Repository: hadoop Updated Branches: refs/heads/trunk 6bc2f7f4b -> b63dcd583
HDFS-12974. Exception message is not printed when creating an encryption zone fails with AuthorizationException. Contributed by fang zhenyi. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/b63dcd58 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/b63dcd58 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/b63dcd58 Branch: refs/heads/trunk Commit: b63dcd583f0b98e785831004f41bd7c7de8b3c18 Parents: 6bc2f7f Author: Xiao Chen <[email protected]> Authored: Sun Jan 28 22:15:58 2018 -0800 Committer: Xiao Chen <[email protected]> Committed: Sun Jan 28 22:19:49 2018 -0800 ---------------------------------------------------------------------- .../authorize/AuthorizationException.java | 6 ++-- .../namenode/EncryptionFaultInjector.java | 3 ++ .../server/namenode/FSDirEncryptionZoneOp.java | 1 + .../apache/hadoop/hdfs/TestEncryptionZones.java | 31 +++++++++++++++++++- 4 files changed, 38 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/b63dcd58/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AuthorizationException.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AuthorizationException.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AuthorizationException.java index 03f4d99..79c7d18 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AuthorizationException.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AuthorizationException.java @@ -64,17 +64,19 @@ public class AuthorizationException extends AccessControlException { @Override public void printStackTrace() { - // Do not provide the stack-trace + printStackTrace(System.err); } @Override public void printStackTrace(PrintStream s) { // Do not provide the stack-trace + s.println(this); } @Override public void printStackTrace(PrintWriter s) { // Do not provide the stack-trace + s.println(this); } - + } http://git-wip-us.apache.org/repos/asf/hadoop/blob/b63dcd58/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/EncryptionFaultInjector.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/EncryptionFaultInjector.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/EncryptionFaultInjector.java index e4a035e..938eacd 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/EncryptionFaultInjector.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/EncryptionFaultInjector.java @@ -51,4 +51,7 @@ public class EncryptionFaultInjector { @VisibleForTesting public void reencryptUpdaterProcessCheckpoint() throws IOException {} + + @VisibleForTesting + public void ensureKeyIsInitialized() throws IOException {} } http://git-wip-us.apache.org/repos/asf/hadoop/blob/b63dcd58/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirEncryptionZoneOp.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirEncryptionZoneOp.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirEncryptionZoneOp.java index 7dcb8ab..943e60d 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirEncryptionZoneOp.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirEncryptionZoneOp.java @@ -121,6 +121,7 @@ final class FSDirEncryptionZoneOp { throw new IOException("Must specify a key name when creating an " + "encryption zone"); } + EncryptionFaultInjector.getInstance().ensureKeyIsInitialized(); KeyProvider.Metadata metadata = provider.getMetadata(keyName); if (metadata == null) { /* http://git-wip-us.apache.org/repos/asf/hadoop/blob/b63dcd58/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java index 4497e23..ea867a8 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java @@ -80,9 +80,11 @@ import org.apache.hadoop.hdfs.web.WebHdfsConstants; import org.apache.hadoop.hdfs.web.WebHdfsFileSystem; import org.apache.hadoop.hdfs.web.WebHdfsTestUtil; import org.apache.hadoop.io.EnumSetWritable; +import org.apache.hadoop.ipc.RemoteException; import org.apache.hadoop.security.AccessControlException; import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.authorize.AuthorizationException; import org.apache.hadoop.security.token.Token; import org.apache.hadoop.util.DataChecksum; import org.apache.hadoop.util.ToolRunner; @@ -149,6 +151,9 @@ public class TestEncryptionZones { private File testRootDir; protected final String TEST_KEY = "test_key"; private static final String NS_METRICS = "FSNamesystem"; + private static final String AUTHORIZATION_EXCEPTION_MESSAGE = + "User [root] is not authorized to perform [READ] on key " + + "with ACL name [key2]!!"; protected FileSystemTestWrapper fsWrapper; protected FileContextTestWrapper fcWrapper; @@ -447,7 +452,6 @@ public class TestEncryptionZones { dfsAdmin.createEncryptionZone(zone2, myKeyName, NO_TRASH); assertNumZones(++numZones); assertZonePresent(myKeyName, zone2.toString()); - /* Test failure of create encryption zones as a non super user. */ final UserGroupInformation user = UserGroupInformation. createUserForTesting("user", new String[] { "mygroup" }); @@ -1057,6 +1061,31 @@ public class TestEncryptionZones { } } + private class AuthorizationExceptionInjector extends EncryptionFaultInjector { + @Override + public void ensureKeyIsInitialized() throws IOException { + throw new AuthorizationException(AUTHORIZATION_EXCEPTION_MESSAGE); + } + } + + @Test + public void testExceptionInformationReturn() { + /* Test exception information can be returned when + creating transparent encryption zone.*/ + final Path zone1 = new Path("/zone1"); + EncryptionFaultInjector.instance = new AuthorizationExceptionInjector(); + try { + dfsAdmin.createEncryptionZone(zone1, TEST_KEY, NO_TRASH); + fail("exception information can be returned when creating " + + "transparent encryption zone"); + } catch (IOException e) { + assertTrue(e instanceof RemoteException); + assertTrue(((RemoteException) e).unwrapRemoteException() + instanceof AuthorizationException); + assertExceptionContains(AUTHORIZATION_EXCEPTION_MESSAGE, e); + } + } + private class MyInjector extends EncryptionFaultInjector { volatile int generateCount; CountDownLatch ready; --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
