HADOOP-11088. Unittest TestKeyShell, TestCredShell and TestKMS assume UNIX path separator for JECKS key store path. Contributed by Xiaoyu Yao.
(cherry picked from commit 957414d4cb
)
This commit is contained in:
parent
546a708acc
commit
5afc3f1dad
|
@ -463,6 +463,9 @@ Release 2.6.0 - UNRELEASED
|
||||||
HADOOP-11083. After refactoring of HTTP proxyuser to common, doAs param is
|
HADOOP-11083. After refactoring of HTTP proxyuser to common, doAs param is
|
||||||
case sensitive. (tucu)
|
case sensitive. (tucu)
|
||||||
|
|
||||||
|
HADOOP-11088. Unittest TestKeyShell, TestCredShell and TestKMS assume UNIX
|
||||||
|
path separator for JECKS key store path. (Xiaoyu Yao via cnauroth)
|
||||||
|
|
||||||
Release 2.5.1 - 2014-09-05
|
Release 2.5.1 - 2014-09-05
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
|
|
@ -24,6 +24,7 @@ import java.io.PrintStream;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
|
import org.apache.hadoop.fs.Path;
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
@ -51,7 +52,8 @@ public class TestKeyShell {
|
||||||
if (!tmpDir.mkdirs()) {
|
if (!tmpDir.mkdirs()) {
|
||||||
throw new IOException("Unable to create " + tmpDir);
|
throw new IOException("Unable to create " + tmpDir);
|
||||||
}
|
}
|
||||||
jceksProvider = "jceks://file" + tmpDir + "/keystore.jceks";
|
final Path jksPath = new Path(tmpDir.toString(), "keystore.jceks");
|
||||||
|
jceksProvider = "jceks://file" + jksPath.toUri();
|
||||||
initialStdOut = System.out;
|
initialStdOut = System.out;
|
||||||
initialStdErr = System.err;
|
initialStdErr = System.err;
|
||||||
System.setOut(new PrintStream(outContent));
|
System.setOut(new PrintStream(outContent));
|
||||||
|
|
|
@ -29,6 +29,7 @@ import java.util.Arrays;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
|
import org.apache.hadoop.fs.Path;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
|
@ -37,18 +38,23 @@ public class TestCredShell {
|
||||||
private final ByteArrayOutputStream errContent = new ByteArrayOutputStream();
|
private final ByteArrayOutputStream errContent = new ByteArrayOutputStream();
|
||||||
private static final File tmpDir =
|
private static final File tmpDir =
|
||||||
new File(System.getProperty("test.build.data", "/tmp"), "creds");
|
new File(System.getProperty("test.build.data", "/tmp"), "creds");
|
||||||
|
|
||||||
|
/* The default JCEKS provider - for testing purposes */
|
||||||
|
private String jceksProvider;
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void setup() throws Exception {
|
public void setup() throws Exception {
|
||||||
System.setOut(new PrintStream(outContent));
|
System.setOut(new PrintStream(outContent));
|
||||||
System.setErr(new PrintStream(errContent));
|
System.setErr(new PrintStream(errContent));
|
||||||
|
final Path jksPath = new Path(tmpDir.toString(), "keystore.jceks");
|
||||||
|
jceksProvider = "jceks://file" + jksPath.toUri();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testCredentialSuccessfulLifecycle() throws Exception {
|
public void testCredentialSuccessfulLifecycle() throws Exception {
|
||||||
outContent.reset();
|
outContent.reset();
|
||||||
String[] args1 = {"create", "credential1", "-value", "p@ssw0rd", "-provider",
|
String[] args1 = {"create", "credential1", "-value", "p@ssw0rd", "-provider",
|
||||||
"jceks://file" + tmpDir + "/credstore.jceks"};
|
jceksProvider};
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
CredentialShell cs = new CredentialShell();
|
CredentialShell cs = new CredentialShell();
|
||||||
cs.setConf(new Configuration());
|
cs.setConf(new Configuration());
|
||||||
|
@ -59,14 +65,14 @@ public class TestCredShell {
|
||||||
|
|
||||||
outContent.reset();
|
outContent.reset();
|
||||||
String[] args2 = {"list", "-provider",
|
String[] args2 = {"list", "-provider",
|
||||||
"jceks://file" + tmpDir + "/credstore.jceks"};
|
jceksProvider};
|
||||||
rc = cs.run(args2);
|
rc = cs.run(args2);
|
||||||
assertEquals(0, rc);
|
assertEquals(0, rc);
|
||||||
assertTrue(outContent.toString().contains("credential1"));
|
assertTrue(outContent.toString().contains("credential1"));
|
||||||
|
|
||||||
outContent.reset();
|
outContent.reset();
|
||||||
String[] args4 = {"delete", "credential1", "-provider",
|
String[] args4 = {"delete", "credential1", "-provider",
|
||||||
"jceks://file" + tmpDir + "/credstore.jceks"};
|
jceksProvider};
|
||||||
rc = cs.run(args4);
|
rc = cs.run(args4);
|
||||||
assertEquals(0, rc);
|
assertEquals(0, rc);
|
||||||
assertTrue(outContent.toString().contains("credential1 has been successfully " +
|
assertTrue(outContent.toString().contains("credential1 has been successfully " +
|
||||||
|
@ -74,7 +80,7 @@ public class TestCredShell {
|
||||||
|
|
||||||
outContent.reset();
|
outContent.reset();
|
||||||
String[] args5 = {"list", "-provider",
|
String[] args5 = {"list", "-provider",
|
||||||
"jceks://file" + tmpDir + "/credstore.jceks"};
|
jceksProvider};
|
||||||
rc = cs.run(args5);
|
rc = cs.run(args5);
|
||||||
assertEquals(0, rc);
|
assertEquals(0, rc);
|
||||||
assertFalse(outContent.toString(), outContent.toString().contains("credential1"));
|
assertFalse(outContent.toString(), outContent.toString().contains("credential1"));
|
||||||
|
@ -132,7 +138,7 @@ public class TestCredShell {
|
||||||
@Test
|
@Test
|
||||||
public void testPromptForCredentialWithEmptyPasswd() throws Exception {
|
public void testPromptForCredentialWithEmptyPasswd() throws Exception {
|
||||||
String[] args1 = {"create", "credential1", "-provider",
|
String[] args1 = {"create", "credential1", "-provider",
|
||||||
"jceks://file" + tmpDir + "/credstore.jceks"};
|
jceksProvider};
|
||||||
ArrayList<String> passwords = new ArrayList<String>();
|
ArrayList<String> passwords = new ArrayList<String>();
|
||||||
passwords.add(null);
|
passwords.add(null);
|
||||||
passwords.add("p@ssw0rd");
|
passwords.add("p@ssw0rd");
|
||||||
|
@ -148,7 +154,7 @@ public class TestCredShell {
|
||||||
@Test
|
@Test
|
||||||
public void testPromptForCredential() throws Exception {
|
public void testPromptForCredential() throws Exception {
|
||||||
String[] args1 = {"create", "credential1", "-provider",
|
String[] args1 = {"create", "credential1", "-provider",
|
||||||
"jceks://file" + tmpDir + "/credstore.jceks"};
|
jceksProvider};
|
||||||
ArrayList<String> passwords = new ArrayList<String>();
|
ArrayList<String> passwords = new ArrayList<String>();
|
||||||
passwords.add("p@ssw0rd");
|
passwords.add("p@ssw0rd");
|
||||||
passwords.add("p@ssw0rd");
|
passwords.add("p@ssw0rd");
|
||||||
|
@ -162,7 +168,7 @@ public class TestCredShell {
|
||||||
"created."));
|
"created."));
|
||||||
|
|
||||||
String[] args2 = {"delete", "credential1", "-provider",
|
String[] args2 = {"delete", "credential1", "-provider",
|
||||||
"jceks://file" + tmpDir + "/credstore.jceks"};
|
jceksProvider};
|
||||||
rc = shell.run(args2);
|
rc = shell.run(args2);
|
||||||
assertEquals(0, rc);
|
assertEquals(0, rc);
|
||||||
assertTrue(outContent.toString().contains("credential1 has been successfully " +
|
assertTrue(outContent.toString().contains("credential1 has been successfully " +
|
||||||
|
|
|
@ -19,6 +19,7 @@ package org.apache.hadoop.crypto.key.kms.server;
|
||||||
|
|
||||||
import org.apache.hadoop.classification.InterfaceAudience;
|
import org.apache.hadoop.classification.InterfaceAudience;
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
|
import org.apache.hadoop.fs.Path;
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.net.MalformedURLException;
|
import java.net.MalformedURLException;
|
||||||
|
@ -72,15 +73,13 @@ public class KMSConfiguration {
|
||||||
String confDir = System.getProperty(KMS_CONFIG_DIR);
|
String confDir = System.getProperty(KMS_CONFIG_DIR);
|
||||||
if (confDir != null) {
|
if (confDir != null) {
|
||||||
try {
|
try {
|
||||||
if (!confDir.startsWith("/")) {
|
Path confPath = new Path(confDir);
|
||||||
|
if (!confPath.isUriPathAbsolute()) {
|
||||||
throw new RuntimeException("System property '" + KMS_CONFIG_DIR +
|
throw new RuntimeException("System property '" + KMS_CONFIG_DIR +
|
||||||
"' must be an absolute path: " + confDir);
|
"' must be an absolute path: " + confDir);
|
||||||
}
|
}
|
||||||
if (!confDir.endsWith("/")) {
|
|
||||||
confDir += "/";
|
|
||||||
}
|
|
||||||
for (String resource : resources) {
|
for (String resource : resources) {
|
||||||
conf.addResource(new URL("file://" + confDir + resource));
|
conf.addResource(new URL("file://" + new Path(confDir, resource).toUri()));
|
||||||
}
|
}
|
||||||
} catch (MalformedURLException ex) {
|
} catch (MalformedURLException ex) {
|
||||||
throw new RuntimeException(ex);
|
throw new RuntimeException(ex);
|
||||||
|
@ -105,13 +104,11 @@ public class KMSConfiguration {
|
||||||
boolean newer = false;
|
boolean newer = false;
|
||||||
String confDir = System.getProperty(KMS_CONFIG_DIR);
|
String confDir = System.getProperty(KMS_CONFIG_DIR);
|
||||||
if (confDir != null) {
|
if (confDir != null) {
|
||||||
if (!confDir.startsWith("/")) {
|
Path confPath = new Path(confDir);
|
||||||
|
if (!confPath.isUriPathAbsolute()) {
|
||||||
throw new RuntimeException("System property '" + KMS_CONFIG_DIR +
|
throw new RuntimeException("System property '" + KMS_CONFIG_DIR +
|
||||||
"' must be an absolute path: " + confDir);
|
"' must be an absolute path: " + confDir);
|
||||||
}
|
}
|
||||||
if (!confDir.endsWith("/")) {
|
|
||||||
confDir += "/";
|
|
||||||
}
|
|
||||||
File f = new File(confDir, KMS_ACLS_XML);
|
File f = new File(confDir, KMS_ACLS_XML);
|
||||||
// at least 100ms newer than time, we do this to ensure the file
|
// at least 100ms newer than time, we do this to ensure the file
|
||||||
// has been properly closed/flushed
|
// has been properly closed/flushed
|
||||||
|
|
|
@ -19,6 +19,7 @@ package org.apache.hadoop.crypto.key.kms.server;
|
||||||
|
|
||||||
import com.google.common.base.Preconditions;
|
import com.google.common.base.Preconditions;
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
|
import org.apache.hadoop.fs.Path;
|
||||||
import org.mortbay.jetty.Connector;
|
import org.mortbay.jetty.Connector;
|
||||||
import org.mortbay.jetty.Server;
|
import org.mortbay.jetty.Server;
|
||||||
import org.mortbay.jetty.security.SslSocketConnector;
|
import org.mortbay.jetty.security.SslSocketConnector;
|
||||||
|
@ -158,7 +159,7 @@ public class MiniKMS {
|
||||||
if (!kmsFile.exists()) {
|
if (!kmsFile.exists()) {
|
||||||
Configuration kms = new Configuration(false);
|
Configuration kms = new Configuration(false);
|
||||||
kms.set("hadoop.security.key.provider.path",
|
kms.set("hadoop.security.key.provider.path",
|
||||||
"jceks://file@" + kmsConfDir + "/kms.keystore");
|
"jceks://file@" + new Path(kmsConfDir, "kms.keystore").toUri());
|
||||||
kms.set("hadoop.kms.authentication.type", "simple");
|
kms.set("hadoop.kms.authentication.type", "simple");
|
||||||
Writer writer = new FileWriter(kmsFile);
|
Writer writer = new FileWriter(kmsFile);
|
||||||
kms.writeXml(writer);
|
kms.writeXml(writer);
|
||||||
|
|
|
@ -26,6 +26,7 @@ import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
|
||||||
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion;
|
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion;
|
||||||
import org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension;
|
import org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension;
|
||||||
import org.apache.hadoop.crypto.key.kms.KMSClientProvider;
|
import org.apache.hadoop.crypto.key.kms.KMSClientProvider;
|
||||||
|
import org.apache.hadoop.fs.Path;
|
||||||
import org.apache.hadoop.io.Text;
|
import org.apache.hadoop.io.Text;
|
||||||
import org.apache.hadoop.minikdc.MiniKdc;
|
import org.apache.hadoop.minikdc.MiniKdc;
|
||||||
import org.apache.hadoop.security.Credentials;
|
import org.apache.hadoop.security.Credentials;
|
||||||
|
@ -117,7 +118,7 @@ public class TestKMS {
|
||||||
protected Configuration createBaseKMSConf(File keyStoreDir) throws Exception {
|
protected Configuration createBaseKMSConf(File keyStoreDir) throws Exception {
|
||||||
Configuration conf = new Configuration(false);
|
Configuration conf = new Configuration(false);
|
||||||
conf.set("hadoop.security.key.provider.path",
|
conf.set("hadoop.security.key.provider.path",
|
||||||
"jceks://file@/" + keyStoreDir.getAbsolutePath() + "/kms.keystore");
|
"jceks://file@" + new Path(keyStoreDir.getAbsolutePath(), "kms.keystore").toUri());
|
||||||
conf.set("hadoop.kms.authentication.type", "simple");
|
conf.set("hadoop.kms.authentication.type", "simple");
|
||||||
return conf;
|
return conf;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue