You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oozie.apache.org by rk...@apache.org on 2015/07/20 18:53:45 UTC
oozie git commit: OOZIE-2300
TestAuthFilterAuthOozieClient.testClientAuthTokenCache fails with Hadoop
2.7.0 and later (rkanter)
Repository: oozie
Updated Branches:
refs/heads/master c4c028da0 -> 68d4f2298
OOZIE-2300 TestAuthFilterAuthOozieClient.testClientAuthTokenCache fails with Hadoop 2.7.0 and later (rkanter)
Project: http://git-wip-us.apache.org/repos/asf/oozie/repo
Commit: http://git-wip-us.apache.org/repos/asf/oozie/commit/68d4f229
Tree: http://git-wip-us.apache.org/repos/asf/oozie/tree/68d4f229
Diff: http://git-wip-us.apache.org/repos/asf/oozie/diff/68d4f229
Branch: refs/heads/master
Commit: 68d4f229853949ab7d87c0d5a0ee47faca4325b5
Parents: c4c028d
Author: Robert Kanter <rk...@cloudera.com>
Authored: Mon Jul 20 09:53:11 2015 -0700
Committer: Robert Kanter <rk...@cloudera.com>
Committed: Mon Jul 20 09:53:11 2015 -0700
----------------------------------------------------------------------
.../servlet/TestAuthFilterAuthOozieClient.java | 28 ++++++++++++++++++++
release-log.txt | 1 +
2 files changed, 29 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/oozie/blob/68d4f229/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java b/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java
index ef3a505..456b4a5 100644
--- a/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java
+++ b/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java
@@ -34,6 +34,7 @@ import org.apache.oozie.test.XTestCase;
import org.apache.oozie.util.IOUtils;
import java.io.FileReader;
+import java.io.FileWriter;
import java.io.IOException;
import java.net.URL;
import java.net.URLEncoder;
@@ -157,6 +158,33 @@ public class TestAuthFilterAuthOozieClient extends XTestCase {
public void testClientAuthTokenCache() throws Exception {
Configuration conf = new Configuration(false);
+ // This test requires a constant secret.
+ // In Hadoop 2.5.0, you can set a secret string directly with oozie.authentication.signature.secret and the
+ // AuthenticationFilter will use it.
+ // In Hadoop 2.6.0 (HADOOP-10868), this was abstracted out to SecretProviders that have differnet implementations. By
+ // default, if a String was given for the secret, the StringSignerSecretProvider would be automatically used and
+ // oozie.authentication.signature.secret would still be loaded.
+ // In Hadoop 2.7.0 (HADOOP-11748), this automatic behavior was removed for security reasons, and the class was made package
+ // private and moved to the hadoop-auth test artifact. So, not only can we not simply set
+ // oozie.authentication.signature.secret, but we also can't manually configure the StringSignerSecretProvider either.
+ // However, Hadoop 2.7.0 (HADOOP-10670) also added a FileSignerSecretProvider, which we'll use if it exists
+ try {
+ if (Class.forName("org.apache.hadoop.security.authentication.util.FileSignerSecretProvider") != null) {
+ String secretFile = getTestCaseConfDir() + "/auth-secret";
+ conf.set("oozie.authentication.signature.secret.file", secretFile);
+ FileWriter fw = null;
+ try {
+ fw = new FileWriter(secretFile);
+ fw.write("secret");
+ } finally {
+ if (fw != null) {
+ fw.close();
+ }
+ }
+ }
+ } catch (ClassNotFoundException cnfe) {
+ // ignore
+ }
conf.set("oozie.authentication.signature.secret", "secret");
conf.set("oozie.authentication.simple.anonymous.allowed", "false");
http://git-wip-us.apache.org/repos/asf/oozie/blob/68d4f229/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index abd63e7..8349ca6 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -1,5 +1,6 @@
-- Oozie 4.3.0 release (trunk - unreleased)
+OOZIE-2300 TestAuthFilterAuthOozieClient.testClientAuthTokenCache fails with Hadoop 2.7.0 and later (rkanter)
OOZIE-1837 LauncherMainHadoopUtils sensitive to clock skew (rkanter)
OOZIE-2187 Add a way to specify a default JT/RM and NN (rkanter)
OOZIE-2272 Use Hadoop's CredentialProvider for passwords in oozie-site (rkanter)