YARN-2279. Add UTs to cover timeline server authentication. Contributed by Zhijie Shen

This commit is contained in:
Xuan 2014-10-28 11:18:35 -07:00
parent 3f7edeb055
commit 43a53f2b65
2 changed files with 88 additions and 27 deletions

View File

@ -748,6 +748,9 @@ Release 2.6.0 - UNRELEASED
YARN-2591. Fixed AHSWebServices to return FORBIDDEN(403) if the request user YARN-2591. Fixed AHSWebServices to return FORBIDDEN(403) if the request user
doesn't have access to the history data. (Zhijie Shen via jianhe) doesn't have access to the history data. (Zhijie Shen via jianhe)
YARN-2279. Add UTs to cover timeline server authentication.
(Zhijie Shen via xgong)
Release 2.5.1 - 2014-09-05 Release 2.5.1 - 2014-09-05
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES

View File

@ -22,17 +22,23 @@ import static org.junit.Assert.assertTrue;
import java.io.File; import java.io.File;
import java.security.PrivilegedExceptionAction; import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.Collection;
import java.util.concurrent.Callable; import java.util.concurrent.Callable;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic; import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.http.HttpConfig;
import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Text;
import org.apache.hadoop.minikdc.MiniKdc; import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.KerberosTestUtils; import org.apache.hadoop.security.authentication.KerberosTestUtils;
import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler; import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
import org.apache.hadoop.security.authorize.AuthorizationException; import org.apache.hadoop.security.authorize.AuthorizationException;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.yarn.api.records.timeline.TimelineDomain;
import org.apache.hadoop.yarn.api.records.timeline.TimelineEntity; import org.apache.hadoop.yarn.api.records.timeline.TimelineEntity;
import org.apache.hadoop.yarn.api.records.timeline.TimelinePutResponse; import org.apache.hadoop.yarn.api.records.timeline.TimelinePutResponse;
import org.apache.hadoop.yarn.client.api.TimelineClient; import org.apache.hadoop.yarn.client.api.TimelineClient;
@ -42,30 +48,49 @@ import org.apache.hadoop.yarn.server.applicationhistoryservice.ApplicationHistor
import org.apache.hadoop.yarn.server.timeline.MemoryTimelineStore; import org.apache.hadoop.yarn.server.timeline.MemoryTimelineStore;
import org.apache.hadoop.yarn.server.timeline.TimelineStore; import org.apache.hadoop.yarn.server.timeline.TimelineStore;
import org.junit.After; import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
@RunWith(Parameterized.class)
public class TestTimelineAuthenticationFilter { public class TestTimelineAuthenticationFilter {
private static final String FOO_USER = "foo"; private static final String FOO_USER = "foo";
private static final String BAR_USER = "bar"; private static final String BAR_USER = "bar";
private static final String HTTP_USER = "HTTP"; private static final String HTTP_USER = "HTTP";
private static final File testRootDir = new File("target", private static final File testRootDir = new File(
System.getProperty("test.build.dir", "target/test-dir"),
TestTimelineAuthenticationFilter.class.getName() + "-root"); TestTimelineAuthenticationFilter.class.getName() + "-root");
private static File httpSpnegoKeytabFile = new File( private static File httpSpnegoKeytabFile = new File(
KerberosTestUtils.getKeytabFile()); KerberosTestUtils.getKeytabFile());
private static String httpSpnegoPrincipal = private static String httpSpnegoPrincipal =
KerberosTestUtils.getServerPrincipal(); KerberosTestUtils.getServerPrincipal();
private static MiniKdc testMiniKDC; private static final String BASEDIR =
private static ApplicationHistoryServer testTimelineServer; System.getProperty("test.build.dir", "target/test-dir") + "/"
private static Configuration conf; + TestTimelineAuthenticationFilter.class.getSimpleName();
@BeforeClass @Parameterized.Parameters
public static void setupClass() { public static Collection<Object[]> withSsl() {
return Arrays.asList(new Object[][] { { false }, { true } });
}
private MiniKdc testMiniKDC;
private String keystoresDir;
private String sslConfDir;
private ApplicationHistoryServer testTimelineServer;
private Configuration conf;
private TimelineClient client;
private boolean withSsl;
public TestTimelineAuthenticationFilter(boolean withSsl) {
this.withSsl = withSsl;
}
@Before
public void setup() {
try { try {
testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir); testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
testMiniKDC.start(); testMiniKDC.start();
@ -77,7 +102,7 @@ public class TestTimelineAuthenticationFilter {
try { try {
testTimelineServer = new ApplicationHistoryServer(); testTimelineServer = new ApplicationHistoryServer();
conf = new YarnConfiguration(); conf = new Configuration(false);
conf.setStrings(TimelineAuthenticationFilterInitializer.PREFIX + "type", conf.setStrings(TimelineAuthenticationFilterInitializer.PREFIX + "type",
"kerberos"); "kerberos");
conf.set(TimelineAuthenticationFilterInitializer.PREFIX + conf.set(TimelineAuthenticationFilterInitializer.PREFIX +
@ -98,31 +123,30 @@ public class TestTimelineAuthenticationFilter {
"localhost:10200"); "localhost:10200");
conf.set(YarnConfiguration.TIMELINE_SERVICE_WEBAPP_ADDRESS, conf.set(YarnConfiguration.TIMELINE_SERVICE_WEBAPP_ADDRESS,
"localhost:8188"); "localhost:8188");
conf.set(YarnConfiguration.TIMELINE_SERVICE_WEBAPP_HTTPS_ADDRESS,
"localhost:8190");
conf.set("hadoop.proxyuser.HTTP.hosts", "*"); conf.set("hadoop.proxyuser.HTTP.hosts", "*");
conf.set("hadoop.proxyuser.HTTP.users", FOO_USER); conf.set("hadoop.proxyuser.HTTP.users", FOO_USER);
if (withSsl) {
conf.set(YarnConfiguration.YARN_HTTP_POLICY_KEY,
HttpConfig.Policy.HTTPS_ONLY.name());
File base = new File(BASEDIR);
FileUtil.fullyDelete(base);
base.mkdirs();
keystoresDir = new File(BASEDIR).getAbsolutePath();
sslConfDir =
KeyStoreTestUtil.getClasspathDir(TestTimelineAuthenticationFilter.class);
KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);
}
UserGroupInformation.setConfiguration(conf); UserGroupInformation.setConfiguration(conf);
testTimelineServer.init(conf); testTimelineServer.init(conf);
testTimelineServer.start(); testTimelineServer.start();
} catch (Exception e) { } catch (Exception e) {
assertTrue("Couldn't setup TimelineServer", false); assertTrue("Couldn't setup TimelineServer", false);
} }
}
@AfterClass
public static void tearDownClass() {
if (testMiniKDC != null) {
testMiniKDC.stop();
}
if (testTimelineServer != null) {
testTimelineServer.stop();
}
}
private TimelineClient client;
@Before
public void setup() throws Exception {
client = TimelineClient.createTimelineClient(); client = TimelineClient.createTimelineClient();
client.init(conf); client.init(conf);
client.start(); client.start();
@ -130,9 +154,23 @@ public class TestTimelineAuthenticationFilter {
@After @After
public void tearDown() throws Exception { public void tearDown() throws Exception {
if (testMiniKDC != null) {
testMiniKDC.stop();
}
if (testTimelineServer != null) {
testTimelineServer.stop();
}
if (client != null) { if (client != null) {
client.stop(); client.stop();
} }
if (withSsl) {
KeyStoreTestUtil.cleanupSSLConfig(keystoresDir, sslConfDir);
File base = new File(BASEDIR);
FileUtil.fullyDelete(base);
}
} }
@Test @Test
@ -141,20 +179,40 @@ public class TestTimelineAuthenticationFilter {
@Override @Override
public Void call() throws Exception { public Void call() throws Exception {
TimelineEntity entityToStore = new TimelineEntity(); TimelineEntity entityToStore = new TimelineEntity();
entityToStore.setEntityType("TestTimelineAuthenticationFilter"); entityToStore.setEntityType(
TestTimelineAuthenticationFilter.class.getName());
entityToStore.setEntityId("entity1"); entityToStore.setEntityId("entity1");
entityToStore.setStartTime(0L); entityToStore.setStartTime(0L);
TimelinePutResponse putResponse = client.putEntities(entityToStore); TimelinePutResponse putResponse = client.putEntities(entityToStore);
Assert.assertEquals(0, putResponse.getErrors().size()); Assert.assertEquals(0, putResponse.getErrors().size());
TimelineEntity entityToRead = TimelineEntity entityToRead =
testTimelineServer.getTimelineStore().getEntity( testTimelineServer.getTimelineStore().getEntity(
"entity1", "TestTimelineAuthenticationFilter", null); "entity1", TestTimelineAuthenticationFilter.class.getName(), null);
Assert.assertNotNull(entityToRead); Assert.assertNotNull(entityToRead);
return null; return null;
} }
}); });
} }
@Test
public void testPutDomains() throws Exception {
KerberosTestUtils.doAs(HTTP_USER + "/localhost", new Callable<Void>() {
@Override
public Void call() throws Exception {
TimelineDomain domainToStore = new TimelineDomain();
domainToStore.setId(TestTimelineAuthenticationFilter.class.getName());
domainToStore.setReaders("*");
domainToStore.setWriters("*");
client.putDomain(domainToStore);
TimelineDomain domainToRead =
testTimelineServer.getTimelineStore().getDomain(
TestTimelineAuthenticationFilter.class.getName());
Assert.assertNotNull(domainToRead);
return null;
}
});
}
@Test @Test
public void testGetDelegationToken() throws Exception { public void testGetDelegationToken() throws Exception {
KerberosTestUtils.doAs(HTTP_USER + "/localhost", new Callable<Void>() { KerberosTestUtils.doAs(HTTP_USER + "/localhost", new Callable<Void>() {