apache
diff --git a/‎exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/SpnegoConfig.java
Lines changed: 3 additions & 3 deletions b/‎exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/SpnegoConfig.java
Lines changed: 3 additions & 3 deletions
diff --git a/‎exec/java-exec/src/test/java/org/apache/drill/exec/rpc/data/TestBitBitKerberos.java
Lines changed: 4 additions & 1 deletion b/‎exec/java-exec/src/test/java/org/apache/drill/exec/rpc/data/TestBitBitKerberos.java
Lines changed: 4 additions & 1 deletion
diff --git a/‎exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestUserBitKerberos.java
Lines changed: 138 additions & 142 deletions b/‎exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestUserBitKerberos.java
Lines changed: 138 additions & 142 deletions
@@ -26,12 +26,12 @@
 
 public class SpnegoConfig {
 
-  private UserGroupInformation loggedInUgi;
+  // Standard Object Identifier for the SPNEGO GSS-API mechanism.
+  public static final String GSS_SPNEGO_MECH_OID = "1.3.6.1.5.5.2";
 
+  private UserGroupInformation loggedInUgi;
   private final String principal;
-
   private final String keytab;
-
   // Optional parameter
   private final String clientNameMapping;
 
 
@@ -117,7 +117,10 @@ public static void setupTest() throws Exception {
     // initialization which causes the tests to fail. So the following two changes are required.
 
     // (1) Refresh Kerberos config.
-    sun.security.krb5.Config.refresh();
+    // This disabled call to an unsupported internal API does not appear to be
+    // required and it prevents compiling with a target of JDK 8 on newer JDKs.
+    // sun.security.krb5.Config.refresh();
+
     // (2) Reset the default realm.
     final Field defaultRealm = KerberosName.class.getDeclaredField("defaultRealm");
     defaultRealm.setAccessible(true);
 
@@ -18,19 +18,19 @@
 package org.apache.drill.exec.rpc.user.security;
 
 import org.apache.drill.shaded.guava.com.google.common.collect.Lists;
-import com.typesafe.config.ConfigValueFactory;
 import org.apache.drill.categories.SecurityTest;
-import org.apache.drill.common.config.DrillConfig;
 import org.apache.drill.common.config.DrillProperties;
 import org.apache.drill.exec.ExecConstants;
+import org.apache.drill.exec.rpc.RpcMetrics;
 import org.apache.drill.exec.rpc.control.ControlRpcMetrics;
 import org.apache.drill.exec.rpc.data.DataRpcMetrics;
 import org.apache.drill.exec.rpc.security.KerberosHelper;
 import org.apache.drill.exec.rpc.user.UserRpcMetrics;
 import org.apache.drill.exec.rpc.user.security.testing.UserAuthenticatorTestImpl;
-import org.apache.drill.test.BaseTestQuery;
-import org.apache.hadoop.security.authentication.util.KerberosName;
-import org.apache.hadoop.security.authentication.util.KerberosUtil;
+import org.apache.drill.test.ClientFixture;
+import org.apache.drill.test.ClusterFixture;
+import org.apache.drill.test.ClusterFixtureBuilder;
+import org.apache.drill.test.ClusterTest;
 import org.apache.kerby.kerberos.kerb.client.JaasKrbUtil;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
@@ -39,175 +39,171 @@
 import org.junit.experimental.categories.Category;
 
 import javax.security.auth.Subject;
-import java.lang.reflect.Field;
 import java.security.PrivilegedExceptionAction;
-import java.util.Properties;
 
-import static junit.framework.TestCase.assertTrue;
+import static junit.framework.TestCase.assertEquals;
 
-@Ignore("See DRILL-5387")
 @Category(SecurityTest.class)
-public class TestUserBitKerberos extends BaseTestQuery {
-  //private static final org.slf4j.Logger logger =org.slf4j.LoggerFactory.getLogger(TestUserBitKerberos.class);
+public class TestUserBitKerberos extends ClusterTest {
 
   private static KerberosHelper krbHelper;
 
   @BeforeClass
   public static void setupTest() throws Exception {
-
     krbHelper = new KerberosHelper(TestUserBitKerberos.class.getSimpleName(), null);
     krbHelper.setupKdc(dirTestWatcher.getTmpDir());
+    cluster = defaultClusterConfig().build();
+  }
 
-    // Create a new DrillConfig which has user authentication enabled and authenticator set to
-    // UserAuthenticatorTestImpl.
-    final DrillConfig newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties())
-      .withValue(ExecConstants.USER_AUTHENTICATION_ENABLED,
-        ConfigValueFactory.fromAnyRef(true))
-      .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL,
-        ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE))
-      .withValue(ExecConstants.SERVICE_PRINCIPAL,
-        ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL))
-      .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION,
-        ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString()))
-      .withValue(ExecConstants.AUTHENTICATION_MECHANISMS,
-        ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))));
-
-    final Properties connectionProps = new Properties();
-    connectionProps.setProperty(DrillProperties.USER, "anonymous");
-    connectionProps.setProperty(DrillProperties.PASSWORD, "anything works!");
-
-    // Ignore the compile time warning caused by the code below.
-
-    // Config is statically initialized at this point. But the above configuration results in a different
-    // initialization which causes the tests to fail. So the following two changes are required.
-
-    // (1) Refresh Kerberos config.
-    sun.security.krb5.Config.refresh();
-    // (2) Reset the default realm.
-    final Field defaultRealm = KerberosName.class.getDeclaredField("defaultRealm");
-    defaultRealm.setAccessible(true);
-    defaultRealm.set(null, KerberosUtil.getDefaultRealm());
-
-    updateTestCluster(1, newConfig, connectionProps);
+  private static ClusterFixtureBuilder defaultClusterConfig() {
+    return ClusterFixture.bareBuilder(dirTestWatcher)
+      .clusterSize(1)
+      .configProperty(ExecConstants.USER_AUTHENTICATION_ENABLED, true)
+      .configProperty(ExecConstants.USER_AUTHENTICATOR_IMPL, UserAuthenticatorTestImpl.TYPE)
+      .configProperty(ExecConstants.SERVICE_PRINCIPAL, krbHelper.SERVER_PRINCIPAL)
+      .configProperty(ExecConstants.SERVICE_KEYTAB_LOCATION, krbHelper.serverKeytab.toString())
+      .configNonStringProperty(ExecConstants.AUTHENTICATION_MECHANISMS, Lists.newArrayList("plain", "kerberos"));
   }
 
   @Test
   public void successKeytab() throws Exception {
-    final Properties connectionProps = new Properties();
-    connectionProps.setProperty(DrillProperties.SERVICE_PRINCIPAL, krbHelper.SERVER_PRINCIPAL);
-    connectionProps.setProperty(DrillProperties.USER, krbHelper.CLIENT_PRINCIPAL);
-    connectionProps.setProperty(DrillProperties.KEYTAB, krbHelper.clientKeytab.getAbsolutePath());
-    updateClient(connectionProps);
-
-    // Run few queries using the new client
-    testBuilder()
+    try (
+      ClientFixture client = cluster.clientBuilder()
+      .property(DrillProperties.SERVICE_PRINCIPAL, krbHelper.SERVER_PRINCIPAL)
+      .property(DrillProperties.USER, krbHelper.CLIENT_PRINCIPAL)
+      .property(DrillProperties.KEYTAB, krbHelper.clientKeytab.getAbsolutePath())
+      .build()
+    ) {
+
+      // Run few queries using the new client
+      client.testBuilder()
         .sqlQuery("SELECT session_user FROM (SELECT * FROM sys.drillbits LIMIT 1)")
         .unOrdered()
         .baselineColumns("session_user")
         .baselineValues(krbHelper.CLIENT_SHORT_NAME)
         .go();
-    test("SHOW SCHEMAS");
-    test("USE INFORMATION_SCHEMA");
-    test("SHOW TABLES");
-    test("SELECT * FROM INFORMATION_SCHEMA.`TABLES` WHERE TABLE_NAME LIKE 'COLUMNS'");
-    test("SELECT * FROM cp.`region.json` LIMIT 5");
+
+      client.runSqlSilently("SHOW SCHEMAS");
+      client.runSqlSilently("USE INFORMATION_SCHEMA");
+      client.runSqlSilently("SHOW TABLES");
+      client.runSqlSilently("SELECT * FROM INFORMATION_SCHEMA.`TABLES` WHERE TABLE_NAME LIKE 'COLUMNS'");
+      client.runSqlSilently("SELECT * FROM cp.`region.json` LIMIT 5");
+    }
   }
 
   @Test
   public void successTicket() throws Exception {
-    final Properties connectionProps = new Properties();
-    connectionProps.setProperty(DrillProperties.SERVICE_PRINCIPAL, krbHelper.SERVER_PRINCIPAL);
-    connectionProps.setProperty(DrillProperties.KERBEROS_FROM_SUBJECT, "true");
-    final Subject clientSubject = JaasKrbUtil.loginUsingKeytab(krbHelper.CLIENT_PRINCIPAL,
-      krbHelper.clientKeytab.getAbsoluteFile());
-
-    Subject.doAs(clientSubject, new PrivilegedExceptionAction<Void>() {
-      @Override
-      public Void run() throws Exception {
-        updateClient(connectionProps);
-        return null;
-      }
-    });
+    Subject clientSubject = JaasKrbUtil.loginUsingKeytab(
+      krbHelper.CLIENT_PRINCIPAL,
+      krbHelper.clientKeytab.getAbsoluteFile()
+    );
+
+    try (
+      ClientFixture client = Subject.doAs(
+        clientSubject,
+        (PrivilegedExceptionAction<ClientFixture>) () -> cluster.clientBuilder()
+          .property(DrillProperties.SERVICE_PRINCIPAL, krbHelper.SERVER_PRINCIPAL)
+          .property(DrillProperties.KERBEROS_FROM_SUBJECT, "true")
+          .build()
+      )
+    ) {
 
     // Run few queries using the new client
-    testBuilder()
-        .sqlQuery("SELECT session_user FROM (SELECT * FROM sys.drillbits LIMIT 1)")
-        .unOrdered()
-        .baselineColumns("session_user")
-        .baselineValues(krbHelper.CLIENT_SHORT_NAME)
-        .go();
-    test("SHOW SCHEMAS");
-    test("USE INFORMATION_SCHEMA");
-    test("SHOW TABLES");
-    test("SELECT * FROM INFORMATION_SCHEMA.`TABLES` WHERE TABLE_NAME LIKE 'COLUMNS'");
-    test("SELECT * FROM cp.`region.json` LIMIT 5");
-  }
+    client.testBuilder()
+      .sqlQuery("SELECT session_user FROM (SELECT * FROM sys.drillbits LIMIT 1)")
+      .unOrdered()
+      .baselineColumns("session_user")
+      .baselineValues(krbHelper.CLIENT_SHORT_NAME)
+      .go();
+
+    client.runSqlSilently("SHOW SCHEMAS");
+    client.runSqlSilently("USE INFORMATION_SCHEMA");
+    client.runSqlSilently("SHOW TABLES");
+    client.runSqlSilently("SELECT * FROM INFORMATION_SCHEMA.`TABLES` WHERE TABLE_NAME LIKE 'COLUMNS'");
+    client.runSqlSilently("SELECT * FROM cp.`region.json` LIMIT 5");
+    }
+   }
 
   @Test
-  public void testUnecryptedConnectionCounter() throws Exception {
-    final Properties connectionProps = new Properties();
-    connectionProps.setProperty(DrillProperties.SERVICE_PRINCIPAL, krbHelper.SERVER_PRINCIPAL);
-    connectionProps.setProperty(DrillProperties.KERBEROS_FROM_SUBJECT, "true");
-    final Subject clientSubject = JaasKrbUtil.loginUsingKeytab(krbHelper.CLIENT_PRINCIPAL,
-        krbHelper.clientKeytab.getAbsoluteFile());
-
-    Subject.doAs(clientSubject, new PrivilegedExceptionAction<Void>() {
-      @Override
-      public Void run() throws Exception {
-        updateClient(connectionProps);
-        return null;
-      }
-    });
-
-    // Run few queries using the new client
-    testBuilder()
-        .sqlQuery("SELECT session_user FROM (SELECT * FROM sys.drillbits LIMIT 1)")
-        .unOrdered()
-        .baselineColumns("session_user")
-        .baselineValues(krbHelper.CLIENT_SHORT_NAME)
-        .go();
-
-    // Check encrypted counters value
-    assertTrue(0 == UserRpcMetrics.getInstance().getEncryptedConnectionCount());
-    assertTrue(0 == ControlRpcMetrics.getInstance().getEncryptedConnectionCount());
-    assertTrue(0 == DataRpcMetrics.getInstance().getEncryptedConnectionCount());
-
-    // Check unencrypted counters value
-    assertTrue(1 == UserRpcMetrics.getInstance().getUnEncryptedConnectionCount());
-    assertTrue(0 == ControlRpcMetrics.getInstance().getUnEncryptedConnectionCount());
-    assertTrue(0 == DataRpcMetrics.getInstance().getUnEncryptedConnectionCount());
+  @Ignore("See DRILL-5387. This test works in isolation but not when sharing counters with other tests")
+  public void testUnencryptedConnectionCounter() throws Exception {
+    Subject clientSubject = JaasKrbUtil.loginUsingKeytab(
+      krbHelper.CLIENT_PRINCIPAL,
+      krbHelper.clientKeytab.getAbsoluteFile()
+    );
+
+    try (
+      // Use a dedicated cluster fixture so that the tested RPC counters have a clean start.
+      ClusterFixture cluster = defaultClusterConfig().build();
+      ClientFixture client = Subject.doAs(
+        clientSubject,
+        (PrivilegedExceptionAction<ClientFixture>) () -> cluster.clientBuilder()
+          .property(DrillProperties.SERVICE_PRINCIPAL, krbHelper.SERVER_PRINCIPAL)
+          .property(DrillProperties.KERBEROS_FROM_SUBJECT, "true")
+          .build()
+      )
+    ) {
+      client.testBuilder()
+          .sqlQuery("SELECT session_user FROM (SELECT * FROM sys.drillbits LIMIT 1)")
+          .unOrdered()
+          .baselineColumns("session_user")
+          .baselineValues(krbHelper.CLIENT_SHORT_NAME)
+          .go();
+
+      RpcMetrics userMetrics = UserRpcMetrics.getInstance(),
+        ctrlMetrics = ControlRpcMetrics.getInstance(),
+        dataMetrics = DataRpcMetrics.getInstance();
+
+      // Check encrypted counters value
+      assertEquals(0, userMetrics.getEncryptedConnectionCount());
+      assertEquals(0, ctrlMetrics.getEncryptedConnectionCount());
+      assertEquals(0, dataMetrics.getEncryptedConnectionCount());
+
+      // Check unencrypted counters value
+      assertEquals(1, userMetrics.getUnEncryptedConnectionCount());
+      assertEquals(0, ctrlMetrics.getUnEncryptedConnectionCount());
+      assertEquals(0, dataMetrics.getUnEncryptedConnectionCount());
+    }
   }
 
   @Test
-  public void testUnecryptedConnectionCounter_LocalControlMessage() throws Exception {
-    final Properties connectionProps = new Properties();
-    connectionProps.setProperty(DrillProperties.SERVICE_PRINCIPAL, krbHelper.SERVER_PRINCIPAL);
-    connectionProps.setProperty(DrillProperties.KERBEROS_FROM_SUBJECT, "true");
-    final Subject clientSubject = JaasKrbUtil.loginUsingKeytab(krbHelper.CLIENT_PRINCIPAL,
-      krbHelper.clientKeytab.getAbsoluteFile());
-
-    Subject.doAs(clientSubject, new PrivilegedExceptionAction<Void>() {
-      @Override
-      public Void run() throws Exception {
-        updateClient(connectionProps);
-        return null;
-      }
-    });
-
-    // Run query on memory system table this sends remote fragments to all Drillbit and Drillbits then send data
-    // using data channel. In this test we have only 1 Drillbit so there should not be any control connection but a
-    // local data connections
-    testSql("SELECT * FROM sys.memory");
-
-    // Check encrypted counters value
-    assertTrue(0 == UserRpcMetrics.getInstance().getEncryptedConnectionCount());
-    assertTrue(0 == ControlRpcMetrics.getInstance().getEncryptedConnectionCount());
-    assertTrue(0 == DataRpcMetrics.getInstance().getEncryptedConnectionCount());
-
-    // Check unencrypted counters value
-    assertTrue(1 == UserRpcMetrics.getInstance().getUnEncryptedConnectionCount());
-    assertTrue(0 == ControlRpcMetrics.getInstance().getUnEncryptedConnectionCount());
-    assertTrue(2 == DataRpcMetrics.getInstance().getUnEncryptedConnectionCount());
+  @Ignore("See DRILL-5387. This test works in isolation but not when sharing counters with other tests")
+  public void testUnencryptedConnectionCounter_LocalControlMessage() throws Exception {
+    Subject clientSubject = JaasKrbUtil.loginUsingKeytab(
+      krbHelper.CLIENT_PRINCIPAL,
+      krbHelper.clientKeytab.getAbsoluteFile()
+    );
+
+    try (
+      // Use a dedicated cluster fixture so that the tested RPC counters have a clean start.
+      ClusterFixture cluster = defaultClusterConfig().build();
+      ClientFixture client = Subject.doAs(
+        clientSubject,
+        (PrivilegedExceptionAction<ClientFixture>) () -> cluster.clientBuilder()
+          .property(DrillProperties.SERVICE_PRINCIPAL, krbHelper.SERVER_PRINCIPAL)
+          .property(DrillProperties.KERBEROS_FROM_SUBJECT, "true")
+          .build()
+      )
+     ) {
+      // Run query on memory system table this sends remote fragments to all Drillbit and Drillbits then send data
+      // using data channel. In this test we have only 1 Drillbit so there should not be any control connection but a
+      // local data connections
+      client.runSqlSilently("SELECT * FROM sys.memory");
+
+      RpcMetrics userMetrics = UserRpcMetrics.getInstance(),
+        ctrlMetrics = ControlRpcMetrics.getInstance(),
+        dataMetrics = DataRpcMetrics.getInstance();
+
+      // Check encrypted counters value
+      assertEquals(0, userMetrics.getEncryptedConnectionCount());
+      assertEquals(0, ctrlMetrics.getEncryptedConnectionCount());
+      assertEquals(0, dataMetrics.getEncryptedConnectionCount());
+
+      // Check unencrypted counters value
+      assertEquals(1, userMetrics.getUnEncryptedConnectionCount());
+      assertEquals(0, ctrlMetrics.getUnEncryptedConnectionCount());
+      assertEquals(2, dataMetrics.getUnEncryptedConnectionCount());
+    }
   }
 
   @AfterClass