String nsKeytabURI = "some/path"; NamespaceMeta impNsMeta = new NamespaceMeta.Builder().setName(NAME).setPrincipal(nsPrincipal).setKeytabURI(nsKeytabURI).build(); HttpResponse response = createNamespace(GSON.toJson(impNsMeta), impNsMeta.getName()); assertResponseCode(200, response);
private void testDeployAppWithoutOwner() throws Exception { NamespaceId namespaceId = new NamespaceId("namespaceImpersonation"); // We will create a namespace as owner bob, the keytab url is provided to pass the check for DefaultNamespaceAdmin // in unit test, it is useless, since impersonation will never happen NamespaceMeta ownerNSMeta = new NamespaceMeta.Builder().setName(namespaceId.getNamespace()) .setPrincipal(BOB.getName()).setKeytabURI("/tmp/").build(); KerberosPrincipalId bobPrincipalId = new KerberosPrincipalId(BOB.getName()); // grant alice admin to the namespace, but creation should still fail since alice needs to have privilege on // principal bob grantAndAssertSuccess(namespaceId, ALICE, EnumSet.of(Action.ADMIN)); cleanUpEntities.add(namespaceId); try { getNamespaceAdmin().create(ownerNSMeta); Assert.fail("Namespace creation should fail since alice does not have privilege on principal bob"); } catch (UnauthorizedException e) { // expected } // grant alice admin on principal bob, now creation of namespace should work grantAndAssertSuccess(bobPrincipalId, ALICE, EnumSet.of(Action.ADMIN)); cleanUpEntities.add(bobPrincipalId); getNamespaceAdmin().create(ownerNSMeta); // deploy dummy app with ns impersonation deployDummyAppWithImpersonation(ownerNSMeta, null); }
String nsKeytabURI = "some/path"; NamespaceMeta impNsMeta = new NamespaceMeta.Builder().setName("impNs").setPrincipal(nsPrincipal).setKeytabURI(nsKeytabURI).build(); createNamespace(GSON.toJson(impNsMeta), impNsMeta.getName());
new NamespaceMeta.Builder(nsMeta).setPrincipal("newPrincipal").build()); Assert.fail(); } catch (BadRequestException e) {
NamespaceMeta namespaceMeta = new NamespaceMeta.Builder().setName("test_ns").setPrincipal("somePrincipal").build(); try { namespaceAdmin.create(namespaceMeta); namespaceMeta = new NamespaceMeta.Builder().setName("test_ns").setPrincipal("somePrincipal") .setExploreAsPrincipal(false).build(); try {
namespaceClient.create(new NamespaceMeta.Builder().setName(namespaceId).setPrincipal( eveKerberosPrincipalId.getPrincipal()).setKeytabURI(eveKeytabFile.getAbsolutePath()).build());
@Test public void testGetAppAuthorizingUse() throws Exception { OwnerAdmin ownerAdmin = getOwnerAdmin(); // test with complete principal (alice/somehost.net@somerealm.net) String principal = username + "/" + InetAddress.getLocalHost().getHostName() + "@REALM.net"; NamespaceMeta nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal) .setKeytabURI("doesnotmatter").build(); namespaceClient.create(nsMeta); Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null)); // test with principal which is just username (alice) namespaceClient.delete(namespaceId); principal = username; nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal) .setKeytabURI("doesnotmatter").build(); namespaceClient.create(nsMeta); Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null)); // test with principal and realm (alice@somerealm.net) namespaceClient.delete(namespaceId); principal = username + "@REALM.net"; nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal) .setKeytabURI("doesnotmatter").build(); namespaceClient.create(nsMeta); Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null)); // clean up namespaceClient.delete(namespaceId); }
@Test public void testUpdateExistingKeytab() throws Exception { String namespace = "updateNamespace"; NamespaceId namespaceId = new NamespaceId(namespace); NamespaceMeta nsMeta = new NamespaceMeta.Builder().setName(namespaceId) .setPrincipal("alice").setKeytabURI("/alice/keytab").build(); namespaceAdmin.create(nsMeta); Assert.assertTrue(namespaceAdmin.exists(namespaceId)); // update the keytab URI String newKeytab = "/alice/new_keytab"; NamespaceMeta newKeytabMeta = new NamespaceMeta.Builder(nsMeta).setKeytabURI(newKeytab).build(); namespaceAdmin.updateProperties(nsMeta.getNamespaceId(), newKeytabMeta); // assert the keytab URI is updated and the version remains 0 Assert.assertEquals(newKeytab, namespaceAdmin.get(namespaceId).getConfig().getKeytabURIWithoutVersion()); Assert.assertEquals(0, namespaceAdmin.get(namespaceId).getConfig().getKeytabURIVersion()); // update the namespace with the same keytab URI namespaceAdmin.updateProperties(nsMeta.getNamespaceId(), newKeytabMeta); // assert the keytab URI without version remains the same and the version is incremented to 1 Assert.assertEquals(newKeytab, namespaceAdmin.get(namespaceId).getConfig().getKeytabURIWithoutVersion()); Assert.assertEquals(1, namespaceAdmin.get(namespaceId).getConfig().getKeytabURIVersion()); //clean up namespaceAdmin.delete(namespaceId); }
@Override public void perform(Arguments arguments, PrintStream output) throws Exception { String name = arguments.get(ArgumentName.NAMESPACE_NAME.toString()); String description = arguments.getOptional(ArgumentName.DESCRIPTION.toString(), null); String principal = arguments.getOptional(ArgumentName.PRINCIPAL.toString(), null); String groupName = arguments.getOptional(ArgumentName.NAMESPACE_GROUP_NAME.toString(), null); String keytabPath = arguments.getOptional(ArgumentName.NAMESPACE_KEYTAB_PATH.toString(), null); String hbaseNamespace = arguments.getOptional(ArgumentName.NAMESPACE_HBASE_NAMESPACE.toString(), null); String hiveDatabase = arguments.getOptional(ArgumentName.NAMESPACE_HIVE_DATABASE.toString(), null); String schedulerQueueName = arguments.getOptional(ArgumentName.NAMESPACE_SCHEDULER_QUEUENAME.toString(), null); String rootDir = arguments.getOptional(ArgumentName.NAMESPACE_ROOT_DIR.toString(), null); String exploreAsPrinc = arguments.getOptional(ArgumentName.NAMESPACE_EXPLORE_AS_PRINCIPAL.toString(), "true"); Boolean exploreAsPrincipal = Boolean.valueOf(exploreAsPrinc); NamespaceMeta.Builder builder = new NamespaceMeta.Builder(); builder.setName(name).setDescription(description).setPrincipal(principal).setGroupName(groupName) .setKeytabURI(keytabPath).setRootDirectory(rootDir).setHBaseNamespace(hbaseNamespace) .setHiveDatabase(hiveDatabase).setSchedulerQueueName(schedulerQueueName) .setExploreAsPrincipal(exploreAsPrincipal); namespaceClient.create(builder.build()); output.println(String.format(SUCCESS_MSG, name)); }
@Override public void perform(Arguments arguments, PrintStream output) throws Exception { String name = arguments.get(ArgumentName.NAMESPACE_NAME.toString()); String description = arguments.getOptional(ArgumentName.DESCRIPTION.toString(), null); String principal = arguments.getOptional(ArgumentName.PRINCIPAL.toString(), null); String groupName = arguments.getOptional(ArgumentName.NAMESPACE_GROUP_NAME.toString(), null); String keytabPath = arguments.getOptional(ArgumentName.NAMESPACE_KEYTAB_PATH.toString(), null); String hbaseNamespace = arguments.getOptional(ArgumentName.NAMESPACE_HBASE_NAMESPACE.toString(), null); String hiveDatabase = arguments.getOptional(ArgumentName.NAMESPACE_HIVE_DATABASE.toString(), null); String schedulerQueueName = arguments.getOptional(ArgumentName.NAMESPACE_SCHEDULER_QUEUENAME.toString(), null); String rootDir = arguments.getOptional(ArgumentName.NAMESPACE_ROOT_DIR.toString(), null); String exploreAsPrinc = arguments.getOptional(ArgumentName.NAMESPACE_EXPLORE_AS_PRINCIPAL.toString(), "true"); Boolean exploreAsPrincipal = Boolean.valueOf(exploreAsPrinc); NamespaceMeta.Builder builder = new NamespaceMeta.Builder(); builder.setName(name).setDescription(description).setPrincipal(principal).setGroupName(groupName) .setKeytabURI(keytabPath).setRootDirectory(rootDir).setHBaseNamespace(hbaseNamespace) .setHiveDatabase(hiveDatabase).setSchedulerQueueName(schedulerQueueName) .setExploreAsPrincipal(exploreAsPrincipal); namespaceClient.create(builder.build()); output.println(String.format(SUCCESS_MSG, name)); }