HDFS-12974. Exception message is not printed when creating an encryption zone fails with AuthorizationException. Contributed by fang zhenyi.
This commit is contained in:
parent
6bc2f7f4b4
commit
b63dcd583f
|
@ -64,17 +64,19 @@ public class AuthorizationException extends AccessControlException {
|
|||
|
||||
@Override
|
||||
public void printStackTrace() {
|
||||
// Do not provide the stack-trace
|
||||
printStackTrace(System.err);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void printStackTrace(PrintStream s) {
|
||||
// Do not provide the stack-trace
|
||||
s.println(this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void printStackTrace(PrintWriter s) {
|
||||
// Do not provide the stack-trace
|
||||
s.println(this);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -51,4 +51,7 @@ public class EncryptionFaultInjector {
|
|||
|
||||
@VisibleForTesting
|
||||
public void reencryptUpdaterProcessCheckpoint() throws IOException {}
|
||||
|
||||
@VisibleForTesting
|
||||
public void ensureKeyIsInitialized() throws IOException {}
|
||||
}
|
||||
|
|
|
@ -121,6 +121,7 @@ final class FSDirEncryptionZoneOp {
|
|||
throw new IOException("Must specify a key name when creating an "
|
||||
+ "encryption zone");
|
||||
}
|
||||
EncryptionFaultInjector.getInstance().ensureKeyIsInitialized();
|
||||
KeyProvider.Metadata metadata = provider.getMetadata(keyName);
|
||||
if (metadata == null) {
|
||||
/*
|
||||
|
|
|
@ -80,9 +80,11 @@ import org.apache.hadoop.hdfs.web.WebHdfsConstants;
|
|||
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
|
||||
import org.apache.hadoop.hdfs.web.WebHdfsTestUtil;
|
||||
import org.apache.hadoop.io.EnumSetWritable;
|
||||
import org.apache.hadoop.ipc.RemoteException;
|
||||
import org.apache.hadoop.security.AccessControlException;
|
||||
import org.apache.hadoop.security.Credentials;
|
||||
import org.apache.hadoop.security.UserGroupInformation;
|
||||
import org.apache.hadoop.security.authorize.AuthorizationException;
|
||||
import org.apache.hadoop.security.token.Token;
|
||||
import org.apache.hadoop.util.DataChecksum;
|
||||
import org.apache.hadoop.util.ToolRunner;
|
||||
|
@ -149,6 +151,9 @@ public class TestEncryptionZones {
|
|||
private File testRootDir;
|
||||
protected final String TEST_KEY = "test_key";
|
||||
private static final String NS_METRICS = "FSNamesystem";
|
||||
private static final String AUTHORIZATION_EXCEPTION_MESSAGE =
|
||||
"User [root] is not authorized to perform [READ] on key " +
|
||||
"with ACL name [key2]!!";
|
||||
|
||||
protected FileSystemTestWrapper fsWrapper;
|
||||
protected FileContextTestWrapper fcWrapper;
|
||||
|
@ -447,7 +452,6 @@ public class TestEncryptionZones {
|
|||
dfsAdmin.createEncryptionZone(zone2, myKeyName, NO_TRASH);
|
||||
assertNumZones(++numZones);
|
||||
assertZonePresent(myKeyName, zone2.toString());
|
||||
|
||||
/* Test failure of create encryption zones as a non super user. */
|
||||
final UserGroupInformation user = UserGroupInformation.
|
||||
createUserForTesting("user", new String[] { "mygroup" });
|
||||
|
@ -1057,6 +1061,31 @@ public class TestEncryptionZones {
|
|||
}
|
||||
}
|
||||
|
||||
private class AuthorizationExceptionInjector extends EncryptionFaultInjector {
|
||||
@Override
|
||||
public void ensureKeyIsInitialized() throws IOException {
|
||||
throw new AuthorizationException(AUTHORIZATION_EXCEPTION_MESSAGE);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testExceptionInformationReturn() {
|
||||
/* Test exception information can be returned when
|
||||
creating transparent encryption zone.*/
|
||||
final Path zone1 = new Path("/zone1");
|
||||
EncryptionFaultInjector.instance = new AuthorizationExceptionInjector();
|
||||
try {
|
||||
dfsAdmin.createEncryptionZone(zone1, TEST_KEY, NO_TRASH);
|
||||
fail("exception information can be returned when creating " +
|
||||
"transparent encryption zone");
|
||||
} catch (IOException e) {
|
||||
assertTrue(e instanceof RemoteException);
|
||||
assertTrue(((RemoteException) e).unwrapRemoteException()
|
||||
instanceof AuthorizationException);
|
||||
assertExceptionContains(AUTHORIZATION_EXCEPTION_MESSAGE, e);
|
||||
}
|
||||
}
|
||||
|
||||
private class MyInjector extends EncryptionFaultInjector {
|
||||
volatile int generateCount;
|
||||
CountDownLatch ready;
|
||||
|
|
Loading…
Reference in New Issue