HDFS-16895. [RBF] NamenodeHeartbeatService should use credentials of logged in user
This commit is contained in:
parent
8714403dc7
commit
d310642626
|
@ -26,6 +26,7 @@ import java.io.IOException;
|
|||
import java.net.InetAddress;
|
||||
import java.net.InetSocketAddress;
|
||||
import java.net.URI;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
|
@ -45,6 +46,7 @@ import org.apache.hadoop.hdfs.tools.DFSHAAdmin;
|
|||
import org.apache.hadoop.hdfs.tools.NNHAServiceTarget;
|
||||
import org.apache.hadoop.hdfs.web.URLConnectionFactory;
|
||||
import org.apache.hadoop.net.NetUtils;
|
||||
import org.apache.hadoop.security.SecurityUtil;
|
||||
import org.codehaus.jettison.json.JSONArray;
|
||||
import org.codehaus.jettison.json.JSONException;
|
||||
import org.codehaus.jettison.json.JSONObject;
|
||||
|
@ -236,7 +238,15 @@ public class NamenodeHeartbeatService extends PeriodicService {
|
|||
|
||||
@Override
|
||||
public void periodicInvoke() {
|
||||
updateState();
|
||||
try {
|
||||
// Run using the login user credentials
|
||||
SecurityUtil.doAsLoginUser((PrivilegedExceptionAction<Void>) () -> {
|
||||
updateState();
|
||||
return null;
|
||||
});
|
||||
} catch (IOException e) {
|
||||
LOG.error("Cannot update namenode state", e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -26,6 +26,7 @@ import static org.apache.hadoop.hdfs.client.HdfsClientConfigKeys.DFS_NAMENODE_RP
|
|||
import static org.apache.hadoop.hdfs.server.federation.FederationTestUtils.NAMENODES;
|
||||
import static org.apache.hadoop.hdfs.server.federation.FederationTestUtils.NAMESERVICES;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertNull;
|
||||
|
||||
|
@ -36,6 +37,7 @@ import java.util.Iterator;
|
|||
import java.util.List;
|
||||
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.fs.contract.router.SecurityConfUtil;
|
||||
import org.apache.hadoop.hdfs.DFSUtil;
|
||||
import org.apache.hadoop.hdfs.HdfsConfiguration;
|
||||
import org.apache.hadoop.hdfs.server.federation.MockResolver;
|
||||
|
@ -44,6 +46,7 @@ import org.apache.hadoop.hdfs.server.federation.MiniRouterDFSCluster.NamenodeCon
|
|||
import org.apache.hadoop.hdfs.server.federation.resolver.ActiveNamenodeResolver;
|
||||
import org.apache.hadoop.hdfs.server.federation.resolver.FederationNamenodeContext;
|
||||
import org.apache.hadoop.net.MockDomainNameResolver;
|
||||
import org.apache.hadoop.security.UserGroupInformation;
|
||||
import org.apache.hadoop.service.Service.STATE;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.BeforeClass;
|
||||
|
@ -318,4 +321,33 @@ public class TestRouterNamenodeHeartbeat {
|
|||
|
||||
return conf;
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNamenodeHeartbeatWithSecurity() throws Exception {
|
||||
Configuration conf = SecurityConfUtil.initSecurity();
|
||||
MiniRouterDFSCluster testCluster = null;
|
||||
try {
|
||||
testCluster = new MiniRouterDFSCluster(true, 1, conf);
|
||||
// Start Namenodes and routers
|
||||
testCluster.startCluster(conf);
|
||||
testCluster.startRouters();
|
||||
|
||||
// Register Namenodes to generate a NamenodeStatusReport
|
||||
testCluster.registerNamenodes();
|
||||
testCluster.waitNamenodeRegistration();
|
||||
|
||||
for (MiniRouterDFSCluster.RouterContext routerContext : testCluster.getRouters()) {
|
||||
ActiveNamenodeResolver resolver = routerContext.getRouter().getNamenodeResolver();
|
||||
// Validate that NamenodeStatusReport has been registered
|
||||
assertNotNull(resolver.getNamespaces());
|
||||
assertFalse(resolver.getNamespaces().isEmpty());
|
||||
}
|
||||
} finally {
|
||||
if (testCluster != null) {
|
||||
testCluster.shutdown();
|
||||
}
|
||||
UserGroupInformation.reset();
|
||||
SecurityConfUtil.destroy();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue