hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stephen Chu (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-9004) Allow security unit tests to use external KDC
Date Mon, 05 Nov 2012 21:30:12 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-9004?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Stephen Chu updated HADOOP-9004:
--------------------------------

    Status: Patch Available  (was: Open)

Submitting new patch.

Added _isExternalKdcRunning()_ to SecurityUtilTestHelper.java to detect if user running test
has specified to use an external KDC.

TestUGIWithExternalKdc and TestSecureNameNodeWithExternalKdc are the counterparts to TestUGIWithSecurityOn
and TestSecureNameNode, except the new tests use the external KDC. I don't think it'll be
clean to merge these into one test, so I think separating them is fine for now.

I refactored SecureDataNodeStarter so that we can get the SecureResources within our unit
tests.

I modified MiniDFSCluster so that it now actually checks to see if checkDataNodeAddrConfig
was set to true (so that we can change the DataNodes to use low ports because secure DNs require
ports < 1023). Also, while bringing up the DataNodes, if kerberos authentication is enabled,
MiniDFSCluster will now get the SecureResources necessary to start the DN.

TestStartSecureDataNode brings up a 1 NameNode 1 DataNode MiniDFSCluster. However, the test
will fail if not run as root because bringing up the secure DN requires root. This is a problem,
and it won't work to give away root access in some jenkins env. I guess there has been past
discussion on whether or not to have this requirement for starting the DN in dev environments.
For now, I think it's still useful to have this test, even if it can't be run in most setups.



My plan is to continue to write more unit tests against a secure MiniDFSCluster, as we are
missing a lot of unit test coverage against secure setups.

                
> Allow security unit tests to use external KDC
> ---------------------------------------------
>
>                 Key: HADOOP-9004
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9004
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security, test
>    Affects Versions: 2.0.0-alpha
>            Reporter: Stephen Chu
>            Assignee: Stephen Chu
>             Fix For: 3.0.0
>
>         Attachments: HADOOP-9004.patch, HADOOP-9004.patch.007
>
>
> I want to add the option of allowing security-related unit tests to use an external KDC.
> In HADOOP-8078, we add the ability to start and use an ApacheDS KDC for security-related
unit tests. It would be good to allow users to validate the use of their own KDC, keytabs,
and principals and to test different KDCs and not rely on the ApacheDS KDC.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message