big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HDFS-14835. RBF: Secured Router should not run when it can't initialize DelegationTokenSecretManager. (#1414)

Browse Source
This commit is contained in:
Takanobu Asanuma 2019-09-11 10:32:07 +09:00 committed by GitHub
parent f8f8598ea5
commit 524b553a5f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/security/RouterSecurityManager.java
View File

@ -51,13 +51,16 @@ public class RouterSecurityManager {
private AbstractDelegationTokenSecretManager<DelegationTokenIdentifier> private AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>
dtSecretManager = null; dtSecretManager = null;
public RouterSecurityManager(Configuration conf) { public RouterSecurityManager(Configuration conf) throws IOException {
AuthenticationMethod authMethodConfigured = AuthenticationMethod authMethodConfigured =
SecurityUtil.getAuthenticationMethod(conf); SecurityUtil.getAuthenticationMethod(conf);
AuthenticationMethod authMethodToInit = AuthenticationMethod authMethodToInit =
AuthenticationMethod.KERBEROS; AuthenticationMethod.KERBEROS;
if (authMethodConfigured.equals(authMethodToInit)) { if (authMethodConfigured.equals(authMethodToInit)) {
this.dtSecretManager = FederationUtil.newSecretManager(conf); this.dtSecretManager = FederationUtil.newSecretManager(conf);
if (this.dtSecretManager == null) {
throw new IOException("Failed to create SecretManager");
}
} }
} }

16
hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/hdfs/server/federation/security/TestRouterSecurityManager.java
View File

@ -26,17 +26,20 @@
import org.apache.hadoop.hdfs.server.federation.RouterConfigBuilder; import org.apache.hadoop.hdfs.server.federation.RouterConfigBuilder;
import org.apache.hadoop.hdfs.server.federation.router.security.RouterSecurityManager; import org.apache.hadoop.hdfs.server.federation.router.security.RouterSecurityManager;
import org.apache.hadoop.hdfs.server.federation.router.Router; import org.apache.hadoop.hdfs.server.federation.router.Router;
import org.apache.hadoop.hdfs.server.federation.router.security.token.ZKDelegationTokenSecretManagerImpl;
import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.SecretManager; import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager; import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
import org.apache.hadoop.service.ServiceStateException;
import org.junit.rules.ExpectedException; import org.junit.rules.ExpectedException;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import static org.apache.hadoop.test.LambdaTestUtils.intercept;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
@ -77,7 +80,7 @@ public static void createMockSecretManager() throws IOException {
public ExpectedException exceptionRule = ExpectedException.none(); public ExpectedException exceptionRule = ExpectedException.none();
@Test @Test
public void testCreateSecretManagerUsingReflection() { public void testCreateSecretManagerUsingReflection() throws IOException {
Configuration conf = new HdfsConfiguration(); Configuration conf = new HdfsConfiguration();
conf.set( conf.set(
DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS, DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS,
@ -187,4 +190,15 @@ private static String[] getUserGroupForTesting() {
String[] groupsForTesting = {"router_group"}; String[] groupsForTesting = {"router_group"};
return groupsForTesting; return groupsForTesting;
} }
@Test
public void testWithoutSecretManager() throws Exception {
Configuration conf = initSecurity();
conf.set(DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS,
ZKDelegationTokenSecretManagerImpl.class.getName());
Router router = new Router();
// router will throw an exception since zookeeper isn't running
intercept(ServiceStateException.class, "Failed to create SecretManager",
() -> router.init(conf));
}
} }