hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wan...@apache.org
Subject [16/50] [abbrv] hadoop git commit: HADOOP-13395. Enhance TestKMSAudit. Contributed by Xiao Chen.
Date Tue, 09 Aug 2016 22:33:58 GMT
HADOOP-13395. Enhance TestKMSAudit. Contributed by Xiao Chen.


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/07054894
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/07054894
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/07054894

Branch: refs/heads/YARN-3368
Commit: 070548943a16370a74277d1b1d10b713e2ca81d0
Parents: 6418edd
Author: Wei-Chiu Chuang <weichiu@apache.org>
Authored: Mon Aug 8 15:10:26 2016 -0700
Committer: Wei-Chiu Chuang <weichiu@apache.org>
Committed: Mon Aug 8 15:11:05 2016 -0700

----------------------------------------------------------------------
 .../hadoop/crypto/key/kms/server/KMSAudit.java  |  6 +++
 .../crypto/key/kms/server/TestKMSAudit.java     | 53 +++++++++++++++++---
 2 files changed, 51 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/07054894/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java
b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java
index 7ff76e5..6a401e0 100644
--- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java
+++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java
@@ -17,6 +17,7 @@
  */
 package org.apache.hadoop.crypto.key.kms.server;
 
+import com.google.common.annotations.VisibleForTesting;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -227,4 +228,9 @@ public class KMSAudit {
   public void shutdown() {
     executor.shutdownNow();
   }
+
+  @VisibleForTesting
+  void evictCacheForTesting() {
+    cache.invalidateAll();
+  }
 }

http://git-wip-us.apache.org/repos/asf/hadoop/blob/07054894/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java
b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java
index 7e1c0d7..53948ee 100644
--- a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java
+++ b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java
@@ -33,7 +33,9 @@ import org.apache.log4j.PropertyConfigurator;
 import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
+import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.Timeout;
 import org.mockito.Mockito;
 
 public class TestKMSAudit {
@@ -55,6 +57,9 @@ public class TestKMSAudit {
     }
   }
 
+  @Rule
+  public final Timeout testTimeout = new Timeout(180000);
+
   @Before
   public void setUp() throws IOException {
     originalOut = System.err;
@@ -67,7 +72,8 @@ public class TestKMSAudit {
     PropertyConfigurator.configure(is);
     IOUtils.closeStream(is);
 
-    this.kmsAudit = new KMSAudit(1000);
+    this.kmsAudit =
+        new KMSAudit(KMSConfiguration.KMS_AUDIT_AGGREGATION_WINDOW_DEFAULT);
   }
 
   @After
@@ -97,9 +103,9 @@ public class TestKMSAudit {
     kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
     kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
     kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
-    Thread.sleep(1500);
+    kmsAudit.evictCacheForTesting();
     kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
-    Thread.sleep(1500);
+    kmsAudit.evictCacheForTesting();
     String out = getAndResetLogOutput();
     System.out.println(out);
     Assert.assertTrue(
@@ -118,24 +124,55 @@ public class TestKMSAudit {
     UserGroupInformation luser = Mockito.mock(UserGroupInformation.class);
     Mockito.when(luser.getShortUserName()).thenReturn("luser");
     kmsAudit.unauthorized(luser, KMSOp.GENERATE_EEK, "k2");
-    Thread.sleep(1000);
+    kmsAudit.evictCacheForTesting();
     kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg");
     kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg");
     kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg");
     kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg");
     kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg");
     kmsAudit.unauthorized(luser, KMSOp.GENERATE_EEK, "k3");
+    // wait a bit so the UNAUTHORIZED-triggered cache invalidation happens.
+    Thread.sleep(1000);
     kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg");
-    Thread.sleep(2000);
+    kmsAudit.evictCacheForTesting();
     String out = getAndResetLogOutput();
     System.out.println(out);
-    Assert.assertTrue(
-        out.matches(
-            "UNAUTHORIZED\\[op=GENERATE_EEK, key=k2, user=luser\\] "
+
+    // The UNAUTHORIZED will trigger cache invalidation, which then triggers
+    // the aggregated OK (accessCount=5). But the order of the UNAUTHORIZED and
+    // the aggregated OK is arbitrary - no correctness concerns, but flaky here.
+    Assert.assertTrue(out.matches(
+        "UNAUTHORIZED\\[op=GENERATE_EEK, key=k2, user=luser\\] "
             + "OK\\[op=GENERATE_EEK, key=k3, user=luser, accessCount=1, interval=[^m]{1,4}ms\\]
testmsg"
             + "OK\\[op=GENERATE_EEK, key=k3, user=luser, accessCount=5, interval=[^m]{1,4}ms\\]
testmsg"
             + "UNAUTHORIZED\\[op=GENERATE_EEK, key=k3, user=luser\\] "
+            + "OK\\[op=GENERATE_EEK, key=k3, user=luser, accessCount=1, interval=[^m]{1,4}ms\\]
testmsg")
+        || out.matches(
+        "UNAUTHORIZED\\[op=GENERATE_EEK, key=k2, user=luser\\] "
+            + "OK\\[op=GENERATE_EEK, key=k3, user=luser, accessCount=1, interval=[^m]{1,4}ms\\]
testmsg"
+            + "UNAUTHORIZED\\[op=GENERATE_EEK, key=k3, user=luser\\] "
+            + "OK\\[op=GENERATE_EEK, key=k3, user=luser, accessCount=5, interval=[^m]{1,4}ms\\]
testmsg"
             + "OK\\[op=GENERATE_EEK, key=k3, user=luser, accessCount=1, interval=[^m]{1,4}ms\\]
testmsg"));
   }
 
+  @Test
+  public void testAuditLogFormat() throws Exception {
+    UserGroupInformation luser = Mockito.mock(UserGroupInformation.class);
+    Mockito.when(luser.getShortUserName()).thenReturn("luser");
+    kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k4", "testmsg");
+    kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "testmsg");
+    kmsAudit.evictCacheForTesting();
+    kmsAudit.unauthorized(luser, KMSOp.DECRYPT_EEK, "k4");
+    kmsAudit.error(luser, "method", "url", "testmsg");
+    kmsAudit.unauthenticated("remotehost", "method", "url", "testmsg");
+    String out = getAndResetLogOutput();
+    System.out.println(out);
+    Assert.assertTrue(out.matches(
+        "OK\\[op=GENERATE_EEK, key=k4, user=luser, accessCount=1, interval=[^m]{1,4}ms\\]
testmsg"
+            + "OK\\[op=GENERATE_EEK, user=luser\\] testmsg"
+            + "OK\\[op=GENERATE_EEK, key=k4, user=luser, accessCount=1, interval=[^m]{1,4}ms\\]
testmsg"
+            + "UNAUTHORIZED\\[op=DECRYPT_EEK, key=k4, user=luser\\] "
+            + "ERROR\\[user=luser\\] Method:'method' Exception:'testmsg'"
+            + "UNAUTHENTICATED RemoteHost:remotehost Method:method URL:url ErrorMsg:'testmsg'"));
+  }
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org


Mime
View raw message