You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by aj...@apache.org on 2019/03/04 18:37:38 UTC
[hadoop] branch trunk updated: HDDS-1183. Override
getDelegationToken API for OzoneFileSystem. Contributed by Xiaoyu Yao.
(#545)
This is an automated email from the ASF dual-hosted git repository.
ajay pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/trunk by this push:
new eed8b79 HDDS-1183. Override getDelegationToken API for OzoneFileSystem. Contributed by Xiaoyu Yao. (#545)
eed8b79 is described below
commit eed8b794d8af335f03dc3936f5b9a71ac9091639
Author: Xiaoyu Yao <xy...@apache.org>
AuthorDate: Mon Mar 4 10:37:26 2019 -0800
HDDS-1183. Override getDelegationToken API for OzoneFileSystem. Contributed by Xiaoyu Yao. (#545)
---
.../security/token/OzoneBlockTokenIdentifier.java | 13 +++++
.../ozone/security/OzoneTokenIdentifier.java | 13 -----
.../apache/hadoop/fs/ozone/OzoneClientAdapter.java | 5 ++
.../hadoop/fs/ozone/OzoneClientAdapterImpl.java | 65 +++++++++++++++++++++-
.../apache/hadoop/fs/ozone/OzoneFileSystem.java | 13 +++++
5 files changed, 95 insertions(+), 14 deletions(-)
diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/token/OzoneBlockTokenIdentifier.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/token/OzoneBlockTokenIdentifier.java
index 89457fd..54cf180 100644
--- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/token/OzoneBlockTokenIdentifier.java
+++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/token/OzoneBlockTokenIdentifier.java
@@ -28,6 +28,7 @@ import org.apache.hadoop.hdds.protocol.proto.HddsProtos.BlockTokenSecretProto.Bu
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.TokenIdentifier;
+import org.apache.hadoop.security.token.Token.TrivialRenewer;
import java.io.DataInput;
import java.io.DataInputStream;
@@ -195,5 +196,17 @@ public class OzoneBlockTokenIdentifier extends TokenIdentifier {
}
out.write(builder.build().toByteArray());
}
+
+ /**
+ * Default TrivialRenewer.
+ */
+ @InterfaceAudience.Private
+ public static class Renewer extends TrivialRenewer {
+
+ @Override
+ protected Text getKind() {
+ return KIND_NAME;
+ }
+ }
}
diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneTokenIdentifier.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneTokenIdentifier.java
index 88b0b9c..330788d 100644
--- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneTokenIdentifier.java
+++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneTokenIdentifier.java
@@ -29,7 +29,6 @@ import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMTokenProto;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
-import org.apache.hadoop.security.token.Token;
/**
* The token identifier for Ozone Master.
@@ -69,18 +68,6 @@ public class OzoneTokenIdentifier extends
}
/**
- * Default TrivialRenewer.
- */
- @InterfaceAudience.Private
- public static class Renewer extends Token.TrivialRenewer {
-
- @Override
- protected Text getKind() {
- return KIND_NAME;
- }
- }
-
- /**
* Overrides default implementation to write using Protobuf.
*
* @param out output stream
diff --git a/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneClientAdapter.java b/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneClientAdapter.java
index 59f3f7a..d7fc7d8 100644
--- a/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneClientAdapter.java
+++ b/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneClientAdapter.java
@@ -17,6 +17,9 @@
*/
package org.apache.hadoop.fs.ozone;
+import org.apache.hadoop.ozone.security.OzoneTokenIdentifier;
+import org.apache.hadoop.security.token.Token;
+
import java.io.IOException;
import java.io.InputStream;
import java.util.Iterator;
@@ -52,4 +55,6 @@ public interface OzoneClientAdapter {
Iterator<BasicKeyInfo> listKeys(String pathKey);
+ Token<OzoneTokenIdentifier> getDelegationToken(String renewer)
+ throws IOException;
}
diff --git a/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneClientAdapterImpl.java b/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneClientAdapterImpl.java
index 8c69849..3b034ed 100644
--- a/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneClientAdapterImpl.java
+++ b/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneClientAdapterImpl.java
@@ -22,9 +22,12 @@ import java.io.InputStream;
import java.util.HashMap;
import java.util.Iterator;
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdds.client.ReplicationFactor;
import org.apache.hadoop.hdds.client.ReplicationType;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import org.apache.hadoop.io.Text;
import org.apache.hadoop.ozone.OzoneConfigKeys;
import org.apache.hadoop.ozone.client.ObjectStore;
import org.apache.hadoop.ozone.client.OzoneBucket;
@@ -35,6 +38,10 @@ import org.apache.hadoop.ozone.client.OzoneVolume;
import org.apache.hadoop.ozone.client.io.OzoneOutputStream;
import static org.apache.hadoop.ozone.OzoneConsts.OZONE_URI_DELIMITER;
+
+import org.apache.hadoop.ozone.security.OzoneTokenIdentifier;
+import org.apache.hadoop.security.token.Token;
+import org.apache.hadoop.security.token.TokenRenewer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -251,8 +258,64 @@ public class OzoneClientAdapterImpl implements OzoneClientAdapter {
return new IteratorAdapter(bucket.listKeys(pathKey));
}
+ @Override
+ public Token<OzoneTokenIdentifier> getDelegationToken(String renewer)
+ throws IOException {
+ Token<OzoneTokenIdentifier> token =
+ ozoneClient.getObjectStore().getDelegationToken(new Text(renewer));
+ token.setKind(OzoneTokenIdentifier.KIND_NAME);
+ return token;
+ }
+
+ /**
+ * Ozone Delegation Token Renewer.
+ */
+ @InterfaceAudience.Private
+ public static class Renewer extends TokenRenewer {
+
+ //Ensure that OzoneConfiguration files are loaded before trying to use
+ // the renewer.
+ static {
+ OzoneConfiguration.activate();
+ }
+
+ public Text getKind() {
+ return OzoneTokenIdentifier.KIND_NAME;
+ }
+
+ @Override
+ public boolean handleKind(Text kind) {
+ return getKind().equals(kind);
+ }
+
+ @Override
+ public boolean isManaged(Token<?> token) throws IOException {
+ return true;
+ }
+
+ @Override
+ public long renew(Token<?> token, Configuration conf)
+ throws IOException, InterruptedException {
+ Token<OzoneTokenIdentifier> ozoneDt =
+ (Token<OzoneTokenIdentifier>) token;
+ OzoneClient ozoneClient =
+ OzoneClientFactory.getRpcClient(conf);
+ return ozoneClient.getObjectStore().renewDelegationToken(ozoneDt);
+ }
+
+ @Override
+ public void cancel(Token<?> token, Configuration conf)
+ throws IOException, InterruptedException {
+ Token<OzoneTokenIdentifier> ozoneDt =
+ (Token<OzoneTokenIdentifier>) token;
+ OzoneClient ozoneClient =
+ OzoneClientFactory.getRpcClient(conf);
+ ozoneClient.getObjectStore().cancelDelegationToken(ozoneDt);
+ }
+ }
+
/**
- * Adapter to conver OzoneKey to a safe and simple Key implementation.
+ * Adapter to convert OzoneKey to a safe and simple Key implementation.
*/
public static class IteratorAdapter implements Iterator<BasicKeyInfo> {
diff --git a/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneFileSystem.java b/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneFileSystem.java
index ad6de8a..13b7dda 100644
--- a/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneFileSystem.java
+++ b/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneFileSystem.java
@@ -48,7 +48,9 @@ import org.apache.hadoop.fs.PathIsNotEmptyDirectoryException;
import org.apache.hadoop.fs.GlobalStorageStatistics;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.Progressable;
import com.google.common.base.Preconditions;
@@ -84,6 +86,7 @@ public class OzoneFileSystem extends FileSystem {
private Path workingDir;
private OzoneClientAdapter adapter;
+ private boolean securityEnabled;
private OzoneFSStorageStatistics storageStatistics;
@@ -156,6 +159,10 @@ public class OzoneFileSystem extends FileSystem {
} else {
ozoneConfiguration = new OzoneConfiguration(conf);
}
+ SecurityConfig secConfig = new SecurityConfig(ozoneConfiguration);
+ if (secConfig.isSecurityEnabled()) {
+ this.securityEnabled = true;
+ }
this.adapter = new OzoneClientAdapterImpl(ozoneConfiguration,
volumeStr, bucketStr, storageStatistics);
}
@@ -669,6 +676,12 @@ public class OzoneFileSystem extends FileSystem {
return workingDir;
}
+ @Override
+ public Token<?> getDelegationToken(String renewer) throws IOException {
+ return securityEnabled? adapter.getDelegationToken(renewer) :
+ super.getDelegationToken(renewer);
+ }
+
/**
* Get the username of the FS.
*
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org