|
|
@@ -21,6 +21,8 @@ package org.apache.hadoop.yarn.server.timelineservice.reader;
|
|
|
import static org.mockito.ArgumentMatchers.eq;
|
|
|
import static org.mockito.Mockito.mock;
|
|
|
import static org.mockito.Mockito.when;
|
|
|
+import static org.mockito.Mockito.times;
|
|
|
+import static org.mockito.Mockito.verify;
|
|
|
|
|
|
import java.io.IOException;
|
|
|
import java.security.Principal;
|
|
|
@@ -93,15 +95,19 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
|
|
|
FilterConfig fc = new DummyFilterConfig(map);
|
|
|
f.init(fc);
|
|
|
HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class);
|
|
|
+ String userName = "user1";
|
|
|
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
|
|
|
@Override
|
|
|
public String getName() {
|
|
|
- return "user1";
|
|
|
+ return userName;
|
|
|
}
|
|
|
});
|
|
|
|
|
|
HttpServletResponse r = Mockito.mock(HttpServletResponse.class);
|
|
|
f.doFilter(mockHsr, r, null);
|
|
|
+ String msg = "User " + userName
|
|
|
+ + " is not allowed to read TimelineService V2 data.";
|
|
|
+ verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
|
|
|
}
|
|
|
|
|
|
@Test
|
|
|
@@ -143,15 +149,16 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
|
|
|
FilterConfig fc = new DummyFilterConfig(map);
|
|
|
f.init(fc);
|
|
|
HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class);
|
|
|
+ String userName = "user1";
|
|
|
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
|
|
|
@Override
|
|
|
public String getName() {
|
|
|
- return "user1";
|
|
|
+ return userName;
|
|
|
}
|
|
|
});
|
|
|
HttpServletResponse r = Mockito.mock(HttpServletResponse.class);
|
|
|
UserGroupInformation user1 =
|
|
|
- UserGroupInformation.createUserForTesting("user1", GROUP_NAMES);
|
|
|
+ UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
|
|
|
user1.doAs(new PrivilegedExceptionAction<Object>() {
|
|
|
@Override
|
|
|
public Object run() throws Exception {
|
|
|
@@ -159,6 +166,9 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
|
|
|
return null;
|
|
|
}
|
|
|
});
|
|
|
+ String msg = "User " + userName
|
|
|
+ + " is not allowed to read TimelineService V2 data.";
|
|
|
+ verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
|
|
|
}
|
|
|
|
|
|
@Test
|
|
|
@@ -210,15 +220,16 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
|
|
|
FilterConfig fc = new DummyFilterConfig(map);
|
|
|
f.init(fc);
|
|
|
HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class);
|
|
|
+ String userName = "user90";
|
|
|
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
|
|
|
@Override
|
|
|
public String getName() {
|
|
|
- return "user90";
|
|
|
+ return userName;
|
|
|
}
|
|
|
});
|
|
|
HttpServletResponse r = Mockito.mock(HttpServletResponse.class);
|
|
|
UserGroupInformation user1 =
|
|
|
- UserGroupInformation.createUserForTesting("user90", GROUP_NAMES);
|
|
|
+ UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
|
|
|
user1.doAs(new PrivilegedExceptionAction<Object>() {
|
|
|
@Override
|
|
|
public Object run() throws Exception {
|
|
|
@@ -226,6 +237,9 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
|
|
|
return null;
|
|
|
}
|
|
|
});
|
|
|
+ String msg = "User " + userName
|
|
|
+ + " is not allowed to read TimelineService V2 data.";
|
|
|
+ verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
|
|
|
}
|
|
|
|
|
|
@Test
|
|
|
@@ -240,15 +254,16 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
|
|
|
FilterConfig fc = new DummyFilterConfig(map);
|
|
|
f.init(fc);
|
|
|
HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class);
|
|
|
+ String userName = "user90";
|
|
|
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
|
|
|
@Override
|
|
|
public String getName() {
|
|
|
- return "user90";
|
|
|
+ return userName;
|
|
|
}
|
|
|
});
|
|
|
HttpServletResponse r = Mockito.mock(HttpServletResponse.class);
|
|
|
UserGroupInformation user1 =
|
|
|
- UserGroupInformation.createUserForTesting("user90", GROUP_NAMES);
|
|
|
+ UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
|
|
|
user1.doAs(new PrivilegedExceptionAction<Object>() {
|
|
|
@Override
|
|
|
public Object run() throws Exception {
|
|
|
@@ -256,6 +271,9 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
|
|
|
return null;
|
|
|
}
|
|
|
});
|
|
|
+ String msg = "User " + userName
|
|
|
+ + " is not allowed to read TimelineService V2 data.";
|
|
|
+ verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
|
|
|
}
|
|
|
|
|
|
@Test
|
|
|
@@ -303,15 +321,16 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
|
|
|
FilterConfig fc = new DummyFilterConfig(map);
|
|
|
f.init(fc);
|
|
|
HttpServletRequest mockHsr = Mockito.mock(HttpServletRequest.class);
|
|
|
+ String userName = "user437";
|
|
|
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
|
|
|
@Override
|
|
|
public String getName() {
|
|
|
- return "user437";
|
|
|
+ return userName;
|
|
|
}
|
|
|
});
|
|
|
HttpServletResponse r = Mockito.mock(HttpServletResponse.class);
|
|
|
UserGroupInformation user1 =
|
|
|
- UserGroupInformation.createUserForTesting("user437", GROUP_NAMES);
|
|
|
+ UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
|
|
|
user1.doAs(new PrivilegedExceptionAction<Object>() {
|
|
|
@Override
|
|
|
public Object run() throws Exception {
|
|
|
@@ -319,6 +338,9 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
|
|
|
return null;
|
|
|
}
|
|
|
});
|
|
|
+ String msg = "User " + userName
|
|
|
+ + " is not allowed to read TimelineService V2 data.";
|
|
|
+ verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
|
|
|
}
|
|
|
|
|
|
@Test
|
|
|
@@ -336,6 +358,7 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
|
|
|
f.init(fc);
|
|
|
|
|
|
HttpServletRequest mockHsr = mock(HttpServletRequest.class);
|
|
|
+ String userName = "user37";
|
|
|
when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
|
|
|
@Override
|
|
|
public String getName() {
|
|
|
@@ -348,7 +371,7 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
|
|
|
// both username and group name are not part of admin and
|
|
|
// read allowed users
|
|
|
// but read auth is turned off
|
|
|
- UserGroupInformation.createUserForTesting("user37", GROUP_NAMES);
|
|
|
+ UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
|
|
|
user1.doAs(new PrivilegedExceptionAction<Object>() {
|
|
|
@Override
|
|
|
public Object run() throws Exception {
|
|
|
@@ -356,8 +379,12 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
|
|
|
return null;
|
|
|
}
|
|
|
});
|
|
|
+ String msg = "User " + userName
|
|
|
+ + " is not allowed to read TimelineService V2 data.";
|
|
|
+ verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
|
|
|
|
|
|
// test with username in read allowed users
|
|
|
+ userName = "user27";
|
|
|
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
|
|
|
@Override
|
|
|
public String getName() {
|
|
|
@@ -366,7 +393,7 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
|
|
|
});
|
|
|
HttpServletResponse r2 = Mockito.mock(HttpServletResponse.class);
|
|
|
UserGroupInformation user2 =
|
|
|
- UserGroupInformation.createUserForTesting("user27", GROUP_NAMES);
|
|
|
+ UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
|
|
|
user2.doAs(new PrivilegedExceptionAction<Object>() {
|
|
|
@Override
|
|
|
public Object run() throws Exception {
|
|
|
@@ -374,8 +401,12 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
|
|
|
return null;
|
|
|
}
|
|
|
});
|
|
|
+ msg = "User " + userName
|
|
|
+ + " is not allowed to read TimelineService V2 data.";
|
|
|
+ verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
|
|
|
|
|
|
// test with username in admin users
|
|
|
+ userName = "user2";
|
|
|
Mockito.when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
|
|
|
@Override
|
|
|
public String getName() {
|
|
|
@@ -384,7 +415,7 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
|
|
|
});
|
|
|
HttpServletResponse r3 = Mockito.mock(HttpServletResponse.class);
|
|
|
UserGroupInformation user3 =
|
|
|
- UserGroupInformation.createUserForTesting("user2", GROUP_NAMES);
|
|
|
+ UserGroupInformation.createUserForTesting(userName, GROUP_NAMES);
|
|
|
user3.doAs(new PrivilegedExceptionAction<Object>() {
|
|
|
@Override
|
|
|
public Object run() throws Exception {
|
|
|
@@ -392,5 +423,8 @@ public class TestTimelineReaderWhitelistAuthorizationFilter {
|
|
|
return null;
|
|
|
}
|
|
|
});
|
|
|
+ msg = "User " + userName
|
|
|
+ + " is not allowed to read TimelineService V2 data.";
|
|
|
+ verify(r, times(0)).sendError(HttpServletResponse.SC_FORBIDDEN, msg);
|
|
|
}
|
|
|
}
|
Rohith Sharma K S