Repository: hadoop Updated Branches: refs/heads/branch-3.0 1d5390679 -> 2caf69deb
HDFS-13941. make storageId in BlockPoolTokenSecretManager.checkAccess optional. Contributed by Wei-Chiu Chuang. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/2caf69de Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/2caf69de Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/2caf69de Branch: refs/heads/branch-3.0 Commit: 2caf69debd989b31b0417abd85d35b2d62c2058e Parents: 1d53906 Author: Ajay Kumar <[email protected]> Authored: Wed Oct 24 22:35:06 2018 -0700 Committer: Ajay Kumar <[email protected]> Committed: Wed Oct 24 22:35:06 2018 -0700 ---------------------------------------------------------------------- .../token/block/BlockPoolTokenSecretManager.java | 14 +++++++++++++- .../token/block/BlockTokenSecretManager.java | 18 ++++++++++++++++++ .../hdfs/security/token/block/TestBlockToken.java | 7 ++++++- 3 files changed, 37 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/2caf69de/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java index 8400b4f..4d3915e 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java @@ -95,6 +95,18 @@ public class BlockPoolTokenSecretManager extends } /** + * See {@link BlockTokenSecretManager#checkAccess(BlockTokenIdentifier, + * String, ExtendedBlock, BlockTokenIdentifier.AccessMode, + * StorageType[])} + */ + public void checkAccess(BlockTokenIdentifier id, String userId, + ExtendedBlock block, AccessMode mode, StorageType[] storageTypes) + throws InvalidToken { + get(block.getBlockPoolId()).checkAccess(id, userId, block, mode, + storageTypes); + } + + /** * See {@link BlockTokenSecretManager#checkAccess(Token, String, * ExtendedBlock, BlockTokenIdentifier.AccessMode, * StorageType[], String[])} @@ -108,7 +120,7 @@ public class BlockPoolTokenSecretManager extends } /** - * See {@link BlockTokenSecretManager#addKeys(ExportedBlockKeys)} + * See {@link BlockTokenSecretManager#addKeys(ExportedBlockKeys)}. */ public void addKeys(String bpid, ExportedBlockKeys exportedKeys) throws IOException { http://git-wip-us.apache.org/repos/asf/hadoop/blob/2caf69de/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java index da830a6..6b7dd37 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java @@ -31,6 +31,7 @@ import java.util.Iterator; import java.util.List; import java.util.Map; +import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.classification.InterfaceAudience; @@ -291,6 +292,23 @@ public class BlockTokenSecretManager extends } } + /** + * Check if access should be allowed. userID is not checked if null. This + * method doesn't check if token password is correct. It should be used only + * when token password has already been verified (e.g., in the RPC layer). + * + * Some places need to check the access using StorageTypes and for other + * places the StorageTypes is not relevant. + */ + public void checkAccess(BlockTokenIdentifier id, String userId, + ExtendedBlock block, BlockTokenIdentifier.AccessMode mode, + StorageType[] storageTypes) throws InvalidToken { + checkAccess(id, userId, block, mode); + if (ArrayUtils.isNotEmpty(storageTypes)) { + checkAccess(id.getStorageTypes(), storageTypes, "StorageTypes"); + } + } + public void checkAccess(BlockTokenIdentifier id, String userId, ExtendedBlock block, BlockTokenIdentifier.AccessMode mode) throws InvalidToken { http://git-wip-us.apache.org/repos/asf/hadoop/blob/2caf69de/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java index aaddb36..c16b471 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java @@ -215,7 +215,11 @@ public class TestBlockToken { private static void checkAccess(BlockTokenSecretManager m, Token<BlockTokenIdentifier> t, ExtendedBlock blk, BlockTokenIdentifier.AccessMode mode, StorageType[] storageTypes, - String[] storageIds) throws SecretManager.InvalidToken { + String[] storageIds) throws IOException { + if(storageIds == null) { + // Test overloaded checkAccess method. + m.checkAccess(t.decodeIdentifier(), null, blk, mode, storageTypes); + } m.checkAccess(t, null, blk, mode, storageTypes, storageIds); } @@ -801,6 +805,7 @@ public class TestBlockToken { emptyStorageIds); sm.checkAccess(id, null, block3, mode, storageTypes, null); + sm.checkAccess(id, null, block3, mode, storageTypes); } @Test --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
