This is an automated email from the ASF dual-hosted git repository.
krisden pushed a commit to branch branch_9x
in repository https://gitbox.apache.org/repos/asf/solr.git
The following commit(s) were added to refs/heads/branch_9x by this push:
new d37b0ba SOLR-16042: Fix TestSolrCloudWithKerberosAlt.testBasics
failure due to minikdc locale
d37b0ba is described below
commit d37b0ba0909bc88def7fb8605bf0840848a378f4
Author: Kevin Risden <[email protected]>
AuthorDate: Tue Feb 22 11:00:12 2022 -0500
SOLR-16042: Fix TestSolrCloudWithKerberosAlt.testBasics failure due to
minikdc locale
* Simplifies `TestSolrCloudWithKerberosAlt` to use
`KerberosUtils#setupMiniKdc`
* Make sure `KerberosUtils#cleanupMiniKdc` actually clears all system
properties it sets
* Adds assertion to LocaleTest to confirm that
`KerberosTestServices#incompatibleLanguagesWithMiniKdc` has proper list of
languages to ignore
* Adds missing languages to
`KerberosTestServices#incompatibleLanguagesWithMiniKdc`
---
solr/CHANGES.txt | 2 +
.../solr/security/hadoop/KerberosTestServices.java | 4 +-
.../apache/solr/security/hadoop/KerberosUtils.java | 17 ++++-
.../apache/solr/security/hadoop/LocaleTest.java | 24 +++++--
.../hadoop/TestSolrCloudWithKerberosAlt.java | 78 ++--------------------
5 files changed, 43 insertions(+), 82 deletions(-)
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index aa914cd..100be4b 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -587,6 +587,8 @@ and each individual module's jar will be included in its
directory's lib/ folder
* SOLR-15989: Upgrade to Tika 1.28.1 (Kevin Risden)
+* SOLR-16042: Fix TestSolrCloudWithKerberosAlt.testBasics failure due to
minikdc locale (Kevin Risden)
+
Bug Fixes
---------------------
* SOLR-15849: Fix the connection reset problem caused by the incorrect use of
4LW with \n when monitoring zooKeeper status (Fa Ming).
diff --git
a/solr/modules/hadoop-auth/src/test/org/apache/solr/security/hadoop/KerberosTestServices.java
b/solr/modules/hadoop-auth/src/test/org/apache/solr/security/hadoop/KerberosTestServices.java
index f66fea5..3208ed2 100644
---
a/solr/modules/hadoop-auth/src/test/org/apache/solr/security/hadoop/KerberosTestServices.java
+++
b/solr/modules/hadoop-auth/src/test/org/apache/solr/security/hadoop/KerberosTestServices.java
@@ -198,10 +198,10 @@ public class KerberosTestServices {
* These Locales don't generate dates that are compatible with Hadoop
MiniKdc. See LocaleTest.java
* and https://issues.apache.org/jira/browse/DIRKRB-753
*/
- private static final List<String> incompatibleLanguagesWithMiniKdc =
+ static final List<String> incompatibleLanguagesWithMiniKdc =
Arrays.asList(
"mzn", "ps", "mr", "uz", "ks", "bn", "my", "sd", "pa", "ar", "th",
"dz", "ja", "ne",
- "ckb", "fa", "lrc", "ur", "ig");
+ "ckb", "fa", "lrc", "ur", "ig", "sat", "mni", "sa", "as");
public static class Builder {
private File kdcWorkDir;
diff --git
a/solr/modules/hadoop-auth/src/test/org/apache/solr/security/hadoop/KerberosUtils.java
b/solr/modules/hadoop-auth/src/test/org/apache/solr/security/hadoop/KerberosUtils.java
index e7e39d1..6a9734d 100644
---
a/solr/modules/hadoop-auth/src/test/org/apache/solr/security/hadoop/KerberosUtils.java
+++
b/solr/modules/hadoop-auth/src/test/org/apache/solr/security/hadoop/KerberosUtils.java
@@ -70,6 +70,7 @@ public class KerberosUtils {
Files.writeString(jaasFile, jaas);
System.setProperty("java.security.auth.login.config", jaasFile.toString());
System.setProperty("solr.kerberos.jaas.appname", appName);
+ System.setProperty("solr.kerberos.cookie.domain", "127.0.0.1");
System.setProperty("solr.kerberos.principal", solrServerPrincipal);
System.setProperty("solr.kerberos.keytab", keytabFile.getAbsolutePath());
@@ -80,6 +81,11 @@ public class KerberosUtils {
+ "\nRULE:[2:$2@$0](.*EXAMPLE.COM)s/@.*//"
+ "\nDEFAULT");
+ // more debugging, if needed
+ // System.setProperty("sun.security.jgss.debug", "true");
+ // System.setProperty("sun.security.krb5.debug", "true");
+ // System.setProperty("sun.security.jgss.debug", "true");
+ // System.setProperty("java.security.debug",
"logincontext,policy,scl,gssloginconfig");
return tmp;
}
@@ -90,11 +96,20 @@ public class KerberosUtils {
* @param kerberosTestServices An instance of Hadoop mini-kdc
*/
public static void cleanupMiniKdc(KerberosTestServices kerberosTestServices)
{
+ System.clearProperty("solr.jaas.debug");
System.clearProperty("java.security.auth.login.config");
+ System.clearProperty("solr.kerberos.jaas.appname");
+ System.clearProperty("solr.kerberos.cookie.domain");
System.clearProperty("solr.kerberos.principal");
System.clearProperty("solr.kerberos.keytab");
System.clearProperty("solr.kerberos.name.rules");
- System.clearProperty("solr.jaas.debug");
+
+ // more debugging, if needed
+ System.clearProperty("sun.security.jgss.debug");
+ System.clearProperty("sun.security.krb5.debug");
+ System.clearProperty("sun.security.jgss.debug");
+ System.clearProperty("java.security.debug");
+
if (kerberosTestServices != null) {
kerberosTestServices.stop();
}
diff --git
a/solr/modules/hadoop-auth/src/test/org/apache/solr/security/hadoop/LocaleTest.java
b/solr/modules/hadoop-auth/src/test/org/apache/solr/security/hadoop/LocaleTest.java
index cb29a1a..3407009 100644
---
a/solr/modules/hadoop-auth/src/test/org/apache/solr/security/hadoop/LocaleTest.java
+++
b/solr/modules/hadoop-auth/src/test/org/apache/solr/security/hadoop/LocaleTest.java
@@ -20,11 +20,12 @@ import java.io.File;
import java.lang.invoke.MethodHandles;
import java.nio.file.Path;
import java.util.ArrayList;
+import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
-import java.util.stream.Collectors;
+import java.util.Set;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
@@ -82,19 +83,30 @@ public class LocaleTest extends SolrTestCase {
}
};
- List<Locale> locales = new ArrayList<>();
+ Set<String> locales = new HashSet<>();
for (Locale locale : Locale.getAvailableLocales()) {
try {
Locale.setDefault(locale);
new LoginContext("Server", null, null, configuration).login();
} catch (LoginException e) {
- locales.add(locale);
+ locales.add(locale.getLanguage());
}
}
- log.error(
- "Could not login with locales {}",
- locales.stream().collect(Collectors.groupingBy(Locale::getLanguage)));
kdc.stop();
+
+ log.info("Could not login with locales {}", locales);
+
+ List<String> missingLanguages = new ArrayList<>();
+ for (String locale : locales) {
+ if
(!KerberosTestServices.incompatibleLanguagesWithMiniKdc.contains(locale)) {
+ missingLanguages.add(locale);
+ }
+ }
+
+ assertTrue(
+ "KerberosTestServices#incompatibleLanguagesWithMiniKdc is missing
languages: "
+ + missingLanguages,
+ missingLanguages.isEmpty());
}
}
diff --git
a/solr/modules/hadoop-auth/src/test/org/apache/solr/security/hadoop/TestSolrCloudWithKerberosAlt.java
b/solr/modules/hadoop-auth/src/test/org/apache/solr/security/hadoop/TestSolrCloudWithKerberosAlt.java
index 1a84589..0edf81f 100644
---
a/solr/modules/hadoop-auth/src/test/org/apache/solr/security/hadoop/TestSolrCloudWithKerberosAlt.java
+++
b/solr/modules/hadoop-auth/src/test/org/apache/solr/security/hadoop/TestSolrCloudWithKerberosAlt.java
@@ -18,10 +18,7 @@ package org.apache.solr.security.hadoop;
import com.carrotsearch.randomizedtesting.annotations.ThreadLeakFilters;
import com.carrotsearch.randomizedtesting.annotations.ThreadLeakLingering;
-import java.io.File;
import java.lang.invoke.MethodHandles;
-import java.nio.charset.StandardCharsets;
-import org.apache.commons.io.FileUtils;
import org.apache.lucene.util.LuceneTestCase;
import org.apache.lucene.util.QuickPatchThreadsFilter;
import org.apache.solr.SolrIgnoredThreadsFilter;
@@ -37,7 +34,6 @@ import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-/** Test 5 nodes Solr cluster with Kerberos plugin enabled. */
@ThreadLeakFilters(
defaultFilters = true,
filters = {
@@ -48,7 +44,6 @@ import org.slf4j.LoggerFactory;
@LuceneTestCase.Slow
@ThreadLeakLingering(linger = 10000) // minikdc has some lingering threads
public class TestSolrCloudWithKerberosAlt extends SolrCloudTestCase {
-
private static final Logger log =
LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
private static final int numShards = 1;
@@ -62,66 +57,15 @@ public class TestSolrCloudWithKerberosAlt extends
SolrCloudTestCase {
@Override
public void setUp() throws Exception {
super.setUp();
- setupMiniKdc();
- configureCluster(nodeCount).addConfig(configName,
configset("cloud-minimal")).configure();
- }
- private void setupMiniKdc() throws Exception {
- System.setProperty("solr.jaas.debug", "true");
- String kdcDir = createTempDir() + File.separator + "minikdc";
- String solrClientPrincipal = "solr";
- File keytabFile = new File(kdcDir, "keytabs");
- kerberosTestServices =
- KerberosTestServices.builder()
- .withKdc(new File(kdcDir))
- .withJaasConfiguration(solrClientPrincipal, keytabFile,
"SolrClient")
- .build();
- String solrServerPrincipal = "HTTP/127.0.0.1";
- kerberosTestServices.start();
- kerberosTestServices
- .getKdc()
- .createPrincipal(keytabFile, solrServerPrincipal, solrClientPrincipal);
-
- String jaas =
- "SolrClient {\n"
- + " com.sun.security.auth.module.Krb5LoginModule required\n"
- + " useKeyTab=true\n"
- + " keyTab=\""
- + keytabFile.getAbsolutePath()
- + "\"\n"
- + " storeKey=true\n"
- + " useTicketCache=false\n"
- + " doNotPrompt=true\n"
- + " debug=true\n"
- + " principal=\""
- + solrClientPrincipal
- + "\";\n"
- + "};";
-
- String jaasFilePath = kdcDir + File.separator + "jaas-client.conf";
- FileUtils.write(new File(jaasFilePath), jaas, StandardCharsets.UTF_8);
- System.setProperty("java.security.auth.login.config", jaasFilePath);
- System.setProperty(
- "solr.kerberos.jaas.appname", "SolrClient"); // Get this app name from
the jaas file
- System.setProperty("solr.kerberos.cookie.domain", "127.0.0.1");
- System.setProperty("solr.kerberos.principal", solrServerPrincipal);
- System.setProperty("solr.kerberos.keytab", keytabFile.getAbsolutePath());
+ kerberosTestServices = KerberosUtils.setupMiniKdc(createTempDir());
+
System.setProperty("authenticationPlugin",
"org.apache.solr.security.hadoop.KerberosPlugin");
boolean enableDt = random().nextBoolean();
log.info("Enable delegation token: {}", enableDt);
System.setProperty("solr.kerberos.delegation.token.enabled",
Boolean.toString(enableDt));
- // Extracts 127.0.0.1 from HTTP/[email protected]
- System.setProperty(
- "solr.kerberos.name.rules",
- "RULE:[1:$1@$0](.*EXAMPLE.COM)s/@.*//"
- + "\nRULE:[2:$2@$0](.*EXAMPLE.COM)s/@.*//"
- + "\nDEFAULT");
-
- // more debugging, if needed
- // System.setProperty("sun.security.jgss.debug", "true");
- // System.setProperty("sun.security.krb5.debug", "true");
- // System.setProperty("sun.security.jgss.debug", "true");
- // System.setProperty("java.security.debug",
"logincontext,policy,scl,gssloginconfig");
+
+ configureCluster(nodeCount).addConfig(configName,
configset("cloud-minimal")).configure();
}
@Test
@@ -152,23 +96,11 @@ public class TestSolrCloudWithKerberosAlt extends
SolrCloudTestCase {
@Override
public void tearDown() throws Exception {
- System.clearProperty("solr.jaas.debug");
- System.clearProperty("java.security.auth.login.config");
- System.clearProperty("solr.kerberos.jaas.appname");
- System.clearProperty("solr.kerberos.cookie.domain");
- System.clearProperty("solr.kerberos.principal");
- System.clearProperty("solr.kerberos.keytab");
System.clearProperty("authenticationPlugin");
System.clearProperty("solr.kerberos.delegation.token.enabled");
- System.clearProperty("solr.kerberos.name.rules");
- // more debugging, if needed
- // System.clearProperty("sun.security.jgss.debug");
- // System.clearProperty("sun.security.krb5.debug");
- // System.clearProperty("sun.security.jgss.debug");
- // System.clearProperty("java.security.debug");
+ KerberosUtils.cleanupMiniKdc(kerberosTestServices);
- kerberosTestServices.stop();
super.tearDown();
}
}
