@Test public void testNamespacesValidFlows() throws Exception { // get initial namespace list HttpResponse response = listAllNamespaces(); assertResponseCode(200, response); List<JsonObject> namespaces = readListResponse(response); int initialSize = namespaces.size(); // create and verify response = createNamespace(METADATA_VALID, NAME); assertResponseCode(200, response); response = listAllNamespaces(); namespaces = readListResponse(response); Assert.assertEquals(initialSize + 1, namespaces.size()); Assert.assertEquals(NAME, namespaces.get(0).get(NAME_FIELD).getAsString()); Assert.assertEquals(DESCRIPTION, namespaces.get(0).get(DESCRIPTION_FIELD).getAsString()); // verify that keytab URI cannot be updated since the namespace was created with no principal NamespaceMeta meta = new NamespaceMeta.Builder().setName(NAME).setKeytabURI("new.keytab").build(); response = setProperties(NAME, meta); assertResponseCode(400, response); // cleanup response = deleteNamespace(NAME); assertResponseCode(200, response); response = listAllNamespaces(); namespaces = readListResponse(response); Assert.assertEquals(initialSize, namespaces.size()); }
String nsKeytabURI = "some/path"; NamespaceMeta impNsMeta = new NamespaceMeta.Builder().setName(NAME).setPrincipal(nsPrincipal).setKeytabURI(nsKeytabURI).build(); HttpResponse response = createNamespace(GSON.toJson(impNsMeta), impNsMeta.getName()); assertResponseCode(200, response); setProperties(NAME, new NamespaceMeta.Builder(impNsMeta).setKeytabURI("new/url").build()); response = getNamespace(NAME); namespace = readGetResponse(response);
private void testDeployAppWithoutOwner() throws Exception { NamespaceId namespaceId = new NamespaceId("namespaceImpersonation"); // We will create a namespace as owner bob, the keytab url is provided to pass the check for DefaultNamespaceAdmin // in unit test, it is useless, since impersonation will never happen NamespaceMeta ownerNSMeta = new NamespaceMeta.Builder().setName(namespaceId.getNamespace()) .setPrincipal(BOB.getName()).setKeytabURI("/tmp/").build(); KerberosPrincipalId bobPrincipalId = new KerberosPrincipalId(BOB.getName()); // grant alice admin to the namespace, but creation should still fail since alice needs to have privilege on // principal bob grantAndAssertSuccess(namespaceId, ALICE, EnumSet.of(Action.ADMIN)); cleanUpEntities.add(namespaceId); try { getNamespaceAdmin().create(ownerNSMeta); Assert.fail("Namespace creation should fail since alice does not have privilege on principal bob"); } catch (UnauthorizedException e) { // expected } // grant alice admin on principal bob, now creation of namespace should work grantAndAssertSuccess(bobPrincipalId, ALICE, EnumSet.of(Action.ADMIN)); cleanUpEntities.add(bobPrincipalId); getNamespaceAdmin().create(ownerNSMeta); // deploy dummy app with ns impersonation deployDummyAppWithImpersonation(ownerNSMeta, null); }
new NamespaceMeta.Builder(nsMeta).setKeytabURI("/new/keytab/uri").build()); Assert.fail(); } catch (BadRequestException e) {
eveKerberosPrincipalId.getPrincipal()).setKeytabURI(eveKeytabFile.getAbsolutePath()).build());
namespaceMeta = new NamespaceMeta.Builder().setName("test_ns").setKeytabURI("/some/path").build(); try { namespaceAdmin.create(namespaceMeta); namespaceMeta = new NamespaceMeta.Builder().setName("test_ns").setKeytabURI("/some/path") .setExploreAsPrincipal(false).build(); try {
String nsKeytabURI = "some/path"; NamespaceMeta impNsMeta = new NamespaceMeta.Builder().setName("impNs").setPrincipal(nsPrincipal).setKeytabURI(nsKeytabURI).build(); createNamespace(GSON.toJson(impNsMeta), impNsMeta.getName());
@Test public void testGetAppAuthorizingUse() throws Exception { OwnerAdmin ownerAdmin = getOwnerAdmin(); // test with complete principal (alice/somehost.net@somerealm.net) String principal = username + "/" + InetAddress.getLocalHost().getHostName() + "@REALM.net"; NamespaceMeta nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal) .setKeytabURI("doesnotmatter").build(); namespaceClient.create(nsMeta); Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null)); // test with principal which is just username (alice) namespaceClient.delete(namespaceId); principal = username; nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal) .setKeytabURI("doesnotmatter").build(); namespaceClient.create(nsMeta); Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null)); // test with principal and realm (alice@somerealm.net) namespaceClient.delete(namespaceId); principal = username + "@REALM.net"; nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal) .setKeytabURI("doesnotmatter").build(); namespaceClient.create(nsMeta); Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null)); // clean up namespaceClient.delete(namespaceId); }
@Test public void testUpdateExistingKeytab() throws Exception { String namespace = "updateNamespace"; NamespaceId namespaceId = new NamespaceId(namespace); NamespaceMeta nsMeta = new NamespaceMeta.Builder().setName(namespaceId) .setPrincipal("alice").setKeytabURI("/alice/keytab").build(); namespaceAdmin.create(nsMeta); Assert.assertTrue(namespaceAdmin.exists(namespaceId)); // update the keytab URI String newKeytab = "/alice/new_keytab"; NamespaceMeta newKeytabMeta = new NamespaceMeta.Builder(nsMeta).setKeytabURI(newKeytab).build(); namespaceAdmin.updateProperties(nsMeta.getNamespaceId(), newKeytabMeta); // assert the keytab URI is updated and the version remains 0 Assert.assertEquals(newKeytab, namespaceAdmin.get(namespaceId).getConfig().getKeytabURIWithoutVersion()); Assert.assertEquals(0, namespaceAdmin.get(namespaceId).getConfig().getKeytabURIVersion()); // update the namespace with the same keytab URI namespaceAdmin.updateProperties(nsMeta.getNamespaceId(), newKeytabMeta); // assert the keytab URI without version remains the same and the version is incremented to 1 Assert.assertEquals(newKeytab, namespaceAdmin.get(namespaceId).getConfig().getKeytabURIWithoutVersion()); Assert.assertEquals(1, namespaceAdmin.get(namespaceId).getConfig().getKeytabURIVersion()); //clean up namespaceAdmin.delete(namespaceId); }
@Override public void perform(Arguments arguments, PrintStream output) throws Exception { String name = arguments.get(ArgumentName.NAMESPACE_NAME.toString()); String description = arguments.getOptional(ArgumentName.DESCRIPTION.toString(), null); String principal = arguments.getOptional(ArgumentName.PRINCIPAL.toString(), null); String groupName = arguments.getOptional(ArgumentName.NAMESPACE_GROUP_NAME.toString(), null); String keytabPath = arguments.getOptional(ArgumentName.NAMESPACE_KEYTAB_PATH.toString(), null); String hbaseNamespace = arguments.getOptional(ArgumentName.NAMESPACE_HBASE_NAMESPACE.toString(), null); String hiveDatabase = arguments.getOptional(ArgumentName.NAMESPACE_HIVE_DATABASE.toString(), null); String schedulerQueueName = arguments.getOptional(ArgumentName.NAMESPACE_SCHEDULER_QUEUENAME.toString(), null); String rootDir = arguments.getOptional(ArgumentName.NAMESPACE_ROOT_DIR.toString(), null); String exploreAsPrinc = arguments.getOptional(ArgumentName.NAMESPACE_EXPLORE_AS_PRINCIPAL.toString(), "true"); Boolean exploreAsPrincipal = Boolean.valueOf(exploreAsPrinc); NamespaceMeta.Builder builder = new NamespaceMeta.Builder(); builder.setName(name).setDescription(description).setPrincipal(principal).setGroupName(groupName) .setKeytabURI(keytabPath).setRootDirectory(rootDir).setHBaseNamespace(hbaseNamespace) .setHiveDatabase(hiveDatabase).setSchedulerQueueName(schedulerQueueName) .setExploreAsPrincipal(exploreAsPrincipal); namespaceClient.create(builder.build()); output.println(String.format(SUCCESS_MSG, name)); }
@Override public void perform(Arguments arguments, PrintStream output) throws Exception { String name = arguments.get(ArgumentName.NAMESPACE_NAME.toString()); String description = arguments.getOptional(ArgumentName.DESCRIPTION.toString(), null); String principal = arguments.getOptional(ArgumentName.PRINCIPAL.toString(), null); String groupName = arguments.getOptional(ArgumentName.NAMESPACE_GROUP_NAME.toString(), null); String keytabPath = arguments.getOptional(ArgumentName.NAMESPACE_KEYTAB_PATH.toString(), null); String hbaseNamespace = arguments.getOptional(ArgumentName.NAMESPACE_HBASE_NAMESPACE.toString(), null); String hiveDatabase = arguments.getOptional(ArgumentName.NAMESPACE_HIVE_DATABASE.toString(), null); String schedulerQueueName = arguments.getOptional(ArgumentName.NAMESPACE_SCHEDULER_QUEUENAME.toString(), null); String rootDir = arguments.getOptional(ArgumentName.NAMESPACE_ROOT_DIR.toString(), null); String exploreAsPrinc = arguments.getOptional(ArgumentName.NAMESPACE_EXPLORE_AS_PRINCIPAL.toString(), "true"); Boolean exploreAsPrincipal = Boolean.valueOf(exploreAsPrinc); NamespaceMeta.Builder builder = new NamespaceMeta.Builder(); builder.setName(name).setDescription(description).setPrincipal(principal).setGroupName(groupName) .setKeytabURI(keytabPath).setRootDirectory(rootDir).setHBaseNamespace(hbaseNamespace) .setHiveDatabase(hiveDatabase).setSchedulerQueueName(schedulerQueueName) .setExploreAsPrincipal(exploreAsPrincipal); namespaceClient.create(builder.build()); output.println(String.format(SUCCESS_MSG, name)); }