[03/35] hadoop git commit: HDFS-13040. Kerberized inotify client fails despite kinit properly. Contributed by Istvan Fajth, Wei-Chiu Chuang, Xiao Chen.
HDFS-13040. Kerberized inotify client fails despite kinit properly. Contributed by Istvan Fajth, Wei-Chiu Chuang, Xiao Chen. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/c75105f0 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/c75105f0 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/c75105f0 Branch: refs/heads/HDFS-7240 Commit: c75105f07b4cdbc2773435fc1125446233113c15 Parents: e99a1e7 Author: Xiao Chen Authored: Fri Mar 2 16:45:07 2018 -0800 Committer: Xiao Chen Committed: Fri Mar 2 16:46:04 2018 -0800 -- .../hdfs/server/namenode/NameNodeRpcServer.java | 22 +- ...estDFSInotifyEventInputStreamKerberized.java | 223 +++ .../hadoop/hdfs/qjournal/MiniQJMHACluster.java | 21 +- 3 files changed, 260 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/c75105f0/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java -- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java index 121d17c..9494263 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java @@ -34,6 +34,7 @@ import static org.apache.hadoop.util.Time.now; import java.io.FileNotFoundException; import java.io.IOException; import java.net.InetSocketAddress; +import java.security.PrivilegedExceptionAction; import java.util.Arrays; import java.util.Collection; import java.util.EnumSet; @@ -189,6 +190,7 @@ import org.apache.hadoop.ipc.RefreshResponse; import org.apache.hadoop.net.Node; import org.apache.hadoop.security.AccessControlException; import org.apache.hadoop.security.Groups; +import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.authorize.AuthorizationException; import org.apache.hadoop.security.authorize.ProxyUsers; @@ -2253,6 +2255,24 @@ public class NameNodeRpcServer implements NamenodeProtocols { // guaranteed to have been written by this NameNode.) boolean readInProgress = syncTxid > 0; +// doas the NN login user for the actual operations to get edits. +// Notably this is necessary when polling from the remote edits via https. +// We have validated the client is a superuser from the NN RPC, so this +// running as the login user here is safe. +EventBatchList ret = SecurityUtil.doAsLoginUser( +new PrivilegedExceptionAction() { + @Override + public EventBatchList run() throws IOException { +return getEventBatchList(syncTxid, txid, log, readInProgress, +maxEventsPerRPC); + } +}); +return ret; + } + + private EventBatchList getEventBatchList(long syncTxid, long txid, + FSEditLog log, boolean readInProgress, int maxEventsPerRPC) + throws IOException { List batches = Lists.newArrayList(); int totalEvents = 0; long maxSeenTxid = -1; @@ -2271,7 +2291,7 @@ public class NameNodeRpcServer implements NamenodeProtocols { // and are using QJM -- the edit log will be closed and this exception // will result LOG.info("NN is transitioning from active to standby and FSEditLog " + - "is closed -- could not read edits"); + "is closed -- could not read edits"); return new EventBatchList(batches, firstSeenTxid, maxSeenTxid, syncTxid); } http://git-wip-us.apache.org/repos/asf/hadoop/blob/c75105f0/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSInotifyEventInputStreamKerberized.java -- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSInotifyEventInputStreamKerberized.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSInotifyEventInputStreamKerberized.java new file mode 100644 index 000..ace7c3b --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSInotifyEventInputStreamKerberized.java @@ -0,0 +1,223 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you
hadoop git commit: HDFS-13040. Kerberized inotify client fails despite kinit properly. Contributed by Istvan Fajth, Wei-Chiu Chuang, Xiao Chen.
Repository: hadoop Updated Branches: refs/heads/branch-2 c24505053 -> 0882725c8 HDFS-13040. Kerberized inotify client fails despite kinit properly. Contributed by Istvan Fajth, Wei-Chiu Chuang, Xiao Chen. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/0882725c Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/0882725c Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/0882725c Branch: refs/heads/branch-2 Commit: 0882725c889f6d77dd7feae986a84bf63cc5f053 Parents: c245050 Author: Xiao Chen Authored: Mon Mar 5 09:38:04 2018 -0800 Committer: Xiao Chen Committed: Mon Mar 5 09:44:42 2018 -0800 -- .../hdfs/server/namenode/NameNodeRpcServer.java | 32 .../hadoop/hdfs/qjournal/MiniQJMHACluster.java | 19 +--- 2 files changed, 41 insertions(+), 10 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/0882725c/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java -- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java index 89571f4..e6d03bb 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java @@ -33,6 +33,7 @@ import static org.apache.hadoop.util.Time.now; import java.io.FileNotFoundException; import java.io.IOException; import java.net.InetSocketAddress; +import java.security.PrivilegedExceptionAction; import java.util.Arrays; import java.util.Collection; import java.util.EnumSet; @@ -175,6 +176,7 @@ import org.apache.hadoop.ipc.RefreshResponse; import org.apache.hadoop.net.Node; import org.apache.hadoop.security.AccessControlException; import org.apache.hadoop.security.Groups; +import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.authorize.AuthorizationException; import org.apache.hadoop.security.authorize.ProxyUsers; @@ -2113,15 +2115,15 @@ public class NameNodeRpcServer implements NamenodeProtocols { } @Override // ClientProtocol - public EventBatchList getEditsFromTxid(long txid) throws IOException { + public EventBatchList getEditsFromTxid(final long txid) throws IOException { checkNNStartup(); namesystem.checkOperation(OperationCategory.READ); // only active namesystem.checkSuperuserPrivilege(); -int maxEventsPerRPC = nn.getConf().getInt( +final int maxEventsPerRPC = nn.getConf().getInt( DFSConfigKeys.DFS_NAMENODE_INOTIFY_MAX_EVENTS_PER_RPC_KEY, DFSConfigKeys.DFS_NAMENODE_INOTIFY_MAX_EVENTS_PER_RPC_DEFAULT); -FSEditLog log = namesystem.getFSImage().getEditLog(); -long syncTxid = log.getSyncTxId(); +final FSEditLog log = namesystem.getFSImage().getEditLog(); +final long syncTxid = log.getSyncTxId(); // If we haven't synced anything yet, we can only read finalized // segments since we can't reliably determine which txns in in-progress // segments have actually been committed (e.g. written to a quorum of JNs). @@ -2130,8 +2132,26 @@ public class NameNodeRpcServer implements NamenodeProtocols { // journals. (In-progress segments written by old writers are already // discarded for us, so if we read any in-progress segments they are // guaranteed to have been written by this NameNode.) -boolean readInProgress = syncTxid > 0; +final boolean readInProgress = syncTxid > 0; + +// doas the NN login user for the actual operations to get edits. +// Notably this is necessary when polling from the remote edits via https. +// We have validated the client is a superuser from the NN RPC, so this +// running as the login user here is safe. +EventBatchList ret = SecurityUtil.doAsLoginUser( +new PrivilegedExceptionAction() { + @Override + public EventBatchList run() throws IOException { +return getEventBatchList(syncTxid, txid, log, readInProgress, +maxEventsPerRPC); + } +}); +return ret; + } + private EventBatchList getEventBatchList(long syncTxid, long txid, + FSEditLog log, boolean readInProgress, int maxEventsPerRPC) + throws IOException { List batches = Lists.newArrayList(); int totalEvents = 0; long maxSeenTxid = -1; @@ -2150,7 +2170,7 @@ public class NameNodeRpcServer implements NamenodeProtocols { // and are using QJM -- the edit log will be
hadoop git commit: HDFS-13040. Kerberized inotify client fails despite kinit properly. Contributed by Istvan Fajth, Wei-Chiu Chuang, Xiao Chen.
Repository: hadoop Updated Branches: refs/heads/branch-3.0 8b9a7b2e4 -> d28db463c HDFS-13040. Kerberized inotify client fails despite kinit properly. Contributed by Istvan Fajth, Wei-Chiu Chuang, Xiao Chen. (cherry picked from commit c75105f07b4cdbc2773435fc1125446233113c15) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/d28db463 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/d28db463 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/d28db463 Branch: refs/heads/branch-3.0 Commit: d28db463c2af75f23a7d0b264a14e6ee5936a353 Parents: 8b9a7b2 Author: Xiao Chen Authored: Fri Mar 2 16:45:07 2018 -0800 Committer: Xiao Chen Committed: Fri Mar 2 16:47:36 2018 -0800 -- .../hdfs/server/namenode/NameNodeRpcServer.java | 22 +- ...estDFSInotifyEventInputStreamKerberized.java | 223 +++ .../hadoop/hdfs/qjournal/MiniQJMHACluster.java | 21 +- 3 files changed, 260 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/d28db463/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java -- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java index 432df34..17f57b2 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java @@ -34,6 +34,7 @@ import static org.apache.hadoop.util.Time.now; import java.io.FileNotFoundException; import java.io.IOException; import java.net.InetSocketAddress; +import java.security.PrivilegedExceptionAction; import java.util.Arrays; import java.util.Collection; import java.util.EnumSet; @@ -187,6 +188,7 @@ import org.apache.hadoop.ipc.RefreshResponse; import org.apache.hadoop.net.Node; import org.apache.hadoop.security.AccessControlException; import org.apache.hadoop.security.Groups; +import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.authorize.AuthorizationException; import org.apache.hadoop.security.authorize.ProxyUsers; @@ -,6 +2224,24 @@ public class NameNodeRpcServer implements NamenodeProtocols { // guaranteed to have been written by this NameNode.) boolean readInProgress = syncTxid > 0; +// doas the NN login user for the actual operations to get edits. +// Notably this is necessary when polling from the remote edits via https. +// We have validated the client is a superuser from the NN RPC, so this +// running as the login user here is safe. +EventBatchList ret = SecurityUtil.doAsLoginUser( +new PrivilegedExceptionAction() { + @Override + public EventBatchList run() throws IOException { +return getEventBatchList(syncTxid, txid, log, readInProgress, +maxEventsPerRPC); + } +}); +return ret; + } + + private EventBatchList getEventBatchList(long syncTxid, long txid, + FSEditLog log, boolean readInProgress, int maxEventsPerRPC) + throws IOException { List batches = Lists.newArrayList(); int totalEvents = 0; long maxSeenTxid = -1; @@ -2240,7 +2260,7 @@ public class NameNodeRpcServer implements NamenodeProtocols { // and are using QJM -- the edit log will be closed and this exception // will result LOG.info("NN is transitioning from active to standby and FSEditLog " + - "is closed -- could not read edits"); + "is closed -- could not read edits"); return new EventBatchList(batches, firstSeenTxid, maxSeenTxid, syncTxid); } http://git-wip-us.apache.org/repos/asf/hadoop/blob/d28db463/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSInotifyEventInputStreamKerberized.java -- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSInotifyEventInputStreamKerberized.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSInotifyEventInputStreamKerberized.java new file mode 100644 index 000..ace7c3b --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSInotifyEventInputStreamKerberized.java @@ -0,0 +1,223 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for ad
hadoop git commit: HDFS-13040. Kerberized inotify client fails despite kinit properly. Contributed by Istvan Fajth, Wei-Chiu Chuang, Xiao Chen.
Repository: hadoop Updated Branches: refs/heads/branch-3.1 162e99c69 -> d35baf157 HDFS-13040. Kerberized inotify client fails despite kinit properly. Contributed by Istvan Fajth, Wei-Chiu Chuang, Xiao Chen. (cherry picked from commit c75105f07b4cdbc2773435fc1125446233113c15) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/d35baf15 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/d35baf15 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/d35baf15 Branch: refs/heads/branch-3.1 Commit: d35baf157eddd64a3fe8cf2674cf771c6f9fee2a Parents: 162e99c Author: Xiao Chen Authored: Fri Mar 2 16:45:07 2018 -0800 Committer: Xiao Chen Committed: Fri Mar 2 16:47:19 2018 -0800 -- .../hdfs/server/namenode/NameNodeRpcServer.java | 22 +- ...estDFSInotifyEventInputStreamKerberized.java | 223 +++ .../hadoop/hdfs/qjournal/MiniQJMHACluster.java | 21 +- 3 files changed, 260 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/d35baf15/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java -- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java index 121d17c..9494263 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java @@ -34,6 +34,7 @@ import static org.apache.hadoop.util.Time.now; import java.io.FileNotFoundException; import java.io.IOException; import java.net.InetSocketAddress; +import java.security.PrivilegedExceptionAction; import java.util.Arrays; import java.util.Collection; import java.util.EnumSet; @@ -189,6 +190,7 @@ import org.apache.hadoop.ipc.RefreshResponse; import org.apache.hadoop.net.Node; import org.apache.hadoop.security.AccessControlException; import org.apache.hadoop.security.Groups; +import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.authorize.AuthorizationException; import org.apache.hadoop.security.authorize.ProxyUsers; @@ -2253,6 +2255,24 @@ public class NameNodeRpcServer implements NamenodeProtocols { // guaranteed to have been written by this NameNode.) boolean readInProgress = syncTxid > 0; +// doas the NN login user for the actual operations to get edits. +// Notably this is necessary when polling from the remote edits via https. +// We have validated the client is a superuser from the NN RPC, so this +// running as the login user here is safe. +EventBatchList ret = SecurityUtil.doAsLoginUser( +new PrivilegedExceptionAction() { + @Override + public EventBatchList run() throws IOException { +return getEventBatchList(syncTxid, txid, log, readInProgress, +maxEventsPerRPC); + } +}); +return ret; + } + + private EventBatchList getEventBatchList(long syncTxid, long txid, + FSEditLog log, boolean readInProgress, int maxEventsPerRPC) + throws IOException { List batches = Lists.newArrayList(); int totalEvents = 0; long maxSeenTxid = -1; @@ -2271,7 +2291,7 @@ public class NameNodeRpcServer implements NamenodeProtocols { // and are using QJM -- the edit log will be closed and this exception // will result LOG.info("NN is transitioning from active to standby and FSEditLog " + - "is closed -- could not read edits"); + "is closed -- could not read edits"); return new EventBatchList(batches, firstSeenTxid, maxSeenTxid, syncTxid); } http://git-wip-us.apache.org/repos/asf/hadoop/blob/d35baf15/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSInotifyEventInputStreamKerberized.java -- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSInotifyEventInputStreamKerberized.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSInotifyEventInputStreamKerberized.java new file mode 100644 index 000..ace7c3b --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSInotifyEventInputStreamKerberized.java @@ -0,0 +1,223 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for ad
hadoop git commit: HDFS-13040. Kerberized inotify client fails despite kinit properly. Contributed by Istvan Fajth, Wei-Chiu Chuang, Xiao Chen.
Repository: hadoop Updated Branches: refs/heads/trunk e99a1e776 -> c75105f07 HDFS-13040. Kerberized inotify client fails despite kinit properly. Contributed by Istvan Fajth, Wei-Chiu Chuang, Xiao Chen. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/c75105f0 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/c75105f0 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/c75105f0 Branch: refs/heads/trunk Commit: c75105f07b4cdbc2773435fc1125446233113c15 Parents: e99a1e7 Author: Xiao Chen Authored: Fri Mar 2 16:45:07 2018 -0800 Committer: Xiao Chen Committed: Fri Mar 2 16:46:04 2018 -0800 -- .../hdfs/server/namenode/NameNodeRpcServer.java | 22 +- ...estDFSInotifyEventInputStreamKerberized.java | 223 +++ .../hadoop/hdfs/qjournal/MiniQJMHACluster.java | 21 +- 3 files changed, 260 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/c75105f0/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java -- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java index 121d17c..9494263 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java @@ -34,6 +34,7 @@ import static org.apache.hadoop.util.Time.now; import java.io.FileNotFoundException; import java.io.IOException; import java.net.InetSocketAddress; +import java.security.PrivilegedExceptionAction; import java.util.Arrays; import java.util.Collection; import java.util.EnumSet; @@ -189,6 +190,7 @@ import org.apache.hadoop.ipc.RefreshResponse; import org.apache.hadoop.net.Node; import org.apache.hadoop.security.AccessControlException; import org.apache.hadoop.security.Groups; +import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.authorize.AuthorizationException; import org.apache.hadoop.security.authorize.ProxyUsers; @@ -2253,6 +2255,24 @@ public class NameNodeRpcServer implements NamenodeProtocols { // guaranteed to have been written by this NameNode.) boolean readInProgress = syncTxid > 0; +// doas the NN login user for the actual operations to get edits. +// Notably this is necessary when polling from the remote edits via https. +// We have validated the client is a superuser from the NN RPC, so this +// running as the login user here is safe. +EventBatchList ret = SecurityUtil.doAsLoginUser( +new PrivilegedExceptionAction() { + @Override + public EventBatchList run() throws IOException { +return getEventBatchList(syncTxid, txid, log, readInProgress, +maxEventsPerRPC); + } +}); +return ret; + } + + private EventBatchList getEventBatchList(long syncTxid, long txid, + FSEditLog log, boolean readInProgress, int maxEventsPerRPC) + throws IOException { List batches = Lists.newArrayList(); int totalEvents = 0; long maxSeenTxid = -1; @@ -2271,7 +2291,7 @@ public class NameNodeRpcServer implements NamenodeProtocols { // and are using QJM -- the edit log will be closed and this exception // will result LOG.info("NN is transitioning from active to standby and FSEditLog " + - "is closed -- could not read edits"); + "is closed -- could not read edits"); return new EventBatchList(batches, firstSeenTxid, maxSeenTxid, syncTxid); } http://git-wip-us.apache.org/repos/asf/hadoop/blob/c75105f0/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSInotifyEventInputStreamKerberized.java -- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSInotifyEventInputStreamKerberized.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSInotifyEventInputStreamKerberized.java new file mode 100644 index 000..ace7c3b --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSInotifyEventInputStreamKerberized.java @@ -0,0 +1,223 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this f