/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.hadoop.mapred;
import java.io.IOException;
import junit.framework.TestCase;
import org.apache.hadoop.mapreduce.MRConfig;
import static org.apache.hadoop.mapred.QueueManagerTestUtils.*;
import org.apache.hadoop.security.UserGroupInformation;
/**
* Unit test class to test queue acls
*
*/
public class TestQueueAclsForCurrentUser extends TestCase {
private QueueManager queueManager;
private JobConf conf = null;
UserGroupInformation currentUGI = null;
String submitAcl = QueueACL.SUBMIT_JOB.getAclName();
String adminAcl = QueueACL.ADMINISTER_JOBS.getAclName();
@Override
protected void tearDown() {
deleteQueuesConfigFile();
}
// No access for queues for the user currentUGI
private void setupConfForNoAccess() throws Exception {
currentUGI = UserGroupInformation.getLoginUser();
String userName = currentUGI.getUserName();
String[] queueNames = {"qu1", "qu2"};
// Only user u1 has access for queue qu1
// Only group g2 has acls for the queue qu2
createQueuesConfigFile(
queueNames, new String[]{"u1", " g2"}, new String[]{"u1", " g2"});
conf = new JobConf();
conf.setBoolean(MRConfig.MR_ACLS_ENABLED, true);
queueManager = new QueueManager(conf);
}
/**
* sets up configuration for acls test.
* @return
*/
private void setupConf(boolean aclSwitch) throws Exception{
currentUGI = UserGroupInformation.getLoginUser();
String userName = currentUGI.getUserName();
StringBuilder groupNames = new StringBuilder("");
String[] ugiGroupNames = currentUGI.getGroupNames();
int max = ugiGroupNames.length-1;
for(int j=0;j< ugiGroupNames.length;j++) {
groupNames.append(ugiGroupNames[j]);
if(j<max) {
groupNames.append(",");
}
}
String groupsAcl = " " + groupNames.toString();
//q1 Has acls for all the users, supports both submit and administer
//q2 only u2 has acls for the queues
//q3 Only u2 has submit operation access rest all have administer access
//q4 Only u2 has administer access , anyone can do submit
//qu5 only current user's groups has access
//qu6 only current user has submit access
//qu7 only current user has administrator access
String[] queueNames =
{"qu1", "qu2", "qu3", "qu4", "qu5", "qu6", "qu7"};
String[] submitAcls =
{"*", "u2", "u2", "*", groupsAcl, userName, "u2"};
String[] adminsAcls =
{"*", "u2", "*", "u2", groupsAcl, "u2", userName};
createQueuesConfigFile(queueNames, submitAcls, adminsAcls);
conf = new JobConf();
conf.setBoolean(MRConfig.MR_ACLS_ENABLED, aclSwitch);
queueManager = new QueueManager(conf);
}
public void testQueueAclsForCurrentuser() throws Exception {
setupConf(true);
QueueAclsInfo[] queueAclsInfoList =
queueManager.getQueueAcls(currentUGI);
checkQueueAclsInfo(queueAclsInfoList);
}
// Acls are disabled on the mapreduce cluster
public void testQueueAclsForCurrentUserAclsDisabled() throws Exception {
setupConf(false);
//fetch the acls info for current user.
QueueAclsInfo[] queueAclsInfoList = queueManager.
getQueueAcls(currentUGI);
checkQueueAclsInfo(queueAclsInfoList);
}
public void testQueueAclsForNoAccess() throws Exception {
setupConfForNoAccess();
QueueAclsInfo[] queueAclsInfoList = queueManager.
getQueueAcls(currentUGI);
assertTrue(queueAclsInfoList.length == 0);
}
private void checkQueueAclsInfo(QueueAclsInfo[] queueAclsInfoList)
throws IOException {
if (conf.get(MRConfig.MR_ACLS_ENABLED).equalsIgnoreCase("true")) {
for (int i = 0; i < queueAclsInfoList.length; i++) {
QueueAclsInfo acls = queueAclsInfoList[i];
String queueName = acls.getQueueName();
assertFalse(queueName.contains("qu2"));
if (queueName.equals("qu1")) {
assertTrue(acls.getOperations().length == 2);
assertTrue(checkAll(acls.getOperations()));
} else if (queueName.equals("qu3")) {
assertTrue(acls.getOperations().length == 1);
assertTrue(acls.getOperations()[0].equalsIgnoreCase(adminAcl));
} else if (queueName.equals("qu4")) {
assertTrue(acls.getOperations().length == 1);
assertTrue(acls.getOperations()[0].equalsIgnoreCase(submitAcl));
} else if (queueName.equals("qu5")) {
assertTrue(acls.getOperations().length == 2);
assertTrue(checkAll(acls.getOperations()));
} else if(queueName.equals("qu6")) {
assertTrue(acls.getOperations()[0].equals(submitAcl));
} else if(queueName.equals("qu7")) {
assertTrue(acls.getOperations()[0].equals(adminAcl));
}
}
} else {
for (int i = 0; i < queueAclsInfoList.length; i++) {
QueueAclsInfo acls = queueAclsInfoList[i];
String queueName = acls.getQueueName();
assertTrue(acls.getOperations().length == 2);
assertTrue(checkAll(acls.getOperations()));
}
}
}
private boolean checkAll(String[] operations){
boolean submit = false;
boolean admin = false;
for(String val: operations){
if(val.equalsIgnoreCase(submitAcl))
submit = true;
else if(val.equalsIgnoreCase(adminAcl))
admin = true;
}
if(submit && admin) return true;
return false;
}
}