HADOOP-12670 Fix TestNetUtils and TestSecurityUtil when localhost is ipv6 only
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/net/NetUtils.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/net/NetUtils.java
index efb772d..f5cb387 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/net/NetUtils.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/net/NetUtils.java
@@ -650,7 +650,7 @@
if (InetAddressUtils.isIPv6Address(hostName)) {
return "[" + hostName + "]:" + addr.getPort();
}
- return hostName + ":" + addr.getPort();
+ return hostName.toLowerCase() + ":" + addr.getPort();
}
/**
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
index 38096ab..86851bc 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
@@ -386,7 +386,7 @@
if (token != null) {
token.setService(service);
if (LOG.isDebugEnabled()) {
- LOG.debug("Acquired token "+token); // Token#toString() prints service
+ LOG.debug("Acquired token " + token); // Token#toString() prints service
}
} else {
LOG.warn("Failed to get token for service "+service);
@@ -400,18 +400,15 @@
* hadoop.security.token.service.use_ip
*/
public static Text buildTokenService(InetSocketAddress addr) {
- String host = null;
if (useIpForTokenService) {
if (addr.isUnresolved()) { // host has no ip address
throw new IllegalArgumentException(
new UnknownHostException(addr.getHostName())
);
}
- host = addr.getAddress().getHostAddress();
- } else {
- host = StringUtils.toLowerCase(addr.getHostName());
+ return new Text(NetUtils.getIPPortString(addr));
}
- return new Text(host + ":" + addr.getPort());
+ return new Text(NetUtils.getHostPortString(addr));
}
/**
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java
index 26cd7ab..88ab5fe 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java
@@ -124,10 +124,10 @@
+ " is not allowed to impersonate " + user.getUserName());
}
- MachineList MachineList = proxyHosts.get(
+ MachineList machineList = proxyHosts.get(
getProxySuperuserIpConfKey(realUser.getShortUserName()));
- if(MachineList == null || !MachineList.includes(remoteAddress)) {
+ if(machineList == null || !machineList.includes(remoteAddress)) {
throw new AuthorizationException("Unauthorized connection for super-user: "
+ realUser.getUserName() + " from IP " + remoteAddress);
}
diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/net/TestNetUtils.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/net/TestNetUtils.java
index ddb1f83..cc9666a 100644
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/net/TestNetUtils.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/net/TestNetUtils.java
@@ -489,13 +489,20 @@
return addr;
}
+
private void
- verifyInetAddress(InetAddress addr, String host, String ip) {
+ verifyInetAddress(InetAddress addr, String host, String... ips) {
assertNotNull(addr);
assertEquals(host, addr.getHostName());
- assertEquals(ip, addr.getHostAddress());
+
+ boolean found = false;
+ for (String ip:ips) {
+ found |= ip.equals(addr.getHostAddress());
+ }
+ assertTrue("Expected addr.getHostAddress["+addr.getHostAddress()+"] to be one of " + StringUtils.join(ips, ","), found);
}
-
+
+
@Test
public void testResolverUnqualified() {
String host = "host";
@@ -525,12 +532,16 @@
}
// localhost
-
+
@Test
public void testResolverLoopback() {
String host = "Localhost";
InetAddress addr = verifyResolve(host); // no lookup should occur
- verifyInetAddress(addr, "Localhost", "127.0.0.1");
+ verifyInetAddress(addr,
+ "Localhost",
+ "127.0.0.1",
+ IPV6_LOOPBACK_LONG_STRING,
+ IPV6_LOOPBACK_SHORT_STRING);
}
@Test
@@ -637,10 +648,14 @@
// when ipaddress is normalized, same address is expected in return
assertEquals(summary, hosts.get(0), normalizedHosts.get(0));
// for normalizing a resolvable hostname, resolved ipaddress is expected in return
+
assertFalse("Element 1 equal "+ summary,
normalizedHosts.get(1).equals(hosts.get(1)));
- assertEquals(summary, hosts.get(0), normalizedHosts.get(1));
- // this address HADOOP-8372: when normalizing a valid resolvable hostname start with numeric,
+ assertTrue("Should get the localhost address back",
+ normalizedHosts.get(1).equals(hosts.get(0)) ||
+ normalizedHosts.get(1).equals(IPV6_LOOPBACK_LONG_STRING));
+ // this address HADOOP-8372: when normalizing a valid resolvable hostname start with numeric,
+
// its ipaddress is expected to return
assertFalse("Element 2 equal " + summary,
normalizedHosts.get(2).equals(hosts.get(2)));
@@ -690,7 +705,9 @@
InetSocketAddress addr = NetUtils.createSocketAddr(defaultAddr);
conf.setSocketAddr("myAddress", addr);
- assertEquals(defaultAddr.trim(), NetUtils.getHostPortString(addr));
+ assertTrue(
+ "Trim should have been called on ipv6 hostname",
+ defaultAddr.trim().equalsIgnoreCase(NetUtils.getHostPortString(addr)));
}
private <T> void assertBetterArrayEquals(T[] expect, T[]got) {
diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java
index b44fa8b..075764b 100644
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java
@@ -431,7 +431,7 @@
public void testProxyWithToken() throws Exception {
final Configuration conf = new Configuration(masterConf);
TestTokenSecretManager sm = new TestTokenSecretManager();
- SecurityUtil.setAuthenticationMethod(AuthenticationMethod.KERBEROS, conf);
+
UserGroupInformation.setConfiguration(conf);
final Server server = new RPC.Builder(conf).setProtocol(TestProtocol.class)
.setInstance(new TestImpl()).setBindAddress(ADDRESS).setPort(0)
@@ -485,7 +485,7 @@
public void testTokenBySuperUser() throws Exception {
TestTokenSecretManager sm = new TestTokenSecretManager();
final Configuration newConf = new Configuration(masterConf);
- SecurityUtil.setAuthenticationMethod(AuthenticationMethod.KERBEROS, newConf);
+
UserGroupInformation.setConfiguration(newConf);
final Server server = new RPC.Builder(newConf)
.setProtocol(TestProtocol.class).setInstance(new TestImpl())
diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java
index 14f9091..8b37bea 100644
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java
@@ -163,15 +163,15 @@
@Test
public void testBuildTokenServiceSockAddr() {
SecurityUtil.setTokenServiceUseIp(true);
- assertEquals("127.0.0.1:123",
- SecurityUtil.buildTokenService(new InetSocketAddress("LocalHost", 123)).toString()
+ assertOneOf(
+ SecurityUtil.buildTokenService(NetUtils.createSocketAddrForHost("LocalHost", 123)).toString(),
+ "127.0.0.1:123",
+ "[0:0:0:0:0:0:0:1]:123"
);
- assertEquals("127.0.0.1:123",
- SecurityUtil.buildTokenService(new InetSocketAddress("127.0.0.1", 123)).toString()
- );
- // what goes in, comes out
- assertEquals("127.0.0.1:123",
- SecurityUtil.buildTokenService(NetUtils.createSocketAddr("127.0.0.1", 123)).toString()
+ assertOneOf(
+ SecurityUtil.buildTokenService(NetUtils.createSocketAddrForHost("127.0.0.1", 123)).toString(),
+ "127.0.0.1:123",
+ "[0:0:0:0:0:0:0:1]:123"
);
}
@@ -394,4 +394,14 @@
SecurityUtil.setAuthenticationMethod(KERBEROS, conf);
assertEquals("kerberos", conf.get(HADOOP_SECURITY_AUTHENTICATION));
}
+
+ private void assertOneOf(String value, String... expected) {
+ boolean found = false;
+ for (String ip : expected) {
+ found |= ip.equals(value);
+ }
+ assertTrue("Expected value [" + value + "] to be one of " +
+ org.apache.commons.lang.StringUtils.join(expected, ","), found);
+ }
+
}
