YARN-6104. RegistrySecurity overrides zookeeper sasl system properties. Contributed by Billie Rinaldi

This commit is contained in:
Jian He 2017-01-19 10:18:59 -08:00
parent 5251de00fa
commit d374087670
2 changed files with 31 additions and 2 deletions

View File

@ -737,8 +737,15 @@ public class RegistrySecurity extends AbstractService {
String context) { String context) {
RegistrySecurity.validateContext(context); RegistrySecurity.validateContext(context);
enableZookeeperClientSASL(); enableZookeeperClientSASL();
System.setProperty(PROP_ZK_SASL_CLIENT_USERNAME, username); setSystemPropertyIfUnset(PROP_ZK_SASL_CLIENT_USERNAME, username);
System.setProperty(PROP_ZK_SASL_CLIENT_CONTEXT, context); setSystemPropertyIfUnset(PROP_ZK_SASL_CLIENT_CONTEXT, context);
}
private static void setSystemPropertyIfUnset(String name, String value) {
String existingValue = System.getProperty(name);
if (existingValue == null || existingValue.isEmpty()) {
System.setProperty(name, value);
}
} }
/** /**

View File

@ -37,6 +37,8 @@ import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginContext;
import static org.apache.hadoop.registry.client.api.RegistryConstants.*; import static org.apache.hadoop.registry.client.api.RegistryConstants.*;
import static org.apache.hadoop.registry.client.impl.zk.ZookeeperConfigOptions.PROP_ZK_SASL_CLIENT_CONTEXT;
import static org.apache.hadoop.registry.client.impl.zk.ZookeeperConfigOptions.PROP_ZK_SASL_CLIENT_USERNAME;
/** /**
* Verify that the Mini ZK service can be started up securely * Verify that the Mini ZK service can be started up securely
@ -138,6 +140,26 @@ public class TestSecureRegistry extends AbstractSecureRegistryTest {
} }
} }
@Test
public void testSystemPropertyOverwrite() {
System.setProperty(PROP_ZK_SASL_CLIENT_USERNAME, "");
System.setProperty(PROP_ZK_SASL_CLIENT_CONTEXT, "");
RegistrySecurity.setZKSaslClientProperties(ZOOKEEPER,
ZOOKEEPER_CLIENT_CONTEXT);
assertEquals(ZOOKEEPER, System.getProperty(PROP_ZK_SASL_CLIENT_USERNAME));
assertEquals(ZOOKEEPER_CLIENT_CONTEXT,
System.getProperty(PROP_ZK_SASL_CLIENT_CONTEXT));
String userName = "user1";
String context = "context1";
System.setProperty(PROP_ZK_SASL_CLIENT_USERNAME, userName);
System.setProperty(PROP_ZK_SASL_CLIENT_CONTEXT, context);
RegistrySecurity.setZKSaslClientProperties(ZOOKEEPER,
ZOOKEEPER_CLIENT_CONTEXT);
assertEquals(userName, System.getProperty(PROP_ZK_SASL_CLIENT_USERNAME));
assertEquals(context, System.getProperty(PROP_ZK_SASL_CLIENT_CONTEXT));
}
/** /**
* Start a curator service instance * Start a curator service instance
* @param name name * @param name name