(ozone) branch master updated: HDDS-9893. Client in clientCache is not properly invalidated with security enabled (#5780)

Thu, 14 Dec 2023 01:29:57 -0800 

This is an automated email from the ASF dual-hosted git repository.

adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git


The following commit(s) were added to refs/heads/master by this push:
     new 82d2759595 HDDS-9893. Client in clientCache is not properly 
invalidated with security enabled (#5780)
82d2759595 is described below

commit 82d27595958f70a7468a38899bf48b2208bebe64
Author: Sammi Chen <[email protected]>
AuthorDate: Thu Dec 14 17:29:12 2023 +0800

    HDDS-9893. Client in clientCache is not properly invalidated with security 
enabled (#5780)
---
 .../hadoop/hdds/scm/XceiverClientManager.java      | 15 +++++++++++----
 .../hadoop/ozone/scm/TestXceiverClientManager.java | 22 ++++++++++++++++------
 2 files changed, 27 insertions(+), 10 deletions(-)

diff --git 
a/hadoop-hdds/client/src/main/java/org/apache/hadoop/hdds/scm/XceiverClientManager.java
 
b/hadoop-hdds/client/src/main/java/org/apache/hadoop/hdds/scm/XceiverClientManager.java
index 46bd7e5345..62156c7e40 100644
--- 
a/hadoop-hdds/client/src/main/java/org/apache/hadoop/hdds/scm/XceiverClientManager.java
+++ 
b/hadoop-hdds/client/src/main/java/org/apache/hadoop/hdds/scm/XceiverClientManager.java
@@ -235,10 +235,6 @@ public class XceiverClientManager implements Closeable, 
XceiverClientFactory {
       // create different client different pipeline node based on
       // network topology
       String key = getPipelineCacheKey(pipeline, topologyAware);
-      // Append user short name to key to prevent a different user
-      // from using same instance of xceiverClient.
-      key = isSecurityEnabled ?
-          key + UserGroupInformation.getCurrentUser().getShortUserName() : key;
       return clientCache.get(key, new Callable<XceiverClientSpi>() {
         @Override
           public XceiverClientSpi call() throws Exception {
@@ -297,6 +293,17 @@ public class XceiverClientManager implements Closeable, 
XceiverClientFactory {
             e.getMessage());
       }
     }
+
+    if (isSecurityEnabled) {
+      // Append user short name to key to prevent a different user
+      // from using same instance of xceiverClient.
+      try {
+        key += UserGroupInformation.getCurrentUser().getShortUserName();
+      } catch (IOException e) {
+        LOG.error("Failed to get current user to create pipeline cache key:" +
+            e.getMessage());
+      }
+    }
     return key;
   }
 
diff --git 
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/scm/TestXceiverClientManager.java
 
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/scm/TestXceiverClientManager.java
index 69a08603b3..9130a87b1a 100644
--- 
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/scm/TestXceiverClientManager.java
+++ 
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/scm/TestXceiverClientManager.java
@@ -19,6 +19,7 @@ package org.apache.hadoop.ozone.scm;
 
 import com.google.common.cache.Cache;
 import org.apache.hadoop.hdds.scm.XceiverClientManager.ScmClientConfig;
+import org.apache.hadoop.hdds.scm.client.ClientTrustManager;
 import 
org.apache.hadoop.hdds.scm.container.common.helpers.ContainerWithPipeline;
 import org.apache.hadoop.io.IOUtils;
 import org.apache.hadoop.ozone.MiniOzoneCluster;
@@ -37,11 +38,15 @@ import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.Timeout;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 
 import java.io.IOException;
 import java.util.UUID;
 
 import static org.apache.hadoop.hdds.HddsConfigKeys.HDDS_METADATA_DIR_NAME;
+import static 
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_SECURITY_ENABLED_KEY;
+import static org.mockito.Mockito.mock;
 
 /**
  * Test for XceiverClientManager caching and eviction.
@@ -73,14 +78,18 @@ public class TestXceiverClientManager {
     IOUtils.cleanupWithLogger(null, storageContainerLocationClient);
   }
 
-  @Test
-  public void testCaching() throws IOException {
+  @ParameterizedTest(name = "Ozone security enabled: {0}")
+  @ValueSource(booleans = {false, true})
+  public void testCaching(boolean securityEnabled) throws IOException {
     OzoneConfiguration conf = new OzoneConfiguration();
+    conf.setBoolean(OZONE_SECURITY_ENABLED_KEY, securityEnabled);
     String metaDir = GenericTestUtils.getTempPath(
         TestXceiverClientManager.class.getName() + UUID.randomUUID());
     conf.set(HDDS_METADATA_DIR_NAME, metaDir);
 
-    try (XceiverClientManager clientManager = new XceiverClientManager(conf)) {
+    ClientTrustManager trustManager = mock(ClientTrustManager.class);
+    try (XceiverClientManager clientManager = new XceiverClientManager(conf,
+        conf.getObject(ScmClientConfig.class), trustManager)) {
 
       ContainerWithPipeline container1 = storageContainerLocationClient
           .allocateContainer(
@@ -105,9 +114,10 @@ public class TestXceiverClientManager {
       Assertions.assertEquals(2, client3.getRefcount());
       Assertions.assertEquals(2, client1.getRefcount());
       Assertions.assertEquals(client1, client3);
-      clientManager.releaseClient(client1, false);
-      clientManager.releaseClient(client2, false);
-      clientManager.releaseClient(client3, false);
+      clientManager.releaseClient(client1, true);
+      clientManager.releaseClient(client2, true);
+      clientManager.releaseClient(client3, true);
+      Assertions.assertTrue(clientManager.getClientCache().size() == 0);
     }
   }
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to