HDFS-12974. Exception message is not printed when creating an encryption zone fails with AuthorizationException. Contributed by fang zhenyi.

(cherry picked from commit b63dcd583f)
This commit is contained in:
Xiao Chen 2018-01-28 22:15:58 -08:00
parent fd5081bd24
commit 75be15cf02
4 changed files with 38 additions and 3 deletions

View File

@ -64,17 +64,19 @@ public class AuthorizationException extends AccessControlException {
@Override
public void printStackTrace() {
// Do not provide the stack-trace
printStackTrace(System.err);
}
@Override
public void printStackTrace(PrintStream s) {
// Do not provide the stack-trace
s.println(this);
}
@Override
public void printStackTrace(PrintWriter s) {
// Do not provide the stack-trace
s.println(this);
}
}

View File

@ -51,4 +51,7 @@ public class EncryptionFaultInjector {
@VisibleForTesting
public void reencryptUpdaterProcessCheckpoint() throws IOException {}
@VisibleForTesting
public void ensureKeyIsInitialized() throws IOException {}
}

View File

@ -121,6 +121,7 @@ final class FSDirEncryptionZoneOp {
throw new IOException("Must specify a key name when creating an "
+ "encryption zone");
}
EncryptionFaultInjector.getInstance().ensureKeyIsInitialized();
KeyProvider.Metadata metadata = provider.getMetadata(keyName);
if (metadata == null) {
/*

View File

@ -80,9 +80,11 @@ import org.apache.hadoop.hdfs.web.WebHdfsConstants;
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
import org.apache.hadoop.hdfs.web.WebHdfsTestUtil;
import org.apache.hadoop.io.EnumSetWritable;
import org.apache.hadoop.ipc.RemoteException;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AuthorizationException;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.DataChecksum;
import org.apache.hadoop.util.ToolRunner;
@ -149,6 +151,9 @@ public class TestEncryptionZones {
private File testRootDir;
protected final String TEST_KEY = "test_key";
private static final String NS_METRICS = "FSNamesystem";
private static final String AUTHORIZATION_EXCEPTION_MESSAGE =
"User [root] is not authorized to perform [READ] on key " +
"with ACL name [key2]!!";
protected FileSystemTestWrapper fsWrapper;
protected FileContextTestWrapper fcWrapper;
@ -447,7 +452,6 @@ public class TestEncryptionZones {
dfsAdmin.createEncryptionZone(zone2, myKeyName, NO_TRASH);
assertNumZones(++numZones);
assertZonePresent(myKeyName, zone2.toString());
/* Test failure of create encryption zones as a non super user. */
final UserGroupInformation user = UserGroupInformation.
createUserForTesting("user", new String[] { "mygroup" });
@ -1057,6 +1061,31 @@ public class TestEncryptionZones {
}
}
private class AuthorizationExceptionInjector extends EncryptionFaultInjector {
@Override
public void ensureKeyIsInitialized() throws IOException {
throw new AuthorizationException(AUTHORIZATION_EXCEPTION_MESSAGE);
}
}
@Test
public void testExceptionInformationReturn() {
/* Test exception information can be returned when
creating transparent encryption zone.*/
final Path zone1 = new Path("/zone1");
EncryptionFaultInjector.instance = new AuthorizationExceptionInjector();
try {
dfsAdmin.createEncryptionZone(zone1, TEST_KEY, NO_TRASH);
fail("exception information can be returned when creating " +
"transparent encryption zone");
} catch (IOException e) {
assertTrue(e instanceof RemoteException);
assertTrue(((RemoteException) e).unwrapRemoteException()
instanceof AuthorizationException);
assertExceptionContains(AUTHORIZATION_EXCEPTION_MESSAGE, e);
}
}
private class MyInjector extends EncryptionFaultInjector {
volatile int generateCount;
CountDownLatch ready;