@BeforeClass
public static void beforeTest() throws Exception {
Class.forName(MiniHS2.getJdbcDriverName());
confOverlay.put(ConfVars.HIVE_SERVER2_SESSION_HOOK.varname, SessionHookTest.class.getName());
HiveConf hiveConf = new HiveConf();
miniHiveKdc = MiniHiveKdc.getMiniHiveKdc(hiveConf);
miniHS2 = MiniHiveKdc.getMiniHS2WithKerb(miniHiveKdc, hiveConf);
miniHS2.start(confOverlay);
}
/**
* * Negative test isValid() method
*
* @throws Exception
*/
@Test
public void testIsValidNeg() throws Exception {
miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());
hs2Conn.close();
assertFalse(hs2Conn.isValid(1000));
}
/**
* Test connection using the proxy user connection property
*
* @throws Exception
*/
@Test
public void testProxyAuth() throws Exception {
miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL(
"default", ";hive.server2.proxy.user=" + MiniHiveKdc.HIVE_TEST_USER_1));
verifyProperty(SESSION_USER_NAME, MiniHiveKdc.HIVE_TEST_USER_1);
}
/**
* * Test token based authentication over kerberos Login as super user and retrieve the token for
* normal user use the token to connect connect as normal user
*
* @throws Exception
*/
@Test
public void testTokenAuth() throws Exception {
miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());
// retrieve token and store in the cache
String token =
((HiveConnection) hs2Conn)
.getDelegationToken(MiniHiveKdc.HIVE_TEST_USER_1, MiniHiveKdc.HIVE_SERVICE_PRINCIPAL);
assertTrue(token != null && !token.isEmpty());
hs2Conn.close();
UserGroupInformation ugi = miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_USER_1);
// Store token in the cache
storeToken(token, ugi);
hs2Conn =
DriverManager.getConnection(miniHS2.getBaseJdbcURL() + "default;auth=delegationToken");
verifyProperty(SESSION_USER_NAME, MiniHiveKdc.HIVE_TEST_USER_1);
}
/**
* * Negative test, verify that connection to secure HS2 fails when required connection attributes
* are not provided
*
* @throws Exception
*/
@Test
public void testConnectionNeg() throws Exception {
miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_USER_1);
try {
String url = miniHS2.getJdbcURL().replaceAll(";principal.*", "");
hs2Conn = DriverManager.getConnection(url);
fail("NON kerberos connection should fail");
} catch (SQLException e) {
// expected error
assertEquals("08S01", e.getSQLState().trim());
}
}
/**
* Test connection using the proxy user connection property. Verify proxy connection fails when
* super user doesn't have privilege to impersonate the given user
*
* @throws Exception
*/
@Test
public void testNegativeProxyAuth() throws Exception {
miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
try {
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL(
"default", ";hive.server2.proxy.user="******" shouldn't be allowed proxy connection for "
+ MiniHiveKdc.HIVE_TEST_USER_2);
} catch (SQLException e) {
// Expected error
e.printStackTrace();
assertTrue(e.getMessage().contains("Failed to validate proxy privilege"));
assertTrue(e.getCause().getCause().getMessage().contains("is not allowed to impersonate"));
}
}
/**
* * Negative test for token based authentication Verify that a user can't retrieve a token for
* user that it's not allowed to impersonate
*
* @throws Exception
*/
@Test
public void testNegativeTokenAuth() throws Exception {
miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());
try {
// retrieve token and store in the cache
String token =
((HiveConnection) hs2Conn)
.getDelegationToken(MiniHiveKdc.HIVE_TEST_USER_2, MiniHiveKdc.HIVE_SERVICE_PRINCIPAL);
fail(
MiniHiveKdc.HIVE_TEST_SUPER_USER
+ " shouldn't be allowed to retrieve token for "
+ MiniHiveKdc.HIVE_TEST_USER_2);
} catch (SQLException e) {
// Expected error
assertTrue(e.getMessage().contains("Error retrieving delegation token for user"));
assertTrue(e.getCause().getCause().getMessage().contains("is not allowed to impersonate"));
} finally {
hs2Conn.close();
}
}
/**
* * Basic connection test
*
* @throws Exception
*/
@Test
public void testConnection() throws Exception {
miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_USER_1);
hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());
verifyProperty(SESSION_USER_NAME, MiniHiveKdc.HIVE_TEST_USER_1);
}
