You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by bo...@apache.org on 2012/03/18 05:19:11 UTC
svn commit: r1302065 - in /hadoop/common/branches/branch-1: CHANGES.txt
src/core/org/apache/hadoop/security/Groups.java src/test/commit-tests
src/test/org/apache/hadoop/security/TestGroupsCaching.java
Author: bobby
Date: Sun Mar 18 04:19:11 2012
New Revision: 1302065
URL: http://svn.apache.org/viewvc?rev=1302065&view=rev
Log:
HADOOP-8088. User-group mapping cache incorrectly does negative caching on transient failures (Kihwal Lee via bobby)
Added:
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestGroupsCaching.java
Modified:
hadoop/common/branches/branch-1/CHANGES.txt
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/Groups.java
hadoop/common/branches/branch-1/src/test/commit-tests
Modified: hadoop/common/branches/branch-1/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/CHANGES.txt?rev=1302065&r1=1302064&r2=1302065&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/CHANGES.txt (original)
+++ hadoop/common/branches/branch-1/CHANGES.txt Sun Mar 18 04:19:11 2012
@@ -212,6 +212,9 @@ Release 1.0.2 - unreleased
MAPREDUCE-3851. Allow more aggressive action on detection of the jetty
issue (tgraves via bobby)
+ HADOOP-8088. User-group mapping cache incorrectly does negative caching on
+ transient failures (Kihwal Lee via bobby)
+
Release 1.0.1 - 2012.02.14
NEW FEATURES
Modified: hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/Groups.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/Groups.java?rev=1302065&r1=1302064&r2=1302065&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/Groups.java (original)
+++ hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/Groups.java Sun Mar 18 04:19:11 2012
@@ -77,6 +77,9 @@ public class Groups {
}
// Create and cache user's groups
groups = new CachedGroups(impl.getGroups(user));
+ if (groups.getGroups().isEmpty()) {
+ throw new IOException("No groups found for user " + user);
+ }
userToGroupsMap.put(user, groups);
LOG.debug("Returning fetched groups for '" + user + "'");
return groups.getGroups();
Modified: hadoop/common/branches/branch-1/src/test/commit-tests
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/test/commit-tests?rev=1302065&r1=1302064&r2=1302065&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/src/test/commit-tests (original)
+++ hadoop/common/branches/branch-1/src/test/commit-tests Sun Mar 18 04:19:11 2012
@@ -26,6 +26,7 @@
**/TestGetFileBlockLocations.java
**/TestGlobalFilter.java
**/TestGlobExpander.java
+**/TestGroupsCaching.java
**/TestHarFileSystem.java
**/TestHtmlQuoting.java
**/TestHttpServer.java
Added: hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestGroupsCaching.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestGroupsCaching.java?rev=1302065&view=auto
==============================================================================
--- hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestGroupsCaching.java (added)
+++ hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestGroupsCaching.java Sun Mar 18 04:19:11 2012
@@ -0,0 +1,121 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.security;
+
+import java.io.IOException;
+
+import java.util.Arrays;
+import java.util.Iterator;
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+
+import org.junit.Test;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.classification.InterfaceStability;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.apache.hadoop.security.ShellBasedUnixGroupsMapping;
+import org.apache.hadoop.fs.CommonConfigurationKeys;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.Groups;
+
+
+public class TestGroupsCaching {
+ public static final Log LOG = LogFactory.getLog(TestGroupsCaching.class);
+ private static Configuration conf = new Configuration();
+ private static String[] myGroups = {"grp1", "grp2"};
+
+ static {
+ conf.setClass(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING,
+ FakeGroupMapping.class,
+ ShellBasedUnixGroupsMapping.class);
+ }
+
+ public static class FakeGroupMapping extends ShellBasedUnixGroupsMapping {
+ // any to n mapping
+ private static Set<String> allGroups = new HashSet<String>();
+ private static Set<String> blackList = new HashSet<String>();
+
+ public List<String> getGroups(String user) throws IOException {
+ LOG.info("Getting groups for " + user);
+ if (blackList.contains(user)) {
+ return new LinkedList<String>();
+ }
+ return new LinkedList<String>(allGroups);
+ }
+
+ public void cacheGroupsRefresh() throws IOException {
+ LOG.info("Cache is being refreshed.");
+ clearBlackList();
+ return;
+ }
+
+ public static void clearBlackList() throws IOException {
+ LOG.info("Clearing the blacklist");
+ blackList.clear();
+ }
+
+ public void cacheGroupsAdd(List<String> groups) throws IOException {
+ LOG.info("Adding " + groups + " to groups.");
+ allGroups.addAll(groups);
+ }
+
+ public static void addToBlackList(String user) throws IOException {
+ LOG.info("Adding " + user + " to the blacklist");
+ blackList.add(user);
+ }
+ }
+
+ @Test
+ public void TestGroupsCachingDefault() throws Exception {
+ Groups groups = new Groups(conf);
+ groups.cacheGroupsAdd(Arrays.asList(myGroups));
+ groups.refresh();
+ FakeGroupMapping.clearBlackList();
+ FakeGroupMapping.addToBlackList("user1");
+
+ // regular entry
+ assertTrue(groups.getGroups("me").size() == 2);
+
+ // this must be cached. blacklisting should have no effect.
+ FakeGroupMapping.addToBlackList("me");
+ assertTrue(groups.getGroups("me").size() == 2);
+
+ // ask for a negative entry
+ try {
+ LOG.error("We are not supposed to get here." + groups.getGroups("user1").toString());
+ fail();
+ } catch (IOException ioe) {
+ if(!ioe.getMessage().startsWith("No groups found")) {
+ LOG.error("Got unexpected exception: " + ioe.getMessage());
+ fail();
+ }
+ }
+
+ // this shouldn't be cached. remove from the black list and retry.
+ FakeGroupMapping.clearBlackList();
+ assertTrue(groups.getGroups("user1").size() == 2);
+ }
+}