[
https://issues.apache.org/jira/browse/HADOOP-9004?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stephen Chu updated HADOOP-9004:
--------------------------------
Status: Patch Available (was: Open)
Submitting new patch.
Added _isExternalKdcRunning()_ to SecurityUtilTestHelper.java to detect if user
running test has specified to use an external KDC.
TestUGIWithExternalKdc and TestSecureNameNodeWithExternalKdc are the
counterparts to TestUGIWithSecurityOn and TestSecureNameNode, except the new
tests use the external KDC. I don't think it'll be clean to merge these into
one test, so I think separating them is fine for now.
I refactored SecureDataNodeStarter so that we can get the SecureResources
within our unit tests.
I modified MiniDFSCluster so that it now actually checks to see if
checkDataNodeAddrConfig was set to true (so that we can change the DataNodes to
use low ports because secure DNs require ports < 1023). Also, while bringing up
the DataNodes, if kerberos authentication is enabled, MiniDFSCluster will now
get the SecureResources necessary to start the DN.
TestStartSecureDataNode brings up a 1 NameNode 1 DataNode MiniDFSCluster.
However, the test will fail if not run as root because bringing up the secure
DN requires root. This is a problem, and it won't work to give away root access
in some jenkins env. I guess there has been past discussion on whether or not
to have this requirement for starting the DN in dev environments. For now, I
think it's still useful to have this test, even if it can't be run in most
setups.
My plan is to continue to write more unit tests against a secure
MiniDFSCluster, as we are missing a lot of unit test coverage against secure
setups.
> Allow security unit tests to use external KDC
> ---------------------------------------------
>
> Key: HADOOP-9004
> URL: https://issues.apache.org/jira/browse/HADOOP-9004
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security, test
> Affects Versions: 2.0.0-alpha
> Reporter: Stephen Chu
> Assignee: Stephen Chu
> Fix For: 3.0.0
>
> Attachments: HADOOP-9004.patch, HADOOP-9004.patch.007
>
>
> I want to add the option of allowing security-related unit tests to use an
> external KDC.
> In HADOOP-8078, we add the ability to start and use an ApacheDS KDC for
> security-related unit tests. It would be good to allow users to validate the
> use of their own KDC, keytabs, and principals and to test different KDCs and
> not rely on the ApacheDS KDC.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
