From efc8faa1bae79c17047e920beeb8af983db08e93 Mon Sep 17 00:00:00 2001 From: Jian He Date: Thu, 19 Jan 2017 10:18:59 -0800 Subject: [PATCH] YARN-6104. RegistrySecurity overrides zookeeper sasl system properties. Contributed by Billie Rinaldi --- .../client/impl/zk/RegistrySecurity.java | 11 ++++++++-- .../registry/secure/TestSecureRegistry.java | 22 +++++++++++++++++++ 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java index a3ec77a15d..bdb79be8a2 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java @@ -749,8 +749,15 @@ public static void setZKSaslClientProperties(String username, String context) { RegistrySecurity.validateContext(context); enableZookeeperClientSASL(); - System.setProperty(PROP_ZK_SASL_CLIENT_USERNAME, username); - System.setProperty(PROP_ZK_SASL_CLIENT_CONTEXT, context); + setSystemPropertyIfUnset(PROP_ZK_SASL_CLIENT_USERNAME, username); + setSystemPropertyIfUnset(PROP_ZK_SASL_CLIENT_CONTEXT, context); + } + + private static void setSystemPropertyIfUnset(String name, String value) { + String existingValue = System.getProperty(name); + if (existingValue == null || existingValue.isEmpty()) { + System.setProperty(name, value); + } } /** diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/java/org/apache/hadoop/registry/secure/TestSecureRegistry.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/java/org/apache/hadoop/registry/secure/TestSecureRegistry.java index 083f7f9522..9d5848ea03 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/java/org/apache/hadoop/registry/secure/TestSecureRegistry.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/java/org/apache/hadoop/registry/secure/TestSecureRegistry.java @@ -37,6 +37,8 @@ import javax.security.auth.login.LoginContext; import static org.apache.hadoop.registry.client.api.RegistryConstants.*; +import static org.apache.hadoop.registry.client.impl.zk.ZookeeperConfigOptions.PROP_ZK_SASL_CLIENT_CONTEXT; +import static org.apache.hadoop.registry.client.impl.zk.ZookeeperConfigOptions.PROP_ZK_SASL_CLIENT_USERNAME; /** * Verify that the Mini ZK service can be started up securely @@ -138,6 +140,26 @@ public void testZookeeperCanWrite() throws Throwable { } } + @Test + public void testSystemPropertyOverwrite() { + System.setProperty(PROP_ZK_SASL_CLIENT_USERNAME, ""); + System.setProperty(PROP_ZK_SASL_CLIENT_CONTEXT, ""); + RegistrySecurity.setZKSaslClientProperties(ZOOKEEPER, + ZOOKEEPER_CLIENT_CONTEXT); + assertEquals(ZOOKEEPER, System.getProperty(PROP_ZK_SASL_CLIENT_USERNAME)); + assertEquals(ZOOKEEPER_CLIENT_CONTEXT, + System.getProperty(PROP_ZK_SASL_CLIENT_CONTEXT)); + + String userName = "user1"; + String context = "context1"; + System.setProperty(PROP_ZK_SASL_CLIENT_USERNAME, userName); + System.setProperty(PROP_ZK_SASL_CLIENT_CONTEXT, context); + RegistrySecurity.setZKSaslClientProperties(ZOOKEEPER, + ZOOKEEPER_CLIENT_CONTEXT); + assertEquals(userName, System.getProperty(PROP_ZK_SASL_CLIENT_USERNAME)); + assertEquals(context, System.getProperty(PROP_ZK_SASL_CLIENT_CONTEXT)); + } + /** * Start a curator service instance * @param name name