HADOOP-17164. UGI loginUserFromKeytab doesn't set the last login time (#2178)

Contributed by Sandeep Guggilam.

Signed-off-by: Mingliang Liu <liuml07@apache.org>
Signed-off-by: Steve Loughran <stevel@apache.org>
This commit is contained in:
sguggilam 2020-08-04 10:30:06 -07:00 committed by GitHub
parent 8fd4f5490f
commit 2986058e7f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 37 additions and 1 deletions

View File

@ -529,6 +529,14 @@ private void setLogin(LoginContext login) {
user.setLogin(login); user.setLogin(login);
} }
/**
* Set the last login time for logged in user
* @param loginTime the number of milliseconds since the beginning of time
*/
private void setLastLogin(long loginTime) {
user.setLastLogin(loginTime);
}
/** /**
* Create a UserGroupInformation for the given subject. * Create a UserGroupInformation for the given subject.
* This does not change the subject or acquire new credentials. * This does not change the subject or acquire new credentials.
@ -1968,6 +1976,7 @@ private static UserGroupInformation doSubjectLogin(
if (subject == null) { if (subject == null) {
params.put(LoginParam.PRINCIPAL, ugi.getUserName()); params.put(LoginParam.PRINCIPAL, ugi.getUserName());
ugi.setLogin(login); ugi.setLogin(login);
ugi.setLastLogin(Time.now());
} }
return ugi; return ugi;
} catch (LoginException le) { } catch (LoginException le) {

View File

@ -23,6 +23,7 @@
import org.apache.hadoop.minikdc.MiniKdc; import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod; import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
import org.apache.hadoop.test.GenericTestUtils; import org.apache.hadoop.test.GenericTestUtils;
import org.apache.hadoop.util.Time;
import org.junit.After; import org.junit.After;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Before; import org.junit.Before;
@ -101,12 +102,35 @@ public void stopMiniKdc() {
} }
} }
/**
* Login from keytab using the MiniKDC.
*/
@Test
public void testUGILoginFromKeytab() throws Exception {
long beforeLogin = Time.now();
String principal = "foo";
File keytab = new File(workDir, "foo.keytab");
kdc.createPrincipal(keytab, principal);
UserGroupInformation.loginUserFromKeytab(principal, keytab.getPath());
UserGroupInformation ugi = UserGroupInformation.getLoginUser();
Assert.assertTrue("UGI should be configured to login from keytab",
ugi.isFromKeytab());
User user = getUser(ugi.getSubject());
Assert.assertNotNull(user.getLogin());
Assert.assertTrue("User login time is less than before login time, "
+ "beforeLoginTime:" + beforeLogin + " userLoginTime:" + user.getLastLogin(),
user.getLastLogin() > beforeLogin);
}
/** /**
* Login from keytab using the MiniKDC and verify the UGI can successfully * Login from keytab using the MiniKDC and verify the UGI can successfully
* relogin from keytab as well. This will catch regressions like HADOOP-10786. * relogin from keytab as well. This will catch regressions like HADOOP-10786.
*/ */
@Test @Test
public void testUGILoginFromKeytab() throws Exception { public void testUGIReLoginFromKeytab() throws Exception {
String principal = "foo"; String principal = "foo";
File keytab = new File(workDir, "foo.keytab"); File keytab = new File(workDir, "foo.keytab");
kdc.createPrincipal(keytab, principal); kdc.createPrincipal(keytab, principal);
@ -122,6 +146,9 @@ public void testUGILoginFromKeytab() throws Exception {
final LoginContext login1 = user.getLogin(); final LoginContext login1 = user.getLogin();
Assert.assertNotNull(login1); Assert.assertNotNull(login1);
// Sleep for 2 secs to have a difference between first and second login
Thread.sleep(2000);
ugi.reloginFromKeytab(); ugi.reloginFromKeytab();
final long secondLogin = user.getLastLogin(); final long secondLogin = user.getLastLogin();
final LoginContext login2 = user.getLogin(); final LoginContext login2 = user.getLogin();