This is an automated email from the ASF dual-hosted git repository.
junegunn pushed a commit to branch branch-2.5
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2.5 by this push:
new 40876d2aa2a HBASE-30042 Test AuthUtil.loginClient with existing
Kerberos login (#8002)
40876d2aa2a is described below
commit 40876d2aa2acf25a3a4df9ff041b46a3fb2830df
Author: JinHyuk Kim <[email protected]>
AuthorDate: Tue Mar 31 21:08:49 2026 +0900
HBASE-30042 Test AuthUtil.loginClient with existing Kerberos login (#8002)
Signed-off-by: Junegunn Choi <[email protected]>
---
.../TestUsersOperationsWithSecureHadoop.java | 39 ++++++++++++++++++++--
1 file changed, 37 insertions(+), 2 deletions(-)
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestUsersOperationsWithSecureHadoop.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestUsersOperationsWithSecureHadoop.java
index 5f8f3515af8..a0d22d5fa60 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestUsersOperationsWithSecureHadoop.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestUsersOperationsWithSecureHadoop.java
@@ -62,12 +62,15 @@ public class TestUsersOperationsWithSecureHadoop {
private static String CLIENT_NAME;
+ private static String OTHER_CLIENT_NAME;
+
@BeforeClass
public static void setUp() throws Exception {
KDC = TEST_UTIL.setupMiniKdc(KEYTAB_FILE);
PRINCIPAL = "hbase/" + HOST;
CLIENT_NAME = "foo";
- KDC.createPrincipal(KEYTAB_FILE, PRINCIPAL, CLIENT_NAME);
+ OTHER_CLIENT_NAME = "bar";
+ KDC.createPrincipal(KEYTAB_FILE, PRINCIPAL, CLIENT_NAME,
OTHER_CLIENT_NAME);
HBaseKerberosUtils.setPrincipalForTesting(PRINCIPAL + "@" +
KDC.getRealm());
HBaseKerberosUtils.setKeytabFileForTesting(KEYTAB_FILE.getAbsolutePath());
HBaseKerberosUtils.setClientPrincipalForTesting(CLIENT_NAME + "@" +
KDC.getRealm());
@@ -133,7 +136,24 @@ public class TestUsersOperationsWithSecureHadoop {
}
@Test
- public void testAuthUtilLogin() throws Exception {
+ public void testAuthUtilLoginWithExistingLoginUser() throws Exception {
+ String clientKeytab = getClientKeytabForTesting();
+ String clientPrincipal = getClientPrincipalForTesting();
+ Configuration conf = getSecuredConfiguration();
+ conf.set(AuthUtil.HBASE_CLIENT_KEYTAB_FILE, clientKeytab);
+ conf.set(AuthUtil.HBASE_CLIENT_KERBEROS_PRINCIPAL, clientPrincipal);
+ UserGroupInformation.setConfiguration(conf);
+
+ UserGroupInformation.loginUserFromKeytab(CLIENT_NAME, clientKeytab);
+
+ User user = AuthUtil.loginClient(conf);
+ assertTrue(user.isLoginFromKeytab());
+ assertEquals(CLIENT_NAME, user.getShortName());
+ assertEquals(getClientPrincipalForTesting(), user.getName());
+ }
+
+ @Test
+ public void testAuthUtilLoginWithDifferentExistingUser() throws Exception {
String clientKeytab = getClientKeytabForTesting();
String clientPrincipal = getClientPrincipalForTesting();
Configuration conf = getSecuredConfiguration();
@@ -141,9 +161,24 @@ public class TestUsersOperationsWithSecureHadoop {
conf.set(AuthUtil.HBASE_CLIENT_KERBEROS_PRINCIPAL, clientPrincipal);
UserGroupInformation.setConfiguration(conf);
+ // Login with other principal first
+ String otherPrincipal = OTHER_CLIENT_NAME + "@" + KDC.getRealm();
+ UserGroupInformation.loginUserFromKeytab(otherPrincipal, clientKeytab);
+
User user = AuthUtil.loginClient(conf);
assertTrue(user.isLoginFromKeytab());
+ // The existing login user (bar) doesn't match the principal configured in
+ // HBASE_CLIENT_KERBEROS_PRINCIPAL (foo), so loginClient should re-login
+ // with the configured principal.
assertEquals(CLIENT_NAME, user.getShortName());
assertEquals(getClientPrincipalForTesting(), user.getName());
+
+ conf.set(AuthUtil.HBASE_CLIENT_KERBEROS_PRINCIPAL, otherPrincipal);
+
+ user = AuthUtil.loginClient(conf);
+ assertTrue(user.isLoginFromKeytab());
+ // After updating HBASE_CLIENT_KERBEROS_PRINCIPAL to bar, loginClient
should re-login with bar.
+ assertEquals(OTHER_CLIENT_NAME, user.getShortName());
+ assertEquals(otherPrincipal, user.getName());
}
}
