This is an automated email from the ASF dual-hosted git repository.
adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new 61772231e3 HDDS-8570. Error closing
SCMSecurityProtocolClientSideTranslatorPB (#4679)
61772231e3 is described below
commit 61772231e33ccb4a788b48486a3d8013ef05b4f7
Author: Duong Nguyen <[email protected]>
AuthorDate: Tue May 9 13:38:24 2023 -0700
HDDS-8570. Error closing SCMSecurityProtocolClientSideTranslatorPB (#4679)
---
.../SCMSecurityProtocolFailoverProxyProvider.java | 9 ++---
.../apache/hadoop/hdds/utils/HddsServerUtil.java | 4 +-
.../hadoop/ozone/TestSecureOzoneCluster.java | 43 +++++++++++-----------
3 files changed, 28 insertions(+), 28 deletions(-)
diff --git
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/scm/proxy/SCMSecurityProtocolFailoverProxyProvider.java
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/scm/proxy/SCMSecurityProtocolFailoverProxyProvider.java
index 18d1be6b43..77fc646d84 100644
---
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/scm/proxy/SCMSecurityProtocolFailoverProxyProvider.java
+++
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/scm/proxy/SCMSecurityProtocolFailoverProxyProvider.java
@@ -286,12 +286,11 @@ public class SCMSecurityProtocolFailoverProxyProvider
implements
@Override
public synchronized void close() throws IOException {
- for (Map.Entry<String, ProxyInfo<SCMSecurityProtocolPB>> proxy :
- scmProxies.entrySet()) {
- if (proxy.getValue() != null) {
- RPC.stopProxy(proxy.getValue());
+ for (ProxyInfo<SCMSecurityProtocolPB> proxyInfo : scmProxies.values()) {
+ SCMSecurityProtocolPB proxy = proxyInfo.proxy;
+ if (proxy != null) {
+ RPC.stopProxy(proxy);
}
- scmProxies.remove(proxy.getKey());
}
}
diff --git
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/utils/HddsServerUtil.java
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/utils/HddsServerUtil.java
index f120ffad33..0f0d40e3ba 100644
---
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/utils/HddsServerUtil.java
+++
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/utils/HddsServerUtil.java
@@ -496,13 +496,13 @@ public final class HddsServerUtil {
* @return {@link ScmBlockLocationProtocol}
* @throws IOException
*/
- public static SCMSecurityProtocol getScmSecurityClient(
+ public static SCMSecurityProtocolClientSideTranslatorPB getScmSecurityClient(
OzoneConfiguration conf, UserGroupInformation ugi) throws IOException {
SCMSecurityProtocolClientSideTranslatorPB scmSecurityClient =
new SCMSecurityProtocolClientSideTranslatorPB(
new SCMSecurityProtocolFailoverProxyProvider(conf, ugi));
return TracingUtil.createProxy(scmSecurityClient,
- SCMSecurityProtocol.class, conf);
+ SCMSecurityProtocolClientSideTranslatorPB.class, conf);
}
/**
diff --git
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestSecureOzoneCluster.java
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestSecureOzoneCluster.java
index 2281f5900b..16c1cb62d8 100644
---
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestSecureOzoneCluster.java
+++
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/TestSecureOzoneCluster.java
@@ -44,7 +44,6 @@ import org.apache.hadoop.hdds.HddsConfigKeys;
import org.apache.hadoop.hdds.annotation.InterfaceAudience;
import org.apache.hadoop.hdds.conf.DefaultConfigManager;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
-import org.apache.hadoop.hdds.protocol.SCMSecurityProtocol;
import org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos;
import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetCertResponseProto;
import
org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolClientSideTranslatorPB;
@@ -81,7 +80,6 @@ import
org.apache.hadoop.hdds.security.x509.exception.CertificateException;
import org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator;
import org.apache.hadoop.hdds.security.x509.keys.KeyCodec;
import org.apache.hadoop.hdds.utils.HAUtils;
-import org.apache.hadoop.hdds.utils.HddsServerUtil;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.ipc.Client;
import org.apache.hadoop.ipc.Server;
@@ -141,6 +139,7 @@ import static
org.apache.hadoop.hdds.scm.ScmConfigKeys.OZONE_SCM_SECURITY_SERVIC
import static
org.apache.hadoop.hdds.scm.ScmConfigKeys.OZONE_SCM_SECURITY_SERVICE_PORT_KEY;
import static
org.apache.hadoop.hdds.scm.server.SCMHTTPServerConfig.ConfigStrings.HDDS_SCM_HTTP_KERBEROS_KEYTAB_FILE_KEY;
import static
org.apache.hadoop.hdds.scm.server.SCMHTTPServerConfig.ConfigStrings.HDDS_SCM_HTTP_KERBEROS_PRINCIPAL_KEY;
+import static org.apache.hadoop.hdds.utils.HddsServerUtil.getScmSecurityClient;
import static org.apache.hadoop.net.ServerSocketUtil.getPort;
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_CLIENT_FAILOVER_MAX_ATTEMPTS_KEY;
@@ -376,29 +375,31 @@ public final class TestSecureOzoneCluster {
UserGroupInformation.loginUserFromKeytabAndReturnUGI(
testUserPrincipal, testUserKeytab.getCanonicalPath());
ugi.setAuthenticationMethod(KERBEROS);
- SCMSecurityProtocol scmSecurityProtocolClient =
- HddsServerUtil.getScmSecurityClient(conf, ugi);
- assertNotNull(scmSecurityProtocolClient);
- String caCert = scmSecurityProtocolClient.getCACertificate();
- assertNotNull(caCert);
- // Get some random certificate, used serial id 100 which will be
- // unavailable as our serial id is time stamp. Serial id 1 is root CA,
- // and it is persisted in DB.
- LambdaTestUtils.intercept(SCMSecurityException.class,
- "Certificate not found",
- () -> scmSecurityProtocolClient.getCertificate("100"));
+ try (SCMSecurityProtocolClientSideTranslatorPB securityClient =
+ getScmSecurityClient(conf, ugi)) {
+ assertNotNull(securityClient);
+ String caCert = securityClient.getCACertificate();
+ assertNotNull(caCert);
+ // Get some random certificate, used serial id 100 which will be
+ // unavailable as our serial id is time stamp. Serial id 1 is root CA,
+ // and it is persisted in DB.
+ LambdaTestUtils.intercept(SCMSecurityException.class,
+ "Certificate not found",
+ () -> securityClient.getCertificate("100"));
+ }
// Case 2: User without Kerberos credentials should fail.
ugi = UserGroupInformation.createRemoteUser("test");
ugi.setAuthenticationMethod(AuthMethod.TOKEN);
- SCMSecurityProtocol finalScmSecurityProtocolClient =
- HddsServerUtil.getScmSecurityClient(conf, ugi);
-
- String cannotAuthMessage = "Client cannot authenticate via:[KERBEROS]";
- LambdaTestUtils.intercept(IOException.class, cannotAuthMessage,
- finalScmSecurityProtocolClient::getCACertificate);
- LambdaTestUtils.intercept(IOException.class, cannotAuthMessage,
- () -> finalScmSecurityProtocolClient.getCertificate("1"));
+ try (SCMSecurityProtocolClientSideTranslatorPB securityClient =
+ getScmSecurityClient(conf, ugi)) {
+
+ String cannotAuthMessage = "Client cannot authenticate via:[KERBEROS]";
+ LambdaTestUtils.intercept(IOException.class, cannotAuthMessage,
+ securityClient::getCACertificate);
+ LambdaTestUtils.intercept(IOException.class, cannotAuthMessage,
+ () -> securityClient.getCertificate("1"));
+ }
} finally {
if (scm != null) {
scm.stop();
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
