HADOOP-13638. KMS should set UGI's Configuration object properly. Contributed by Wei-Chiu Chuang.
(cherry picked from commitfa397e74fe
) Conflicts: hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java (cherry picked from commit06187e4f98
) Conflicts: hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
This commit is contained in:
parent
fa042ff9af
commit
09964a1629
|
@ -28,6 +28,7 @@ import org.apache.hadoop.crypto.key.KeyProvider;
|
||||||
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
|
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
|
||||||
import org.apache.hadoop.crypto.key.KeyProviderFactory;
|
import org.apache.hadoop.crypto.key.KeyProviderFactory;
|
||||||
import org.apache.hadoop.http.HttpServer2;
|
import org.apache.hadoop.http.HttpServer2;
|
||||||
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
import org.apache.hadoop.security.authorize.AccessControlList;
|
import org.apache.hadoop.security.authorize.AccessControlList;
|
||||||
import org.apache.hadoop.util.VersionInfo;
|
import org.apache.hadoop.util.VersionInfo;
|
||||||
import org.apache.log4j.PropertyConfigurator;
|
import org.apache.log4j.PropertyConfigurator;
|
||||||
|
@ -121,6 +122,7 @@ public class KMSWebApp implements ServletContextListener {
|
||||||
}
|
}
|
||||||
kmsConf = KMSConfiguration.getKMSConf();
|
kmsConf = KMSConfiguration.getKMSConf();
|
||||||
initLogging(confDir);
|
initLogging(confDir);
|
||||||
|
UserGroupInformation.setConfiguration(kmsConf);
|
||||||
LOG.info("-------------------------------------------------------------");
|
LOG.info("-------------------------------------------------------------");
|
||||||
LOG.info(" Java runtime version : {}", System.getProperty(
|
LOG.info(" Java runtime version : {}", System.getProperty(
|
||||||
"java.runtime.version"));
|
"java.runtime.version"));
|
||||||
|
|
|
@ -139,11 +139,31 @@ public class TestKMS {
|
||||||
}
|
}
|
||||||
|
|
||||||
protected Configuration createBaseKMSConf(File keyStoreDir) throws Exception {
|
protected Configuration createBaseKMSConf(File keyStoreDir) throws Exception {
|
||||||
Configuration conf = new Configuration(false);
|
return createBaseKMSConf(keyStoreDir, null);
|
||||||
conf.set(KMSConfiguration.KEY_PROVIDER_URI,
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The Configuration object is shared by both KMS client and server in unit
|
||||||
|
* tests because UGI gets/sets it to a static variable.
|
||||||
|
* As a workaround, make sure the client configurations are copied to server
|
||||||
|
* so that client can read them.
|
||||||
|
* @param keyStoreDir where keystore is located.
|
||||||
|
* @param conf KMS client configuration
|
||||||
|
* @return KMS server configuration based on client.
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
protected Configuration createBaseKMSConf(File keyStoreDir,
|
||||||
|
Configuration conf) throws Exception {
|
||||||
|
Configuration newConf;
|
||||||
|
if (conf == null) {
|
||||||
|
newConf = new Configuration(false);
|
||||||
|
} else {
|
||||||
|
newConf = new Configuration(conf);
|
||||||
|
}
|
||||||
|
newConf.set(KMSConfiguration.KEY_PROVIDER_URI,
|
||||||
"jceks://file@" + new Path(keyStoreDir.getAbsolutePath(), "kms.keystore").toUri());
|
"jceks://file@" + new Path(keyStoreDir.getAbsolutePath(), "kms.keystore").toUri());
|
||||||
conf.set("hadoop.kms.authentication.type", "simple");
|
newConf.set("hadoop.kms.authentication.type", "simple");
|
||||||
return conf;
|
return newConf;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void writeConf(File confDir, Configuration conf)
|
public static void writeConf(File confDir, Configuration conf)
|
||||||
|
@ -272,9 +292,8 @@ public class TestKMS {
|
||||||
if (kerberos) {
|
if (kerberos) {
|
||||||
conf.set("hadoop.security.authentication", "kerberos");
|
conf.set("hadoop.security.authentication", "kerberos");
|
||||||
}
|
}
|
||||||
UserGroupInformation.setConfiguration(conf);
|
|
||||||
File testDir = getTestDir();
|
File testDir = getTestDir();
|
||||||
conf = createBaseKMSConf(testDir);
|
conf = createBaseKMSConf(testDir, conf);
|
||||||
|
|
||||||
final String keystore;
|
final String keystore;
|
||||||
final String password;
|
final String password;
|
||||||
|
@ -396,9 +415,8 @@ public class TestKMS {
|
||||||
final String specialKey = "key %^[\n{]}|\"<>\\";
|
final String specialKey = "key %^[\n{]}|\"<>\\";
|
||||||
Configuration conf = new Configuration();
|
Configuration conf = new Configuration();
|
||||||
conf.set("hadoop.security.authentication", "kerberos");
|
conf.set("hadoop.security.authentication", "kerberos");
|
||||||
UserGroupInformation.setConfiguration(conf);
|
|
||||||
File confDir = getTestDir();
|
File confDir = getTestDir();
|
||||||
conf = createBaseKMSConf(confDir);
|
conf = createBaseKMSConf(confDir, conf);
|
||||||
conf.set(KeyAuthorizationKeyProvider.KEY_ACL + specialKey + ".ALL", "*");
|
conf.set(KeyAuthorizationKeyProvider.KEY_ACL + specialKey + ".ALL", "*");
|
||||||
writeConf(confDir, conf);
|
writeConf(confDir, conf);
|
||||||
|
|
||||||
|
@ -431,9 +449,8 @@ public class TestKMS {
|
||||||
public void testKMSProvider() throws Exception {
|
public void testKMSProvider() throws Exception {
|
||||||
Configuration conf = new Configuration();
|
Configuration conf = new Configuration();
|
||||||
conf.set("hadoop.security.authentication", "kerberos");
|
conf.set("hadoop.security.authentication", "kerberos");
|
||||||
UserGroupInformation.setConfiguration(conf);
|
|
||||||
File confDir = getTestDir();
|
File confDir = getTestDir();
|
||||||
conf = createBaseKMSConf(confDir);
|
conf = createBaseKMSConf(confDir, conf);
|
||||||
conf.set(KeyAuthorizationKeyProvider.KEY_ACL + "k1.ALL", "*");
|
conf.set(KeyAuthorizationKeyProvider.KEY_ACL + "k1.ALL", "*");
|
||||||
conf.set(KeyAuthorizationKeyProvider.KEY_ACL + "k2.MANAGEMENT", "*");
|
conf.set(KeyAuthorizationKeyProvider.KEY_ACL + "k2.MANAGEMENT", "*");
|
||||||
conf.set(KeyAuthorizationKeyProvider.KEY_ACL + "k2.READ", "*");
|
conf.set(KeyAuthorizationKeyProvider.KEY_ACL + "k2.READ", "*");
|
||||||
|
@ -691,9 +708,8 @@ public class TestKMS {
|
||||||
public void testKeyACLs() throws Exception {
|
public void testKeyACLs() throws Exception {
|
||||||
Configuration conf = new Configuration();
|
Configuration conf = new Configuration();
|
||||||
conf.set("hadoop.security.authentication", "kerberos");
|
conf.set("hadoop.security.authentication", "kerberos");
|
||||||
UserGroupInformation.setConfiguration(conf);
|
|
||||||
final File testDir = getTestDir();
|
final File testDir = getTestDir();
|
||||||
conf = createBaseKMSConf(testDir);
|
conf = createBaseKMSConf(testDir, conf);
|
||||||
conf.set("hadoop.kms.authentication.type", "kerberos");
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
||||||
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
||||||
keytab.getAbsolutePath());
|
keytab.getAbsolutePath());
|
||||||
|
@ -969,9 +985,8 @@ public class TestKMS {
|
||||||
public void doKMSRestart(boolean useKrb) throws Exception {
|
public void doKMSRestart(boolean useKrb) throws Exception {
|
||||||
Configuration conf = new Configuration();
|
Configuration conf = new Configuration();
|
||||||
conf.set("hadoop.security.authentication", "kerberos");
|
conf.set("hadoop.security.authentication", "kerberos");
|
||||||
UserGroupInformation.setConfiguration(conf);
|
|
||||||
final File testDir = getTestDir();
|
final File testDir = getTestDir();
|
||||||
conf = createBaseKMSConf(testDir);
|
conf = createBaseKMSConf(testDir, conf);
|
||||||
if (useKrb) {
|
if (useKrb) {
|
||||||
conf.set("hadoop.kms.authentication.type", "kerberos");
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
||||||
}
|
}
|
||||||
|
@ -1049,9 +1064,8 @@ public class TestKMS {
|
||||||
public void testKMSAuthFailureRetry() throws Exception {
|
public void testKMSAuthFailureRetry() throws Exception {
|
||||||
Configuration conf = new Configuration();
|
Configuration conf = new Configuration();
|
||||||
conf.set("hadoop.security.authentication", "kerberos");
|
conf.set("hadoop.security.authentication", "kerberos");
|
||||||
UserGroupInformation.setConfiguration(conf);
|
|
||||||
final File testDir = getTestDir();
|
final File testDir = getTestDir();
|
||||||
conf = createBaseKMSConf(testDir);
|
conf = createBaseKMSConf(testDir, conf);
|
||||||
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
||||||
keytab.getAbsolutePath());
|
keytab.getAbsolutePath());
|
||||||
conf.set("hadoop.kms.authentication.kerberos.principal", "HTTP/localhost");
|
conf.set("hadoop.kms.authentication.kerberos.principal", "HTTP/localhost");
|
||||||
|
@ -1143,9 +1157,8 @@ public class TestKMS {
|
||||||
public void testACLs() throws Exception {
|
public void testACLs() throws Exception {
|
||||||
Configuration conf = new Configuration();
|
Configuration conf = new Configuration();
|
||||||
conf.set("hadoop.security.authentication", "kerberos");
|
conf.set("hadoop.security.authentication", "kerberos");
|
||||||
UserGroupInformation.setConfiguration(conf);
|
|
||||||
final File testDir = getTestDir();
|
final File testDir = getTestDir();
|
||||||
conf = createBaseKMSConf(testDir);
|
conf = createBaseKMSConf(testDir, conf);
|
||||||
conf.set("hadoop.kms.authentication.type", "kerberos");
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
||||||
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
||||||
keytab.getAbsolutePath());
|
keytab.getAbsolutePath());
|
||||||
|
@ -1453,9 +1466,8 @@ public class TestKMS {
|
||||||
public void testKMSBlackList() throws Exception {
|
public void testKMSBlackList() throws Exception {
|
||||||
Configuration conf = new Configuration();
|
Configuration conf = new Configuration();
|
||||||
conf.set("hadoop.security.authentication", "kerberos");
|
conf.set("hadoop.security.authentication", "kerberos");
|
||||||
UserGroupInformation.setConfiguration(conf);
|
|
||||||
File testDir = getTestDir();
|
File testDir = getTestDir();
|
||||||
conf = createBaseKMSConf(testDir);
|
conf = createBaseKMSConf(testDir, conf);
|
||||||
conf.set("hadoop.kms.authentication.type", "kerberos");
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
||||||
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
||||||
keytab.getAbsolutePath());
|
keytab.getAbsolutePath());
|
||||||
|
@ -1542,9 +1554,8 @@ public class TestKMS {
|
||||||
public void testServicePrincipalACLs() throws Exception {
|
public void testServicePrincipalACLs() throws Exception {
|
||||||
Configuration conf = new Configuration();
|
Configuration conf = new Configuration();
|
||||||
conf.set("hadoop.security.authentication", "kerberos");
|
conf.set("hadoop.security.authentication", "kerberos");
|
||||||
UserGroupInformation.setConfiguration(conf);
|
|
||||||
File testDir = getTestDir();
|
File testDir = getTestDir();
|
||||||
conf = createBaseKMSConf(testDir);
|
conf = createBaseKMSConf(testDir, conf);
|
||||||
conf.set("hadoop.kms.authentication.type", "kerberos");
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
||||||
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
||||||
keytab.getAbsolutePath());
|
keytab.getAbsolutePath());
|
||||||
|
@ -1669,9 +1680,8 @@ public class TestKMS {
|
||||||
public void testDelegationTokenAccess() throws Exception {
|
public void testDelegationTokenAccess() throws Exception {
|
||||||
Configuration conf = new Configuration();
|
Configuration conf = new Configuration();
|
||||||
conf.set("hadoop.security.authentication", "kerberos");
|
conf.set("hadoop.security.authentication", "kerberos");
|
||||||
UserGroupInformation.setConfiguration(conf);
|
|
||||||
final File testDir = getTestDir();
|
final File testDir = getTestDir();
|
||||||
conf = createBaseKMSConf(testDir);
|
conf = createBaseKMSConf(testDir, conf);
|
||||||
conf.set("hadoop.kms.authentication.type", "kerberos");
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
||||||
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
||||||
keytab.getAbsolutePath());
|
keytab.getAbsolutePath());
|
||||||
|
@ -1752,9 +1762,8 @@ public class TestKMS {
|
||||||
|
|
||||||
private void testDelegationTokensOps(Configuration conf,
|
private void testDelegationTokensOps(Configuration conf,
|
||||||
final boolean useKrb) throws Exception {
|
final boolean useKrb) throws Exception {
|
||||||
UserGroupInformation.setConfiguration(conf);
|
|
||||||
File confDir = getTestDir();
|
File confDir = getTestDir();
|
||||||
conf = createBaseKMSConf(confDir);
|
conf = createBaseKMSConf(confDir, conf);
|
||||||
if (useKrb) {
|
if (useKrb) {
|
||||||
conf.set("hadoop.kms.authentication.type", "kerberos");
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
||||||
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
||||||
|
@ -1898,9 +1907,8 @@ public class TestKMS {
|
||||||
|
|
||||||
Configuration conf = new Configuration();
|
Configuration conf = new Configuration();
|
||||||
conf.set("hadoop.security.authentication", "kerberos");
|
conf.set("hadoop.security.authentication", "kerberos");
|
||||||
UserGroupInformation.setConfiguration(conf);
|
|
||||||
final File testDir = getTestDir();
|
final File testDir = getTestDir();
|
||||||
conf = createBaseKMSConf(testDir);
|
conf = createBaseKMSConf(testDir, conf);
|
||||||
conf.set("hadoop.kms.authentication.type", "kerberos");
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
||||||
conf.set("hadoop.kms.authentication.kerberos.keytab", keytab.getAbsolutePath());
|
conf.set("hadoop.kms.authentication.kerberos.keytab", keytab.getAbsolutePath());
|
||||||
conf.set("hadoop.kms.authentication.kerberos.principal", "HTTP/localhost");
|
conf.set("hadoop.kms.authentication.kerberos.principal", "HTTP/localhost");
|
||||||
|
@ -1988,9 +1996,8 @@ public class TestKMS {
|
||||||
public void doProxyUserTest(final boolean kerberos) throws Exception {
|
public void doProxyUserTest(final boolean kerberos) throws Exception {
|
||||||
Configuration conf = new Configuration();
|
Configuration conf = new Configuration();
|
||||||
conf.set("hadoop.security.authentication", "kerberos");
|
conf.set("hadoop.security.authentication", "kerberos");
|
||||||
UserGroupInformation.setConfiguration(conf);
|
|
||||||
final File testDir = getTestDir();
|
final File testDir = getTestDir();
|
||||||
conf = createBaseKMSConf(testDir);
|
conf = createBaseKMSConf(testDir, conf);
|
||||||
if (kerberos) {
|
if (kerberos) {
|
||||||
conf.set("hadoop.kms.authentication.type", "kerberos");
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
||||||
}
|
}
|
||||||
|
@ -2093,9 +2100,8 @@ public class TestKMS {
|
||||||
public void doWebHDFSProxyUserTest(final boolean kerberos) throws Exception {
|
public void doWebHDFSProxyUserTest(final boolean kerberos) throws Exception {
|
||||||
Configuration conf = new Configuration();
|
Configuration conf = new Configuration();
|
||||||
conf.set("hadoop.security.authentication", "kerberos");
|
conf.set("hadoop.security.authentication", "kerberos");
|
||||||
UserGroupInformation.setConfiguration(conf);
|
|
||||||
final File testDir = getTestDir();
|
final File testDir = getTestDir();
|
||||||
conf = createBaseKMSConf(testDir);
|
conf = createBaseKMSConf(testDir, conf);
|
||||||
if (kerberos) {
|
if (kerberos) {
|
||||||
conf.set("hadoop.kms.authentication.type", "kerberos");
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue