HADOOP-14038. Rename ADLS credential properties. Contributed by John Zhuge.

This commit is contained in:
John Zhuge 2017-02-20 21:27:46 -08:00 committed by John Zhuge
parent 448ec81fd7
commit 253e3e78ab
6 changed files with 138 additions and 29 deletions

View File

@ -752,6 +752,19 @@ public class Configuration implements Iterable<Map.Entry<String,String>>,
setQuietMode(other.getQuietMode()); setQuietMode(other.getQuietMode());
} }
/**
* Reload existing configuration instances.
*/
public static synchronized void reloadExistingConfigurations() {
if (LOG.isDebugEnabled()) {
LOG.debug("Reloading " + REGISTRY.keySet().size()
+ " existing configurations");
}
for (Configuration conf : REGISTRY.keySet()) {
conf.reloadConfiguration();
}
}
/** /**
* Add a default resource. Resources are loaded in the order of the resources * Add a default resource. Resources are loaded in the order of the resources
* added. * added.

View File

@ -20,6 +20,8 @@ package org.apache.hadoop.fs.adl;
import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.conf.Configuration.DeprecationDelta;
/** /**
* Constants. * Constants.
@ -28,25 +30,25 @@ import org.apache.hadoop.classification.InterfaceStability;
@InterfaceStability.Evolving @InterfaceStability.Evolving
public final class AdlConfKeys { public final class AdlConfKeys {
// OAuth2 Common Configuration // OAuth2 Common Configuration
public static final String AZURE_AD_REFRESH_URL_KEY = "dfs.adls.oauth2" public static final String AZURE_AD_REFRESH_URL_KEY =
+ ".refresh.url"; "fs.adl.oauth2.refresh.url";
// optional when provider type is refresh or client id. // optional when provider type is refresh or client id.
public static final String AZURE_AD_TOKEN_PROVIDER_CLASS_KEY = public static final String AZURE_AD_TOKEN_PROVIDER_CLASS_KEY =
"dfs.adls.oauth2.access.token.provider"; "fs.adl.oauth2.access.token.provider";
public static final String AZURE_AD_CLIENT_ID_KEY = public static final String AZURE_AD_CLIENT_ID_KEY =
"dfs.adls.oauth2.client.id"; "fs.adl.oauth2.client.id";
public static final String AZURE_AD_TOKEN_PROVIDER_TYPE_KEY = public static final String AZURE_AD_TOKEN_PROVIDER_TYPE_KEY =
"dfs.adls.oauth2.access.token.provider.type"; "fs.adl.oauth2.access.token.provider.type";
// OAuth Refresh Token Configuration // OAuth Refresh Token Configuration
public static final String AZURE_AD_REFRESH_TOKEN_KEY = public static final String AZURE_AD_REFRESH_TOKEN_KEY =
"dfs.adls.oauth2.refresh.token"; "fs.adl.oauth2.refresh.token";
public static final String TOKEN_PROVIDER_TYPE_REFRESH_TOKEN = "RefreshToken"; public static final String TOKEN_PROVIDER_TYPE_REFRESH_TOKEN = "RefreshToken";
// OAuth Client Cred Token Configuration // OAuth Client Cred Token Configuration
public static final String AZURE_AD_CLIENT_SECRET_KEY = public static final String AZURE_AD_CLIENT_SECRET_KEY =
"dfs.adls.oauth2.credential"; "fs.adl.oauth2.credential";
public static final String TOKEN_PROVIDER_TYPE_CLIENT_CRED = public static final String TOKEN_PROVIDER_TYPE_CLIENT_CRED =
"ClientCredential"; "ClientCredential";
@ -75,7 +77,7 @@ public final class AdlConfKeys {
static final int DEFAULT_WRITE_AHEAD_BUFFER_SIZE = 4 * 1024 * 1024; static final int DEFAULT_WRITE_AHEAD_BUFFER_SIZE = 4 * 1024 * 1024;
static final String LATENCY_TRACKER_KEY = static final String LATENCY_TRACKER_KEY =
"adl.dfs.enable.client.latency.tracker"; "adl.enable.client.latency.tracker";
static final boolean LATENCY_TRACKER_DEFAULT = true; static final boolean LATENCY_TRACKER_DEFAULT = true;
static final String ADL_EXPERIMENT_POSITIONAL_READ_KEY = static final String ADL_EXPERIMENT_POSITIONAL_READ_KEY =
@ -90,6 +92,26 @@ public final class AdlConfKeys {
"adl.feature.ownerandgroup.enableupn"; "adl.feature.ownerandgroup.enableupn";
static final boolean ADL_ENABLEUPN_FOR_OWNERGROUP_DEFAULT = false; static final boolean ADL_ENABLEUPN_FOR_OWNERGROUP_DEFAULT = false;
public static void addDeprecatedKeys() {
Configuration.addDeprecations(new DeprecationDelta[]{
new DeprecationDelta("dfs.adls.oauth2.access.token.provider.type",
AZURE_AD_TOKEN_PROVIDER_TYPE_KEY),
new DeprecationDelta("dfs.adls.oauth2.client.id",
AZURE_AD_CLIENT_ID_KEY),
new DeprecationDelta("dfs.adls.oauth2.refresh.token",
AZURE_AD_REFRESH_TOKEN_KEY),
new DeprecationDelta("dfs.adls.oauth2.refresh.url",
AZURE_AD_REFRESH_URL_KEY),
new DeprecationDelta("dfs.adls.oauth2.credential",
AZURE_AD_CLIENT_SECRET_KEY),
new DeprecationDelta("dfs.adls.oauth2.access.token.provider",
AZURE_AD_TOKEN_PROVIDER_CLASS_KEY),
new DeprecationDelta("adl.dfs.enable.client.latency.tracker",
LATENCY_TRACKER_KEY)
});
Configuration.reloadExistingConfigurations();
}
private AdlConfKeys() { private AdlConfKeys() {
} }
} }

View File

@ -88,6 +88,10 @@ public class AdlFileSystem extends FileSystem {
private AccessTokenProvider tokenProvider; private AccessTokenProvider tokenProvider;
private AzureADTokenProvider azureTokenProvider; private AzureADTokenProvider azureTokenProvider;
static {
AdlConfKeys.addDeprecatedKeys();
}
@Override @Override
public String getScheme() { public String getScheme() {
return SCHEME; return SCHEME;

View File

@ -83,7 +83,7 @@ Add the following properties to the cluster's `core-site.xml`
```xml ```xml
<property> <property>
<name>dfs.adls.oauth2.access.token.provider.type</name> <name>fs.adl.oauth2.access.token.provider.type</name>
<value>RefreshToken</value> <value>RefreshToken</value>
</property> </property>
``` ```
@ -95,12 +95,12 @@ service associated with the client id. See [*Active Directory Library For Java*]
```xml ```xml
<property> <property>
<name>dfs.adls.oauth2.client.id</name> <name>fs.adl.oauth2.client.id</name>
<value></value> <value></value>
</property> </property>
<property> <property>
<name>dfs.adls.oauth2.refresh.token</name> <name>fs.adl.oauth2.refresh.token</name>
<value></value> <value></value>
</property> </property>
``` ```
@ -133,22 +133,22 @@ Add the following properties to your `core-site.xml`
```xml ```xml
<property> <property>
<name>dfs.adls.oauth2.access.token.provider.type</name> <name>fs.adl.oauth2.access.token.provider.type</name>
<value>ClientCredential</value> <value>ClientCredential</value>
</property> </property>
<property> <property>
<name>dfs.adls.oauth2.refresh.url</name> <name>fs.adl.oauth2.refresh.url</name>
<value>TOKEN ENDPOINT FROM STEP 7 ABOVE</value> <value>TOKEN ENDPOINT FROM STEP 7 ABOVE</value>
</property> </property>
<property> <property>
<name>dfs.adls.oauth2.client.id</name> <name>fs.adl.oauth2.client.id</name>
<value>CLIENT ID FROM STEP 7 ABOVE</value> <value>CLIENT ID FROM STEP 7 ABOVE</value>
</property> </property>
<property> <property>
<name>dfs.adls.oauth2.credential</name> <name>fs.adl.oauth2.credential</name>
<value>PASSWORD FROM STEP 7 ABOVE</value> <value>PASSWORD FROM STEP 7 ABOVE</value>
</property> </property>
``` ```
@ -166,9 +166,9 @@ For additional reading on the credential provider API, see
##### Provisioning ##### Provisioning
```bash ```bash
hadoop credential create dfs.adls.oauth2.client.id -value 123 hadoop credential create fs.adl.oauth2.client.id -value 123
-provider localjceks://file/home/foo/adls.jceks -provider localjceks://file/home/foo/adls.jceks
hadoop credential create dfs.adls.oauth2.refresh.token -value 123 hadoop credential create fs.adl.oauth2.refresh.token -value 123
-provider localjceks://file/home/foo/adls.jceks -provider localjceks://file/home/foo/adls.jceks
``` ```
@ -176,7 +176,7 @@ hadoop credential create dfs.adls.oauth2.refresh.token -value 123
```xml ```xml
<property> <property>
<name>dfs.adls.oauth2.access.token.provider.type</name> <name>fs.adl.oauth2.access.token.provider.type</name>
<value>RefreshToken</value> <value>RefreshToken</value>
</property> </property>
<property> <property>
@ -190,7 +190,7 @@ hadoop credential create dfs.adls.oauth2.refresh.token -value 123
```bash ```bash
hadoop distcp hadoop distcp
[-D dfs.adls.oauth2.access.token.provider.type=RefreshToken [-D fs.adl.oauth2.access.token.provider.type=RefreshToken
-D hadoop.security.credential.provider.path=localjceks://file/home/user/adls.jceks] -D hadoop.security.credential.provider.path=localjceks://file/home/user/adls.jceks]
hdfs://<NameNode Hostname>:9001/user/foo/srcDir hdfs://<NameNode Hostname>:9001/user/foo/srcDir
adl://<Account Name>.azuredatalakestore.net/tgtDir/ adl://<Account Name>.azuredatalakestore.net/tgtDir/

View File

@ -46,6 +46,7 @@ import static org.junit.Assert.assertEquals;
import org.apache.hadoop.security.ProviderUtils; import org.apache.hadoop.security.ProviderUtils;
import org.apache.hadoop.security.alias.CredentialProvider; import org.apache.hadoop.security.alias.CredentialProvider;
import org.apache.hadoop.security.alias.CredentialProviderFactory; import org.apache.hadoop.security.alias.CredentialProviderFactory;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
@ -121,8 +122,8 @@ public class TestAzureADTokenProvider {
Assert.fail("Initialization should have failed due no token provider " Assert.fail("Initialization should have failed due no token provider "
+ "configuration"); + "configuration");
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
Assert.assertTrue( GenericTestUtils.assertExceptionContains(
e.getMessage().contains("dfs.adls.oauth2.access.token.provider")); AZURE_AD_TOKEN_PROVIDER_CLASS_KEY, e);
} }
conf.setClass(AZURE_AD_TOKEN_PROVIDER_CLASS_KEY, conf.setClass(AZURE_AD_TOKEN_PROVIDER_CLASS_KEY,
CustomMockTokenProvider.class, AzureADTokenProvider.class); CustomMockTokenProvider.class, AzureADTokenProvider.class);

View File

@ -18,6 +18,8 @@
package org.apache.hadoop.fs.adl; package org.apache.hadoop.fs.adl;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Test; import org.junit.Test;
@ -56,6 +58,11 @@ import static org.apache.hadoop.fs.adl.AdlConfKeys
.TOKEN_PROVIDER_TYPE_REFRESH_TOKEN; .TOKEN_PROVIDER_TYPE_REFRESH_TOKEN;
import static org.apache.hadoop.fs.adl.AdlConfKeys.WRITE_BUFFER_SIZE_KEY; import static org.apache.hadoop.fs.adl.AdlConfKeys.WRITE_BUFFER_SIZE_KEY;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
/** /**
* Validate configuration keys defined for adl storage file system instance. * Validate configuration keys defined for adl storage file system instance.
*/ */
@ -64,18 +71,18 @@ public class TestValidateConfiguration {
@Test @Test
public void validateConfigurationKeys() { public void validateConfigurationKeys() {
Assert Assert
.assertEquals("dfs.adls.oauth2.refresh.url", AZURE_AD_REFRESH_URL_KEY); .assertEquals("fs.adl.oauth2.refresh.url", AZURE_AD_REFRESH_URL_KEY);
Assert.assertEquals("dfs.adls.oauth2.access.token.provider", Assert.assertEquals("fs.adl.oauth2.access.token.provider",
AZURE_AD_TOKEN_PROVIDER_CLASS_KEY); AZURE_AD_TOKEN_PROVIDER_CLASS_KEY);
Assert.assertEquals("dfs.adls.oauth2.client.id", AZURE_AD_CLIENT_ID_KEY); Assert.assertEquals("fs.adl.oauth2.client.id", AZURE_AD_CLIENT_ID_KEY);
Assert.assertEquals("dfs.adls.oauth2.refresh.token", Assert.assertEquals("fs.adl.oauth2.refresh.token",
AZURE_AD_REFRESH_TOKEN_KEY); AZURE_AD_REFRESH_TOKEN_KEY);
Assert Assert
.assertEquals("dfs.adls.oauth2.credential", AZURE_AD_CLIENT_SECRET_KEY); .assertEquals("fs.adl.oauth2.credential", AZURE_AD_CLIENT_SECRET_KEY);
Assert.assertEquals("adl.debug.override.localuserasfileowner", Assert.assertEquals("adl.debug.override.localuserasfileowner",
ADL_DEBUG_OVERRIDE_LOCAL_USER_AS_OWNER); ADL_DEBUG_OVERRIDE_LOCAL_USER_AS_OWNER);
Assert.assertEquals("dfs.adls.oauth2.access.token.provider.type", Assert.assertEquals("fs.adl.oauth2.access.token.provider.type",
AZURE_AD_TOKEN_PROVIDER_TYPE_KEY); AZURE_AD_TOKEN_PROVIDER_TYPE_KEY);
Assert.assertEquals("adl.feature.client.cache.readahead", Assert.assertEquals("adl.feature.client.cache.readahead",
@ -88,7 +95,7 @@ public class TestValidateConfiguration {
Assert.assertEquals("ClientCredential", TOKEN_PROVIDER_TYPE_CLIENT_CRED); Assert.assertEquals("ClientCredential", TOKEN_PROVIDER_TYPE_CLIENT_CRED);
Assert.assertEquals("adl.dfs.enable.client.latency.tracker", Assert.assertEquals("adl.enable.client.latency.tracker",
LATENCY_TRACKER_KEY); LATENCY_TRACKER_KEY);
Assert.assertEquals(true, LATENCY_TRACKER_DEFAULT); Assert.assertEquals(true, LATENCY_TRACKER_DEFAULT);
@ -109,4 +116,66 @@ public class TestValidateConfiguration {
Assert.assertEquals(false, Assert.assertEquals(false,
ADL_ENABLEUPN_FOR_OWNERGROUP_DEFAULT); ADL_ENABLEUPN_FOR_OWNERGROUP_DEFAULT);
} }
@Test
public void testSetDeprecatedKeys() throws ClassNotFoundException {
Configuration conf = new Configuration(true);
setDeprecatedKeys(conf);
// Force AdlFileSystem static initialization to register deprecated keys.
Class.forName(AdlFileSystem.class.getName());
assertDeprecatedKeys(conf);
}
@Test
public void testLoadDeprecatedKeys()
throws IOException, ClassNotFoundException {
Configuration saveConf = new Configuration(false);
setDeprecatedKeys(saveConf);
final File testRootDir = GenericTestUtils.getTestDir();
File confXml = new File(testRootDir, "testLoadDeprecatedKeys.xml");
OutputStream out = new FileOutputStream(confXml);
saveConf.writeXml(out);
out.close();
Configuration conf = new Configuration(true);
conf.addResource(confXml.toURI().toURL());
// Trigger loading the configuration resources by getting any key.
conf.get("dummy.key");
// Force AdlFileSystem static initialization to register deprecated keys.
Class.forName(AdlFileSystem.class.getName());
assertDeprecatedKeys(conf);
}
private void setDeprecatedKeys(Configuration conf) {
conf.set("dfs.adls.oauth2.access.token.provider.type", "dummyType");
conf.set("dfs.adls.oauth2.client.id", "dummyClientId");
conf.set("dfs.adls.oauth2.refresh.token", "dummyRefreshToken");
conf.set("dfs.adls.oauth2.refresh.url", "dummyRefreshUrl");
conf.set("dfs.adls.oauth2.credential", "dummyCredential");
conf.set("dfs.adls.oauth2.access.token.provider", "dummyClass");
conf.set("adl.dfs.enable.client.latency.tracker", "dummyTracker");
}
private void assertDeprecatedKeys(Configuration conf) {
Assert.assertEquals("dummyType",
conf.get(AZURE_AD_TOKEN_PROVIDER_TYPE_KEY));
Assert.assertEquals("dummyClientId",
conf.get(AZURE_AD_CLIENT_ID_KEY));
Assert.assertEquals("dummyRefreshToken",
conf.get(AZURE_AD_REFRESH_TOKEN_KEY));
Assert.assertEquals("dummyRefreshUrl",
conf.get(AZURE_AD_REFRESH_URL_KEY));
Assert.assertEquals("dummyCredential",
conf.get(AZURE_AD_CLIENT_SECRET_KEY));
Assert.assertEquals("dummyClass",
conf.get(AZURE_AD_TOKEN_PROVIDER_CLASS_KEY));
Assert.assertEquals("dummyTracker",
conf.get(LATENCY_TRACKER_KEY));
}
} }