Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 24DFB200B8E for ; Mon, 26 Sep 2016 22:11:11 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 236B5160ACA; Mon, 26 Sep 2016 20:11:11 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 0F84E160AC8 for ; Mon, 26 Sep 2016 22:11:09 +0200 (CEST) Received: (qmail 80019 invoked by uid 500); 26 Sep 2016 20:11:09 -0000 Mailing-List: contact common-commits-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-commits@hadoop.apache.org Received: (qmail 80010 invoked by uid 99); 26 Sep 2016 20:11:09 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Sep 2016 20:11:09 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 052DDE03E2; Mon, 26 Sep 2016 20:11:09 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: xiao@apache.org To: common-commits@hadoop.apache.org Message-Id: <333534f86e4f467398c1e774afc0fb19@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: hadoop git commit: HADOOP-13638. KMS should set UGI's Configuration object properly. Contributed by Wei-Chiu Chuang. Date: Mon, 26 Sep 2016 20:11:09 +0000 (UTC) archived-at: Mon, 26 Sep 2016 20:11:11 -0000 Repository: hadoop Updated Branches: refs/heads/branch-2 7484d0b1b -> 06187e4f9 HADOOP-13638. KMS should set UGI's Configuration object properly. Contributed by Wei-Chiu Chuang. (cherry picked from commit fa397e74fe988bcbb05c816de73eb738794ace4b) Conflicts: hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/06187e4f Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/06187e4f Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/06187e4f Branch: refs/heads/branch-2 Commit: 06187e4f98c70b12fbf61c21580ccded27c87185 Parents: 7484d0b Author: Xiao Chen Authored: Mon Sep 26 13:00:57 2016 -0700 Committer: Xiao Chen Committed: Mon Sep 26 13:02:57 2016 -0700 ---------------------------------------------------------------------- .../hadoop/crypto/key/kms/server/KMSWebApp.java | 2 + .../hadoop/crypto/key/kms/server/TestKMS.java | 73 +++++++++++--------- 2 files changed, 41 insertions(+), 34 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/06187e4f/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java index e972509..763f207 100644 --- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java +++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java @@ -28,6 +28,7 @@ import org.apache.hadoop.crypto.key.KeyProvider; import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension; import org.apache.hadoop.crypto.key.KeyProviderFactory; import org.apache.hadoop.http.HttpServer2; +import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.authorize.AccessControlList; import org.apache.hadoop.util.VersionInfo; import org.apache.log4j.PropertyConfigurator; @@ -121,6 +122,7 @@ public class KMSWebApp implements ServletContextListener { } kmsConf = KMSConfiguration.getKMSConf(); initLogging(confDir); + UserGroupInformation.setConfiguration(kmsConf); LOG.info("-------------------------------------------------------------"); LOG.info(" Java runtime version : {}", System.getProperty( "java.runtime.version")); http://git-wip-us.apache.org/repos/asf/hadoop/blob/06187e4f/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java index b4174dd..58c1b81 100644 --- a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java +++ b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java @@ -145,11 +145,31 @@ public class TestKMS { } protected Configuration createBaseKMSConf(File keyStoreDir) throws Exception { - Configuration conf = new Configuration(false); - conf.set(KMSConfiguration.KEY_PROVIDER_URI, + return createBaseKMSConf(keyStoreDir, null); + } + + /** + * The Configuration object is shared by both KMS client and server in unit + * tests because UGI gets/sets it to a static variable. + * As a workaround, make sure the client configurations are copied to server + * so that client can read them. + * @param keyStoreDir where keystore is located. + * @param conf KMS client configuration + * @return KMS server configuration based on client. + * @throws Exception + */ + protected Configuration createBaseKMSConf(File keyStoreDir, + Configuration conf) throws Exception { + Configuration newConf; + if (conf == null) { + newConf = new Configuration(false); + } else { + newConf = new Configuration(conf); + } + newConf.set(KMSConfiguration.KEY_PROVIDER_URI, "jceks://file@" + new Path(keyStoreDir.getAbsolutePath(), "kms.keystore").toUri()); - conf.set("hadoop.kms.authentication.type", "simple"); - return conf; + newConf.set("hadoop.kms.authentication.type", "simple"); + return newConf; } public static void writeConf(File confDir, Configuration conf) @@ -278,9 +298,8 @@ public class TestKMS { if (kerberos) { conf.set("hadoop.security.authentication", "kerberos"); } - UserGroupInformation.setConfiguration(conf); File testDir = getTestDir(); - conf = createBaseKMSConf(testDir); + conf = createBaseKMSConf(testDir, conf); final String keystore; final String password; @@ -402,9 +421,8 @@ public class TestKMS { final String specialKey = "key %^[\n{]}|\"<>\\"; Configuration conf = new Configuration(); conf.set("hadoop.security.authentication", "kerberos"); - UserGroupInformation.setConfiguration(conf); File confDir = getTestDir(); - conf = createBaseKMSConf(confDir); + conf = createBaseKMSConf(confDir, conf); conf.set(KeyAuthorizationKeyProvider.KEY_ACL + specialKey + ".ALL", "*"); writeConf(confDir, conf); @@ -437,9 +455,8 @@ public class TestKMS { public void testKMSProvider() throws Exception { Configuration conf = new Configuration(); conf.set("hadoop.security.authentication", "kerberos"); - UserGroupInformation.setConfiguration(conf); File confDir = getTestDir(); - conf = createBaseKMSConf(confDir); + conf = createBaseKMSConf(confDir, conf); conf.set(KeyAuthorizationKeyProvider.KEY_ACL + "k1.ALL", "*"); conf.set(KeyAuthorizationKeyProvider.KEY_ACL + "k2.MANAGEMENT", "*"); conf.set(KeyAuthorizationKeyProvider.KEY_ACL + "k2.READ", "*"); @@ -697,9 +714,8 @@ public class TestKMS { public void testKeyACLs() throws Exception { Configuration conf = new Configuration(); conf.set("hadoop.security.authentication", "kerberos"); - UserGroupInformation.setConfiguration(conf); final File testDir = getTestDir(); - conf = createBaseKMSConf(testDir); + conf = createBaseKMSConf(testDir, conf); conf.set("hadoop.kms.authentication.type", "kerberos"); conf.set("hadoop.kms.authentication.kerberos.keytab", keytab.getAbsolutePath()); @@ -975,9 +991,8 @@ public class TestKMS { public void doKMSRestart(boolean useKrb) throws Exception { Configuration conf = new Configuration(); conf.set("hadoop.security.authentication", "kerberos"); - UserGroupInformation.setConfiguration(conf); final File testDir = getTestDir(); - conf = createBaseKMSConf(testDir); + conf = createBaseKMSConf(testDir, conf); if (useKrb) { conf.set("hadoop.kms.authentication.type", "kerberos"); } @@ -1055,9 +1070,8 @@ public class TestKMS { public void testKMSAuthFailureRetry() throws Exception { Configuration conf = new Configuration(); conf.set("hadoop.security.authentication", "kerberos"); - UserGroupInformation.setConfiguration(conf); final File testDir = getTestDir(); - conf = createBaseKMSConf(testDir); + conf = createBaseKMSConf(testDir, conf); conf.set("hadoop.kms.authentication.kerberos.keytab", keytab.getAbsolutePath()); conf.set("hadoop.kms.authentication.kerberos.principal", "HTTP/localhost"); @@ -1149,9 +1163,8 @@ public class TestKMS { public void testACLs() throws Exception { Configuration conf = new Configuration(); conf.set("hadoop.security.authentication", "kerberos"); - UserGroupInformation.setConfiguration(conf); final File testDir = getTestDir(); - conf = createBaseKMSConf(testDir); + conf = createBaseKMSConf(testDir, conf); conf.set("hadoop.kms.authentication.type", "kerberos"); conf.set("hadoop.kms.authentication.kerberos.keytab", keytab.getAbsolutePath()); @@ -1459,9 +1472,8 @@ public class TestKMS { public void testKMSBlackList() throws Exception { Configuration conf = new Configuration(); conf.set("hadoop.security.authentication", "kerberos"); - UserGroupInformation.setConfiguration(conf); File testDir = getTestDir(); - conf = createBaseKMSConf(testDir); + conf = createBaseKMSConf(testDir, conf); conf.set("hadoop.kms.authentication.type", "kerberos"); conf.set("hadoop.kms.authentication.kerberos.keytab", keytab.getAbsolutePath()); @@ -1548,9 +1560,8 @@ public class TestKMS { public void testServicePrincipalACLs() throws Exception { Configuration conf = new Configuration(); conf.set("hadoop.security.authentication", "kerberos"); - UserGroupInformation.setConfiguration(conf); File testDir = getTestDir(); - conf = createBaseKMSConf(testDir); + conf = createBaseKMSConf(testDir, conf); conf.set("hadoop.kms.authentication.type", "kerberos"); conf.set("hadoop.kms.authentication.kerberos.keytab", keytab.getAbsolutePath()); @@ -1675,9 +1686,8 @@ public class TestKMS { public void testDelegationTokenAccess() throws Exception { Configuration conf = new Configuration(); conf.set("hadoop.security.authentication", "kerberos"); - UserGroupInformation.setConfiguration(conf); final File testDir = getTestDir(); - conf = createBaseKMSConf(testDir); + conf = createBaseKMSConf(testDir, conf); conf.set("hadoop.kms.authentication.type", "kerberos"); conf.set("hadoop.kms.authentication.kerberos.keytab", keytab.getAbsolutePath()); @@ -1758,9 +1768,8 @@ public class TestKMS { private void testDelegationTokensOps(Configuration conf, final boolean useKrb) throws Exception { - UserGroupInformation.setConfiguration(conf); File confDir = getTestDir(); - conf = createBaseKMSConf(confDir); + conf = createBaseKMSConf(confDir, conf); if (useKrb) { conf.set("hadoop.kms.authentication.type", "kerberos"); conf.set("hadoop.kms.authentication.kerberos.keytab", @@ -1884,9 +1893,8 @@ public class TestKMS { @Test public void testDelegationTokensUpdatedInUGI() throws Exception { Configuration conf = new Configuration(); - UserGroupInformation.setConfiguration(conf); File confDir = getTestDir(); - conf = createBaseKMSConf(confDir); + conf = createBaseKMSConf(confDir, conf); conf.set( "hadoop.kms.authentication.delegation-token.max-lifetime.sec", "5"); conf.set( @@ -2023,9 +2031,8 @@ public class TestKMS { Configuration conf = new Configuration(); conf.set("hadoop.security.authentication", "kerberos"); - UserGroupInformation.setConfiguration(conf); final File testDir = getTestDir(); - conf = createBaseKMSConf(testDir); + conf = createBaseKMSConf(testDir, conf); conf.set("hadoop.kms.authentication.type", "kerberos"); conf.set("hadoop.kms.authentication.kerberos.keytab", keytab.getAbsolutePath()); conf.set("hadoop.kms.authentication.kerberos.principal", "HTTP/localhost"); @@ -2113,9 +2120,8 @@ public class TestKMS { public void doProxyUserTest(final boolean kerberos) throws Exception { Configuration conf = new Configuration(); conf.set("hadoop.security.authentication", "kerberos"); - UserGroupInformation.setConfiguration(conf); final File testDir = getTestDir(); - conf = createBaseKMSConf(testDir); + conf = createBaseKMSConf(testDir, conf); if (kerberos) { conf.set("hadoop.kms.authentication.type", "kerberos"); } @@ -2218,9 +2224,8 @@ public class TestKMS { public void doWebHDFSProxyUserTest(final boolean kerberos) throws Exception { Configuration conf = new Configuration(); conf.set("hadoop.security.authentication", "kerberos"); - UserGroupInformation.setConfiguration(conf); final File testDir = getTestDir(); - conf = createBaseKMSConf(testDir); + conf = createBaseKMSConf(testDir, conf); if (kerberos) { conf.set("hadoop.kms.authentication.type", "kerberos"); } --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-commits-help@hadoop.apache.org