throws Exception {

  // check that the netgroups are working
  List<String> elvisGroups = groups.getGroups("elvis");
  assertTrue(elvisGroups.contains("@lasVegas"));
  assertTrue(elvisGroups.contains("@memphis"));
  List<String> jerryLeeLewisGroups = groups.getGroups("jerryLeeLewis");
  assertTrue(jerryLeeLewisGroups.contains("@memphis"));

  // allowed becuase his netgroup is in ACL
  UserGroupInformation elvis = 
    UserGroupInformation.createRemoteUser("elvis");
  assertUserAllowed(elvis, acl);

  // allowed because he's in ACL
  UserGroupInformation carlPerkins = 
    UserGroupInformation.createRemoteUser("carlPerkins");
  assertUserAllowed(carlPerkins, acl);

  // not allowed because he's not in ACL and has no netgroups
  UserGroupInformation littleRichard = 
    UserGroupInformation.createRemoteUser("littleRichard");
  assertUserNotAllowed(littleRichard, acl);
}
Example 7
Source File: TestHSAdminServer.java    From hadoop with Apache License 2.0 5 votes vote down vote up 
@Test
public void testRefreshUserToGroupsMappings() throws Exception {

  String[] args = new String[] { "-refreshUserToGroupsMappings" };
  Groups groups = Groups.getUserToGroupsMappingService(conf);
  String user = UserGroupInformation.getCurrentUser().getUserName();
  System.out.println("first attempt:");
  List<String> g1 = groups.getGroups(user);
  String[] str_groups = new String[g1.size()];
  g1.toArray(str_groups);
  System.out.println(Arrays.toString(str_groups));

  // Now groups of this user has changed but getGroups returns from the
  // cache,so we would see same groups as before
  System.out.println("second attempt, should be same:");
  List<String> g2 = groups.getGroups(user);
  g2.toArray(str_groups);
  System.out.println(Arrays.toString(str_groups));
  for (int i = 0; i < g2.size(); i++) {
    assertEquals("Should be same group ", g1.get(i), g2.get(i));
  }
  // run the command,which clears the cache
  hsAdminClient.run(args);
  System.out
      .println("third attempt(after refresh command), should be different:");
  // Now get groups should return new groups
  List<String> g3 = groups.getGroups(user);
  g3.toArray(str_groups);
  System.out.println(Arrays.toString(str_groups));
  for (int i = 0; i < g3.size(); i++) {
    assertFalse(
        "Should be different group: " + g1.get(i) + " and " + g3.get(i), g1
            .get(i).equals(g3.get(i)));
  }
}
Example 8
Source File: TestGroupsCaching.java    From hadoop with Apache License 2.0 5 votes vote down vote up 
@Test
public void testGroupLookupForStaticUsers() throws Exception {
  conf.setClass(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING,
      FakeunPrivilegedGroupMapping.class, ShellBasedUnixGroupsMapping.class);
  conf.set(CommonConfigurationKeys.HADOOP_USER_GROUP_STATIC_OVERRIDES, "me=;user1=group1;user2=group1,group2");
  Groups groups = new Groups(conf);
  List<String> userGroups = groups.getGroups("me");
  assertTrue("non-empty groups for static user", userGroups.isEmpty());
  assertFalse("group lookup done for static user",
      FakeunPrivilegedGroupMapping.invoked);
  
  List<String> expected = new ArrayList<String>();
  expected.add("group1");

  FakeunPrivilegedGroupMapping.invoked = false;
  userGroups = groups.getGroups("user1");
  assertTrue("groups not correct", expected.equals(userGroups));
  assertFalse("group lookup done for unprivileged user",
      FakeunPrivilegedGroupMapping.invoked);

  expected.add("group2");
  FakeunPrivilegedGroupMapping.invoked = false;
  userGroups = groups.getGroups("user2");
  assertTrue("groups not correct", expected.equals(userGroups));
  assertFalse("group lookup done for unprivileged user",
      FakeunPrivilegedGroupMapping.invoked);

  Configuration newConf = new Configuration();
  newConf.set(CommonConfigurationKeys.HADOOP_USER_GROUP_STATIC_OVERRIDES, "me=;user1=group1;user2=group1,group2;user3=group3");
  groups.refresh(newConf);

  expected.clear();
  expected.add("group3");
  FakeunPrivilegedGroupMapping.invoked = false;
  userGroups = groups.getGroups("user3");
  assertTrue("groups not correct", expected.equals(userGroups));
  assertFalse("group lookup done for unprivileged user",
      FakeunPrivilegedGroupMapping.invoked);
}
Example 9
Source File: TestHSAdminServer.java    From big-c with Apache License 2.0 5 votes vote down vote up 
@Test
public void testRefreshUserToGroupsMappings() throws Exception {

  String[] args = new String[] { "-refreshUserToGroupsMappings" };
  Groups groups = Groups.getUserToGroupsMappingService(conf);
  String user = UserGroupInformation.getCurrentUser().getUserName();
  System.out.println("first attempt:");
  List<String> g1 = groups.getGroups(user);
  String[] str_groups = new String[g1.size()];
  g1.toArray(str_groups);
  System.out.println(Arrays.toString(str_groups));

  // Now groups of this user has changed but getGroups returns from the
  // cache,so we would see same groups as before
  System.out.println("second attempt, should be same:");
  List<String> g2 = groups.getGroups(user);
  g2.toArray(str_groups);
  System.out.println(Arrays.toString(str_groups));
  for (int i = 0; i < g2.size(); i++) {
    assertEquals("Should be same group ", g1.get(i), g2.get(i));
  }
  // run the command,which clears the cache
  hsAdminClient.run(args);
  System.out
      .println("third attempt(after refresh command), should be different:");
  // Now get groups should return new groups
  List<String> g3 = groups.getGroups(user);
  g3.toArray(str_groups);
  System.out.println(Arrays.toString(str_groups));
  for (int i = 0; i < g3.size(); i++) {
    assertFalse(
        "Should be different group: " + g1.get(i) + " and " + g3.get(i), g1
            .get(i).equals(g3.get(i)));
  }
}
Example 10
Source File: TestGroupsCaching.java    From big-c with Apache License 2.0 5 votes vote down vote up 
@Test
public void testGroupLookupForStaticUsers() throws Exception {
  conf.setClass(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING,
      FakeunPrivilegedGroupMapping.class, ShellBasedUnixGroupsMapping.class);
  conf.set(CommonConfigurationKeys.HADOOP_USER_GROUP_STATIC_OVERRIDES, "me=;user1=group1;user2=group1,group2");
  Groups groups = new Groups(conf);
  List<String> userGroups = groups.getGroups("me");
  assertTrue("non-empty groups for static user", userGroups.isEmpty());
  assertFalse("group lookup done for static user",
      FakeunPrivilegedGroupMapping.invoked);
  
  List<String> expected = new ArrayList<String>();
  expected.add("group1");

  FakeunPrivilegedGroupMapping.invoked = false;
  userGroups = groups.getGroups("user1");
  assertTrue("groups not correct", expected.equals(userGroups));
  assertFalse("group lookup done for unprivileged user",
      FakeunPrivilegedGroupMapping.invoked);

  expected.add("group2");
  FakeunPrivilegedGroupMapping.invoked = false;
  userGroups = groups.getGroups("user2");
  assertTrue("groups not correct", expected.equals(userGroups));
  assertFalse("group lookup done for unprivileged user",
      FakeunPrivilegedGroupMapping.invoked);

}