[
https://issues.apache.org/jira/browse/HDFS-5275?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arpit Agarwal updated HDFS-5275:
--------------------------------
Description:
The port selection to get the delegation token is confusing. Also the code
documentation and tests appear to conflict.
The comment in {{HftpFileSystem#getCanonicalServiceName}} seems to indicate
that the configured secure port should be chosen, ignoring the port from the
URI.
{code}
public String getCanonicalServiceName() {
// unlike other filesystems, hftp's service is the secure port, not the
// actual port in the uri
return SecurityUtil.buildTokenService(nnSecureUri).toString();
}
{code}
However {{TestHftpFileSystem#testHsftpCustomUriPortWithCustomDefaultPorts}}
tests that the returned port is the one from the URI.
{code}
@Test
public void testHsftpCustomUriPortWithCustomDefaultPorts() throws IOException {
conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTPS_PORT_KEY, 456);
URI uri = URI.create("hsftp://localhost:789";);
HsftpFileSystem fs = (HsftpFileSystem) FileSystem.get(uri, conf);
assertEquals(456, fs.getDefaultPort());
assertEquals(456, fs.getDefaultSecurePort());
assertEquals(uri, fs.getUri());
assertEquals(
"127.0.0.1:789",
fs.getCanonicalServiceName()
);
}
{code}
The test still passes because of a (incorrect?) overload of
{{getNamenodeSecureAddr}} by {{HsftpFileSystem}}.
Either the code needs to be fixed or we should document the correct behavior.
was:
The port selection to get the delegation token is confusing. Also the code
documentation and tests appear to conflict.
The comment in {{HftpFileSystem#getCanonicalServiceName}} seems to indicate
that the configured secure port should be chosen, ignoring the port from the
URI.
{code}
public String getCanonicalServiceName() {
// unlike other filesystems, hftp's service is the secure port, not the
// actual port in the uri
return SecurityUtil.buildTokenService(nnSecureUri).toString();
}
{code}
However {{TestHftpFileSystem#testHsftpCustomUriPortWithCustomDefaultPorts}}
tests that the returned port is the one from the URI.
{code}
@Test
public void testHsftpCustomUriPortWithCustomDefaultPorts() throws IOException {
conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTPS_PORT_KEY, 456);
URI uri = URI.create("hsftp://localhost:789";);
HsftpFileSystem fs = (HsftpFileSystem) FileSystem.get(uri, conf);
assertEquals(456, fs.getDefaultPort());
assertEquals(456, fs.getDefaultSecurePort());
assertEquals(uri, fs.getUri());
assertEquals(
"127.0.0.1:789",
fs.getCanonicalServiceName()
);
}
{code}
The test still passes because of a confusing overload of
{{getNamenodeSecureAddr}} by {{HsftpFileSystem}}.
Either the code needs to be fixed or we should document the correct behavior.
> Target port chosen by Hftp/Hsftp for getting delegation token may be incorrect
> ------------------------------------------------------------------------------
>
> Key: HDFS-5275
> URL: https://issues.apache.org/jira/browse/HDFS-5275
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
> Affects Versions: 3.0.0
> Reporter: Arpit Agarwal
>
> The port selection to get the delegation token is confusing. Also the code
> documentation and tests appear to conflict.
> The comment in {{HftpFileSystem#getCanonicalServiceName}} seems to indicate
> that the configured secure port should be chosen, ignoring the port from the
> URI.
> {code}
> public String getCanonicalServiceName() {
> // unlike other filesystems, hftp's service is the secure port, not the
> // actual port in the uri
> return SecurityUtil.buildTokenService(nnSecureUri).toString();
> }
> {code}
> However {{TestHftpFileSystem#testHsftpCustomUriPortWithCustomDefaultPorts}}
> tests that the returned port is the one from the URI.
> {code}
> @Test
> public void testHsftpCustomUriPortWithCustomDefaultPorts() throws IOException
> {
> conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTPS_PORT_KEY, 456);
> URI uri = URI.create("hsftp://localhost:789";);
> HsftpFileSystem fs = (HsftpFileSystem) FileSystem.get(uri, conf);
> assertEquals(456, fs.getDefaultPort());
> assertEquals(456, fs.getDefaultSecurePort());
> assertEquals(uri, fs.getUri());
> assertEquals(
> "127.0.0.1:789",
> fs.getCanonicalServiceName()
> );
> }
> {code}
> The test still passes because of a (incorrect?) overload of
> {{getNamenodeSecureAddr}} by {{HsftpFileSystem}}.
> Either the code needs to be fixed or we should document the correct behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
