You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by li...@apache.org on 2018/09/24 19:59:56 UTC
hadoop git commit: HADOOP-15781 S3A assumed role tests failing due to
changed error text in AWS exceptions. Contributed by Steve Loughran
Repository: hadoop
Updated Branches:
refs/heads/trunk 309092280 -> c07715e37
HADOOP-15781 S3A assumed role tests failing due to changed error text in AWS exceptions. Contributed by Steve Loughran
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/c07715e3
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/c07715e3
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/c07715e3
Branch: refs/heads/trunk
Commit: c07715e37895a2e40602737fe3695746789ac78f
Parents: 3090922
Author: Mingliang Liu <li...@apache.org>
Authored: Mon Sep 24 12:53:21 2018 -0700
Committer: Mingliang Liu <li...@apache.org>
Committed: Mon Sep 24 12:53:21 2018 -0700
----------------------------------------------------------------------
.../hadoop/fs/s3a/auth/ITestAssumeRole.java | 47 ++++----------------
.../hadoop/fs/s3a/auth/RoleTestUtils.java | 6 ---
2 files changed, 9 insertions(+), 44 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/c07715e3/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/ITestAssumeRole.java
----------------------------------------------------------------------
diff --git a/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/ITestAssumeRole.java b/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/ITestAssumeRole.java
index 7451ef1..9981c9a 100644
--- a/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/ITestAssumeRole.java
+++ b/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/ITestAssumeRole.java
@@ -87,22 +87,10 @@ public class ITestAssumeRole extends AbstractS3ATestBase {
private S3AFileSystem roleFS;
/**
- * Duration range exception text on SDKs which check client-side.
+ * Error code from STS server.
*/
- protected static final String E_DURATION_RANGE_1
- = "Assume Role session duration should be in the range of 15min - 1Hr";
-
- /**
- * Duration range too high text on SDKs which check on the server.
- */
- protected static final String E_DURATION_RANGE_2
- = "Member must have value less than or equal to 43200";
-
- /**
- * Duration range too low text on SDKs which check on the server.
- */
- protected static final String E_DURATION_RANGE_3
- = "Member must have value greater than or equal to 900";
+ protected static final String VALIDATION_ERROR
+ = "ValidationError";
@Override
public void setup() throws Exception {
@@ -168,7 +156,7 @@ public class ITestAssumeRole extends AbstractS3ATestBase {
Configuration conf = new Configuration();
conf.set(ASSUMED_ROLE_ARN, ROLE_ARN_EXAMPLE);
interceptClosing(AWSSecurityTokenServiceException.class,
- E_BAD_ROLE,
+ "",
() -> new AssumedRoleCredentialProvider(uri, conf));
}
@@ -177,8 +165,7 @@ public class ITestAssumeRole extends AbstractS3ATestBase {
describe("Attemnpt to create the FS with an invalid ARN");
Configuration conf = createAssumedRoleConfig();
conf.set(ASSUMED_ROLE_ARN, ROLE_ARN_EXAMPLE);
- expectFileSystemCreateFailure(conf, AccessDeniedException.class,
- E_BAD_ROLE);
+ expectFileSystemCreateFailure(conf, AccessDeniedException.class, "");
}
@Test
@@ -284,7 +271,7 @@ public class ITestAssumeRole extends AbstractS3ATestBase {
new Path(getFileSystem().getUri()).getFileSystem(conf).close();
LOG.info("Successfully created token of a duration >3h");
} catch (IOException ioe) {
- assertExceptionContains(E_DURATION_RANGE_1, ioe);
+ assertExceptionContains(VALIDATION_ERROR, ioe);
}
}
@@ -293,8 +280,8 @@ public class ITestAssumeRole extends AbstractS3ATestBase {
* with the ability to extend durations deployed in March 2018.
* with the later SDKs, the checks go server-side and
* later SDKs will remove the client side checks.
- * This test asks for a duration which will still be rejected, and
- * looks for either of the error messages raised.
+ * This test doesn't look into the details of the exception
+ * to avoid being too brittle.
*/
@Test
public void testAssumeRoleThirtySixHourSessionDuration() throws Exception {
@@ -304,21 +291,6 @@ public class ITestAssumeRole extends AbstractS3ATestBase {
conf.setInt(ASSUMED_ROLE_SESSION_DURATION, 36 * 60 * 60);
IOException ioe = expectFileSystemCreateFailure(conf,
IOException.class, null);
- assertIsRangeException(ioe);
- }
-
- /**
- * Look for either the client-side or STS-side range exception
- * @param e exception
- * @throws Exception the exception, if its text doesn't match
- */
- private void assertIsRangeException(final Exception e) throws Exception {
- String message = e.toString();
- if (!message.contains(E_DURATION_RANGE_1)
- && !message.contains(E_DURATION_RANGE_2)
- && !message.contains(E_DURATION_RANGE_3)) {
- throw e;
- }
}
/**
@@ -354,9 +326,8 @@ public class ITestAssumeRole extends AbstractS3ATestBase {
describe("Expect the constructor to fail if the session is to short");
Configuration conf = new Configuration();
conf.set(ASSUMED_ROLE_SESSION_DURATION, "30s");
- Exception ex = interceptClosing(Exception.class, "",
+ interceptClosing(AWSSecurityTokenServiceException.class, "",
() -> new AssumedRoleCredentialProvider(uri, conf));
- assertIsRangeException(ex);
}
@Test
http://git-wip-us.apache.org/repos/asf/hadoop/blob/c07715e3/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/RoleTestUtils.java
----------------------------------------------------------------------
diff --git a/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/RoleTestUtils.java b/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/RoleTestUtils.java
index 854e7ec..6e70fc6 100644
--- a/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/RoleTestUtils.java
+++ b/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/RoleTestUtils.java
@@ -76,12 +76,6 @@ public final class RoleTestUtils {
DENY_S3_GET_OBJECT, STATEMENT_ALL_DDB, ALLOW_S3_GET_BUCKET_LOCATION
);
- /**
- * Error message to get from the AWS SDK if you can't assume the role.
- */
- public static final String E_BAD_ROLE
- = "Not authorized to perform sts:AssumeRole";
-
private RoleTestUtils() {
}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org