You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@storm.apache.org by et...@apache.org on 2020/04/07 13:39:23 UTC
[storm] branch master updated: [STORM-3616] add optional flag to
fail upload-credentials cmd if no creds were uploaded (#3243)
This is an automated email from the ASF dual-hosted git repository.
ethanli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/storm.git
The following commit(s) were added to refs/heads/master by this push:
new b38e159 [STORM-3616] add optional flag to fail upload-credentials cmd if no creds were uploaded (#3243)
b38e159 is described below
commit b38e159d31fab3805980e1bcd35d83611487930b
Author: Rui Li <ru...@verizonmedia.com>
AuthorDate: Tue Apr 7 08:39:06 2020 -0500
[STORM-3616] add optional flag to fail upload-credentials cmd if no creds were uploaded (#3243)
---
bin/storm.py | 8 ++++++++
docs/Command-line-client.md | 4 +++-
storm-client/src/jvm/org/apache/storm/StormSubmitter.java | 12 ++++++++----
.../jvm/org/apache/storm/security/auth/kerberos/AutoTGT.java | 5 +++--
.../src/jvm/org/apache/storm/command/UploadCredentials.java | 9 ++++++++-
5 files changed, 30 insertions(+), 8 deletions(-)
diff --git a/bin/storm.py b/bin/storm.py
index 14e9dde..c33fff7 100755
--- a/bin/storm.py
+++ b/bin/storm.py
@@ -542,6 +542,14 @@ def initialize_upload_credentials_subcommand(subparsers):
help="""name of the owner of the topology (security precaution)"""
)
+ # If set, this flag will become true meaning that user expects non-empty creds to be uploaded.
+ # Command exits with non-zero code if uploaded creds collection is empty.
+ sub_parser.add_argument(
+ "-e", "--exception-when-empty", action='store_true',
+ help="""If specified, throw exception if there are no credentials uploaded.
+ Otherwise, it is default to be false"""
+ )
+
sub_parser.add_argument(
"cred_list", nargs='*', help="List of credkeys and their values [credkey credvalue]*"
)
diff --git a/docs/Command-line-client.md b/docs/Command-line-client.md
index 3dd6a38..e2b3462 100644
--- a/docs/Command-line-client.md
+++ b/docs/Command-line-client.md
@@ -319,7 +319,9 @@ eg: `storm shell resources/ python topology.py arg1 arg2`
Syntax: `storm upload_credentials topology-name [credkey credvalue]*`
-Uploads a new set of credentials to a running topology
+Uploads a new set of credentials to a running topology
+ * `-e --exception-when-empty`: optional flag. If set, command will fail and throw exception if no credentials were uploaded.
+
### version
diff --git a/storm-client/src/jvm/org/apache/storm/StormSubmitter.java b/storm-client/src/jvm/org/apache/storm/StormSubmitter.java
index 467c431..a31ef00 100644
--- a/storm-client/src/jvm/org/apache/storm/StormSubmitter.java
+++ b/storm-client/src/jvm/org/apache/storm/StormSubmitter.java
@@ -106,27 +106,30 @@ public class StormSubmitter {
* @param name the name of the topology to push credentials to.
* @param topoConf the topology-specific configuration, if desired. See {@link Config}.
* @param credentials the credentials to push.
+ * @return whether the pushed credential collection is non-empty. Return false if empty.
* @throws AuthorizationException if you are not authorized ot push credentials.
* @throws NotAliveException if the topology is not alive
* @throws InvalidTopologyException if any other error happens
*/
- public static void pushCredentials(String name, Map<String, Object> topoConf, Map<String, String> credentials)
+ public static boolean pushCredentials(String name, Map<String, Object> topoConf, Map<String, String> credentials)
throws AuthorizationException, NotAliveException, InvalidTopologyException {
- pushCredentials(name, topoConf, credentials, null);
+ return pushCredentials(name, topoConf, credentials, null);
}
/**
* Push a new set of credentials to the running topology.
+ * Return false if push Creds map is empty, true otherwise.
*
* @param name the name of the topology to push credentials to.
* @param topoConf the topology-specific configuration, if desired. See {@link Config}.
* @param credentials the credentials to push.
* @param expectedUser the user you expect the topology to be owned by.
+ * @return whether the pushed credential collection is non-empty. Return false if empty.
* @throws AuthorizationException if you are not authorized ot push credentials.
* @throws NotAliveException if the topology is not alive
* @throws InvalidTopologyException if any other error happens
*/
- public static void pushCredentials(String name, Map<String, Object> topoConf, Map<String, String> credentials, String expectedUser)
+ public static boolean pushCredentials(String name, Map<String, Object> topoConf, Map<String, String> credentials, String expectedUser)
throws AuthorizationException, NotAliveException, InvalidTopologyException {
topoConf = new HashMap(topoConf);
topoConf.putAll(Utils.readCommandLineOpts());
@@ -135,7 +138,7 @@ public class StormSubmitter {
Map<String, String> fullCreds = populateCredentials(conf, credentials);
if (fullCreds.isEmpty()) {
LOG.warn("No credentials were found to push to " + name);
- return;
+ return false;
}
try {
try (NimbusClient client = NimbusClient.getConfiguredClient(conf)) {
@@ -150,6 +153,7 @@ public class StormSubmitter {
} catch (TException e) {
throw new RuntimeException(e);
}
+ return true;
}
diff --git a/storm-client/src/jvm/org/apache/storm/security/auth/kerberos/AutoTGT.java b/storm-client/src/jvm/org/apache/storm/security/auth/kerberos/AutoTGT.java
index 44eebe1..6d7e16b 100644
--- a/storm-client/src/jvm/org/apache/storm/security/auth/kerberos/AutoTGT.java
+++ b/storm-client/src/jvm/org/apache/storm/security/auth/kerberos/AutoTGT.java
@@ -13,6 +13,7 @@
package org.apache.storm.security.auth.kerberos;
import java.lang.reflect.Method;
+import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
@@ -101,10 +102,10 @@ public class AutoTGT implements IAutoCredentials, ICredentialsRenewer, IMetricsR
public static void main(String[] args) throws Exception {
AutoTGT at = new AutoTGT();
- Map<String, Object> conf = new java.util.HashMap();
+ Map<String, Object> conf = new HashMap();
conf.put("java.security.auth.login.config", args[0]);
at.prepare(conf);
- Map<String, String> creds = new java.util.HashMap<String, String>();
+ Map<String, String> creds = new HashMap<>();
at.populateCredentials(creds);
Subject s = new Subject();
at.populateSubject(s, creds);
diff --git a/storm-core/src/jvm/org/apache/storm/command/UploadCredentials.java b/storm-core/src/jvm/org/apache/storm/command/UploadCredentials.java
index 48ef76c..c308b59 100644
--- a/storm-core/src/jvm/org/apache/storm/command/UploadCredentials.java
+++ b/storm-core/src/jvm/org/apache/storm/command/UploadCredentials.java
@@ -42,6 +42,7 @@ public class UploadCredentials {
public static void main(String[] args) throws Exception {
Map<String, Object> cl = CLI.opt("f", "file", null)
.opt("u", "user", null)
+ .boolOpt("e", "exception-when-empty")
.arg("topologyName", CLI.FIRST_WINS)
.optionalArg("rawCredentials", CLI.INTO_LIST)
.parse(args);
@@ -111,7 +112,13 @@ public class UploadCredentials {
// use the local setting for the login config rather than the topology's
topologyConf.remove("java.security.auth.login.config");
- StormSubmitter.pushCredentials(topologyName, topologyConf, credentialsMap, (String) cl.get("u"));
+ boolean throwExceptionForEmptyCreds = (boolean) cl.get("e");
+ boolean hasCreds = StormSubmitter.pushCredentials(topologyName, topologyConf, credentialsMap, (String) cl.get("u"));
+ if (!hasCreds && throwExceptionForEmptyCreds) {
+ String message = "No credentials were uploaded for " + topologyName;
+ LOG.error(message);
+ throw new RuntimeException(message);
+ }
LOG.info("Uploaded new creds to topology: {}", topologyName);
}
}