Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HBASE-28106 TestShadeSaslAuthenticationProvider fails for branch-2.x #5433

Merged
merged 1 commit into from
Sep 24, 2023
Merged

HBASE-28106 TestShadeSaslAuthenticationProvider fails for branch-2.x #5433

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 16 additions & 13 deletions ...rg/apache/hadoop/hbase/security/provider/example/TestShadeSaslAuthenticationProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@

import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertThrows;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;

import java.io.BufferedWriter;
import java.io.File;
Expand All @@ -37,7 +37,6 @@
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hbase.Cell;
import org.apache.hadoop.hbase.CellUtil;
import org.apache.hadoop.hbase.DoNotRetryIOException;
import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HConstants;
Expand All @@ -50,6 +49,7 @@
import org.apache.hadoop.hbase.client.Get;
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.RetriesExhaustedException;
import org.apache.hadoop.hbase.client.Table;
import org.apache.hadoop.hbase.client.TableDescriptorBuilder;
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
Expand Down Expand Up @@ -217,7 +217,7 @@ public Void run() throws Exception {
}
}

@Test(expected = DoNotRetryIOException.class)
@Test
public void testNegativeAuthentication() throws Exception {
// Validate that we can read that record back out as the user with our custom auth'n
final Configuration clientConf = new Configuration(CONF);
Expand All @@ -227,17 +227,20 @@ public void testNegativeAuthentication() throws Exception {
UserGroupInformation.createUserForTesting("user1", new String[0]);
user1.addToken(
ShadeClientTokenUtil.obtainToken(conn, "user1", "not a real password".toCharArray()));
user1.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
try (Connection conn = ConnectionFactory.createConnection(clientConf);
Table t = conn.getTable(tableName)) {
t.get(new Get(Bytes.toBytes("r1")));
fail("Should not successfully authenticate with HBase");
return null;
// Server will close the connection directly once auth failed, so at client side, we do not
Copy link
Contributor

@NihalJain NihalJain Sep 24, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: we could add another test for HBase Master API here similar to how it is done in master branch. Could be done as another JIRA also or you could add in current itself.

The following code works:

  @Test public void testNegativeAuthentication() throws Exception {
    // Validate that we can read that record back out as the user with our custom auth'n
    final Configuration clientConf = new Configuration(CONF);
    clientConf.setInt(HConstants.HBASE_CLIENT_RETRIES_NUMBER, 3);
    try (Connection conn = ConnectionFactory.createConnection(clientConf)) {
      UserGroupInformation user1 =
        UserGroupInformation.createUserForTesting("user1", new String[0]);
      user1.addToken(
        ShadeClientTokenUtil.obtainToken(conn, "user1", "not a real password".toCharArray()));
      LOG.info("Executing request to HBase Master which should fail");
      user1.doAs(new PrivilegedExceptionAction<Void>() {
        @Override public Void run() throws Exception {
          try (Connection conn = ConnectionFactory.createConnection(clientConf);) {
            conn.getAdmin().listTableDescriptors();
            fail("Should not successfully authenticate with HBase");
          } catch (Exception e) {
            LOG.info("Caught exception in negative Master connectivity test", e);
            assertEquals("Found unexpected exception", RetriesExhaustedException.class,
              e.getClass());
          }
          return null;
        }
      });

      LOG.info("Executing request to HBase RegionServer which should fail");
      user1.doAs(new PrivilegedExceptionAction<Void>() {
        @Override public Void run() throws Exception {
          try (Connection conn = ConnectionFactory.createConnection(clientConf);
            Table t = conn.getTable(tableName)) {
            t.get(new Get(Bytes.toBytes("r1")));
            fail("Should not successfully authenticate with HBase");
          } catch (Exception e) {
            LOG.info("Caught exception in negative RegionServer connectivity test", e);
            assertEquals("Found unexpected exception", RetriesExhaustedException.class,
              e.getClass());
          }
          return null;
        }
      });
    }
  }

Also FYI validateRootCause method of master fails as here we get 'Connection reset by peer' as message in the RetriesExhaustedException. Maybe this is expected for branch-2.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this could be another issue, to unify the implementation of this test across different branches.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Filed HBASE-28110.

// know what is the real problem so we will keep retrying, until reached the max retry times
// limitation
assertThrows("Should not successfully authenticate with HBase",
RetriesExhaustedException.class, () -> user1.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
try (Connection conn = ConnectionFactory.createConnection(clientConf);
Table t = conn.getTable(tableName)) {
t.get(new Get(Bytes.toBytes("r1")));
return null;
}
}
}
});
}));
}
}
}