This is an automated email from the ASF dual-hosted git repository.
psomogyi pushed a commit to branch branch-1
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-1 by this push:
new b294f7b HBASE-22313 Add method to FsDelegation token to accept token
kind (#199)
b294f7b is described below
commit b294f7b7b2b46442f3df085adadc83647f633f42
Author: Venkatesh Sridharan <s.venka...@gmail.com>
AuthorDate: Mon Jul 29 04:18:19 2019 -0500
HBASE-22313 Add method to FsDelegation token to accept token kind (#199)
Co-authored-by: Peter Somogyi <psomo...@apache.org>
Signed-off-by: stack <st...@apache.org>
Signed-off-by: Peter Somogyi <psomo...@apache.org>
---
.../hbase/security/token/FsDelegationToken.java | 47 ++++++--
.../security/token/TestFsDelegationToken.java | 120 +++++++++++++++++++++
2 files changed, 161 insertions(+), 6 deletions(-)
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/token/FsDelegationToken.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/token/FsDelegationToken.java
index 6ac1437..e1dd526 100644
---
a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/token/FsDelegationToken.java
+++
b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/token/FsDelegationToken.java
@@ -1,4 +1,4 @@
-/**
+/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -15,16 +15,23 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package org.apache.hadoop.hbase.security.token;
+import static org.apache.hadoop.hdfs.protocol.HdfsConstants.HDFS_URI_SCHEME;
+import static
org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier.HDFS_DELEGATION_KIND;
+import static org.apache.hadoop.hdfs.web.WebHdfsConstants.SWEBHDFS_SCHEME;
+import static org.apache.hadoop.hdfs.web.WebHdfsConstants.SWEBHDFS_TOKEN_KIND;
+import static org.apache.hadoop.hdfs.web.WebHdfsConstants.WEBHDFS_SCHEME;
+import static org.apache.hadoop.hdfs.web.WebHdfsConstants.WEBHDFS_TOKEN_KIND;
+
import java.io.IOException;
+import java.util.Objects;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.hbase.classification.InterfaceAudience;
import org.apache.hadoop.hbase.classification.InterfaceStability;
-import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.hbase.security.UserProvider;
import org.apache.hadoop.security.token.Token;
@@ -54,18 +61,46 @@ public class FsDelegationToken {
}
/**
- * Acquire the delegation token for the specified filesytem.
+ * Acquire the delegation token for the specified filesystem.
* Before requesting a new delegation token, tries to find one already
available.
+ * Currently supports checking existing delegation tokens for swebhdfs,
webhdfs and hdfs.
*
* @param fs the filesystem that requires the delegation token
* @throws IOException on fs.getDelegationToken() failure
*/
public void acquireDelegationToken(final FileSystem fs)
throws IOException {
+ String tokenKind;
+ String scheme = fs.getUri().getScheme();
+ if (SWEBHDFS_SCHEME.equalsIgnoreCase(scheme)) {
+ tokenKind = SWEBHDFS_TOKEN_KIND.toString();
+ } else if (WEBHDFS_SCHEME.equalsIgnoreCase(scheme)) {
+ tokenKind = WEBHDFS_TOKEN_KIND.toString();
+ } else if (HDFS_URI_SCHEME.equalsIgnoreCase(scheme)) {
+ tokenKind = HDFS_DELEGATION_KIND.toString();
+ } else {
+ LOG.warn("Unknown FS URI scheme: " + scheme);
+ // Preserve default behavior
+ tokenKind = HDFS_DELEGATION_KIND.toString();
+ }
+
+ acquireDelegationToken(tokenKind, fs);
+ }
+
+ /**
+ * Acquire the delegation token for the specified filesystem and token kind.
+ * Before requesting a new delegation token, tries to find one already
available.
+ *
+ * @param tokenKind non-null token kind to get delegation token from the
{@link UserProvider}
+ * @param fs the filesystem that requires the delegation token
+ * @throws IOException on fs.getDelegationToken() failure
+ */
+ public void acquireDelegationToken(final String tokenKind, final FileSystem
fs)
+ throws IOException {
+ Objects.requireNonNull(tokenKind, "tokenKind:null");
if (userProvider.isHadoopSecurityEnabled()) {
this.fs = fs;
- userToken = userProvider.getCurrent().getToken("HDFS_DELEGATION_TOKEN",
-
fs.getCanonicalServiceName());
+ userToken = userProvider.getCurrent().getToken(tokenKind,
fs.getCanonicalServiceName());
if (userToken == null) {
hasForwardedToken = false;
try {
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/token/TestFsDelegationToken.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/token/TestFsDelegationToken.java
new file mode 100644
index 0000000..e7210b0
--- /dev/null
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/token/TestFsDelegationToken.java
@@ -0,0 +1,120 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.security.token;
+
+import static
org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier.HDFS_DELEGATION_KIND;
+import static org.apache.hadoop.hdfs.web.WebHdfsConstants.SWEBHDFS_TOKEN_KIND;
+import static org.apache.hadoop.hdfs.web.WebHdfsConstants.WEBHDFS_TOKEN_KIND;
+import static org.junit.Assert.assertEquals;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import org.apache.hadoop.fs.FileSystem;
+import org.apache.hadoop.hbase.security.User;
+import org.apache.hadoop.hbase.security.UserProvider;
+import org.apache.hadoop.hbase.testclassification.SecurityTests;
+import org.apache.hadoop.hbase.testclassification.SmallTests;
+import org.apache.hadoop.hdfs.web.SWebHdfsFileSystem;
+import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
+import org.apache.hadoop.io.Text;
+import org.apache.hadoop.security.token.Token;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.mockito.Mockito;
+
+@Category({SecurityTests.class, SmallTests.class})
+public class TestFsDelegationToken {
+ private UserProvider userProvider = Mockito.mock(UserProvider.class);
+ private User user = Mockito.mock(User.class);
+ private FsDelegationToken fsDelegationToken = new
FsDelegationToken(userProvider, "Renewer");
+ private Token hdfsToken = Mockito.mock(Token.class);
+ private Token webhdfsToken = Mockito.mock(Token.class);
+ private Token swebhdfsToken = Mockito.mock(Token.class);
+ private WebHdfsFileSystem webHdfsFileSystem =
Mockito.mock(WebHdfsFileSystem.class);
+ private WebHdfsFileSystem swebHdfsFileSystem =
Mockito.mock(SWebHdfsFileSystem.class);
+ private FileSystem fileSystem = Mockito.mock(FileSystem.class);
+
+ @Before
+ public void setup() throws IOException, URISyntaxException {
+ when(userProvider.getCurrent()).thenReturn(user);
+ when(userProvider.isHadoopSecurityEnabled()).thenReturn(true);
+ when(fileSystem.getCanonicalServiceName()).thenReturn("hdfs://");
+ when(fileSystem.getUri()).thenReturn(new URI("hdfs://someUri"));
+ when(webHdfsFileSystem.getCanonicalServiceName()).thenReturn("webhdfs://");
+ when(webHdfsFileSystem.getUri()).thenReturn(new URI("webhdfs://someUri"));
+
when(swebHdfsFileSystem.getCanonicalServiceName()).thenReturn("swebhdfs://");
+ when(swebHdfsFileSystem.getUri()).thenReturn(new
URI("swebhdfs://someUri"));
+ when(user.getToken(
+ HDFS_DELEGATION_KIND.toString(),
+ fileSystem.getCanonicalServiceName()))
+ .thenReturn(hdfsToken);
+ when(user.getToken(
+ WEBHDFS_TOKEN_KIND.toString(),
+ webHdfsFileSystem.getCanonicalServiceName())).thenReturn(webhdfsToken);
+ when(user.getToken(
+ SWEBHDFS_TOKEN_KIND.toString(),
+
swebHdfsFileSystem.getCanonicalServiceName())).thenReturn(swebhdfsToken);
+ when(hdfsToken.getKind()).thenReturn(new Text("HDFS_DELEGATION_TOKEN"));
+ when(webhdfsToken.getKind()).thenReturn(WEBHDFS_TOKEN_KIND);
+ when(swebhdfsToken.getKind()).thenReturn(SWEBHDFS_TOKEN_KIND);
+ }
+
+ @Test
+ public void acquireDelegationToken_defaults_to_hdfsFileSystem() throws
IOException {
+ fsDelegationToken.acquireDelegationToken(fileSystem);
+ assertEquals(
+ fsDelegationToken.getUserToken().getKind(), HDFS_DELEGATION_KIND);
+ }
+
+ @Test
+ public void acquireDelegationToken_webhdfsFileSystem() throws IOException {
+ fsDelegationToken.acquireDelegationToken(webHdfsFileSystem);
+ assertEquals(
+ fsDelegationToken.getUserToken().getKind(), WEBHDFS_TOKEN_KIND);
+ }
+
+ @Test
+ public void acquireDelegationToken_swebhdfsFileSystem() throws IOException {
+ fsDelegationToken.acquireDelegationToken(swebHdfsFileSystem);
+ assertEquals(
+ fsDelegationToken.getUserToken().getKind(), SWEBHDFS_TOKEN_KIND);
+ }
+
+ @Test(expected = NullPointerException.class)
+ public void acquireDelegationTokenByTokenKind_rejects_null_token_kind()
throws IOException {
+ fsDelegationToken.acquireDelegationToken(null, fileSystem);
+ }
+
+ @Test
+ public void acquireDelegationTokenByTokenKind_webhdfsFileSystem() throws
IOException {
+ fsDelegationToken
+ .acquireDelegationToken(WEBHDFS_TOKEN_KIND.toString(),
webHdfsFileSystem);
+ assertEquals(fsDelegationToken.getUserToken().getKind(),
WEBHDFS_TOKEN_KIND);
+ }
+
+ @Test
+ public void acquireDelegationTokenByTokenKind_swebhdfsFileSystem() throws
IOException {
+ fsDelegationToken
+ .acquireDelegationToken(
+ SWEBHDFS_TOKEN_KIND.toString(), swebHdfsFileSystem);
+ assertEquals(fsDelegationToken.getUserToken().getKind(),
SWEBHDFS_TOKEN_KIND);
+ }
+}
