HADOOP-10851. NetgroupCache does not remove group memberships. (Contributed by Benoy Antony)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1617612 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Arpit Agarwal 2014-08-12 22:30:48 +00:00
parent a72fba5853
commit d687f6f689
3 changed files with 134 additions and 13 deletions

View File

@ -563,6 +563,9 @@ Release 2.6.0 - UNRELEASED
HADOOP-10402. Configuration.getValByRegex does not substitute for
variables. (Robert Kanter via kasha)
HADOOP-10851. NetgroupCache does not remove group memberships. (Benoy
Antony via Arpit Agarwal)
Release 2.5.0 - UNRELEASED
INCOMPATIBLE CHANGES

View File

@ -27,12 +27,9 @@ import java.util.concurrent.ConcurrentHashMap;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* Class that caches the netgroups and inverts group-to-user map
* to user-to-group map, primarily intented for use with
* to user-to-group map, primarily intended for use with
* netgroups (as returned by getent netgrgoup) which only returns
* group to user mapping.
*/
@ -69,9 +66,7 @@ public class NetgroupCache {
}
}
if(userToNetgroupsMap.containsKey(user)) {
for(String netgroup : userToNetgroupsMap.get(user)) {
groups.add(netgroup);
}
groups.addAll(userToNetgroupsMap.get(user));
}
}
@ -99,6 +94,7 @@ public class NetgroupCache {
*/
public static void clear() {
netgroupToUsersMap.clear();
userToNetgroupsMap.clear();
}
/**
@ -108,12 +104,7 @@ public class NetgroupCache {
* @param users list of users for a given group
*/
public static void add(String group, List<String> users) {
if(!isCached(group)) {
netgroupToUsersMap.put(group, new HashSet<String>());
for(String user: users) {
netgroupToUsersMap.get(group).add(user);
}
}
netgroupToUsersMap.put(group, new HashSet<String>(users));
netgroupToUsersMapUpdated = true; // at the end to avoid race
}
}

View File

@ -0,0 +1,127 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with this
* work for additional information regarding copyright ownership. The ASF
* licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.apache.hadoop.security;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import java.util.ArrayList;
import java.util.List;
import org.junit.After;
import org.junit.Test;
public class TestNetgroupCache {
private static final String USER1 = "user1";
private static final String USER2 = "user2";
private static final String USER3 = "user3";
private static final String GROUP1 = "group1";
private static final String GROUP2 = "group2";
@After
public void teardown() {
NetgroupCache.clear();
}
/**
* Cache two groups with a set of users.
* Test membership correctness.
*/
@Test
public void testMembership() {
List<String> users = new ArrayList<String>();
users.add(USER1);
users.add(USER2);
NetgroupCache.add(GROUP1, users);
users = new ArrayList<String>();
users.add(USER1);
users.add(USER3);
NetgroupCache.add(GROUP2, users);
verifyGroupMembership(USER1, 2, GROUP1);
verifyGroupMembership(USER1, 2, GROUP2);
verifyGroupMembership(USER2, 1, GROUP1);
verifyGroupMembership(USER3, 1, GROUP2);
}
/**
* Cache a group with a set of users.
* Test membership correctness.
* Clear cache, remove a user from the group and cache the group
* Test membership correctness.
*/
@Test
public void testUserRemoval() {
List<String> users = new ArrayList<String>();
users.add(USER1);
users.add(USER2);
NetgroupCache.add(GROUP1, users);
verifyGroupMembership(USER1, 1, GROUP1);
verifyGroupMembership(USER2, 1, GROUP1);
users.remove(USER2);
NetgroupCache.clear();
NetgroupCache.add(GROUP1, users);
verifyGroupMembership(USER1, 1, GROUP1);
verifyGroupMembership(USER2, 0, null);
}
/**
* Cache two groups with a set of users.
* Test membership correctness.
* Clear cache, cache only one group.
* Test membership correctness.
*/
@Test
public void testGroupRemoval() {
List<String> users = new ArrayList<String>();
users.add(USER1);
users.add(USER2);
NetgroupCache.add(GROUP1, users);
users = new ArrayList<String>();
users.add(USER1);
users.add(USER3);
NetgroupCache.add(GROUP2, users);
verifyGroupMembership(USER1, 2, GROUP1);
verifyGroupMembership(USER1, 2, GROUP2);
verifyGroupMembership(USER2, 1, GROUP1);
verifyGroupMembership(USER3, 1, GROUP2);
NetgroupCache.clear();
users = new ArrayList<String>();
users.add(USER1);
users.add(USER2);
NetgroupCache.add(GROUP1, users);
verifyGroupMembership(USER1, 1, GROUP1);
verifyGroupMembership(USER2, 1, GROUP1);
verifyGroupMembership(USER3, 0, null);
}
private void verifyGroupMembership(String user, int size, String group) {
List<String> groups = new ArrayList<String>();
NetgroupCache.getNetgroups(user, groups);
assertEquals(size, groups.size());
if (size > 0) {
boolean present = false;
for (String groupEntry:groups) {
if (groupEntry.equals(group)) {
present = true;
break;
}
}
assertTrue(present);
}
}
}