You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by ab...@apache.org on 2021/04/22 19:59:52 UTC
[kudu] branch master updated: [java] Add Kerberos-support to test
harness
This is an automated email from the ASF dual-hosted git repository.
abukor pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new 1e5150b [java] Add Kerberos-support to test harness
1e5150b is described below
commit 1e5150bc95f79a9ad73a3fea8d4658fe2eacf20e
Author: Attila Bukor <ab...@apache.org>
AuthorDate: Tue Apr 20 18:34:47 2021 +0200
[java] Add Kerberos-support to test harness
MiniCluster supports Kerberos, but there was no simple way to enable
Kerberos through the test harness. This patch adds an @EnableKerberos
annotation that can be used on test methods to enable Kerberos on the
mini-cluster with the option to specify the service principal name.
Change-Id: I6f46c0b88594d978f87c344f53dffd06aad5b6e1
Reviewed-on: http://gerrit.cloudera.org:8080/17327
Tested-by: Attila Bukor <ab...@apache.org>
Reviewed-by: Attila Bukor <ab...@apache.org>
---
.../java/org/apache/kudu/client/TestSecurity.java | 12 ++++++++---
.../java/org/apache/kudu/test/KuduTestHarness.java | 25 ++++++++++++++++++++++
.../apache/kudu/test/cluster/MiniKuduCluster.java | 7 ++++++
3 files changed, 41 insertions(+), 3 deletions(-)
diff --git a/java/kudu-client/src/test/java/org/apache/kudu/client/TestSecurity.java b/java/kudu-client/src/test/java/org/apache/kudu/client/TestSecurity.java
index 88037a08..7d88d34 100644
--- a/java/kudu-client/src/test/java/org/apache/kudu/client/TestSecurity.java
+++ b/java/kudu-client/src/test/java/org/apache/kudu/client/TestSecurity.java
@@ -43,6 +43,7 @@ import org.junit.Test;
import org.apache.kudu.client.Client.AuthenticationCredentialsPB;
import org.apache.kudu.master.Master.ConnectToMasterResponsePB;
import org.apache.kudu.test.CapturingLogAppender;
+import org.apache.kudu.test.KuduTestHarness;
import org.apache.kudu.test.cluster.FakeDNS;
import org.apache.kudu.test.cluster.MiniKuduCluster;
import org.apache.kudu.test.cluster.MiniKuduCluster.MiniKuduClusterBuilder;
@@ -57,6 +58,9 @@ public class TestSecurity {
private static final int RENEWABLE_LIFETIME_SECS = 20;
public static final String CUSTOM_PRINCIPAL = "oryx";
+ @Rule
+ public KuduTestHarness harness = new KuduTestHarness();
+
private CapturingLogAppender cla;
private MiniKuduCluster miniCluster;
private KuduClient client;
@@ -498,10 +502,12 @@ public class TestSecurity {
}
@Test(timeout = 60000)
+ @KuduTestHarness.EnableKerberos(principal = CUSTOM_PRINCIPAL)
public void testNonDefaultPrincipal() throws Exception {
- startCluster(ImmutableSet.of(Option.CUSTOM_PRINCIPAL, Option.START_TSERVERS));
try {
- this.client.createTable("TestSecurity-nondefault-principal-1",
+ KuduClient client = new KuduClient.KuduClientBuilder(harness.getMasterAddressesAsString())
+ .build();
+ client.createTable("TestSecurity-nondefault-principal-1",
getBasicSchema(),
getBasicCreateTableOptions());
Assert.fail("default client shouldn't be able to connect to the cluster.");
@@ -510,7 +516,7 @@ public class TestSecurity {
"this client is not authenticated"
));
}
- KuduClient client = new KuduClient.KuduClientBuilder(miniCluster.getMasterAddressesAsString())
+ KuduClient client = new KuduClient.KuduClientBuilder(harness.getMasterAddressesAsString())
.saslProtocolName(CUSTOM_PRINCIPAL)
.build();
Assert.assertNotNull(client.createTable( "TestSecurity-nondefault-principal-2",
diff --git a/java/kudu-test-utils/src/main/java/org/apache/kudu/test/KuduTestHarness.java b/java/kudu-test-utils/src/main/java/org/apache/kudu/test/KuduTestHarness.java
index 82017cd..afa470b 100644
--- a/java/kudu-test-utils/src/main/java/org/apache/kudu/test/KuduTestHarness.java
+++ b/java/kudu-test-utils/src/main/java/org/apache/kudu/test/KuduTestHarness.java
@@ -130,6 +130,13 @@ public class KuduTestHarness extends ExternalResource {
}
}
+ // Enable Kerberos if needed and set the SPN.
+ EnableKerberos enableKerberos = description.getAnnotation(EnableKerberos.class);
+ if (enableKerberos != null) {
+ clusterBuilder.enableKerberos();
+ clusterBuilder.principal(enableKerberos.principal());
+ }
+
// Generate the ExternalResource Statement.
Statement statement = super.apply(base, description);
// Wrap in the RetryRule to rerun flaky tests.
@@ -146,6 +153,7 @@ public class KuduTestHarness extends ExternalResource {
LOG.info("Creating a new Kudu client...");
asyncClient = new AsyncKuduClientBuilder(miniCluster.getMasterAddressesAsString())
.defaultAdminOperationTimeoutMs(DEFAULT_SLEEP)
+ .saslProtocolName(miniCluster.getPrincipal())
.build();
client = asyncClient.syncClient();
}
@@ -405,6 +413,13 @@ public class KuduTestHarness extends ExternalResource {
}
/**
+ * @return the service principal name
+ */
+ public String getPrincipal() {
+ return miniCluster.getPrincipal();
+ }
+
+ /**
* Kills all the master servers.
* Does nothing to the servers that are already dead.
*
@@ -520,4 +535,14 @@ public class KuduTestHarness extends ExternalResource {
public @interface LocationConfig {
String[] locations();
}
+
+ /**
+ * An annotation that can be added to each test method to enable Kerberos.
+ * The service principal name can be configured by specifying 'principal'.
+ */
+ @Retention(RetentionPolicy.RUNTIME)
+ @Target({ElementType.METHOD})
+ public @interface EnableKerberos {
+ String principal() default "kudu";
+ }
}
diff --git a/java/kudu-test-utils/src/main/java/org/apache/kudu/test/cluster/MiniKuduCluster.java b/java/kudu-test-utils/src/main/java/org/apache/kudu/test/cluster/MiniKuduCluster.java
index 191816e..cd5eb2a 100644
--- a/java/kudu-test-utils/src/main/java/org/apache/kudu/test/cluster/MiniKuduCluster.java
+++ b/java/kudu-test-utils/src/main/java/org/apache/kudu/test/cluster/MiniKuduCluster.java
@@ -317,6 +317,13 @@ public final class MiniKuduCluster implements AutoCloseable {
}
/**
+ * @return the service principal name
+ */
+ public String getPrincipal() {
+ return principal;
+ }
+
+ /**
* Starts a master identified by a host and port.
* Does nothing if the server was already running.
*