diff options
author | Ravi Prakash <raviprak@altiscale.com> | 2016-04-21 11:32:39 -0700 |
---|---|---|
committer | Ravi Prakash <raviprak@altiscale.com> | 2016-04-21 11:32:39 -0700 |
commit | 4838b735f0d472765f402fe6b1c8b6ce85b9fbf1 (patch) | |
tree | 0291feaffddfaf0f3bb1e7bdf5eb5caa87e176a0 /hadoop-hdfs-project/hadoop-hdfs/src/main | |
parent | 95a50466075c28110fa7c297e9c5246892076ca8 (diff) |
HADOOP-12563. Updated utility (dtutil) to create/modify token files. Contributed by Matthew Paduano
Diffstat (limited to 'hadoop-hdfs-project/hadoop-hdfs/src/main')
5 files changed, 180 insertions, 1 deletions
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/HdfsDtFetcher.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/HdfsDtFetcher.java new file mode 100644 index 0000000000..02aa4b98f3 --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/HdfsDtFetcher.java @@ -0,0 +1,82 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hdfs; + +import java.io.IOException; +import java.net.URI; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.FileSystem; +import org.apache.hadoop.hdfs.protocol.HdfsConstants; +import org.apache.hadoop.io.Text; +import org.apache.hadoop.security.Credentials; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.token.DtFetcher; +import org.apache.hadoop.security.token.Token; + + +/** + * DtFetcher is an interface which permits the abstraction and separation of + * delegation token fetch implementaions across different packages and + * compilation units. Resolution of fetcher impl will be done at runtime. + */ +public class HdfsDtFetcher implements DtFetcher { + private static final Log LOG = LogFactory.getLog(HdfsDtFetcher.class); + + private static final String SERVICE_NAME = HdfsConstants.HDFS_URI_SCHEME; + + private static final String FETCH_FAILED = "Fetch of delegation token failed"; + + /** + * Returns the service name for HDFS, which is also a valid URL prefix. + */ + public Text getServiceName() { + return new Text(SERVICE_NAME); + } + + public boolean isTokenRequired() { + return UserGroupInformation.isSecurityEnabled(); + } + + /** + * Returns Token object via FileSystem, null if bad argument. + * @param conf - a Configuration object used with FileSystem.get() + * @param creds - a Credentials object to which token(s) will be added + * @param renewer - the renewer to send with the token request + * @param url - the URL to which the request is sent + * @return a Token, or null if fetch fails. + */ + public Token<?> addDelegationTokens(Configuration conf, Credentials creds, + String renewer, String url) throws Exception { + if (!url.startsWith(getServiceName().toString())) { + url = getServiceName().toString() + "://" + url; + } + FileSystem fs = FileSystem.get(URI.create(url), conf); + Token<?> token = fs.getDelegationToken(renewer); + if (token == null) { + LOG.error(FETCH_FAILED); + throw new IOException(FETCH_FAILED); + } + creds.addToken(token.getService(), token); + return token; + } +} diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/SWebHdfsDtFetcher.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/SWebHdfsDtFetcher.java new file mode 100644 index 0000000000..46f9b00769 --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/SWebHdfsDtFetcher.java @@ -0,0 +1,39 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hdfs; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import org.apache.hadoop.hdfs.web.WebHdfsConstants; +import org.apache.hadoop.io.Text; + +/** + * DtFetcher for SWebHdfsFileSystem using the base class HdfsDtFetcher impl. + */ +public class SWebHdfsDtFetcher extends HdfsDtFetcher { + private static final Log LOG = LogFactory.getLog(SWebHdfsDtFetcher.class); + + private static final String SERVICE_NAME = WebHdfsConstants.SWEBHDFS_SCHEME; + + @Override + public Text getServiceName() { + return new Text(SERVICE_NAME); + } +} diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/WebHdfsDtFetcher.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/WebHdfsDtFetcher.java new file mode 100644 index 0000000000..c2bb8522e8 --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/WebHdfsDtFetcher.java @@ -0,0 +1,39 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hdfs; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import org.apache.hadoop.hdfs.web.WebHdfsConstants; +import org.apache.hadoop.io.Text; + +/** + * DtFetcher for WebHdfsFileSystem using the base class HdfsDtFetcher impl. + */ +public class WebHdfsDtFetcher extends HdfsDtFetcher { + private static final Log LOG = LogFactory.getLog(WebHdfsDtFetcher.class); + + private static final String SERVICE_NAME = WebHdfsConstants.WEBHDFS_SCHEME; + + @Override + public Text getServiceName() { + return new Text(SERVICE_NAME); + } +} diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DelegationTokenFetcher.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DelegationTokenFetcher.java index 39821aaff8..f24b50ed7a 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DelegationTokenFetcher.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DelegationTokenFetcher.java @@ -179,7 +179,8 @@ public class DelegationTokenFetcher { if (null != token) { Credentials cred = new Credentials(); cred.addToken(token.getService(), token); - cred.writeTokenStorageFile(tokenFile, conf); + // dtutil is replacing this tool; preserve legacy functionality + cred.writeLegacyTokenStorageFile(tokenFile, conf); if (LOG.isDebugEnabled()) { LOG.debug("Fetched token " + fs.getUri() + " for " + diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/resources/META-INF/services/org.apache.hadoop.security.token.DtFetcher b/hadoop-hdfs-project/hadoop-hdfs/src/main/resources/META-INF/services/org.apache.hadoop.security.token.DtFetcher new file mode 100644 index 0000000000..a4217fb7df --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/resources/META-INF/services/org.apache.hadoop.security.token.DtFetcher @@ -0,0 +1,18 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +org.apache.hadoop.hdfs.HdfsDtFetcher +org.apache.hadoop.hdfs.WebHdfsDtFetcher +org.apache.hadoop.hdfs.SWebHdfsDtFetcher |