big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

YARN-9299. TestTimelineReaderWhitelistAuthorizationFilter ignores Http Errors. Contributed by Prabhu Joseph.

Browse Source
This commit is contained in:
Rohith Sharma K S 2019-03-20 21:24:31 +05:30
parent 0d24684eee
commit b3b0e332e6
1 changed files with 46 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWhitelistAuthorizationFilter.java
View File

@ -21,6 +21,8 @@
import static org.mockito.ArgumentMatchers.eq; import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.mock; import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import java.io.IOException; import java.io.IOException;
import java.security.Principal; import java.security.Principal;
@ -93,15 +95,19 @@ public void checkFilterAllowedUser() throws ServletException, IOException {
FilterConfig fc = new DummyFilterConfig(map); FilterConfig fc = new DummyFilterConfig(map);
f.init(fc); f.init(fc);
HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class); HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class);
String userName = "user1";
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() { Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
@Override @Override
public String getName() { public String getName() {
return "user1"; return userName;
} }
}); });
HttpServletResponse r = Mockito.mock(HttpServletResponse.class); HttpServletResponse r = Mockito.mock(HttpServletResponse.class);
f.doFilter(mockHsr, r, null); f.doFilter(mockHsr, r, null);
String msg = "User " + userName
+ " is not allowed to read TimelineService V2 data.";
verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
} }
@Test @Test
@ -143,15 +149,16 @@ public void checkFilterAllowedUserGroup()
FilterConfig fc = new DummyFilterConfig(map); FilterConfig fc = new DummyFilterConfig(map);
f.init(fc); f.init(fc);
HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class); HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class);
String userName = "user1";
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() { Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
@Override @Override
public String getName() { public String getName() {
return "user1"; return userName;
} }
}); });
HttpServletResponse r = Mockito.mock(HttpServletResponse.class); HttpServletResponse r = Mockito.mock(HttpServletResponse.class);
UserGroupInformation user1 = UserGroupInformation user1 =
UserGroupInformation.createUserForTesting("user1", GROUP_NAMES); UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
user1.doAs(new PrivilegedExceptionAction<Object>() { user1.doAs(new PrivilegedExceptionAction<Object>() {
@Override @Override
public Object run() throws Exception { public Object run() throws Exception {
@ -159,6 +166,9 @@ public Object run() throws Exception {
return null; return null;
} }
}); });
String msg = "User " + userName
+ " is not allowed to read TimelineService V2 data.";
verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
} }
@Test @Test
@ -210,15 +220,16 @@ public void checkFilterAllowAdmins()
FilterConfig fc = new DummyFilterConfig(map); FilterConfig fc = new DummyFilterConfig(map);
f.init(fc); f.init(fc);
HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class); HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class);
String userName = "user90";
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() { Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
@Override @Override
public String getName() { public String getName() {
return "user90"; return userName;
} }
}); });
HttpServletResponse r = Mockito.mock(HttpServletResponse.class); HttpServletResponse r = Mockito.mock(HttpServletResponse.class);
UserGroupInformation user1 = UserGroupInformation user1 =
UserGroupInformation.createUserForTesting("user90", GROUP_NAMES); UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
user1.doAs(new PrivilegedExceptionAction<Object>() { user1.doAs(new PrivilegedExceptionAction<Object>() {
@Override @Override
public Object run() throws Exception { public Object run() throws Exception {
@ -226,6 +237,9 @@ public Object run() throws Exception {
return null; return null;
} }
}); });
String msg = "User " + userName
+ " is not allowed to read TimelineService V2 data.";
verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
} }
@Test @Test
@ -240,15 +254,16 @@ public void checkFilterAllowAdminsWhenNoUsersSet()
FilterConfig fc = new DummyFilterConfig(map); FilterConfig fc = new DummyFilterConfig(map);
f.init(fc); f.init(fc);
HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class); HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class);
String userName = "user90";
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() { Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
@Override @Override
public String getName() { public String getName() {
return "user90"; return userName;
} }
}); });
HttpServletResponse r = Mockito.mock(HttpServletResponse.class); HttpServletResponse r = Mockito.mock(HttpServletResponse.class);
UserGroupInformation user1 = UserGroupInformation user1 =
UserGroupInformation.createUserForTesting("user90", GROUP_NAMES); UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
user1.doAs(new PrivilegedExceptionAction<Object>() { user1.doAs(new PrivilegedExceptionAction<Object>() {
@Override @Override
public Object run() throws Exception { public Object run() throws Exception {
@ -256,6 +271,9 @@ public Object run() throws Exception {
return null; return null;
} }
}); });
String msg = "User " + userName
+ " is not allowed to read TimelineService V2 data.";
verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
} }
@Test @Test
@ -303,15 +321,16 @@ public void checkFilterReadAuthDisabledNoAclSettings()
FilterConfig fc = new DummyFilterConfig(map); FilterConfig fc = new DummyFilterConfig(map);
f.init(fc); f.init(fc);
HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class); HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class);
String userName = "user437";
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() { Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
@Override @Override
public String getName() { public String getName() {
return "user437"; return userName;
} }
}); });
HttpServletResponse r = Mockito.mock(HttpServletResponse.class); HttpServletResponse r = Mockito.mock(HttpServletResponse.class);
UserGroupInformation user1 = UserGroupInformation user1 =
UserGroupInformation.createUserForTesting("user437", GROUP_NAMES); UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
user1.doAs(new PrivilegedExceptionAction<Object>() { user1.doAs(new PrivilegedExceptionAction<Object>() {
@Override @Override
public Object run() throws Exception { public Object run() throws Exception {
@ -319,6 +338,9 @@ public Object run() throws Exception {
return null; return null;
} }
}); });
String msg = "User " + userName
+ " is not allowed to read TimelineService V2 data.";
verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
} }
@Test @Test
@ -336,6 +358,7 @@ public void checkFilterReadAuthDisabledButAclSettingsPopulated()
f.init(fc); f.init(fc);
HttpServletRequest mockHsr = mock(HttpServletRequest.class); HttpServletRequest mockHsr = mock(HttpServletRequest.class);
String userName = "user37";
when(mockHsr.getUserPrincipal()).thenReturn(new Principal() { when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
@Override @Override
public String getName() { public String getName() {
@ -348,7 +371,7 @@ public String getName() {
// both username and group name are not part of admin and // both username and group name are not part of admin and
// read allowed users // read allowed users
// but read auth is turned off // but read auth is turned off
UserGroupInformation.createUserForTesting("user37", GROUP_NAMES); UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
user1.doAs(new PrivilegedExceptionAction<Object>() { user1.doAs(new PrivilegedExceptionAction<Object>() {
@Override @Override
public Object run() throws Exception { public Object run() throws Exception {
@ -356,8 +379,12 @@ public Object run() throws Exception {
return null; return null;
} }
}); });
String msg = "User " + userName
+ " is not allowed to read TimelineService V2 data.";
verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
// test with username in read allowed users // test with username in read allowed users
userName = "user27";
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() { Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
@Override @Override
public String getName() { public String getName() {
@ -366,7 +393,7 @@ public String getName() {
}); });
HttpServletResponse r2 = Mockito.mock(HttpServletResponse.class); HttpServletResponse r2 = Mockito.mock(HttpServletResponse.class);
UserGroupInformation user2 = UserGroupInformation user2 =
UserGroupInformation.createUserForTesting("user27", GROUP_NAMES); UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
user2.doAs(new PrivilegedExceptionAction<Object>() { user2.doAs(new PrivilegedExceptionAction<Object>() {
@Override @Override
public Object run() throws Exception { public Object run() throws Exception {
@ -374,8 +401,12 @@ public Object run() throws Exception {
return null; return null;
} }
}); });
msg = "User " + userName
+ " is not allowed to read TimelineService V2 data.";
verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
// test with username in admin users // test with username in admin users
userName = "user2";
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() { Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
@Override @Override
public String getName() { public String getName() {
@ -384,7 +415,7 @@ public String getName() {
}); });
HttpServletResponse r3 = Mockito.mock(HttpServletResponse.class); HttpServletResponse r3 = Mockito.mock(HttpServletResponse.class);
UserGroupInformation user3 = UserGroupInformation user3 =
UserGroupInformation.createUserForTesting("user2", GROUP_NAMES); UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
user3.doAs(new PrivilegedExceptionAction<Object>() { user3.doAs(new PrivilegedExceptionAction<Object>() {
@Override @Override
public Object run() throws Exception { public Object run() throws Exception {
@ -392,5 +423,8 @@ public Object run() throws Exception {
return null; return null;
} }
}); });
msg = "User " + userName
+ " is not allowed to read TimelineService V2 data.";
verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
} }
} }