This is an automated email from the ASF dual-hosted git repository.

liuml07 pushed a commit to branch branch-3.3
in repository https://gitbox.apache.org/repos/asf/hadoop.git


The following commit(s) were added to refs/heads/branch-3.3 by this push:
     new ee7d214  Revert "HADOOP-17159 Ability for forceful relogin in 
UserGroupInformation class (#2197)"
ee7d214 is described below

commit ee7d21411869ec18f620615b9e62caa5add72a1d
Author: Mingliang Liu <lium...@apache.org>
AuthorDate: Wed Aug 26 11:22:46 2020 -0700

    Revert "HADOOP-17159 Ability for forceful relogin in UserGroupInformation 
class (#2197)"
    
    This reverts commit da129a67bb4a169d3efcfc7cf298af68bad5fb73.
---
 .../hadoop/security/UserGroupInformation.java      | 35 +++++----------------
 .../hadoop/security/TestUGILoginFromKeytab.java    | 36 ----------------------
 2 files changed, 7 insertions(+), 64 deletions(-)

diff --git 
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
 
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
index 57a4c74..d37da72 100644
--- 
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
+++ 
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
@@ -1233,26 +1233,7 @@ public class UserGroupInformation {
     reloginFromKeytab(false);
   }
 
-  /**
-   * Force re-Login a user in from a keytab file. Loads a user identity from a
-   * keytab file and logs them in. They become the currently logged-in user.
-   * This method assumes that {@link #loginUserFromKeytab(String, String)} had
-   * happened already. The Subject field of this UserGroupInformation object is
-   * updated to have the new credentials.
-   *
-   * @param ignoreTimeElapsed Force re-login irrespective of the time of last
-   *                          login
-   * @throws IOException
-   * @throws KerberosAuthException on a failure
-   */
-  @InterfaceAudience.Public
-  @InterfaceStability.Evolving
-  public void reloginFromKeytab(boolean ignoreTimeElapsed) throws IOException {
-    reloginFromKeytab(false, ignoreTimeElapsed);
-  }
-
-  private void reloginFromKeytab(boolean checkTGT, boolean ignoreTimeElapsed)
-      throws IOException {
+  private void reloginFromKeytab(boolean checkTGT) throws IOException {
     if (!shouldRelogin() || !isFromKeytab()) {
       return;
     }
@@ -1267,7 +1248,7 @@ public class UserGroupInformation {
         return;
       }
     }
-    relogin(login, ignoreTimeElapsed);
+    relogin(login);
   }
 
   /**
@@ -1288,27 +1269,25 @@ public class UserGroupInformation {
     if (login == null) {
       throw new KerberosAuthException(MUST_FIRST_LOGIN);
     }
-    relogin(login, false);
+    relogin(login);
   }
 
-  private void relogin(HadoopLoginContext login, boolean ignoreTimeElapsed)
-      throws IOException {
+  private void relogin(HadoopLoginContext login) throws IOException {
     // ensure the relogin is atomic to avoid leaving credentials in an
     // inconsistent state.  prevents other ugi instances, SASL, and SPNEGO
     // from accessing or altering credentials during the relogin.
     synchronized(login.getSubjectLock()) {
       // another racing thread may have beat us to the relogin.
       if (login == getLogin()) {
-        unprotectedRelogin(login, ignoreTimeElapsed);
+        unprotectedRelogin(login);
       }
     }
   }
 
-  private void unprotectedRelogin(HadoopLoginContext login,
-      boolean ignoreTimeElapsed) throws IOException {
+  private void unprotectedRelogin(HadoopLoginContext login) throws IOException 
{
     assert Thread.holdsLock(login.getSubjectLock());
     long now = Time.now();
-    if (!hasSufficientTimeElapsed(now) && !ignoreTimeElapsed) {
+    if (!hasSufficientTimeElapsed(now)) {
       return;
     }
     // register most recent relogin attempt
diff --git 
a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java
 
b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java
index bf4cf75..d233234 100644
--- 
a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java
+++ 
b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java
@@ -158,42 +158,6 @@ public class TestUGILoginFromKeytab {
     Assert.assertNotSame(login1, login2);
   }
 
-  /**
-   * Force re-login from keytab using the MiniKDC and verify the UGI can
-   * successfully relogin from keytab as well.
-   */
-  @Test
-  public void testUGIForceReLoginFromKeytab() throws Exception {
-    // Set this to false as we are testing force re-login anyways
-    UserGroupInformation.setShouldRenewImmediatelyForTests(false);
-    String principal = "foo";
-    File keytab = new File(workDir, "foo.keytab");
-    kdc.createPrincipal(keytab, principal);
-
-    UserGroupInformation.loginUserFromKeytab(principal, keytab.getPath());
-    UserGroupInformation ugi = UserGroupInformation.getLoginUser();
-    Assert.assertTrue("UGI should be configured to login from keytab",
-        ugi.isFromKeytab());
-
-    // Verify relogin from keytab.
-    User user = getUser(ugi.getSubject());
-    final long firstLogin = user.getLastLogin();
-    final LoginContext login1 = user.getLogin();
-    Assert.assertNotNull(login1);
-
-    // Sleep for 2 secs to have a difference between first and second login
-    Thread.sleep(2000);
-
-    // Force relogin from keytab
-    ugi.reloginFromKeytab(true);
-    final long secondLogin = user.getLastLogin();
-    final LoginContext login2 = user.getLogin();
-    Assert.assertTrue("User should have been able to relogin from keytab",
-        secondLogin > firstLogin);
-    Assert.assertNotNull(login2);
-    Assert.assertNotSame(login1, login2);
-  }
-
   @Test
   public void testGetUGIFromKnownSubject() throws Exception {
     KerberosPrincipal principal = new KerberosPrincipal("user");


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org

Reply via email to