You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by ro...@apache.org on 2019/03/20 15:59:25 UTC
[hadoop] 04/04: YARN-9299.
TestTimelineReaderWhitelistAuthorizationFilter ignores Http Errors.
Contributed by Prabhu Joseph.
This is an automated email from the ASF dual-hosted git repository.
rohithsharmaks pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git
commit b3b0e332e6d023052d7bf96c7c1f82abab939e03
Author: Rohith Sharma K S <ro...@apache.org>
AuthorDate: Wed Mar 20 21:24:31 2019 +0530
YARN-9299. TestTimelineReaderWhitelistAuthorizationFilter ignores Http Errors. Contributed by Prabhu Joseph.
---
...TimelineReaderWhitelistAuthorizationFilter.java | 58 +++++++++++++++++-----
1 file changed, 46 insertions(+), 12 deletions(-)
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWhitelistAuthorizationFilter.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWhitelistAuthorizationFilter.java
index 9ab9b27..576699d 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWhitelistAuthorizationFilter.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWhitelistAuthorizationFilter.java
@@ -21,6 +21,8 @@ package org.apache.hadoop.yarn.server.timelineservice.reader;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
import java.io.IOException;
import java.security.Principal;
@@ -93,15 +95,19 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
FilterConfig fc = new DummyFilterConfig(map);
f.init(fc);
HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class);
+ String userName = "user1";
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
@Override
public String getName() {
- return "user1";
+ return userName;
}
});
HttpServletResponse r = Mockito.mock(HttpServletResponse.class);
f.doFilter(mockHsr, r, null);
+ String msg = "User " + userName
+ + " is not allowed to read TimelineService V2 data.";
+ verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
}
@Test
@@ -143,15 +149,16 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
FilterConfig fc = new DummyFilterConfig(map);
f.init(fc);
HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class);
+ String userName = "user1";
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
@Override
public String getName() {
- return "user1";
+ return userName;
}
});
HttpServletResponse r = Mockito.mock(HttpServletResponse.class);
UserGroupInformation user1 =
- UserGroupInformation.createUserForTesting("user1", GROUP_NAMES);
+ UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
user1.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
@@ -159,6 +166,9 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
return null;
}
});
+ String msg = "User " + userName
+ + " is not allowed to read TimelineService V2 data.";
+ verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
}
@Test
@@ -210,15 +220,16 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
FilterConfig fc = new DummyFilterConfig(map);
f.init(fc);
HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class);
+ String userName = "user90";
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
@Override
public String getName() {
- return "user90";
+ return userName;
}
});
HttpServletResponse r = Mockito.mock(HttpServletResponse.class);
UserGroupInformation user1 =
- UserGroupInformation.createUserForTesting("user90", GROUP_NAMES);
+ UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
user1.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
@@ -226,6 +237,9 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
return null;
}
});
+ String msg = "User " + userName
+ + " is not allowed to read TimelineService V2 data.";
+ verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
}
@Test
@@ -240,15 +254,16 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
FilterConfig fc = new DummyFilterConfig(map);
f.init(fc);
HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class);
+ String userName = "user90";
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
@Override
public String getName() {
- return "user90";
+ return userName;
}
});
HttpServletResponse r = Mockito.mock(HttpServletResponse.class);
UserGroupInformation user1 =
- UserGroupInformation.createUserForTesting("user90", GROUP_NAMES);
+ UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
user1.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
@@ -256,6 +271,9 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
return null;
}
});
+ String msg = "User " + userName
+ + " is not allowed to read TimelineService V2 data.";
+ verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
}
@Test
@@ -303,15 +321,16 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
FilterConfig fc = new DummyFilterConfig(map);
f.init(fc);
HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class);
+ String userName = "user437";
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
@Override
public String getName() {
- return "user437";
+ return userName;
}
});
HttpServletResponse r = Mockito.mock(HttpServletResponse.class);
UserGroupInformation user1 =
- UserGroupInformation.createUserForTesting("user437", GROUP_NAMES);
+ UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
user1.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
@@ -319,6 +338,9 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
return null;
}
});
+ String msg = "User " + userName
+ + " is not allowed to read TimelineService V2 data.";
+ verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
}
@Test
@@ -336,6 +358,7 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
f.init(fc);
HttpServletRequest mockHsr = mock(HttpServletRequest.class);
+ String userName = "user37";
when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
@Override
public String getName() {
@@ -348,7 +371,7 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
// both username and group name are not part of admin and
// read allowed users
// but read auth is turned off
- UserGroupInformation.createUserForTesting("user37", GROUP_NAMES);
+ UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
user1.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
@@ -356,8 +379,12 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
return null;
}
});
+ String msg = "User " + userName
+ + " is not allowed to read TimelineService V2 data.";
+ verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
// test with username in read allowed users
+ userName = "user27";
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
@Override
public String getName() {
@@ -366,7 +393,7 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
});
HttpServletResponse r2 = Mockito.mock(HttpServletResponse.class);
UserGroupInformation user2 =
- UserGroupInformation.createUserForTesting("user27", GROUP_NAMES);
+ UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
user2.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
@@ -374,8 +401,12 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
return null;
}
});
+ msg = "User " + userName
+ + " is not allowed to read TimelineService V2 data.";
+ verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
// test with username in admin users
+ userName = "user2";
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
@Override
public String getName() {
@@ -384,7 +415,7 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
});
HttpServletResponse r3 = Mockito.mock(HttpServletResponse.class);
UserGroupInformation user3 =
- UserGroupInformation.createUserForTesting("user2", GROUP_NAMES);
+ UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
user3.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
@@ -392,5 +423,8 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
return null;
}
});
+ msg = "User " + userName
+ + " is not allowed to read TimelineService V2 data.";
+ verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org