HDDS-7055. NPE in ec.reconstruction.TokenHelper (#3630)
diff --git a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ec/reconstruction/TokenHelper.java b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ec/reconstruction/TokenHelper.java
index 7221709..ace44ba 100644
--- a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ec/reconstruction/TokenHelper.java
+++ b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ec/reconstruction/TokenHelper.java
@@ -58,7 +58,11 @@
boolean blockTokenEnabled = securityConfig.isBlockTokenEnabled();
boolean containerTokenEnabled = securityConfig.isContainerTokenEnabled();
- if (blockTokenEnabled || containerTokenEnabled) {
+ // checking certClient != null instead of securityConfig.isSecurityEnabled()
+ // to allow integration test without full kerberos etc. setup
+ boolean securityEnabled = certClient != null;
+
+ if (securityEnabled && (blockTokenEnabled || containerTokenEnabled)) {
user = UserGroupInformation.getCurrentUser().getShortUserName();
long expiryTime = conf.getTimeDuration(
diff --git a/hadoop-hdds/container-service/src/test/java/org/apache/hadoop/ozone/TestHddsDatanodeService.java b/hadoop-hdds/container-service/src/test/java/org/apache/hadoop/ozone/TestHddsDatanodeService.java
index 730c620..aacc570 100644
--- a/hadoop-hdds/container-service/src/test/java/org/apache/hadoop/ozone/TestHddsDatanodeService.java
+++ b/hadoop-hdds/container-service/src/test/java/org/apache/hadoop/ozone/TestHddsDatanodeService.java
@@ -28,6 +28,10 @@
import org.apache.hadoop.util.ServicePlugin;
import org.junit.After;
+
+import static org.apache.hadoop.hdds.HddsConfigKeys.HDDS_BLOCK_TOKEN_ENABLED;
+import static org.apache.hadoop.hdds.HddsConfigKeys.HDDS_CONTAINER_TOKEN_ENABLED;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_SECURITY_ENABLED_KEY;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
@@ -51,6 +55,13 @@
conf.setClass(OzoneConfigKeys.HDDS_DATANODE_PLUGINS_KEY, MockService.class,
ServicePlugin.class);
+ // Tokens only work if security is enabled. Here we're testing that a
+ // misconfig in unsecure cluster does not prevent datanode from starting up.
+ // see HDDS-7055
+ conf.setBoolean(OZONE_SECURITY_ENABLED_KEY, false);
+ conf.setBoolean(HDDS_BLOCK_TOKEN_ENABLED, true);
+ conf.setBoolean(HDDS_CONTAINER_TOKEN_ENABLED, true);
+
String volumeDir = testDir + "/disk1";
conf.set(DFSConfigKeysLegacy.DFS_DATANODE_DATA_DIR_KEY, volumeDir);
}