HDDS-7055. NPE in ec.reconstruction.TokenHelper (#3630)

commit: 43935253673eaeca5a357878d64baa6e7e4bd016 [log] [tgz]
author: Doroszlai, Attila <6454655+adoroszlai@users.noreply.github.com> Wed Jul 27 20:12:58 2022 +0200
committer: GitHub <noreply@github.com> Wed Jul 27 11:12:58 2022 -0700
tree: 3e6947b948b3f6fc6807578b473cae1a1fd3f0b3
parent: c913760611c8a2ed6679ef2183cf953b12c06776 [diff]
diff --git a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ec/reconstruction/TokenHelper.java b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ec/reconstruction/TokenHelper.java
index 7221709..ace44ba 100644
--- a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ec/reconstruction/TokenHelper.java
+++ b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ec/reconstruction/TokenHelper.java

@@ -58,7 +58,11 @@
     boolean blockTokenEnabled = securityConfig.isBlockTokenEnabled();
     boolean containerTokenEnabled = securityConfig.isContainerTokenEnabled();
 
-    if (blockTokenEnabled || containerTokenEnabled) {
+    // checking certClient != null instead of securityConfig.isSecurityEnabled()
+    // to allow integration test without full kerberos etc. setup
+    boolean securityEnabled = certClient != null;
+
+    if (securityEnabled && (blockTokenEnabled || containerTokenEnabled)) {
       user = UserGroupInformation.getCurrentUser().getShortUserName();
 
       long expiryTime = conf.getTimeDuration(

diff --git a/hadoop-hdds/container-service/src/test/java/org/apache/hadoop/ozone/TestHddsDatanodeService.java b/hadoop-hdds/container-service/src/test/java/org/apache/hadoop/ozone/TestHddsDatanodeService.java
index 730c620..aacc570 100644
--- a/hadoop-hdds/container-service/src/test/java/org/apache/hadoop/ozone/TestHddsDatanodeService.java
+++ b/hadoop-hdds/container-service/src/test/java/org/apache/hadoop/ozone/TestHddsDatanodeService.java

@@ -28,6 +28,10 @@
 import org.apache.hadoop.util.ServicePlugin;
 
 import org.junit.After;
+
+import static org.apache.hadoop.hdds.HddsConfigKeys.HDDS_BLOCK_TOKEN_ENABLED;
+import static org.apache.hadoop.hdds.HddsConfigKeys.HDDS_CONTAINER_TOKEN_ENABLED;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_SECURITY_ENABLED_KEY;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
@@ -51,6 +55,13 @@
     conf.setClass(OzoneConfigKeys.HDDS_DATANODE_PLUGINS_KEY, MockService.class,
         ServicePlugin.class);
 
+    // Tokens only work if security is enabled.  Here we're testing that a
+    // misconfig in unsecure cluster does not prevent datanode from starting up.
+    // see HDDS-7055
+    conf.setBoolean(OZONE_SECURITY_ENABLED_KEY, false);
+    conf.setBoolean(HDDS_BLOCK_TOKEN_ENABLED, true);
+    conf.setBoolean(HDDS_CONTAINER_TOKEN_ENABLED, true);
+
     String volumeDir = testDir + "/disk1";
     conf.set(DFSConfigKeysLegacy.DFS_DATANODE_DATA_DIR_KEY, volumeDir);
   }
commit	43935253673eaeca5a357878d64baa6e7e4bd016	[log] [tgz]
author	Doroszlai, Attila <6454655+adoroszlai@users.noreply.github.com>	Wed Jul 27 20:12:58 2022 +0200
committer	GitHub <noreply@github.com>	Wed Jul 27 11:12:58 2022 -0700
tree	3e6947b948b3f6fc6807578b473cae1a1fd3f0b3
parent	c913760611c8a2ed6679ef2183cf953b12c06776 [diff]