HDDS-2228. Fix NPE in OzoneDelegationTokenManager#addPersistedDelegat… (#1571)

2019-10-02 23:09:06 -07:00 · 2019-10-02 23:09:06 -07:00 · c5665b23ca
parent 4c24f2434d
commit c5665b23ca
4 changed files with 37 additions and 6 deletions
--- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java
+++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java
@ -84,13 +84,16 @@ public class OzoneDelegationTokenSecretManager
   * milliseconds
   * @param dtRemoverScanInterval how often the tokens are scanned for expired
   * tokens in milliseconds
+   * @param certClient certificate client to SCM CA
   */
  public OzoneDelegationTokenSecretManager(OzoneConfiguration conf,
      long tokenMaxLifetime, long tokenRenewInterval,
      long dtRemoverScanInterval, Text service,
-      S3SecretManager s3SecretManager) throws IOException {
+      S3SecretManager s3SecretManager, CertificateClient certClient)
+      throws IOException {
    super(new SecurityConfig(conf), tokenMaxLifetime, tokenRenewInterval,
        service, LOG);
+    setCertClient(certClient);
    currentTokens = new ConcurrentHashMap();
    this.tokenRemoverScanInterval = dtRemoverScanInterval;
    this.s3SecretManager = (S3SecretManagerImpl) s3SecretManager;
--- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretManager.java
+++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretManager.java
@ -70,6 +70,7 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
   * @param tokenRenewInterval how often the tokens must be renewed in
   * milliseconds
   * @param service name of service
+   * @param logger logger for the secret manager
   */
  public OzoneSecretManager(SecurityConfig secureConf, long tokenMaxLifetime,
      long tokenRenewInterval, Text service, Logger logger) {
@ -188,7 +189,7 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
  public synchronized void start(CertificateClient client)
      throws IOException {
    Preconditions.checkState(!isRunning());
-    this.certClient = client;
+    setCertClient(client);
    updateCurrentKey(new KeyPair(certClient.getPublicKey(),
        certClient.getPrivateKey()));
    setIsRunning(true);
@ -247,5 +248,9 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
  public CertificateClient getCertClient() {
    return certClient;
  }
+
+  public void setCertClient(CertificateClient client) {
+    this.certClient = client;
+  }
 }

--- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
+++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
@ -627,7 +627,7 @@ public final class OzoneManager extends ServiceRuntimeInfoImpl

    return new OzoneDelegationTokenSecretManager(conf, tokenMaxLifetime,
        tokenRenewInterval, tokenRemoverScanInterval, omRpcAddressTxt,
-        s3SecretManager);
+        s3SecretManager, certClient);
  }

  private OzoneBlockTokenSecretManager createBlockTokenSecretManager(
--- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java
+++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java
@ -169,8 +169,15 @@ public class TestOzoneDelegationTokenSecretManager {
    validateHash(token.getPassword(), token.getIdentifier());
  }

-  @Test
-  public void testRenewTokenSuccess() throws Exception {
+  private void restartSecretManager() throws IOException {
+    secretManager.stop();
+    secretManager = null;
+    secretManager = createSecretManager(conf, tokenMaxLifetime,
+        expiryTime, tokenRemoverScanInterval);
+  }
+
+  private void testRenewTokenSuccessHelper(boolean restartSecretManager)
+      throws Exception {
    secretManager = createSecretManager(conf, tokenMaxLifetime,
        expiryTime, tokenRemoverScanInterval);
    secretManager.start(certificateClient);
@ -178,10 +185,25 @@ public class TestOzoneDelegationTokenSecretManager {
        TEST_USER,
        TEST_USER);
    Thread.sleep(10 * 5);
+
+    if (restartSecretManager) {
+      restartSecretManager();
+    }
+
    long renewalTime = secretManager.renewToken(token, TEST_USER.toString());
    Assert.assertTrue(renewalTime > 0);
  }

+  @Test
+  public void testReloadAndRenewToken() throws Exception {
+    testRenewTokenSuccessHelper(true);
+  }
+
+  @Test
+  public void testRenewTokenSuccess() throws Exception {
+    testRenewTokenSuccessHelper(false);
+  }
+
  /**
   * Tests failure for mismatch in renewer.
   */
@ -375,6 +397,7 @@ public class TestOzoneDelegationTokenSecretManager {
      createSecretManager(OzoneConfiguration config, long tokenMaxLife,
      long expiry, long tokenRemoverScanTime) throws IOException {
    return new OzoneDelegationTokenSecretManager(config, tokenMaxLife,
-        expiry, tokenRemoverScanTime, serviceRpcAdd, s3SecretManager);
+        expiry, tokenRemoverScanTime, serviceRpcAdd, s3SecretManager,
+        certificateClient);
  }
 }