Source code

001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.security;
019
020import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getConfigurationWoPrincipal;
021import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getKeytabFileForTesting;
022import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getPrincipalForTesting;
023import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getSecuredConfiguration;
024import static org.junit.Assert.assertFalse;
025import static org.junit.Assert.assertNotNull;
026import static org.junit.Assert.assertTrue;
027
028import java.io.File;
029import java.io.IOException;
030import org.apache.hadoop.conf.Configuration;
031import org.apache.hadoop.hbase.HBaseClassTestRule;
032import org.apache.hadoop.hbase.HBaseTestingUtility;
033import org.apache.hadoop.hbase.testclassification.SecurityTests;
034import org.apache.hadoop.hbase.testclassification.SmallTests;
035import org.apache.hadoop.minikdc.MiniKdc;
036import org.apache.hadoop.security.UserGroupInformation;
037import org.junit.AfterClass;
038import org.junit.BeforeClass;
039import org.junit.ClassRule;
040import org.junit.Test;
041import org.junit.experimental.categories.Category;
042
043@Category({ SecurityTests.class, SmallTests.class })
044public class TestUsersOperationsWithSecureHadoop {
045
046  @ClassRule
047  public static final HBaseClassTestRule CLASS_RULE =
048      HBaseClassTestRule.forClass(TestUsersOperationsWithSecureHadoop.class);
049
050  private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
051  private static final File KEYTAB_FILE = new File(TEST_UTIL.getDataTestDir("keytab").toUri()
052      .getPath());
053
054  private static MiniKdc KDC;
055
056  private static String HOST = "localhost";
057
058  private static String PRINCIPAL;
059
060  @BeforeClass
061  public static void setUp() throws Exception {
062    KDC = TEST_UTIL.setupMiniKdc(KEYTAB_FILE);
063    PRINCIPAL = "hbase/" + HOST;
064    KDC.createPrincipal(KEYTAB_FILE, PRINCIPAL);
065    HBaseKerberosUtils.setPrincipalForTesting(PRINCIPAL + "@" + KDC.getRealm());
066  }
067
068  @AfterClass
069  public static void tearDown() throws IOException {
070    if (KDC != null) {
071      KDC.stop();
072    }
073    TEST_UTIL.cleanupTestDir();
074  }
075
076  /**
077   * test login with security enabled configuration To run this test, we must specify the following
078   * system properties:
079   * <p>
080   * <b> hbase.regionserver.kerberos.principal </b>
081   * <p>
082   * <b> hbase.regionserver.keytab.file </b>
083   * @throws IOException
084   */
085  @Test
086  public void testUserLoginInSecureHadoop() throws Exception {
087    UserGroupInformation defaultLogin = UserGroupInformation.getLoginUser();
088    Configuration conf = getConfigurationWoPrincipal();
089    User.login(conf, HBaseKerberosUtils.KRB_KEYTAB_FILE, HBaseKerberosUtils.KRB_PRINCIPAL,
090      "localhost");
091
092    UserGroupInformation failLogin = UserGroupInformation.getLoginUser();
093    assertTrue("ugi should be the same in case fail login", defaultLogin.equals(failLogin));
094
095    String nnKeyTab = getKeytabFileForTesting();
096    String dnPrincipal = getPrincipalForTesting();
097
098    assertNotNull("KerberosKeytab was not specified", nnKeyTab);
099    assertNotNull("KerberosPrincipal was not specified", dnPrincipal);
100
101    conf = getSecuredConfiguration();
102    UserGroupInformation.setConfiguration(conf);
103
104    User.login(conf, HBaseKerberosUtils.KRB_KEYTAB_FILE, HBaseKerberosUtils.KRB_PRINCIPAL,
105      "localhost");
106    UserGroupInformation successLogin = UserGroupInformation.getLoginUser();
107    assertFalse("ugi should be different in in case success login",
108      defaultLogin.equals(successLogin));
109  }
110}