(hbase) branch branch-2.6 updated: HBASE-28377 Fallback to simple is broken for blocking rpc client (#5690)
This is an automated email from the ASF dual-hosted git repository.
zhangduo pushed a commit to branch branch-2.6
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2.6 by this push:
new ea1c057e0b1 HBASE-28377 Fallback to simple is broken for blocking rpc
client (#5690)
ea1c057e0b1 is described below
commit ea1c057e0b170ed846a2985cd0bcc6ec56924f59
Author: Duo Zhang
AuthorDate: Mon Feb 19 21:36:18 2024 +0800
HBASE-28377 Fallback to simple is broken for blocking rpc client (#5690)
Signed-off-by: Bryan Beaudreault
(cherry picked from commit 7bc07a6563e631a1ae1ec464c619ca0e921d8945)
---
.../hadoop/hbase/ipc/BlockingRpcConnection.java| 1 +
.../hadoop/hbase/security/HBaseSaslRpcClient.java | 8 +-
.../hbase/security/AbstractTestSecureIPC.java | 102 +
3 files changed, 90 insertions(+), 21 deletions(-)
diff --git
a/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
b/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
index 7f0b2a52f6a..e38246b5a69 100644
---
a/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
+++
b/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
@@ -546,6 +546,7 @@ class BlockingRpcConnection extends RpcConnection
implements Runnable {
// fall back to simple auth because server told us so.
// do not change authMethod and useSasl here, we should start from
secure when
// reconnecting because regionserver may change its sasl config
after restart.
+saslRpcClient = null;
}
}
createStreams(inStream, outStream);
diff --git
a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
index 0394bb0f2a3..ace1c38ab22 100644
---
a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
+++
b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
@@ -32,6 +32,7 @@ import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.io.crypto.aes.CryptoAES;
+import org.apache.hadoop.hbase.ipc.FallbackDisallowedException;
import
org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProvider;
import org.apache.hadoop.io.WritableUtils;
import org.apache.hadoop.ipc.RemoteException;
@@ -107,12 +108,9 @@ public class HBaseSaslRpcClient extends
AbstractHBaseSaslRpcClient {
int len = inStream.readInt();
if (len == SaslUtil.SWITCH_TO_SIMPLE_AUTH) {
if (!fallbackAllowed) {
-throw new IOException("Server asks us to fall back to SIMPLE auth,
"
- + "but this client is configured to only allow secure
connections.");
- }
- if (LOG.isDebugEnabled()) {
-LOG.debug("Server asks us to fall back to simple auth.");
+throw new FallbackDisallowedException();
}
+ LOG.debug("Server asks us to fall back to simple auth.");
dispose();
return false;
}
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/AbstractTestSecureIPC.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/AbstractTestSecureIPC.java
index afd0122af73..15a26185f0c 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/AbstractTestSecureIPC.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/AbstractTestSecureIPC.java
@@ -24,17 +24,22 @@ import static
org.apache.hadoop.hbase.security.HBaseKerberosUtils.getPrincipalFo
import static
org.apache.hadoop.hbase.security.HBaseKerberosUtils.loginKerberosPrincipal;
import static
org.apache.hadoop.hbase.security.HBaseKerberosUtils.setSecuredConfiguration;
import static
org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProviders.SELECTOR_KEY;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.either;
+import static org.hamcrest.Matchers.instanceOf;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotSame;
import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertThrows;
import static org.junit.Assert.fail;
+import java.io.EOFException;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.Field;
import java.net.InetAddress;
import java.net.InetSocketAddress;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Map;
@@ -44,12 +49,13 @@ import org.apache.commons.lang3.RandomStringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseTestingUtilit
(hbase) branch branch-2 updated: HBASE-28370 Default user quotas are refreshing too frequently (#5686)
This is an automated email from the ASF dual-hosted git repository.
bbeaudreault pushed a commit to branch branch-2
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2 by this push:
new 52c65418d0f HBASE-28370 Default user quotas are refreshing too
frequently (#5686)
52c65418d0f is described below
commit 52c65418d0f8ccbd297aa382da22ee6e9e62e059
Author: Ray Mattingly
AuthorDate: Mon Feb 19 15:32:00 2024 -0500
HBASE-28370 Default user quotas are refreshing too frequently (#5686)
Signed-off-by: Bryan Beaudreault
---
.../org/apache/hadoop/hbase/quotas/QuotaCache.java | 12 ++-
.../org/apache/hadoop/hbase/quotas/QuotaUtil.java | 6 +-
.../apache/hadoop/hbase/quotas/TestQuotaCache.java | 89 ++
.../hadoop/hbase/quotas/ThrottleQuotaTestUtil.java | 12 +++
4 files changed, 115 insertions(+), 4 deletions(-)
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaCache.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaCache.java
index 67b2aecc544..9b3498ff894 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaCache.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaCache.java
@@ -71,6 +71,8 @@ public class QuotaCache implements Stoppable {
// for testing purpose only, enforce the cache to be always refreshed
static boolean TEST_FORCE_REFRESH = false;
+ // for testing purpose only, block cache refreshes to reliably verify state
+ static boolean TEST_BLOCK_REFRESH = false;
private final ConcurrentMap namespaceQuotaCache = new
ConcurrentHashMap<>();
private final ConcurrentMap tableQuotaCache = new
ConcurrentHashMap<>();
@@ -138,7 +140,7 @@ public class QuotaCache implements Stoppable {
*/
public UserQuotaState getUserQuotaState(final UserGroupInformation ugi) {
return computeIfAbsent(userQuotaCache, getQuotaUserName(ugi),
- () ->
QuotaUtil.buildDefaultUserQuotaState(rsServices.getConfiguration()),
+ () ->
QuotaUtil.buildDefaultUserQuotaState(rsServices.getConfiguration(), 0L),
this::triggerCacheRefresh);
}
@@ -239,6 +241,14 @@ public class QuotaCache implements Stoppable {
@edu.umd.cs.findbugs.annotations.SuppressWarnings(value =
"GC_UNRELATED_TYPES",
justification = "I do not understand why the complaints, it looks good
to me -- FIX")
protected void chore() {
+ while (TEST_BLOCK_REFRESH) {
+LOG.info("TEST_BLOCK_REFRESH=true, so blocking QuotaCache refresh
until it is false");
+try {
+ Thread.sleep(10);
+} catch (InterruptedException e) {
+ throw new RuntimeException(e);
+}
+ }
// Prefetch online tables/namespaces
for (TableName table : ((HRegionServer)
QuotaCache.this.rsServices).getOnlineTables()) {
if (table.isSystemTable()) {
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaUtil.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaUtil.java
index 831c0297785..8ced76e3963 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaUtil.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaUtil.java
@@ -333,7 +333,7 @@ public class QuotaUtil extends QuotaTableUtil {
String user = getUserFromRowKey(key);
if (results[i].isEmpty()) {
-userQuotas.put(user,
buildDefaultUserQuotaState(connection.getConfiguration()));
+userQuotas.put(user,
buildDefaultUserQuotaState(connection.getConfiguration(), nowTs));
continue;
}
@@ -373,7 +373,7 @@ public class QuotaUtil extends QuotaTableUtil {
return userQuotas;
}
- protected static UserQuotaState buildDefaultUserQuotaState(Configuration
conf) {
+ protected static UserQuotaState buildDefaultUserQuotaState(Configuration
conf, long nowTs) {
QuotaProtos.Throttle.Builder throttleBuilder =
QuotaProtos.Throttle.newBuilder();
buildDefaultTimedQuota(conf, QUOTA_DEFAULT_USER_MACHINE_READ_NUM)
@@ -389,7 +389,7 @@ public class QuotaUtil extends QuotaTableUtil {
buildDefaultTimedQuota(conf, QUOTA_DEFAULT_USER_MACHINE_WRITE_SIZE)
.ifPresent(throttleBuilder::setWriteSize);
-UserQuotaState state = new UserQuotaState();
+UserQuotaState state = new UserQuotaState(nowTs);
QuotaProtos.Quotas defaultQuotas =
QuotaProtos.Quotas.newBuilder().setThrottle(throttleBuilder.build()).build();
state.setQuotas(defaultQuotas);
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/TestQuotaCache.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/TestQuotaCache.java
new file mode 100644
index 000..1c431858291
--- /dev/null
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/TestQuotaCache.java
@@ -0,0 +1,89 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor lice
(hbase) branch branch-3 updated: HBASE-28370 Default user quotas are refreshing too frequently (#5686)
This is an automated email from the ASF dual-hosted git repository.
bbeaudreault pushed a commit to branch branch-3
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-3 by this push:
new 94651e3bd99 HBASE-28370 Default user quotas are refreshing too
frequently (#5686)
94651e3bd99 is described below
commit 94651e3bd997182a7a529ab13ab82959a2af7092
Author: Ray Mattingly
AuthorDate: Mon Feb 19 15:32:00 2024 -0500
HBASE-28370 Default user quotas are refreshing too frequently (#5686)
Signed-off-by: Bryan Beaudreault
---
.../org/apache/hadoop/hbase/quotas/QuotaCache.java | 12 ++-
.../org/apache/hadoop/hbase/quotas/QuotaUtil.java | 6 +-
.../apache/hadoop/hbase/quotas/TestQuotaCache.java | 89 ++
.../hadoop/hbase/quotas/ThrottleQuotaTestUtil.java | 12 +++
4 files changed, 115 insertions(+), 4 deletions(-)
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaCache.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaCache.java
index 67b2aecc544..9b3498ff894 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaCache.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaCache.java
@@ -71,6 +71,8 @@ public class QuotaCache implements Stoppable {
// for testing purpose only, enforce the cache to be always refreshed
static boolean TEST_FORCE_REFRESH = false;
+ // for testing purpose only, block cache refreshes to reliably verify state
+ static boolean TEST_BLOCK_REFRESH = false;
private final ConcurrentMap namespaceQuotaCache = new
ConcurrentHashMap<>();
private final ConcurrentMap tableQuotaCache = new
ConcurrentHashMap<>();
@@ -138,7 +140,7 @@ public class QuotaCache implements Stoppable {
*/
public UserQuotaState getUserQuotaState(final UserGroupInformation ugi) {
return computeIfAbsent(userQuotaCache, getQuotaUserName(ugi),
- () ->
QuotaUtil.buildDefaultUserQuotaState(rsServices.getConfiguration()),
+ () ->
QuotaUtil.buildDefaultUserQuotaState(rsServices.getConfiguration(), 0L),
this::triggerCacheRefresh);
}
@@ -239,6 +241,14 @@ public class QuotaCache implements Stoppable {
@edu.umd.cs.findbugs.annotations.SuppressWarnings(value =
"GC_UNRELATED_TYPES",
justification = "I do not understand why the complaints, it looks good
to me -- FIX")
protected void chore() {
+ while (TEST_BLOCK_REFRESH) {
+LOG.info("TEST_BLOCK_REFRESH=true, so blocking QuotaCache refresh
until it is false");
+try {
+ Thread.sleep(10);
+} catch (InterruptedException e) {
+ throw new RuntimeException(e);
+}
+ }
// Prefetch online tables/namespaces
for (TableName table : ((HRegionServer)
QuotaCache.this.rsServices).getOnlineTables()) {
if (table.isSystemTable()) {
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaUtil.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaUtil.java
index 44357c88d2d..0da1aa66165 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaUtil.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaUtil.java
@@ -334,7 +334,7 @@ public class QuotaUtil extends QuotaTableUtil {
String user = getUserFromRowKey(key);
if (results[i].isEmpty()) {
-userQuotas.put(user,
buildDefaultUserQuotaState(connection.getConfiguration()));
+userQuotas.put(user,
buildDefaultUserQuotaState(connection.getConfiguration(), nowTs));
continue;
}
@@ -374,7 +374,7 @@ public class QuotaUtil extends QuotaTableUtil {
return userQuotas;
}
- protected static UserQuotaState buildDefaultUserQuotaState(Configuration
conf) {
+ protected static UserQuotaState buildDefaultUserQuotaState(Configuration
conf, long nowTs) {
QuotaProtos.Throttle.Builder throttleBuilder =
QuotaProtos.Throttle.newBuilder();
buildDefaultTimedQuota(conf, QUOTA_DEFAULT_USER_MACHINE_READ_NUM)
@@ -390,7 +390,7 @@ public class QuotaUtil extends QuotaTableUtil {
buildDefaultTimedQuota(conf, QUOTA_DEFAULT_USER_MACHINE_WRITE_SIZE)
.ifPresent(throttleBuilder::setWriteSize);
-UserQuotaState state = new UserQuotaState();
+UserQuotaState state = new UserQuotaState(nowTs);
QuotaProtos.Quotas defaultQuotas =
QuotaProtos.Quotas.newBuilder().setThrottle(throttleBuilder.build()).build();
state.setQuotas(defaultQuotas);
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/TestQuotaCache.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/TestQuotaCache.java
new file mode 100644
index 000..89c77f43b35
--- /dev/null
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/TestQuotaCache.java
@@ -0,0 +1,89 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor lice
(hbase) branch master updated: HBASE-28370 Default user quotas are refreshing too frequently (#5686)
This is an automated email from the ASF dual-hosted git repository.
bbeaudreault pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/master by this push:
new 7be588e0d46 HBASE-28370 Default user quotas are refreshing too
frequently (#5686)
7be588e0d46 is described below
commit 7be588e0d46f3ae82d526d9625b926fc8b45bc2d
Author: Ray Mattingly
AuthorDate: Mon Feb 19 15:32:00 2024 -0500
HBASE-28370 Default user quotas are refreshing too frequently (#5686)
Signed-off-by: Bryan Beaudreault
---
.../org/apache/hadoop/hbase/quotas/QuotaCache.java | 12 ++-
.../org/apache/hadoop/hbase/quotas/QuotaUtil.java | 6 +-
.../apache/hadoop/hbase/quotas/TestQuotaCache.java | 89 ++
.../hadoop/hbase/quotas/ThrottleQuotaTestUtil.java | 12 +++
4 files changed, 115 insertions(+), 4 deletions(-)
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaCache.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaCache.java
index 67b2aecc544..9b3498ff894 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaCache.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaCache.java
@@ -71,6 +71,8 @@ public class QuotaCache implements Stoppable {
// for testing purpose only, enforce the cache to be always refreshed
static boolean TEST_FORCE_REFRESH = false;
+ // for testing purpose only, block cache refreshes to reliably verify state
+ static boolean TEST_BLOCK_REFRESH = false;
private final ConcurrentMap namespaceQuotaCache = new
ConcurrentHashMap<>();
private final ConcurrentMap tableQuotaCache = new
ConcurrentHashMap<>();
@@ -138,7 +140,7 @@ public class QuotaCache implements Stoppable {
*/
public UserQuotaState getUserQuotaState(final UserGroupInformation ugi) {
return computeIfAbsent(userQuotaCache, getQuotaUserName(ugi),
- () ->
QuotaUtil.buildDefaultUserQuotaState(rsServices.getConfiguration()),
+ () ->
QuotaUtil.buildDefaultUserQuotaState(rsServices.getConfiguration(), 0L),
this::triggerCacheRefresh);
}
@@ -239,6 +241,14 @@ public class QuotaCache implements Stoppable {
@edu.umd.cs.findbugs.annotations.SuppressWarnings(value =
"GC_UNRELATED_TYPES",
justification = "I do not understand why the complaints, it looks good
to me -- FIX")
protected void chore() {
+ while (TEST_BLOCK_REFRESH) {
+LOG.info("TEST_BLOCK_REFRESH=true, so blocking QuotaCache refresh
until it is false");
+try {
+ Thread.sleep(10);
+} catch (InterruptedException e) {
+ throw new RuntimeException(e);
+}
+ }
// Prefetch online tables/namespaces
for (TableName table : ((HRegionServer)
QuotaCache.this.rsServices).getOnlineTables()) {
if (table.isSystemTable()) {
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaUtil.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaUtil.java
index 44357c88d2d..0da1aa66165 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaUtil.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/QuotaUtil.java
@@ -334,7 +334,7 @@ public class QuotaUtil extends QuotaTableUtil {
String user = getUserFromRowKey(key);
if (results[i].isEmpty()) {
-userQuotas.put(user,
buildDefaultUserQuotaState(connection.getConfiguration()));
+userQuotas.put(user,
buildDefaultUserQuotaState(connection.getConfiguration(), nowTs));
continue;
}
@@ -374,7 +374,7 @@ public class QuotaUtil extends QuotaTableUtil {
return userQuotas;
}
- protected static UserQuotaState buildDefaultUserQuotaState(Configuration
conf) {
+ protected static UserQuotaState buildDefaultUserQuotaState(Configuration
conf, long nowTs) {
QuotaProtos.Throttle.Builder throttleBuilder =
QuotaProtos.Throttle.newBuilder();
buildDefaultTimedQuota(conf, QUOTA_DEFAULT_USER_MACHINE_READ_NUM)
@@ -390,7 +390,7 @@ public class QuotaUtil extends QuotaTableUtil {
buildDefaultTimedQuota(conf, QUOTA_DEFAULT_USER_MACHINE_WRITE_SIZE)
.ifPresent(throttleBuilder::setWriteSize);
-UserQuotaState state = new UserQuotaState();
+UserQuotaState state = new UserQuotaState(nowTs);
QuotaProtos.Quotas defaultQuotas =
QuotaProtos.Quotas.newBuilder().setThrottle(throttleBuilder.build()).build();
state.setQuotas(defaultQuotas);
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/TestQuotaCache.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/TestQuotaCache.java
new file mode 100644
index 000..89c77f43b35
--- /dev/null
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/TestQuotaCache.java
@@ -0,0 +1,89 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license
(hbase) branch branch-3 updated: HBASE-28377 Fallback to simple is broken for blocking rpc client (#5690)
This is an automated email from the ASF dual-hosted git repository.
zhangduo pushed a commit to branch branch-3
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-3 by this push:
new 6377e4c63dc HBASE-28377 Fallback to simple is broken for blocking rpc
client (#5690)
6377e4c63dc is described below
commit 6377e4c63dc6d8d202b68b2fa7a0ccb8f3d26e49
Author: Duo Zhang
AuthorDate: Mon Feb 19 21:36:18 2024 +0800
HBASE-28377 Fallback to simple is broken for blocking rpc client (#5690)
Signed-off-by: Bryan Beaudreault
(cherry picked from commit 7bc07a6563e631a1ae1ec464c619ca0e921d8945)
---
.../hadoop/hbase/ipc/BlockingRpcConnection.java| 1 +
.../hadoop/hbase/security/HBaseSaslRpcClient.java | 8 +-
.../hbase/security/AbstractTestSecureIPC.java | 102 +
3 files changed, 90 insertions(+), 21 deletions(-)
diff --git
a/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
b/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
index 0478000a237..3f1418aa984 100644
---
a/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
+++
b/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
@@ -499,6 +499,7 @@ class BlockingRpcConnection extends RpcConnection
implements Runnable {
// fall back to simple auth because server told us so.
// do not change authMethod and useSasl here, we should start from
secure when
// reconnecting because regionserver may change its sasl config
after restart.
+saslRpcClient = null;
}
}
createStreams(inStream, outStream);
diff --git
a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
index 0394bb0f2a3..ace1c38ab22 100644
---
a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
+++
b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
@@ -32,6 +32,7 @@ import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.io.crypto.aes.CryptoAES;
+import org.apache.hadoop.hbase.ipc.FallbackDisallowedException;
import
org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProvider;
import org.apache.hadoop.io.WritableUtils;
import org.apache.hadoop.ipc.RemoteException;
@@ -107,12 +108,9 @@ public class HBaseSaslRpcClient extends
AbstractHBaseSaslRpcClient {
int len = inStream.readInt();
if (len == SaslUtil.SWITCH_TO_SIMPLE_AUTH) {
if (!fallbackAllowed) {
-throw new IOException("Server asks us to fall back to SIMPLE auth,
"
- + "but this client is configured to only allow secure
connections.");
- }
- if (LOG.isDebugEnabled()) {
-LOG.debug("Server asks us to fall back to simple auth.");
+throw new FallbackDisallowedException();
}
+ LOG.debug("Server asks us to fall back to simple auth.");
dispose();
return false;
}
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/AbstractTestSecureIPC.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/AbstractTestSecureIPC.java
index 26405f4446b..998896c9468 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/AbstractTestSecureIPC.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/AbstractTestSecureIPC.java
@@ -24,17 +24,22 @@ import static
org.apache.hadoop.hbase.security.HBaseKerberosUtils.getPrincipalFo
import static
org.apache.hadoop.hbase.security.HBaseKerberosUtils.loginKerberosPrincipal;
import static
org.apache.hadoop.hbase.security.HBaseKerberosUtils.setSecuredConfiguration;
import static
org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProviders.SELECTOR_KEY;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.either;
+import static org.hamcrest.Matchers.instanceOf;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotSame;
import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertThrows;
import static org.junit.Assert.fail;
+import java.io.EOFException;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.Field;
import java.net.InetAddress;
import java.net.InetSocketAddress;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Map;
@@ -44,12 +49,13 @@ import org.apache.commons.lang3.RandomStringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseTestingUtil;
imp
(hbase) branch branch-2 updated: HBASE-28377 Fallback to simple is broken for blocking rpc client (#5690)
This is an automated email from the ASF dual-hosted git repository.
zhangduo pushed a commit to branch branch-2
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2 by this push:
new adf8d9b7e16 HBASE-28377 Fallback to simple is broken for blocking rpc
client (#5690)
adf8d9b7e16 is described below
commit adf8d9b7e16cabc351e3a81f5e2be10c04cb4bc2
Author: Duo Zhang
AuthorDate: Mon Feb 19 21:36:18 2024 +0800
HBASE-28377 Fallback to simple is broken for blocking rpc client (#5690)
Signed-off-by: Bryan Beaudreault
(cherry picked from commit 7bc07a6563e631a1ae1ec464c619ca0e921d8945)
---
.../hadoop/hbase/ipc/BlockingRpcConnection.java| 1 +
.../hadoop/hbase/security/HBaseSaslRpcClient.java | 8 +-
.../hbase/security/AbstractTestSecureIPC.java | 102 +
3 files changed, 90 insertions(+), 21 deletions(-)
diff --git
a/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
b/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
index 7f0b2a52f6a..e38246b5a69 100644
---
a/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
+++
b/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
@@ -546,6 +546,7 @@ class BlockingRpcConnection extends RpcConnection
implements Runnable {
// fall back to simple auth because server told us so.
// do not change authMethod and useSasl here, we should start from
secure when
// reconnecting because regionserver may change its sasl config
after restart.
+saslRpcClient = null;
}
}
createStreams(inStream, outStream);
diff --git
a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
index 0394bb0f2a3..ace1c38ab22 100644
---
a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
+++
b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
@@ -32,6 +32,7 @@ import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.io.crypto.aes.CryptoAES;
+import org.apache.hadoop.hbase.ipc.FallbackDisallowedException;
import
org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProvider;
import org.apache.hadoop.io.WritableUtils;
import org.apache.hadoop.ipc.RemoteException;
@@ -107,12 +108,9 @@ public class HBaseSaslRpcClient extends
AbstractHBaseSaslRpcClient {
int len = inStream.readInt();
if (len == SaslUtil.SWITCH_TO_SIMPLE_AUTH) {
if (!fallbackAllowed) {
-throw new IOException("Server asks us to fall back to SIMPLE auth,
"
- + "but this client is configured to only allow secure
connections.");
- }
- if (LOG.isDebugEnabled()) {
-LOG.debug("Server asks us to fall back to simple auth.");
+throw new FallbackDisallowedException();
}
+ LOG.debug("Server asks us to fall back to simple auth.");
dispose();
return false;
}
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/AbstractTestSecureIPC.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/AbstractTestSecureIPC.java
index afd0122af73..15a26185f0c 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/AbstractTestSecureIPC.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/AbstractTestSecureIPC.java
@@ -24,17 +24,22 @@ import static
org.apache.hadoop.hbase.security.HBaseKerberosUtils.getPrincipalFo
import static
org.apache.hadoop.hbase.security.HBaseKerberosUtils.loginKerberosPrincipal;
import static
org.apache.hadoop.hbase.security.HBaseKerberosUtils.setSecuredConfiguration;
import static
org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProviders.SELECTOR_KEY;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.either;
+import static org.hamcrest.Matchers.instanceOf;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotSame;
import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertThrows;
import static org.junit.Assert.fail;
+import java.io.EOFException;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.Field;
import java.net.InetAddress;
import java.net.InetSocketAddress;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Map;
@@ -44,12 +49,13 @@ import org.apache.commons.lang3.RandomStringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseTestingUtility;
(hbase) branch branch-2.5 updated: HBASE-28377 Fallback to simple is broken for blocking rpc client (#5690)
This is an automated email from the ASF dual-hosted git repository.
zhangduo pushed a commit to branch branch-2.5
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2.5 by this push:
new 49d015c6702 HBASE-28377 Fallback to simple is broken for blocking rpc
client (#5690)
49d015c6702 is described below
commit 49d015c67028a63485f1fc3bce80a39957a27011
Author: Duo Zhang
AuthorDate: Mon Feb 19 21:36:18 2024 +0800
HBASE-28377 Fallback to simple is broken for blocking rpc client (#5690)
Signed-off-by: Bryan Beaudreault
(cherry picked from commit 7bc07a6563e631a1ae1ec464c619ca0e921d8945)
---
.../hadoop/hbase/ipc/BlockingRpcConnection.java| 1 +
.../hadoop/hbase/security/HBaseSaslRpcClient.java | 8 +-
.../apache/hadoop/hbase/zookeeper/ZKConfig.java| 1 -
.../hadoop/hbase/security/TestSecureIPC.java | 101 +
4 files changed, 89 insertions(+), 22 deletions(-)
diff --git
a/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
b/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
index 87af79f4c8c..ce5bf0d01f6 100644
---
a/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
+++
b/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
@@ -539,6 +539,7 @@ class BlockingRpcConnection extends RpcConnection
implements Runnable {
// fall back to simple auth because server told us so.
// do not change authMethod and useSasl here, we should start from
secure when
// reconnecting because regionserver may change its sasl config
after restart.
+saslRpcClient = null;
}
}
this.in = new DataInputStream(new BufferedInputStream(inStream));
diff --git
a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
index 0394bb0f2a3..ace1c38ab22 100644
---
a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
+++
b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
@@ -32,6 +32,7 @@ import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.io.crypto.aes.CryptoAES;
+import org.apache.hadoop.hbase.ipc.FallbackDisallowedException;
import
org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProvider;
import org.apache.hadoop.io.WritableUtils;
import org.apache.hadoop.ipc.RemoteException;
@@ -107,12 +108,9 @@ public class HBaseSaslRpcClient extends
AbstractHBaseSaslRpcClient {
int len = inStream.readInt();
if (len == SaslUtil.SWITCH_TO_SIMPLE_AUTH) {
if (!fallbackAllowed) {
-throw new IOException("Server asks us to fall back to SIMPLE auth,
"
- + "but this client is configured to only allow secure
connections.");
- }
- if (LOG.isDebugEnabled()) {
-LOG.debug("Server asks us to fall back to simple auth.");
+throw new FallbackDisallowedException();
}
+ LOG.debug("Server asks us to fall back to simple auth.");
dispose();
return false;
}
diff --git
a/hbase-common/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKConfig.java
b/hbase-common/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKConfig.java
index d70fa0178a5..5c24418214b 100644
--- a/hbase-common/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKConfig.java
+++ b/hbase-common/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKConfig.java
@@ -21,7 +21,6 @@ import java.io.IOException;
import java.util.List;
import java.util.Map.Entry;
import java.util.Properties;
-import java.util.Set;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.util.StringUtils;
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestSecureIPC.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestSecureIPC.java
index 67d9803bf29..22f44edc70b 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestSecureIPC.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestSecureIPC.java
@@ -23,17 +23,22 @@ import static
org.apache.hadoop.hbase.security.HBaseKerberosUtils.getKeytabFileF
import static
org.apache.hadoop.hbase.security.HBaseKerberosUtils.getPrincipalForTesting;
import static
org.apache.hadoop.hbase.security.HBaseKerberosUtils.setSecuredConfiguration;
import static
org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProviders.SELECTOR_KEY;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.either;
+import static org.hamcrest.Matchers.ins
(hbase) branch branch-2.4 updated: HBASE-28377 Fallback to simple is broken for blocking rpc client (#5690)
This is an automated email from the ASF dual-hosted git repository.
zhangduo pushed a commit to branch branch-2.4
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2.4 by this push:
new 2b71b56bc09 HBASE-28377 Fallback to simple is broken for blocking rpc
client (#5690)
2b71b56bc09 is described below
commit 2b71b56bc09b7d3fbae6aec3d7ed4cfd9b78e792
Author: Duo Zhang
AuthorDate: Mon Feb 19 23:08:45 2024 +0800
HBASE-28377 Fallback to simple is broken for blocking rpc client (#5690)
Signed-off-by: Bryan Beaudreault
(cherry picked from commit 7bc07a6563e631a1ae1ec464c619ca0e921d8945)
---
.../hadoop/hbase/ipc/BlockingRpcConnection.java| 1 +
.../hadoop/hbase/security/HBaseSaslRpcClient.java | 8 +-
.../hadoop/hbase/security/TestSecureIPC.java | 112 -
3 files changed, 92 insertions(+), 29 deletions(-)
diff --git
a/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
b/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
index 977a969cd47..f291f9185dc 100644
---
a/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
+++
b/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java
@@ -538,6 +538,7 @@ class BlockingRpcConnection extends RpcConnection
implements Runnable {
// fall back to simple auth because server told us so.
// do not change authMethod and useSasl here, we should start from
secure when
// reconnecting because regionserver may change its sasl config
after restart.
+saslRpcClient = null;
}
}
this.in = new DataInputStream(new BufferedInputStream(inStream));
diff --git
a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
index 0394bb0f2a3..ace1c38ab22 100644
---
a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
+++
b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
@@ -32,6 +32,7 @@ import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.io.crypto.aes.CryptoAES;
+import org.apache.hadoop.hbase.ipc.FallbackDisallowedException;
import
org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProvider;
import org.apache.hadoop.io.WritableUtils;
import org.apache.hadoop.ipc.RemoteException;
@@ -107,12 +108,9 @@ public class HBaseSaslRpcClient extends
AbstractHBaseSaslRpcClient {
int len = inStream.readInt();
if (len == SaslUtil.SWITCH_TO_SIMPLE_AUTH) {
if (!fallbackAllowed) {
-throw new IOException("Server asks us to fall back to SIMPLE auth,
"
- + "but this client is configured to only allow secure
connections.");
- }
- if (LOG.isDebugEnabled()) {
-LOG.debug("Server asks us to fall back to simple auth.");
+throw new FallbackDisallowedException();
}
+ LOG.debug("Server asks us to fall back to simple auth.");
dispose();
return false;
}
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestSecureIPC.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestSecureIPC.java
index 4eb0d38d421..746cc88dd69 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestSecureIPC.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestSecureIPC.java
@@ -22,14 +22,20 @@ import static
org.apache.hadoop.hbase.ipc.TestProtobufRpcServiceImpl.newBlocking
import static
org.apache.hadoop.hbase.security.HBaseKerberosUtils.getKeytabFileForTesting;
import static
org.apache.hadoop.hbase.security.HBaseKerberosUtils.getPrincipalForTesting;
import static
org.apache.hadoop.hbase.security.HBaseKerberosUtils.getSecuredConfiguration;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.either;
+import static org.hamcrest.Matchers.instanceOf;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotSame;
import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertThrows;
import static org.junit.Assert.fail;
+import java.io.EOFException;
import java.io.File;
import java.io.IOException;
import java.net.InetSocketAddress;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -42,7 +48,9 @@ import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HConstants;
+import org.apache.hado
(hbase-site) branch asf-site updated: INFRA-10751 Empty commit
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/hbase-site.git The following commit(s) were added to refs/heads/asf-site by this push: new a225412791f INFRA-10751 Empty commit a225412791f is described below commit a225412791f21c0498da1ecc12b6dc4118727f44 Author: jenkins AuthorDate: Mon Feb 19 14:44:04 2024 + INFRA-10751 Empty commit
(hbase) branch master updated (5398b13bab9 -> 7bc07a6563e)
This is an automated email from the ASF dual-hosted git repository. zhangduo pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/hbase.git from 5398b13bab9 HBASE-28238 rpcservice should perform some important admin operation to priority ADMIN_QOS (#5558) add 7bc07a6563e HBASE-28377 Fallback to simple is broken for blocking rpc client (#5690) No new revisions were added by this update. Summary of changes: .../hadoop/hbase/ipc/BlockingRpcConnection.java| 1 + .../hadoop/hbase/security/HBaseSaslRpcClient.java | 8 +- .../hbase/security/AbstractTestSecureIPC.java | 102 + 3 files changed, 90 insertions(+), 21 deletions(-)
