Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-10776 Open up already widely-used APIs for delegation-token fetching & renewal to ecosystem projects. Contributed by Vinod Kumar Vavilapalli

This commit is contained in:
Steve Loughran 2016-11-24 17:51:49 +00:00
parent 36cc8dcdca
commit 2c2e77b3bb
9 changed files with 25 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileSystem.java
View File

@ -377,7 +377,8 @@ public abstract class FileSystem extends Configured implements Closeable {
* if the filesystem does not implement tokens * if the filesystem does not implement tokens
* @see SecurityUtil#buildDTServiceName(URI, int) * @see SecurityUtil#buildDTServiceName(URI, int)
*/ */
@InterfaceAudience.LimitedPrivate({ "HDFS", "MapReduce" }) @InterfaceAudience.Public
@InterfaceStability.Evolving
public String getCanonicalServiceName() { public String getCanonicalServiceName() {
return (getChildFileSystems() == null) return (getChildFileSystems() == null)
? SecurityUtil.buildDTServiceName(getUri(), getDefaultPort()) ? SecurityUtil.buildDTServiceName(getUri(), getDefaultPort())
@ -611,7 +612,8 @@ public abstract class FileSystem extends Configured implements Closeable {
* @return list of new delegation tokens * @return list of new delegation tokens
* @throws IOException * @throws IOException
*/ */
@InterfaceAudience.LimitedPrivate({ "HDFS", "MapReduce" }) @InterfaceAudience.Public
@InterfaceStability.Evolving
public Token<?>[] addDelegationTokens( public Token<?>[] addDelegationTokens(
final String renewer, Credentials credentials) throws IOException { final String renewer, Credentials credentials) throws IOException {
if (credentials == null) { if (credentials == null) {

2
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AccessControlException.java
View File

@ -23,7 +23,7 @@ import org.apache.hadoop.classification.InterfaceStability;
/** /**
* An exception class for access control related issues. * An exception class for access control related issues.
*/ */
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"}) @InterfaceAudience.Public
@InterfaceStability.Evolving @InterfaceStability.Evolving
public class AccessControlException public class AccessControlException
extends org.apache.hadoop.fs.permission.AccessControlException { extends org.apache.hadoop.fs.permission.AccessControlException {

4
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java
View File

@ -50,10 +50,10 @@ import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier; import org.apache.hadoop.security.token.TokenIdentifier;
/** /**
* A class that provides the facilities of reading and writing * A class that provides the facilities of reading and writing
* secret keys and Tokens. * secret keys and Tokens.
*/ */
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"}) @InterfaceAudience.Public
@InterfaceStability.Evolving @InterfaceStability.Evolving
public class Credentials implements Writable { public class Credentials implements Writable {
private static final Log LOG = LogFactory.getLog(Credentials.class); private static final Log LOG = LogFactory.getLog(Credentials.class);

10
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
View File

@ -58,14 +58,20 @@ import sun.net.util.IPAddressUtil;
import com.google.common.annotations.VisibleForTesting; import com.google.common.annotations.VisibleForTesting;
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"}) /**
* Security Utils.
*/
@InterfaceAudience.Public
@InterfaceStability.Evolving @InterfaceStability.Evolving
public class SecurityUtil { public final class SecurityUtil {
public static final Log LOG = LogFactory.getLog(SecurityUtil.class); public static final Log LOG = LogFactory.getLog(SecurityUtil.class);
public static final String HOSTNAME_PATTERN = "_HOST"; public static final String HOSTNAME_PATTERN = "_HOST";
public static final String FAILED_TO_GET_UGI_MSG_HEADER = public static final String FAILED_TO_GET_UGI_MSG_HEADER =
"Failed to obtain user group information:"; "Failed to obtain user group information:";
private SecurityUtil() {
}
// controls whether buildTokenService will use an ip or host/ip as given // controls whether buildTokenService will use an ip or host/ip as given
// by the user // by the user
@VisibleForTesting @VisibleForTesting

10
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
View File

@ -87,7 +87,7 @@ import org.slf4j.LoggerFactory;
* user's username and groups. It supports both the Windows, Unix and Kerberos * user's username and groups. It supports both the Windows, Unix and Kerberos
* login modules. * login modules.
*/ */
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce", "HBase", "Hive", "Oozie"}) @InterfaceAudience.Public
@InterfaceStability.Evolving @InterfaceStability.Evolving
public class UserGroupInformation { public class UserGroupInformation {
@VisibleForTesting @VisibleForTesting
@ -716,7 +716,7 @@ public class UserGroupInformation {
* *
* @param user The principal name to load from the ticket * @param user The principal name to load from the ticket
* cache * cache
* @param ticketCachePath the path to the ticket cache file * @param ticketCache the path to the ticket cache file
* *
* @throws IOException if the kerberos login fails * @throws IOException if the kerberos login fails
*/ */
@ -779,7 +779,7 @@ public class UserGroupInformation {
/** /**
* Create a UserGroupInformation from a Subject with Kerberos principal. * Create a UserGroupInformation from a Subject with Kerberos principal.
* *
* @param user The KerberosPrincipal to use in UGI * @param subject The KerberosPrincipal to use in UGI
* *
* @throws IOException * @throws IOException
* @throws KerberosAuthException if the kerberos login fails * @throws KerberosAuthException if the kerberos login fails
@ -838,7 +838,7 @@ public class UserGroupInformation {
/** /**
* Log in a user using the given subject * Log in a user using the given subject
* @parma subject the subject to use when logging in a user, or null to * @param subject the subject to use when logging in a user, or null to
* create a new subject. * create a new subject.
* @throws IOException if login fails * @throws IOException if login fails
*/ */
@ -1692,7 +1692,7 @@ public class UserGroupInformation {
} }
/** /**
* Get the group names for this user. {@ #getGroups(String)} is less * Get the group names for this user. {@link #getGroups()} is less
* expensive alternative when checking for a contained element. * expensive alternative when checking for a contained element.
* @return the list of users with the primary group first. If the command * @return the list of users with the primary group first. If the command
* fails, it returns an empty list. * fails, it returns an empty list.

2
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AuthorizationException.java
View File

@ -29,7 +29,7 @@ import org.apache.hadoop.security.AccessControlException;
* *
* This class <em>does not</em> provide the stack trace for security purposes. * This class <em>does not</em> provide the stack trace for security purposes.
*/ */
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce", "YARN"}) @InterfaceAudience.Public
@InterfaceStability.Evolving @InterfaceStability.Evolving
public class AuthorizationException extends AccessControlException { public class AuthorizationException extends AccessControlException {
private static final long serialVersionUID = 1L; private static final long serialVersionUID = 1L;

4
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/Token.java
View File

@ -472,10 +472,10 @@ public class Token<T extends TokenIdentifier> implements Writable {
* A trivial renewer for token kinds that aren't managed. Sub-classes need * A trivial renewer for token kinds that aren't managed. Sub-classes need
* to implement getKind for their token kind. * to implement getKind for their token kind.
*/ */
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"}) @InterfaceAudience.Public
@InterfaceStability.Evolving @InterfaceStability.Evolving
public static class TrivialRenewer extends TokenRenewer { public static class TrivialRenewer extends TokenRenewer {
// define the kind for this renewer // define the kind for this renewer
protected Text getKind() { protected Text getKind() {
return null; return null;

2
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java
View File

@ -34,7 +34,7 @@ import org.apache.hadoop.security.token.TokenIdentifier;
import com.google.common.annotations.VisibleForTesting; import com.google.common.annotations.VisibleForTesting;
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"}) @InterfaceAudience.Public
@InterfaceStability.Evolving @InterfaceStability.Evolving
public abstract class AbstractDelegationTokenIdentifier public abstract class AbstractDelegationTokenIdentifier
extends TokenIdentifier { extends TokenIdentifier {

2
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
View File

@ -44,7 +44,7 @@ import org.apache.hadoop.util.Time;
import com.google.common.base.Preconditions; import com.google.common.base.Preconditions;
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce", "Hive"}) @InterfaceAudience.Public
@InterfaceStability.Evolving @InterfaceStability.Evolving
public abstract public abstract
class AbstractDelegationTokenSecretManager<TokenIdent class AbstractDelegationTokenSecretManager<TokenIdent