You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by su...@apache.org on 2015/01/27 17:26:39 UTC
[13/14] knox git commit: Added policy chain to webhdfs service
KNOX-487
Added policy chain to webhdfs service KNOX-487
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/6742302a
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/6742302a
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/6742302a
Branch: refs/heads/KNOX-481
Commit: 6742302af1ee872abed287e87678b5da0a61ff4b
Parents: 38406df
Author: Sumit Gupta <su...@apache.org>
Authored: Tue Jan 20 12:23:31 2015 -0500
Committer: Sumit Gupta <su...@apache.org>
Committed: Tue Jan 27 11:25:21 2015 -0500
----------------------------------------------------------------------
.../ServiceDefinitionDeploymentContributor.java | 39 +++++++++++++++++---
.../service/definition/PolicyBinding.java | 24 ++++++++++++
.../service/definition/ServiceDefinition.java | 12 ++++++
.../gateway/service/definition/UrlBinding.java | 13 +++++++
.../services/webhdfs/2.4.0/service.xml | 7 ++++
.../services/yarn-rm/2.5.0/service.xml | 1 -
.../definition/ServiceDefinitionTest.java | 10 +++++
7 files changed, 100 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/6742302a/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java
index 755fc67..f31b08a 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java
@@ -24,10 +24,7 @@ import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor;
import org.apache.hadoop.gateway.descriptor.ResourceDescriptor;
import org.apache.hadoop.gateway.dispatch.GatewayDispatchFilter;
import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteRulesDescriptor;
-import org.apache.hadoop.gateway.service.definition.CustomDispatch;
-import org.apache.hadoop.gateway.service.definition.RewriteFilter;
-import org.apache.hadoop.gateway.service.definition.ServiceDefinition;
-import org.apache.hadoop.gateway.service.definition.UrlBinding;
+import org.apache.hadoop.gateway.service.definition.*;
import org.apache.hadoop.gateway.topology.Provider;
import org.apache.hadoop.gateway.topology.Service;
@@ -100,17 +97,49 @@ public class ServiceDefinitionDeploymentContributor extends ServiceDeploymentCon
ResourceDescriptor resource = context.getGatewayDescriptor().addResource();
resource.role(service.getRole());
resource.pattern(binding.getPattern());
+ List<PolicyBinding> policyBindings = binding.getPolicyBindings();
+ if (policyBindings == null) {
+ policyBindings = serviceDefinition.getPolicyBindings();
+ }
+ if (policyBindings == null) {
+ //add default set
+ addDefaultPolicies(context, service, filterParams, params, resource);
+ } else {
+ addPolicies(context, service, filterParams, params, resource, policyBindings);
+ }
+ addDispatchFilter(context, service, resource, binding);
+ }
+
+ private void addPolicies(DeploymentContext context, Service service, Map<String, String> filterParams, List<FilterParamDescriptor> params, ResourceDescriptor resource, List<PolicyBinding> policyBindings) throws URISyntaxException {
+ for (PolicyBinding policyBinding : policyBindings) {
+ String role = policyBinding.getRole();
+ if (role == null) {
+ throw new IllegalArgumentException("Policy defined has no role for service " + service.getName());
+ }
+ role = role.trim().toLowerCase();
+ if (role.equals("rewrite")) {
+ addRewriteFilter(context, service, filterParams, params, resource);
+ } else if (topologyContainsProviderType(context, role)) {
+ context.contributeFilter( service, resource, role, policyBinding.getName(), null );
+ }
+ }
+ }
+
+ private void addDefaultPolicies(DeploymentContext context, Service service, Map<String, String> filterParams, List<FilterParamDescriptor> params, ResourceDescriptor resource) throws URISyntaxException {
addWebAppSecFilters(context, service, resource);
addAuthenticationFilter(context, service, resource);
addIdentityAssertionFilter(context, service, resource);
addAuthorizationFilter(context, service, resource);
+ addRewriteFilter(context, service, filterParams, params, resource);
+ }
+
+ private void addRewriteFilter(DeploymentContext context, Service service, Map<String, String> filterParams, List<FilterParamDescriptor> params, ResourceDescriptor resource) throws URISyntaxException {
if ( !filterParams.isEmpty() ) {
for ( Map.Entry<String, String> filterParam : filterParams.entrySet() ) {
params.add(resource.createFilterParam().name(filterParam.getKey()).value(filterParam.getValue()));
}
}
addRewriteFilter(context, service, resource, params);
- addDispatchFilter(context, service, resource, binding);
}
private void addDispatchFilter(DeploymentContext context, Service service, ResourceDescriptor resource, UrlBinding binding) {
http://git-wip-us.apache.org/repos/asf/knox/blob/6742302a/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/PolicyBinding.java
----------------------------------------------------------------------
diff --git a/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/PolicyBinding.java b/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/PolicyBinding.java
index ad6b0a6..d87674f 100644
--- a/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/PolicyBinding.java
+++ b/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/PolicyBinding.java
@@ -17,5 +17,29 @@
*/
package org.apache.hadoop.gateway.service.definition;
+import javax.xml.bind.annotation.XmlAttribute;
+
public class PolicyBinding {
+
+ private String name;
+
+ private String role;
+
+ @XmlAttribute
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ @XmlAttribute
+ public String getRole() {
+ return role;
+ }
+
+ public void setRole(String role) {
+ this.role = role;
+ }
}
http://git-wip-us.apache.org/repos/asf/knox/blob/6742302a/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/ServiceDefinition.java
----------------------------------------------------------------------
diff --git a/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/ServiceDefinition.java b/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/ServiceDefinition.java
index 3185941..682f2fc 100644
--- a/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/ServiceDefinition.java
+++ b/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/ServiceDefinition.java
@@ -34,6 +34,8 @@ public class ServiceDefinition {
private List<UrlBinding> urlBindings;
+ private List<PolicyBinding> policyBindings;
+
private CustomDispatch dispatch;
@XmlAttribute
@@ -73,6 +75,16 @@ public class ServiceDefinition {
this.urlBindings = urlBindings;
}
+ @XmlElement(name = "policy")
+ @XmlElementWrapper(name = "policies")
+ public List<PolicyBinding> getPolicyBindings() {
+ return policyBindings;
+ }
+
+ public void setPolicyBindings(List<PolicyBinding> policyBindings) {
+ this.policyBindings = policyBindings;
+ }
+
@XmlElement(name = "dispatch")
public CustomDispatch getDispatch() {
return dispatch;
http://git-wip-us.apache.org/repos/asf/knox/blob/6742302a/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/UrlBinding.java
----------------------------------------------------------------------
diff --git a/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/UrlBinding.java b/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/UrlBinding.java
index c64658c..a1b7718 100644
--- a/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/UrlBinding.java
+++ b/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/UrlBinding.java
@@ -19,6 +19,7 @@ package org.apache.hadoop.gateway.service.definition;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlElementWrapper;
import javax.xml.bind.annotation.XmlType;
import java.util.List;
@@ -29,6 +30,8 @@ public class UrlBinding {
private List<RewriteFilter> rewriteFilters;
+ private List<PolicyBinding> policyBindings;
+
private CustomDispatch dispatch;
@XmlAttribute
@@ -49,6 +52,16 @@ public class UrlBinding {
this.rewriteFilters = rewriteFilters;
}
+ @XmlElement(name = "policy")
+ @XmlElementWrapper(name = "policies")
+ public List<PolicyBinding> getPolicyBindings() {
+ return policyBindings;
+ }
+
+ public void setPolicyBindings(List<PolicyBinding> policyBindings) {
+ this.policyBindings = policyBindings;
+ }
+
@XmlElement(name = "dispatch")
public CustomDispatch getDispatch() {
return dispatch;
http://git-wip-us.apache.org/repos/asf/knox/blob/6742302a/gateway-service-definitions/src/main/resources/services/webhdfs/2.4.0/service.xml
----------------------------------------------------------------------
diff --git a/gateway-service-definitions/src/main/resources/services/webhdfs/2.4.0/service.xml b/gateway-service-definitions/src/main/resources/services/webhdfs/2.4.0/service.xml
index a89f51d..fd5d83e 100644
--- a/gateway-service-definitions/src/main/resources/services/webhdfs/2.4.0/service.xml
+++ b/gateway-service-definitions/src/main/resources/services/webhdfs/2.4.0/service.xml
@@ -16,6 +16,13 @@
limitations under the License.
-->
<service role="WEBHDFS" name="webhdfs" version="2.4.0">
+ <policies>
+ <policy role="webappsec"/>
+ <policy role="authentication"/>
+ <policy role="rewrite"/>
+ <policy role="identity-assertion"/>
+ <policy role="authorization"/>
+ </policies>
<urls>
<url pattern="/webhdfs/v1/?**">
<rewrite-filter ref="WEBHDFS/webhdfs/inbound/namenode/root" apply-to="request.url"/>
http://git-wip-us.apache.org/repos/asf/knox/blob/6742302a/gateway-service-definitions/src/main/resources/services/yarn-rm/2.5.0/service.xml
----------------------------------------------------------------------
diff --git a/gateway-service-definitions/src/main/resources/services/yarn-rm/2.5.0/service.xml b/gateway-service-definitions/src/main/resources/services/yarn-rm/2.5.0/service.xml
index f77d94d..8b53cca 100644
--- a/gateway-service-definitions/src/main/resources/services/yarn-rm/2.5.0/service.xml
+++ b/gateway-service-definitions/src/main/resources/services/yarn-rm/2.5.0/service.xml
@@ -50,6 +50,5 @@
<url pattern="/resourcemanager/proxy/*/ws/v1/mapreduce/jobs/*/tasks/*/attempts/*">
<rewrite-filter ref="RESOURCEMANAGER/resourcemanager/proxy/taskattempt/outbound" apply-to="response.body"/>
</url>
-
</urls>
</service>
http://git-wip-us.apache.org/repos/asf/knox/blob/6742302a/gateway-service-definitions/src/test/java/org/apache/hadoop/gateway/service/definition/ServiceDefinitionTest.java
----------------------------------------------------------------------
diff --git a/gateway-service-definitions/src/test/java/org/apache/hadoop/gateway/service/definition/ServiceDefinitionTest.java b/gateway-service-definitions/src/test/java/org/apache/hadoop/gateway/service/definition/ServiceDefinitionTest.java
index 9d4488a..385aa5e 100644
--- a/gateway-service-definitions/src/test/java/org/apache/hadoop/gateway/service/definition/ServiceDefinitionTest.java
+++ b/gateway-service-definitions/src/test/java/org/apache/hadoop/gateway/service/definition/ServiceDefinitionTest.java
@@ -26,6 +26,7 @@ import java.util.List;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
public class ServiceDefinitionTest {
@@ -46,5 +47,14 @@ public class ServiceDefinitionTest {
definition = (ServiceDefinition) unmarshaller.unmarshal(url.openStream());
assertNotNull(definition.getDispatch());
assertEquals("hbase", definition.getDispatch().getContributorName());
+ url = ClassLoader.getSystemResource("services/webhdfs/2.4.0/service.xml");
+ definition = (ServiceDefinition) unmarshaller.unmarshal(url.openStream());
+ assertNotNull(definition.getDispatch());
+ assertEquals("hdfs", definition.getDispatch().getContributorName());
+ assertEquals("ha-hdfs", definition.getDispatch().getHaContributorName());
+ List<PolicyBinding> policyBindings = definition.getPolicyBindings();
+ assertNotNull(policyBindings);
+ assertEquals("webappsec", policyBindings.get(0).getRole());
+ assertNull(policyBindings.get(0).getName());
}
}