Google Git
Sign in
apache / accumulo / bca516000bdb54b1e5582f908e0a525634a120f7 / . / server / base / src / test / java / org / apache / accumulo / server / AccumuloServerContextTest.java
blob: e2f5f2367fb4f4a65df68ca09c547f6d5aa57eaf [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.accumulo.server;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.security.PrivilegedExceptionAction;
import java.util.Iterator;
import java.util.Map.Entry;
import org.apache.accumulo.core.client.ClientConfiguration;
import org.apache.accumulo.core.client.ClientConfiguration.ClientProperty;
import org.apache.accumulo.core.client.Instance;
import org.apache.accumulo.core.client.impl.ClientContext;
import org.apache.accumulo.core.client.impl.Credentials;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.accumulo.core.conf.AccumuloConfiguration;
import org.apache.accumulo.core.conf.Property;
import org.apache.accumulo.core.conf.SiteConfiguration;
import org.apache.accumulo.server.conf.ServerConfigurationFactory;
import org.apache.accumulo.server.rpc.SaslServerConnectionParams;
import org.apache.accumulo.server.rpc.ThriftServerType;
import org.apache.accumulo.server.security.SystemCredentials.SystemToken;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.security.UserGroupInformation;
import org.easymock.EasyMock;
import org.easymock.IAnswer;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
public class AccumuloServerContextTest {
private UserGroupInformation testUser;
private String username;
@Before
public void setup() throws Exception {
System.setProperty("java.security.krb5.realm", "accumulo");
System.setProperty("java.security.krb5.kdc", "fake");
Configuration conf = new Configuration(false);
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
UserGroupInformation.setConfiguration(conf);
testUser = UserGroupInformation.createUserForTesting("test_user", new String[0]);
username = testUser.getUserName();
}
@Test
public void testSasl() throws Exception {
testUser.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
Instance instance = EasyMock.createMock(Instance.class);
ClientConfiguration clientConf = ClientConfiguration.loadDefault();
clientConf.setProperty(ClientProperty.INSTANCE_RPC_SASL_ENABLED, "true");
clientConf.setProperty(ClientProperty.KERBEROS_SERVER_PRIMARY, "accumulo");
final AccumuloConfiguration conf = ClientContext.convertClientConfig(clientConf);
SiteConfiguration siteConfig = EasyMock.createMock(SiteConfiguration.class);
EasyMock.expect(siteConfig.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)).andReturn(true);
// Deal with SystemToken being private
PasswordToken pw = new PasswordToken("fake");
ByteArrayOutputStream baos = new ByteArrayOutputStream();
pw.write(new DataOutputStream(baos));
SystemToken token = new SystemToken();
token.readFields(new DataInputStream(new ByteArrayInputStream(baos.toByteArray())));
ServerConfigurationFactory factory = EasyMock.createMock(ServerConfigurationFactory.class);
EasyMock.expect(factory.getConfiguration()).andReturn(conf).anyTimes();
EasyMock.expect(factory.getSiteConfiguration()).andReturn(siteConfig).anyTimes();
EasyMock.expect(factory.getInstance()).andReturn(instance).anyTimes();
AccumuloServerContext context = EasyMock.createMockBuilder(AccumuloServerContext.class)
.addMockedMethod("enforceKerberosLogin").addMockedMethod("getConfiguration")
.addMockedMethod("getServerConfigurationFactory").addMockedMethod("getCredentials")
.createMock();
context.enforceKerberosLogin();
EasyMock.expectLastCall().anyTimes();
EasyMock.expect(context.getConfiguration()).andReturn(conf).anyTimes();
EasyMock.expect(context.getServerConfigurationFactory()).andReturn(factory).anyTimes();
EasyMock.expect(context.getCredentials())
.andReturn(new Credentials("accumulo/hostname@FAKE.COM", token)).once();
// Just make the SiteConfiguration delegate to our ClientConfiguration (by way of the
// AccumuloConfiguration)
// Presently, we only need get(Property) and iterator().
EasyMock.expect(siteConfig.get(EasyMock.anyObject(Property.class)))
.andAnswer(new IAnswer<String>() {
@Override
public String answer() {
Object[] args = EasyMock.getCurrentArguments();
return conf.get((Property) args[0]);
}
}).anyTimes();
EasyMock.expect(siteConfig.iterator())
.andAnswer(new IAnswer<Iterator<Entry<String,String>>>() {
@Override
public Iterator<Entry<String,String>> answer() {
return conf.iterator();
}
}).anyTimes();
EasyMock.replay(factory, context, siteConfig);
Assert.assertEquals(ThriftServerType.SASL, context.getThriftServerType());
SaslServerConnectionParams saslParams = context.getSaslParams();
Assert.assertEquals(new SaslServerConnectionParams(conf, token), saslParams);
Assert.assertEquals(username, saslParams.getPrincipal());
EasyMock.verify(factory, context, siteConfig);
return null;
}
});
}
}