forked from mapr/spark
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
MapR [SPARK-182] Spark Project External Kafka Producer v09 unit tests…
… fixed (apache#263)
- Loading branch information
1 parent
8caa9da
commit a1e5584
Showing
4 changed files
with
310 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
281 changes: 281 additions & 0 deletions
281
external/kafka-producer/src/test/resources/mapr.login.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,281 @@ | ||
/** | ||
* The KerberosBugWorkAroundLoginModule works around a Java 6 bug where it | ||
* doesn't pick up KRB5CCName properly. This is not needed with recent | ||
* patch levels of Java 7. | ||
* | ||
* Used by maprlogin and MapRLogin for client authentication | ||
*/ | ||
MAPR_CLIENT_KERBEROS { | ||
org.apache.hadoop.security.login.KerberosBugWorkAroundLoginModule required | ||
useTicketCache=true | ||
doNotPrompt=true; | ||
}; | ||
|
||
/** | ||
* Used by CLDB for authenticating users. | ||
* The principal value is used as the Kerberos server identity of the CLDB. | ||
* This is generated by configure.sh by default. You can edit this value | ||
* but ensure that every CLDB node has the same principal name. | ||
*/ | ||
MAPR_SERVER_KERBEROS { | ||
com.sun.security.auth.module.Krb5LoginModule required | ||
refreshKrb5Config=true | ||
doNotPrompt=true | ||
useKeyTab=true | ||
storeKey=true | ||
keyTab="/opt/mapr/conf/mapr.keytab" | ||
isInitiator=false | ||
principal="mapr/cyber.mapr.cluster"; | ||
}; | ||
|
||
/** | ||
* Used by web servers for SPNEGO authentication. These include | ||
* MapR Webserver/MCS server in case SPNEGO REST APIs authentication is enabled | ||
* JT/TT/HBase/Oozie/etc web UIs configured to use | ||
org.apache.hadoop.security.authentication.server.MultiMechsAuthenticationHandler | ||
* The principal value is the kerberos server identity provided by the | ||
* web server for SPNEGO. Recall that SPNEGO identities are HTTP/hostname | ||
* as perceived by the client. The value is automatically generated by | ||
* configure.sh. However, if the hostname placed here is not the hostname | ||
* used by your clients, you may need to edit it. | ||
* Remember that each web server node will have a different value for | ||
* the principal based upon that node's hostname. | ||
*/ | ||
MAPR_WEBSERVER_KERBEROS { | ||
com.sun.security.auth.module.Krb5LoginModule required | ||
refreshKrb5Config=true | ||
doNotPrompt=true | ||
useKeyTab=true | ||
storeKey=true | ||
keyTab="/opt/mapr/conf/mapr.keytab" | ||
isInitiator=false | ||
principal="HTTP/node1"; | ||
}; | ||
|
||
/** | ||
* Used for password authentication with PAM. jpam is a Java wrapper | ||
* for PAM. The serviceName below determines which PAM configurations | ||
* are to be used for validating passwords. The list is used in the order | ||
* shown. A failure is ignored and the system proceeds to the next entry. | ||
* If your PAM configurations (typically in /etc/pam.d) are not the same | ||
* as our provided defaults, you may need to change the serviceName values, | ||
* add stanzas, or remove stanzas. | ||
* | ||
* mapr-admin is there by default as a placeholder should you choose to | ||
* create MapR specific PAM configuration. If you have no mapr-admin | ||
* PAM configuration, you can just remove it. | ||
*/ | ||
jpamLogin { | ||
net.sf.jpam.jaas.JpamLoginModule Sufficient | ||
serviceName="sudo" | ||
debug=true; | ||
net.sf.jpam.jaas.JpamLoginModule Sufficient | ||
serviceName="sshd" | ||
debug=true; | ||
net.sf.jpam.jaas.JpamLoginModule Sufficient | ||
serviceName="mapr-admin" | ||
debug=true; | ||
}; | ||
|
||
/******************************************************************** | ||
DO NOT EDIT BELOW THIS LINE WITHOUT CONTACTING MAPR SUPPORT | ||
**********************************************************************/ | ||
|
||
/** | ||
* Used by Zookeeper | ||
*/ | ||
Server { | ||
com.mapr.security.maprsasl.MaprSecurityLoginModule required | ||
checkUGI=false | ||
cldbkeylocation="/opt/mapr/conf/cldb.key" | ||
debug=true; | ||
}; | ||
|
||
Client { | ||
com.mapr.security.maprsasl.MaprSecurityLoginModule required | ||
checkUGI=false | ||
authMech="MAPR-SECURITY" | ||
debug=true; | ||
}; | ||
|
||
/** | ||
* Used by Zookeeper - Security is off | ||
*/ | ||
Server_simple { | ||
com.mapr.security.simplesasl.GenericLoginModule required | ||
debug=true; | ||
}; | ||
|
||
Client_simple { | ||
com.mapr.security.simplesasl.GenericLoginModule required | ||
authMech="SIMPLE-SECURITY"; | ||
}; | ||
|
||
/** | ||
* used to obtain MapR credentials | ||
* TODO: rename from maprsasl to something else? maprauth? | ||
*/ | ||
hadoop_maprsasl { | ||
org.apache.hadoop.security.login.GenericOSLoginModule required; | ||
com.mapr.security.maprsasl.MaprSecurityLoginModule required | ||
checkUGI=false; | ||
org.apache.hadoop.security.login.HadoopLoginModule required | ||
principalPriority=com.mapr.security.MapRPrincipal; | ||
}; | ||
|
||
hadoop_maprsasl_keytab { | ||
org.apache.hadoop.security.login.GenericOSLoginModule required; | ||
com.mapr.security.maprsasl.MaprSecurityLoginModule required | ||
checkUGI=false | ||
useServerKey=true; | ||
org.apache.hadoop.security.login.HadoopLoginModule required | ||
principalPriority=com.mapr.security.MapRPrincipal; | ||
}; | ||
|
||
hadoop_maprsasl_permissive { | ||
org.apache.hadoop.security.login.PermissiveLoginModule required; | ||
org.apache.hadoop.security.login.GenericOSLoginModule required; | ||
com.mapr.security.maprsasl.MaprSecurityLoginModule required | ||
checkUGI=false; | ||
org.apache.hadoop.security.login.HadoopLoginModule required | ||
principalPriority=com.mapr.security.MapRPrincipal; | ||
}; | ||
|
||
hadoop_maprsasl_permissive_keytab { | ||
org.apache.hadoop.security.login.PermissiveLoginModule required; | ||
org.apache.hadoop.security.login.GenericOSLoginModule required; | ||
com.mapr.security.maprsasl.MaprSecurityLoginModule required | ||
checkUGI=false | ||
useServerKey=true; | ||
org.apache.hadoop.security.login.HadoopLoginModule required | ||
principalPriority=com.mapr.security.MapRPrincipal; | ||
}; | ||
|
||
/** | ||
* intended for use with Kerberos authentication, no MapR | ||
*/ | ||
hadoop_kerberos { | ||
org.apache.hadoop.security.login.KerberosBugWorkAroundLoginModule required | ||
useTicketCache=true | ||
renewTGT=true | ||
doNotPrompt=true; | ||
org.apache.hadoop.security.login.GenericOSLoginModule required; | ||
org.apache.hadoop.security.login.HadoopLoginModule required; | ||
}; | ||
|
||
/** | ||
* TODO: | ||
* left out isInitial | ||
* should I leave out renewTGT? | ||
*/ | ||
hadoop_kerberos_keytab { | ||
org.apache.hadoop.security.login.KerberosBugWorkAroundLoginModule required | ||
refreshKrb5Config=true | ||
doNotPrompt=true | ||
useKeyTab=true | ||
storeKey=true; | ||
org.apache.hadoop.security.login.GenericOSLoginModule required; | ||
org.apache.hadoop.security.login.HadoopLoginModule required; | ||
}; | ||
|
||
/** | ||
* TODO: KerberosPrincipal preferred, should be add clear to principalPriority? | ||
* authenticate using hybrid of kerberos and MapR | ||
* maprticket must already exist on file system as MapR login module | ||
* cannot get kerberos identity from subject for implicit login. | ||
*/ | ||
hadoop_hybrid { | ||
org.apache.hadoop.security.login.KerberosBugWorkAroundLoginModule optional | ||
useTicketCache=true | ||
renewTGT=true | ||
doNotPrompt=true; | ||
com.mapr.security.maprsasl.MaprSecurityLoginModule required | ||
checkUGI=false; | ||
org.apache.hadoop.security.login.GenericOSLoginModule required; | ||
org.apache.hadoop.security.login.HadoopLoginModule required | ||
principalPriority=com.mapr.security.MapRPrincipal; | ||
}; | ||
|
||
hadoop_hybrid_keytab { | ||
com.mapr.security.maprsasl.MaprSecurityLoginModule required | ||
checkUGI=false | ||
useServerKey=true; | ||
org.apache.hadoop.security.login.KerberosBugWorkAroundLoginModule optional | ||
refreshKrb5Config=true | ||
doNotPrompt=true | ||
useKeyTab=true | ||
storeKey=true; | ||
org.apache.hadoop.security.login.GenericOSLoginModule required; | ||
org.apache.hadoop.security.login.HadoopLoginModule required | ||
principalPriority=com.mapr.security.MapRPrincipal; | ||
}; | ||
|
||
hadoop_hybrid_permissive { | ||
org.apache.hadoop.security.login.KerberosBugWorkAroundLoginModule optional | ||
useTicketCache=true | ||
renewTGT=true | ||
doNotPrompt=true; | ||
com.mapr.security.maprsasl.MaprSecurityLoginModule required | ||
checkUGI=false; | ||
org.apache.hadoop.security.login.GenericOSLoginModule required; | ||
org.apache.hadoop.security.login.PermissiveLoginModule required; | ||
org.apache.hadoop.security.login.HadoopLoginModule required | ||
principalPriority=com.mapr.security.MapRPrincipal; | ||
}; | ||
|
||
hadoop_hybrid_permissive_keytab { | ||
org.apache.hadoop.security.login.KerberosBugWorkAroundLoginModule optional | ||
refreshKrb5Config=true | ||
doNotPrompt=true | ||
useKeyTab=true | ||
storeKey=true; | ||
com.mapr.security.maprsasl.MaprSecurityLoginModule required | ||
checkUGI=false | ||
useServerKey=true; | ||
org.apache.hadoop.security.login.GenericOSLoginModule required; | ||
org.apache.hadoop.security.login.PermissiveLoginModule required; | ||
org.apache.hadoop.security.login.HadoopLoginModule required | ||
principalPriority=com.mapr.security.MapRPrincipal; | ||
}; | ||
|
||
/** | ||
* simple login, just get OS creds | ||
*/ | ||
hadoop_simple { | ||
org.apache.hadoop.security.login.GenericOSLoginModule required; | ||
org.apache.hadoop.security.login.HadoopLoginModule required; | ||
}; | ||
/* all configurations should have corresponding a "_keytab" section for | ||
* loginFromKeytab(), even if it duplicates the one without. | ||
*/ | ||
hadoop_simple_keytab { | ||
org.apache.hadoop.security.login.GenericOSLoginModule required; | ||
org.apache.hadoop.security.login.HadoopLoginModule required; | ||
}; | ||
|
||
/** | ||
* these are used when there is no jvm or config setting for hadoop.login | ||
* it's your backup basically. No MapR components should depend on this | ||
* but it's handy for dealing with unfamilar code. | ||
* Note the intentional error to make sure you don't use by accident | ||
*/ | ||
hadoop_default { | ||
org.apache.hadoop.security.login.GenericOSLoginModule required; | ||
com.mapr.security.maprsasl.MaprSecurityLoginModule required | ||
checkUGI=false; | ||
org.apache.hadoop.security.login.HadoopLoginModule required | ||
principalPriority=com.mapr.security.MapRPrincipal; | ||
}; | ||
|
||
/** | ||
* keytab version of previous | ||
*/ | ||
hadoop_default_keytab { | ||
YouShouldntSeeThisErrorUnlessYourJVMhadoop.loginPropertiesAreBad required; | ||
org.apache.hadoop.security.login.GenericOSLoginModule required; | ||
com.mapr.security.maprsasl.MaprSecurityLoginModule required | ||
checkUGI=false | ||
useServerKey=true; | ||
org.apache.hadoop.security.login.HadoopLoginModule required | ||
principalPriority=com.mapr.security.MapRPrincipal; | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters