svn commit: r1605987 - in /hadoop/common/trunk/hadoop-common-project/hadoop-common: ./ src/main/java/org/apache/hadoop/security/authorize/ src/main/java/org/apache/hadoop/util/ src/site/apt/ src/test/
Author: arp Date: Fri Jun 27 08:32:51 2014 New Revision: 1605987 URL: http://svn.apache.org/r1605987 Log: HADOOP-10565. Support IP ranges (CIDR) in proxyuser.hosts. (Contributed by Benoy Antony) Added: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/MachineList.java hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestMachineList.java Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java hadoop/common/trunk/hadoop-common-project/hadoop-common/src/site/apt/SecureMode.apt.vm hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1605987r1=1605986r2=1605987view=diff == --- hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Fri Jun 27 08:32:51 2014 @@ -480,6 +480,9 @@ Release 2.5.0 - UNRELEASED HADOOP-10754. Reenable several HA ZooKeeper-related tests on Windows. (cnauroth) +HADOOP-10565. Support IP ranges (CIDR) in proxyuser.hosts. (Benoy Antony +via Arpit Agarwal) + OPTIMIZATIONS BUG FIXES Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java?rev=1605987r1=1605986r2=1605987view=diff == --- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java Fri Jun 27 08:32:51 2014 @@ -18,8 +18,6 @@ package org.apache.hadoop.security.authorize; -import java.net.InetAddress; -import java.net.UnknownHostException; import java.util.Collection; import java.util.HashMap; import java.util.Map; @@ -28,7 +26,7 @@ import java.util.regex.Pattern; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.UserGroupInformation; -import org.apache.hadoop.util.StringUtils; +import org.apache.hadoop.util.MachineList; import com.google.common.annotations.VisibleForTesting; @@ -46,8 +44,8 @@ public class DefaultImpersonationProvide // acl and list of hosts per proxyuser private MapString, AccessControlList proxyUserAcl = new HashMapString, AccessControlList(); - private MapString, CollectionString proxyHosts = -new HashMapString, CollectionString(); + private static MapString, MachineList proxyHosts = +new HashMapString, MachineList(); private Configuration conf; @Override @@ -70,7 +68,7 @@ public class DefaultImpersonationProvide allMatchKeys = conf.getValByRegex(CONF_HADOOP_PROXYUSER_RE_HOSTS); for(EntryString, String entry : allMatchKeys.entrySet()) { proxyHosts.put(entry.getKey(), - StringUtils.getTrimmedStringCollection(entry.getValue())); + new MachineList(entry.getValue())); } } @@ -95,27 +93,10 @@ public class DefaultImpersonationProvide + is not allowed to impersonate + user.getUserName()); } -boolean ipAuthorized = false; -CollectionString ipList = proxyHosts.get( +MachineList MachineList = proxyHosts.get( getProxySuperuserIpConfKey(realUser.getShortUserName())); -if (isWildcardList(ipList)) { - ipAuthorized = true; -} else if (ipList != null !ipList.isEmpty()) { - for (String allowedHost : ipList) { -InetAddress hostAddr; -try { - hostAddr = InetAddress.getByName(allowedHost); -} catch (UnknownHostException e) { - continue; -} -if (hostAddr.getHostAddress().equals(remoteAddress)) { - // Authorization is successful - ipAuthorized = true; -} - } -} -if(!ipAuthorized) { +if(!MachineList.includes(remoteAddress)) { throw new AuthorizationException(Unauthorized connection for super-user: + realUser.getUserName() + from IP + remoteAddress); } @@ -128,16 +109,6 @@ public class DefaultImpersonationProvide } return key; } - - /** - * Return true if the configuration specifies the special configuration
svn commit: r1605989 - in /hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common: ./ src/main/java/org/apache/hadoop/security/authorize/ src/main/java/org/apache/hadoop/util/ src/site/ap
Author: arp Date: Fri Jun 27 08:34:15 2014 New Revision: 1605989 URL: http://svn.apache.org/r1605989 Log: HADOOP-10565: Merging r1605987 from trunk to branch-2. Added: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/MachineList.java - copied unchanged from r1605987, hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/MachineList.java hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestMachineList.java - copied unchanged from r1605987, hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestMachineList.java Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/site/apt/SecureMode.apt.vm hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1605989r1=1605988r2=1605989view=diff == --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt Fri Jun 27 08:34:15 2014 @@ -114,6 +114,9 @@ Release 2.5.0 - UNRELEASED HADOOP-10754. Reenable several HA ZooKeeper-related tests on Windows. (cnauroth) +HADOOP-10565. Support IP ranges (CIDR) in proxyuser.hosts. (Benoy Antony +via Arpit Agarwal) + OPTIMIZATIONS BUG FIXES Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java?rev=1605989r1=1605988r2=1605989view=diff == --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java Fri Jun 27 08:34:15 2014 @@ -18,8 +18,6 @@ package org.apache.hadoop.security.authorize; -import java.net.InetAddress; -import java.net.UnknownHostException; import java.util.Collection; import java.util.HashMap; import java.util.Map; @@ -28,7 +26,7 @@ import java.util.regex.Pattern; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.UserGroupInformation; -import org.apache.hadoop.util.StringUtils; +import org.apache.hadoop.util.MachineList; import com.google.common.annotations.VisibleForTesting; @@ -46,8 +44,8 @@ public class DefaultImpersonationProvide // acl and list of hosts per proxyuser private MapString, AccessControlList proxyUserAcl = new HashMapString, AccessControlList(); - private MapString, CollectionString proxyHosts = -new HashMapString, CollectionString(); + private static MapString, MachineList proxyHosts = +new HashMapString, MachineList(); private Configuration conf; @Override @@ -70,7 +68,7 @@ public class DefaultImpersonationProvide allMatchKeys = conf.getValByRegex(CONF_HADOOP_PROXYUSER_RE_HOSTS); for(EntryString, String entry : allMatchKeys.entrySet()) { proxyHosts.put(entry.getKey(), - StringUtils.getTrimmedStringCollection(entry.getValue())); + new MachineList(entry.getValue())); } } @@ -95,27 +93,10 @@ public class DefaultImpersonationProvide + is not allowed to impersonate + user.getUserName()); } -boolean ipAuthorized = false; -CollectionString ipList = proxyHosts.get( +MachineList MachineList = proxyHosts.get( getProxySuperuserIpConfKey(realUser.getShortUserName())); -if (isWildcardList(ipList)) { - ipAuthorized = true; -} else if (ipList != null !ipList.isEmpty()) { - for (String allowedHost : ipList) { -InetAddress hostAddr; -try { - hostAddr = InetAddress.getByName(allowedHost); -} catch (UnknownHostException e) { - continue; -} -if (hostAddr.getHostAddress().equals(remoteAddress)) { - // Authorization is successful -
svn commit: r1606042 - in /hadoop/common/trunk/hadoop-common-project/hadoop-nfs: ./ dev-support/ src/main/java/org/apache/hadoop/oncrpc/security/
Author: atm Date: Fri Jun 27 12:00:55 2014 New Revision: 1606042 URL: http://svn.apache.org/r1606042 Log: HADOOP-10701. NFS should not validate the access premission only based on the user's primary group. Contributed by Harsh J. Added: hadoop/common/trunk/hadoop-common-project/hadoop-nfs/dev-support/ hadoop/common/trunk/hadoop-common-project/hadoop-nfs/dev-support/findbugsExcludeFile.xml Modified: hadoop/common/trunk/hadoop-common-project/hadoop-nfs/pom.xml hadoop/common/trunk/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/security/CredentialsSys.java hadoop/common/trunk/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/security/SecurityHandler.java hadoop/common/trunk/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/security/SysSecurityHandler.java Added: hadoop/common/trunk/hadoop-common-project/hadoop-nfs/dev-support/findbugsExcludeFile.xml URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-nfs/dev-support/findbugsExcludeFile.xml?rev=1606042view=auto == --- hadoop/common/trunk/hadoop-common-project/hadoop-nfs/dev-support/findbugsExcludeFile.xml (added) +++ hadoop/common/trunk/hadoop-common-project/hadoop-nfs/dev-support/findbugsExcludeFile.xml Fri Jun 27 12:00:55 2014 @@ -0,0 +1,28 @@ +!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the License); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an AS IS BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +-- +FindBugsFilter + !-- +FindBugs is complaining about CredentialsSys#getAuxGIDs(...) returning +a mutable array, but it is alright in our case, and copies would be +more expensive instead. + -- + Match + Class name=org.apache.hadoop.oncrpc.security.CredentialsSys/ + Method name=getAuxGIDs params= returns=int[]/ + Bug code=EI/ + /Match +/FindBugsFilter Modified: hadoop/common/trunk/hadoop-common-project/hadoop-nfs/pom.xml URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-nfs/pom.xml?rev=1606042r1=1606041r2=1606042view=diff == --- hadoop/common/trunk/hadoop-common-project/hadoop-nfs/pom.xml (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-nfs/pom.xml Fri Jun 27 12:00:55 2014 @@ -93,6 +93,18 @@ /dependency /dependencies + build +plugins + plugin +groupIdorg.codehaus.mojo/groupId +artifactIdfindbugs-maven-plugin/artifactId +configuration + excludeFilterFile${basedir}/dev-support/findbugsExcludeFile.xml + /excludeFilterFile +/configuration + /plugin +/plugins + /build profiles profile Modified: hadoop/common/trunk/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/security/CredentialsSys.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/security/CredentialsSys.java?rev=1606042r1=1606041r2=1606042view=diff == --- hadoop/common/trunk/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/security/CredentialsSys.java (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/security/CredentialsSys.java Fri Jun 27 12:00:55 2014 @@ -58,6 +58,10 @@ public class CredentialsSys extends Cred return mUID; } + public int[] getAuxGIDs() { +return mAuxGIDs; + } + public void setGID(int gid) { this.mGID = gid; } @@ -65,7 +69,7 @@ public class CredentialsSys extends Cred public void setUID(int uid) { this.mUID = uid; } - + public void setStamp(int stamp) { this.mStamp = stamp; } Modified: hadoop/common/trunk/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/security/SecurityHandler.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/security/SecurityHandler.java?rev=1606042r1=1606041r2=1606042view=diff == ---
svn commit: r1606043 - in /hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs: ./ dev-support/ src/main/java/org/apache/hadoop/oncrpc/security/
Author: atm Date: Fri Jun 27 12:03:33 2014 New Revision: 1606043 URL: http://svn.apache.org/r1606043 Log: HADOOP-10701. NFS should not validate the access premission only based on the user's primary group. Contributed by Harsh J. Added: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/dev-support/ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/dev-support/findbugsExcludeFile.xml Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/pom.xml hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/security/CredentialsSys.java hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/security/SecurityHandler.java hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/security/SysSecurityHandler.java Added: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/dev-support/findbugsExcludeFile.xml URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/dev-support/findbugsExcludeFile.xml?rev=1606043view=auto == --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/dev-support/findbugsExcludeFile.xml (added) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/dev-support/findbugsExcludeFile.xml Fri Jun 27 12:03:33 2014 @@ -0,0 +1,28 @@ +!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the License); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an AS IS BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +-- +FindBugsFilter + !-- +FindBugs is complaining about CredentialsSys#getAuxGIDs(...) returning +a mutable array, but it is alright in our case, and copies would be +more expensive instead. + -- + Match + Class name=org.apache.hadoop.oncrpc.security.CredentialsSys/ + Method name=getAuxGIDs params= returns=int[]/ + Bug code=EI/ + /Match +/FindBugsFilter Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/pom.xml URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/pom.xml?rev=1606043r1=1606042r2=1606043view=diff == --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/pom.xml (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/pom.xml Fri Jun 27 12:03:33 2014 @@ -93,6 +93,18 @@ /dependency /dependencies + build +plugins + plugin +groupIdorg.codehaus.mojo/groupId +artifactIdfindbugs-maven-plugin/artifactId +configuration + excludeFilterFile${basedir}/dev-support/findbugsExcludeFile.xml + /excludeFilterFile +/configuration + /plugin +/plugins + /build profiles profile Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/security/CredentialsSys.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/security/CredentialsSys.java?rev=1606043r1=1606042r2=1606043view=diff == --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/security/CredentialsSys.java (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/security/CredentialsSys.java Fri Jun 27 12:03:33 2014 @@ -58,6 +58,10 @@ public class CredentialsSys extends Cred return mUID; } + public int[] getAuxGIDs() { +return mAuxGIDs; + } + public void setGID(int gid) { this.mGID = gid; } @@ -65,7 +69,7 @@ public class CredentialsSys extends Cred public void setUID(int uid) { this.mUID = uid; } - + public void setStamp(int stamp) { this.mStamp = stamp; } Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/oncrpc/security/SecurityHandler.java URL:
svn commit: r1606091 - in /hadoop/common/tags: release-0.23.11-rc0/ release-0.23.11/
Author: tgraves Date: Fri Jun 27 13:25:29 2014 New Revision: 1606091 URL: http://svn.apache.org/r1606091 Log: Hadoop 0.23.11 release. Added: hadoop/common/tags/release-0.23.11/ (props changed) - copied from r1606090, hadoop/common/tags/release-0.23.11-rc0/ Removed: hadoop/common/tags/release-0.23.11-rc0/ Propchange: hadoop/common/tags/release-0.23.11/ -- --- svn:ignore (added) +++ svn:ignore Fri Jun 27 13:25:29 2014 @@ -0,0 +1,5 @@ +.classpath +.git +.project +.settings +target Propchange: hadoop/common/tags/release-0.23.11/ -- --- svn:mergeinfo (added) +++ svn:mergeinfo Fri Jun 27 13:25:29 2014 @@ -0,0 +1 @@ +/hadoop/common/trunk:1161777,1161781,1162188,1162421,1162491,1162499,1162613,1162928,1162954,1162979,1163050,1163069,1163490,1163768,1163852,1163858,1163981,1164255,1164301,1164339,1166009,1166402,1167001,1167383,1167662,1170085,1170379,1170459,1171297,1172916,1173402,1176550,1177487,1177531,1177859,1177864,1182189,1182205,1182214,1189613,1189932,1189982,1195575,1196113,1196129,1196676,1197801,1199024,1201991,1204114,1204117,1204122,1204124,1204129,1204131,1204177,1204370,1204376,1204388,1205260,1205697,1206786,1206830,1207694,1208153,1208313,1212021,1212062,1212073,1212084,1213537,1213586,1213592-1213593,1213954,1214046,1220510,1221348,1225114,1225192,1225456,1225489,1225591,1226211,1226239,1226350,1227091,1227165,1227423,1227964,1229347,1230398,1231569,1231572,1231627,1231640,1233605,1234555,1235135,1235137,1235956,1236456,1239752,1240897,1240928,1243065,1243104,1244766,1245751,1245762,1293419,1304099,1351818,1373683,1382409
svn commit: r1606179 - in /hadoop/common/trunk/hadoop-common-project/hadoop-common: ./ src/main/java/org/apache/hadoop/fs/ src/main/java/org/apache/hadoop/security/authorize/ src/site/apt/ src/test/ja
Author: arp Date: Fri Jun 27 18:43:42 2014 New Revision: 1606179 URL: http://svn.apache.org/r1606179 Log: HADOOP-10649. Allow overriding the default ACL for service authorization (Contributed by Benoy Antony) Added: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestServiceAuthorization.java Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java hadoop/common/trunk/hadoop-common-project/hadoop-common/src/site/apt/ServiceLevelAuth.apt.vm Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1606179r1=1606178r2=1606179view=diff == --- hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Fri Jun 27 18:43:42 2014 @@ -483,6 +483,9 @@ Release 2.5.0 - UNRELEASED HADOOP-10565. Support IP ranges (CIDR) in proxyuser.hosts. (Benoy Antony via Arpit Agarwal) +HADOOP-10649. Allow overriding the default ACL for service authorization +(Benoy Antony via Arpit Agarwal) + OPTIMIZATIONS BUG FIXES Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java?rev=1606179r1=1606178r2=1606179view=diff == --- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java Fri Jun 27 18:43:42 2014 @@ -131,6 +131,9 @@ public class CommonConfigurationKeys ext * Service Authorization */ public static final String + HADOOP_SECURITY_SERVICE_AUTHORIZATION_DEFAULT_ACL = + security.service.authorization.default.acl; + public static final String HADOOP_SECURITY_SERVICE_AUTHORIZATION_REFRESH_POLICY = security.refresh.policy.protocol.acl; public static final String Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java?rev=1606179r1=1606178r2=1606179view=diff == --- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java Fri Jun 27 18:43:42 2014 @@ -131,6 +131,10 @@ public class ServiceAuthorizationManager PolicyProvider provider) { final MapClass?, AccessControlList newAcls = new IdentityHashMapClass?, AccessControlList(); + +String defaultAcl = conf.get( + CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_AUTHORIZATION_DEFAULT_ACL, +AccessControlList.WILDCARD_ACL_VALUE); // Parse the config file Service[] services = provider.getServices(); @@ -139,7 +143,7 @@ public class ServiceAuthorizationManager AccessControlList acl = new AccessControlList( conf.get(service.getServiceKey(), -AccessControlList.WILDCARD_ACL_VALUE) +defaultAcl) ); newAcls.put(service.getProtocol(), acl); } Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/site/apt/ServiceLevelAuth.apt.vm URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/site/apt/ServiceLevelAuth.apt.vm?rev=1606179r1=1606178r2=1606179view=diff == --- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/site/apt/ServiceLevelAuth.apt.vm (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/site/apt/ServiceLevelAuth.apt.vm Fri Jun 27 18:43:42 2014 @@ -100,11 +100,15 @@ security.ha.service.protocol.acl | Example: user1,user2 group1,group2. Add a blank at the beginning
svn commit: r1606181 - in /hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common: ./ src/main/java/org/apache/hadoop/fs/ src/main/java/org/apache/hadoop/security/authorize/ src/site/apt/
Author: arp Date: Fri Jun 27 18:44:31 2014 New Revision: 1606181 URL: http://svn.apache.org/r1606181 Log: HADOOP-10649: Merging r1606179 from trunk to branch-2. Added: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestServiceAuthorization.java - copied unchanged from r1606179, hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestServiceAuthorization.java Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/site/apt/ServiceLevelAuth.apt.vm Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1606181r1=1606180r2=1606181view=diff == --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt Fri Jun 27 18:44:31 2014 @@ -117,6 +117,9 @@ Release 2.5.0 - UNRELEASED HADOOP-10565. Support IP ranges (CIDR) in proxyuser.hosts. (Benoy Antony via Arpit Agarwal) +HADOOP-10649. Allow overriding the default ACL for service authorization +(Benoy Antony via Arpit Agarwal) + OPTIMIZATIONS BUG FIXES Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java?rev=1606181r1=1606180r2=1606181view=diff == --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java Fri Jun 27 18:44:31 2014 @@ -131,6 +131,9 @@ public class CommonConfigurationKeys ext * Service Authorization */ public static final String + HADOOP_SECURITY_SERVICE_AUTHORIZATION_DEFAULT_ACL = + security.service.authorization.default.acl; + public static final String HADOOP_SECURITY_SERVICE_AUTHORIZATION_REFRESH_POLICY = security.refresh.policy.protocol.acl; public static final String Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java?rev=1606181r1=1606180r2=1606181view=diff == --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java Fri Jun 27 18:44:31 2014 @@ -131,6 +131,10 @@ public class ServiceAuthorizationManager PolicyProvider provider) { final MapClass?, AccessControlList newAcls = new IdentityHashMapClass?, AccessControlList(); + +String defaultAcl = conf.get( + CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_AUTHORIZATION_DEFAULT_ACL, +AccessControlList.WILDCARD_ACL_VALUE); // Parse the config file Service[] services = provider.getServices(); @@ -139,7 +143,7 @@ public class ServiceAuthorizationManager AccessControlList acl = new AccessControlList( conf.get(service.getServiceKey(), -AccessControlList.WILDCARD_ACL_VALUE) +defaultAcl) ); newAcls.put(service.getProtocol(), acl); } Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/site/apt/ServiceLevelAuth.apt.vm URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/site/apt/ServiceLevelAuth.apt.vm?rev=1606181r1=1606180r2=1606181view=diff == ---
[Hadoop Wiki] Update of MovingToJdk7and8 by AndrewWang
Dear Wiki user, You have subscribed to a wiki page or wiki category on Hadoop Wiki for change notification. The MovingToJdk7and8 page has been changed by AndrewWang: https://wiki.apache.org/hadoop/MovingToJdk7and8?action=diffrev1=3rev2=4 Comment: Add tucu proposal Looking at the big picture, it's reasonable to believe that the users of Apache Hadoop would be better served by us if we prioritized operational aspects such as rolling upgrades, wire-compatibility etc. for a couple of years. Since not everyone has moved to hadoop-2 yet, talk of more incompatibility between hadoop-2/hadoop-3 or between hadoop-3/hadoop-4 within the next 12 months would certainly be a big issue for users - especially w.r.t rolling upgrades, wire-compat etc. + Some improvements have also been made to support multiple versions of MR on the same cluster with their own classpaths. See [[https://issues.apache.org/jira/browse/MAPREDUCE-4421|MAPREDUCE-4421]] and [[https://issues.apache.org/jira/browse/MAPREDUCE-1700|MAPREDUCE-1700]] for further details. Furthermore, we also support allowing user applications to use a JDK different from Hadoop itself - for e.g. HDFS/YARN can run JDK7 while MR applications can run JDK6 if they chose right now. = Proposals = Listed in roughly chronological order. Not attaching names to keep this disinterested. @@ -41, +42 @@ * Drop support for JDK6 in an intermediate branch-2 release, e.g. hadoop-2.8. * Drop support for JDK7 in another intermediate branch-2 release, e.g. hadoop-2.15. + == Proposal D == + + * Choose a branch-2 release to designate as the last JDK6 release, e.g. hadoop-2.y + * Set up hadoop-2.y builds with both JDK6 and JDK7 + * Drop support for JDK6 in branch-2 and trunk + * Future branch-2 releases require JDK7+ and can use JDK7 APIs + * Discussion of JDK8 is tabled for now + = Discussion = == Proposal A == @@ -54, +63 @@ == Proposal C == * Dropping support for a JDK in a minor release maybe deemed incompatible, so this would require further discussion. * Will continue to support rolling-upgrades, wire protocol compatibility etc. - * Features like NOT relying on cluster install of MapReduce binary already help immensely. See [[https://issues.apache.org/jira/browse/MAPREDUCE-4421|MAPREDUCE-4421]] for further details. - * Furthermore, we *already* support allowing user applications to use a JDK different from Hadoop itself - for e.g. HDFS/YARN can run JDK7 while MR applications can run JDK6 if they chose right now. + == Proposal D == + * Seems to have some consensus on common-dev + * Not carte blanche to drop JDK support in minor releases + * Could do the 2.y release as soon as the upcoming Hadoop 2.5 + * Same benefits as Proposal C regarding rolling upgrades, wire compat, etc +
svn commit: r1606220 - in /hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop: crypto/CipherSuite.java fs/FileEncryptionInfo.java
Author: wang Date: Fri Jun 27 20:43:41 2014 New Revision: 1606220 URL: http://svn.apache.org/r1606220 Log: HDFS-6391. Get the Key/IV from the NameNode for encrypted files in DFSClient. Contributed by Charles Lamb and Andrew Wang. Added: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CipherSuite.java (with props) hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileEncryptionInfo.java (with props) Added: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CipherSuite.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CipherSuite.java?rev=1606220view=auto == --- hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CipherSuite.java (added) +++ hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CipherSuite.java Fri Jun 27 20:43:41 2014 @@ -0,0 +1,62 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * License); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an AS IS BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.crypto; + +import org.apache.hadoop.classification.InterfaceAudience; +import org.apache.hadoop.classification.InterfaceStability; + +/** + * Defines properties of a CipherSuite. Modeled after the ciphers in + * {@link javax.crypto.Cipher}. + */ +@InterfaceAudience.Private +public enum CipherSuite { + AES_CTR_NOPADDING(AES/CTR/NoPadding, 128); + + private final String name; + private final int blockBits; + + CipherSuite(String name, int blockBits) { +this.name = name; +this.blockBits = blockBits; + } + + /** + * @return name of cipher suite, as in {@link javax.crypto.Cipher} + */ + public String getName() { +return name; + } + + /** + * @return size of an algorithm block in bits + */ + public int getNumberBlockBits() { +return blockBits; + } + + @Override + public String toString() { +StringBuilder builder = new StringBuilder({); +builder.append(name: + getName() + , ); +builder.append(numBlockBits: + getNumberBlockBits()); +builder.append(}); +return builder.toString(); + } +} Propchange: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CipherSuite.java -- svn:eol-style = native Added: hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileEncryptionInfo.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileEncryptionInfo.java?rev=1606220view=auto == --- hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileEncryptionInfo.java (added) +++ hadoop/common/branches/fs-encryption/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileEncryptionInfo.java Fri Jun 27 20:43:41 2014 @@ -0,0 +1,83 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * License); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an AS IS BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package
svn commit: r1606267 - in /hadoop/common/trunk/hadoop-common-project/hadoop-common: CHANGES.txt src/main/java/org/apache/hadoop/fs/shell/MoveCommands.java src/test/java/org/apache/hadoop/fs/shell/Test
Author: jlowe Date: Fri Jun 27 23:22:35 2014 New Revision: 1606267 URL: http://svn.apache.org/r1606267 Log: HADOOP-10739. Renaming a file into a directory containing the same filename results in a confusing I/O error. Contributed by chang li Added: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/shell/TestMove.java (with props) Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/MoveCommands.java Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1606267r1=1606266r2=1606267view=diff == --- hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Fri Jun 27 23:22:35 2014 @@ -632,6 +632,9 @@ Release 2.5.0 - UNRELEASED HADOOP-9705. FsShell cp -p does not preserve directory attibutes. (Akira AJISAKA via cnauroth) +HADOOP-10739. Renaming a file into a directory containing the same +filename results in a confusing I/O error (chang li via jlowe) + BREAKDOWN OF HADOOP-10514 SUBTASKS AND RELATED JIRAS HADOOP-10520. Extended attributes definition and FileSystem APIs for Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/MoveCommands.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/MoveCommands.java?rev=1606267r1=1606266r2=1606267view=diff == --- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/MoveCommands.java (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/MoveCommands.java Fri Jun 27 23:22:35 2014 @@ -104,6 +104,9 @@ class MoveCommands { throw new PathIOException(src.toString(), Does not match target filesystem); } + if (target.exists) { +throw new PathExistsException(target.toString()); + } if (!target.fs.rename(src.path, target.path)) { // we have no way to know the actual error... throw new PathIOException(src.toString()); Added: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/shell/TestMove.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/shell/TestMove.java?rev=1606267view=auto == --- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/shell/TestMove.java (added) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/shell/TestMove.java Fri Jun 27 23:22:35 2014 @@ -0,0 +1,123 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * License); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an AS IS BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.fs.shell; + +import static org.junit.Assert.*; +import static org.mockito.Matchers.eq; +import static org.mockito.Mockito.*; + +import java.io.IOException; +import java.net.URI; +import java.net.URISyntaxException; + +import org.apache.hadoop.fs.Path; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.FileStatus; +import org.apache.hadoop.fs.FileSystem; +import org.apache.hadoop.fs.FilterFileSystem; +import org.apache.hadoop.fs.PathExistsException; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; + +public class TestMove { + static Configuration conf; + static FileSystem mockFs; + + @BeforeClass + public static void setup() throws IOException, URISyntaxException { +mockFs = mock(FileSystem.class); +conf = new Configuration(); +conf.setClass(fs.mockfs.impl, MockFileSystem.class, FileSystem.class); + } + + @Before + public void
svn commit: r1606268 - in /hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common: CHANGES.txt src/main/java/org/apache/hadoop/fs/shell/MoveCommands.java src/test/java/org/apache/hadoop/f
Author: jlowe Date: Fri Jun 27 23:23:39 2014 New Revision: 1606268 URL: http://svn.apache.org/r1606268 Log: HADOOP-10739. Renaming a file into a directory containing the same filename results in a confusing I/O error. Contributed by chang li Added: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/shell/TestMove.java - copied unchanged from r1606267, hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/shell/TestMove.java Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/MoveCommands.java Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1606268r1=1606267r2=1606268view=diff == --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt Fri Jun 27 23:23:39 2014 @@ -274,6 +274,9 @@ Release 2.5.0 - UNRELEASED HADOOP-9705. FsShell cp -p does not preserve directory attibutes. (Akira AJISAKA via cnauroth) +HADOOP-10739. Renaming a file into a directory containing the same +filename results in a confusing I/O error (chang li via jlowe) + BREAKDOWN OF HADOOP-10514 SUBTASKS AND RELATED JIRAS HADOOP-10520. Extended attributes definition and FileSystem APIs for Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/MoveCommands.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/MoveCommands.java?rev=1606268r1=1606267r2=1606268view=diff == --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/MoveCommands.java (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/MoveCommands.java Fri Jun 27 23:23:39 2014 @@ -104,6 +104,9 @@ class MoveCommands { throw new PathIOException(src.toString(), Does not match target filesystem); } + if (target.exists) { +throw new PathExistsException(target.toString()); + } if (!target.fs.rename(src.path, target.path)) { // we have no way to know the actual error... throw new PathIOException(src.toString());