goiri commented on code in PR #5921:
URL: https://github.com/apache/hadoop/pull/5921#discussion_r1295084050
##########
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/TestDelegationToken.java:
##########
@@ -376,4 +382,61 @@ public void testDelegationTokenIdentifierToString() throws
Exception {
" for SomeUser with renewer JobTracker",
dtId.toStringStable());
}
+
+ public static class MyDelegationTokenSecretManager extends
+ AbstractDelegationTokenSecretManager<DelegationTokenIdentifier> {
+ /**
+ * Create a secret manager
+ *
+ * @param delegationKeyUpdateInterval the number of milliseconds
for rolling
+ * new secret keys.
+ * @param delegationTokenMaxLifetime the maximum lifetime of the
delegation
+ * tokens in milliseconds
+ * @param delegationTokenRenewInterval how often the tokens must be
renewed
+ * in milliseconds
+ * @param delegationTokenRemoverScanInterval how often the tokens are
scanned
+ * for expired tokens in
milliseconds
+ */
+ public MyDelegationTokenSecretManager(long delegationKeyUpdateInterval,
+ long delegationTokenMaxLifetime, long delegationTokenRenewInterval,
+ long delegationTokenRemoverScanInterval) {
+ super(delegationKeyUpdateInterval,
+ delegationTokenMaxLifetime,
+ delegationTokenRenewInterval,
+ delegationTokenRemoverScanInterval);
+ }
+
+ @Override
+ public DelegationTokenIdentifier createIdentifier() {
+ return null;
+ }
+
+ @Override
+ public void logExpireTokens(Collection<DelegationTokenIdentifier>
expiredTokens) throws IOException {
+ super.logExpireTokens(expiredTokens);
+ }
+ }
+
+ @Test
+ public void testLogExpireTokensWhenChangeRules() {
+ MyDelegationTokenSecretManager myDtSecretManager =
+ new MyDelegationTokenSecretManager(10 * 1000, 10 * 1000, 10 * 1000, 10
* 1000);
+ setRules("RULE:[2:$1@$0](SomeUser.*)s/.*/SomeUser/");
+ DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(
+ new Text("SomeUser/[email protected]"),
+ new Text("SomeUser/[email protected]"),
+ new Text("SomeUser/[email protected]"));
+ Set<DelegationTokenIdentifier> expiredTokens = new HashSet();
+ expiredTokens.add(dtId);
+
+ setRules("RULE:[2:$1@$0](OtherUser.*)s/.*/OtherUser/");
+ // rules was modified, causing the existing tokens (May be loaded from
other storage systems like zookeeper)
+ // to fail to match the kerberos rules,
+ // return an exception that cannot be handled
+ try {
+ myDtSecretManager.logExpireTokens(expiredTokens);
+ } catch (Exception e) {
+ Assert.fail("Exception in logExpireTokens");
Review Comment:
But for the unit test, you can just do:
```
public void testLogExpireTokensWhenChangeRules() {
...
setRules("RULE:[2:$1@$0](SomeUser.*)s/.*/SomeUser/");
...
setRules("RULE:[2:$1@$0](OtherUser.*)s/.*/OtherUser/");
myDtSecretManager.logExpireTokens(expiredTokens);
}
```
No need to catch the exception, just let it surface.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
