[
https://issues.apache.org/jira/browse/HADOOP-16958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17079289#comment-17079289
]
Ayush Saxena commented on HADOOP-16958:
---------------------------------------
Thanx [~ctest.team] for the report and fix. Had a quick look.
* The {{policy==null}} should be done at starting itself rather than at end,
(if there isn't any specific reason for doing at end)
* Can {{HadoopIllegalArgumentException}} be used rather than
{{RuntimeException}}
Can you use LambdaTestUtils.intercept for this :
{code:java}
+ // initialize ZKFCRpcServer with null policy
+ try {
+ ZKFCRpcServer server = new ZKFCRpcServer(myconf,
+ new InetSocketAddress(0), dummyZKFC, null);
+ fail("should have thrown exception on null policy provider");
+ server.start();
+ server.stopAndJoin();
+ } catch (RuntimeException e) {
+ assertEquals(CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION
+ + "is configured to true but service-level"
+ + "authorization security policy is null.",
+ e.getMessage());
+ }
{code}
> NullPointerException(NPE) when hadoop.security.authorization is enabled but
> the input PolicyProvider for ZKFCRpcServer is NULL
> ------------------------------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-16958
> URL: https://issues.apache.org/jira/browse/HADOOP-16958
> Project: Hadoop Common
> Issue Type: Bug
> Components: common, ha
> Affects Versions: 3.2.1
> Reporter: Ctest
> Priority: Critical
> Attachments: HADOOP-16958.000.patch, HADOOP-16958.001.patch
>
>
> During initialization, ZKFCRpcServer refreshes the service authorization ACL
> for the service handled by this server if config
> hadoop.security.authorization is enabled, by calling refreshServiceAcl with
> the input PolicyProvider and Configuration.
> {code:java}
> ZKFCRpcServer(Configuration conf,
> InetSocketAddress bindAddr,
> ZKFailoverController zkfc,
> PolicyProvider policy) throws IOException {
> this.server = ...
>
> // set service-level authorization security policy
> if (conf.getBoolean(
> CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, false)) {
> server.refreshServiceAcl(conf, policy);
> }
> }{code}
> refreshServiceAcl calls
> ServiceAuthorizationManager#refreshWithLoadedConfiguration which directly
> gets services from the provider with provider.getServices(). When the
> provider is NULL, the code throws NPE without an informative message. In
> addition, the default value of config
> `hadoop.security.authorization.policyprovider` (which controls PolicyProvider
> here) is NULL and the only usage of ZKFCRpcServer initializer provides only
> an abstract method getPolicyProvider which does not enforce that
> PolicyProvider should not be NULL.
> The suggestion here is to either add a guard check or exception handling with
> an informative logging message on ZKFCRpcServer to handle input
> PolicyProvider being NULL.
>
> I am very happy to provide a patch for it if the issue is confirmed :)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
