Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HDFS-12974. Exception message is not printed when creating an encryption zone fails with AuthorizationException. Contributed by fang zhenyi.

This commit is contained in:
Xiao Chen 2018-01-28 22:15:58 -08:00
parent 6bc2f7f4b4
commit b63dcd583f
4 changed files with 38 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AuthorizationException.java
View File

@ -64,17 +64,19 @@ public class AuthorizationException extends AccessControlException {
@Override @Override
public void printStackTrace() { public void printStackTrace() {
// Do not provide the stack-trace printStackTrace(System.err);
} }
@Override @Override
public void printStackTrace(PrintStream s) { public void printStackTrace(PrintStream s) {
// Do not provide the stack-trace // Do not provide the stack-trace
s.println(this);
} }
@Override @Override
public void printStackTrace(PrintWriter s) { public void printStackTrace(PrintWriter s) {
// Do not provide the stack-trace // Do not provide the stack-trace
s.println(this);
} }
} }

3
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/EncryptionFaultInjector.java
View File

@ -51,4 +51,7 @@ public class EncryptionFaultInjector {
@VisibleForTesting @VisibleForTesting
public void reencryptUpdaterProcessCheckpoint() throws IOException {} public void reencryptUpdaterProcessCheckpoint() throws IOException {}
@VisibleForTesting
public void ensureKeyIsInitialized() throws IOException {}
} }

1
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirEncryptionZoneOp.java
View File

@ -121,6 +121,7 @@ final class FSDirEncryptionZoneOp {
throw new IOException("Must specify a key name when creating an " throw new IOException("Must specify a key name when creating an "
+ "encryption zone"); + "encryption zone");
} }
EncryptionFaultInjector.getInstance().ensureKeyIsInitialized();
KeyProvider.Metadata metadata = provider.getMetadata(keyName); KeyProvider.Metadata metadata = provider.getMetadata(keyName);
if (metadata == null) { if (metadata == null) {
/* /*

31
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java
View File

@ -80,9 +80,11 @@ import org.apache.hadoop.hdfs.web.WebHdfsConstants;
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem; import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
import org.apache.hadoop.hdfs.web.WebHdfsTestUtil; import org.apache.hadoop.hdfs.web.WebHdfsTestUtil;
import org.apache.hadoop.io.EnumSetWritable; import org.apache.hadoop.io.EnumSetWritable;
import org.apache.hadoop.ipc.RemoteException;
import org.apache.hadoop.security.AccessControlException; import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AuthorizationException;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.DataChecksum; import org.apache.hadoop.util.DataChecksum;
import org.apache.hadoop.util.ToolRunner; import org.apache.hadoop.util.ToolRunner;
@ -149,6 +151,9 @@ public class TestEncryptionZones {
private File testRootDir; private File testRootDir;
protected final String TEST_KEY = "test_key"; protected final String TEST_KEY = "test_key";
private static final String NS_METRICS = "FSNamesystem"; private static final String NS_METRICS = "FSNamesystem";
private static final String AUTHORIZATION_EXCEPTION_MESSAGE =
"User [root] is not authorized to perform [READ] on key " +
"with ACL name [key2]!!";
protected FileSystemTestWrapper fsWrapper; protected FileSystemTestWrapper fsWrapper;
protected FileContextTestWrapper fcWrapper; protected FileContextTestWrapper fcWrapper;
@ -447,7 +452,6 @@ public class TestEncryptionZones {
dfsAdmin.createEncryptionZone(zone2, myKeyName, NO_TRASH); dfsAdmin.createEncryptionZone(zone2, myKeyName, NO_TRASH);
assertNumZones(++numZones); assertNumZones(++numZones);
assertZonePresent(myKeyName, zone2.toString()); assertZonePresent(myKeyName, zone2.toString());
/* Test failure of create encryption zones as a non super user. */ /* Test failure of create encryption zones as a non super user. */
final UserGroupInformation user = UserGroupInformation. final UserGroupInformation user = UserGroupInformation.
createUserForTesting("user", new String[] { "mygroup" }); createUserForTesting("user", new String[] { "mygroup" });
@ -1057,6 +1061,31 @@ public class TestEncryptionZones {
} }
} }
private class AuthorizationExceptionInjector extends EncryptionFaultInjector {
@Override
public void ensureKeyIsInitialized() throws IOException {
throw new AuthorizationException(AUTHORIZATION_EXCEPTION_MESSAGE);
}
}
@Test
public void testExceptionInformationReturn() {
/* Test exception information can be returned when
creating transparent encryption zone.*/
final Path zone1 = new Path("/zone1");
EncryptionFaultInjector.instance = new AuthorizationExceptionInjector();
try {
dfsAdmin.createEncryptionZone(zone1, TEST_KEY, NO_TRASH);
fail("exception information can be returned when creating " +
"transparent encryption zone");
} catch (IOException e) {
assertTrue(e instanceof RemoteException);
assertTrue(((RemoteException) e).unwrapRemoteException()
instanceof AuthorizationException);
assertExceptionContains(AUTHORIZATION_EXCEPTION_MESSAGE, e);
}
}
private class MyInjector extends EncryptionFaultInjector { private class MyInjector extends EncryptionFaultInjector {
volatile int generateCount; volatile int generateCount;
CountDownLatch ready; CountDownLatch ready;