001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.hbase.ipc; 019 020import static org.apache.hadoop.hbase.ipc.TestProtobufRpcServiceImpl.SERVICE; 021import static org.apache.hadoop.hbase.ipc.TestProtobufRpcServiceImpl.newBlockingStub; 022import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getKeytabFileForTesting; 023import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getPrincipalForTesting; 024import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.loginKerberosPrincipal; 025import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.setSecuredConfiguration; 026import static org.junit.Assert.assertTrue; 027 028import java.io.File; 029import java.net.InetSocketAddress; 030import java.util.Collections; 031import org.apache.hadoop.conf.Configuration; 032import org.apache.hadoop.hbase.HBaseClassTestRule; 033import org.apache.hadoop.hbase.HBaseTestingUtility; 034import org.apache.hadoop.hbase.HConstants; 035import org.apache.hadoop.hbase.security.HBaseKerberosUtils; 036import org.apache.hadoop.hbase.security.SecurityInfo; 037import org.apache.hadoop.hbase.security.User; 038import org.apache.hadoop.hbase.testclassification.MediumTests; 039import org.apache.hadoop.hbase.testclassification.SecurityTests; 040import org.apache.hadoop.minikdc.MiniKdc; 041import org.apache.hadoop.security.UserGroupInformation; 042import org.junit.AfterClass; 043import org.junit.Before; 044import org.junit.BeforeClass; 045import org.junit.ClassRule; 046import org.junit.Test; 047import org.junit.experimental.categories.Category; 048import org.mockito.Mockito; 049 050import org.apache.hbase.thirdparty.com.google.common.collect.Lists; 051 052import org.apache.hadoop.hbase.shaded.ipc.protobuf.generated.TestProtos; 053import org.apache.hadoop.hbase.shaded.ipc.protobuf.generated.TestRpcServiceProtos.TestProtobufRpcProto.BlockingInterface; 054 055@Category({ SecurityTests.class, MediumTests.class }) 056public class TestSecurityRpcSentBytesMetrics { 057 058 @ClassRule 059 public static final HBaseClassTestRule CLASS_RULE = 060 HBaseClassTestRule.forClass(TestSecurityRpcSentBytesMetrics.class); 061 062 protected static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility(); 063 064 protected static final File KEYTAB_FILE = 065 new File(TEST_UTIL.getDataTestDir("keytab").toUri().getPath()); 066 067 protected static MiniKdc KDC; 068 protected static String HOST = "localhost"; 069 protected static String PRINCIPAL; 070 071 protected String krbKeytab; 072 protected String krbPrincipal; 073 protected UserGroupInformation ugi; 074 protected Configuration clientConf; 075 protected Configuration serverConf; 076 077 protected static void initKDCAndConf() throws Exception { 078 KDC = TEST_UTIL.setupMiniKdc(KEYTAB_FILE); 079 PRINCIPAL = "hbase/" + HOST; 080 KDC.createPrincipal(KEYTAB_FILE, PRINCIPAL); 081 HBaseKerberosUtils.setPrincipalForTesting(PRINCIPAL + "@" + KDC.getRealm()); 082 // set a smaller timeout and retry to speed up tests 083 TEST_UTIL.getConfiguration().setInt(RpcClient.SOCKET_TIMEOUT_READ, 2000000000); 084 TEST_UTIL.getConfiguration().setInt("hbase.security.relogin.maxretries", 1); 085 } 086 087 protected static void stopKDC() throws InterruptedException { 088 if (KDC != null) { 089 KDC.stop(); 090 } 091 } 092 093 protected final void setUpPrincipalAndConf() throws Exception { 094 krbKeytab = getKeytabFileForTesting(); 095 krbPrincipal = getPrincipalForTesting(); 096 ugi = loginKerberosPrincipal(krbKeytab, krbPrincipal); 097 clientConf = new Configuration(TEST_UTIL.getConfiguration()); 098 setSecuredConfiguration(clientConf); 099 serverConf = new Configuration(TEST_UTIL.getConfiguration()); 100 setSecuredConfiguration(serverConf); 101 } 102 103 @BeforeClass 104 public static void setUp() throws Exception { 105 initKDCAndConf(); 106 } 107 108 @AfterClass 109 public static void tearDown() throws Exception { 110 stopKDC(); 111 TEST_UTIL.cleanupTestDir(); 112 } 113 114 @Before 115 public void setUpTest() throws Exception { 116 setUpPrincipalAndConf(); 117 } 118 119 /** 120 * This test is for HBASE-27924, before this JIRA, bytes sent by 121 * {@link NettyHBaseSaslRpcServerHandler} is ignored by {@link MetricsHBaseServer#sentBytes}. 122 */ 123 @Test 124 public void test() throws Exception { 125 SecurityInfo securityInfoMock = Mockito.mock(SecurityInfo.class); 126 Mockito.when(securityInfoMock.getServerPrincipals()) 127 .thenReturn(Collections.singletonList(HBaseKerberosUtils.KRB_PRINCIPAL)); 128 SecurityInfo.addInfo("TestProtobufRpcProto", securityInfoMock); 129 130 NettyRpcServer rpcServer = new NettyRpcServer(null, getClass().getSimpleName(), 131 Lists.newArrayList(new RpcServer.BlockingServiceAndInterface(SERVICE, null)), 132 new InetSocketAddress(HOST, 0), serverConf, new FifoRpcScheduler(serverConf, 1), true) { 133 134 @Override 135 public void start() { 136 metrics = Mockito.spy(metrics); 137 super.start(); 138 } 139 }; 140 141 rpcServer.start(); 142 try (NettyRpcClient rpcClient = 143 new NettyRpcClient(clientConf, HConstants.DEFAULT_CLUSTER_ID.toString(), null, null)) { 144 BlockingInterface stub = newBlockingStub(rpcClient, rpcServer.getListenerAddress(), 145 User.create(UserGroupInformation.getCurrentUser())); 146 147 String response = 148 stub.echo(null, TestProtos.EchoRequestProto.newBuilder().setMessage("test").build()) 149 .getMessage(); 150 assertTrue("test".equals(response)); 151 } finally { 152 rpcServer.stop(); 153 } 154 Mockito.verify(rpcServer.metrics, Mockito.atLeast(2)).sentBytes(Mockito.anyLong()); 155 } 156}