Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HDFS-14835. RBF: Secured Router should not run when it can't initialize DelegationTokenSecretManager. (#1414)

This commit is contained in:
Takanobu Asanuma 2019-09-11 10:32:07 +09:00 committed by GitHub
parent f8f8598ea5
commit 524b553a5f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/security/RouterSecurityManager.java
View File

@ -51,13 +51,16 @@ public class RouterSecurityManager {
private AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>
dtSecretManager = null;
public RouterSecurityManager(Configuration conf) {
public RouterSecurityManager(Configuration conf) throws IOException {
AuthenticationMethod authMethodConfigured =
SecurityUtil.getAuthenticationMethod(conf);
AuthenticationMethod authMethodToInit =
AuthenticationMethod.KERBEROS;
if (authMethodConfigured.equals(authMethodToInit)) {
this.dtSecretManager = FederationUtil.newSecretManager(conf);
if (this.dtSecretManager == null) {
throw new IOException("Failed to create SecretManager");
}
}
}

16
hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/hdfs/server/federation/security/TestRouterSecurityManager.java
View File

@ -26,17 +26,20 @@ import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifie
import org.apache.hadoop.hdfs.server.federation.RouterConfigBuilder;
import org.apache.hadoop.hdfs.server.federation.router.security.RouterSecurityManager;
import org.apache.hadoop.hdfs.server.federation.router.Router;
import org.apache.hadoop.hdfs.server.federation.router.security.token.ZKDelegationTokenSecretManagerImpl;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
import org.apache.hadoop.service.ServiceStateException;
import org.junit.rules.ExpectedException;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import static org.apache.hadoop.test.LambdaTestUtils.intercept;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
@ -77,7 +80,7 @@ public class TestRouterSecurityManager {
public ExpectedException exceptionRule = ExpectedException.none();
@Test
public void testCreateSecretManagerUsingReflection() {
public void testCreateSecretManagerUsingReflection() throws IOException {
Configuration conf = new HdfsConfiguration();
conf.set(
DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS,
@ -187,4 +190,15 @@ public class TestRouterSecurityManager {
String[] groupsForTesting = {"router_group"};
return groupsForTesting;
}
@Test
public void testWithoutSecretManager() throws Exception {
Configuration conf = initSecurity();
conf.set(DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS,
ZKDelegationTokenSecretManagerImpl.class.getName());
Router router = new Router();
// router will throw an exception since zookeeper isn't running
intercept(ServiceStateException.class, "Failed to create SecretManager",
() -> router.init(conf));
}
}