HDDS-2228. Fix NPE in OzoneDelegationTokenManager#addPersistedDelegat… (#1571)

xiaoyuyao · web-flow · commit c5665b23ca92 · 2019-10-02T23:09:06.000-07:00
diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java
@@ -84,13 +84,16 @@ public class OzoneDelegationTokenSecretManager
    * milliseconds
    * @param dtRemoverScanInterval how often the tokens are scanned for expired
    * tokens in milliseconds
+   * @param certClient certificate client to SCM CA
    */
   public OzoneDelegationTokenSecretManager(OzoneConfiguration conf,
       long tokenMaxLifetime, long tokenRenewInterval,
       long dtRemoverScanInterval, Text service,
-      S3SecretManager s3SecretManager) throws IOException {
+      S3SecretManager s3SecretManager, CertificateClient certClient)
+      throws IOException {
     super(new SecurityConfig(conf), tokenMaxLifetime, tokenRenewInterval,
         service, LOG);
+    setCertClient(certClient);
     currentTokens = new ConcurrentHashMap();
     this.tokenRemoverScanInterval = dtRemoverScanInterval;
     this.s3SecretManager = (S3SecretManagerImpl) s3SecretManager;
diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretManager.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretManager.java
@@ -70,6 +70,7 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
    * @param tokenRenewInterval how often the tokens must be renewed in
    * milliseconds
    * @param service name of service
+   * @param logger logger for the secret manager
    */
   public OzoneSecretManager(SecurityConfig secureConf, long tokenMaxLifetime,
       long tokenRenewInterval, Text service, Logger logger) {
@@ -188,7 +189,7 @@ public String formatTokenId(T id) {
   public synchronized void start(CertificateClient client)
       throws IOException {
     Preconditions.checkState(!isRunning());
-    this.certClient = client;
+    setCertClient(client);
     updateCurrentKey(new KeyPair(certClient.getPublicKey(),
         certClient.getPrivateKey()));
     setIsRunning(true);
@@ -247,5 +248,9 @@ public AtomicInteger getTokenSequenceNumber() {
   public CertificateClient getCertClient() {
     return certClient;
   }
+
+  public void setCertClient(CertificateClient client) {
+    this.certClient = client;
+  }
 }
 
diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
@@ -627,7 +627,7 @@ private OzoneDelegationTokenSecretManager createDelegationTokenSecretManager(
 
     return new OzoneDelegationTokenSecretManager(conf, tokenMaxLifetime,
         tokenRenewInterval, tokenRemoverScanInterval, omRpcAddressTxt,
-        s3SecretManager);
+        s3SecretManager, certClient);
   }
 
   private OzoneBlockTokenSecretManager createBlockTokenSecretManager(
diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java
@@ -169,19 +169,41 @@ public void testCreateToken() throws Exception {
     validateHash(token.getPassword(), token.getIdentifier());
   }
 
-  @Test
-  public void testRenewTokenSuccess() throws Exception {
+  private void restartSecretManager() throws IOException {
+    secretManager.stop();
+    secretManager = null;
+    secretManager = createSecretManager(conf, tokenMaxLifetime,
+        expiryTime, tokenRemoverScanInterval);
+  }
+
+  private void testRenewTokenSuccessHelper(boolean restartSecretManager)
+      throws Exception {
     secretManager = createSecretManager(conf, tokenMaxLifetime,
         expiryTime, tokenRemoverScanInterval);
     secretManager.start(certificateClient);
     Token<OzoneTokenIdentifier> token = secretManager.createToken(TEST_USER,
         TEST_USER,
         TEST_USER);
     Thread.sleep(10 * 5);
+
+    if (restartSecretManager) {
+      restartSecretManager();
+    }
+
     long renewalTime = secretManager.renewToken(token, TEST_USER.toString());
     Assert.assertTrue(renewalTime > 0);
   }
 
+  @Test
+  public void testReloadAndRenewToken() throws Exception {
+    testRenewTokenSuccessHelper(true);
+  }
+
+  @Test
+  public void testRenewTokenSuccess() throws Exception {
+    testRenewTokenSuccessHelper(false);
+  }
+
   /**
    * Tests failure for mismatch in renewer.
    */
@@ -375,6 +397,7 @@ private void validateHash(byte[] hash, byte[] identifier) throws Exception {
       createSecretManager(OzoneConfiguration config, long tokenMaxLife,
       long expiry, long tokenRemoverScanTime) throws IOException {
     return new OzoneDelegationTokenSecretManager(config, tokenMaxLife,
-        expiry, tokenRemoverScanTime, serviceRpcAdd, s3SecretManager);
+        expiry, tokenRemoverScanTime, serviceRpcAdd, s3SecretManager,
+        certificateClient);
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -627,7 +627,7 @@ private OzoneDelegationTokenSecretManager createDelegationTokenSecretManager(`
`627`	`627`
`628`	`628`	`return new OzoneDelegationTokenSecretManager(conf, tokenMaxLifetime,`
`629`	`629`	`tokenRenewInterval, tokenRemoverScanInterval, omRpcAddressTxt,`
`630`		`- s3SecretManager);`
	`630`	`+ s3SecretManager, certClient);`
`631`	`631`	`}`
`632`	`632`
`633`	`633`	`private OzoneBlockTokenSecretManager createBlockTokenSecretManager(`