HDFS-17138 RBF: We changed the hadoop.security.auth_to_local configur… (#5921)
This commit is contained in:
parent
18f9989ff2
commit
60f3a2b101
@ -81,7 +81,12 @@ class AbstractDelegationTokenSecretManager<TokenIdent
|
|||||||
= DelegationTokenSecretManagerMetrics.create();
|
= DelegationTokenSecretManagerMetrics.create();
|
||||||
|
|
||||||
private String formatTokenId(TokenIdent id) {
|
private String formatTokenId(TokenIdent id) {
|
||||||
return "(" + id + ")";
|
try {
|
||||||
|
return "(" + id + ")";
|
||||||
|
} catch (Exception e) {
|
||||||
|
LOG.warn("Exception in formatTokenId", e);
|
||||||
|
}
|
||||||
|
return "( SequenceNumber=" + id.getSequenceNumber() + " )";
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -20,6 +20,7 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
import static org.apache.hadoop.security.authentication.util.KerberosName.setRules;
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.junit.Assert.assertFalse;
|
import static org.junit.Assert.assertFalse;
|
||||||
import static org.junit.Assert.assertTrue;
|
import static org.junit.Assert.assertTrue;
|
||||||
@ -29,6 +30,10 @@
|
|||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.security.PrivilegedExceptionAction;
|
import java.security.PrivilegedExceptionAction;
|
||||||
|
import java.util.Collection;
|
||||||
|
import java.util.HashSet;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
@ -54,6 +59,7 @@
|
|||||||
import org.apache.hadoop.security.UserGroupInformation;
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
import org.apache.hadoop.security.token.SecretManager.InvalidToken;
|
import org.apache.hadoop.security.token.SecretManager.InvalidToken;
|
||||||
import org.apache.hadoop.security.token.Token;
|
import org.apache.hadoop.security.token.Token;
|
||||||
|
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
|
||||||
import org.apache.hadoop.test.GenericTestUtils;
|
import org.apache.hadoop.test.GenericTestUtils;
|
||||||
import org.slf4j.event.Level;
|
import org.slf4j.event.Level;
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
@ -376,4 +382,30 @@ public void testDelegationTokenIdentifierToString() throws Exception {
|
|||||||
" for SomeUser with renewer JobTracker",
|
" for SomeUser with renewer JobTracker",
|
||||||
dtId.toStringStable());
|
dtId.toStringStable());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLogExpireTokensWhenChangeRules() throws IOException {
|
||||||
|
setRules("RULE:[2:$1@$0](SomeUser.*)s/.*/SomeUser/");
|
||||||
|
DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(
|
||||||
|
new Text("SomeUser/HOST@EXAMPLE.COM"),
|
||||||
|
new Text("SomeUser/HOST@EXAMPLE.COM"),
|
||||||
|
new Text("SomeUser/HOST@EXAMPLE.COM"));
|
||||||
|
Set<DelegationTokenIdentifier> expiredTokens = new HashSet();
|
||||||
|
expiredTokens.add(dtId);
|
||||||
|
setRules("RULE:[2:$1@$0](OtherUser.*)s/.*/OtherUser/");
|
||||||
|
//rules was modified, causing the existing tokens
|
||||||
|
//(May be loaded from other storage systems like zookeeper) to fail to match the kerberos rules,
|
||||||
|
//return an exception that cannot be handled
|
||||||
|
new AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>(10 * 1000, 10 * 1000,
|
||||||
|
10 * 1000, 10 * 1000) {
|
||||||
|
@Override
|
||||||
|
public DelegationTokenIdentifier createIdentifier() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
public void logExpireTokens(Collection<DelegationTokenIdentifier> expiredTokens)
|
||||||
|
throws IOException {
|
||||||
|
super.logExpireTokens(expiredTokens);
|
||||||
|
}
|
||||||
|
}.logExpireTokens(expiredTokens);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user