HDFS-11702. Remove indefinite caching of key provider uri in DFSClient. Contributed by Rushabh S Shah.

This commit is contained in:
Kihwal Lee 2017-05-08 08:27:37 -05:00
parent a9a3d219fe
commit cef2815cf4
2 changed files with 1 additions and 22 deletions

View File

@ -232,7 +232,6 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory,
private static ThreadPoolExecutor HEDGED_READ_THREAD_POOL;
private static volatile ThreadPoolExecutor STRIPED_READ_THREAD_POOL;
private final int smallBufferSize;
private URI keyProviderUri = null;
public DfsClientConf getConf() {
return dfsClientConf;
@ -2901,10 +2900,7 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory,
* @throws IOException
*/
URI getKeyProviderUri() throws IOException {
if (keyProviderUri != null) {
return keyProviderUri;
}
URI keyProviderUri = null;
// Lookup the secret in credentials object for namenodeuri.
Credentials credentials = ugi.getCredentials();
byte[] keyProviderUriBytes = credentials.getSecretKey(getKeyProviderMapKey());
@ -2936,14 +2932,6 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory,
return clientContext.getKeyProviderCache().get(conf, getKeyProviderUri());
}
/*
* Should be used only for testing.
*/
@VisibleForTesting
public void setKeyProviderUri(URI providerUri) {
this.keyProviderUri = providerUri;
}
@VisibleForTesting
public void setKeyProvider(KeyProvider provider) {
clientContext.getKeyProviderCache().setKeyProvider(conf, provider);

View File

@ -1702,7 +1702,6 @@ public class TestEncryptionZones {
credentials.addSecretKey(lookUpKey,
DFSUtilClient.string2Bytes(dummyKeyProvider));
client.ugi.addCredentials(credentials);
client.setKeyProviderUri(null);
Assert.assertEquals("Client Key provider is different from provider in "
+ "credentials map", dummyKeyProvider,
client.getKeyProviderUri().toString());
@ -1724,7 +1723,6 @@ public class TestEncryptionZones {
CommonConfigurationKeysPublic.HADOOP_SECURITY_KEY_PROVIDER_PATH,
dummyKeyProviderUri1);
DFSClient mockClient = Mockito.spy(cluster.getFileSystem().getClient());
mockClient.setKeyProviderUri(null);
// Namenode returning null as keyProviderUri in FSServerDefaults.
FsServerDefaults serverDefaultsWithKeyProviderNull =
getTestServerDefaults(null);
@ -1736,7 +1734,6 @@ public class TestEncryptionZones {
Mockito.verify(mockClient, Mockito.times(1)).getServerDefaults();
String dummyKeyProviderUri2 = "dummy://foo:bar@test_provider2";
mockClient.setKeyProviderUri(null);
FsServerDefaults serverDefaultsWithDummyKeyProvider =
getTestServerDefaults(dummyKeyProviderUri2);
// Namenode returning dummyKeyProvider2 in serverDefaults.
@ -1765,8 +1762,6 @@ public class TestEncryptionZones {
// Unset the provider path in conf
clusterConf.unset(
CommonConfigurationKeysPublic.HADOOP_SECURITY_KEY_PROVIDER_PATH);
// Nullify the cached value for key provider uri on client
cluster.getFileSystem().getClient().setKeyProviderUri(null);
// Even after unsetting the local conf, the client key provider should be
// the same as namenode's provider.
Assert.assertEquals("Key Provider for client and namenode are different",
@ -1777,8 +1772,6 @@ public class TestEncryptionZones {
clusterConf.set(
CommonConfigurationKeysPublic.HADOOP_SECURITY_KEY_PROVIDER_PATH,
"dummy://foo:bar@test_provider1");
// Nullify the cached value for key provider uri on client
cluster.getFileSystem().getClient().setKeyProviderUri(null);
// Even after pointing the conf to some dummy provider, the client key
// provider should be the same as namenode's provider.
Assert.assertEquals("Key Provider for client and namenode are different",
@ -1813,8 +1806,6 @@ public class TestEncryptionZones {
// Creating a fake serverdefaults so that we can simulate namenode not
// being upgraded.
DFSClient spyClient = Mockito.spy(cluster.getFileSystem().getClient());
// Clear the cache value of keyProviderUri on client side.
spyClient.setKeyProviderUri(null);
Mockito.doReturn(spyServerDefaults).when(spyClient).getServerDefaults();
// Since FsServerDefaults#keyProviderUri is null, the client