You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by el...@apache.org on 2015/01/23 00:22:35 UTC
[3/3] accumulo git commit: ACCUMULO-3452 Use expected exception in IT.
ACCUMULO-3452 Use expected exception in IT.
Christopher recommended that the ExpectedException JUnit rule
could be used instead of the "expected" argument on the Test annotation
to provide better assertions.
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/7e61f976
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/7e61f976
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/7e61f976
Branch: refs/heads/master
Commit: 7e61f976b96dc7fbd3d43a7275168778f3dc3d2e
Parents: a139e7a
Author: Josh Elser <el...@apache.org>
Authored: Thu Jan 22 14:24:00 2015 -0500
Committer: Josh Elser <el...@apache.org>
Committed: Thu Jan 22 18:22:01 2015 -0500
----------------------------------------------------------------------
.../org/apache/accumulo/proxy/ProxyServer.java | 3 +-
.../test/functional/KerberosProxyIT.java | 49 +++++++++++++++++++-
2 files changed, 49 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/7e61f976/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java
----------------------------------------------------------------------
diff --git a/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java b/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java
index 8499044..7f636d2 100644
--- a/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java
+++ b/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java
@@ -123,6 +123,7 @@ import com.google.common.cache.RemovalNotification;
public class ProxyServer implements AccumuloProxy.Iface {
public static final Logger logger = Logger.getLogger(ProxyServer.class);
+ public static final String RPC_ACCUMULO_PRINCIPAL_MISMATCH_MSG = "RPC principal did not match requested Accumulo principal";
protected Instance instance;
protected Class<? extends AuthenticationToken> tokenClass;
@@ -1542,7 +1543,7 @@ public class ProxyServer implements AccumuloProxy.Iface {
String remoteUser = UGIAssumingProcessor.rpcPrincipal();
if (null == remoteUser || !remoteUser.equals(principal)) {
logger.error("Denying login from user " + remoteUser + " who attempted to log in as " + principal);
- throw new org.apache.accumulo.proxy.thrift.AccumuloSecurityException("RPC principal did not match requested Accumulo principal");
+ throw new org.apache.accumulo.proxy.thrift.AccumuloSecurityException(RPC_ACCUMULO_PRINCIPAL_MISMATCH_MSG);
}
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/7e61f976/test/src/test/java/org/apache/accumulo/test/functional/KerberosProxyIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/KerberosProxyIT.java b/test/src/test/java/org/apache/accumulo/test/functional/KerberosProxyIT.java
index e4c46d6..60d07fa 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/KerberosProxyIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/KerberosProxyIT.java
@@ -42,6 +42,7 @@ import org.apache.accumulo.harness.TestingKdc;
import org.apache.accumulo.minicluster.impl.MiniAccumuloClusterImpl;
import org.apache.accumulo.minicluster.impl.MiniAccumuloConfigImpl;
import org.apache.accumulo.proxy.Proxy;
+import org.apache.accumulo.proxy.ProxyServer;
import org.apache.accumulo.proxy.thrift.AccumuloProxy;
import org.apache.accumulo.proxy.thrift.AccumuloProxy.Client;
import org.apache.accumulo.proxy.thrift.AccumuloSecurityException;
@@ -60,11 +61,15 @@ import org.apache.thrift.protocol.TCompactProtocol;
import org.apache.thrift.transport.TSaslClientTransport;
import org.apache.thrift.transport.TSocket;
import org.apache.thrift.transport.TTransportException;
+import org.hamcrest.Description;
+import org.hamcrest.TypeSafeMatcher;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
+import org.junit.Rule;
import org.junit.Test;
+import org.junit.rules.ExpectedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -74,6 +79,9 @@ import org.slf4j.LoggerFactory;
public class KerberosProxyIT extends AccumuloIT {
private static final Logger log = LoggerFactory.getLogger(KerberosProxyIT.class);
+ @Rule
+ public ExpectedException thrown = ExpectedException.none();
+
private static TestingKdc kdc;
private static String krbEnabledForITs = null;
private static File proxyKeytab;
@@ -284,7 +292,7 @@ public class KerberosProxyIT extends AccumuloIT {
ugiTransport.close();
}
- @Test(expected = AccumuloSecurityException.class)
+ @Test
public void testDisallowedClientForImpersonation() throws Exception {
String user = testName.getMethodName();
File keytab = new File(kdc.getKeytabDir(), user + ".keytab");
@@ -296,6 +304,16 @@ public class KerberosProxyIT extends AccumuloIT {
log.info("Logged in as " + ugi);
+ // Expect an AccumuloSecurityException
+ thrown.expect(AccumuloSecurityException.class);
+ // Error msg would look like:
+ //
+ // org.apache.accumulo.core.client.AccumuloSecurityException: Error BAD_CREDENTIALS for user Principal in credentials object should match kerberos
+ // principal.
+ // Expected 'proxy/hw10447.local@EXAMPLE.COM' but was 'testDisallowedClientForImpersonation@EXAMPLE.COM' - Username or Password is Invalid)
+ thrown.expect(new ThriftExceptionMatchesPattern(".*Error BAD_CREDENTIALS.*"));
+ thrown.expect(new ThriftExceptionMatchesPattern(".*Expected '" + proxyPrincipal + "' but was '" + kdc.qualifyUser(user) + "'.*"));
+
TSocket socket = new TSocket(hostname, proxyPort);
log.info("Connecting to proxy with server primary '" + proxyPrimary + "' running on " + hostname);
@@ -321,8 +339,12 @@ public class KerberosProxyIT extends AccumuloIT {
}
}
- @Test(expected = AccumuloSecurityException.class)
+ @Test
public void testMismatchPrincipals() throws Exception {
+ // Should get an AccumuloSecurityException and the given message
+ thrown.expect(AccumuloSecurityException.class);
+ thrown.expect(new ThriftExceptionMatchesPattern(ProxyServer.RPC_ACCUMULO_PRINCIPAL_MISMATCH_MSG));
+
// Make a new user
String user = testName.getMethodName();
File keytab = new File(kdc.getKeytabDir(), user + ".keytab");
@@ -359,4 +381,27 @@ public class KerberosProxyIT extends AccumuloIT {
}
}
}
+
+ private static class ThriftExceptionMatchesPattern extends TypeSafeMatcher<AccumuloSecurityException> {
+ private String pattern;
+
+ public ThriftExceptionMatchesPattern(String pattern) {
+ this.pattern = pattern;
+ }
+
+ @Override
+ protected boolean matchesSafely(AccumuloSecurityException item) {
+ return item.isSetMsg() && item.msg.matches(pattern);
+ }
+
+ @Override
+ public void describeTo(Description description) {
+ description.appendText("matches pattern ").appendValue(pattern);
+ }
+
+ @Override
+ protected void describeMismatchSafely(AccumuloSecurityException item, Description mismatchDescription) {
+ mismatchDescription.appendText("does not match");
+ }
+ }
}