HDFS-11702. Remove indefinite caching of key provider uri in DFSClient. Contributed by Rushabh S Shah.
(cherry picked from commit cef2815cf4)
This commit is contained in:
Kihwal Lee
parent
a80ac0822b
commit
9d8d3a84bd
|
|
@ -242,7 +242,6 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory,
|
||||||
new DFSHedgedReadMetrics();
|
new DFSHedgedReadMetrics();
|
||||||
private static ThreadPoolExecutor HEDGED_READ_THREAD_POOL;
|
private static ThreadPoolExecutor HEDGED_READ_THREAD_POOL;
|
||||||
private final int smallBufferSize;
|
private final int smallBufferSize;
|
||||||
private URI keyProviderUri = null;
|
|
||||||
|
|
||||||
public DfsClientConf getConf() {
|
public DfsClientConf getConf() {
|
||||||
return dfsClientConf;
|
return dfsClientConf;
|
||||||
|
|
@ -3010,10 +3009,7 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory,
|
||||||
* @throws IOException
|
* @throws IOException
|
||||||
*/
|
*/
|
||||||
URI getKeyProviderUri() throws IOException {
|
URI getKeyProviderUri() throws IOException {
|
||||||
if (keyProviderUri != null) {
|
URI keyProviderUri = null;
|
||||||
return keyProviderUri;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Lookup the secret in credentials object for namenodeuri.
|
// Lookup the secret in credentials object for namenodeuri.
|
||||||
Credentials credentials = ugi.getCredentials();
|
Credentials credentials = ugi.getCredentials();
|
||||||
byte[] keyProviderUriBytes = credentials.getSecretKey(getKeyProviderMapKey());
|
byte[] keyProviderUriBytes = credentials.getSecretKey(getKeyProviderMapKey());
|
||||||
|
|
@ -3045,14 +3041,6 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory,
|
||||||
return clientContext.getKeyProviderCache().get(conf, getKeyProviderUri());
|
return clientContext.getKeyProviderCache().get(conf, getKeyProviderUri());
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
* Should be used only for testing.
|
|
||||||
*/
|
|
||||||
@VisibleForTesting
|
|
||||||
public void setKeyProviderUri(URI providerUri) {
|
|
||||||
this.keyProviderUri = providerUri;
|
|
||||||
}
|
|
||||||
|
|
||||||
@VisibleForTesting
|
@VisibleForTesting
|
||||||
public void setKeyProvider(KeyProvider provider) {
|
public void setKeyProvider(KeyProvider provider) {
|
||||||
clientContext.getKeyProviderCache().setKeyProvider(conf, provider);
|
clientContext.getKeyProviderCache().setKeyProvider(conf, provider);
|
||||||
|
|
|
||||||
|
|
@ -1685,7 +1685,6 @@ public class TestEncryptionZones {
|
||||||
credentials.addSecretKey(lookUpKey,
|
credentials.addSecretKey(lookUpKey,
|
||||||
DFSUtilClient.string2Bytes(dummyKeyProvider));
|
DFSUtilClient.string2Bytes(dummyKeyProvider));
|
||||||
client.ugi.addCredentials(credentials);
|
client.ugi.addCredentials(credentials);
|
||||||
client.setKeyProviderUri(null);
|
|
||||||
Assert.assertEquals("Client Key provider is different from provider in "
|
Assert.assertEquals("Client Key provider is different from provider in "
|
||||||
+ "credentials map", dummyKeyProvider,
|
+ "credentials map", dummyKeyProvider,
|
||||||
client.getKeyProviderUri().toString());
|
client.getKeyProviderUri().toString());
|
||||||
|
|
@ -1707,7 +1706,6 @@ public class TestEncryptionZones {
|
||||||
CommonConfigurationKeysPublic.HADOOP_SECURITY_KEY_PROVIDER_PATH,
|
CommonConfigurationKeysPublic.HADOOP_SECURITY_KEY_PROVIDER_PATH,
|
||||||
dummyKeyProviderUri1);
|
dummyKeyProviderUri1);
|
||||||
DFSClient mockClient = Mockito.spy(cluster.getFileSystem().getClient());
|
DFSClient mockClient = Mockito.spy(cluster.getFileSystem().getClient());
|
||||||
mockClient.setKeyProviderUri(null);
|
|
||||||
// Namenode returning null as keyProviderUri in FSServerDefaults.
|
// Namenode returning null as keyProviderUri in FSServerDefaults.
|
||||||
FsServerDefaults serverDefaultsWithKeyProviderNull =
|
FsServerDefaults serverDefaultsWithKeyProviderNull =
|
||||||
getTestServerDefaults(null);
|
getTestServerDefaults(null);
|
||||||
|
|
@ -1719,7 +1717,6 @@ public class TestEncryptionZones {
|
||||||
Mockito.verify(mockClient, Mockito.times(1)).getServerDefaults();
|
Mockito.verify(mockClient, Mockito.times(1)).getServerDefaults();
|
||||||
|
|
||||||
String dummyKeyProviderUri2 = "dummy://foo:bar@test_provider2";
|
String dummyKeyProviderUri2 = "dummy://foo:bar@test_provider2";
|
||||||
mockClient.setKeyProviderUri(null);
|
|
||||||
FsServerDefaults serverDefaultsWithDummyKeyProvider =
|
FsServerDefaults serverDefaultsWithDummyKeyProvider =
|
||||||
getTestServerDefaults(dummyKeyProviderUri2);
|
getTestServerDefaults(dummyKeyProviderUri2);
|
||||||
// Namenode returning dummyKeyProvider2 in serverDefaults.
|
// Namenode returning dummyKeyProvider2 in serverDefaults.
|
||||||
|
|
@ -1748,8 +1745,6 @@ public class TestEncryptionZones {
|
||||||
// Unset the provider path in conf
|
// Unset the provider path in conf
|
||||||
clusterConf.unset(
|
clusterConf.unset(
|
||||||
CommonConfigurationKeysPublic.HADOOP_SECURITY_KEY_PROVIDER_PATH);
|
CommonConfigurationKeysPublic.HADOOP_SECURITY_KEY_PROVIDER_PATH);
|
||||||
// Nullify the cached value for key provider uri on client
|
|
||||||
cluster.getFileSystem().getClient().setKeyProviderUri(null);
|
|
||||||
// Even after unsetting the local conf, the client key provider should be
|
// Even after unsetting the local conf, the client key provider should be
|
||||||
// the same as namenode's provider.
|
// the same as namenode's provider.
|
||||||
Assert.assertEquals("Key Provider for client and namenode are different",
|
Assert.assertEquals("Key Provider for client and namenode are different",
|
||||||
|
|
@ -1760,8 +1755,6 @@ public class TestEncryptionZones {
|
||||||
clusterConf.set(
|
clusterConf.set(
|
||||||
CommonConfigurationKeysPublic.HADOOP_SECURITY_KEY_PROVIDER_PATH,
|
CommonConfigurationKeysPublic.HADOOP_SECURITY_KEY_PROVIDER_PATH,
|
||||||
"dummy://foo:bar@test_provider1");
|
"dummy://foo:bar@test_provider1");
|
||||||
// Nullify the cached value for key provider uri on client
|
|
||||||
cluster.getFileSystem().getClient().setKeyProviderUri(null);
|
|
||||||
// Even after pointing the conf to some dummy provider, the client key
|
// Even after pointing the conf to some dummy provider, the client key
|
||||||
// provider should be the same as namenode's provider.
|
// provider should be the same as namenode's provider.
|
||||||
Assert.assertEquals("Key Provider for client and namenode are different",
|
Assert.assertEquals("Key Provider for client and namenode are different",
|
||||||
|
|
@ -1796,8 +1789,6 @@ public class TestEncryptionZones {
|
||||||
// Creating a fake serverdefaults so that we can simulate namenode not
|
// Creating a fake serverdefaults so that we can simulate namenode not
|
||||||
// being upgraded.
|
// being upgraded.
|
||||||
DFSClient spyClient = Mockito.spy(cluster.getFileSystem().getClient());
|
DFSClient spyClient = Mockito.spy(cluster.getFileSystem().getClient());
|
||||||
// Clear the cache value of keyProviderUri on client side.
|
|
||||||
spyClient.setKeyProviderUri(null);
|
|
||||||
Mockito.doReturn(spyServerDefaults).when(spyClient).getServerDefaults();
|
Mockito.doReturn(spyServerDefaults).when(spyClient).getServerDefaults();
|
||||||
|
|
||||||
// Since FsServerDefaults#keyProviderUri is null, the client
|
// Since FsServerDefaults#keyProviderUri is null, the client
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue