HADOOP-10851. NetgroupCache does not remove group memberships. (Contributed by Benoy Antony)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1617612 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
a72fba5853
commit
d687f6f689
|
@ -563,6 +563,9 @@ Release 2.6.0 - UNRELEASED
|
|||
HADOOP-10402. Configuration.getValByRegex does not substitute for
|
||||
variables. (Robert Kanter via kasha)
|
||||
|
||||
HADOOP-10851. NetgroupCache does not remove group memberships. (Benoy
|
||||
Antony via Arpit Agarwal)
|
||||
|
||||
Release 2.5.0 - UNRELEASED
|
||||
|
||||
INCOMPATIBLE CHANGES
|
||||
|
|
|
@ -27,12 +27,9 @@ import java.util.concurrent.ConcurrentHashMap;
|
|||
import org.apache.hadoop.classification.InterfaceAudience;
|
||||
import org.apache.hadoop.classification.InterfaceStability;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
/**
|
||||
* Class that caches the netgroups and inverts group-to-user map
|
||||
* to user-to-group map, primarily intented for use with
|
||||
* to user-to-group map, primarily intended for use with
|
||||
* netgroups (as returned by getent netgrgoup) which only returns
|
||||
* group to user mapping.
|
||||
*/
|
||||
|
@ -69,9 +66,7 @@ public class NetgroupCache {
|
|||
}
|
||||
}
|
||||
if(userToNetgroupsMap.containsKey(user)) {
|
||||
for(String netgroup : userToNetgroupsMap.get(user)) {
|
||||
groups.add(netgroup);
|
||||
}
|
||||
groups.addAll(userToNetgroupsMap.get(user));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -99,6 +94,7 @@ public class NetgroupCache {
|
|||
*/
|
||||
public static void clear() {
|
||||
netgroupToUsersMap.clear();
|
||||
userToNetgroupsMap.clear();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -108,12 +104,7 @@ public class NetgroupCache {
|
|||
* @param users list of users for a given group
|
||||
*/
|
||||
public static void add(String group, List<String> users) {
|
||||
if(!isCached(group)) {
|
||||
netgroupToUsersMap.put(group, new HashSet<String>());
|
||||
for(String user: users) {
|
||||
netgroupToUsersMap.get(group).add(user);
|
||||
}
|
||||
}
|
||||
netgroupToUsersMap.put(group, new HashSet<String>(users));
|
||||
netgroupToUsersMapUpdated = true; // at the end to avoid race
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,127 @@
|
|||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with this
|
||||
* work for additional information regarding copyright ownership. The ASF
|
||||
* licenses this file to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations under
|
||||
* the License.
|
||||
*/
|
||||
package org.apache.hadoop.security;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Test;
|
||||
|
||||
public class TestNetgroupCache {
|
||||
|
||||
private static final String USER1 = "user1";
|
||||
private static final String USER2 = "user2";
|
||||
private static final String USER3 = "user3";
|
||||
private static final String GROUP1 = "group1";
|
||||
private static final String GROUP2 = "group2";
|
||||
|
||||
@After
|
||||
public void teardown() {
|
||||
NetgroupCache.clear();
|
||||
}
|
||||
|
||||
/**
|
||||
* Cache two groups with a set of users.
|
||||
* Test membership correctness.
|
||||
*/
|
||||
@Test
|
||||
public void testMembership() {
|
||||
List<String> users = new ArrayList<String>();
|
||||
users.add(USER1);
|
||||
users.add(USER2);
|
||||
NetgroupCache.add(GROUP1, users);
|
||||
users = new ArrayList<String>();
|
||||
users.add(USER1);
|
||||
users.add(USER3);
|
||||
NetgroupCache.add(GROUP2, users);
|
||||
verifyGroupMembership(USER1, 2, GROUP1);
|
||||
verifyGroupMembership(USER1, 2, GROUP2);
|
||||
verifyGroupMembership(USER2, 1, GROUP1);
|
||||
verifyGroupMembership(USER3, 1, GROUP2);
|
||||
}
|
||||
|
||||
/**
|
||||
* Cache a group with a set of users.
|
||||
* Test membership correctness.
|
||||
* Clear cache, remove a user from the group and cache the group
|
||||
* Test membership correctness.
|
||||
*/
|
||||
@Test
|
||||
public void testUserRemoval() {
|
||||
List<String> users = new ArrayList<String>();
|
||||
users.add(USER1);
|
||||
users.add(USER2);
|
||||
NetgroupCache.add(GROUP1, users);
|
||||
verifyGroupMembership(USER1, 1, GROUP1);
|
||||
verifyGroupMembership(USER2, 1, GROUP1);
|
||||
users.remove(USER2);
|
||||
NetgroupCache.clear();
|
||||
NetgroupCache.add(GROUP1, users);
|
||||
verifyGroupMembership(USER1, 1, GROUP1);
|
||||
verifyGroupMembership(USER2, 0, null);
|
||||
}
|
||||
|
||||
/**
|
||||
* Cache two groups with a set of users.
|
||||
* Test membership correctness.
|
||||
* Clear cache, cache only one group.
|
||||
* Test membership correctness.
|
||||
*/
|
||||
@Test
|
||||
public void testGroupRemoval() {
|
||||
List<String> users = new ArrayList<String>();
|
||||
users.add(USER1);
|
||||
users.add(USER2);
|
||||
NetgroupCache.add(GROUP1, users);
|
||||
users = new ArrayList<String>();
|
||||
users.add(USER1);
|
||||
users.add(USER3);
|
||||
NetgroupCache.add(GROUP2, users);
|
||||
verifyGroupMembership(USER1, 2, GROUP1);
|
||||
verifyGroupMembership(USER1, 2, GROUP2);
|
||||
verifyGroupMembership(USER2, 1, GROUP1);
|
||||
verifyGroupMembership(USER3, 1, GROUP2);
|
||||
NetgroupCache.clear();
|
||||
users = new ArrayList<String>();
|
||||
users.add(USER1);
|
||||
users.add(USER2);
|
||||
NetgroupCache.add(GROUP1, users);
|
||||
verifyGroupMembership(USER1, 1, GROUP1);
|
||||
verifyGroupMembership(USER2, 1, GROUP1);
|
||||
verifyGroupMembership(USER3, 0, null);
|
||||
}
|
||||
|
||||
private void verifyGroupMembership(String user, int size, String group) {
|
||||
List<String> groups = new ArrayList<String>();
|
||||
NetgroupCache.getNetgroups(user, groups);
|
||||
assertEquals(size, groups.size());
|
||||
if (size > 0) {
|
||||
boolean present = false;
|
||||
for (String groupEntry:groups) {
|
||||
if (groupEntry.equals(group)) {
|
||||
present = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
assertTrue(present);
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue