@Override public Token obtainToken() throws Exception { try { if (UserGroupInformation.getCurrentUser().isFromKeytab()) { // If we're using a keytab, we're probably in cluster mode // can we rely on Spark already having logged in at least once? UserGroupInformation.getCurrentUser().reloginFromKeytab(); } KuduClient client = new KuduClient.KuduClientBuilder(kuduMasterAddresses).build(); byte[] token = client.exportAuthenticationCredentials(); client.close(); LOG.debug("Obtained new Kudu token for {}", kuduMasterAddresses); return SecurityUtils.createToken(token); } catch (Exception e) { LOG.error("Could not obtain new security token from {}", kuduMasterAddresses); throw e; } }
/** * Test that a client is able to connect to masters using valid tokens * after all masters were killed and restarted, and before a leader is * elected. Leader election time is configured to be long enough using * '--leader_failure_max_missed_heartbeat_periods'. */ @Test public void testConnectToNonLeaderMasters() throws Exception { startCluster(ImmutableSet.of(Option.LONG_LEADER_ELECTION)); System.err.println("=> started cluster"); byte[] authnData = client.exportAuthenticationCredentials(); System.err.println("=> exported auth"); assertNotNull(authnData); String oldTicketCache = System.getProperty(SecurityUtil.KUDU_TICKETCACHE_PROPERTY); System.clearProperty(SecurityUtil.KUDU_TICKETCACHE_PROPERTY); try { KuduClient newClient = createClient(); newClient.importAuthenticationCredentials(authnData); System.err.println("=> imported auth"); miniCluster.killAllMasterServers(); miniCluster.startAllMasterServers(); newClient.listTabletServers(); System.err.println("=> listTabletServers"); } finally { System.setProperty(SecurityUtil.KUDU_TICKETCACHE_PROPERTY, oldTicketCache); } }
public void testKudu2267() throws Exception { startCluster(ImmutableSet.of(Option.SHORT_TOKENS_AND_TICKETS)); byte[] authnData = client.exportAuthenticationCredentials(); assertNotNull(authnData); String oldTicketCache = System.getProperty(SecurityUtil.KUDU_TICKETCACHE_PROPERTY);
/** * Regression test for KUDU-2379: if the first usage of a client * is to export credentials, that should trigger a connection to the * cluster rather than returning empty credentials. */ @Test(timeout=60000) public void testExportCredentialsBeforeAnyOtherAccess() throws IOException { startCluster(ImmutableSet.<Option>of()); try (KuduClient c = createClient()) { AuthenticationCredentialsPB pb = AuthenticationCredentialsPB.parseFrom( c.exportAuthenticationCredentials()); Assert.assertTrue(pb.hasAuthnToken()); Assert.assertTrue(pb.getCaCertDersCount() > 0); } }
public void testErrorMessageWithNoCaCert() throws Exception { startCluster(ImmutableSet.of(Option.SHORT_TOKENS_AND_TICKETS)); byte[] authnData = client.exportAuthenticationCredentials();
/** * Regression test for some log spew which occurred in short-lived client instances which * had outbound connections. */ @Test(timeout = 100000) public void testCloseShortlyAfterOpen() throws Exception { CapturingLogAppender cla = new CapturingLogAppender(); try (Closeable c = cla.attach()) { try (KuduClient localClient = new KuduClient.KuduClientBuilder(harness.getMasterAddressesAsString()).build()) { // Force the client to connect to the masters. localClient.exportAuthenticationCredentials(); } } // Ensure there is no log spew due to an unexpected lost connection. String exception_text = cla.getAppendedText(); assertFalse("Unexpected exception:\n" + exception_text, exception_text.contains("lost connection to peer")); }
/** * Test that, if the masters are down when we attempt to connect, we don't end up * logging any nonsensical stack traces including Netty internals. */ @Test(timeout = 100000) public void testNoLogSpewOnConnectionRefused() throws Exception { CapturingLogAppender cla = new CapturingLogAppender(); try (Closeable c = cla.attach()) { harness.killAllMasterServers(); try (KuduClient localClient = new KuduClient.KuduClientBuilder(harness.getMasterAddressesAsString()).build()) { // Force the client to connect to the masters. localClient.exportAuthenticationCredentials(); fail("Should have failed to connect."); } catch (NoLeaderFoundException e) { assertTrue("Bad exception string: " + e.getMessage(), e.getMessage().matches(".*Master config .+ has no leader. " + "Exceptions received:.*Connection refused.*Connection refused" + ".*Connection refused.*")); } } finally { harness.startAllMasterServers(); } // Ensure there is no log spew due to an unexpected lost connection. String logText = cla.getAppendedText(); assertFalse("Should not claim to have lost a connection in the log", logText.contains("lost connection to peer")); assertFalse("Should not have netty spew in log", logText.contains("socket.nio.AbstractNioSelector")); }
startCluster(ImmutableSet.of(Option.SHORT_TOKENS_AND_TICKETS, Option.START_TSERVERS)); byte[] authnData = client.exportAuthenticationCredentials(); assertNotNull(authnData); String oldTicketCache = System.getProperty(SecurityUtil.KUDU_TICKETCACHE_PROPERTY);