AuthenticationInitializationServiceTest.java

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.apache.falcon.security;

import org.apache.falcon.FalconException;
import org.apache.falcon.util.FalconTestUtil;
import org.apache.falcon.util.StartupProperties;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

import java.io.File;


/**
 * Unit test for AuthenticationInitializationService that employs mocks.
 */
public class AuthenticationInitializationServiceTest {

    private AuthenticationInitializationService authenticationService;

    @Mock
    private UserGroupInformation mockLoginUser;

    @BeforeClass
    public void setUp() {
        MockitoAnnotations.initMocks(this);

        authenticationService = new AuthenticationInitializationService();
    }

    @Test
    public void testGetName() {
        Assert.assertEquals("Authentication initialization service",
                authenticationService.getName());
    }

    @Test
    public void testInitForSimpleAuthenticationMethod() {
        try {
            StartupProperties.get().setProperty(SecurityUtil.AUTHENTICATION_TYPE,
                    PseudoAuthenticationHandler.TYPE);
            authenticationService.init();

            UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
            Assert.assertFalse(loginUser.isFromKeytab());
            Assert.assertEquals(loginUser.getAuthenticationMethod().name().toLowerCase(),
                    PseudoAuthenticationHandler.TYPE);
            Assert.assertEquals(System.getProperty("user.name"), loginUser.getUserName());
        } catch (Exception e) {
            Assert.fail("AuthenticationInitializationService init failed.", e);
        }
    }

    @Test
    public void testKerberosAuthenticationWithKeytabFileDoesNotExist() {
        try {
            StartupProperties.get().setProperty(SecurityUtil.AUTHENTICATION_TYPE,
                    KerberosAuthenticationHandler.TYPE);
            StartupProperties.get().setProperty(AuthenticationInitializationService.KERBEROS_KEYTAB, "/blah/blah");
            authenticationService.init();
            Assert.fail("The keytab file does not exist! must have been thrown.");
        } catch (Exception e) {
            Assert.assertEquals(e.getCause().getClass(), IllegalArgumentException.class);
        }
    }

    @Test
    public void testKerberosAuthenticationWithKeytabFileIsADirectory() {
        try {
            StartupProperties.get().setProperty(SecurityUtil.AUTHENTICATION_TYPE,
                    KerberosAuthenticationHandler.TYPE);
            StartupProperties.get().setProperty(AuthenticationInitializationService.KERBEROS_KEYTAB, "/tmp/");
            authenticationService.init();
            Assert.fail("The keytab file cannot be a directory! must have been thrown.");
        } catch (Exception e) {
            Assert.assertEquals(e.getCause().getClass(), IllegalArgumentException.class);
        }
    }

    @Test
    public void testKerberosAuthenticationWithKeytabFileNotReadable() {
        File tempFile = new File(".keytabFile");
        try {
            assert tempFile.createNewFile();
            assert tempFile.setReadable(false);

            StartupProperties.get().setProperty(SecurityUtil.AUTHENTICATION_TYPE,
                    KerberosAuthenticationHandler.TYPE);
            StartupProperties.get().setProperty(
                    AuthenticationInitializationService.KERBEROS_KEYTAB, tempFile.toString());
            authenticationService.init();
            Assert.fail("The keytab file is not readable! must have been thrown.");
        } catch (Exception e) {
            Assert.assertEquals(e.getCause().getClass(), IllegalArgumentException.class);
        } finally {
            assert tempFile.delete();
        }
    }

    @Test (enabled = false)
    public void testInitForKerberosAuthenticationMethod() throws FalconException {
        Mockito.when(mockLoginUser.getAuthenticationMethod())
                .thenReturn(UserGroupInformation.AuthenticationMethod.KERBEROS);
        Mockito.when(mockLoginUser.getUserName()).thenReturn(FalconTestUtil.TEST_USER_1);
        Mockito.when(mockLoginUser.isFromKeytab()).thenReturn(Boolean.TRUE);

        StartupProperties.get().setProperty(SecurityUtil.AUTHENTICATION_TYPE,
                KerberosAuthenticationHandler.TYPE);
        StartupProperties.get().setProperty(
                AuthenticationInitializationService.KERBEROS_KEYTAB, "falcon.kerberos.keytab");
        StartupProperties.get().setProperty(AuthenticationInitializationService.KERBEROS_PRINCIPAL,
                FalconTestUtil.TEST_USER_1);

        authenticationService.init();

        Assert.assertTrue(mockLoginUser.isFromKeytab());
        Assert.assertEquals(mockLoginUser.getAuthenticationMethod().name(),
                KerberosAuthenticationHandler.TYPE);
        Assert.assertEquals(FalconTestUtil.TEST_USER_1, mockLoginUser.getUserName());
    }
}