View Javadoc

1   /*
2    *
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *     http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing, software
14   * distributed under the License is distributed on an "AS IS" BASIS,
15   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16   * See the License for the specific language governing permissions and
17   * limitations under the License.
18   */
19  package org.apache.hadoop.hbase.security;
20  
21  import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getConfigurationWoPrincipal;
22  import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getKeytabFileForTesting;
23  import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getPrincipalForTesting;
24  import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getSecuredConfiguration;
25  import static org.junit.Assert.assertFalse;
26  import static org.junit.Assert.assertNotNull;
27  import static org.junit.Assert.assertTrue;
28  
29  import java.io.File;
30  import java.io.IOException;
31  import java.util.Properties;
32  
33  import org.apache.hadoop.conf.Configuration;
34  import org.apache.hadoop.hbase.HBaseTestingUtility;
35  import org.apache.hadoop.hbase.testclassification.SmallTests;
36  import org.apache.hadoop.minikdc.MiniKdc;
37  import org.apache.hadoop.security.UserGroupInformation;
38  import org.junit.AfterClass;
39  import org.junit.BeforeClass;
40  import org.junit.Test;
41  import org.junit.experimental.categories.Category;
42  
43  @Category(SmallTests.class)
44  public class TestUsersOperationsWithSecureHadoop {
45  
46    private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
47    private static final File KEYTAB_FILE = new File(TEST_UTIL.getDataTestDir("keytab").toUri()
48        .getPath());
49  
50    private static MiniKdc KDC;
51  
52    private static String HOST = "localhost";
53  
54    private static String PRINCIPAL;
55  
56    @BeforeClass
57    public static void setUp() throws Exception {
58      Properties conf = MiniKdc.createConf();
59      conf.put(MiniKdc.DEBUG, true);
60      KDC = new MiniKdc(conf, new File(TEST_UTIL.getDataTestDir("kdc").toUri().getPath()));
61      KDC.start();
62      PRINCIPAL = "hbase/" + HOST;
63      KDC.createPrincipal(KEYTAB_FILE, PRINCIPAL);
64      HBaseKerberosUtils.setKeytabFileForTesting(KEYTAB_FILE.getAbsolutePath());
65      HBaseKerberosUtils.setPrincipalForTesting(PRINCIPAL + "@" + KDC.getRealm());
66    }
67  
68    @AfterClass
69    public static void tearDown() throws IOException {
70      if (KDC != null) {
71        KDC.stop();
72      }
73      TEST_UTIL.cleanupTestDir();
74    }
75  
76    /**
77     * test login with security enabled configuration To run this test, we must specify the following
78     * system properties:
79     * <p>
80     * <b> hbase.regionserver.kerberos.principal </b>
81     * <p>
82     * <b> hbase.regionserver.keytab.file </b>
83     * @throws IOException
84     */
85    @Test
86    public void testUserLoginInSecureHadoop() throws Exception {
87      UserGroupInformation defaultLogin = UserGroupInformation.getLoginUser();
88      Configuration conf = getConfigurationWoPrincipal();
89      User.login(conf, HBaseKerberosUtils.KRB_KEYTAB_FILE, HBaseKerberosUtils.KRB_PRINCIPAL,
90        "localhost");
91  
92      UserGroupInformation failLogin = UserGroupInformation.getLoginUser();
93      assertTrue("ugi should be the same in case fail login", defaultLogin.equals(failLogin));
94  
95      String nnKeyTab = getKeytabFileForTesting();
96      String dnPrincipal = getPrincipalForTesting();
97  
98      assertNotNull("KerberosKeytab was not specified", nnKeyTab);
99      assertNotNull("KerberosPrincipal was not specified", dnPrincipal);
100 
101     conf = getSecuredConfiguration();
102     UserGroupInformation.setConfiguration(conf);
103 
104     User.login(conf, HBaseKerberosUtils.KRB_KEYTAB_FILE, HBaseKerberosUtils.KRB_PRINCIPAL,
105       "localhost");
106     UserGroupInformation successLogin = UserGroupInformation.getLoginUser();
107     assertFalse("ugi should be different in in case success login",
108       defaultLogin.equals(successLogin));
109   }
110 }