@Test public void testRefreshSuperUserGroupsConfiguration() throws Exception { final String SUPER_USER = "******"; final String[] GROUP_NAMES1 = new String[] {"gr1", "gr2"}; final String[] GROUP_NAMES2 = new String[] {"gr3", "gr4"}; // keys in conf String userKeyGroups = ProxyUsers.getProxySuperuserGroupConfKey(SUPER_USER); String userKeyHosts = ProxyUsers.getProxySuperuserIpConfKey(SUPER_USER); config.set(userKeyGroups, "gr3,gr4,gr5"); // superuser can proxy for this group config.set(userKeyHosts, "127.0.0.1"); ProxyUsers.refreshSuperUserGroupsConfiguration(config); UserGroupInformation ugi1 = mock(UserGroupInformation.class); UserGroupInformation ugi2 = mock(UserGroupInformation.class); UserGroupInformation suUgi = mock(UserGroupInformation.class); when(ugi1.getRealUser()).thenReturn(suUgi); when(ugi2.getRealUser()).thenReturn(suUgi); when(suUgi.getShortUserName()).thenReturn(SUPER_USER); // super user when(suUgi.getUserName()).thenReturn(SUPER_USER + "L"); // super user when(ugi1.getShortUserName()).thenReturn("user1"); when(ugi2.getShortUserName()).thenReturn("user2"); when(ugi1.getUserName()).thenReturn("userL1"); when(ugi2.getUserName()).thenReturn("userL2"); // set groups for users when(ugi1.getGroupNames()).thenReturn(GROUP_NAMES1); when(ugi2.getGroupNames()).thenReturn(GROUP_NAMES2); // check before try { ProxyUsers.authorize(ugi1, "127.0.0.1", config); fail("first auth for " + ugi1.getShortUserName() + " should've failed "); } catch (AuthorizationException e) { // expected System.err.println("auth for " + ugi1.getUserName() + " failed"); } try { ProxyUsers.authorize(ugi2, "127.0.0.1", config); System.err.println("auth for " + ugi2.getUserName() + " succeeded"); // expected } catch (AuthorizationException e) { fail( "first auth for " + ugi2.getShortUserName() + " should've succeeded: " + e.getLocalizedMessage()); } // refresh will look at configuration on the server side // add additional resource with the new value // so the server side will pick it up String rsrc = "testGroupMappingRefresh_rsrc.xml"; addNewConfigResource(rsrc, userKeyGroups, "gr2", userKeyHosts, "127.0.0.1"); DFSAdmin admin = new DFSAdmin(config); String[] args = new String[] {"-refreshSuperUserGroupsConfiguration"}; // NameNode nn = cluster.getNameNode(); // Configuration conf = new Configuration(config); // conf.set(userKeyGroups, "gr2"); // superuser can proxy for this group // admin.setConf(conf); admin.run(args); try { ProxyUsers.authorize(ugi2, "127.0.0.1", config); fail("second auth for " + ugi2.getShortUserName() + " should've failed "); } catch (AuthorizationException e) { // expected System.err.println("auth for " + ugi2.getUserName() + " failed"); } try { ProxyUsers.authorize(ugi1, "127.0.0.1", config); System.err.println("auth for " + ugi1.getUserName() + " succeeded"); // expected } catch (AuthorizationException e) { fail( "second auth for " + ugi1.getShortUserName() + " should've succeeded: " + e.getLocalizedMessage()); } }