Google Git
Sign in
apache / impala / f9a52ca0e0cdfd7c23a36273b557c6385827b71b / . / be / src / testutil / mini-kdc-wrapper.cc
blob: 11c4d6441f5a76e57068406797066159e4dce616 [file] [log] [blame]
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
#include "testutil/mini-kdc-wrapper.h"
#include <string>
#include "common/names.h"
#include "exec/kudu-util.h"
#include "gutil/strings/substitute.h"
#include "kudu/util/env.h"
#include "rpc/auth-provider.h"
#include "util/filesystem-util.h"
using namespace impala;
namespace filesystem = boost::filesystem;
using filesystem::path;
DECLARE_string(keytab_file);
DECLARE_string(krb5_conf);
DECLARE_string(krb5_ccname);
Status MiniKdcWrapper::StartKdc(string keytab_dir) {
kudu::MiniKdcOptions options;
options.realm = realm_;
options.data_root = move(keytab_dir);
options.ticket_lifetime = ticket_lifetime_;
options.renew_lifetime = renew_lifetime_;
options.port = kdc_port_;
DCHECK(kdc_.get() == nullptr);
kdc_.reset(new kudu::MiniKdc(options));
DCHECK(kdc_.get() != nullptr);
KUDU_RETURN_IF_ERROR(kdc_->Start(), "Failed to start KDC.");
KUDU_RETURN_IF_ERROR(kdc_->SetKrb5Environment(), "Failed to set Kerberos environment.");
return Status::OK();
}
Status MiniKdcWrapper::StopKdc() {
KUDU_RETURN_IF_ERROR(kdc_->Stop(), "Failed to stop KDC.");
return Status::OK();
}
Status MiniKdcWrapper::Kinit(const string& username) {
KUDU_RETURN_IF_ERROR(kdc_->Kinit(username), "Failed to kinit.");
return Status::OK();
}
Status MiniKdcWrapper::CreateUserPrincipal(const string& username) {
KUDU_RETURN_IF_ERROR(kdc_->CreateUserPrincipal(username),
"Failed to create user principal.");
return Status::OK();
}
Status MiniKdcWrapper::CreateServiceKeytab(const string& spn, string* kt_path) {
KUDU_RETURN_IF_ERROR(kdc_->CreateServiceKeytab(spn, kt_path),
"Failed to create service keytab.");
return Status::OK();
}
Status MiniKdcWrapper::SetupAndStartMiniKDC(string realm,
string ticket_lifetime, string renew_lifetime,
int kdc_port, unique_ptr<MiniKdcWrapper>* kdc_ptr) {
unique_ptr<MiniKdcWrapper> kdc(new MiniKdcWrapper(
move(realm), move(ticket_lifetime), move(renew_lifetime), kdc_port));
DCHECK(kdc.get() != nullptr);
// Enable the workaround for MIT krb5 1.10 bugs from krb5_realm_override.cc.
setenv("KUDU_ENABLE_KRB5_REALM_FIX", "true", 0);
// Check if the unique directory already exists, and create it if it doesn't.
RETURN_IF_ERROR(
FileSystemUtil::RemoveAndCreateDirectory(kdc->unique_test_dir_.string()));
string keytab_dir = kdc->unique_test_dir_.string() + "/krb5kdc";
RETURN_IF_ERROR(kdc->StartKdc(keytab_dir));
// Set the appropriate flags based on how we've set up the kerberos environment.
FLAGS_krb5_conf = strings::Substitute("$0/$1", keytab_dir, "krb5.conf");
*kdc_ptr = std::move(kdc);
return Status::OK();
}
Status MiniKdcWrapper::TearDownMiniKDC() {
RETURN_IF_ERROR(StopKdc());
// Clear the flags so we don't step on other tests that may run in the same process.
FLAGS_krb5_conf.clear();
// Remove test directory.
RETURN_IF_ERROR(FileSystemUtil::RemovePaths({unique_test_dir_.string()}));
return Status::OK();
}