source: proiecte/HadoopJUnit/hadoop-0.20.1/src/test/org/apache/hadoop/security/TestPermission.java @ 120

Last change on this file since 120 was 120, checked in by (none), 14 years ago

Added the mail files for the Hadoop JUNit Project
  • Property svn:executable set to *
File size: 7.8 KB
Line 
1/**
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements.  See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership.  The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License.  You may obtain a copy of the License at
9 *
10 *     http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 */
18package org.apache.hadoop.security;
19
20import java.io.IOException;
21import java.util.Random;
22
23import org.apache.commons.logging.Log;
24import org.apache.commons.logging.LogFactory;
25import org.apache.commons.logging.impl.Log4JLogger;
26import org.apache.hadoop.conf.Configuration;
27import org.apache.hadoop.hdfs.MiniDFSCluster;
28import org.apache.hadoop.fs.*;
29import org.apache.hadoop.fs.permission.*;
30import org.apache.hadoop.util.StringUtils;
31import org.apache.log4j.Level;
32
33import junit.framework.TestCase;
34
35/** Unit tests for permission */
36public class TestPermission extends TestCase {
37  public static final Log LOG = LogFactory.getLog(TestPermission.class);
38
39  {
40    ((Log4JLogger)UserGroupInformation.LOG).getLogger().setLevel(Level.ALL);
41  }
42
43  final private static Path ROOT_PATH = new Path("/data");
44  final private static Path CHILD_DIR1 = new Path(ROOT_PATH, "child1");
45  final private static Path CHILD_DIR2 = new Path(ROOT_PATH, "child2");
46  final private static Path CHILD_FILE1 = new Path(ROOT_PATH, "file1");
47  final private static Path CHILD_FILE2 = new Path(ROOT_PATH, "file2");
48
49  final private static int FILE_LEN = 100;
50  final private static Random RAN = new Random();
51  final private static String USER_NAME = "user" + RAN.nextInt();
52  final private static String[] GROUP_NAMES = {"group1", "group2"};
53
54  static FsPermission checkPermission(FileSystem fs,
55      String path, FsPermission expected) throws IOException {
56    FileStatus s = fs.getFileStatus(new Path(path));
57    LOG.info(s.getPath() + ": " + s.isDir() + " " + s.getPermission()
58        + ":" + s.getOwner() + ":" + s.getGroup());
59    if (expected != null) {
60      assertEquals(expected, s.getPermission());
61      assertEquals(expected.toShort(), s.getPermission().toShort());
62    }
63    return s.getPermission();
64  }
65
66  public void testCreate() throws Exception {
67    Configuration conf = new Configuration();
68    conf.setBoolean("dfs.permissions", true);
69    conf.setInt(FsPermission.UMASK_LABEL, 0);
70    MiniDFSCluster cluster = null;
71    FileSystem fs = null;
72
73    try {
74      cluster = new MiniDFSCluster(conf, 3, true, null);
75      cluster.waitActive();
76      fs = FileSystem.get(conf);
77      FsPermission rootPerm = checkPermission(fs, "/", null);
78      FsPermission inheritPerm = FsPermission.createImmutable(
79          (short)(rootPerm.toShort() | 0300));
80
81      FsPermission dirPerm = new FsPermission((short)0777);
82      fs.mkdirs(new Path("/a1/a2/a3"), dirPerm);
83      checkPermission(fs, "/a1", inheritPerm);
84      checkPermission(fs, "/a1/a2", inheritPerm);
85      checkPermission(fs, "/a1/a2/a3", dirPerm);
86
87      FsPermission filePerm = new FsPermission((short)0444);
88      FSDataOutputStream out = fs.create(new Path("/b1/b2/b3.txt"), filePerm,
89          true, conf.getInt("io.file.buffer.size", 4096),
90          fs.getDefaultReplication(), fs.getDefaultBlockSize(), null);
91      out.write(123);
92      out.close();
93      checkPermission(fs, "/b1", inheritPerm);
94      checkPermission(fs, "/b1/b2", inheritPerm);
95      checkPermission(fs, "/b1/b2/b3.txt", filePerm);
96     
97      conf.setInt(FsPermission.UMASK_LABEL, 0022);
98      FsPermission permission = 
99        FsPermission.createImmutable((short)0666);
100      FileSystem.mkdirs(fs, new Path("/c1"), new FsPermission(permission));
101      FileSystem.create(fs, new Path("/c1/c2.txt"),
102          new FsPermission(permission));
103      checkPermission(fs, "/c1", permission);
104      checkPermission(fs, "/c1/c2.txt", permission);
105    } finally {
106      try {
107        if(fs != null) fs.close();
108      } catch(Exception e) {
109        LOG.error(StringUtils.stringifyException(e));
110      }
111      try {
112        if(cluster != null) cluster.shutdown();
113      } catch(Exception e) {
114        LOG.error(StringUtils.stringifyException(e));
115      }
116    }
117  }
118
119  public void testFilePermision() throws Exception {
120    Configuration conf = new Configuration();
121    conf.setBoolean("dfs.permissions", true);
122    MiniDFSCluster cluster = new MiniDFSCluster(conf, 3, true, null);
123    cluster.waitActive();
124
125    try {
126      FileSystem nnfs = FileSystem.get(conf);
127      // test permissions on files that do not exist
128      assertFalse(nnfs.exists(CHILD_FILE1));
129      try {
130        nnfs.setOwner(CHILD_FILE1, "foo", "bar");
131        assertTrue(false);
132      }
133      catch(java.io.FileNotFoundException e) {
134        LOG.info("GOOD: got " + e);
135      }
136      try {
137        nnfs.setPermission(CHILD_FILE1, new FsPermission((short)0777));
138        assertTrue(false);
139      }
140      catch(java.io.FileNotFoundException e) {
141        LOG.info("GOOD: got " + e);
142      }
143      // following dir/file creations are legal
144      nnfs.mkdirs(CHILD_DIR1);
145      FSDataOutputStream out = nnfs.create(CHILD_FILE1);
146      byte data[] = new byte[FILE_LEN];
147      RAN.nextBytes(data);
148      out.write(data);
149      out.close();
150      nnfs.setPermission(CHILD_FILE1, new FsPermission((short)0700));
151
152      // following read is legal
153      byte dataIn[] = new byte[FILE_LEN];
154      FSDataInputStream fin = nnfs.open(CHILD_FILE1);
155      int bytesRead = fin.read(dataIn);
156      assertTrue(bytesRead == FILE_LEN);
157      for(int i=0; i<FILE_LEN; i++) {
158        assertEquals(data[i], dataIn[i]);
159      }
160
161      ////////////////////////////////////////////////////////////////
162      // test illegal file/dir creation
163      UnixUserGroupInformation userGroupInfo = new UnixUserGroupInformation(
164          USER_NAME, GROUP_NAMES );
165      UnixUserGroupInformation.saveToConf(conf,
166          UnixUserGroupInformation.UGI_PROPERTY_NAME, userGroupInfo);
167      FileSystem userfs = FileSystem.get(conf);
168
169      // make sure mkdir of a existing directory that is not owned by
170      // this user does not throw an exception.
171      userfs.mkdirs(CHILD_DIR1);
172     
173      // illegal mkdir
174      assertTrue(!canMkdirs(userfs, CHILD_DIR2));
175
176      // illegal file creation
177      assertTrue(!canCreate(userfs, CHILD_FILE2));
178
179      // illegal file open
180      assertTrue(!canOpen(userfs, CHILD_FILE1));
181
182      nnfs.setPermission(ROOT_PATH, new FsPermission((short)0755));
183      nnfs.setPermission(CHILD_DIR1, new FsPermission((short)0777));
184      nnfs.setPermission(new Path("/"), new FsPermission((short)0777));
185      final Path RENAME_PATH = new Path("/foo/bar");
186      userfs.mkdirs(RENAME_PATH);
187      assertTrue(canRename(userfs, RENAME_PATH, CHILD_DIR1));
188    } finally {
189      if(cluster != null) cluster.shutdown();
190    }
191  }
192
193  static boolean canMkdirs(FileSystem fs, Path p) throws IOException {
194    try {
195      fs.mkdirs(p);
196      return true;
197    } catch(AccessControlException e) {
198      return false;
199    }
200  }
201
202  static boolean canCreate(FileSystem fs, Path p) throws IOException {
203    try {
204      fs.create(p);
205      return true;
206    } catch(AccessControlException e) {
207      return false;
208    }
209  }
210
211  static boolean canOpen(FileSystem fs, Path p) throws IOException {
212    try {
213      fs.open(p);
214      return true;
215    } catch(AccessControlException e) {
216      return false;
217    }
218  }
219
220  static boolean canRename(FileSystem fs, Path src, Path dst
221      ) throws IOException {
222    try {
223      fs.rename(src, dst);
224      return true;
225    } catch(AccessControlException e) {
226      return false;
227    }
228  }
229}
Note: See TracBrowser for help on using the repository browser.