| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package org.apache.ambari.server.controller; |
| |
| import org.apache.ambari.server.utils.CollectionPresentationUtils; |
| import org.junit.Test; |
| |
| import java.util.Arrays; |
| import java.util.Collections; |
| import java.util.List; |
| |
| import static org.junit.Assert.*; |
| |
| public class AuthToLocalBuilderTest { |
| |
| @Test |
| public void testRuleGeneration() { |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), false); |
| |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| // Duplicate principal for secondary namenode, should be filtered out... |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("dn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("jn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("rm/_HOST@EXAMPLE.COM", "yarn"); |
| builder.addRule("jhs/_HOST@EXAMPLE.COM", "mapred"); |
| builder.addRule("hm/_HOST@EXAMPLE.COM", "hbase"); |
| builder.addRule("rs/_HOST@EXAMPLE.COM", "hbase"); |
| |
| builder.addRule("foobar@EXAMPLE.COM", "hdfs"); |
| |
| assertEquals( |
| "RULE:[1:$1@$0](foobar@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + |
| "RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](hm@EXAMPLE.COM)s/.*/hbase/\n" + |
| "RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/\n" + |
| "RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/\n" + |
| "RULE:[2:$1@$0](rs@EXAMPLE.COM)s/.*/hbase/\n" + |
| "DEFAULT", |
| builder.generate()); |
| } |
| |
| |
| @Test |
| public void testRuleGeneration_caseInsensitiveSupport() { |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), true); |
| |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| // Duplicate principal for secondary namenode, should be filtered out... |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("dn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("jn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("rm/_HOST@EXAMPLE.COM", "yarn"); |
| builder.addRule("jhs/_HOST@EXAMPLE.COM", "mapred"); |
| builder.addRule("hm/_HOST@EXAMPLE.COM", "hbase"); |
| builder.addRule("rs/_HOST@EXAMPLE.COM", "hbase"); |
| |
| builder.addRule("foobar@EXAMPLE.COM", "hdfs"); |
| |
| assertEquals( |
| "RULE:[1:$1@$0](foobar@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*///L\n" + |
| "RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](hm@EXAMPLE.COM)s/.*/hbase/\n" + |
| "RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/\n" + |
| "RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/\n" + |
| "RULE:[2:$1@$0](rs@EXAMPLE.COM)s/.*/hbase/\n" + |
| "DEFAULT", |
| builder.generate()); |
| } |
| |
| @Test |
| public void testRuleGeneration_changeToCaseInsensitiveSupport() { |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), false); |
| |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| // Duplicate principal for secondary namenode, should be filtered out... |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("dn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("jn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("rm/_HOST@EXAMPLE.COM", "yarn"); |
| builder.addRule("jhs/_HOST@EXAMPLE.COM", "mapred"); |
| builder.addRule("hm/_HOST@EXAMPLE.COM", "hbase"); |
| builder.addRule("rs/_HOST@EXAMPLE.COM", "hbase"); |
| |
| String existingRules = builder.generate(); |
| |
| builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), true); |
| builder.addRules(existingRules); |
| |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("dn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("jn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("rm/_HOST@EXAMPLE.COM", "yarn"); |
| builder.addRule("jhs/_HOST@EXAMPLE.COM", "mapred"); |
| builder.addRule("hm/_HOST@EXAMPLE.COM", "hbase"); |
| builder.addRule("rs/_HOST@EXAMPLE.COM", "hbase"); |
| |
| assertEquals( |
| "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*///L\n" + |
| "RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](hm@EXAMPLE.COM)s/.*/hbase/\n" + |
| "RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/\n" + |
| "RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/\n" + |
| "RULE:[2:$1@$0](rs@EXAMPLE.COM)s/.*/hbase/\n" + |
| "DEFAULT", |
| builder.generate()); |
| } |
| |
| @Test |
| public void testRuleGeneration_changeToCaseSensitiveSupport() { |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), true); |
| |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| // Duplicate principal for secondary namenode, should be filtered out... |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("dn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("jn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("rm/_HOST@EXAMPLE.COM", "yarn"); |
| builder.addRule("jhs/_HOST@EXAMPLE.COM", "mapred"); |
| builder.addRule("hm/_HOST@EXAMPLE.COM", "hbase"); |
| builder.addRule("rs/_HOST@EXAMPLE.COM", "hbase"); |
| |
| String existingRules = builder.generate(); |
| |
| builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), false); |
| builder.addRules(existingRules); |
| |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("dn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("jn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("rm/_HOST@EXAMPLE.COM", "yarn"); |
| builder.addRule("jhs/_HOST@EXAMPLE.COM", "mapred"); |
| builder.addRule("hm/_HOST@EXAMPLE.COM", "hbase"); |
| builder.addRule("rs/_HOST@EXAMPLE.COM", "hbase"); |
| |
| assertEquals( |
| "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + |
| "RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](hm@EXAMPLE.COM)s/.*/hbase/\n" + |
| "RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/\n" + |
| "RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/\n" + |
| "RULE:[2:$1@$0](rs@EXAMPLE.COM)s/.*/hbase/\n" + |
| "DEFAULT", |
| builder.generate()); |
| } |
| |
| @Test |
| public void testRuleGeneration_ExistingRules() { |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), false); |
| // previously generated non-host specific rules |
| builder.addRule("foobar@EXAMPLE.COM", "hdfs"); |
| // doesn't exist in latter generation |
| builder.addRule("hm/_HOST@EXAMPLE.COM", "hbase"); |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| String existingRules = builder.generate(); |
| |
| builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), false); |
| // set previously existing rules |
| builder.addRules(existingRules); |
| |
| builder.addRule("dn/_HOST@EXAMPLE.COM", "hdfs"); |
| // Duplicate of existing rule should not result in duplicate rule generation |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| // duplicated again in this builder should not result in duplicate rule generation |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("jn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("rm/_HOST@EXAMPLE.COM", "yarn"); |
| builder.addRule("jhs/_HOST@EXAMPLE.COM", "mapred"); |
| builder.addRule("rs/_HOST@EXAMPLE.COM", "hbase"); |
| |
| assertEquals( |
| "RULE:[1:$1@$0](foobar@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + |
| "RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](hm@EXAMPLE.COM)s/.*/hbase/\n" + |
| "RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/\n" + |
| "RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/\n" + |
| "RULE:[2:$1@$0](rs@EXAMPLE.COM)s/.*/hbase/\n" + |
| "DEFAULT", |
| builder.generate()); |
| } |
| |
| @Test |
| public void testRuleGeneration_ExistingRules_existingMoreSpecificRule() { |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), false); |
| // previously generated non-host specific rules |
| builder.addRule("foobar@EXAMPLE.COM", "hdfs"); |
| builder.addRule("hm/_HOST@EXAMPLE.COM", "hbase"); |
| builder.addRule("jn/_HOST@EXAMPLE.COM", "hdfs"); |
| String existingRules = builder.generate(); |
| // prepend host specific rule |
| existingRules = "RULE:[2:$1/$2@$0](dn/somehost.com@EXAMPLE.COM)s/.*/hdfs/\n" + existingRules; |
| // append default realm rule for additional realm |
| existingRules += "\nRULE:[1:$1@$0](.*@OTHER_REALM.COM)s/@.*//"; |
| |
| builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), false); |
| // set previously existing rules |
| builder.addRules(existingRules); |
| // more specific host qualifed rule exists for dn |
| // non-host specific rule should still be generated but occur later in generated string |
| builder.addRule("dn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| // Duplicate principal for secondary namenode, should be filtered out... |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| // duplicate of existing rule |
| builder.addRule("jn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("rm/_HOST@EXAMPLE.COM", "yarn"); |
| builder.addRule("jhs/_HOST@EXAMPLE.COM", "mapred"); |
| builder.addRule("rs/_HOST@EXAMPLE.COM", "hbase"); |
| |
| |
| assertEquals( |
| "RULE:[1:$1@$0](foobar@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + |
| "RULE:[1:$1@$0](.*@OTHER_REALM.COM)s/@.*//\n" + |
| "RULE:[2:$1/$2@$0](dn/somehost.com@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](hm@EXAMPLE.COM)s/.*/hbase/\n" + |
| "RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/\n" + |
| "RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/\n" + |
| "RULE:[2:$1@$0](rs@EXAMPLE.COM)s/.*/hbase/\n" + |
| "DEFAULT", |
| builder.generate()); |
| } |
| |
| @Test |
| public void testAddNullExistingRule() { |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), false); |
| builder.addRules(null); |
| |
| assertEquals( |
| "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + |
| "DEFAULT", |
| builder.generate() |
| ); |
| } |
| |
| @Test |
| public void testRuleRegexWithDifferentEnding() { |
| String rules = |
| "RULE:[1:$1@$0](foobar@EXAMPLE.COM)s/.*/hdfs/\\\\\n" + |
| "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\ntext\\\\" + |
| "RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](hm@EXAMPLE.COM)s/.*/hbase/" + |
| "RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/\\\\\\" + |
| "RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/\\/\\"; |
| |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), false); |
| builder.addRules(rules); |
| |
| assertEquals( |
| "RULE:[1:$1@$0](foobar@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + |
| "RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](hm@EXAMPLE.COM)s/.*/hbase/\n" + |
| "RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/\n" + |
| "RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "DEFAULT", |
| builder.generate()); |
| } |
| |
| |
| @Test |
| public void testRuleRegexWithComplexReplacements() { |
| String rules = |
| "RULE:[1:$1@$0](foobar@\\QEXAMPLE1.COM\\E$)s/.*@\\QEXAMPLE1.COM\\E$/hdfs/\n" + |
| "RULE:[1:$1@$0](.*@\\QEXAMPLE1.COM\\E)s/@\\QEXAMPLE1.COM\\E//\n" + |
| "RULE:[2:$1@$0](.*@\\QEXAMPLE1.COM\\E)s/@\\QEXAMPLE1.COM\\E//"; |
| |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), false); |
| builder.addRules(rules); |
| |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("dn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("jn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("rm/_HOST@EXAMPLE.COM", "yarn"); |
| builder.addRule("jhs/_HOST@EXAMPLE.COM", "mapred"); |
| builder.addRule("hm/_HOST@EXAMPLE.COM", "hbase"); |
| builder.addRule("rs/_HOST@EXAMPLE.COM", "hbase"); |
| builder.addRule("ambari-qa-c1@EXAMPLE.COM", "ambari-qa"); |
| |
| assertEquals( |
| "RULE:[1:$1@$0](ambari-qa-c1@EXAMPLE.COM)s/.*/ambari-qa/\n" + |
| "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + |
| "RULE:[1:$1@$0](.*@\\QEXAMPLE1.COM\\E)s/@\\QEXAMPLE1.COM\\E//\n" + |
| "RULE:[1:$1@$0](foobar@\\QEXAMPLE1.COM\\E$)s/.*@\\QEXAMPLE1.COM\\E$/hdfs/\n" + |
| "RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](hm@EXAMPLE.COM)s/.*/hbase/\n" + |
| "RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/\n" + |
| "RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/\n" + |
| "RULE:[2:$1@$0](rs@EXAMPLE.COM)s/.*/hbase/\n" + |
| "RULE:[2:$1@$0](.*@\\QEXAMPLE1.COM\\E)s/@\\QEXAMPLE1.COM\\E//\n" + |
| "DEFAULT", |
| builder.generate()); |
| } |
| |
| @Test |
| public void testRulesWithWhitespace() { |
| String rulesWithWhitespace = |
| "RULE: [1:$1@$0](foobar@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[ 1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + |
| "RULE:[2: $1@$0](dn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0 ](hm@EXAMPLE.COM)s/.*/hbase/\n" + |
| "RULE:[2:$1@$0] (jhs@EXAMPLE.COM)s/.*/mapred/\n" + |
| "RULE:[2:$1@$0](jn@EXAMPLE.COM) s/.*/hdfs/\n"; |
| |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), false); |
| builder.addRules(rulesWithWhitespace); |
| |
| assertEquals( |
| "RULE:[1:$1@$0](foobar@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + |
| "RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](hm@EXAMPLE.COM)s/.*/hbase/\n" + |
| "RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/\n" + |
| "RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "DEFAULT", |
| builder.generate()); |
| |
| } |
| |
| @Test |
| public void testExistingRuleWithNoRealm() { |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), false); |
| builder.addRules("RULE:[1:$1](foobar)s/.*/hdfs/"); |
| |
| assertEquals( |
| "RULE:[1:$1](foobar)s/.*/hdfs/\n" + |
| "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + |
| "DEFAULT", |
| builder.generate()); |
| } |
| |
| @Test |
| public void testExistingRuleWithNoRealm2() { |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), false); |
| builder.addRules("RULE:[1:$1/$2](foobar/someHost)s/.*/hdfs/"); |
| |
| assertEquals( |
| "RULE:[1:$1/$2](foobar/someHost)s/.*/hdfs/\n" + |
| "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + |
| "DEFAULT", |
| builder.generate()); |
| } |
| |
| @Test(expected = IllegalArgumentException.class) |
| public void testAddNewRuleWithNoRealm() { |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), false); |
| |
| builder.addRule("someUser", "hdfs"); |
| } |
| |
| @Test(expected = IllegalArgumentException.class) |
| public void testAddNewRuleWithNoRealm2() { |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), false); |
| |
| builder.addRule("someUser/someHost", "hdfs"); |
| } |
| |
| @Test |
| public void testExistingWildcardRealm() { |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), false); |
| builder.addRules("RULE:[2:$1@$0]([rn]m@.*)s/.*/yarn/\n" + |
| "RULE:[2:$1@$0]([nd]n@.*)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](.*@EXAMPLE.COM)s/.*/yarn/\n" + |
| "DEFAULT"); |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("jn/_HOST@EXAMPLE.COM", "hdfs"); |
| |
| // ensure that no default realm rule is generated for .* realm and |
| // also that that .* realm rules are ordered last in relation to |
| // other rules with the same number of expected principal components |
| assertEquals( |
| "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + |
| "RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](.*@EXAMPLE.COM)s/.*/yarn/\n" + |
| "RULE:[2:$1@$0]([nd]n@.*)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0]([rn]m@.*)s/.*/yarn/\n" + |
| "DEFAULT", |
| builder.generate()); |
| } |
| |
| @Test |
| public void testClone() throws CloneNotSupportedException { |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), false); |
| |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("dn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("jn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("rm/_HOST@EXAMPLE.COM", "yarn"); |
| builder.addRule("jhs/_HOST@EXAMPLE.COM", "mapred"); |
| builder.addRule("hm/_HOST@EXAMPLE.COM", "hbase"); |
| builder.addRule("rs/_HOST@EXAMPLE.COM", "hbase"); |
| |
| builder.addRule("foobar@EXAMPLE.COM", "hdfs"); |
| |
| AuthToLocalBuilder copy = (AuthToLocalBuilder) builder.clone(); |
| assertNotSame(builder, copy); |
| assertEquals(builder.generate(), copy.generate()); |
| |
| // Ensure that mutable fields do not change the copy when changed in the original |
| builder.addRule("user@EXAMPLE.COM", "hdfs"); |
| assertTrue(!copy.generate().equals(builder.generate())); |
| } |
| |
| @Test |
| public void testAdditionalRealms() { |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", "REALM2,REALM3, REALM1 ", false); |
| |
| builder.addRules( |
| "RULE:[1:$1@$0](.*@FOOBAR.COM)s/@.*//\n" + |
| "DEFAULT"); |
| |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("dn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("jn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("rm/_HOST@EXAMPLE.COM", "yarn"); |
| builder.addRule("jhs/_HOST@EXAMPLE.COM", "mapred"); |
| builder.addRule("hm/_HOST@EXAMPLE.COM", "hbase"); |
| builder.addRule("rs/_HOST@EXAMPLE.COM", "hbase"); |
| |
| // Depends on hashing, string representation can be different |
| List<String> rules = Arrays.asList("RULE:[1:$1@$0](.*@FOOBAR.COM)s/@.*//", |
| "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//", |
| "RULE:[1:$1@$0](.*@REALM2)s/@.*//", |
| "RULE:[1:$1@$0](.*@REALM1)s/@.*//", |
| "RULE:[1:$1@$0](.*@REALM3)s/@.*//", |
| "RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/", |
| "RULE:[2:$1@$0](hm@EXAMPLE.COM)s/.*/hbase/", |
| "RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/", |
| "RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/", |
| "RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/", |
| "RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/", |
| "RULE:[2:$1@$0](rs@EXAMPLE.COM)s/.*/hbase/", |
| "DEFAULT"); |
| assertTrue(CollectionPresentationUtils.isStringPermutationOfCollection(builder.generate(), rules, |
| "\n", 0, 0)); |
| } |
| |
| @Test |
| public void testAdditionalRealms_Null() { |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", Collections.<String>emptyList(), false); |
| |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("dn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("jn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("rm/_HOST@EXAMPLE.COM", "yarn"); |
| builder.addRule("jhs/_HOST@EXAMPLE.COM", "mapred"); |
| builder.addRule("hm/_HOST@EXAMPLE.COM", "hbase"); |
| builder.addRule("rs/_HOST@EXAMPLE.COM", "hbase"); |
| |
| assertEquals( |
| "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + |
| "RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](hm@EXAMPLE.COM)s/.*/hbase/\n" + |
| "RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/\n" + |
| "RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/\n" + |
| "RULE:[2:$1@$0](rs@EXAMPLE.COM)s/.*/hbase/\n" + |
| "DEFAULT", |
| builder.generate()); |
| } |
| |
| @Test |
| public void testAdditionalRealms_Empty() { |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", "", false); |
| |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("dn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("jn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("rm/_HOST@EXAMPLE.COM", "yarn"); |
| builder.addRule("jhs/_HOST@EXAMPLE.COM", "mapred"); |
| builder.addRule("hm/_HOST@EXAMPLE.COM", "hbase"); |
| builder.addRule("rs/_HOST@EXAMPLE.COM", "hbase"); |
| |
| assertEquals( |
| "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + |
| "RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](hm@EXAMPLE.COM)s/.*/hbase/\n" + |
| "RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/\n" + |
| "RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/\n" + |
| "RULE:[2:$1@$0](rs@EXAMPLE.COM)s/.*/hbase/\n" + |
| "DEFAULT", |
| builder.generate()); |
| } |
| |
| @Test |
| public void testUseCase() { |
| AuthToLocalBuilder builder = new AuthToLocalBuilder("EXAMPLE.COM", "FOOBAR.COM,HW.HDP,BAZ.NET", false); |
| |
| String existingRules = |
| "RULE:[1:$1@$0](.*@BAZ.NET)s/@.*//\n" + |
| "RULE:[1:$1@$0](accumulo-c1@EXAMPLE.COM)s/.*/accumulo/\n" + |
| "RULE:[1:$1@$0](ambari-qa-c1@EXAMPLE.COM)s/.*/ambari-qa/\n" + |
| "RULE:[1:$1@$0](hbase-c1@EXAMPLE.COM)s/.*/hbase/\n" + |
| "RULE:[1:$1@$0](hdfs-c1@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[1:$1@$0](spark-c1@EXAMPLE.COM)s/.*/spark/\n" + |
| "RULE:[1:$1@$0](tracer-c1@EXAMPLE.COM)s/.*/accumulo/\n" + |
| "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + |
| "RULE:[1:$1@$0](.*@FOOBAR.COM)s/@.*//\n" + |
| "RULE:[1:$1@$0](.*@HW.HDP)s/@.*//\n" + |
| "RULE:[2:$1@$0](accumulo@EXAMPLE.COM)s/.*/accumulo/\n" + |
| "RULE:[2:$1@$0](amshbase@EXAMPLE.COM)s/.*/ams/\n" + |
| "RULE:[2:$1@$0](amszk@EXAMPLE.COM)s/.*/ams/\n" + |
| "RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](falcon@EXAMPLE.COM)s/.*/falcon/\n" + |
| "RULE:[2:$1@$0](hbase@EXAMPLE.COM)s/.*/hbase/\n" + |
| "RULE:[2:$1@$0](hive@EXAMPLE.COM)s/.*/hive/\n" + |
| "RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/\n" + |
| "RULE:[2:$1@$0](nm@EXAMPLE.COM)s/.*/yarn/\n" + |
| "RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/\n" + |
| "RULE:[2:$1@$0](oozie@EXAMPLE.COM)s/.*/oozie/\n" + |
| "RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/\n" + |
| "RULE:[2:$1@$0](yarn@EXAMPLE.COM)s/.*/yarn/\n" + |
| "DEFAULT"; |
| |
| builder.addRules(existingRules); |
| |
| builder.addRule("nn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("dn/_HOST@EXAMPLE.COM", "hdfs"); |
| builder.addRule("rm/_HOST@EXAMPLE.COM", "yarn"); |
| builder.addRule("yarn/_HOST@EXAMPLE.COM", "yarn"); |
| builder.addRule("kafka/_HOST@EXAMPLE.COM", null); |
| builder.addRule("hdfs-c1@EXAMPLE.COM", "hdfs"); |
| |
| assertEquals(existingRules, builder.generate()); |
| } |
| } |