Repository: hadoop Updated Branches: refs/heads/branch-2 d2f9adca8 -> 5a552973f
HADOOP-12954. Add a way to change hadoop.security.token.service.use_ip (rkanter) (cherry picked from commit 8cac1bb09f55ff2f285914e349507472ff86f4d7) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/5a552973 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/5a552973 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/5a552973 Branch: refs/heads/branch-2 Commit: 5a552973f4311d33809b0eb1a4525870a2c26e28 Parents: d2f9adc Author: Robert Kanter <rkan...@apache.org> Authored: Mon Mar 28 10:36:59 2016 -0700 Committer: Robert Kanter <rkan...@apache.org> Committed: Mon Mar 28 10:37:58 2016 -0700 ---------------------------------------------------------------------- .../apache/hadoop/security/SecurityUtil.java | 53 ++++++++++++-------- .../hadoop/security/TestSecurityUtil.java | 16 ++++-- 2 files changed, 44 insertions(+), 25 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/5a552973/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java index 61cd516..42abe0e 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java @@ -73,16 +73,38 @@ public class SecurityUtil { @VisibleForTesting static HostResolver hostResolver; + private static boolean logSlowLookups; + private static int slowLookupThresholdMs; + static { - Configuration conf = new Configuration(); + setConfigurationInternal(new Configuration()); + } + + @InterfaceAudience.Public + @InterfaceStability.Evolving + public static void setConfiguration(Configuration conf) { + LOG.info("Updating Configuration"); + setConfigurationInternal(conf); + } + + private static void setConfigurationInternal(Configuration conf) { boolean useIp = conf.getBoolean( CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP, CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP_DEFAULT); setTokenServiceUseIp(useIp); - } - private static boolean logSlowLookups = getLogSlowLookupsEnabled(); - private static int slowLookupThresholdMs = getSlowLookupThresholdMs(); + logSlowLookups = conf.getBoolean( + CommonConfigurationKeys + .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_ENABLED_KEY, + CommonConfigurationKeys + .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_ENABLED_DEFAULT); + + slowLookupThresholdMs = conf.getInt( + CommonConfigurationKeys + .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_THRESHOLD_MS_KEY, + CommonConfigurationKeys + .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_THRESHOLD_MS_DEFAULT); + } /** * For use only by tests and initialization @@ -90,6 +112,11 @@ public class SecurityUtil { @InterfaceAudience.Private @VisibleForTesting public static void setTokenServiceUseIp(boolean flag) { + if (LOG.isDebugEnabled()) { + LOG.debug("Setting " + + CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP + + " to " + flag); + } useIpForTokenService = flag; hostResolver = !useIpForTokenService ? new QualifiedHostResolver() @@ -485,24 +512,6 @@ public class SecurityUtil { } } - private static boolean getLogSlowLookupsEnabled() { - Configuration conf = new Configuration(); - - return conf.getBoolean(CommonConfigurationKeys - .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_ENABLED_KEY, - CommonConfigurationKeys - .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_ENABLED_DEFAULT); - } - - private static int getSlowLookupThresholdMs() { - Configuration conf = new Configuration(); - - return conf.getInt(CommonConfigurationKeys - .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_THRESHOLD_MS_KEY, - CommonConfigurationKeys - .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_THRESHOLD_MS_DEFAULT); - } - /** * Resolves a host subject to the security requirements determined by * hadoop.security.token.service.use_ip. Optionally logs slow resolutions. http://git-wip-us.apache.org/repos/asf/hadoop/blob/5a552973/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java index ed5e2ad..73c7b65 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java @@ -28,6 +28,7 @@ import java.net.URI; import javax.security.auth.kerberos.KerberosPrincipal; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.CommonConfigurationKeys; import org.apache.hadoop.io.Text; import org.apache.hadoop.net.NetUtils; import org.apache.hadoop.security.token.Token; @@ -144,7 +145,10 @@ public class TestSecurityUtil { @Test public void testBuildDTServiceName() { - SecurityUtil.setTokenServiceUseIp(true); + Configuration conf = new Configuration(false); + conf.setBoolean( + CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP, true); + SecurityUtil.setConfiguration(conf); assertEquals("127.0.0.1:123", SecurityUtil.buildDTServiceName(URI.create("test://LocalHost"), 123) ); @@ -161,7 +165,10 @@ public class TestSecurityUtil { @Test public void testBuildTokenServiceSockAddr() { - SecurityUtil.setTokenServiceUseIp(true); + Configuration conf = new Configuration(false); + conf.setBoolean( + CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP, true); + SecurityUtil.setConfiguration(conf); assertEquals("127.0.0.1:123", SecurityUtil.buildTokenService(new InetSocketAddress("LocalHost", 123)).toString() ); @@ -260,7 +267,10 @@ public class TestSecurityUtil { verifyTokenService(InetSocketAddress addr, String host, String ip, int port, boolean useIp) { //LOG.info("address:"+addr+" host:"+host+" ip:"+ip+" port:"+port); - SecurityUtil.setTokenServiceUseIp(useIp); + Configuration conf = new Configuration(false); + conf.setBoolean( + CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP, useIp); + SecurityUtil.setConfiguration(conf); String serviceHost = useIp ? ip : StringUtils.toLowerCase(host); Token<?> token = new Token<TokenIdentifier>();
