NihalJain commented on code in PR #5433:
URL: https://github.com/apache/hbase/pull/5433#discussion_r1335165230
##########
hbase-examples/src/test/java/org/apache/hadoop/hbase/security/provider/example/TestShadeSaslAuthenticationProvider.java:
##########
@@ -227,17 +227,20 @@ public void testNegativeAuthentication() throws Exception
{
UserGroupInformation.createUserForTesting("user1", new String[0]);
user1.addToken(
ShadeClientTokenUtil.obtainToken(conn, "user1", "not a real
password".toCharArray()));
- user1.doAs(new PrivilegedExceptionAction<Void>() {
- @Override
- public Void run() throws Exception {
- try (Connection conn =
ConnectionFactory.createConnection(clientConf);
- Table t = conn.getTable(tableName)) {
- t.get(new Get(Bytes.toBytes("r1")));
- fail("Should not successfully authenticate with HBase");
- return null;
+ // Server will close the connection directly once auth failed, so at
client side, we do not
Review Comment:
nit: we could add another test for HBase Master API here similar to how it
is done in
[master](https://github.com/apache/hbase/blob/4b76a95e032a0426f34a979dd605913ee8bb8d2c/hbase-examples/src/test/java/org/apache/hadoop/hbase/security/provider/example/TestShadeSaslAuthenticationProvider.java#L261)
branch. Could be done as another JIRA also or you could add in current itself.
The following code works:
```
@Test public void testNegativeAuthentication() throws Exception {
// Validate that we can read that record back out as the user with our
custom auth'n
final Configuration clientConf = new Configuration(CONF);
clientConf.setInt(HConstants.HBASE_CLIENT_RETRIES_NUMBER, 3);
try (Connection conn = ConnectionFactory.createConnection(clientConf)) {
UserGroupInformation user1 =
UserGroupInformation.createUserForTesting("user1", new String[0]);
user1.addToken(
ShadeClientTokenUtil.obtainToken(conn, "user1", "not a real
password".toCharArray()));
LOG.info("Executing request to HBase Master which should fail");
user1.doAs(new PrivilegedExceptionAction<Void>() {
@Override public Void run() throws Exception {
try (Connection conn =
ConnectionFactory.createConnection(clientConf);) {
conn.getAdmin().listTableDescriptors();
fail("Should not successfully authenticate with HBase");
} catch (Exception e) {
LOG.info("Caught exception in negative Master connectivity
test", e);
assertEquals("Found unexpected exception",
RetriesExhaustedException.class,
e.getClass());
}
return null;
}
});
LOG.info("Executing request to HBase RegionServer which should fail");
user1.doAs(new PrivilegedExceptionAction<Void>() {
@Override public Void run() throws Exception {
try (Connection conn =
ConnectionFactory.createConnection(clientConf);
Table t = conn.getTable(tableName)) {
t.get(new Get(Bytes.toBytes("r1")));
fail("Should not successfully authenticate with HBase");
} catch (Exception e) {
LOG.info("Caught exception in negative RegionServer connectivity
test", e);
assertEquals("Found unexpected exception",
RetriesExhaustedException.class,
e.getClass());
}
return null;
}
});
}
}
```
Also FYI
[`validateRootCause`](https://github.com/apache/hbase/blob/4b76a95e032a0426f34a979dd605913ee8bb8d2c/hbase-examples/src/test/java/org/apache/hadoop/hbase/security/provider/example/TestShadeSaslAuthenticationProvider.java#L290)
method of master fails as here we get 'Connection reset by peer' as message in
the `RetriesExhaustedException`. Maybe this is expected for branch-2.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
