HADOOP-6583. Captures authentication and authorization metrics. Contributed by Devaraj Das.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@915095 13f79535-47bb-0310-9956-ffa450edef68
2010-02-22 22:26:03 +00:00 · 2010-02-22 22:26:03 +00:00 · ffdde40b9f
parent 115ef5b8c7
commit ffdde40b9f
4 changed files with 51 additions and 2 deletions
--- a/CHANGES.txt
+++ b/CHANGES.txt
@ -156,6 +156,8 @@ Trunk (unreleased changes)
    meaningful exceptions when there are failures instead of returning 
    false. (omalley)

+    HADOOP-6583. Captures authentication and authorization metrics. (ddas)
+
  OPTIMIZATIONS

  BUG FIXES
--- a/src/java/org/apache/hadoop/ipc/Server.java
+++ b/src/java/org/apache/hadoop/ipc/Server.java
@ -220,6 +220,11 @@ public abstract class Server {
      }
    }
  }
+  
+  /*Returns a handle to the rpcMetrics (required in tests)*/
+  public RpcMetrics getRpcMetrics() {
+    return rpcMetrics;
+  }

  /** A call queued for handling. */
  private static class Call {
@ -877,7 +882,13 @@ public abstract class Server {
        if (LOG.isDebugEnabled())
          LOG.debug("Have read input token of size " + saslToken.length
              + " for processing by saslServer.evaluateResponse()");
-        byte[] replyToken = saslServer.evaluateResponse(saslToken);
+        byte[] replyToken;
+        try {
+          replyToken = saslServer.evaluateResponse(saslToken);
+        } catch (SaslException se) {
+          rpcMetrics.authenticationFailures.inc();
+          throw se;
+        }
        if (replyToken != null) {
          if (LOG.isDebugEnabled())
            LOG.debug("Will send token of size " + replyToken.length
@ -1078,6 +1089,7 @@ public abstract class Server {
    
    private void processOneRpc(byte[] buf) throws IOException,
        InterruptedException {
+      rpcMetrics.authenticationSuccesses.inc();
      if (headerRead) {
        processData(buf);
      } else {
@ -1121,7 +1133,9 @@ public abstract class Server {
        if (LOG.isDebugEnabled()) {
          LOG.debug("Successfully authorized " + header);
        }
+        rpcMetrics.authorizationSuccesses.inc();
      } catch (AuthorizationException ae) {
+        rpcMetrics.authorizationFailures.inc();
        authFailedCall.connection = this;
        setupResponse(authFailedResponse, authFailedCall, Status.FATAL, null,
            ae.getClass().getName(), ae.getMessage());
--- a/src/java/org/apache/hadoop/ipc/metrics/RpcMetrics.java
+++ b/src/java/org/apache/hadoop/ipc/metrics/RpcMetrics.java
@ -27,6 +27,7 @@ import org.apache.hadoop.metrics.Updater;
 import org.apache.hadoop.metrics.util.MetricsBase;
 import org.apache.hadoop.metrics.util.MetricsIntValue;
 import org.apache.hadoop.metrics.util.MetricsRegistry;
+import org.apache.hadoop.metrics.util.MetricsTimeVaryingInt;
 import org.apache.hadoop.metrics.util.MetricsTimeVaryingRate;

 /**
@ -79,7 +80,14 @@ public class RpcMetrics implements Updater {
          new MetricsIntValue("NumOpenConnections", registry);
  public MetricsIntValue callQueueLen = 
          new MetricsIntValue("callQueueLen", registry);
-  
+  public MetricsTimeVaryingInt authenticationFailures = 
+          new MetricsTimeVaryingInt("rpcAuthenticationFailures", registry);
+  public MetricsTimeVaryingInt authenticationSuccesses = 
+          new MetricsTimeVaryingInt("rpcAuthenticationSuccesses", registry);
+  public MetricsTimeVaryingInt authorizationFailures = 
+          new MetricsTimeVaryingInt("rpcAuthorizationFailures", registry);
+  public MetricsTimeVaryingInt authorizationSuccesses = 
+         new MetricsTimeVaryingInt("rpcAuthorizationSuccesses", registry);
  /**
   * Push the metrics to the monitoring subsystem on doUpdate() call.
   */
--- a/src/test/core/org/apache/hadoop/ipc/TestRPC.java
+++ b/src/test/core/org/apache/hadoop/ipc/TestRPC.java
@ -368,6 +368,31 @@ public class TestRPC extends TestCase {
      if (proxy != null) {
        RPC.stopProxy(proxy);
      }
+      if (expectFailure) {
+        assertTrue("Expected 1 but got " + 
+            server.getRpcMetrics().authorizationFailures
+            .getCurrentIntervalValue(), 
+            server.getRpcMetrics().authorizationFailures
+            .getCurrentIntervalValue() == 1);
+      } else {
+        assertTrue("Expected 1 but got " + 
+            server.getRpcMetrics().authorizationSuccesses
+            .getCurrentIntervalValue(),
+            server.getRpcMetrics().authorizationSuccesses
+            .getCurrentIntervalValue() == 1);
+      }
+      //since we don't have authentication turned ON, we should see 
+      // >0 for the authentication successes and 0 for failure
+      assertTrue("Expected 0 but got " + 
+          server.getRpcMetrics().authenticationFailures
+          .getCurrentIntervalValue(),
+          server.getRpcMetrics().authenticationFailures
+          .getCurrentIntervalValue() == 0);
+      assertTrue("Expected greater than 0 but got " + 
+          server.getRpcMetrics().authenticationSuccesses
+          .getCurrentIntervalValue(),
+          server.getRpcMetrics().authenticationSuccesses
+          .getCurrentIntervalValue() > 0);
    }
  }