You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oozie.apache.org by rk...@apache.org on 2015/07/20 18:53:45 UTC

oozie git commit: OOZIE-2300 TestAuthFilterAuthOozieClient.testClientAuthTokenCache fails with Hadoop 2.7.0 and later (rkanter)

Repository: oozie
Updated Branches:
  refs/heads/master c4c028da0 -> 68d4f2298


OOZIE-2300 TestAuthFilterAuthOozieClient.testClientAuthTokenCache fails with Hadoop 2.7.0 and later (rkanter)


Project: http://git-wip-us.apache.org/repos/asf/oozie/repo
Commit: http://git-wip-us.apache.org/repos/asf/oozie/commit/68d4f229
Tree: http://git-wip-us.apache.org/repos/asf/oozie/tree/68d4f229
Diff: http://git-wip-us.apache.org/repos/asf/oozie/diff/68d4f229

Branch: refs/heads/master
Commit: 68d4f229853949ab7d87c0d5a0ee47faca4325b5
Parents: c4c028d
Author: Robert Kanter <rk...@cloudera.com>
Authored: Mon Jul 20 09:53:11 2015 -0700
Committer: Robert Kanter <rk...@cloudera.com>
Committed: Mon Jul 20 09:53:11 2015 -0700

----------------------------------------------------------------------
 .../servlet/TestAuthFilterAuthOozieClient.java  | 28 ++++++++++++++++++++
 release-log.txt                                 |  1 +
 2 files changed, 29 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/oozie/blob/68d4f229/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java b/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java
index ef3a505..456b4a5 100644
--- a/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java
+++ b/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java
@@ -34,6 +34,7 @@ import org.apache.oozie.test.XTestCase;
 import org.apache.oozie.util.IOUtils;
 
 import java.io.FileReader;
+import java.io.FileWriter;
 import java.io.IOException;
 import java.net.URL;
 import java.net.URLEncoder;
@@ -157,6 +158,33 @@ public class TestAuthFilterAuthOozieClient extends XTestCase {
 
     public void testClientAuthTokenCache() throws Exception {
         Configuration conf = new Configuration(false);
+        // This test requires a constant secret.
+        // In Hadoop 2.5.0, you can set a secret string directly with oozie.authentication.signature.secret and the
+        // AuthenticationFilter will use it.
+        // In Hadoop 2.6.0 (HADOOP-10868), this was abstracted out to SecretProviders that have differnet implementations.  By
+        // default, if a String was given for the secret, the StringSignerSecretProvider would be automatically used and
+        // oozie.authentication.signature.secret would still be loaded.
+        // In Hadoop 2.7.0 (HADOOP-11748), this automatic behavior was removed for security reasons, and the class was made package
+        // private and moved to the hadoop-auth test artifact.  So, not only can we not simply set
+        // oozie.authentication.signature.secret, but we also can't manually configure the StringSignerSecretProvider either.
+        // However, Hadoop 2.7.0  (HADOOP-10670) also added a FileSignerSecretProvider, which we'll use if it exists
+        try {
+            if (Class.forName("org.apache.hadoop.security.authentication.util.FileSignerSecretProvider") != null) {
+                String secretFile = getTestCaseConfDir() + "/auth-secret";
+                conf.set("oozie.authentication.signature.secret.file", secretFile);
+                FileWriter fw = null;
+                try {
+                    fw = new FileWriter(secretFile);
+                    fw.write("secret");
+                } finally {
+                    if (fw != null) {
+                        fw.close();
+                    }
+                }
+            }
+        } catch (ClassNotFoundException cnfe) {
+            // ignore
+        }
         conf.set("oozie.authentication.signature.secret", "secret");
         conf.set("oozie.authentication.simple.anonymous.allowed", "false");
 

http://git-wip-us.apache.org/repos/asf/oozie/blob/68d4f229/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index abd63e7..8349ca6 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -1,5 +1,6 @@
 -- Oozie 4.3.0 release (trunk - unreleased)
 
+OOZIE-2300 TestAuthFilterAuthOozieClient.testClientAuthTokenCache fails with Hadoop 2.7.0 and later (rkanter)
 OOZIE-1837 LauncherMainHadoopUtils sensitive to clock skew (rkanter)
 OOZIE-2187 Add a way to specify a default JT/RM and NN (rkanter)
 OOZIE-2272 Use Hadoop's CredentialProvider for passwords in oozie-site (rkanter)