ProxyUserServiceTest.java

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.apache.falcon.service;

import org.apache.falcon.FalconException;
import org.apache.falcon.util.RuntimeProperties;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

import java.security.AccessControlException;
import java.util.List;

/**
 * Unit tests for ProxyUserService.
 */
public class ProxyUserServiceTest {

    private ProxyUserService proxyUserService;
    private GroupsService groupsService;

    @BeforeClass
    public void setUp() throws Exception {
        Services.get().register(new ProxyUserService());
        Services.get().register(new GroupsService());

        groupsService = Services.get().getService(GroupsService.SERVICE_NAME);
        proxyUserService = Services.get().getService(ProxyUserService.SERVICE_NAME);
        groupsService.init();
    }

    @AfterClass
    public void tearDown() throws Exception {
        proxyUserService.destroy();
        groupsService.destroy();
        Services.get().reset();
    }

    @Test
    public void testGetName() throws Exception {
        proxyUserService.init();
        Assert.assertEquals(proxyUserService.getName(), ProxyUserService.SERVICE_NAME);
    }

    @Test (expectedExceptions = FalconException.class, expectedExceptionsMessageRegExp = ".*falcon.service"
            + ".ProxyUserService.proxyuser.foo.groups property not set in runtime properties.*")
    public void testWrongConfigGroups() throws Exception {
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "*");
        RuntimeProperties.get().remove("falcon.service.ProxyUserService.proxyuser.foo.groups");
        proxyUserService.init();
    }

    @Test (expectedExceptions = FalconException.class, expectedExceptionsMessageRegExp = ".*falcon.service"
            + ".ProxyUserService.proxyuser.foo.hosts property not set in runtime properties.*")
    public void testWrongConfigHosts() throws Exception {
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups", "*");
        RuntimeProperties.get().remove("falcon.service.ProxyUserService.proxyuser.foo.hosts");
        proxyUserService.init();
    }

    @Test (expectedExceptions = FalconException.class,
           expectedExceptionsMessageRegExp = "Exception normalizing host name.*")
    public void testWrongHost() throws Exception {
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "otherhost");
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups", "*");
        proxyUserService.init();
    }

    @Test
    public void testValidateAnyHostAnyUser() throws Exception {
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "*");
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups", "*");
        proxyUserService.init();
        proxyUserService.validate("foo", "localhost", "bar");
    }

    @Test (expectedExceptions = AccessControlException.class,
           expectedExceptionsMessageRegExp = "User .* not defined as proxyuser.*")
    public void testInvalidProxyUser() throws Exception {
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "*");
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups", "*");
        proxyUserService.init();
        proxyUserService.validate("bar", "localhost", "foo");
    }

    @Test
    public void testValidateHost() throws Exception {
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "*");
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups", "*");
        proxyUserService.init();
        proxyUserService.validate("foo", "localhost", "bar");
    }

    private String getGroup() throws Exception {
        List<String> g = groupsService.getGroups(System.getProperty("user.name"));
        return g.get(0);
    }

    @Test
    public void testValidateGroup() throws Exception {
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "*");
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups",
                    getGroup());

        proxyUserService.init();
        proxyUserService.validate("foo", "localhost", System.getProperty("user.name"));
    }

    @Test (expectedExceptions = AccessControlException.class,
        expectedExceptionsMessageRegExp = "Could not resolve host .*")
    public void testUnknownHost() throws Exception {
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "localhost");
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups", "*");
        proxyUserService.init();
        proxyUserService.validate("foo", "unknownhost.bar.foo", "bar");
    }

    @Test (expectedExceptions = AccessControlException.class,
            expectedExceptionsMessageRegExp = "Unauthorized host .*")
    public void testInvalidHost() throws Exception {
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "localhost");
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups", "*");
        proxyUserService.init();
        proxyUserService.validate("foo", "www.example.com", "bar");
    }

    @Test (expectedExceptions = AccessControlException.class,
           expectedExceptionsMessageRegExp = "Unauthorized proxyuser .*, not in proxyuser groups")
    public void testInvalidGroup() throws Exception {
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "localhost");
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups", "nobody");
        proxyUserService.init();
        proxyUserService.validate("foo", "localhost", System.getProperty("user.name"));
    }

    @Test (expectedExceptions = IllegalArgumentException.class,
           expectedExceptionsMessageRegExp = "proxyUser cannot be null or empty, .*")
    public void testNullProxyUser() throws Exception {
        proxyUserService.init();
        proxyUserService.validate(null, "localhost", "bar");
    }

    @Test (expectedExceptions = IllegalArgumentException.class,
           expectedExceptionsMessageRegExp = "proxyHost cannot be null or empty, .*")
    public void testNullHost() throws Exception {
        proxyUserService.init();
        proxyUserService.validate("foo", null, "bar");
    }

}