Repository: oozie Updated Branches: refs/heads/master c4c028da0 -> 68d4f2298
OOZIE-2300 TestAuthFilterAuthOozieClient.testClientAuthTokenCache fails with Hadoop 2.7.0 and later (rkanter) Project: http://git-wip-us.apache.org/repos/asf/oozie/repo Commit: http://git-wip-us.apache.org/repos/asf/oozie/commit/68d4f229 Tree: http://git-wip-us.apache.org/repos/asf/oozie/tree/68d4f229 Diff: http://git-wip-us.apache.org/repos/asf/oozie/diff/68d4f229 Branch: refs/heads/master Commit: 68d4f229853949ab7d87c0d5a0ee47faca4325b5 Parents: c4c028d Author: Robert Kanter <rkan...@cloudera.com> Authored: Mon Jul 20 09:53:11 2015 -0700 Committer: Robert Kanter <rkan...@cloudera.com> Committed: Mon Jul 20 09:53:11 2015 -0700 ---------------------------------------------------------------------- .../servlet/TestAuthFilterAuthOozieClient.java | 28 ++++++++++++++++++++ release-log.txt | 1 + 2 files changed, 29 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/oozie/blob/68d4f229/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java b/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java index ef3a505..456b4a5 100644 --- a/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java +++ b/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java @@ -34,6 +34,7 @@ import org.apache.oozie.test.XTestCase; import org.apache.oozie.util.IOUtils; import java.io.FileReader; +import java.io.FileWriter; import java.io.IOException; import java.net.URL; import java.net.URLEncoder; @@ -157,6 +158,33 @@ public class TestAuthFilterAuthOozieClient extends XTestCase { public void testClientAuthTokenCache() throws Exception { Configuration conf = new Configuration(false); + // This test requires a constant secret. + // In Hadoop 2.5.0, you can set a secret string directly with oozie.authentication.signature.secret and the + // AuthenticationFilter will use it. + // In Hadoop 2.6.0 (HADOOP-10868), this was abstracted out to SecretProviders that have differnet implementations. By + // default, if a String was given for the secret, the StringSignerSecretProvider would be automatically used and + // oozie.authentication.signature.secret would still be loaded. + // In Hadoop 2.7.0 (HADOOP-11748), this automatic behavior was removed for security reasons, and the class was made package + // private and moved to the hadoop-auth test artifact. So, not only can we not simply set + // oozie.authentication.signature.secret, but we also can't manually configure the StringSignerSecretProvider either. + // However, Hadoop 2.7.0 (HADOOP-10670) also added a FileSignerSecretProvider, which we'll use if it exists + try { + if (Class.forName("org.apache.hadoop.security.authentication.util.FileSignerSecretProvider") != null) { + String secretFile = getTestCaseConfDir() + "/auth-secret"; + conf.set("oozie.authentication.signature.secret.file", secretFile); + FileWriter fw = null; + try { + fw = new FileWriter(secretFile); + fw.write("secret"); + } finally { + if (fw != null) { + fw.close(); + } + } + } + } catch (ClassNotFoundException cnfe) { + // ignore + } conf.set("oozie.authentication.signature.secret", "secret"); conf.set("oozie.authentication.simple.anonymous.allowed", "false"); http://git-wip-us.apache.org/repos/asf/oozie/blob/68d4f229/release-log.txt ---------------------------------------------------------------------- diff --git a/release-log.txt b/release-log.txt index abd63e7..8349ca6 100644 --- a/release-log.txt +++ b/release-log.txt @@ -1,5 +1,6 @@ -- Oozie 4.3.0 release (trunk - unreleased) +OOZIE-2300 TestAuthFilterAuthOozieClient.testClientAuthTokenCache fails with Hadoop 2.7.0 and later (rkanter) OOZIE-1837 LauncherMainHadoopUtils sensitive to clock skew (rkanter) OOZIE-2187 Add a way to specify a default JT/RM and NN (rkanter) OOZIE-2272 Use Hadoop's CredentialProvider for passwords in oozie-site (rkanter)