HDDS-2228. Fix NPE in OzoneDelegationTokenManager#addPersistedDelegat… (#1571)

hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java

@@ -84,13 +84,16 @@ public class OzoneDelegationTokenSecretManager
    * milliseconds
    * @param dtRemoverScanInterval how often the tokens are scanned for expired
    * tokens in milliseconds
+   * @param certClient certificate client to SCM CA
    */
   public OzoneDelegationTokenSecretManager(OzoneConfiguration conf,
       long tokenMaxLifetime, long tokenRenewInterval,
       long dtRemoverScanInterval, Text service,
-      S3SecretManager s3SecretManager) throws IOException {
+      S3SecretManager s3SecretManager, CertificateClient certClient)
+      throws IOException {
     super(new SecurityConfig(conf), tokenMaxLifetime, tokenRenewInterval,
         service, LOG);
+    setCertClient(certClient);
     currentTokens = new ConcurrentHashMap();
     this.tokenRemoverScanInterval = dtRemoverScanInterval;
     this.s3SecretManager = (S3SecretManagerImpl) s3SecretManager;

hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretManager.java

@@ -70,6 +70,7 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
    * @param tokenRenewInterval how often the tokens must be renewed in
    * milliseconds
    * @param service name of service
+   * @param logger logger for the secret manager
    */
   public OzoneSecretManager(SecurityConfig secureConf, long tokenMaxLifetime,
       long tokenRenewInterval, Text service, Logger logger) {
@@ -188,7 +189,7 @@ public String formatTokenId(T id) {
   public synchronized void start(CertificateClient client)
       throws IOException {
     Preconditions.checkState(!isRunning());
-    this.certClient = client;
+    setCertClient(client);
     updateCurrentKey(new KeyPair(certClient.getPublicKey(),
         certClient.getPrivateKey()));
     setIsRunning(true);
@@ -247,5 +248,9 @@ public AtomicInteger getTokenSequenceNumber() {
   public CertificateClient getCertClient() {
     return certClient;
   }
+
+  public void setCertClient(CertificateClient client) {
+    this.certClient = client;
+  }
 }
 

hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java

@@ -627,7 +627,7 @@ private OzoneDelegationTokenSecretManager createDelegationTokenSecretManager(
 
     return new OzoneDelegationTokenSecretManager(conf, tokenMaxLifetime,
         tokenRenewInterval, tokenRemoverScanInterval, omRpcAddressTxt,
-        s3SecretManager);
+        s3SecretManager, certClient);
   }
 
   private OzoneBlockTokenSecretManager createBlockTokenSecretManager(

hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java

@@ -169,8 +169,15 @@ public void testCreateToken() throws Exception {
     validateHash(token.getPassword(), token.getIdentifier());
   }
 
-  @Test
+  private void restartSecretManager() throws IOException {
-  public void testRenewTokenSuccess() throws Exception {
+    secretManager.stop();
+    secretManager = null;
+    secretManager = createSecretManager(conf, tokenMaxLifetime,
+        expiryTime, tokenRemoverScanInterval);
+  }
+
+  private void testRenewTokenSuccessHelper(boolean restartSecretManager)
+      throws Exception {
     secretManager = createSecretManager(conf, tokenMaxLifetime,
         expiryTime, tokenRemoverScanInterval);
     secretManager.start(certificateClient);
@@ -178,10 +185,25 @@ public void testRenewTokenSuccess() throws Exception {
         TEST_USER,
         TEST_USER);
     Thread.sleep(10 * 5);
+
+    if (restartSecretManager) {
+      restartSecretManager();
+    }
+
     long renewalTime = secretManager.renewToken(token, TEST_USER.toString());
     Assert.assertTrue(renewalTime > 0);
   }
 
+  @Test
+  public void testReloadAndRenewToken() throws Exception {
+    testRenewTokenSuccessHelper(true);
+  }
+
+  @Test
+  public void testRenewTokenSuccess() throws Exception {
+    testRenewTokenSuccessHelper(false);
+  }
+
   /**
    * Tests failure for mismatch in renewer.
    */
@@ -375,6 +397,7 @@ private void validateHash(byte[] hash, byte[] identifier) throws Exception {
       createSecretManager(OzoneConfiguration config, long tokenMaxLife,
       long expiry, long tokenRemoverScanTime) throws IOException {
     return new OzoneDelegationTokenSecretManager(config, tokenMaxLife,
-        expiry, tokenRemoverScanTime, serviceRpcAdd, s3SecretManager);
+        expiry, tokenRemoverScanTime, serviceRpcAdd, s3SecretManager,
+        certificateClient);
   }
 }