1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase.security;
20
21 import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getConfigurationWoPrincipal;
22 import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getKeytabFileForTesting;
23 import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getPrincipalForTesting;
24 import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getSecuredConfiguration;
25 import static org.junit.Assert.assertFalse;
26 import static org.junit.Assert.assertNotNull;
27 import static org.junit.Assert.assertTrue;
28
29 import java.io.File;
30 import java.io.IOException;
31 import java.util.Properties;
32
33 import org.apache.hadoop.conf.Configuration;
34 import org.apache.hadoop.hbase.HBaseTestingUtility;
35 import org.apache.hadoop.hbase.testclassification.SmallTests;
36 import org.apache.hadoop.minikdc.MiniKdc;
37 import org.apache.hadoop.security.UserGroupInformation;
38 import org.junit.AfterClass;
39 import org.junit.BeforeClass;
40 import org.junit.Test;
41 import org.junit.experimental.categories.Category;
42
43 @Category(SmallTests.class)
44 public class TestUsersOperationsWithSecureHadoop {
45
46 private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
47 private static final File KEYTAB_FILE = new File(TEST_UTIL.getDataTestDir("keytab").toUri()
48 .getPath());
49
50 private static MiniKdc KDC;
51
52 private static String HOST = "localhost";
53
54 private static String PRINCIPAL;
55
56 @BeforeClass
57 public static void setUp() throws Exception {
58 Properties conf = MiniKdc.createConf();
59 conf.put(MiniKdc.DEBUG, true);
60 KDC = new MiniKdc(conf, new File(TEST_UTIL.getDataTestDir("kdc").toUri().getPath()));
61 KDC.start();
62 PRINCIPAL = "hbase/" + HOST;
63 KDC.createPrincipal(KEYTAB_FILE, PRINCIPAL);
64 HBaseKerberosUtils.setKeytabFileForTesting(KEYTAB_FILE.getAbsolutePath());
65 HBaseKerberosUtils.setPrincipalForTesting(PRINCIPAL + "@" + KDC.getRealm());
66 }
67
68 @AfterClass
69 public static void tearDown() throws IOException {
70 if (KDC != null) {
71 KDC.stop();
72 }
73 TEST_UTIL.cleanupTestDir();
74 }
75
76
77
78
79
80
81
82
83
84
85 @Test
86 public void testUserLoginInSecureHadoop() throws Exception {
87 UserGroupInformation defaultLogin = UserGroupInformation.getLoginUser();
88 Configuration conf = getConfigurationWoPrincipal();
89 User.login(conf, HBaseKerberosUtils.KRB_KEYTAB_FILE, HBaseKerberosUtils.KRB_PRINCIPAL,
90 "localhost");
91
92 UserGroupInformation failLogin = UserGroupInformation.getLoginUser();
93 assertTrue("ugi should be the same in case fail login", defaultLogin.equals(failLogin));
94
95 String nnKeyTab = getKeytabFileForTesting();
96 String dnPrincipal = getPrincipalForTesting();
97
98 assertNotNull("KerberosKeytab was not specified", nnKeyTab);
99 assertNotNull("KerberosPrincipal was not specified", dnPrincipal);
100
101 conf = getSecuredConfiguration();
102 UserGroupInformation.setConfiguration(conf);
103
104 User.login(conf, HBaseKerberosUtils.KRB_KEYTAB_FILE, HBaseKerberosUtils.KRB_PRINCIPAL,
105 "localhost");
106 UserGroupInformation successLogin = UserGroupInformation.getLoginUser();
107 assertFalse("ugi should be different in in case success login",
108 defaultLogin.equals(successLogin));
109 }
110 }