HADOOP-11088. Unittest TestKeyShell, TestCredShell and TestKMS assume UNIX path separator for JECKS key store path. Contributed by Xiaoyu Yao.

(cherry picked from commit 957414d4cb)
This commit is contained in:
cnauroth 2014-09-12 14:50:07 -07:00
parent 546a708acc
commit 5afc3f1dad
6 changed files with 30 additions and 20 deletions

View File

@ -463,6 +463,9 @@ Release 2.6.0 - UNRELEASED
HADOOP-11083. After refactoring of HTTP proxyuser to common, doAs param is HADOOP-11083. After refactoring of HTTP proxyuser to common, doAs param is
case sensitive. (tucu) case sensitive. (tucu)
HADOOP-11088. Unittest TestKeyShell, TestCredShell and TestKMS assume UNIX
path separator for JECKS key store path. (Xiaoyu Yao via cnauroth)
Release 2.5.1 - 2014-09-05 Release 2.5.1 - 2014-09-05
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES

View File

@ -24,6 +24,7 @@ import java.io.PrintStream;
import java.util.UUID; import java.util.UUID;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.junit.After; import org.junit.After;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
@ -51,7 +52,8 @@ public class TestKeyShell {
if (!tmpDir.mkdirs()) { if (!tmpDir.mkdirs()) {
throw new IOException("Unable to create " + tmpDir); throw new IOException("Unable to create " + tmpDir);
} }
jceksProvider = "jceks://file" + tmpDir + "/keystore.jceks"; final Path jksPath = new Path(tmpDir.toString(), "keystore.jceks");
jceksProvider = "jceks://file" + jksPath.toUri();
initialStdOut = System.out; initialStdOut = System.out;
initialStdErr = System.err; initialStdErr = System.err;
System.setOut(new PrintStream(outContent)); System.setOut(new PrintStream(outContent));

View File

@ -29,6 +29,7 @@ import java.util.Arrays;
import java.util.List; import java.util.List;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
@ -37,18 +38,23 @@ public class TestCredShell {
private final ByteArrayOutputStream errContent = new ByteArrayOutputStream(); private final ByteArrayOutputStream errContent = new ByteArrayOutputStream();
private static final File tmpDir = private static final File tmpDir =
new File(System.getProperty("test.build.data", "/tmp"), "creds"); new File(System.getProperty("test.build.data", "/tmp"), "creds");
/* The default JCEKS provider - for testing purposes */
private String jceksProvider;
@Before @Before
public void setup() throws Exception { public void setup() throws Exception {
System.setOut(new PrintStream(outContent)); System.setOut(new PrintStream(outContent));
System.setErr(new PrintStream(errContent)); System.setErr(new PrintStream(errContent));
final Path jksPath = new Path(tmpDir.toString(), "keystore.jceks");
jceksProvider = "jceks://file" + jksPath.toUri();
} }
@Test @Test
public void testCredentialSuccessfulLifecycle() throws Exception { public void testCredentialSuccessfulLifecycle() throws Exception {
outContent.reset(); outContent.reset();
String[] args1 = {"create", "credential1", "-value", "p@ssw0rd", "-provider", String[] args1 = {"create", "credential1", "-value", "p@ssw0rd", "-provider",
"jceks://file" + tmpDir + "/credstore.jceks"}; jceksProvider};
int rc = 0; int rc = 0;
CredentialShell cs = new CredentialShell(); CredentialShell cs = new CredentialShell();
cs.setConf(new Configuration()); cs.setConf(new Configuration());
@ -59,14 +65,14 @@ public class TestCredShell {
outContent.reset(); outContent.reset();
String[] args2 = {"list", "-provider", String[] args2 = {"list", "-provider",
"jceks://file" + tmpDir + "/credstore.jceks"}; jceksProvider};
rc = cs.run(args2); rc = cs.run(args2);
assertEquals(0, rc); assertEquals(0, rc);
assertTrue(outContent.toString().contains("credential1")); assertTrue(outContent.toString().contains("credential1"));
outContent.reset(); outContent.reset();
String[] args4 = {"delete", "credential1", "-provider", String[] args4 = {"delete", "credential1", "-provider",
"jceks://file" + tmpDir + "/credstore.jceks"}; jceksProvider};
rc = cs.run(args4); rc = cs.run(args4);
assertEquals(0, rc); assertEquals(0, rc);
assertTrue(outContent.toString().contains("credential1 has been successfully " + assertTrue(outContent.toString().contains("credential1 has been successfully " +
@ -74,7 +80,7 @@ public class TestCredShell {
outContent.reset(); outContent.reset();
String[] args5 = {"list", "-provider", String[] args5 = {"list", "-provider",
"jceks://file" + tmpDir + "/credstore.jceks"}; jceksProvider};
rc = cs.run(args5); rc = cs.run(args5);
assertEquals(0, rc); assertEquals(0, rc);
assertFalse(outContent.toString(), outContent.toString().contains("credential1")); assertFalse(outContent.toString(), outContent.toString().contains("credential1"));
@ -132,7 +138,7 @@ public class TestCredShell {
@Test @Test
public void testPromptForCredentialWithEmptyPasswd() throws Exception { public void testPromptForCredentialWithEmptyPasswd() throws Exception {
String[] args1 = {"create", "credential1", "-provider", String[] args1 = {"create", "credential1", "-provider",
"jceks://file" + tmpDir + "/credstore.jceks"}; jceksProvider};
ArrayList<String> passwords = new ArrayList<String>(); ArrayList<String> passwords = new ArrayList<String>();
passwords.add(null); passwords.add(null);
passwords.add("p@ssw0rd"); passwords.add("p@ssw0rd");
@ -148,7 +154,7 @@ public class TestCredShell {
@Test @Test
public void testPromptForCredential() throws Exception { public void testPromptForCredential() throws Exception {
String[] args1 = {"create", "credential1", "-provider", String[] args1 = {"create", "credential1", "-provider",
"jceks://file" + tmpDir + "/credstore.jceks"}; jceksProvider};
ArrayList<String> passwords = new ArrayList<String>(); ArrayList<String> passwords = new ArrayList<String>();
passwords.add("p@ssw0rd"); passwords.add("p@ssw0rd");
passwords.add("p@ssw0rd"); passwords.add("p@ssw0rd");
@ -162,7 +168,7 @@ public class TestCredShell {
"created.")); "created."));
String[] args2 = {"delete", "credential1", "-provider", String[] args2 = {"delete", "credential1", "-provider",
"jceks://file" + tmpDir + "/credstore.jceks"}; jceksProvider};
rc = shell.run(args2); rc = shell.run(args2);
assertEquals(0, rc); assertEquals(0, rc);
assertTrue(outContent.toString().contains("credential1 has been successfully " + assertTrue(outContent.toString().contains("credential1 has been successfully " +

View File

@ -19,6 +19,7 @@ package org.apache.hadoop.crypto.key.kms.server;
import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import java.io.File; import java.io.File;
import java.net.MalformedURLException; import java.net.MalformedURLException;
@ -72,15 +73,13 @@ public class KMSConfiguration {
String confDir = System.getProperty(KMS_CONFIG_DIR); String confDir = System.getProperty(KMS_CONFIG_DIR);
if (confDir != null) { if (confDir != null) {
try { try {
if (!confDir.startsWith("/")) { Path confPath = new Path(confDir);
if (!confPath.isUriPathAbsolute()) {
throw new RuntimeException("System property '" + KMS_CONFIG_DIR + throw new RuntimeException("System property '" + KMS_CONFIG_DIR +
"' must be an absolute path: " + confDir); "' must be an absolute path: " + confDir);
} }
if (!confDir.endsWith("/")) {
confDir += "/";
}
for (String resource : resources) { for (String resource : resources) {
conf.addResource(new URL("file://" + confDir + resource)); conf.addResource(new URL("file://" + new Path(confDir, resource).toUri()));
} }
} catch (MalformedURLException ex) { } catch (MalformedURLException ex) {
throw new RuntimeException(ex); throw new RuntimeException(ex);
@ -105,13 +104,11 @@ public class KMSConfiguration {
boolean newer = false; boolean newer = false;
String confDir = System.getProperty(KMS_CONFIG_DIR); String confDir = System.getProperty(KMS_CONFIG_DIR);
if (confDir != null) { if (confDir != null) {
if (!confDir.startsWith("/")) { Path confPath = new Path(confDir);
if (!confPath.isUriPathAbsolute()) {
throw new RuntimeException("System property '" + KMS_CONFIG_DIR + throw new RuntimeException("System property '" + KMS_CONFIG_DIR +
"' must be an absolute path: " + confDir); "' must be an absolute path: " + confDir);
} }
if (!confDir.endsWith("/")) {
confDir += "/";
}
File f = new File(confDir, KMS_ACLS_XML); File f = new File(confDir, KMS_ACLS_XML);
// at least 100ms newer than time, we do this to ensure the file // at least 100ms newer than time, we do this to ensure the file
// has been properly closed/flushed // has been properly closed/flushed

View File

@ -19,6 +19,7 @@ package org.apache.hadoop.crypto.key.kms.server;
import com.google.common.base.Preconditions; import com.google.common.base.Preconditions;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.mortbay.jetty.Connector; import org.mortbay.jetty.Connector;
import org.mortbay.jetty.Server; import org.mortbay.jetty.Server;
import org.mortbay.jetty.security.SslSocketConnector; import org.mortbay.jetty.security.SslSocketConnector;
@ -158,7 +159,7 @@ public class MiniKMS {
if (!kmsFile.exists()) { if (!kmsFile.exists()) {
Configuration kms = new Configuration(false); Configuration kms = new Configuration(false);
kms.set("hadoop.security.key.provider.path", kms.set("hadoop.security.key.provider.path",
"jceks://file@" + kmsConfDir + "/kms.keystore"); "jceks://file@" + new Path(kmsConfDir, "kms.keystore").toUri());
kms.set("hadoop.kms.authentication.type", "simple"); kms.set("hadoop.kms.authentication.type", "simple");
Writer writer = new FileWriter(kmsFile); Writer writer = new FileWriter(kmsFile);
kms.writeXml(writer); kms.writeXml(writer);

View File

@ -26,6 +26,7 @@ import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion; import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion;
import org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension; import org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension;
import org.apache.hadoop.crypto.key.kms.KMSClientProvider; import org.apache.hadoop.crypto.key.kms.KMSClientProvider;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Text;
import org.apache.hadoop.minikdc.MiniKdc; import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.Credentials;
@ -117,7 +118,7 @@ public class TestKMS {
protected Configuration createBaseKMSConf(File keyStoreDir) throws Exception { protected Configuration createBaseKMSConf(File keyStoreDir) throws Exception {
Configuration conf = new Configuration(false); Configuration conf = new Configuration(false);
conf.set("hadoop.security.key.provider.path", conf.set("hadoop.security.key.provider.path",
"jceks://file@/" + keyStoreDir.getAbsolutePath() + "/kms.keystore"); "jceks://file@" + new Path(keyStoreDir.getAbsolutePath(), "kms.keystore").toUri());
conf.set("hadoop.kms.authentication.type", "simple"); conf.set("hadoop.kms.authentication.type", "simple");
return conf; return conf;
} }