HADOOP-18074 - Partial/Incomplete groups list can be returned in LDAP… #4503

lmccay · 2022-06-25T18:08:44Z

… groups lookup

Description of PR

LdapGroupsMapping could return a partial list of group names due to encountering a NamingException while acquiring
the RDN for a DN. This was due to not clearing the partially built list which results in the secondary query not being
attempted. This PR clears the partially built list and forces the secondary query to be called.

How was this patch tested?

Existing unit tests were run and a new unit test added to insure that the secondary query is indeed being called.

For code changes:

[X ] Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?
Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation?
If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
If applicable, have you updated the LICENSE, LICENSE-binary, NOTICE-binary files?

… groups lookup

hadoop-yetus · 2022-06-25T21:56:44Z

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 59s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 1 new or modified test files.
			_ trunk Compile Tests _
+1 💚	mvninstall	40m 39s		trunk passed
+1 💚	compile	25m 20s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	compile	21m 50s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	checkstyle	1m 33s		trunk passed
+1 💚	mvnsite	1m 59s		trunk passed
+1 💚	javadoc	1m 34s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	1m 5s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	3m 7s		trunk passed
+1 💚	shadedclient	26m 6s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	1m 5s		the patch passed
+1 💚	compile	24m 23s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javac	24m 23s		the patch passed
+1 💚	compile	21m 46s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	javac	21m 46s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
-0 ⚠️	checkstyle	1m 26s	/results-checkstyle-hadoop-common-project_hadoop-common.txt	hadoop-common-project/hadoop-common: The patch generated 2 new + 9 unchanged - 0 fixed = 11 total (was 9)
+1 💚	mvnsite	1m 58s		the patch passed
+1 💚	javadoc	1m 25s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	1m 6s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	3m 1s		the patch passed
+1 💚	shadedclient	25m 55s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	18m 24s		hadoop-common in the patch passed.
+1 💚	asflicense	1m 15s		The patch does not generate ASF License warnings.
		226m 36s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4503/1/artifact/out/Dockerfile
GITHUB PR	#4503
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell detsecrets
uname	Linux ec3b2f2389a5 4.15.0-175-generic #184-Ubuntu SMP Thu Mar 24 17:48:36 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `918b3c8`
Default Java	Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4503/1/testReport/
Max. process+thread count	3143 (vs. ulimit of 5500)
modules	C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4503/1/console
versions	git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

hadoop-yetus · 2022-06-26T02:40:09Z

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	1m 18s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 1s		codespell was not available.
+0 🆗	detsecrets	0m 1s		detect-secrets was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 1 new or modified test files.
			_ trunk Compile Tests _
+1 💚	mvninstall	42m 44s		trunk passed
+1 💚	compile	30m 54s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	compile	24m 18s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	checkstyle	1m 35s		trunk passed
+1 💚	mvnsite	1m 57s		trunk passed
+1 💚	javadoc	1m 28s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	1m 0s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	3m 10s		trunk passed
+1 💚	shadedclient	27m 31s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	1m 15s		the patch passed
+1 💚	compile	28m 37s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javac	28m 37s		the patch passed
+1 💚	compile	23m 19s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	javac	23m 19s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	checkstyle	1m 31s		the patch passed
+1 💚	mvnsite	2m 2s		the patch passed
+1 💚	javadoc	1m 26s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	1m 8s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	3m 23s		the patch passed
+1 💚	shadedclient	26m 38s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	18m 17s		hadoop-common in the patch passed.
+1 💚	asflicense	1m 21s		The patch does not generate ASF License warnings.
		245m 37s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4503/2/artifact/out/Dockerfile
GITHUB PR	#4503
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell detsecrets
uname	Linux cc4833d79f51 4.15.0-175-generic #184-Ubuntu SMP Thu Mar 24 17:48:36 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `b29ff8a`
Default Java	Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4503/2/testReport/
Max. process+thread count	1253 (vs. ulimit of 5500)
modules	C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4503/2/console
versions	git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

steveloughran · 2022-06-27T10:01:44Z

production code looks good, commented on the tests with my main concern being "mockito test maintenance is painful, so we should help whoever has to do it as much as we can"

+1 pending those changes for merging into trunk/branch-3.3, to see if any surprises happen this week. i will merge it in to the 3.3.4 release next week

steveloughran · 2022-06-27T09:52:44Z

...adoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMappingWithOneQuery.java

    groupsMapping.setConf(conf);
    // Username is arbitrary, since the spy is mocked to respond the same,
    // regardless of input
    List<String> groups = groupsMapping.getGroups("some_user");

    Assert.assertEquals(expectedGroups, groups);
+    Assert.assertFalse(groupsMapping.isSecondaryQueryCalled());


add an error message for the assertion failure

steveloughran · 2022-06-27T09:53:29Z

...adoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMappingWithOneQuery.java

+
+    // expect secondary query to be called: getGroups()
+    Assert.assertTrue(groupsMapping.isSecondaryQueryCalled());


add an error message

...common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java

...adoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMappingWithOneQuery.java

steveloughran · 2022-06-27T09:59:33Z

...adoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMappingWithOneQuery.java

+  }
+
+  class TestLdapGroupsMapping extends LdapGroupsMapping {


nit private final. probably static too, right

hadoop-yetus · 2022-07-02T01:01:31Z

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	1m 26s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 1 new or modified test files.
			_ trunk Compile Tests _
+1 💚	mvninstall	74m 11s		trunk passed
+1 💚	compile	28m 21s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	compile	27m 9s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	checkstyle	1m 27s		trunk passed
+1 💚	mvnsite	1m 58s		trunk passed
+1 💚	javadoc	1m 27s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	0m 59s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	3m 5s		trunk passed
+1 💚	shadedclient	26m 35s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	1m 6s		the patch passed
+1 💚	compile	27m 26s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javac	27m 26s		the patch passed
+1 💚	compile	26m 11s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	javac	26m 11s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	checkstyle	1m 40s		the patch passed
+1 💚	mvnsite	2m 21s		the patch passed
+1 💚	javadoc	1m 47s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	1m 22s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	3m 23s		the patch passed
+1 💚	shadedclient	29m 37s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	19m 15s		hadoop-common in the patch passed.
+1 💚	asflicense	1m 48s		The patch does not generate ASF License warnings.
		283m 46s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4503/3/artifact/out/Dockerfile
GITHUB PR	#4503
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell detsecrets
uname	Linux 64a58778b75d 4.15.0-175-generic #184-Ubuntu SMP Thu Mar 24 17:48:36 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `44e0fef`
Default Java	Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4503/3/testReport/
Max. process+thread count	2538 (vs. ulimit of 5500)
modules	C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4503/3/console
versions	git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

hadoop-yetus · 2022-07-11T01:29:34Z

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	1m 2s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 1s		codespell was not available.
+0 🆗	detsecrets	0m 1s		detect-secrets was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 1 new or modified test files.
			_ trunk Compile Tests _
+1 💚	mvninstall	40m 15s		trunk passed
+1 💚	compile	24m 58s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	compile	21m 49s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	checkstyle	1m 32s		trunk passed
+1 💚	mvnsite	2m 2s		trunk passed
+1 💚	javadoc	1m 35s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	1m 5s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	3m 5s		trunk passed
+1 💚	shadedclient	26m 29s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	1m 6s		the patch passed
+1 💚	compile	24m 29s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javac	24m 29s		the patch passed
+1 💚	compile	21m 45s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	javac	21m 45s		the patch passed
+1 💚	blanks	0m 1s		The patch has no blanks issues.
+1 💚	checkstyle	1m 29s		the patch passed
+1 💚	mvnsite	1m 57s		the patch passed
+1 💚	javadoc	1m 24s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	1m 7s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	3m 4s		the patch passed
+1 💚	shadedclient	25m 47s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	18m 23s		hadoop-common in the patch passed.
+1 💚	asflicense	1m 19s		The patch does not generate ASF License warnings.
		226m 8s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4503/4/artifact/out/Dockerfile
GITHUB PR	#4503
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell detsecrets
uname	Linux 0b078b8e2d46 4.15.0-175-generic #184-Ubuntu SMP Thu Mar 24 17:48:36 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `f6415f0`
Default Java	Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4503/4/testReport/
Max. process+thread count	3143 (vs. ulimit of 5500)
modules	C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4503/4/console
versions	git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

apache#4503)

#4503) Partial/Incomplete groups list can be returned in LDAP groups lookup. Backported in #4550; minor tuning of parameters needed. Contributed by larry mccay

apache#4503) Partial/Incomplete groups list can be returned in LDAP groups lookup. Backported in apache#4550; minor tuning of parameters needed. Contributed by larry mccay Change-Id: I9a9571239ac533680a08de650f84e431e9022c79

#4503) Partial/Incomplete groups list can be returned in LDAP groups lookup. Backported in #4550; minor tuning of parameters needed. Contributed by larry mccay

apache#4503) * HADOOP-18074 - Partial/Incomplete groups list can be returned in LDAP groups lookup

HADOOP-18074 - Partial/Incomplete groups list can be returned in LDAP…

918b3c8

… groups lookup

lmccay requested a review from steveloughran June 25, 2022 18:08

HADOOP-18074 - address checkstyles

b29ff8a

steveloughran requested changes Jun 27, 2022

View reviewed changes

HADOOP-18074 - address review comments

44e0fef

lmccay requested a review from steveloughran July 2, 2022 14:20

HADOOP-18074 - address additional review comment

f6415f0

lmccay merged commit e11ba59 into apache:trunk Jul 11, 2022

lmccay added a commit to lmccay/hadoop that referenced this pull request Jul 11, 2022

HADOOP-18074 - Partial/Incomplete groups list can be returned in LDAP… (

5b62ea4

apache#4503)

lmccay mentioned this pull request Jul 11, 2022

HADOOP-18074 - Partial/Incomplete groups list can be returned in LDAP… #4550

Merged

4 tasks

lmccay deleted the HADOOP-18074 branch July 14, 2022 16:25

steveloughran mentioned this pull request Jul 16, 2022

HADOOP-18074 - Partial/Incomplete groups list can be returned in LDAP. (#4503) #4570

Merged

HarshitGupta11 pushed a commit to HarshitGupta11/hadoop that referenced this pull request Nov 28, 2022

HADOOP-18074 - Partial/Incomplete groups list can be returned in LDAP… (

7de740f

apache#4503) * HADOOP-18074 - Partial/Incomplete groups list can be returned in LDAP groups lookup

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

HADOOP-18074 - Partial/Incomplete groups list can be returned in LDAP… #4503

HADOOP-18074 - Partial/Incomplete groups list can be returned in LDAP… #4503

Uh oh!

lmccay commented Jun 25, 2022 •

edited

Loading

Uh oh!

hadoop-yetus commented Jun 25, 2022

Uh oh!

hadoop-yetus commented Jun 26, 2022

Uh oh!

steveloughran commented Jun 27, 2022

Uh oh!

steveloughran Jun 27, 2022

Uh oh!

steveloughran Jun 27, 2022

Uh oh!

Uh oh!

Uh oh!

steveloughran Jun 27, 2022

Uh oh!

hadoop-yetus commented Jul 2, 2022

Uh oh!

hadoop-yetus commented Jul 11, 2022

Uh oh!

Uh oh!


		// expect secondary query to be called: getGroups()
		Assert.assertTrue(groupsMapping.isSecondaryQueryCalled());

HADOOP-18074 - Partial/Incomplete groups list can be returned in LDAP… #4503

HADOOP-18074 - Partial/Incomplete groups list can be returned in LDAP… #4503

Uh oh!

Conversation

lmccay commented Jun 25, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description of PR

How was this patch tested?

For code changes:

Uh oh!

hadoop-yetus commented Jun 25, 2022

Uh oh!

hadoop-yetus commented Jun 26, 2022

Uh oh!

steveloughran commented Jun 27, 2022

Uh oh!

steveloughran Jun 27, 2022

Choose a reason for hiding this comment

Uh oh!

steveloughran Jun 27, 2022

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

steveloughran Jun 27, 2022

Choose a reason for hiding this comment

Uh oh!

hadoop-yetus commented Jul 2, 2022

Uh oh!

hadoop-yetus commented Jul 11, 2022

Uh oh!

Uh oh!

lmccay commented Jun 25, 2022 •

edited

Loading