HDFS-14835. RBF: Secured Router should not run when it can't initialize DelegationTokenSecretManager. (#1414)
This commit is contained in:
parent
f8f8598ea5
commit
524b553a5f
@ -51,13 +51,16 @@ public class RouterSecurityManager {
|
||||
private AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>
|
||||
dtSecretManager = null;
|
||||
|
||||
public RouterSecurityManager(Configuration conf) {
|
||||
public RouterSecurityManager(Configuration conf) throws IOException {
|
||||
AuthenticationMethod authMethodConfigured =
|
||||
SecurityUtil.getAuthenticationMethod(conf);
|
||||
AuthenticationMethod authMethodToInit =
|
||||
AuthenticationMethod.KERBEROS;
|
||||
if (authMethodConfigured.equals(authMethodToInit)) {
|
||||
this.dtSecretManager = FederationUtil.newSecretManager(conf);
|
||||
if (this.dtSecretManager == null) {
|
||||
throw new IOException("Failed to create SecretManager");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -26,17 +26,20 @@
|
||||
import org.apache.hadoop.hdfs.server.federation.RouterConfigBuilder;
|
||||
import org.apache.hadoop.hdfs.server.federation.router.security.RouterSecurityManager;
|
||||
import org.apache.hadoop.hdfs.server.federation.router.Router;
|
||||
import org.apache.hadoop.hdfs.server.federation.router.security.token.ZKDelegationTokenSecretManagerImpl;
|
||||
import org.apache.hadoop.io.Text;
|
||||
import org.apache.hadoop.security.Credentials;
|
||||
import org.apache.hadoop.security.UserGroupInformation;
|
||||
import org.apache.hadoop.security.token.SecretManager;
|
||||
import org.apache.hadoop.security.token.Token;
|
||||
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
|
||||
import org.apache.hadoop.service.ServiceStateException;
|
||||
import org.junit.rules.ExpectedException;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
|
||||
import static org.apache.hadoop.test.LambdaTestUtils.intercept;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
@ -77,7 +80,7 @@ public static void createMockSecretManager() throws IOException {
|
||||
public ExpectedException exceptionRule = ExpectedException.none();
|
||||
|
||||
@Test
|
||||
public void testCreateSecretManagerUsingReflection() {
|
||||
public void testCreateSecretManagerUsingReflection() throws IOException {
|
||||
Configuration conf = new HdfsConfiguration();
|
||||
conf.set(
|
||||
DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS,
|
||||
@ -187,4 +190,15 @@ private static String[] getUserGroupForTesting() {
|
||||
String[] groupsForTesting = {"router_group"};
|
||||
return groupsForTesting;
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testWithoutSecretManager() throws Exception {
|
||||
Configuration conf = initSecurity();
|
||||
conf.set(DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS,
|
||||
ZKDelegationTokenSecretManagerImpl.class.getName());
|
||||
Router router = new Router();
|
||||
// router will throw an exception since zookeeper isn't running
|
||||
intercept(ServiceStateException.class, "Failed to create SecretManager",
|
||||
() -> router.init(conf));
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user