HADOOP-19416. [JDK17] Upgrade JUnit from 4 to 5 in hadoop-kms. (#7637)

hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSACLs.java

@@ -20,28 +20,28 @@ package org.apache.hadoop.crypto.key.kms.server;
 import static org.apache.hadoop.crypto.key.kms.server.KMSConfiguration.*;
 import static org.apache.hadoop.crypto.key.kms.server.KeyAuthorizationKeyProvider.KEY_ACL;
 import static org.apache.hadoop.crypto.key.kms.server.KeyAuthorizationKeyProvider.KeyOpType;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.authorize.AccessControlList;
-import org.junit.Assert;
-import org.junit.Rule;
-import org.junit.rules.Timeout;
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.Timeout;
 
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.HashSet;
 
+@Timeout(180)
 public class TestKMSACLs {
-  @Rule
-  public final Timeout globalTimeout = new Timeout(180000);
-
   @Test
   public void testDefaults() {
     final KMSACLs acls = new KMSACLs(new Configuration(false));
     for (KMSACLs.Type type : KMSACLs.Type.values()) {
-      Assert.assertTrue(acls.hasAccess(type,
+      assertTrue(acls.hasAccess(type,
           UserGroupInformation.createRemoteUser("foo")));
     }
   }
@@ -54,9 +54,9 @@ public class TestKMSACLs {
     }
     final KMSACLs acls = new KMSACLs(conf);
     for (KMSACLs.Type type : KMSACLs.Type.values()) {
-      Assert.assertTrue(acls.hasAccess(type,
+      assertTrue(acls.hasAccess(type,
           UserGroupInformation.createRemoteUser(type.toString())));
-      Assert.assertFalse(acls.hasAccess(type,
+      assertFalse(acls.hasAccess(type,
           UserGroupInformation.createRemoteUser("foo")));
     }
   }
@@ -72,16 +72,16 @@ public class TestKMSACLs {
     conf.set(DEFAULT_KEY_ACL_PREFIX + "ALL", "invalid");
     conf.set(WHITELIST_KEY_ACL_PREFIX + "ALL", "invalid");
     final KMSACLs acls = new KMSACLs(conf);
-    Assert.assertTrue("expected key ACL size is 2 but got "
-        + acls.keyAcls.size(), acls.keyAcls.size() == 2);
-    Assert.assertTrue("expected whitelist ACL size is 1 but got "
-        + acls.whitelistKeyAcls.size(), acls.whitelistKeyAcls.size() == 1);
-    Assert.assertFalse("ALL should not be allowed for whitelist ACLs.",
-        acls.whitelistKeyAcls.containsKey(KeyOpType.ALL));
-    Assert.assertTrue("expected default ACL size is 1 but got "
-        + acls.defaultKeyAcls.size(), acls.defaultKeyAcls.size() == 1);
-    Assert.assertTrue("ALL should not be allowed for default ACLs.",
-        acls.defaultKeyAcls.size() == 1);
+    assertTrue(acls.keyAcls.size() == 2, "expected key ACL size is 2 but got "
+        + acls.keyAcls.size());
+    assertTrue(acls.whitelistKeyAcls.size() == 1, "expected whitelist ACL size is 1 but got "
+        + acls.whitelistKeyAcls.size());
+    assertFalse(acls.whitelistKeyAcls.containsKey(KeyOpType.ALL),
+        "ALL should not be allowed for whitelist ACLs.");
+    assertTrue(acls.defaultKeyAcls.size() == 1, "expected default ACL size is 1 but got "
+        + acls.defaultKeyAcls.size());
+    assertTrue(acls.defaultKeyAcls.size() == 1,
+        "ALL should not be allowed for default ACLs.");
   }
 
   @Test
@@ -98,15 +98,15 @@ public class TestKMSACLs {
     conf.set(WHITELIST_KEY_ACL_PREFIX + "DECRYPT_EEK", "whitelist1");
     conf.set(WHITELIST_KEY_ACL_PREFIX + "DECRYPT_EEK", "*");
     final KMSACLs acls = new KMSACLs(conf);
-    Assert.assertTrue("expected key ACL size is 2 but got "
-        + acls.keyAcls.size(), acls.keyAcls.size() == 2);
+    assertTrue(acls.keyAcls.size() == 2, "expected key ACL size is 2 but got "
+        + acls.keyAcls.size());
     assertKeyAcl("test_key_1", acls, KeyOpType.DECRYPT_EEK, "decrypt2");
     assertKeyAcl("test_key_2", acls, KeyOpType.ALL, "all1", "all3");
     assertDefaultKeyAcl(acls, KeyOpType.MANAGEMENT);
     assertDefaultKeyAcl(acls, KeyOpType.DECRYPT_EEK);
     AccessControlList acl = acls.whitelistKeyAcls.get(KeyOpType.DECRYPT_EEK);
-    Assert.assertNotNull(acl);
-    Assert.assertTrue(acl.isAllAllowed());
+    assertNotNull(acl);
+    assertTrue(acl.isAllAllowed());
   }
 
   @Test
@@ -163,8 +163,8 @@ public class TestKMSACLs {
     conf.set(DEFAULT_KEY_ACL_PREFIX + "DECRYPT_EEK", "*");
     acls.setKeyACLs(conf);
     AccessControlList acl = acls.defaultKeyAcls.get(KeyOpType.DECRYPT_EEK);
-    Assert.assertTrue(acl.isAllAllowed());
-    Assert.assertTrue(acl.getUsers().isEmpty());
+    assertTrue(acl.isAllAllowed());
+    assertTrue(acl.getUsers().isEmpty());
     // everything else should still be the same.
     assertDefaultKeyAcl(acls, KeyOpType.READ, "read2");
     assertDefaultKeyAcl(acls, KeyOpType.MANAGEMENT, "mgmt1", "mgmt2");
@@ -181,10 +181,10 @@ public class TestKMSACLs {
     conf.set(DEFAULT_KEY_ACL_PREFIX + "DECRYPT_EEK", "new");
     acls.setKeyACLs(conf);
     assertDefaultKeyAcl(acls, KeyOpType.DECRYPT_EEK, "new");
-    Assert.assertTrue(acls.keyAcls.isEmpty());
-    Assert.assertTrue(acls.whitelistKeyAcls.isEmpty());
-    Assert.assertEquals("Got unexpected sized acls:"
-        + acls.defaultKeyAcls, 1, acls.defaultKeyAcls.size());
+    assertTrue(acls.keyAcls.isEmpty());
+    assertTrue(acls.whitelistKeyAcls.isEmpty());
+    assertEquals(1, acls.defaultKeyAcls.size(), "Got unexpected sized acls:"
+        + acls.defaultKeyAcls);
   }
 
   private void assertDefaultKeyAcl(final KMSACLs acls, final KeyOpType op,
@@ -201,23 +201,22 @@ public class TestKMSACLs {
 
   private void assertKeyAcl(final String keyName, final KMSACLs acls,
       final KeyOpType op, final String... names) {
-    Assert.assertTrue(acls.keyAcls.containsKey(keyName));
+    assertTrue(acls.keyAcls.containsKey(keyName));
     final HashMap<KeyOpType, AccessControlList> keyacl =
         acls.keyAcls.get(keyName);
-    Assert.assertNotNull(keyacl.get(op));
+    assertNotNull(keyacl.get(op));
     assertAcl(keyacl.get(op), op, names);
   }
 
   private void assertAcl(final AccessControlList acl,
       final KeyOpType op, final String... names) {
-    Assert.assertNotNull(acl);
-    Assert.assertFalse(acl.isAllAllowed());
+    assertNotNull(acl);
+    assertFalse(acl.isAllAllowed());
     final Collection<String> actual = acl.getUsers();
     final HashSet<String> expected = new HashSet<>();
     for (String name : names) {
       expected.add(name);
     }
-    Assert.assertEquals("defaultKeyAcls don't match for op:" + op,
-        expected, actual);
+    assertEquals(expected, actual, "defaultKeyAcls don't match for op:" + op);
   }
 }

hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java

@@ -24,7 +24,6 @@ import java.io.IOException;
 import java.io.OutputStream;
 import java.io.PrintStream;
 import java.util.List;
-import java.util.concurrent.TimeUnit;
 
 import org.apache.commons.lang3.reflect.FieldUtils;
 import org.apache.hadoop.conf.Configuration;
@@ -35,13 +34,16 @@ import org.apache.hadoop.test.GenericTestUtils;
 import org.apache.hadoop.util.ThreadUtil;
 import org.apache.log4j.LogManager;
 import org.apache.log4j.PropertyConfigurator;
-import org.junit.After;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.rules.Timeout;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;;
+import org.junit.jupiter.api.Timeout;
 
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.fail;
+
+@Timeout(180)
 public class TestKMSAudit {
 
   private PrintStream originalOut;
@@ -63,10 +65,7 @@ public class TestKMSAudit {
     }
   }
 
-  @Rule
-  public final Timeout testTimeout = new Timeout(180000L, TimeUnit.MILLISECONDS);
-
-  @Before
+  @BeforeEach
   public void setUp() throws IOException {
     originalOut = System.err;
     memOut = new ByteArrayOutputStream();
@@ -81,7 +80,7 @@ public class TestKMSAudit {
     this.kmsAudit = new KMSAudit(conf);
   }
 
-  @After
+  @AfterEach
   public void cleanUp() {
     System.setErr(originalOut);
     LogManager.resetConfiguration();
@@ -138,7 +137,7 @@ public class TestKMSAudit {
             + "OK\\[op=REENCRYPT_EEK_BATCH, key=k1, user=luser@REALM\\] testmsg"
             + "OK\\[op=REENCRYPT_EEK_BATCH, key=k1, user=luser@REALM\\] "
             + "testmsg");
-    Assert.assertTrue(doesMatch);
+    assertTrue(doesMatch);
   }
 
   @Test
@@ -179,7 +178,7 @@ public class TestKMSAudit {
             + " interval=[^m]{1,4}ms\\] testmsg"
             + "OK\\[op=GENERATE_EEK, key=k3, user=luser@REALM, accessCount=1,"
             + " interval=[^m]{1,4}ms\\] testmsg");
-    Assert.assertTrue(doesMatch);
+    assertTrue(doesMatch);
   }
 
   @Test
@@ -192,7 +191,7 @@ public class TestKMSAudit {
     kmsAudit.unauthenticated("remotehost", "method", "url", "testmsg");
     String out = getAndResetLogOutput();
     System.out.println(out);
-    Assert.assertTrue(out.matches(
+    assertTrue(out.matches(
         "OK\\[op=GENERATE_EEK, key=k4, user=luser@REALM, accessCount=1, "
             + "interval=[^m]{1,4}ms\\] testmsg"
             + "OK\\[op=GENERATE_EEK, user=luser@REALM\\] testmsg"
@@ -211,8 +210,8 @@ public class TestKMSAudit {
     List<KMSAuditLogger> loggers = (List<KMSAuditLogger>) FieldUtils.
         getField(KMSAudit.class, "auditLoggers", true).get(kmsAudit);
 
-    Assert.assertEquals(1, loggers.size());
-    Assert.assertEquals(SimpleKMSAuditLogger.class, loggers.get(0).getClass());
+    assertEquals(1, loggers.size());
+    assertEquals(SimpleKMSAuditLogger.class, loggers.get(0).getClass());
 
     // Explicitly configure the simple logger. Duplicates are ignored.
     final Configuration conf = new Configuration();
@@ -222,15 +221,15 @@ public class TestKMSAudit {
     final KMSAudit audit = new KMSAudit(conf);
     loggers = (List<KMSAuditLogger>) FieldUtils.
         getField(KMSAudit.class, "auditLoggers", true).get(kmsAudit);
-    Assert.assertEquals(1, loggers.size());
-    Assert.assertEquals(SimpleKMSAuditLogger.class, loggers.get(0).getClass());
+    assertEquals(1, loggers.size());
+    assertEquals(SimpleKMSAuditLogger.class, loggers.get(0).getClass());
 
     // If any loggers unable to load, init should fail.
     conf.set(KMSConfiguration.KMS_AUDIT_LOGGER_KEY,
         SimpleKMSAuditLogger.class.getName() + ",unknown");
     try {
       new KMSAudit(conf);
-      Assert.fail("loggers configured but invalid, init should fail.");
+      fail("loggers configured but invalid, init should fail.");
     } catch (Exception ex) {
       GenericTestUtils
           .assertExceptionContains(KMSConfiguration.KMS_AUDIT_LOGGER_KEY, ex);

hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAuthenticationFilter.java

@@ -23,17 +23,18 @@ import org.apache.hadoop.security.token.delegation.web
     .DelegationTokenAuthenticationHandler;
 import org.apache.hadoop.security.token.delegation.web
     .PseudoDelegationTokenAuthenticationHandler;
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
 import java.util.Properties;
 
-import static org.junit.Assert.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
 
 /**
  * Test KMS Authentication Filter.
  */
 public class TestKMSAuthenticationFilter {
 
-  @Test public void testConfiguration() throws Exception {
+  @Test
+  public void testConfiguration() throws Exception {
     Configuration conf = new Configuration();
     conf.set("hadoop.kms.authentication.type", "simple");
 

hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSMDCFilter.java

@@ -17,8 +17,9 @@
  */
 package org.apache.hadoop.crypto.key.kms.server;
 
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNull;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
 import java.io.IOException;
@@ -30,9 +31,8 @@ import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.Mockito;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
 
 /**
  * Test for {@link KMSMDCFilter}.
@@ -48,11 +48,11 @@ public class TestKMSMDCFilter {
   private HttpServletRequest httpRequest;
   private HttpServletResponse httpResponse;
 
-  @Before
+  @BeforeEach
   public void setUp() throws IOException {
     filter = new KMSMDCFilter();
-    httpRequest = Mockito.mock(HttpServletRequest.class);
-    httpResponse = Mockito.mock(HttpServletResponse.class);
+    httpRequest = mock(HttpServletRequest.class);
+    httpResponse = mock(HttpServletResponse.class);
     KMSMDCFilter.setContext(null, null, null, null);
   }
 
@@ -66,10 +66,10 @@ public class TestKMSMDCFilter {
       @Override
       public void doFilter(ServletRequest request, ServletResponse response)
           throws IOException, ServletException {
-        assertEquals("filter.remoteClientAddress", REMOTE_ADDRESS,
-            KMSMDCFilter.getRemoteClientAddress());
-        assertEquals("filter.method", METHOD, KMSMDCFilter.getMethod());
-        assertEquals("filter.url", URL, KMSMDCFilter.getURL());
+        assertEquals(REMOTE_ADDRESS,
+            KMSMDCFilter.getRemoteClientAddress(), "filter.remoteClientAddress");
+        assertEquals(METHOD, KMSMDCFilter.getMethod(), "filter.method");
+        assertEquals(URL, KMSMDCFilter.getURL(), "filter.url");
       }
     };
 
@@ -79,10 +79,10 @@ public class TestKMSMDCFilter {
   }
 
   private void checkMDCValuesAreEmpty() {
-    assertNull("getRemoteClientAddress", KMSMDCFilter.getRemoteClientAddress());
-    assertNull("getMethod", KMSMDCFilter.getMethod());
-    assertNull("getURL", KMSMDCFilter.getURL());
-    assertNull("getUgi", KMSMDCFilter.getUgi());
+    assertNull(KMSMDCFilter.getRemoteClientAddress(), "getRemoteClientAddress");
+    assertNull(KMSMDCFilter.getMethod(), "getMethod");
+    assertNull(KMSMDCFilter.getURL(), "getURL");
+    assertNull(KMSMDCFilter.getUgi(), "getUgi");
   }
 
 }

hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSWithZK.java

@@ -17,6 +17,8 @@
  */
 package org.apache.hadoop.crypto.key.kms.server;
 
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
 import org.apache.curator.test.TestingServer;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.crypto.key.kms.KMSRESTConstants;
@@ -25,8 +27,7 @@ import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
 import org.apache.hadoop.security.authentication.util.ZKSignerSecretProvider;
 import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL;
-import org.junit.Assert;
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
 
 import java.io.File;
 import java.net.HttpURLConnection;
@@ -97,7 +98,7 @@ public class TestKMSWithZK {
         @Override
         public Object run() throws Exception {
           HttpURLConnection conn = aUrl.openConnection(url1, token);
-          Assert.assertEquals(HttpURLConnection.HTTP_OK,
+          assertEquals(HttpURLConnection.HTTP_OK,
               conn.getResponseCode());
           return null;
         }
@@ -107,7 +108,7 @@ public class TestKMSWithZK {
         @Override
         public Object run() throws Exception {
           HttpURLConnection conn = aUrl.openConnection(url2, token);
-          Assert.assertEquals(HttpURLConnection.HTTP_OK,
+          assertEquals(HttpURLConnection.HTTP_OK,
               conn.getResponseCode());
           return null;
         }
@@ -119,7 +120,7 @@ public class TestKMSWithZK {
           final DelegationTokenAuthenticatedURL.Token emptyToken =
               new DelegationTokenAuthenticatedURL.Token();
           HttpURLConnection conn = aUrl.openConnection(url2, emptyToken);
-          Assert.assertEquals(HttpURLConnection.HTTP_FORBIDDEN,
+          assertEquals(HttpURLConnection.HTTP_FORBIDDEN,
               conn.getResponseCode());
           return null;
         }

hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKeyAuthorizationKeyProvider.java

@@ -17,6 +17,9 @@
  */
 package org.apache.hadoop.crypto.key.kms.server;
 
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.fail;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
@@ -37,8 +40,7 @@ import org.apache.hadoop.crypto.key.UserProvider;
 import org.apache.hadoop.crypto.key.kms.server.KeyAuthorizationKeyProvider.KeyACLs;
 import org.apache.hadoop.crypto.key.kms.server.KeyAuthorizationKeyProvider.KeyOpType;
 import org.apache.hadoop.security.UserGroupInformation;
-import org.junit.Assert;
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
 
 public class TestKeyAuthorizationKeyProvider {
 
@@ -66,14 +68,14 @@ public class TestKeyAuthorizationKeyProvider {
               kpExt.createKey("foo", SecureRandom.getSeed(16),
                   newOptions(conf));
             } catch (IOException ioe) {
-              Assert.fail("User should be Authorized !!");
+              fail("User should be Authorized !!");
             }
 
             // "bar" key not configured
             try {
               kpExt.createKey("bar", SecureRandom.getSeed(16),
                   newOptions(conf));
-              Assert.fail("User should NOT be Authorized !!");
+              fail("User should NOT be Authorized !!");
             } catch (IOException ioe) {
               // Ignore
             }
@@ -90,7 +92,7 @@ public class TestKeyAuthorizationKeyProvider {
             try {
               kpExt.createKey("foo", SecureRandom.getSeed(16),
                   newOptions(conf));
-              Assert.fail("User should NOT be Authorized !!");
+              fail("User should NOT be Authorized !!");
             } catch (IOException ioe) {
               // Ignore
             }
@@ -138,17 +140,17 @@ public class TestKeyAuthorizationKeyProvider {
               kpExt.rollNewVersion(kv.getName(), SecureRandom.getSeed(16));
               kpExt.deleteKey(kv.getName());
             } catch (IOException ioe) {
-              Assert.fail("User should be Authorized !!");
+              fail("User should be Authorized !!");
             }
 
             KeyVersion retkv = null;
             try {
               retkv = kpExt.createKey("bar", SecureRandom.getSeed(16), opt);
               kpExt.generateEncryptedKey(retkv.getName());
-              Assert.fail("User should NOT be Authorized to generate EEK !!");
+              fail("User should NOT be Authorized to generate EEK !!");
             } catch (IOException ioe) {
             }
-            Assert.assertNotNull(retkv);
+            assertNotNull(retkv);
             return retkv;
           }
         }
@@ -161,7 +163,7 @@ public class TestKeyAuthorizationKeyProvider {
               public EncryptedKeyVersion run() throws Exception {
                 try {
                   kpExt.deleteKey(barKv.getName());
-                  Assert.fail("User should NOT be Authorized to "
+                  fail("User should NOT be Authorized to "
                       + "perform any other operation !!");
                 } catch (IOException ioe) {
                 }
@@ -175,7 +177,7 @@ public class TestKeyAuthorizationKeyProvider {
           public KeyVersion run() throws Exception {
             try {
               kpExt.deleteKey(barKv.getName());
-              Assert.fail("User should NOT be Authorized to "
+              fail("User should NOT be Authorized to "
                   + "perform any other operation !!");
             } catch (IOException ioe) {
             }
@@ -200,7 +202,7 @@ public class TestKeyAuthorizationKeyProvider {
               kpExt.decryptEncryptedKey(ekv);
               kpExt.deleteKey(kv.getName());
             } catch (IOException ioe) {
-              Assert.fail("User should be Allowed to do everything !!");
+              fail("User should be Allowed to do everything !!");
             }
             return null;
           }
@@ -216,56 +218,55 @@ public class TestKeyAuthorizationKeyProvider {
   }
 
 
-  @Test(expected = IllegalArgumentException.class)
+  @Test
   public void testDecryptWithKeyVersionNameKeyMismatch() throws Exception {
-    final Configuration conf = new Configuration();
-    KeyProvider kp =
-        new UserProvider.Factory().createProvider(new URI("user:///"), conf);
-    KeyACLs mock = mock(KeyACLs.class);
-    when(mock.isACLPresent("testKey", KeyOpType.MANAGEMENT)).thenReturn(true);
-    when(mock.isACLPresent("testKey", KeyOpType.GENERATE_EEK)).thenReturn(true);
-    when(mock.isACLPresent("testKey", KeyOpType.DECRYPT_EEK)).thenReturn(true);
-    when(mock.isACLPresent("testKey", KeyOpType.ALL)).thenReturn(true);
-    UserGroupInformation u1 = UserGroupInformation.createRemoteUser("u1");
-    UserGroupInformation u2 = UserGroupInformation.createRemoteUser("u2");
-    UserGroupInformation u3 = UserGroupInformation.createRemoteUser("u3");
-    UserGroupInformation sudo = UserGroupInformation.createRemoteUser("sudo");
-    when(mock.hasAccessToKey("testKey", u1,
+    assertThrows(IllegalArgumentException.class, () -> {
+      final Configuration conf = new Configuration();
+      KeyProvider kp = new UserProvider.Factory().createProvider(new URI("user:///"), conf);
+      KeyACLs mock = mock(KeyACLs.class);
+      when(mock.isACLPresent("testKey", KeyOpType.MANAGEMENT)).thenReturn(true);
+      when(mock.isACLPresent("testKey", KeyOpType.GENERATE_EEK)).thenReturn(true);
+      when(mock.isACLPresent("testKey", KeyOpType.DECRYPT_EEK)).thenReturn(true);
+      when(mock.isACLPresent("testKey", KeyOpType.ALL)).thenReturn(true);
+      UserGroupInformation u1 = UserGroupInformation.createRemoteUser("u1");
+      UserGroupInformation u2 = UserGroupInformation.createRemoteUser("u2");
+      UserGroupInformation u3 = UserGroupInformation.createRemoteUser("u3");
+      UserGroupInformation sudo = UserGroupInformation.createRemoteUser("sudo");
+      when(mock.hasAccessToKey("testKey", u1,
         KeyOpType.MANAGEMENT)).thenReturn(true);
-    when(mock.hasAccessToKey("testKey", u2,
+      when(mock.hasAccessToKey("testKey", u2,
         KeyOpType.GENERATE_EEK)).thenReturn(true);
-    when(mock.hasAccessToKey("testKey", u3,
+      when(mock.hasAccessToKey("testKey", u3,
         KeyOpType.DECRYPT_EEK)).thenReturn(true);
-    when(mock.hasAccessToKey("testKey", sudo,
+      when(mock.hasAccessToKey("testKey", sudo,
         KeyOpType.ALL)).thenReturn(true);
-    final KeyProviderCryptoExtension kpExt =
-        new KeyAuthorizationKeyProvider(
+      final KeyProviderCryptoExtension kpExt =
+          new KeyAuthorizationKeyProvider(
             KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp),
             mock);
-
-    sudo.doAs(
-        new PrivilegedExceptionAction<Void>() {
-          @Override
-          public Void run() throws Exception {
-            Options opt = newOptions(conf);
-            Map<String, String> m = new HashMap<String, String>();
-            m.put("key.acl.name", "testKey");
-            opt.setAttributes(m);
-            KeyVersion kv =
-                kpExt.createKey("foo", SecureRandom.getSeed(16), opt);
-            kpExt.rollNewVersion(kv.getName());
-            kpExt.rollNewVersion(kv.getName(), SecureRandom.getSeed(16));
-            EncryptedKeyVersion ekv = kpExt.generateEncryptedKey(kv.getName());
-            ekv = EncryptedKeyVersion.createForDecryption(
-                ekv.getEncryptionKeyName() + "x",
-                ekv.getEncryptionKeyVersionName(),
-                ekv.getEncryptedKeyIv(),
-                ekv.getEncryptedKeyVersion().getMaterial());
-            kpExt.decryptEncryptedKey(ekv);
-            return null;
+      sudo.doAs(
+          new PrivilegedExceptionAction<Void>() {
+            @Override
+            public Void run() throws Exception {
+              Options opt = newOptions(conf);
+              Map<String, String> m = new HashMap<String, String>();
+              m.put("key.acl.name", "testKey");
+              opt.setAttributes(m);
+              KeyVersion kv =
+                  kpExt.createKey("foo", SecureRandom.getSeed(16), opt);
+              kpExt.rollNewVersion(kv.getName());
+              kpExt.rollNewVersion(kv.getName(), SecureRandom.getSeed(16));
+              EncryptedKeyVersion ekv = kpExt.generateEncryptedKey(kv.getName());
+              ekv = EncryptedKeyVersion.createForDecryption(
+                  ekv.getEncryptionKeyName() + "x",
+                  ekv.getEncryptionKeyVersionName(),
+                  ekv.getEncryptedKeyIv(),
+                  ekv.getEncryptedKeyVersion().getMaterial());
+              kpExt.decryptEncryptedKey(ekv);
+              return null;
+            }
           }
-        }
-    );
+      );
+    });
   }
-
 }