From e24a6b550ea5354dd3afcab294b9e33af32e631c Mon Sep 17 00:00:00 2001 From: Jim Brennan Date: Thu, 19 Nov 2020 21:26:47 +0000 Subject: [PATCH] HADOOP-17367. Add InetAddress api to ProxyUsers.authorize (#2449). Contributed by Daryn Sharp and Ahmed Hussein --- hadoop-common-project/hadoop-common/pom.xml | 1 - .../DefaultImpersonationProvider.java | 5 +- .../authorize/ImpersonationProvider.java | 26 +++- .../hadoop/security/authorize/ProxyUsers.java | 41 ++++-- .../org/apache/hadoop/util/MachineList.java | 128 ++++++++---------- .../security/authorize/TestProxyUsers.java | 29 +++- .../apache/hadoop/util/TestMachineList.java | 117 ++++++++-------- .../AllowAllImpersonationProvider.java | 4 +- .../TestWorkloadGenerator.java | 3 +- 9 files changed, 205 insertions(+), 149 deletions(-) diff --git a/hadoop-common-project/hadoop-common/pom.xml b/hadoop-common-project/hadoop-common/pom.xml index 6cab2db8ac..8daf5573e2 100644 --- a/hadoop-common-project/hadoop-common/pom.xml +++ b/hadoop-common-project/hadoop-common/pom.xml @@ -37,7 +37,6 @@ wsce-site.xml - org.apache.hadoop.thirdparty diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java index b766d5c37f..f645359bd0 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java @@ -18,6 +18,7 @@ package org.apache.hadoop.security.authorize; +import java.net.InetAddress; import java.util.Collection; import java.util.HashMap; import java.util.Map; @@ -105,8 +106,8 @@ public Configuration getConf() { } @Override - public void authorize(UserGroupInformation user, - String remoteAddress) throws AuthorizationException { + public void authorize(UserGroupInformation user, + InetAddress remoteAddress) throws AuthorizationException { if (user == null) { throw new IllegalArgumentException("user is null."); diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ImpersonationProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ImpersonationProvider.java index 8b483f0336..eff77d8942 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ImpersonationProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ImpersonationProvider.java @@ -18,6 +18,9 @@ package org.apache.hadoop.security.authorize; +import java.net.InetAddress; +import java.net.UnknownHostException; + import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configurable; @@ -38,12 +41,29 @@ public interface ImpersonationProvider extends Configurable { public void init(String configurationPrefix); /** - * Authorize the superuser which is doing doAs - * + * Authorize the superuser which is doing doAs. + * {@link #authorize(UserGroupInformation, InetAddress)} should + * be preferred to avoid possibly re-resolving the ip address. + * @param user ugi of the effective or proxy user which contains a real user. + * @param remoteAddress the ip address of client. + * @throws AuthorizationException + */ + default void authorize(UserGroupInformation user, String remoteAddress) + throws AuthorizationException { + try { + authorize(user, InetAddress.getByName(remoteAddress)); + } catch (UnknownHostException e) { + throw new AuthorizationException(e); + } + } + + /** + * Authorize the superuser which is doing doAs. + * * @param user ugi of the effective or proxy user which contains a real user * @param remoteAddress the ip address of client * @throws AuthorizationException */ - public void authorize(UserGroupInformation user, String remoteAddress) + void authorize(UserGroupInformation user, InetAddress remoteAddress) throws AuthorizationException; } \ No newline at end of file diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java index 97a7f080fb..6829a2aebc 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java @@ -18,6 +18,8 @@ package org.apache.hadoop.security.authorize; +import java.net.InetAddress; + import com.google.common.base.Preconditions; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; @@ -86,22 +88,41 @@ public static void refreshSuperUserGroupsConfiguration(Configuration conf) { } /** - * Authorize the superuser which is doing doAs - * + * Authorize the superuser which is doing doAs. + * {@link #authorize(UserGroupInformation, InetAddress)} should be preferred + * to avoid possibly re-resolving the ip address. + * * @param user ugi of the effective or proxy user which contains a real user * @param remoteAddress the ip address of client * @throws AuthorizationException */ public static void authorize(UserGroupInformation user, String remoteAddress) throws AuthorizationException { - if (sip==null) { - // In a race situation, It is possible for multiple threads to satisfy this condition. - // The last assignment will prevail. - refreshSuperUserGroupsConfiguration(); - } - sip.authorize(user, remoteAddress); + getSip().authorize(user, remoteAddress); } - + + /** + * Authorize the superuser which is doing doAs. + * + * @param user ugi of the effective or proxy user which contains a real user + * @param remoteAddress the inet address of client + * @throws AuthorizationException + */ + public static void authorize(UserGroupInformation user, + InetAddress remoteAddress) throws AuthorizationException { + getSip().authorize(user, remoteAddress); + } + + private static ImpersonationProvider getSip() { + if (sip == null) { + // In a race situation, It is possible for multiple threads to satisfy + // this condition. + // The last assignment will prevail. + refreshSuperUserGroupsConfiguration(); + } + return sip; + } + /** * This function is kept to provide backward compatibility. * @param user @@ -118,7 +139,7 @@ public static void authorize(UserGroupInformation user, @VisibleForTesting public static DefaultImpersonationProvider getDefaultImpersonationProvider() { - return ((DefaultImpersonationProvider)sip); + return ((DefaultImpersonationProvider) getSip()); } } diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/MachineList.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/MachineList.java index 20931deb0e..3d12b40e42 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/MachineList.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/MachineList.java @@ -21,6 +21,7 @@ import java.net.UnknownHostException; import java.util.ArrayList; import java.util.Collection; +import java.util.Collections; import java.util.HashSet; import java.util.LinkedList; import java.util.List; @@ -29,7 +30,6 @@ import org.apache.commons.net.util.SubnetUtils; import com.google.common.annotations.VisibleForTesting; -import com.google.common.net.InetAddresses; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -61,9 +61,9 @@ public InetAddress getByName (String host) throws UnknownHostException { } private final boolean all; - private final Set ipAddresses; + private final Set inetAddresses; + private final Collection entries; private final List cidrAddresses; - private final Set hostNames; private final InetAddressFactory addressFactory; /** @@ -71,7 +71,11 @@ public InetAddress getByName (String host) throws UnknownHostException { * @param hostEntries comma separated ip/cidr/host addresses */ public MachineList(String hostEntries) { - this(StringUtils.getTrimmedStringCollection(hostEntries)); + this(hostEntries, InetAddressFactory.S_INSTANCE); + } + + public MachineList(String hostEntries, InetAddressFactory addressFactory) { + this(StringUtils.getTrimmedStringCollection(hostEntries), addressFactory); } /** @@ -88,19 +92,19 @@ public MachineList(Collection hostEntries) { * @param hostEntries * @param addressFactory addressFactory to convert host to InetAddress */ - public MachineList(Collection hostEntries, InetAddressFactory addressFactory) { + public MachineList(Collection hostEntries, + InetAddressFactory addressFactory) { this.addressFactory = addressFactory; if (hostEntries != null) { + entries = new ArrayList<>(hostEntries); if ((hostEntries.size() == 1) && (hostEntries.contains(WILDCARD_VALUE))) { - all = true; - ipAddresses = null; - hostNames = null; + all = true; + inetAddresses = null; cidrAddresses = null; } else { all = false; - Set ips = new HashSet(); + Set addrs = new HashSet<>(); List cidrs = new LinkedList(); - Set hosts = new HashSet(); for (String hostEntry : hostEntries) { //ip address range if (hostEntry.indexOf("/") > -1) { @@ -112,25 +116,29 @@ public MachineList(Collection hostEntries, InetAddressFactory addressFac LOG.warn("Invalid CIDR syntax : " + hostEntry); throw e; } - } else if (InetAddresses.isInetAddress(hostEntry)) { //ip address - ips.add(hostEntry); - } else { //hostname - hosts.add(hostEntry); + } else { + try { + addrs.add(addressFactory.getByName(hostEntry)); + } catch (UnknownHostException e) { + LOG.warn(e.toString()); + } } } - ipAddresses = (ips.size() > 0) ? ips : null; + inetAddresses = (addrs.size() > 0) ? addrs : null; cidrAddresses = (cidrs.size() > 0) ? cidrs : null; - hostNames = (hosts.size() > 0) ? hosts : null; } } else { - all = false; - ipAddresses = null; - hostNames = null; - cidrAddresses = null; + all = false; + inetAddresses = null; + cidrAddresses = null; + entries = Collections.emptyList(); } } /** - * Accepts an ip address and return true if ipAddress is in the list + * Accepts an ip address and return true if ipAddress is in the list. + * {@link #includes(InetAddress)} should be preferred + * to avoid possibly re-resolving the ip address. + * * @param ipAddress * @return true if ipAddress is part of the list */ @@ -144,71 +152,47 @@ public boolean includes(String ipAddress) { throw new IllegalArgumentException("ipAddress is null."); } - //check in the set of ipAddresses - if ((ipAddresses != null) && ipAddresses.contains(ipAddress)) { + try { + return includes(addressFactory.getByName(ipAddress)); + } catch (UnknownHostException e) { + return false; + } + } + + /** + * Accepts an inet address and return true if address is in the list. + * @param address + * @return true if address is part of the list + */ + public boolean includes(InetAddress address) { + if (all) { return true; } - - //iterate through the ip ranges for inclusion + if (address == null) { + throw new IllegalArgumentException("address is null."); + } + if (inetAddresses != null && inetAddresses.contains(address)) { + return true; + } + // iterate through the ip ranges for inclusion if (cidrAddresses != null) { + String ipAddress = address.getHostAddress(); for(SubnetUtils.SubnetInfo cidrAddress : cidrAddresses) { if(cidrAddress.isInRange(ipAddress)) { return true; } } } - - //check if the ipAddress matches one of hostnames - if (hostNames != null) { - //convert given ipAddress to hostname and look for a match - InetAddress hostAddr; - try { - hostAddr = addressFactory.getByName(ipAddress); - if ((hostAddr != null) && hostNames.contains(hostAddr.getCanonicalHostName())) { - return true; - } - } catch (UnknownHostException e) { - //ignore the exception and proceed to resolve the list of hosts - } - - //loop through host addresses and convert them to ip and look for a match - for (String host : hostNames) { - try { - hostAddr = addressFactory.getByName(host); - } catch (UnknownHostException e) { - continue; - } - if (hostAddr.getHostAddress().equals(ipAddress)) { - return true; - } - } - } return false; } - /** - * returns the contents of the MachineList as a Collection<String> - * This can be used for testing - * @return contents of the MachineList + * returns the contents of the MachineList as a Collection<String> . + * This can be used for testing . + * + * @return contents of the MachineList. */ @VisibleForTesting public Collection getCollection() { - Collection list = new ArrayList(); - if (all) { - list.add("*"); - } else { - if (ipAddresses != null) { - list.addAll(ipAddresses); - } - if (hostNames != null) { - list.addAll(hostNames); - } - if (cidrAddresses != null) { - for(SubnetUtils.SubnetInfo cidrAddress : cidrAddresses) { - list.add(cidrAddress.getCidrSignature()); - } - } - } - return list; + return entries; } } diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java index 9061fe752c..ab9de2d308 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java @@ -21,6 +21,8 @@ import static org.junit.Assert.fail; import java.io.IOException; +import java.net.InetAddress; +import java.net.UnknownHostException; import java.security.SecureRandom; import java.util.Arrays; import java.util.Collection; @@ -370,7 +372,7 @@ public void testNullIpAddress() throws Exception { PROXY_USER_NAME, realUserUgi, GROUP_NAMES); // remote address is null - ProxyUsers.authorize(proxyUserUgi, null); + ProxyUsers.authorize(proxyUserUgi, (InetAddress) null); } @Test @@ -533,9 +535,21 @@ public void testNoHostsForUsers() throws Exception { assertNotAuthorized(proxyUserUgi, "1.2.3.4"); } + private static InetAddress toFakeAddress(String ip) { + try { + InetAddress addr = InetAddress.getByName(ip); + return InetAddress.getByAddress(ip.replace('.', '-'), + addr.getAddress()); + } catch (UnknownHostException e) { + throw new IllegalArgumentException(e); + } + } + private void assertNotAuthorized(UserGroupInformation proxyUgi, String host) { try { + // test both APIs. ProxyUsers.authorize(proxyUgi, host); + ProxyUsers.authorize(proxyUgi, toFakeAddress(host)); fail("Allowed authorization of " + proxyUgi + " from " + host); } catch (AuthorizationException e) { // Expected @@ -544,7 +558,9 @@ private void assertNotAuthorized(UserGroupInformation proxyUgi, String host) { private void assertAuthorized(UserGroupInformation proxyUgi, String host) { try { + // test both APIs. ProxyUsers.authorize(proxyUgi, host); + ProxyUsers.authorize(proxyUgi, toFakeAddress(host)); } catch (AuthorizationException e) { fail("Did not allow authorization of " + proxyUgi + " from " + host); } @@ -560,9 +576,9 @@ public void init(String configurationPrefix) { * Authorize a user (superuser) to impersonate another user (user1) if the * superuser belongs to the group "sudo_user1" . */ - - public void authorize(UserGroupInformation user, - String remoteAddress) throws AuthorizationException{ + @Override + public void authorize(UserGroupInformation user, + InetAddress remoteAddress) throws AuthorizationException{ UserGroupInformation superUser = user.getRealUser(); String sudoGroupName = "sudo_" + user.getShortUserName(); @@ -572,6 +588,7 @@ public void authorize(UserGroupInformation user, } } + @Override public void setConf(Configuration conf) { @@ -597,7 +614,6 @@ public static void loadTest(String ipString, int testRange) { ); ProxyUsers.refreshSuperUserGroupsConfiguration(conf); - // First try proxying a group that's allowed UserGroupInformation realUserUgi = UserGroupInformation .createRemoteUser(REAL_USER_NAME); @@ -608,7 +624,8 @@ public static void loadTest(String ipString, int testRange) { SecureRandom sr = new SecureRandom(); for (int i=1; i < 1000000; i++){ try { - ProxyUsers.authorize(proxyUserUgi, "1.2.3."+ sr.nextInt(testRange)); + ProxyUsers.authorize(proxyUserUgi, + toFakeAddress("1.2.3."+ sr.nextInt(testRange))); } catch (AuthorizationException e) { } } diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestMachineList.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestMachineList.java index d721c29530..3cce91f92a 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestMachineList.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestMachineList.java @@ -25,9 +25,11 @@ import java.net.InetAddress; import java.net.UnknownHostException; import java.util.Collection; +import java.util.HashMap; +import java.util.Map; +import com.google.common.net.InetAddresses;; import org.junit.Test; -import org.mockito.Mockito; public class TestMachineList { private static String IP_LIST = "10.119.103.110,10.119.103.112,10.119.103.114"; @@ -43,10 +45,40 @@ public class TestMachineList { private static String HOSTNAME_IP_CIDR_LIST = "host1,10.222.0.0/16,10.119.103.110,10.119.103.112,10.119.103.114,10.241.23.0/24,host4,"; + class TestAddressFactory extends MachineList.InetAddressFactory { + private Map cache = new HashMap<>(); + InetAddress put(String ip) throws UnknownHostException { + return put(ip, ip); + } + InetAddress put(String ip, String... hosts) throws UnknownHostException { + InetAddress addr = InetAddress.getByName(ip); + for (String host : hosts) { + addr = InetAddress.getByAddress(host, addr.getAddress()); + cache.put(host, addr); + // last host wins the PTR lookup. + cache.put(ip, addr); + } + return addr; + } + @Override + public InetAddress getByName(String host) throws UnknownHostException { + InetAddress addr = cache.get(host); + if (addr == null) { + if (!InetAddresses.isInetAddress(host)) { + throw new UnknownHostException(host); + } + // ip resolves to itself to fake being unresolvable. + addr = InetAddress.getByName(host); + addr = InetAddress.getByAddress(host, addr.getAddress()); + } + return addr; + } + } + @Test public void testWildCard() { //create MachineList with a list of of IPs - MachineList ml = new MachineList("*"); + MachineList ml = new MachineList("*", new TestAddressFactory()); //test for inclusion with any IP assertTrue(ml.includes("10.119.103.112")); @@ -56,7 +88,7 @@ public void testWildCard() { @Test public void testIPList() { //create MachineList with a list of of IPs - MachineList ml = new MachineList(IP_LIST); + MachineList ml = new MachineList(IP_LIST, new TestAddressFactory()); //test for inclusion with an known IP assertTrue(ml.includes("10.119.103.112")); @@ -68,7 +100,7 @@ public void testIPList() { @Test public void testIPListSpaces() { //create MachineList with a ip string which has duplicate ip and spaces - MachineList ml = new MachineList(IP_LIST_SPACES); + MachineList ml = new MachineList(IP_LIST_SPACES, new TestAddressFactory()); //test for inclusion with an known IP assertTrue(ml.includes("10.119.103.112")); @@ -79,42 +111,28 @@ public void testIPListSpaces() { @Test public void testStaticIPHostNameList()throws UnknownHostException { - //create MachineList with a list of of Hostnames - InetAddress addressHost1 = InetAddress.getByName("1.2.3.1"); - InetAddress addressHost4 = InetAddress.getByName("1.2.3.4"); - - MachineList.InetAddressFactory addressFactory = - Mockito.mock(MachineList.InetAddressFactory.class); - Mockito.when(addressFactory.getByName("host1")).thenReturn(addressHost1); - Mockito.when(addressFactory.getByName("host4")).thenReturn(addressHost4); + // create MachineList with a list of of Hostnames + TestAddressFactory addressFactory = new TestAddressFactory(); + addressFactory.put("1.2.3.1", "host1"); + addressFactory.put("1.2.3.4", "host4"); MachineList ml = new MachineList( StringUtils.getTrimmedStringCollection(HOST_LIST), addressFactory); - //test for inclusion with an known IP + // test for inclusion with an known IP assertTrue(ml.includes("1.2.3.4")); - //test for exclusion with an unknown IP + // test for exclusion with an unknown IP assertFalse(ml.includes("1.2.3.5")); } @Test public void testHostNames() throws UnknownHostException { - //create MachineList with a list of of Hostnames - InetAddress addressHost1 = InetAddress.getByName("1.2.3.1"); - InetAddress addressHost4 = InetAddress.getByName("1.2.3.4"); - InetAddress addressMockHost4 = Mockito.mock(InetAddress.class); - Mockito.when(addressMockHost4.getCanonicalHostName()).thenReturn("differentName"); - - InetAddress addressMockHost5 = Mockito.mock(InetAddress.class); - Mockito.when(addressMockHost5.getCanonicalHostName()).thenReturn("host5"); - - MachineList.InetAddressFactory addressFactory = - Mockito.mock(MachineList.InetAddressFactory.class); - Mockito.when(addressFactory.getByName("1.2.3.4")).thenReturn(addressMockHost4); - Mockito.when(addressFactory.getByName("1.2.3.5")).thenReturn(addressMockHost5); - Mockito.when(addressFactory.getByName("host1")).thenReturn(addressHost1); - Mockito.when(addressFactory.getByName("host4")).thenReturn(addressHost4); + // create MachineList with a list of of Hostnames + TestAddressFactory addressFactory = new TestAddressFactory(); + addressFactory.put("1.2.3.1", "host1"); + addressFactory.put("1.2.3.4", "host4", "differentname"); + addressFactory.put("1.2.3.5", "host5"); MachineList ml = new MachineList( StringUtils.getTrimmedStringCollection(HOST_LIST), addressFactory ); @@ -128,21 +146,11 @@ public void testHostNames() throws UnknownHostException { @Test public void testHostNamesReverserIpMatch() throws UnknownHostException { - //create MachineList with a list of of Hostnames - InetAddress addressHost1 = InetAddress.getByName("1.2.3.1"); - InetAddress addressHost4 = InetAddress.getByName("1.2.3.4"); - InetAddress addressMockHost4 = Mockito.mock(InetAddress.class); - Mockito.when(addressMockHost4.getCanonicalHostName()).thenReturn("host4"); - - InetAddress addressMockHost5 = Mockito.mock(InetAddress.class); - Mockito.when(addressMockHost5.getCanonicalHostName()).thenReturn("host5"); - - MachineList.InetAddressFactory addressFactory = - Mockito.mock(MachineList.InetAddressFactory.class); - Mockito.when(addressFactory.getByName("1.2.3.4")).thenReturn(addressMockHost4); - Mockito.when(addressFactory.getByName("1.2.3.5")).thenReturn(addressMockHost5); - Mockito.when(addressFactory.getByName("host1")).thenReturn(addressHost1); - Mockito.when(addressFactory.getByName("host4")).thenReturn(addressHost4); + // create MachineList with a list of of Hostnames + TestAddressFactory addressFactory = new TestAddressFactory(); + addressFactory.put("1.2.3.1", "host1"); + addressFactory.put("1.2.3.4", "host4"); + addressFactory.put("1.2.3.5", "host5"); MachineList ml = new MachineList( StringUtils.getTrimmedStringCollection(HOST_LIST), addressFactory ); @@ -157,7 +165,7 @@ public void testHostNamesReverserIpMatch() throws UnknownHostException { @Test public void testCIDRs() { //create MachineList with a list of of ip ranges specified in CIDR format - MachineList ml = new MachineList(CIDR_LIST); + MachineList ml = new MachineList(CIDR_LIST, new TestAddressFactory()); //test for inclusion/exclusion assertFalse(ml.includes("10.221.255.255")); @@ -181,16 +189,17 @@ public void testCIDRs() { @Test(expected = IllegalArgumentException.class) public void testNullIpAddress() { //create MachineList with a list of of ip ranges specified in CIDR format - MachineList ml = new MachineList(CIDR_LIST); + MachineList ml = new MachineList(CIDR_LIST, new TestAddressFactory()); //test for exclusion with a null IP - assertFalse(ml.includes(null)); + assertFalse(ml.includes((String) null)); + assertFalse(ml.includes((InetAddress) null)); } @Test public void testCIDRWith16bitmask() { //create MachineList with a list of of ip ranges specified in CIDR format - MachineList ml = new MachineList(CIDR_LIST1); + MachineList ml = new MachineList(CIDR_LIST1, new TestAddressFactory()); //test for inclusion/exclusion assertFalse(ml.includes("10.221.255.255")); @@ -209,7 +218,7 @@ public void testCIDRWith16bitmask() { @Test public void testCIDRWith8BitMask() { //create MachineList with a list of of ip ranges specified in CIDR format - MachineList ml = new MachineList(CIDR_LIST2); + MachineList ml = new MachineList(CIDR_LIST2, new TestAddressFactory()); //test for inclusion/exclusion assertFalse(ml.includes("10.241.22.255")); @@ -228,7 +237,7 @@ public void testCIDRWith8BitMask() { public void testInvalidCIDR() { //create MachineList with an Invalid CIDR try { - new MachineList(INVALID_CIDR); + MachineList ml = new MachineList(INVALID_CIDR, new TestAddressFactory()); fail("Expected IllegalArgumentException"); } catch (IllegalArgumentException e) { //expected Exception @@ -240,7 +249,7 @@ public void testInvalidCIDR() { @Test public void testIPandCIDRs() { //create MachineList with a list of of ip ranges and ip addresses - MachineList ml = new MachineList(IP_CIDR_LIST); + MachineList ml = new MachineList(IP_CIDR_LIST, new TestAddressFactory()); //test for inclusion with an known IP assertTrue(ml.includes("10.119.103.112")); @@ -263,7 +272,8 @@ public void testIPandCIDRs() { @Test public void testHostNameIPandCIDRs() { //create MachineList with a mix of ip addresses , hostnames and ip ranges - MachineList ml = new MachineList(HOSTNAME_IP_CIDR_LIST); + MachineList ml = new MachineList(HOSTNAME_IP_CIDR_LIST, + new TestAddressFactory()); //test for inclusion with an known IP assertTrue(ml.includes("10.119.103.112")); @@ -286,7 +296,8 @@ public void testHostNameIPandCIDRs() { @Test public void testGetCollection() { //create MachineList with a mix of ip addresses , hostnames and ip ranges - MachineList ml = new MachineList(HOSTNAME_IP_CIDR_LIST); + MachineList ml = + new MachineList(HOSTNAME_IP_CIDR_LIST, new TestAddressFactory()); Collection col = ml.getCollection(); //test getCollectionton to return the full collection diff --git a/hadoop-tools/hadoop-dynamometer/hadoop-dynamometer-infra/src/main/java/org/apache/hadoop/tools/dynamometer/AllowAllImpersonationProvider.java b/hadoop-tools/hadoop-dynamometer/hadoop-dynamometer-infra/src/main/java/org/apache/hadoop/tools/dynamometer/AllowAllImpersonationProvider.java index 490453f298..6800bbe0ef 100644 --- a/hadoop-tools/hadoop-dynamometer/hadoop-dynamometer-infra/src/main/java/org/apache/hadoop/tools/dynamometer/AllowAllImpersonationProvider.java +++ b/hadoop-tools/hadoop-dynamometer/hadoop-dynamometer-infra/src/main/java/org/apache/hadoop/tools/dynamometer/AllowAllImpersonationProvider.java @@ -17,6 +17,8 @@ */ package org.apache.hadoop.tools.dynamometer; +import java.net.InetAddress; + import org.apache.hadoop.conf.Configured; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.authorize.ImpersonationProvider; @@ -32,7 +34,7 @@ public void init(String configurationPrefix) { // Do nothing } - public void authorize(UserGroupInformation user, String remoteAddress) { + public void authorize(UserGroupInformation user, InetAddress remoteAddress) { // Do nothing } diff --git a/hadoop-tools/hadoop-dynamometer/hadoop-dynamometer-workload/src/test/java/org/apache/hadoop/tools/dynamometer/workloadgenerator/TestWorkloadGenerator.java b/hadoop-tools/hadoop-dynamometer/hadoop-dynamometer-workload/src/test/java/org/apache/hadoop/tools/dynamometer/workloadgenerator/TestWorkloadGenerator.java index 0162352f08..f3edc24b70 100644 --- a/hadoop-tools/hadoop-dynamometer/hadoop-dynamometer-workload/src/test/java/org/apache/hadoop/tools/dynamometer/workloadgenerator/TestWorkloadGenerator.java +++ b/hadoop-tools/hadoop-dynamometer/hadoop-dynamometer-workload/src/test/java/org/apache/hadoop/tools/dynamometer/workloadgenerator/TestWorkloadGenerator.java @@ -24,6 +24,7 @@ import org.apache.hadoop.tools.dynamometer.workloadgenerator.audit.AuditLogHiveTableParser; import org.apache.hadoop.tools.dynamometer.workloadgenerator.audit.AuditReplayMapper; import java.io.IOException; +import java.net.InetAddress; import java.nio.charset.StandardCharsets; import org.apache.hadoop.conf.Configuration; @@ -115,7 +116,7 @@ public void init(String configurationPrefix) { // Do nothing } - public void authorize(UserGroupInformation user, String remoteAddress) + public void authorize(UserGroupInformation user, InetAddress remoteAddress) throws AuthorizationException { try { if (!user.getRealUser().getShortUserName()