PageRenderTime 37ms CodeModel.GetById 12ms app.highlight 19ms RepoModel.GetById 1ms app.codeStats 0ms

/tags/release-0.0.0-rc0/hive/external/shims/src/test/org/apache/hadoop/hive/thrift/TestHadoop20SAuthBridge.java

#
Java | 195 lines | 143 code | 20 blank | 32 comment | 7 complexity | fcc2963eaefb0fc2a8b9af035ade709a MD5 | raw file
  1/**
  2 * Licensed to the Apache Software Foundation (ASF) under one
  3 * or more contributor license agreements.  See the NOTICE file
  4 * distributed with this work for additional information
  5 * regarding copyright ownership.  The ASF licenses this file
  6 * to you under the Apache License, Version 2.0 (the
  7 * "License"); you may not use this file except in compliance
  8 * with the License.  You may obtain a copy of the License at
  9 *
 10 *     http://www.apache.org/licenses/LICENSE-2.0
 11 *
 12 * Unless required by applicable law or agreed to in writing, software
 13 * distributed under the License is distributed on an "AS IS" BASIS,
 14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 15 * See the License for the specific language governing permissions and
 16 * limitations under the License.
 17 */
 18
 19package org.apache.hadoop.hive.thrift;
 20
 21import java.net.InetSocketAddress;
 22import java.net.Socket;
 23import java.security.PrivilegedExceptionAction;
 24
 25import junit.framework.TestCase;
 26
 27import org.apache.hadoop.fs.Path;
 28import org.apache.hadoop.hive.conf.HiveConf;
 29import org.apache.hadoop.hive.metastore.HiveMetaStore;
 30import org.apache.hadoop.hive.metastore.HiveMetaStoreClient;
 31import org.apache.hadoop.hive.metastore.api.Database;
 32import org.apache.hadoop.hive.metastore.api.MetaException;
 33import org.apache.hadoop.security.SaslRpcServer;
 34import org.apache.hadoop.security.UserGroupInformation;
 35import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
 36import org.apache.hadoop.security.token.Token;
 37import org.apache.thrift.transport.TSaslServerTransport;
 38import org.apache.thrift.transport.TTransportException;
 39import org.apache.thrift.transport.TTransportFactory;
 40
 41public class TestHadoop20SAuthBridge extends TestCase {
 42
 43  private static class MyHadoopThriftAuthBridge20S extends HadoopThriftAuthBridge20S {
 44    @Override
 45    public Server createServer(String keytabFile, String principalConf)
 46    throws TTransportException {
 47      //Create a Server that doesn't interpret any Kerberos stuff
 48      return new Server();
 49    }
 50
 51    static class Server extends HadoopThriftAuthBridge20S.Server {
 52      public Server() throws TTransportException {
 53        super();
 54      }
 55      @Override
 56      public TTransportFactory createTransportFactory()
 57      throws TTransportException {
 58        TSaslServerTransport.Factory transFactory =
 59          new TSaslServerTransport.Factory();
 60        transFactory.addServerDefinition(AuthMethod.DIGEST.getMechanismName(),
 61            null, SaslRpcServer.SASL_DEFAULT_REALM,
 62            SaslRpcServer.SASL_PROPS,
 63            new SaslDigestCallbackHandler(secretManager));
 64
 65        return new TUGIAssumingTransportFactory(transFactory, realUgi);
 66      }
 67    }
 68  }
 69  private static final int port = 10000;
 70
 71  private final HiveConf conf;
 72
 73  public TestHadoop20SAuthBridge(String name) {
 74    super(name);
 75    System.setProperty(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname,
 76        "true");
 77    System.setProperty(HiveConf.ConfVars.METASTOREURIS.varname,
 78        "thrift://localhost:" + port);
 79    System.setProperty(HiveConf.ConfVars.METASTOREWAREHOUSE.varname, new Path(
 80        System.getProperty("test.build.data", "/tmp")).toString());
 81    conf = new HiveConf(TestHadoop20SAuthBridge.class);
 82    conf.setBoolean("hive.metastore.local", false);
 83  }
 84
 85  public void testSaslWithHiveMetaStore() throws Exception {
 86
 87    Thread thread = new Thread(new Runnable() {
 88      public void run() {
 89        try {
 90          HiveMetaStore.startMetaStore(port,new MyHadoopThriftAuthBridge20S());
 91        } catch (Throwable e) {
 92          System.exit(1);
 93        }
 94      }
 95    });
 96    thread.setDaemon(true);
 97    thread.start();
 98    loopUntilHMSReady();
 99    UserGroupInformation clientUgi = UserGroupInformation.getCurrentUser();
100    obtainTokenAndAddIntoUGI(clientUgi, null);
101    obtainTokenAndAddIntoUGI(clientUgi, "tokenForFooTablePartition");
102  }
103
104  private void obtainTokenAndAddIntoUGI(UserGroupInformation clientUgi,
105      String tokenSig) throws Exception {
106    //obtain a token by directly invoking the metastore operation(without going
107    //through the thrift interface). Obtaining a token makes the secret manager
108    //aware of the user and that it gave the token to the user
109    String tokenStrForm;
110    if (tokenSig == null) {
111      tokenStrForm =
112        HiveMetaStore.getDelegationToken(clientUgi.getShortUserName());
113    } else {
114      tokenStrForm =
115        HiveMetaStore.getDelegationToken(clientUgi.getShortUserName(),
116                                         tokenSig);
117      conf.set("hive.metastore.token.signature", tokenSig);
118    }
119
120    Token<DelegationTokenIdentifier> t= new Token<DelegationTokenIdentifier>();
121    t.decodeFromUrlString(tokenStrForm);
122    //add the token to the clientUgi for securely talking to the metastore
123    clientUgi.addToken(t);
124    //Create the metastore client as the clientUgi. Doing so this
125    //way will give the client access to the token that was added earlier
126    //in the clientUgi
127    HiveMetaStoreClient hiveClient =
128      clientUgi.doAs(new PrivilegedExceptionAction<HiveMetaStoreClient>() {
129        public HiveMetaStoreClient run() throws Exception {
130          HiveMetaStoreClient hiveClient =
131            new HiveMetaStoreClient(conf);
132          return hiveClient;
133        }
134      });
135
136    assertTrue("Couldn't connect to metastore", hiveClient != null);
137
138    //try out some metastore operations
139    createDBAndVerifyExistence(hiveClient);
140    hiveClient.close();
141
142    //Now cancel the delegation token
143    HiveMetaStore.cancelDelegationToken(tokenStrForm);
144
145    //now metastore connection should fail
146    hiveClient =
147      clientUgi.doAs(new PrivilegedExceptionAction<HiveMetaStoreClient>() {
148        public HiveMetaStoreClient run() {
149          try {
150            HiveMetaStoreClient hiveClient =
151              new HiveMetaStoreClient(conf);
152            return hiveClient;
153          } catch (MetaException e) {
154            return null;
155          }
156        }
157      });
158    assertTrue("Expected metastore operations to fail", hiveClient == null);
159  }
160
161  /**
162   * A simple connect test to make sure that the metastore is up
163   * @throws Exception
164   */
165  private void loopUntilHMSReady() throws Exception {
166    int retries = 0;
167    Exception exc = null;
168    while (true) {
169      try {
170        Socket socket = new Socket();
171        socket.connect(new InetSocketAddress(port), 5000);
172        socket.close();
173        return;
174      } catch (Exception e) {
175        if (retries++ > 6) { //give up
176          exc = e;
177          break;
178        }
179        Thread.sleep(10000);
180      }
181    }
182    throw exc;
183  }
184
185  private void createDBAndVerifyExistence(HiveMetaStoreClient client)
186  throws Exception {
187    String dbName = "simpdb";
188    Database db = new Database();
189    db.setName(dbName);
190    client.createDatabase(db);
191    Database db1 = client.getDatabase(dbName);
192    client.dropDatabase(dbName);
193    assertTrue("Databases do not match", db1.getName().equals(db.getName()));
194  }
195}