mirror of https://github.com/apache/nifi.git
NIFI-10119 Upgraded test hadoop-minikdc from 3.1.0 to 3.3.3
- Corrected JUnit 5 Assetions usage in KerberosUserIT This closes #6129 Signed-off-by: David Handermann <exceptionfactory@apache.org>
This commit is contained in:
UcanInfosec
exceptionfactory
parent
6c6cb99b38
commit
1f2820a39a
|
|
@ -43,7 +43,7 @@
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.hadoop</groupId>
|
<groupId>org.apache.hadoop</groupId>
|
||||||
<artifactId>hadoop-minikdc</artifactId>
|
<artifactId>hadoop-minikdc</artifactId>
|
||||||
<version>3.1.0</version>
|
<version>3.3.3</version>
|
||||||
<scope>test</scope>
|
<scope>test</scope>
|
||||||
<exclusions>
|
<exclusions>
|
||||||
<exclusion>
|
<exclusion>
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,6 @@
|
||||||
package org.apache.nifi.security.krb;
|
package org.apache.nifi.security.krb;
|
||||||
|
|
||||||
import org.apache.nifi.logging.ComponentLog;
|
import org.apache.nifi.logging.ComponentLog;
|
||||||
import org.apache.nifi.processor.ProcessContext;
|
|
||||||
import org.junit.jupiter.api.BeforeAll;
|
import org.junit.jupiter.api.BeforeAll;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import org.junit.jupiter.api.io.TempDir;
|
import org.junit.jupiter.api.io.TempDir;
|
||||||
|
|
@ -26,7 +25,6 @@ import org.mockito.Mockito;
|
||||||
import javax.security.auth.Subject;
|
import javax.security.auth.Subject;
|
||||||
import javax.security.auth.kerberos.KerberosPrincipal;
|
import javax.security.auth.kerberos.KerberosPrincipal;
|
||||||
import javax.security.auth.kerberos.KerberosTicket;
|
import javax.security.auth.kerberos.KerberosTicket;
|
||||||
import javax.security.auth.login.LoginException;
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
import java.security.AccessControlContext;
|
import java.security.AccessControlContext;
|
||||||
|
|
@ -38,9 +36,9 @@ import java.util.Set;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
import java.util.concurrent.atomic.AtomicReference;
|
import java.util.concurrent.atomic.AtomicReference;
|
||||||
|
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
import static org.junit.Assert.assertFalse;
|
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||||
import static org.junit.Assert.assertTrue;
|
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||||
|
|
||||||
public class KerberosUserIT {
|
public class KerberosUserIT {
|
||||||
|
|
@ -77,23 +75,23 @@ public class KerberosUserIT {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testKeytabUserSuccessfulLoginAndLogout() throws LoginException {
|
public void testKeytabUserSuccessfulLoginAndLogout() {
|
||||||
// perform login for user1
|
// perform login for user1
|
||||||
final KerberosUser user1 = new KerberosKeytabUser(principal1.getName(), principal1KeytabFile.getAbsolutePath());
|
final KerberosKeytabUser user1 = new KerberosKeytabUser(principal1.getName(), principal1KeytabFile.getAbsolutePath());
|
||||||
user1.login();
|
user1.login();
|
||||||
|
|
||||||
// perform login for user2
|
// perform login for user2
|
||||||
final KerberosUser user2 = new KerberosKeytabUser(principal2.getName(), principal2KeytabFile.getAbsolutePath());
|
final KerberosKeytabUser user2 = new KerberosKeytabUser(principal2.getName(), principal2KeytabFile.getAbsolutePath());
|
||||||
user2.login();
|
user2.login();
|
||||||
|
|
||||||
// verify user1 Subject only has user1 principal
|
// verify user1 Subject only has user1 principal
|
||||||
final Subject user1Subject = ((KerberosKeytabUser) user1).getSubject();
|
final Subject user1Subject = user1.getSubject();
|
||||||
final Set<Principal> user1SubjectPrincipals = user1Subject.getPrincipals();
|
final Set<Principal> user1SubjectPrincipals = user1Subject.getPrincipals();
|
||||||
assertEquals(1, user1SubjectPrincipals.size());
|
assertEquals(1, user1SubjectPrincipals.size());
|
||||||
assertEquals(principal1.getName(), user1SubjectPrincipals.iterator().next().getName());
|
assertEquals(principal1.getName(), user1SubjectPrincipals.iterator().next().getName());
|
||||||
|
|
||||||
// verify user2 Subject only has user2 principal
|
// verify user2 Subject only has user2 principal
|
||||||
final Subject user2Subject = ((KerberosKeytabUser) user2).getSubject();
|
final Subject user2Subject = user2.getSubject();
|
||||||
final Set<Principal> user2SubjectPrincipals = user2Subject.getPrincipals();
|
final Set<Principal> user2SubjectPrincipals = user2Subject.getPrincipals();
|
||||||
assertEquals(1, user2SubjectPrincipals.size());
|
assertEquals(1, user2SubjectPrincipals.size());
|
||||||
assertEquals(principal2.getName(), user2SubjectPrincipals.iterator().next().getName());
|
assertEquals(principal2.getName(), user2SubjectPrincipals.iterator().next().getName());
|
||||||
|
|
@ -115,17 +113,17 @@ public class KerberosUserIT {
|
||||||
public void testKeytabLoginWithUnknownPrincipal() {
|
public void testKeytabLoginWithUnknownPrincipal() {
|
||||||
final String unknownPrincipal = "doesnotexist@" + kdc.getRealm();
|
final String unknownPrincipal = "doesnotexist@" + kdc.getRealm();
|
||||||
final KerberosUser user1 = new KerberosKeytabUser(unknownPrincipal, principal1KeytabFile.getAbsolutePath());
|
final KerberosUser user1 = new KerberosKeytabUser(unknownPrincipal, principal1KeytabFile.getAbsolutePath());
|
||||||
assertThrows(Exception.class, () -> user1.login());
|
assertThrows(Exception.class, user1::login);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testPasswordUserSuccessfulLoginAndLogout() throws LoginException {
|
public void testPasswordUserSuccessfulLoginAndLogout() {
|
||||||
// perform login for user
|
// perform login for user
|
||||||
final KerberosUser user = new KerberosPasswordUser(principal3.getName(), principal3Password);
|
final KerberosPasswordUser user = new KerberosPasswordUser(principal3.getName(), principal3Password);
|
||||||
user.login();
|
user.login();
|
||||||
|
|
||||||
// verify user Subject only has user principal
|
// verify user Subject only has user principal
|
||||||
final Subject userSubject = ((KerberosPasswordUser) user).getSubject();
|
final Subject userSubject = user.getSubject();
|
||||||
final Set<Principal> userSubjectPrincipals = userSubject.getPrincipals();
|
final Set<Principal> userSubjectPrincipals = userSubject.getPrincipals();
|
||||||
assertEquals(1, userSubjectPrincipals.size());
|
assertEquals(1, userSubjectPrincipals.size());
|
||||||
assertEquals(principal3.getName(), userSubjectPrincipals.iterator().next().getName());
|
assertEquals(principal3.getName(), userSubjectPrincipals.iterator().next().getName());
|
||||||
|
|
@ -144,11 +142,11 @@ public class KerberosUserIT {
|
||||||
public void testPasswordUserLoginWithInvalidPassword() {
|
public void testPasswordUserLoginWithInvalidPassword() {
|
||||||
// perform login for user
|
// perform login for user
|
||||||
final KerberosUser user = new KerberosPasswordUser("user3", "NOT THE PASSWORD");
|
final KerberosUser user = new KerberosPasswordUser("user3", "NOT THE PASSWORD");
|
||||||
assertThrows(LoginException.class, () -> user.login());
|
assertThrows(KerberosLoginException.class, user::login);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testCheckTGTAndRelogin() throws LoginException, InterruptedException {
|
public void testCheckTGTAndRelogin() throws InterruptedException {
|
||||||
final KerberosUser user1 = new KerberosKeytabUser(principal1.getName(), principal1KeytabFile.getAbsolutePath());
|
final KerberosUser user1 = new KerberosKeytabUser(principal1.getName(), principal1KeytabFile.getAbsolutePath());
|
||||||
user1.login();
|
user1.login();
|
||||||
|
|
||||||
|
|
@ -165,7 +163,7 @@ public class KerberosUserIT {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
assertEquals(true, performedRelogin);
|
assertTrue(performedRelogin);
|
||||||
|
|
||||||
Subject subject = user1.doAs((PrivilegedAction<Subject>) () -> {
|
Subject subject = user1.doAs((PrivilegedAction<Subject>) () -> {
|
||||||
AccessControlContext context = AccessController.getContext();
|
AccessControlContext context = AccessController.getContext();
|
||||||
|
|
@ -196,11 +194,10 @@ public class KerberosUserIT {
|
||||||
return null;
|
return null;
|
||||||
};
|
};
|
||||||
|
|
||||||
final ProcessContext context = Mockito.mock(ProcessContext.class);
|
|
||||||
final ComponentLog logger = Mockito.mock(ComponentLog.class);
|
final ComponentLog logger = Mockito.mock(ComponentLog.class);
|
||||||
|
|
||||||
// create the action to test and execute it
|
// create the action to test and execute it
|
||||||
final KerberosAction kerberosAction = new KerberosAction<>(user1, privilegedAction, logger);
|
final KerberosAction<Void> kerberosAction = new KerberosAction<>(user1, privilegedAction, logger);
|
||||||
kerberosAction.execute();
|
kerberosAction.execute();
|
||||||
|
|
||||||
// if the result holder has the string success then we know the action executed
|
// if the result holder has the string success then we know the action executed
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue