You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by xy...@apache.org on 2015/12/30 19:32:24 UTC
hadoop git commit: HADOOP-12682. Fix TestKMS#testKMSRestart* failure.
Contributed by Wei-Chiu Chuang.
Repository: hadoop
Updated Branches:
refs/heads/trunk 223ce323b -> ab725cff6
HADOOP-12682. Fix TestKMS#testKMSRestart* failure. Contributed by Wei-Chiu Chuang.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/ab725cff
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/ab725cff
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/ab725cff
Branch: refs/heads/trunk
Commit: ab725cff66e8a047e9437e42ac49ac8685ee7a94
Parents: 223ce32
Author: Xiaoyu Yao <xy...@apache.org>
Authored: Wed Dec 30 10:29:26 2015 -0800
Committer: Xiaoyu Yao <xy...@apache.org>
Committed: Wed Dec 30 10:29:26 2015 -0800
----------------------------------------------------------------------
hadoop-common-project/hadoop-common/CHANGES.txt | 3 ++
.../hadoop/security/UserGroupInformation.java | 36 ++++++++++++++++++++
.../hadoop/crypto/key/kms/server/TestKMS.java | 21 ++----------
3 files changed, 42 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/ab725cff/hadoop-common-project/hadoop-common/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt
index d6b5116..5c67b1b 100644
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -1535,6 +1535,9 @@ Release 2.8.0 - UNRELEASED
HADOOP-12559. KMS connection failures should trigger TGT renewal.
(Zhe Zhang via xyao)
+ HADOOP-12682. Fix TestKMS#testKMSRestart* failure.
+ (Wei-Chiu Chuang via xyao)
+
Release 2.7.3 - UNRELEASED
INCOMPATIBLE CHANGES
http://git-wip-us.apache.org/repos/asf/hadoop/blob/ab725cff/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
index 483420c..28014bf 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
@@ -975,6 +975,42 @@ public class UserGroupInformation {
LOG.info("Login successful for user " + keytabPrincipal
+ " using keytab file " + keytabFile);
}
+
+ /**
+ * Log the current user out who previously logged in using keytab.
+ * This method assumes that the user logged in by calling
+ * {@link #loginUserFromKeytab(String, String)}.
+ *
+ * @throws IOException if a failure occurred in logout, or if the user did
+ * not log in by invoking loginUserFromKeyTab() before.
+ */
+ @InterfaceAudience.Public
+ @InterfaceStability.Evolving
+ public void logoutUserFromKeytab() throws IOException {
+ if (!isSecurityEnabled() ||
+ user.getAuthenticationMethod() != AuthenticationMethod.KERBEROS) {
+ return;
+ }
+ LoginContext login = getLogin();
+ if (login == null || keytabFile == null) {
+ throw new IOException("loginUserFromKeytab must be done first");
+ }
+
+ try {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Initiating logout for " + getUserName());
+ }
+ synchronized (UserGroupInformation.class) {
+ login.logout();
+ }
+ } catch (LoginException le) {
+ throw new IOException("Logout failure for " + user + " from keytab " +
+ keytabFile, le);
+ }
+
+ LOG.info("Logout successful for user " + keytabPrincipal
+ + " using keytab file " + keytabFile);
+ }
/**
* Re-login a user from keytab if TGT is expired or is close to expiry.
http://git-wip-us.apache.org/repos/asf/hadoop/blob/ab725cff/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
index c5a990b..7131b7c 100644
--- a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
+++ b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
@@ -44,10 +44,8 @@ import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
-import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
-import javax.security.auth.login.LoginContext;
import java.io.File;
import java.io.FileWriter;
@@ -59,16 +57,13 @@ import java.net.ServerSocket;
import java.net.SocketTimeoutException;
import java.net.URI;
import java.net.URL;
-import java.security.Principal;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
-import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Properties;
-import java.util.Set;
import java.util.UUID;
import java.util.concurrent.Callable;
@@ -250,22 +245,12 @@ public class TestKMS {
private <T> T doAs(String user, final PrivilegedExceptionAction<T> action)
throws Exception {
- Set<Principal> principals = new HashSet<Principal>();
- principals.add(new KerberosPrincipal(user));
-
- //client login
- Subject subject = new Subject(false, principals,
- new HashSet<Object>(), new HashSet<Object>());
- LoginContext loginContext = new LoginContext("", subject, null,
- KerberosConfiguration.createClientConfig(user, keytab));
+ UserGroupInformation.loginUserFromKeytab(user, keytab.getAbsolutePath());
+ UserGroupInformation ugi = UserGroupInformation.getLoginUser();
try {
- loginContext.login();
- subject = loginContext.getSubject();
- UserGroupInformation ugi =
- UserGroupInformation.getUGIFromSubject(subject);
return ugi.doAs(action);
} finally {
- loginContext.logout();
+ ugi.logoutUserFromKeytab();
}
}