You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by xy...@apache.org on 2019/10/03 06:19:26 UTC
[hadoop] branch ozone-0.4.1 updated: HDDS-2228. Fix NPE in OzoneDelegationTokenManager#addPersistedDelegat… (#1571)
This is an automated email from the ASF dual-hosted git repository.
xyao pushed a commit to branch ozone-0.4.1
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/ozone-0.4.1 by this push:
new a0c95ee HDDS-2228. Fix NPE in OzoneDelegationTokenManager#addPersistedDelegat… (#1571)
a0c95ee is described below
commit a0c95ee1352bffdde56219e324f1d97505e69a6f
Author: Xiaoyu Yao <xy...@apache.org>
AuthorDate: Wed Oct 2 23:09:06 2019 -0700
HDDS-2228. Fix NPE in OzoneDelegationTokenManager#addPersistedDelegat… (#1571)
(cherry picked from commit c5665b23ca92a8e18c4e9d24413c13f7cb7fd5fe)
---
.../OzoneDelegationTokenSecretManager.java | 5 +++-
.../hadoop/ozone/security/OzoneSecretManager.java | 7 +++++-
.../org/apache/hadoop/ozone/om/OzoneManager.java | 2 +-
.../TestOzoneDelegationTokenSecretManager.java | 29 +++++++++++++++++++---
4 files changed, 37 insertions(+), 6 deletions(-)
diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java
index 0525549..ca57cc0 100644
--- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java
+++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java
@@ -81,13 +81,16 @@ public class OzoneDelegationTokenSecretManager
* milliseconds
* @param dtRemoverScanInterval how often the tokens are scanned for expired
* tokens in milliseconds
+ * @param certClient certificate client to SCM CA
*/
public OzoneDelegationTokenSecretManager(OzoneConfiguration conf,
long tokenMaxLifetime, long tokenRenewInterval,
long dtRemoverScanInterval, Text service,
- S3SecretManager s3SecretManager) throws IOException {
+ S3SecretManager s3SecretManager, CertificateClient certClient)
+ throws IOException {
super(new SecurityConfig(conf), tokenMaxLifetime, tokenRenewInterval,
service, LOG);
+ setCertClient(certClient);
currentTokens = new ConcurrentHashMap();
this.tokenRemoverScanInterval = dtRemoverScanInterval;
this.s3SecretManager = (S3SecretManagerImpl) s3SecretManager;
diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretManager.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretManager.java
index 45d6e66..78f0565 100644
--- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretManager.java
+++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretManager.java
@@ -70,6 +70,7 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
* @param tokenRenewInterval how often the tokens must be renewed in
* milliseconds
* @param service name of service
+ * @param logger logger for the secret manager
*/
public OzoneSecretManager(SecurityConfig secureConf, long tokenMaxLifetime,
long tokenRenewInterval, Text service, Logger logger) {
@@ -188,7 +189,7 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
public synchronized void start(CertificateClient client)
throws IOException {
Preconditions.checkState(!isRunning());
- this.certClient = client;
+ setCertClient(client);
updateCurrentKey(new KeyPair(certClient.getPublicKey(),
certClient.getPrivateKey()));
setIsRunning(true);
@@ -247,5 +248,9 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
public CertificateClient getCertClient() {
return certClient;
}
+
+ public void setCertClient(CertificateClient client) {
+ this.certClient = client;
+ }
}
diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
index 416f1c7..4f34daf 100644
--- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
+++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
@@ -794,7 +794,7 @@ public final class OzoneManager extends ServiceRuntimeInfoImpl
return new OzoneDelegationTokenSecretManager(conf, tokenMaxLifetime,
tokenRenewInterval, tokenRemoverScanInterval, omRpcAddressTxt,
- s3SecretManager);
+ s3SecretManager, certClient);
}
private OzoneBlockTokenSecretManager createBlockTokenSecretManager(
diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java
index f05a1e8..874252d 100644
--- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java
+++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java
@@ -169,8 +169,15 @@ public class TestOzoneDelegationTokenSecretManager {
validateHash(token.getPassword(), token.getIdentifier());
}
- @Test
- public void testRenewTokenSuccess() throws Exception {
+ private void restartSecretManager() throws IOException {
+ secretManager.stop();
+ secretManager = null;
+ secretManager = createSecretManager(conf, tokenMaxLifetime,
+ expiryTime, tokenRemoverScanInterval);
+ }
+
+ private void testRenewTokenSuccessHelper(boolean restartSecretManager)
+ throws Exception {
secretManager = createSecretManager(conf, tokenMaxLifetime,
expiryTime, tokenRemoverScanInterval);
secretManager.start(certificateClient);
@@ -178,10 +185,25 @@ public class TestOzoneDelegationTokenSecretManager {
TEST_USER,
TEST_USER);
Thread.sleep(10 * 5);
+
+ if (restartSecretManager) {
+ restartSecretManager();
+ }
+
long renewalTime = secretManager.renewToken(token, TEST_USER.toString());
Assert.assertTrue(renewalTime > 0);
}
+ @Test
+ public void testReloadAndRenewToken() throws Exception {
+ testRenewTokenSuccessHelper(true);
+ }
+
+ @Test
+ public void testRenewTokenSuccess() throws Exception {
+ testRenewTokenSuccessHelper(false);
+ }
+
/**
* Tests failure for mismatch in renewer.
*/
@@ -375,6 +397,7 @@ public class TestOzoneDelegationTokenSecretManager {
createSecretManager(OzoneConfiguration config, long tokenMaxLife,
long expiry, long tokenRemoverScanTime) throws IOException {
return new OzoneDelegationTokenSecretManager(config, tokenMaxLife,
- expiry, tokenRemoverScanTime, serviceRpcAdd, s3SecretManager);
+ expiry, tokenRemoverScanTime, serviceRpcAdd, s3SecretManager,
+ certificateClient);
}
}
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org