Repository: hadoop Updated Branches: refs/heads/branch-2 2cd4092c8 -> cc20316b5
HADOOP-13395. Enhance TestKMSAudit. Contributed by Xiao Chen. (cherry picked from commit 070548943a16370a74277d1b1d10b713e2ca81d0) Conflicts: hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/cc20316b Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/cc20316b Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/cc20316b Branch: refs/heads/branch-2 Commit: cc20316b55ee108ccd880e8fb0565eacae2b90bd Parents: 2cd4092c Author: Wei-Chiu Chuang <weic...@apache.org> Authored: Mon Aug 8 15:10:26 2016 -0700 Committer: Wei-Chiu Chuang <weic...@apache.org> Committed: Mon Aug 8 15:16:14 2016 -0700 ---------------------------------------------------------------------- .../hadoop/crypto/key/kms/server/KMSAudit.java | 6 +++ .../crypto/key/kms/server/TestKMSAudit.java | 53 +++++++++++++++++--- 2 files changed, 51 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/cc20316b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java index 7ff76e5..6a401e0 100644 --- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java +++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java @@ -17,6 +17,7 @@ */ package org.apache.hadoop.crypto.key.kms.server; +import com.google.common.annotations.VisibleForTesting; import org.apache.hadoop.security.UserGroupInformation; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -227,4 +228,9 @@ public class KMSAudit { public void shutdown() { executor.shutdownNow(); } + + @VisibleForTesting + void evictCacheForTesting() { + cache.invalidateAll(); + } } http://git-wip-us.apache.org/repos/asf/hadoop/blob/cc20316b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java index 04daeee..b7b8ffe 100644 --- a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java +++ b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java @@ -29,7 +29,9 @@ import org.apache.log4j.PropertyConfigurator; import org.junit.After; import org.junit.Assert; import org.junit.Before; +import org.junit.Rule; import org.junit.Test; +import org.junit.rules.Timeout; import org.mockito.Mockito; public class TestKMSAudit { @@ -51,6 +53,9 @@ public class TestKMSAudit { } } + @Rule + public final Timeout testTimeout = new Timeout(180000); + @Before public void setUp() { originalOut = System.err; @@ -61,7 +66,8 @@ public class TestKMSAudit { PropertyConfigurator.configure(Thread.currentThread(). getContextClassLoader() .getResourceAsStream("log4j-kmsaudit.properties")); - this.kmsAudit = new KMSAudit(1000); + this.kmsAudit = + new KMSAudit(KMSConfiguration.KMS_AUDIT_AGGREGATION_WINDOW_DEFAULT); } @After @@ -91,9 +97,9 @@ public class TestKMSAudit { kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg"); kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg"); kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg"); - Thread.sleep(1500); + kmsAudit.evictCacheForTesting(); kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg"); - Thread.sleep(1500); + kmsAudit.evictCacheForTesting(); String out = getAndResetLogOutput(); System.out.println(out); Assert.assertTrue( @@ -112,24 +118,55 @@ public class TestKMSAudit { UserGroupInformation luser = Mockito.mock(UserGroupInformation.class); Mockito.when(luser.getShortUserName()).thenReturn("luser"); kmsAudit.unauthorized(luser, KMSOp.GENERATE_EEK, "k2"); - Thread.sleep(1000); + kmsAudit.evictCacheForTesting(); kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg"); kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg"); kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg"); kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg"); kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg"); kmsAudit.unauthorized(luser, KMSOp.GENERATE_EEK, "k3"); + // wait a bit so the UNAUTHORIZED-triggered cache invalidation happens. + Thread.sleep(1000); kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg"); - Thread.sleep(2000); + kmsAudit.evictCacheForTesting(); String out = getAndResetLogOutput(); System.out.println(out); - Assert.assertTrue( - out.matches( - "UNAUTHORIZED\\[op=GENERATE_EEK, key=k2, user=luser\\] " + + // The UNAUTHORIZED will trigger cache invalidation, which then triggers + // the aggregated OK (accessCount=5). But the order of the UNAUTHORIZED and + // the aggregated OK is arbitrary - no correctness concerns, but flaky here. + Assert.assertTrue(out.matches( + "UNAUTHORIZED\\[op=GENERATE_EEK, key=k2, user=luser\\] " + "OK\\[op=GENERATE_EEK, key=k3, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg" + "OK\\[op=GENERATE_EEK, key=k3, user=luser, accessCount=5, interval=[^m]{1,4}ms\\] testmsg" + "UNAUTHORIZED\\[op=GENERATE_EEK, key=k3, user=luser\\] " + + "OK\\[op=GENERATE_EEK, key=k3, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg") + || out.matches( + "UNAUTHORIZED\\[op=GENERATE_EEK, key=k2, user=luser\\] " + + "OK\\[op=GENERATE_EEK, key=k3, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg" + + "UNAUTHORIZED\\[op=GENERATE_EEK, key=k3, user=luser\\] " + + "OK\\[op=GENERATE_EEK, key=k3, user=luser, accessCount=5, interval=[^m]{1,4}ms\\] testmsg" + "OK\\[op=GENERATE_EEK, key=k3, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg")); } + @Test + public void testAuditLogFormat() throws Exception { + UserGroupInformation luser = Mockito.mock(UserGroupInformation.class); + Mockito.when(luser.getShortUserName()).thenReturn("luser"); + kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k4", "testmsg"); + kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "testmsg"); + kmsAudit.evictCacheForTesting(); + kmsAudit.unauthorized(luser, KMSOp.DECRYPT_EEK, "k4"); + kmsAudit.error(luser, "method", "url", "testmsg"); + kmsAudit.unauthenticated("remotehost", "method", "url", "testmsg"); + String out = getAndResetLogOutput(); + System.out.println(out); + Assert.assertTrue(out.matches( + "OK\\[op=GENERATE_EEK, key=k4, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg" + + "OK\\[op=GENERATE_EEK, user=luser\\] testmsg" + + "OK\\[op=GENERATE_EEK, key=k4, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg" + + "UNAUTHORIZED\\[op=DECRYPT_EEK, key=k4, user=luser\\] " + + "ERROR\\[user=luser\\] Method:'method' Exception:'testmsg'" + + "UNAUTHENTICATED RemoteHost:remotehost Method:method URL:url ErrorMsg:'testmsg'")); + } } --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org
