HADOOP-15395. DefaultImpersonationProvider fails to parse proxy user config if username has . in it. Contributed by Ajay Kumar.

This commit is contained in:
Mukul Kumar Singh 2018-07-25 21:09:11 +05:30
parent 3c4fbc635e
commit 5f0b924360
2 changed files with 102 additions and 2 deletions

View File

@ -75,9 +75,9 @@ public class DefaultImpersonationProvider implements ImpersonationProvider {
// $configPrefix.[ANY].hosts
//
String prefixRegEx = configPrefix.replace(".", "\\.");
String usersGroupsRegEx = prefixRegEx + "[^.]*(" +
String usersGroupsRegEx = prefixRegEx + "[\\S]*(" +
Pattern.quote(CONF_USERS) + "|" + Pattern.quote(CONF_GROUPS) + ")";
String hostsRegEx = prefixRegEx + "[^.]*" + Pattern.quote(CONF_HOSTS);
String hostsRegEx = prefixRegEx + "[\\S]*" + Pattern.quote(CONF_HOSTS);
// get list of users and groups per proxyuser
Map<String,String> allMatchKeys =

View File

@ -0,0 +1,100 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.hadoop.security.authorize;
import static org.mockito.Mockito.when;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.test.LambdaTestUtils;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.Timeout;
import org.mockito.Mockito;
/**
* Test class for @DefaultImpersonationProvider
*/
public class TestDefaultImpersonationProvider {
private String proxyUser;
private String user;
private DefaultImpersonationProvider provider;
private UserGroupInformation userGroupInformation = Mockito
.mock(UserGroupInformation.class);
private UserGroupInformation realUserUGI = Mockito
.mock(UserGroupInformation.class);
private Configuration conf;
@Rule
public Timeout globalTimeout = new Timeout(10000);
@Before
public void setup() {
conf = new Configuration();
provider = new DefaultImpersonationProvider();
// Setup 3 proxy users
conf.set("hadoop.proxyuser.fakeuser.groups", "*");
conf.set("hadoop.proxyuser.fakeuser.hosts", "*");
conf.set("hadoop.proxyuser.test.user.groups", "*");
conf.set("hadoop.proxyuser.test.user.hosts", "*");
conf.set("hadoop.proxyuser.test user2.groups", "*");
conf.set("hadoop.proxyuser.test user2.hosts", "*");
provider.setConf(conf);
provider.init(ProxyUsers.CONF_HADOOP_PROXYUSER);
}
@Test
public void testAuthorizationSuccess() throws AuthorizationException {
proxyUser = "fakeuser";
user = "dummyUser";
when(realUserUGI.getShortUserName()).thenReturn(proxyUser);
when(userGroupInformation.getRealUser()).thenReturn(realUserUGI);
provider.authorize(userGroupInformation, "2.2.2.2");
user = "somerandomuser";
proxyUser = "test.user";
when(realUserUGI.getShortUserName()).thenReturn(proxyUser);
when(userGroupInformation.getRealUser()).thenReturn(realUserUGI);
provider.authorize(userGroupInformation, "2.2.2.2");
}
@Test
public void testAuthorizationFailure() throws Exception {
user = "dummyUser";
proxyUser = "test user2";
when(realUserUGI.getShortUserName()).thenReturn(proxyUser);
when(realUserUGI.getUserName()).thenReturn(proxyUser);
when(userGroupInformation.getUserName()).thenReturn(user);
when(userGroupInformation.getRealUser()).thenReturn(realUserUGI);
LambdaTestUtils.intercept(AuthorizationException.class, "User: "
+ proxyUser + " is not allowed to impersonate " + user, () ->
provider.authorize(userGroupInformation, "2.2.2.2"));
}
@After
public void clear() {
provider = null;
conf = null;
userGroupInformation = null;
realUserUGI = null;
}
}