YARN-6104. RegistrySecurity overrides zookeeper sasl system properties. Contributed by Billie Rinaldi
This commit is contained in:
parent
7e8d32147c
commit
efc8faa1ba
@ -749,8 +749,15 @@ public static void setZKSaslClientProperties(String username,
|
|||||||
String context) {
|
String context) {
|
||||||
RegistrySecurity.validateContext(context);
|
RegistrySecurity.validateContext(context);
|
||||||
enableZookeeperClientSASL();
|
enableZookeeperClientSASL();
|
||||||
System.setProperty(PROP_ZK_SASL_CLIENT_USERNAME, username);
|
setSystemPropertyIfUnset(PROP_ZK_SASL_CLIENT_USERNAME, username);
|
||||||
System.setProperty(PROP_ZK_SASL_CLIENT_CONTEXT, context);
|
setSystemPropertyIfUnset(PROP_ZK_SASL_CLIENT_CONTEXT, context);
|
||||||
|
}
|
||||||
|
|
||||||
|
private static void setSystemPropertyIfUnset(String name, String value) {
|
||||||
|
String existingValue = System.getProperty(name);
|
||||||
|
if (existingValue == null || existingValue.isEmpty()) {
|
||||||
|
System.setProperty(name, value);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -37,6 +37,8 @@
|
|||||||
import javax.security.auth.login.LoginContext;
|
import javax.security.auth.login.LoginContext;
|
||||||
|
|
||||||
import static org.apache.hadoop.registry.client.api.RegistryConstants.*;
|
import static org.apache.hadoop.registry.client.api.RegistryConstants.*;
|
||||||
|
import static org.apache.hadoop.registry.client.impl.zk.ZookeeperConfigOptions.PROP_ZK_SASL_CLIENT_CONTEXT;
|
||||||
|
import static org.apache.hadoop.registry.client.impl.zk.ZookeeperConfigOptions.PROP_ZK_SASL_CLIENT_USERNAME;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Verify that the Mini ZK service can be started up securely
|
* Verify that the Mini ZK service can be started up securely
|
||||||
@ -138,6 +140,26 @@ public void testZookeeperCanWrite() throws Throwable {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testSystemPropertyOverwrite() {
|
||||||
|
System.setProperty(PROP_ZK_SASL_CLIENT_USERNAME, "");
|
||||||
|
System.setProperty(PROP_ZK_SASL_CLIENT_CONTEXT, "");
|
||||||
|
RegistrySecurity.setZKSaslClientProperties(ZOOKEEPER,
|
||||||
|
ZOOKEEPER_CLIENT_CONTEXT);
|
||||||
|
assertEquals(ZOOKEEPER, System.getProperty(PROP_ZK_SASL_CLIENT_USERNAME));
|
||||||
|
assertEquals(ZOOKEEPER_CLIENT_CONTEXT,
|
||||||
|
System.getProperty(PROP_ZK_SASL_CLIENT_CONTEXT));
|
||||||
|
|
||||||
|
String userName = "user1";
|
||||||
|
String context = "context1";
|
||||||
|
System.setProperty(PROP_ZK_SASL_CLIENT_USERNAME, userName);
|
||||||
|
System.setProperty(PROP_ZK_SASL_CLIENT_CONTEXT, context);
|
||||||
|
RegistrySecurity.setZKSaslClientProperties(ZOOKEEPER,
|
||||||
|
ZOOKEEPER_CLIENT_CONTEXT);
|
||||||
|
assertEquals(userName, System.getProperty(PROP_ZK_SASL_CLIENT_USERNAME));
|
||||||
|
assertEquals(context, System.getProperty(PROP_ZK_SASL_CLIENT_CONTEXT));
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Start a curator service instance
|
* Start a curator service instance
|
||||||
* @param name name
|
* @param name name
|
||||||
|
Loading…
Reference in New Issue
Block a user