YARN-6104. RegistrySecurity overrides zookeeper sasl system properties. Contributed by Billie Rinaldi
This commit is contained in:
parent
7e8d32147c
commit
efc8faa1ba
@ -749,8 +749,15 @@ public static void setZKSaslClientProperties(String username,
|
||||
String context) {
|
||||
RegistrySecurity.validateContext(context);
|
||||
enableZookeeperClientSASL();
|
||||
System.setProperty(PROP_ZK_SASL_CLIENT_USERNAME, username);
|
||||
System.setProperty(PROP_ZK_SASL_CLIENT_CONTEXT, context);
|
||||
setSystemPropertyIfUnset(PROP_ZK_SASL_CLIENT_USERNAME, username);
|
||||
setSystemPropertyIfUnset(PROP_ZK_SASL_CLIENT_CONTEXT, context);
|
||||
}
|
||||
|
||||
private static void setSystemPropertyIfUnset(String name, String value) {
|
||||
String existingValue = System.getProperty(name);
|
||||
if (existingValue == null || existingValue.isEmpty()) {
|
||||
System.setProperty(name, value);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -37,6 +37,8 @@
|
||||
import javax.security.auth.login.LoginContext;
|
||||
|
||||
import static org.apache.hadoop.registry.client.api.RegistryConstants.*;
|
||||
import static org.apache.hadoop.registry.client.impl.zk.ZookeeperConfigOptions.PROP_ZK_SASL_CLIENT_CONTEXT;
|
||||
import static org.apache.hadoop.registry.client.impl.zk.ZookeeperConfigOptions.PROP_ZK_SASL_CLIENT_USERNAME;
|
||||
|
||||
/**
|
||||
* Verify that the Mini ZK service can be started up securely
|
||||
@ -138,6 +140,26 @@ public void testZookeeperCanWrite() throws Throwable {
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSystemPropertyOverwrite() {
|
||||
System.setProperty(PROP_ZK_SASL_CLIENT_USERNAME, "");
|
||||
System.setProperty(PROP_ZK_SASL_CLIENT_CONTEXT, "");
|
||||
RegistrySecurity.setZKSaslClientProperties(ZOOKEEPER,
|
||||
ZOOKEEPER_CLIENT_CONTEXT);
|
||||
assertEquals(ZOOKEEPER, System.getProperty(PROP_ZK_SASL_CLIENT_USERNAME));
|
||||
assertEquals(ZOOKEEPER_CLIENT_CONTEXT,
|
||||
System.getProperty(PROP_ZK_SASL_CLIENT_CONTEXT));
|
||||
|
||||
String userName = "user1";
|
||||
String context = "context1";
|
||||
System.setProperty(PROP_ZK_SASL_CLIENT_USERNAME, userName);
|
||||
System.setProperty(PROP_ZK_SASL_CLIENT_CONTEXT, context);
|
||||
RegistrySecurity.setZKSaslClientProperties(ZOOKEEPER,
|
||||
ZOOKEEPER_CLIENT_CONTEXT);
|
||||
assertEquals(userName, System.getProperty(PROP_ZK_SASL_CLIENT_USERNAME));
|
||||
assertEquals(context, System.getProperty(PROP_ZK_SASL_CLIENT_CONTEXT));
|
||||
}
|
||||
|
||||
/**
|
||||
* Start a curator service instance
|
||||
* @param name name
|
||||
|
Loading…
Reference in New Issue
Block a user