HADOOP-8463. hadoop.security.auth_to_local needs a key definition and doc. Contributed by Madhukara Phatak
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1356513 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
22822df7c3
commit
161ed29087
|
@ -231,6 +231,9 @@ Branch-2 ( Unreleased changes )
|
||||||
HADOOP-3450. Add tests to Local Directory Allocator for
|
HADOOP-3450. Add tests to Local Directory Allocator for
|
||||||
asserting their URI-returning capability (Sho Shimauchi via harsh)
|
asserting their URI-returning capability (Sho Shimauchi via harsh)
|
||||||
|
|
||||||
|
HADOOP-8463. hadoop.security.auth_to_local needs a key definition and doc.
|
||||||
|
(Madhukara Phatak via eli)
|
||||||
|
|
||||||
BUG FIXES
|
BUG FIXES
|
||||||
|
|
||||||
HADOOP-8372. NetUtils.normalizeHostName() incorrectly handles hostname
|
HADOOP-8372. NetUtils.normalizeHostName() incorrectly handles hostname
|
||||||
|
|
|
@ -235,5 +235,9 @@ public class CommonConfigurationKeysPublic {
|
||||||
/** See <a href="{@docRoot}/../core-default.html">core-default.xml</a> */
|
/** See <a href="{@docRoot}/../core-default.html">core-default.xml</a> */
|
||||||
public static final String HADOOP_SECURITY_SERVICE_USER_NAME_KEY =
|
public static final String HADOOP_SECURITY_SERVICE_USER_NAME_KEY =
|
||||||
"hadoop.security.service.user.name.key";
|
"hadoop.security.service.user.name.key";
|
||||||
|
/** See <a href="{@docRoot}/../core-default.html">core-default.xml</a> */
|
||||||
|
public static final String HADOOP_SECURITY_AUTH_TO_LOCAL =
|
||||||
|
"hadoop.security.auth_to_local";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -25,7 +25,7 @@ import org.apache.hadoop.classification.InterfaceStability;
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
import org.apache.hadoop.security.authentication.util.KerberosName;
|
import org.apache.hadoop.security.authentication.util.KerberosName;
|
||||||
import org.apache.hadoop.security.authentication.util.KerberosUtil;
|
import org.apache.hadoop.security.authentication.util.KerberosUtil;
|
||||||
|
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
|
||||||
/**
|
/**
|
||||||
* This class implements parsing and handling of Kerberos principal names. In
|
* This class implements parsing and handling of Kerberos principal names. In
|
||||||
* particular, it splits them apart and translates them down into local
|
* particular, it splits them apart and translates them down into local
|
||||||
|
@ -63,7 +63,7 @@ public class HadoopKerberosName extends KerberosName {
|
||||||
* @throws IOException
|
* @throws IOException
|
||||||
*/
|
*/
|
||||||
public static void setConfiguration(Configuration conf) throws IOException {
|
public static void setConfiguration(Configuration conf) throws IOException {
|
||||||
String ruleString = conf.get("hadoop.security.auth_to_local", "DEFAULT");
|
String ruleString = conf.get(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL, "DEFAULT");
|
||||||
setRules(ruleString);
|
setRules(ruleString);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -250,6 +250,12 @@
|
||||||
</description>
|
</description>
|
||||||
</property>
|
</property>
|
||||||
|
|
||||||
|
<property>
|
||||||
|
<name>hadoop.security.auth_to_local</name>
|
||||||
|
<value></value>
|
||||||
|
<description>Maps kerberos principals to local user names</description>
|
||||||
|
</property>
|
||||||
|
|
||||||
<!-- i/o properties -->
|
<!-- i/o properties -->
|
||||||
<property>
|
<property>
|
||||||
<name>io.file.buffer.size</name>
|
<name>io.file.buffer.size</name>
|
||||||
|
|
|
@ -44,6 +44,7 @@ import org.apache.hadoop.ipc.TestSaslRPC.TestTokenSecretManager;
|
||||||
import org.apache.hadoop.ipc.TestSaslRPC.TestTokenIdentifier;
|
import org.apache.hadoop.ipc.TestSaslRPC.TestTokenIdentifier;
|
||||||
import org.apache.hadoop.ipc.TestSaslRPC.TestTokenSelector;
|
import org.apache.hadoop.ipc.TestSaslRPC.TestTokenSelector;
|
||||||
import org.apache.commons.logging.*;
|
import org.apache.commons.logging.*;
|
||||||
|
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
|
@ -66,7 +67,7 @@ public class TestDoAsEffectiveUser {
|
||||||
|
|
||||||
|
|
||||||
static {
|
static {
|
||||||
masterConf.set("hadoop.security.auth_to_local",
|
masterConf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL,
|
||||||
"RULE:[2:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//" +
|
"RULE:[2:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//" +
|
||||||
"RULE:[1:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//"
|
"RULE:[1:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//"
|
||||||
+ "DEFAULT");
|
+ "DEFAULT");
|
||||||
|
|
|
@ -40,6 +40,7 @@ import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
|
||||||
import org.apache.hadoop.security.token.Token;
|
import org.apache.hadoop.security.token.Token;
|
||||||
import org.apache.hadoop.security.token.TokenIdentifier;
|
import org.apache.hadoop.security.token.TokenIdentifier;
|
||||||
import static org.apache.hadoop.test.MetricsAsserts.*;
|
import static org.apache.hadoop.test.MetricsAsserts.*;
|
||||||
|
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
|
||||||
|
|
||||||
public class TestUserGroupInformation {
|
public class TestUserGroupInformation {
|
||||||
final private static String USER_NAME = "user1@HADOOP.APACHE.ORG";
|
final private static String USER_NAME = "user1@HADOOP.APACHE.ORG";
|
||||||
|
@ -68,7 +69,7 @@ public class TestUserGroupInformation {
|
||||||
@BeforeClass
|
@BeforeClass
|
||||||
public static void setup() {
|
public static void setup() {
|
||||||
Configuration conf = new Configuration();
|
Configuration conf = new Configuration();
|
||||||
conf.set("hadoop.security.auth_to_local",
|
conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL,
|
||||||
"RULE:[2:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//" +
|
"RULE:[2:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//" +
|
||||||
"RULE:[1:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//"
|
"RULE:[1:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//"
|
||||||
+ "DEFAULT");
|
+ "DEFAULT");
|
||||||
|
|
|
@ -46,6 +46,7 @@ import org.apache.hadoop.hdfs.server.common.Util;
|
||||||
import org.apache.hadoop.hdfs.server.namenode.NNStorage.NameNodeDirType;
|
import org.apache.hadoop.hdfs.server.namenode.NNStorage.NameNodeDirType;
|
||||||
import org.apache.hadoop.security.UserGroupInformation;
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
import org.apache.hadoop.security.token.Token;
|
import org.apache.hadoop.security.token.Token;
|
||||||
|
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* OfflineEditsViewerHelper is a helper class for TestOfflineEditsViewer,
|
* OfflineEditsViewerHelper is a helper class for TestOfflineEditsViewer,
|
||||||
|
@ -106,7 +107,7 @@ public class OfflineEditsViewerHelper {
|
||||||
// blocksize for concat (file size must be multiple of blocksize)
|
// blocksize for concat (file size must be multiple of blocksize)
|
||||||
config.setLong(DFSConfigKeys.DFS_BLOCK_SIZE_KEY, blockSize);
|
config.setLong(DFSConfigKeys.DFS_BLOCK_SIZE_KEY, blockSize);
|
||||||
// for security to work (fake JobTracker user)
|
// for security to work (fake JobTracker user)
|
||||||
config.set("hadoop.security.auth_to_local",
|
config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL,
|
||||||
"RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//" + "DEFAULT");
|
"RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//" + "DEFAULT");
|
||||||
config.setBoolean(
|
config.setBoolean(
|
||||||
DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);
|
DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);
|
||||||
|
|
|
@ -56,6 +56,7 @@ import org.junit.BeforeClass;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
import com.google.common.base.Joiner;
|
import com.google.common.base.Joiner;
|
||||||
|
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Test case for client support of delegation tokens in an HA cluster.
|
* Test case for client support of delegation tokens in an HA cluster.
|
||||||
|
@ -76,7 +77,7 @@ public class TestDelegationTokensWithHA {
|
||||||
public static void setupCluster() throws Exception {
|
public static void setupCluster() throws Exception {
|
||||||
conf.setBoolean(
|
conf.setBoolean(
|
||||||
DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);
|
DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);
|
||||||
conf.set("hadoop.security.auth_to_local",
|
conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL,
|
||||||
"RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//" + "DEFAULT");
|
"RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//" + "DEFAULT");
|
||||||
|
|
||||||
cluster = new MiniDFSCluster.Builder(conf)
|
cluster = new MiniDFSCluster.Builder(conf)
|
||||||
|
|
|
@ -50,6 +50,8 @@ import org.apache.hadoop.hdfs.MiniDFSCluster;
|
||||||
import org.apache.hadoop.hdfs.protocol.HdfsConstants.SafeModeAction;
|
import org.apache.hadoop.hdfs.protocol.HdfsConstants.SafeModeAction;
|
||||||
import org.apache.hadoop.hdfs.server.namenode.FSImageTestUtil;
|
import org.apache.hadoop.hdfs.server.namenode.FSImageTestUtil;
|
||||||
import org.apache.hadoop.hdfs.HdfsConfiguration;
|
import org.apache.hadoop.hdfs.HdfsConfiguration;
|
||||||
|
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Test function of OfflineImageViewer by:
|
* Test function of OfflineImageViewer by:
|
||||||
|
@ -96,7 +98,7 @@ public class TestOfflineImageViewer {
|
||||||
conf.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_MAX_LIFETIME_KEY, 10000);
|
conf.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_MAX_LIFETIME_KEY, 10000);
|
||||||
conf.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_RENEW_INTERVAL_KEY, 5000);
|
conf.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_RENEW_INTERVAL_KEY, 5000);
|
||||||
conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);
|
conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);
|
||||||
conf.set("hadoop.security.auth_to_local",
|
conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL,
|
||||||
"RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//" + "DEFAULT");
|
"RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//" + "DEFAULT");
|
||||||
cluster = new MiniDFSCluster.Builder(conf).numDataNodes(4).build();
|
cluster = new MiniDFSCluster.Builder(conf).numDataNodes(4).build();
|
||||||
cluster.waitActive();
|
cluster.waitActive();
|
||||||
|
|
|
@ -74,7 +74,7 @@ import org.junit.Test;
|
||||||
import org.mockito.Mockito;
|
import org.mockito.Mockito;
|
||||||
import org.mockito.invocation.InvocationOnMock;
|
import org.mockito.invocation.InvocationOnMock;
|
||||||
import org.mockito.stubbing.Answer;
|
import org.mockito.stubbing.Answer;
|
||||||
|
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
|
||||||
public class TestTokenCache {
|
public class TestTokenCache {
|
||||||
private static final int NUM_OF_KEYS = 10;
|
private static final int NUM_OF_KEYS = 10;
|
||||||
|
|
||||||
|
@ -158,7 +158,7 @@ public class TestTokenCache {
|
||||||
public static void setUp() throws Exception {
|
public static void setUp() throws Exception {
|
||||||
|
|
||||||
Configuration conf = new Configuration();
|
Configuration conf = new Configuration();
|
||||||
conf.set("hadoop.security.auth_to_local", "RULE:[2:$1]");
|
conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL, "RULE:[2:$1]");
|
||||||
dfsCluster = new MiniDFSCluster(conf, numSlaves, true, null);
|
dfsCluster = new MiniDFSCluster(conf, numSlaves, true, null);
|
||||||
jConf = new JobConf(conf);
|
jConf = new JobConf(conf);
|
||||||
mrCluster = new MiniMRCluster(0, 0, numSlaves,
|
mrCluster = new MiniMRCluster(0, 0, numSlaves,
|
||||||
|
|
Loading…
Reference in New Issue