001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.ipc;
019
020import static org.apache.hadoop.hbase.ipc.TestProtobufRpcServiceImpl.SERVICE;
021import static org.apache.hadoop.hbase.ipc.TestProtobufRpcServiceImpl.newBlockingStub;
022import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getKeytabFileForTesting;
023import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getPrincipalForTesting;
024import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.loginKerberosPrincipal;
025import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.setSecuredConfiguration;
026import static org.junit.Assert.assertTrue;
027
028import java.io.File;
029import java.net.InetSocketAddress;
030import java.util.Collections;
031import org.apache.hadoop.conf.Configuration;
032import org.apache.hadoop.hbase.HBaseClassTestRule;
033import org.apache.hadoop.hbase.HBaseTestingUtility;
034import org.apache.hadoop.hbase.HConstants;
035import org.apache.hadoop.hbase.security.HBaseKerberosUtils;
036import org.apache.hadoop.hbase.security.SecurityInfo;
037import org.apache.hadoop.hbase.security.User;
038import org.apache.hadoop.hbase.testclassification.MediumTests;
039import org.apache.hadoop.hbase.testclassification.SecurityTests;
040import org.apache.hadoop.minikdc.MiniKdc;
041import org.apache.hadoop.security.UserGroupInformation;
042import org.junit.AfterClass;
043import org.junit.Before;
044import org.junit.BeforeClass;
045import org.junit.ClassRule;
046import org.junit.Test;
047import org.junit.experimental.categories.Category;
048import org.mockito.Mockito;
049
050import org.apache.hbase.thirdparty.com.google.common.collect.Lists;
051
052import org.apache.hadoop.hbase.shaded.ipc.protobuf.generated.TestProtos;
053import org.apache.hadoop.hbase.shaded.ipc.protobuf.generated.TestRpcServiceProtos.TestProtobufRpcProto.BlockingInterface;
054
055@Category({ SecurityTests.class, MediumTests.class })
056public class TestSecurityRpcSentBytesMetrics {
057
058  @ClassRule
059  public static final HBaseClassTestRule CLASS_RULE =
060    HBaseClassTestRule.forClass(TestSecurityRpcSentBytesMetrics.class);
061
062  protected static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
063
064  protected static final File KEYTAB_FILE =
065    new File(TEST_UTIL.getDataTestDir("keytab").toUri().getPath());
066
067  protected static MiniKdc KDC;
068  protected static String HOST = "localhost";
069  protected static String PRINCIPAL;
070
071  protected String krbKeytab;
072  protected String krbPrincipal;
073  protected UserGroupInformation ugi;
074  protected Configuration clientConf;
075  protected Configuration serverConf;
076
077  protected static void initKDCAndConf() throws Exception {
078    KDC = TEST_UTIL.setupMiniKdc(KEYTAB_FILE);
079    PRINCIPAL = "hbase/" + HOST;
080    KDC.createPrincipal(KEYTAB_FILE, PRINCIPAL);
081    HBaseKerberosUtils.setPrincipalForTesting(PRINCIPAL + "@" + KDC.getRealm());
082    // set a smaller timeout and retry to speed up tests
083    TEST_UTIL.getConfiguration().setInt(RpcClient.SOCKET_TIMEOUT_READ, 2000000000);
084    TEST_UTIL.getConfiguration().setInt("hbase.security.relogin.maxretries", 1);
085  }
086
087  protected static void stopKDC() throws InterruptedException {
088    if (KDC != null) {
089      KDC.stop();
090    }
091  }
092
093  protected final void setUpPrincipalAndConf() throws Exception {
094    krbKeytab = getKeytabFileForTesting();
095    krbPrincipal = getPrincipalForTesting();
096    ugi = loginKerberosPrincipal(krbKeytab, krbPrincipal);
097    clientConf = new Configuration(TEST_UTIL.getConfiguration());
098    setSecuredConfiguration(clientConf);
099    serverConf = new Configuration(TEST_UTIL.getConfiguration());
100    setSecuredConfiguration(serverConf);
101  }
102
103  @BeforeClass
104  public static void setUp() throws Exception {
105    initKDCAndConf();
106  }
107
108  @AfterClass
109  public static void tearDown() throws Exception {
110    stopKDC();
111    TEST_UTIL.cleanupTestDir();
112  }
113
114  @Before
115  public void setUpTest() throws Exception {
116    setUpPrincipalAndConf();
117  }
118
119  /**
120   * This test is for HBASE-27924, before this JIRA, bytes sent by
121   * {@link NettyHBaseSaslRpcServerHandler} is ignored by {@link MetricsHBaseServer#sentBytes}.
122   */
123  @Test
124  public void test() throws Exception {
125    SecurityInfo securityInfoMock = Mockito.mock(SecurityInfo.class);
126    Mockito.when(securityInfoMock.getServerPrincipals())
127      .thenReturn(Collections.singletonList(HBaseKerberosUtils.KRB_PRINCIPAL));
128    SecurityInfo.addInfo("TestProtobufRpcProto", securityInfoMock);
129
130    NettyRpcServer rpcServer = new NettyRpcServer(null, getClass().getSimpleName(),
131      Lists.newArrayList(new RpcServer.BlockingServiceAndInterface(SERVICE, null)),
132      new InetSocketAddress(HOST, 0), serverConf, new FifoRpcScheduler(serverConf, 1), true) {
133
134      @Override
135      public void start() {
136        metrics = Mockito.spy(metrics);
137        super.start();
138      }
139    };
140
141    rpcServer.start();
142    try (NettyRpcClient rpcClient =
143      new NettyRpcClient(clientConf, HConstants.DEFAULT_CLUSTER_ID.toString(), null, null)) {
144      BlockingInterface stub = newBlockingStub(rpcClient, rpcServer.getListenerAddress(),
145        User.create(UserGroupInformation.getCurrentUser()));
146
147      String response =
148        stub.echo(null, TestProtos.EchoRequestProto.newBuilder().setMessage("test").build())
149          .getMessage();
150      assertTrue("test".equals(response));
151    } finally {
152      rpcServer.stop();
153    }
154    Mockito.verify(rpcServer.metrics, Mockito.atLeast(2)).sentBytes(Mockito.anyLong());
155  }
156}