From d0e34963e31c3e783ba31fd88e9437e63fddee5f Mon Sep 17 00:00:00 2001 From: James Turton Date: Tue, 15 Aug 2023 12:11:27 +0200 Subject: [PATCH] Try to provide a keytab. --- .../drill/exec/impersonation/BaseTestImpersonation.java | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/exec/java-exec/src/test/java/org/apache/drill/exec/impersonation/BaseTestImpersonation.java b/exec/java-exec/src/test/java/org/apache/drill/exec/impersonation/BaseTestImpersonation.java index f1d471d09e6..e60943825df 100644 --- a/exec/java-exec/src/test/java/org/apache/drill/exec/impersonation/BaseTestImpersonation.java +++ b/exec/java-exec/src/test/java/org/apache/drill/exec/impersonation/BaseTestImpersonation.java @@ -21,11 +21,13 @@ import org.apache.drill.common.config.DrillConfig; import org.apache.drill.exec.ExecConstants; import org.apache.drill.exec.dotdrill.DotDrillType; +import org.apache.drill.exec.rpc.security.KerberosHelper; import org.apache.drill.exec.store.StoragePluginRegistry; import org.apache.drill.exec.store.dfs.FileSystemConfig; import org.apache.drill.exec.store.dfs.WorkspaceConfig; import org.apache.drill.shaded.guava.com.google.common.base.Preconditions; import org.apache.drill.shaded.guava.com.google.common.base.Strings; +import org.apache.drill.test.BaseDirTestWatcher; import org.apache.drill.test.ClientFixture; import org.apache.drill.test.ClusterFixture; import org.apache.drill.test.ClusterFixtureBuilder; @@ -45,6 +47,7 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; +import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY; public class BaseTestImpersonation extends ClusterTest { protected static final String MINI_DFS_STORAGE_PLUGIN_NAME = "mini_dfs_plugin"; @@ -54,6 +57,7 @@ public class BaseTestImpersonation extends ClusterTest { protected static Configuration dfsConf; protected static FileSystem fs; protected static File miniDfsStoragePath; + private static KerberosHelper krbHelper; // Test users and groups protected static final String[] org1Users = { "user0_1", "user1_1", "user2_1", "user3_1", "user4_1", "user5_1" }; @@ -100,9 +104,14 @@ protected static void startMiniDfsCluster(String testClass, boolean isImpersonat dfsConf.set("hdfs.minidfs.basedir", miniDfsStoragePath.getCanonicalPath()); if (isImpersonationEnabled) { + krbHelper = new KerberosHelper(BaseTestImpersonation.class.getSimpleName(), null); + krbHelper.setupKdc(BaseDirTestWatcher.createTempDir(dirTestWatcher.getTmpDir())); + // Set the proxyuser settings so that the user who is running the Drillbits/MiniDfs can impersonate other users. dfsConf.set(String.format("hadoop.proxyuser.%s.hosts", processUser), "*"); dfsConf.set(String.format("hadoop.proxyuser.%s.groups", processUser), "*"); + dfsConf.set("hadoop.security.authentication", "simple"); + dfsConf.set(DFS_NAMENODE_KEYTAB_FILE_KEY, krbHelper.serverKeytab.toString()); } // Start the MiniDfs cluster