You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by sz...@apache.org on 2014/02/18 21:42:28 UTC
svn commit: r1569524 - in
/hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common: ./
src/main/java/ src/main/java/org/apache/hadoop/fs/
src/main/java/org/apache/hadoop/http/ src/main/java/org/apache/hadoop/ipc/
src/main/java/org/apache/h...
Author: szetszwo
Date: Tue Feb 18 20:42:26 2014
New Revision: 1569524
URL: http://svn.apache.org/r1569524
Log:
Merge r1555021 through r1569522 from trunk.
Modified:
hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/CHANGES.txt (contents, props changed)
hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/ (props changed)
hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpConfig.java
hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/Token.java
hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FSMainOperationsBaseTest.java
hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FileContextTestHelper.java
hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FileSystemTestHelper.java
hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGIWithSecurityOn.java
hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
Modified: hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1569524&r1=1569523&r2=1569524&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/CHANGES.txt (original)
+++ hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/CHANGES.txt Tue Feb 18 20:42:26 2014
@@ -118,6 +118,9 @@ Trunk (Unreleased)
HADOOP-10325. Improve jenkins javadoc warnings from test-patch.sh (cmccabe)
+ HADOOP-10342. Add a new method to UGI to use a Kerberos login subject to
+ build a new UGI. (Larry McCay via omalley)
+
BUG FIXES
HADOOP-9451. Fault single-layer config if node group topology is enabled.
@@ -298,6 +301,18 @@ Trunk (Unreleased)
HADOOP-8589. ViewFs tests fail when tests and home dirs are nested (sanjay Radia)
+Release 2.5.0 - UNRELEASED
+
+ INCOMPATIBLE CHANGES
+
+ NEW FEATURES
+
+ IMPROVEMENTS
+
+ OPTIMIZATIONS
+
+ BUG FIXES
+
Release 2.4.0 - UNRELEASED
INCOMPATIBLE CHANGES
@@ -342,6 +357,8 @@ Release 2.4.0 - UNRELEASED
HADOOP-10249. LdapGroupsMapping should trim ldap password read from file.
(Dilli Armugam via suresh)
+ HADOOP-10346. Deadlock while logging tokens (jlowe)
+
Release 2.3.1 - UNRELEASED
INCOMPATIBLE CHANGES
Propchange: hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/CHANGES.txt
------------------------------------------------------------------------------
Merged /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt:r1568421-1569522
Propchange: hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/
------------------------------------------------------------------------------
Merged /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java:r1568421-1569522
Modified: hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java?rev=1569524&r1=1569523&r2=1569524&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java (original)
+++ hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java Tue Feb 18 20:42:26 2014
@@ -279,7 +279,10 @@ public class CommonConfigurationKeysPubl
60;
// HTTP policies to be used in configuration
+ // Use HttpPolicy.name() instead
+ @Deprecated
public static final String HTTP_POLICY_HTTP_ONLY = "HTTP_ONLY";
+ @Deprecated
public static final String HTTP_POLICY_HTTPS_ONLY = "HTTPS_ONLY";
}
Modified: hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpConfig.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpConfig.java?rev=1569524&r1=1569523&r2=1569524&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpConfig.java (original)
+++ hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpConfig.java Tue Feb 18 20:42:26 2014
@@ -28,7 +28,6 @@ import org.apache.hadoop.fs.CommonConfig
@InterfaceAudience.Private
@InterfaceStability.Unstable
public class HttpConfig {
- private static Policy policy;
public enum Policy {
HTTP_ONLY,
HTTPS_ONLY,
@@ -52,28 +51,4 @@ public class HttpConfig {
return this == HTTPS_ONLY || this == HTTP_AND_HTTPS;
}
}
-
- static {
- Configuration conf = new Configuration();
- boolean sslEnabled = conf.getBoolean(
- CommonConfigurationKeysPublic.HADOOP_SSL_ENABLED_KEY,
- CommonConfigurationKeysPublic.HADOOP_SSL_ENABLED_DEFAULT);
- policy = sslEnabled ? Policy.HTTPS_ONLY : Policy.HTTP_ONLY;
- }
-
- public static void setPolicy(Policy policy) {
- HttpConfig.policy = policy;
- }
-
- public static boolean isSecure() {
- return policy == Policy.HTTPS_ONLY;
- }
-
- public static String getSchemePrefix() {
- return (isSecure()) ? "https://" : "http://";
- }
-
- public static String getScheme(Policy policy) {
- return policy == Policy.HTTPS_ONLY ? "https://" : "http://";
- }
}
Modified: hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java?rev=1569524&r1=1569523&r2=1569524&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java (original)
+++ hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java Tue Feb 18 20:42:26 2014
@@ -649,7 +649,7 @@ public class Client {
// try re-login
if (UserGroupInformation.isLoginKeytabBased()) {
UserGroupInformation.getLoginUser().reloginFromKeytab();
- } else {
+ } else if (UserGroupInformation.isLoginTicketBased()) {
UserGroupInformation.getLoginUser().reloginFromTicketCache();
}
// have granularity of milliseconds
Modified: hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java?rev=1569524&r1=1569523&r2=1569524&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java (original)
+++ hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java Tue Feb 18 20:42:26 2014
@@ -703,6 +703,35 @@ public class UserGroupInformation {
}
/**
+ * Create a UserGroupInformation from a Subject with Kerberos principal.
+ *
+ * @param user The KerberosPrincipal to use in UGI
+ *
+ * @throws IOException if the kerberos login fails
+ */
+ public static UserGroupInformation getUGIFromSubject(Subject subject)
+ throws IOException {
+ if (subject == null) {
+ throw new IOException("Subject must not be null");
+ }
+
+ if (subject.getPrincipals(KerberosPrincipal.class).isEmpty()) {
+ throw new IOException("Provided Subject must contain a KerberosPrincipal");
+ }
+
+ KerberosPrincipal principal =
+ subject.getPrincipals(KerberosPrincipal.class).iterator().next();
+
+ User ugiUser = new User(principal.getName(),
+ AuthenticationMethod.KERBEROS, null);
+ subject.getPrincipals().add(ugiUser);
+ UserGroupInformation ugi = new UserGroupInformation(subject);
+ ugi.setLogin(null);
+ ugi.setAuthenticationMethod(AuthenticationMethod.KERBEROS);
+ return ugi;
+ }
+
+ /**
* Get the currently logged in user.
* @return the logged in user
* @throws IOException if login fails
@@ -1102,6 +1131,14 @@ public class UserGroupInformation {
}
/**
+ * Did the login happen via ticket cache
+ * @return true or false
+ */
+ public static boolean isLoginTicketBased() throws IOException {
+ return getLoginUser().isKrbTkt;
+ }
+
+ /**
* Create a user from a login name. It is intended to be used for remote
* users in RPC, since it won't have any credentials.
* @param user the full user principal name, must not be empty or null
@@ -1619,5 +1656,4 @@ public class UserGroupInformation {
System.out.println("Keytab " + loginUser.isKeytab);
}
}
-
}
Modified: hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/Token.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/Token.java?rev=1569524&r1=1569523&r2=1569524&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/Token.java (original)
+++ hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/Token.java Tue Feb 18 20:42:26 2014
@@ -105,18 +105,21 @@ public class Token<T extends TokenIdenti
return identifier;
}
- private static synchronized Class<? extends TokenIdentifier>
+ private static Class<? extends TokenIdentifier>
getClassForIdentifier(Text kind) {
- if (tokenKindMap == null) {
- tokenKindMap = Maps.newHashMap();
- for (TokenIdentifier id : ServiceLoader.load(TokenIdentifier.class)) {
- tokenKindMap.put(id.getKind(), id.getClass());
+ Class<? extends TokenIdentifier> cls = null;
+ synchronized (Token.class) {
+ if (tokenKindMap == null) {
+ tokenKindMap = Maps.newHashMap();
+ for (TokenIdentifier id : ServiceLoader.load(TokenIdentifier.class)) {
+ tokenKindMap.put(id.getKind(), id.getClass());
+ }
}
+ cls = tokenKindMap.get(kind);
}
- Class<? extends TokenIdentifier> cls = tokenKindMap.get(kind);
if (cls == null) {
LOG.warn("Cannot find class for token kind " + kind);
- return null;
+ return null;
}
return cls;
}
Modified: hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FSMainOperationsBaseTest.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FSMainOperationsBaseTest.java?rev=1569524&r1=1569523&r2=1569524&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FSMainOperationsBaseTest.java (original)
+++ hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FSMainOperationsBaseTest.java Tue Feb 18 20:42:26 2014
@@ -90,10 +90,6 @@ public abstract class FSMainOperationsBa
public FSMainOperationsBaseTest() {
}
- public FSMainOperationsBaseTest(String testRootDir) {
- super(testRootDir);
- }
-
@Before
public void setUp() throws Exception {
fSys = createFileSystem();
Modified: hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FileContextTestHelper.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FileContextTestHelper.java?rev=1569524&r1=1569523&r2=1569524&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FileContextTestHelper.java (original)
+++ hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FileContextTestHelper.java Tue Feb 18 20:42:26 2014
@@ -49,7 +49,7 @@ public final class FileContextTestHelper
/**
* Create a context with the given test root
*/
- public FileContextTestHelper(String testRootDir) {
+ private FileContextTestHelper(String testRootDir) {
this.testRootDir = testRootDir;
}
Modified: hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FileSystemTestHelper.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FileSystemTestHelper.java?rev=1569524&r1=1569523&r2=1569524&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FileSystemTestHelper.java (original)
+++ hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FileSystemTestHelper.java Tue Feb 18 20:42:26 2014
@@ -52,7 +52,7 @@ public class FileSystemTestHelper {
/**
* Create helper with the specified test root dir
*/
- public FileSystemTestHelper(String testRootDir) {
+ private FileSystemTestHelper(String testRootDir) {
this.testRootDir = testRootDir;
}
Modified: hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGIWithSecurityOn.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGIWithSecurityOn.java?rev=1569524&r1=1569523&r2=1569524&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGIWithSecurityOn.java (original)
+++ hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGIWithSecurityOn.java Tue Feb 18 20:42:26 2014
@@ -17,8 +17,14 @@
package org.apache.hadoop.security;
import java.io.IOException;
+import java.security.PrivilegedAction;
+import java.util.Set;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
import junit.framework.Assert;
+import static org.junit.Assert.*;
+
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
@@ -72,4 +78,40 @@ public class TestUGIWithSecurityOn {
ex.printStackTrace();
}
}
+
+ @Test
+ public void testGetUGIFromKerberosSubject() throws IOException {
+ String user1keyTabFilepath = System.getProperty("kdc.resource.dir")
+ + "/keytabs/user1.keytab";
+
+ UserGroupInformation ugi = UserGroupInformation
+ .loginUserFromKeytabAndReturnUGI("user1@EXAMPLE.COM",
+ user1keyTabFilepath);
+ Set<KerberosPrincipal> principals = ugi.getSubject().getPrincipals(
+ KerberosPrincipal.class);
+ if (principals.isEmpty()) {
+ Assert.fail("There should be a kerberos principal in the subject.");
+ }
+ else {
+ UserGroupInformation ugi2 = UserGroupInformation.getUGIFromSubject(
+ ugi.getSubject());
+ if (ugi2 != null) {
+ ugi2.doAs(new PrivilegedAction<Object>() {
+
+ @Override
+ public Object run() {
+ try {
+ UserGroupInformation ugi3 = UserGroupInformation.getCurrentUser();
+ String doAsUserName = ugi3.getUserName();
+ assertEquals(doAsUserName, "user1@EXAMPLE.COM");
+ System.out.println("DO AS USERNAME: " + doAsUserName);
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+ });
+ }
+ }
+ }
}
Modified: hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java?rev=1569524&r1=1569523&r2=1569524&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java (original)
+++ hadoop/common/branches/HDFS-5535/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java Tue Feb 18 20:42:26 2014
@@ -28,6 +28,7 @@ import org.apache.hadoop.util.Shell;
import org.junit.*;
import javax.security.auth.Subject;
+import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.LoginContext;
import java.io.BufferedReader;
@@ -768,6 +769,16 @@ public class TestUserGroupInformation {
});
}
+ @Test (timeout = 30000)
+ public void testGetUGIFromSubject() throws Exception {
+ KerberosPrincipal p = new KerberosPrincipal("guest");
+ Subject subject = new Subject();
+ subject.getPrincipals().add(p);
+ UserGroupInformation ugi = UserGroupInformation.getUGIFromSubject(subject);
+ assertNotNull(ugi);
+ assertEquals("guest@DEFAULT.REALM", ugi.getUserName());
+ }
+
/** Test hasSufficientTimeElapsed method */
@Test (timeout = 30000)
public void testHasSufficientTimeElapsed() throws Exception {