Repository: knox Updated Branches: refs/heads/v0.6.0 98ab475fa -> c4885eb10
KNOX-531 fix extraneous audit entries and add additional principal mapping test Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/c4885eb1 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/c4885eb1 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/c4885eb1 Branch: refs/heads/v0.6.0 Commit: c4885eb109cfcfde53ea91feddb41fd6611db756 Parents: 98ab475 Author: Larry McCay <lmc...@hortonworks.com> Authored: Fri Apr 17 11:14:35 2015 -0400 Committer: Larry McCay <lmc...@hortonworks.com> Committed: Fri Apr 17 11:19:01 2015 -0400 ---------------------------------------------------------------------- .../filter/AbstractIdentityAssertionFilter.java | 1 - .../security/principal/PrincipalMapperTest.java | 22 ++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/c4885eb1/gateway-provider-identity-assertion-common/src/main/java/org/apache/hadoop/gateway/identityasserter/common/filter/AbstractIdentityAssertionFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-identity-assertion-common/src/main/java/org/apache/hadoop/gateway/identityasserter/common/filter/AbstractIdentityAssertionFilter.java b/gateway-provider-identity-assertion-common/src/main/java/org/apache/hadoop/gateway/identityasserter/common/filter/AbstractIdentityAssertionFilter.java index 12a349a..c085c91 100644 --- a/gateway-provider-identity-assertion-common/src/main/java/org/apache/hadoop/gateway/identityasserter/common/filter/AbstractIdentityAssertionFilter.java +++ b/gateway-provider-identity-assertion-common/src/main/java/org/apache/hadoop/gateway/identityasserter/common/filter/AbstractIdentityAssertionFilter.java @@ -145,7 +145,6 @@ public abstract class AbstractIdentityAssertionFilter extends } if (groupsMapped) { addMappedGroupsToSubject(mappedPrincipalName, groups, subject); - addMappedGroupsToSubject("*", groups, subject); } doAs(request, response, chain, subject); } http://git-wip-us.apache.org/repos/asf/knox/blob/c4885eb1/gateway-spi/src/test/java/org/apache/hadoop/gateway/security/principal/PrincipalMapperTest.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/test/java/org/apache/hadoop/gateway/security/principal/PrincipalMapperTest.java b/gateway-spi/src/test/java/org/apache/hadoop/gateway/security/principal/PrincipalMapperTest.java index 16e972e..6676629 100644 --- a/gateway-spi/src/test/java/org/apache/hadoop/gateway/security/principal/PrincipalMapperTest.java +++ b/gateway-spi/src/test/java/org/apache/hadoop/gateway/security/principal/PrincipalMapperTest.java @@ -76,6 +76,28 @@ public class PrincipalMapperTest { } @Test + public void testSimplePrincipalMappingWithUserAndWildcardAndExplicitGroups() { + String principalMapping = "guest=lmccay"; + String groupMapping = "*=users;lmccay=mrgroup"; + try { + mapper.loadMappingTable(principalMapping, groupMapping); + } + catch (PrincipalMappingException pme) { + pme.printStackTrace(); + fail(); + } + + assertTrue(mapper.mapUserPrincipal("guest").equals("lmccay")); + assertTrue(mapper.mapGroupPrincipal("hdfs").length == 1); + assertTrue(mapper.mapGroupPrincipal("hdfs")[0].equals("users")); + assertTrue(mapper.mapGroupPrincipal("lmccay").length == 2); + String group = mapper.mapGroupPrincipal("lmccay")[0]; + assertTrue(group.equals("users") || group.equals("mrgroup")); + group = mapper.mapGroupPrincipal("lmccay")[1]; + assertTrue(group.equals("users") || group.equals("mrgroup")); + } + + @Test public void testNonNullSimplePrincipalMappingWithGroups() { String principalMapping = "lmccay,kminder=hdfs;newuser=mapred"; String groupMapping = "hdfs=group1;mapred=mrgroup,mrducks";