Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-18705. ABFS should exclude incompatible credential providers. (#5560) 

Contributed by Tamas Domok.
This commit is contained in:
Tamas Domok 2023-04-24 16:46:40 +02:00 committed by GitHub
parent 6a23c376c9
commit 05e6dc19ea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/AzureBlobFileSystem.java
View File

@ -46,6 +46,7 @@ import java.util.concurrent.Future;
import javax.annotation.Nullable; import javax.annotation.Nullable;
import org.apache.hadoop.classification.VisibleForTesting; import org.apache.hadoop.classification.VisibleForTesting;
import org.apache.hadoop.security.ProviderUtils;
import org.apache.hadoop.util.Preconditions; import org.apache.hadoop.util.Preconditions;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -157,6 +158,8 @@ public class AzureBlobFileSystem extends FileSystem
@Override @Override
public void initialize(URI uri, Configuration configuration) public void initialize(URI uri, Configuration configuration)
throws IOException { throws IOException {
configuration = ProviderUtils.excludeIncompatibleCredentialProviders(
configuration, AzureBlobFileSystem.class);
uri = ensureAuthority(uri, configuration); uri = ensureAuthority(uri, configuration);
super.initialize(uri, configuration); super.initialize(uri, configuration);
setConf(configuration); setConf(configuration);

43
hadoop-tools/hadoop-azure/src/test/java/org/apache/hadoop/fs/azurebfs/ITestABFSJceksFiltering.java Normal file
View File

@ -0,0 +1,43 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.hadoop.fs.azurebfs;
import org.junit.Test;
import org.apache.hadoop.security.alias.CredentialProviderFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
public class ITestABFSJceksFiltering extends AbstractAbfsIntegrationTest {
public ITestABFSJceksFiltering() throws Exception {
}
@Test
public void testIncompatibleCredentialProviderIsExcluded() throws Exception {
Configuration rawConfig = getRawConfiguration();
rawConfig.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
"jceks://abfs@a@b.c.d/tmp/a.jceks,jceks://file/tmp/secret.jceks");
try (AzureBlobFileSystem fs = (AzureBlobFileSystem) FileSystem.get(rawConfig)) {
assertNotNull("filesystem", fs);
String providers = fs.getConf().get(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH);
assertEquals("jceks://file/tmp/secret.jceks", providers);
}
}
}