Pass auth header to rpc call and fix unit tests to be run

Tom McCormick · Tom McCormick · commit 49a8b721a3a4 · 2025-07-16T14:45:24.000-04:00
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
@@ -1005,6 +1005,7 @@ public static class Call implements Schedulable,
     final byte[] clientId;
     private final Span span; // the trace span on the server side
     private final CallerContext callerContext; // the call context
+    private  final byte[] authHeader; // the auth header
     private boolean deferredResponse = false;
     private int priorityLevel;
     // the priority level assigned by scheduler, 0 by default
@@ -1036,6 +1037,11 @@ public Call(int id, int retryCount, Void ignore1, Void ignore2,
 
     Call(int id, int retryCount, RPC.RpcKind kind, byte[] clientId,
         Span span, CallerContext callerContext) {
+      this(id, retryCount, kind, clientId, span, callerContext, null);
+    }
+
+    Call(int id, int retryCount, RPC.RpcKind kind, byte[] clientId,
+        Span span, CallerContext callerContext, byte[] authHeader) {
       this.callId = id;
       this.retryCount = retryCount;
       this.timestampNanos = Time.monotonicNowNanos();
@@ -1044,6 +1050,7 @@ public Call(int id, int retryCount, Void ignore1, Void ignore2,
       this.clientId = clientId;
       this.span = span;
       this.callerContext = callerContext;
+      this.authHeader = authHeader;
       this.clientStateId = Long.MIN_VALUE;
       this.isCallCoordinated = false;
     }
@@ -1244,7 +1251,14 @@ private class RpcCall extends Call {
     RpcCall(Connection connection, int id, int retryCount,
         Writable param, RPC.RpcKind kind, byte[] clientId,
         Span span, CallerContext context) {
-      super(id, retryCount, kind, clientId, span, context);
+      this(connection, id, retryCount, param, kind, clientId,
+          span, context, new byte[0]);
+    }
+
+    RpcCall(Connection connection, int id, int retryCount,
+        Writable param, RPC.RpcKind kind, byte[] clientId,
+        Span span, CallerContext context, byte[] authHeader) {
+      super(id, retryCount, kind, clientId, span, context, authHeader);
       this.connection = connection;
       this.rpcRequest = param;
     }
@@ -2977,17 +2991,18 @@ private void processRpcRequest(RpcRequestHeaderProto header,
       }
 
       // Set AuthorizationContext for this thread if present
+      byte[] authHeader = null;
       boolean authzSet = false;
       try {
         if (header.hasAuthorizationHeader()) {
-          AuthorizationContext.setCurrentAuthorizationHeader(header.getAuthorizationHeader().toByteArray());
+          authHeader = header.getAuthorizationHeader().toByteArray();
           authzSet = true;
         }
 
         RpcCall call = new RpcCall(this, header.getCallId(),
             header.getRetryCount(), rpcRequest,
             ProtoUtil.convert(header.getRpcKind()),
-            header.getClientId().toByteArray(), span, callerContext);
+            header.getClientId().toByteArray(), span, callerContext, authHeader);
 
         // Save the priority level assignment by the scheduler
         call.setPriorityLevel(callQueue.getPriorityLevel(call));
@@ -3259,6 +3274,7 @@ public void run() {
           }
           // always update the current call context
           CallerContext.setCurrent(call.callerContext);
+          AuthorizationContext.setCurrentAuthorizationHeader(call.authHeader);
           UserGroupInformation remoteUser = call.getRemoteUser();
           connDropped = !call.isOpen();
           if (remoteUser != null) {
diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestAuthorizationContext.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestAuthorizationContext.java
@@ -17,16 +17,16 @@
  */
 package org.apache.hadoop.security;
 
-import org.junit.Assert;
-import org.junit.Test;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
 
 public class TestAuthorizationContext {
 
   @Test
   public void testSetAndGetAuthorizationHeader() {
     byte[] header = "my-auth-header".getBytes();
     AuthorizationContext.setCurrentAuthorizationHeader(header);
-    Assert.assertArrayEquals(header, AuthorizationContext.getCurrentAuthorizationHeader());
+    Assertions.assertArrayEquals(header, AuthorizationContext.getCurrentAuthorizationHeader());
     AuthorizationContext.clear();
   }
 
@@ -35,35 +35,35 @@ public void testClearAuthorizationHeader() {
     byte[] header = "clear-me".getBytes();
     AuthorizationContext.setCurrentAuthorizationHeader(header);
     AuthorizationContext.clear();
-    Assert.assertNull(AuthorizationContext.getCurrentAuthorizationHeader());
+    Assertions.assertNull(AuthorizationContext.getCurrentAuthorizationHeader());
   }
 
   @Test
   public void testThreadLocalIsolation() throws Exception {
     byte[] mainHeader = "main-thread".getBytes();
     AuthorizationContext.setCurrentAuthorizationHeader(mainHeader);
     Thread t = new Thread(() -> {
-      Assert.assertNull(AuthorizationContext.getCurrentAuthorizationHeader());
+      Assertions.assertNull(AuthorizationContext.getCurrentAuthorizationHeader());
       byte[] threadHeader = "other-thread".getBytes();
       AuthorizationContext.setCurrentAuthorizationHeader(threadHeader);
-      Assert.assertArrayEquals(threadHeader, AuthorizationContext.getCurrentAuthorizationHeader());
+      Assertions.assertArrayEquals(threadHeader, AuthorizationContext.getCurrentAuthorizationHeader());
       AuthorizationContext.clear();
-      Assert.assertNull(AuthorizationContext.getCurrentAuthorizationHeader());
+      Assertions.assertNull(AuthorizationContext.getCurrentAuthorizationHeader());
     });
     t.start();
     t.join();
     // Main thread should still have its header
-    Assert.assertArrayEquals(mainHeader, AuthorizationContext.getCurrentAuthorizationHeader());
+    Assertions.assertArrayEquals(mainHeader, AuthorizationContext.getCurrentAuthorizationHeader());
     AuthorizationContext.clear();
   }
 
   @Test
   public void testNullAndEmptyHeader() {
     AuthorizationContext.setCurrentAuthorizationHeader(null);
-    Assert.assertNull(AuthorizationContext.getCurrentAuthorizationHeader());
+    Assertions.assertNull(AuthorizationContext.getCurrentAuthorizationHeader());
     byte[] empty = new byte[0];
     AuthorizationContext.setCurrentAuthorizationHeader(empty);
-    Assert.assertArrayEquals(empty, AuthorizationContext.getCurrentAuthorizationHeader());
+    Assertions.assertArrayEquals(empty, AuthorizationContext.getCurrentAuthorizationHeader());
     AuthorizationContext.clear();
   }
 }
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuthorizationHeaderPropagation.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuthorizationHeaderPropagation.java
@@ -24,16 +24,16 @@
 import org.apache.hadoop.hdfs.HdfsConfiguration;
 import org.apache.hadoop.hdfs.MiniDFSCluster;
 import org.apache.hadoop.security.AuthorizationContext;
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
 
 import java.net.InetAddress;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 
 import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_AUDIT_LOGGERS_KEY;
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertNull;
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
 
 public class TestAuthorizationHeaderPropagation {
 
