[FLINK-6608] [security, config] Relax Kerberos login contexts parsing This closes #3928.
Project: http://git-wip-us.apache.org/repos/asf/flink/repo Commit: http://git-wip-us.apache.org/repos/asf/flink/commit/ffa9aa0e Tree: http://git-wip-us.apache.org/repos/asf/flink/tree/ffa9aa0e Diff: http://git-wip-us.apache.org/repos/asf/flink/diff/ffa9aa0e Branch: refs/heads/master Commit: ffa9aa0ee08abeb2e167fc8d343b4522ba3d2ce2 Parents: e8c9095 Author: Tzu-Li (Gordon) Tai <[email protected]> Authored: Wed May 17 16:00:37 2017 +0800 Committer: Tzu-Li (Gordon) Tai <[email protected]> Committed: Fri May 19 14:38:48 2017 +0800 ---------------------------------------------------------------------- .../flink/runtime/security/SecurityUtils.java | 8 ++- .../runtime/security/SecurityUtilsTest.java | 62 +++++++++++++++++++- 2 files changed, 67 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/flink/blob/ffa9aa0e/flink-runtime/src/main/java/org/apache/flink/runtime/security/SecurityUtils.java ---------------------------------------------------------------------- diff --git a/flink-runtime/src/main/java/org/apache/flink/runtime/security/SecurityUtils.java b/flink-runtime/src/main/java/org/apache/flink/runtime/security/SecurityUtils.java index 7a09c32..b874009 100644 --- a/flink-runtime/src/main/java/org/apache/flink/runtime/security/SecurityUtils.java +++ b/flink-runtime/src/main/java/org/apache/flink/runtime/security/SecurityUtils.java @@ -230,10 +230,14 @@ public class SecurityUtils { } private static List<String> parseList(String value) { - if(value == null) { + if(value == null || value.isEmpty()) { return Collections.emptyList(); } - return Arrays.asList(value.split(",")); + + return Arrays.asList(value + .trim() + .replaceAll("(\\s*,+\\s*)+", ",") + .split(",")); } } http://git-wip-us.apache.org/repos/asf/flink/blob/ffa9aa0e/flink-runtime/src/test/java/org/apache/flink/runtime/security/SecurityUtilsTest.java ---------------------------------------------------------------------- diff --git a/flink-runtime/src/test/java/org/apache/flink/runtime/security/SecurityUtilsTest.java b/flink-runtime/src/test/java/org/apache/flink/runtime/security/SecurityUtilsTest.java index c5624f4..3e3808b 100644 --- a/flink-runtime/src/test/java/org/apache/flink/runtime/security/SecurityUtilsTest.java +++ b/flink-runtime/src/test/java/org/apache/flink/runtime/security/SecurityUtilsTest.java @@ -18,13 +18,19 @@ package org.apache.flink.runtime.security; import org.apache.flink.configuration.Configuration; +import org.apache.flink.configuration.SecurityOptions; import org.apache.flink.runtime.security.modules.SecurityModule; import org.junit.AfterClass; import org.junit.Test; +import java.util.Arrays; import java.util.Collections; +import java.util.List; -import static org.junit.Assert.*; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; /** * Tests for the {@link SecurityUtils}. @@ -78,4 +84,58 @@ public class SecurityUtilsTest { SecurityUtils.uninstall(); assertEquals(NoOpSecurityContext.class, SecurityUtils.getInstalledContext().getClass()); } + + @Test + public void testKerberosLoginContextParsing() { + + List<String> expectedLoginContexts = Arrays.asList("Foo bar", "Client"); + + Configuration testFlinkConf; + SecurityUtils.SecurityConfiguration testSecurityConf; + + // ------- no whitespaces + + testFlinkConf = new Configuration(); + testFlinkConf.setString(SecurityOptions.KERBEROS_LOGIN_CONTEXTS, "Foo bar,Client"); + testSecurityConf = new SecurityUtils.SecurityConfiguration( + testFlinkConf, new org.apache.hadoop.conf.Configuration(), + Collections.singletonList(TestSecurityModule.class)); + assertEquals(expectedLoginContexts, testSecurityConf.getLoginContextNames()); + + // ------- with whitespaces surrounding comma + + testFlinkConf = new Configuration(); + testFlinkConf.setString(SecurityOptions.KERBEROS_LOGIN_CONTEXTS, "Foo bar , Client"); + testSecurityConf = new SecurityUtils.SecurityConfiguration( + testFlinkConf, new org.apache.hadoop.conf.Configuration(), + Collections.singletonList(TestSecurityModule.class)); + assertEquals(expectedLoginContexts, testSecurityConf.getLoginContextNames()); + + // ------- leading / trailing whitespaces at start and end of list + + testFlinkConf = new Configuration(); + testFlinkConf.setString(SecurityOptions.KERBEROS_LOGIN_CONTEXTS, " Foo bar , Client "); + testSecurityConf = new SecurityUtils.SecurityConfiguration( + testFlinkConf, new org.apache.hadoop.conf.Configuration(), + Collections.singletonList(TestSecurityModule.class)); + assertEquals(expectedLoginContexts, testSecurityConf.getLoginContextNames()); + + // ------- empty entries + + testFlinkConf = new Configuration(); + testFlinkConf.setString(SecurityOptions.KERBEROS_LOGIN_CONTEXTS, "Foo bar,,Client"); + testSecurityConf = new SecurityUtils.SecurityConfiguration( + testFlinkConf, new org.apache.hadoop.conf.Configuration(), + Collections.singletonList(TestSecurityModule.class)); + assertEquals(expectedLoginContexts, testSecurityConf.getLoginContextNames()); + + // ------- empty trailing String entries with whitespaces + + testFlinkConf = new Configuration(); + testFlinkConf.setString(SecurityOptions.KERBEROS_LOGIN_CONTEXTS, "Foo bar, ,, Client,"); + testSecurityConf = new SecurityUtils.SecurityConfiguration( + testFlinkConf, new org.apache.hadoop.conf.Configuration(), + Collections.singletonList(TestSecurityModule.class)); + assertEquals(expectedLoginContexts, testSecurityConf.getLoginContextNames()); + } }
