You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ozone.apache.org by si...@apache.org on 2022/07/27 18:13:05 UTC
[ozone] branch master updated: HDDS-7055. NPE in ec.reconstruction.TokenHelper (#3630)
This is an automated email from the ASF dual-hosted git repository.
siyao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new 4393525367 HDDS-7055. NPE in ec.reconstruction.TokenHelper (#3630)
4393525367 is described below
commit 43935253673eaeca5a357878d64baa6e7e4bd016
Author: Doroszlai, Attila <64...@users.noreply.github.com>
AuthorDate: Wed Jul 27 20:12:58 2022 +0200
HDDS-7055. NPE in ec.reconstruction.TokenHelper (#3630)
---
.../hadoop/ozone/container/ec/reconstruction/TokenHelper.java | 6 +++++-
.../java/org/apache/hadoop/ozone/TestHddsDatanodeService.java | 11 +++++++++++
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ec/reconstruction/TokenHelper.java b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ec/reconstruction/TokenHelper.java
index 72217092b0..ace44ba9a3 100644
--- a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ec/reconstruction/TokenHelper.java
+++ b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ec/reconstruction/TokenHelper.java
@@ -58,7 +58,11 @@ class TokenHelper {
boolean blockTokenEnabled = securityConfig.isBlockTokenEnabled();
boolean containerTokenEnabled = securityConfig.isContainerTokenEnabled();
- if (blockTokenEnabled || containerTokenEnabled) {
+ // checking certClient != null instead of securityConfig.isSecurityEnabled()
+ // to allow integration test without full kerberos etc. setup
+ boolean securityEnabled = certClient != null;
+
+ if (securityEnabled && (blockTokenEnabled || containerTokenEnabled)) {
user = UserGroupInformation.getCurrentUser().getShortUserName();
long expiryTime = conf.getTimeDuration(
diff --git a/hadoop-hdds/container-service/src/test/java/org/apache/hadoop/ozone/TestHddsDatanodeService.java b/hadoop-hdds/container-service/src/test/java/org/apache/hadoop/ozone/TestHddsDatanodeService.java
index 730c6208ff..aacc570d96 100644
--- a/hadoop-hdds/container-service/src/test/java/org/apache/hadoop/ozone/TestHddsDatanodeService.java
+++ b/hadoop-hdds/container-service/src/test/java/org/apache/hadoop/ozone/TestHddsDatanodeService.java
@@ -28,6 +28,10 @@ import org.apache.ozone.test.GenericTestUtils;
import org.apache.hadoop.util.ServicePlugin;
import org.junit.After;
+
+import static org.apache.hadoop.hdds.HddsConfigKeys.HDDS_BLOCK_TOKEN_ENABLED;
+import static org.apache.hadoop.hdds.HddsConfigKeys.HDDS_CONTAINER_TOKEN_ENABLED;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_SECURITY_ENABLED_KEY;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
@@ -51,6 +55,13 @@ public class TestHddsDatanodeService {
conf.setClass(OzoneConfigKeys.HDDS_DATANODE_PLUGINS_KEY, MockService.class,
ServicePlugin.class);
+ // Tokens only work if security is enabled. Here we're testing that a
+ // misconfig in unsecure cluster does not prevent datanode from starting up.
+ // see HDDS-7055
+ conf.setBoolean(OZONE_SECURITY_ENABLED_KEY, false);
+ conf.setBoolean(HDDS_BLOCK_TOKEN_ENABLED, true);
+ conf.setBoolean(HDDS_CONTAINER_TOKEN_ENABLED, true);
+
String volumeDir = testDir + "/disk1";
conf.set(DFSConfigKeysLegacy.DFS_DATANODE_DATA_DIR_KEY, volumeDir);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@ozone.apache.org
For additional commands, e-mail: commits-help@ozone.apache.org