mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestQueueAclsForCurrentUser.java - hadoop - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.hadoop.mapred;

 import java.io.IOException;
 import javax.security.auth.login.LoginException;
 import junit.framework.TestCase;
 import org.apache.hadoop.security.UnixUserGroupInformation;
 import org.apache.hadoop.security.UserGroupInformation;

 /**
  * Unit test class to test queue acls
  *
  */
 public class TestQueueAclsForCurrentUser extends TestCase {

   private QueueManager queueManager;
   private JobConf conf = null;
   UserGroupInformation currentUGI = null;
   String submitAcl = Queue.QueueOperation.SUBMIT_JOB.getAclName();
   String adminAcl  = Queue.QueueOperation.ADMINISTER_JOBS.getAclName();

   private void setupConfForNoAccess() throws IOException,LoginException {
     currentUGI = UnixUserGroupInformation.login();
     String userName = currentUGI.getUserName();
     conf = new JobConf();

     conf.setBoolean("mapred.acls.enabled",true);

     conf.set("mapred.queue.names", "qu1,qu2");
     //Only user u1 has access
     conf.set("mapred.queue.qu1.acl-submit-job", "u1");
     conf.set("mapred.queue.qu1.acl-administer-jobs", "u1");
     //q2 only group g2 has acls for the queues
     conf.set("mapred.queue.qu2.acl-submit-job", " g2");
     conf.set("mapred.queue.qu2.acl-administer-jobs", " g2");
     queueManager = new QueueManager(conf);

   }

   /**
    *  sets up configuration for acls test.
    * @return
    */
   private void setupConf(boolean aclSwitch) throws IOException,LoginException{
     currentUGI = UnixUserGroupInformation.login();
     String userName = currentUGI.getUserName();
     conf = new JobConf();

     conf.setBoolean("mapred.acls.enabled", aclSwitch);

     conf.set("mapred.queue.names", "qu1,qu2,qu3,qu4,qu5,qu6,qu7");
     //q1 Has acls for all the users, supports both submit and administer
     conf.set("mapred.queue.qu1.acl-submit-job", "*");
     conf.set("mapred.queue.qu1-acl-administer-jobs", "*");
     //q2 only u2 has acls for the queues
     conf.set("mapred.queue.qu2.acl-submit-job", "u2");
     conf.set("mapred.queue.qu2.acl-administer-jobs", "u2");
     //q3  Only u2 has submit operation access rest all have administer access
     conf.set("mapred.queue.qu3.acl-submit-job", "u2");
     conf.set("mapred.queue.qu3.acl-administer-jobs", "*");
     //q4 Only u2 has administer access , anyone can do submit
     conf.set("mapred.queue.qu4.acl-submit-job", "*");
     conf.set("mapred.queue.qu4.acl-administer-jobs", "u2");
     //qu6 only current user has submit access
     conf.set("mapred.queue.qu6.acl-submit-job",userName);
     conf.set("mapred.queue.qu6.acl-administrator-jobs","u2");
     //qu7 only current user has administrator access
     conf.set("mapred.queue.qu7.acl-submit-job","u2");
     conf.set("mapred.queue.qu7.acl-administrator-jobs",userName);
     //qu8 only current group has access
     StringBuilder groupNames = new StringBuilder("");
     String[] ugiGroupNames = currentUGI.getGroupNames();
     int max = ugiGroupNames.length-1;
     for(int j=0;j< ugiGroupNames.length;j++) {
       groupNames.append(ugiGroupNames[j]);
       if(j<max) {
         groupNames.append(",");
       }
     }
     conf.set("mapred.queue.qu5.acl-submit-job"," "+groupNames.toString());
     conf.set("mapred.queue.qu5.acl-administrator-jobs"," "
             +groupNames.toString());

     queueManager = new QueueManager(conf);
   }

   public void testQueueAclsForCurrentuser() throws IOException,LoginException {
     setupConf(true);
     QueueAclsInfo[] queueAclsInfoList =
             queueManager.getQueueAcls(currentUGI);
     checkQueueAclsInfo(queueAclsInfoList);
   }

   public void testQueueAclsForCurrentUserAclsDisabled() throws IOException,
           LoginException {
     setupConf(false);
     //fetch the acls info for current user.
     QueueAclsInfo[] queueAclsInfoList = queueManager.
             getQueueAcls(currentUGI);
     checkQueueAclsInfo(queueAclsInfoList);
   }

   public void testQueueAclsForNoAccess() throws IOException,LoginException {
     setupConfForNoAccess();
     QueueAclsInfo[] queueAclsInfoList = queueManager.
             getQueueAcls(currentUGI);
     assertTrue(queueAclsInfoList.length == 0);
   }

   private void checkQueueAclsInfo(QueueAclsInfo[] queueAclsInfoList)
           throws IOException {
     if (conf.get("mapred.acls.enabled").equalsIgnoreCase("true")) {
       for (int i = 0; i < queueAclsInfoList.length; i++) {
         QueueAclsInfo acls = queueAclsInfoList[i];
         String queueName = acls.getQueueName();
         assertFalse(queueName.contains("qu2"));
         if (queueName.equals("qu1")) {
           assertTrue(acls.getOperations().length == 2);
           assertTrue(checkAll(acls.getOperations()));
         } else if (queueName.equals("qu3")) {
           assertTrue(acls.getOperations().length == 1);
           assertTrue(acls.getOperations()[0].equalsIgnoreCase(adminAcl));
         } else if (queueName.equals("qu4")) {
           assertTrue(acls.getOperations().length == 1);
           assertTrue(acls.getOperations()[0].equalsIgnoreCase(submitAcl));
         } else if (queueName.equals("qu5")) {
           assertTrue(acls.getOperations().length == 2);
           assertTrue(checkAll(acls.getOperations()));
         } else if(queueName.equals("qu6")) {
           assertTrue(acls.getOperations()[0].equals(submitAcl));
         } else if(queueName.equals("qu7")) {
           assertTrue(acls.getOperations()[0].equals(adminAcl));
         }
       }
     } else {
       for (int i = 0; i < queueAclsInfoList.length; i++) {
         QueueAclsInfo acls = queueAclsInfoList[i];
         String queueName = acls.getQueueName();
         assertTrue(acls.getOperations().length == 2);
         assertTrue(checkAll(acls.getOperations()));
       }
     }
   }

   private boolean checkAll(String[] operations){
     boolean submit = false;
     boolean admin = false;

     for(String val: operations){
       if(val.equalsIgnoreCase(submitAcl))
         submit = true;
       else if(val.equalsIgnoreCase(adminAcl))
         admin = true;
     }
     if(submit && admin) return true;
     return false;
   }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.hadoop.mapred;

	import java.io.IOException;
	import javax.security.auth.login.LoginException;
	import junit.framework.TestCase;
	import org.apache.hadoop.security.UnixUserGroupInformation;
	import org.apache.hadoop.security.UserGroupInformation;

	/**
	* Unit test class to test queue acls
	*
	*/
	public class TestQueueAclsForCurrentUser extends TestCase {

	private QueueManager queueManager;
	private JobConf conf = null;
	UserGroupInformation currentUGI = null;
	String submitAcl = Queue.QueueOperation.SUBMIT_JOB.getAclName();
	String adminAcl = Queue.QueueOperation.ADMINISTER_JOBS.getAclName();

	private void setupConfForNoAccess() throws IOException,LoginException {
	currentUGI = UnixUserGroupInformation.login();
	String userName = currentUGI.getUserName();
	conf = new JobConf();

	conf.setBoolean("mapred.acls.enabled",true);

	conf.set("mapred.queue.names", "qu1,qu2");
	//Only user u1 has access
	conf.set("mapred.queue.qu1.acl-submit-job", "u1");
	conf.set("mapred.queue.qu1.acl-administer-jobs", "u1");
	//q2 only group g2 has acls for the queues
	conf.set("mapred.queue.qu2.acl-submit-job", " g2");
	conf.set("mapred.queue.qu2.acl-administer-jobs", " g2");
	queueManager = new QueueManager(conf);

	}

	/**
	* sets up configuration for acls test.
	* @return
	*/
	private void setupConf(boolean aclSwitch) throws IOException,LoginException{
	currentUGI = UnixUserGroupInformation.login();
	String userName = currentUGI.getUserName();
	conf = new JobConf();

	conf.setBoolean("mapred.acls.enabled", aclSwitch);

	conf.set("mapred.queue.names", "qu1,qu2,qu3,qu4,qu5,qu6,qu7");
	//q1 Has acls for all the users, supports both submit and administer
	conf.set("mapred.queue.qu1.acl-submit-job", "*");
	conf.set("mapred.queue.qu1-acl-administer-jobs", "*");
	//q2 only u2 has acls for the queues
	conf.set("mapred.queue.qu2.acl-submit-job", "u2");
	conf.set("mapred.queue.qu2.acl-administer-jobs", "u2");
	//q3 Only u2 has submit operation access rest all have administer access
	conf.set("mapred.queue.qu3.acl-submit-job", "u2");
	conf.set("mapred.queue.qu3.acl-administer-jobs", "*");
	//q4 Only u2 has administer access , anyone can do submit
	conf.set("mapred.queue.qu4.acl-submit-job", "*");
	conf.set("mapred.queue.qu4.acl-administer-jobs", "u2");
	//qu6 only current user has submit access
	conf.set("mapred.queue.qu6.acl-submit-job",userName);
	conf.set("mapred.queue.qu6.acl-administrator-jobs","u2");
	//qu7 only current user has administrator access
	conf.set("mapred.queue.qu7.acl-submit-job","u2");
	conf.set("mapred.queue.qu7.acl-administrator-jobs",userName);
	//qu8 only current group has access
	StringBuilder groupNames = new StringBuilder("");
	String[] ugiGroupNames = currentUGI.getGroupNames();
	int max = ugiGroupNames.length-1;
	for(int j=0;j< ugiGroupNames.length;j++) {
	groupNames.append(ugiGroupNames[j]);
	if(j<max) {
	groupNames.append(",");
	}
	}
	conf.set("mapred.queue.qu5.acl-submit-job"," "+groupNames.toString());
	conf.set("mapred.queue.qu5.acl-administrator-jobs"," "
	+groupNames.toString());

	queueManager = new QueueManager(conf);
	}

	public void testQueueAclsForCurrentuser() throws IOException,LoginException {
	setupConf(true);
	QueueAclsInfo[] queueAclsInfoList =
	queueManager.getQueueAcls(currentUGI);
	checkQueueAclsInfo(queueAclsInfoList);
	}

	public void testQueueAclsForCurrentUserAclsDisabled() throws IOException,
	LoginException {
	setupConf(false);
	//fetch the acls info for current user.
	QueueAclsInfo[] queueAclsInfoList = queueManager.
	getQueueAcls(currentUGI);
	checkQueueAclsInfo(queueAclsInfoList);
	}

	public void testQueueAclsForNoAccess() throws IOException,LoginException {
	setupConfForNoAccess();
	QueueAclsInfo[] queueAclsInfoList = queueManager.
	getQueueAcls(currentUGI);
	assertTrue(queueAclsInfoList.length == 0);
	}

	private void checkQueueAclsInfo(QueueAclsInfo[] queueAclsInfoList)
	throws IOException {
	if (conf.get("mapred.acls.enabled").equalsIgnoreCase("true")) {
	for (int i = 0; i < queueAclsInfoList.length; i++) {
	QueueAclsInfo acls = queueAclsInfoList[i];
	String queueName = acls.getQueueName();
	assertFalse(queueName.contains("qu2"));
	if (queueName.equals("qu1")) {
	assertTrue(acls.getOperations().length == 2);
	assertTrue(checkAll(acls.getOperations()));
	} else if (queueName.equals("qu3")) {
	assertTrue(acls.getOperations().length == 1);
	assertTrue(acls.getOperations()[0].equalsIgnoreCase(adminAcl));
	} else if (queueName.equals("qu4")) {
	assertTrue(acls.getOperations().length == 1);
	assertTrue(acls.getOperations()[0].equalsIgnoreCase(submitAcl));
	} else if (queueName.equals("qu5")) {
	assertTrue(acls.getOperations().length == 2);
	assertTrue(checkAll(acls.getOperations()));
	} else if(queueName.equals("qu6")) {
	assertTrue(acls.getOperations()[0].equals(submitAcl));
	} else if(queueName.equals("qu7")) {
	assertTrue(acls.getOperations()[0].equals(adminAcl));
	}
	}
	} else {
	for (int i = 0; i < queueAclsInfoList.length; i++) {
	QueueAclsInfo acls = queueAclsInfoList[i];
	String queueName = acls.getQueueName();
	assertTrue(acls.getOperations().length == 2);
	assertTrue(checkAll(acls.getOperations()));
	}
	}
	}

	private boolean checkAll(String[] operations){
	boolean submit = false;
	boolean admin = false;

	for(String val: operations){
	if(val.equalsIgnoreCase(submitAcl))
	submit = true;
	else if(val.equalsIgnoreCase(adminAcl))
	admin = true;
	}
	if(submit && admin) return true;
	return false;
	}
	}