From 2d05f1a749fc58e96558d728659d0bab5a582e13 Mon Sep 17 00:00:00 2001 From: Eli Collins Date: Mon, 2 Jul 2012 22:48:05 +0000 Subject: [PATCH] HADOOP-8463. hadoop.security.auth_to_local needs a key definition and doc. Contributed by Madhukara Phatak git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1356514 13f79535-47bb-0310-9956-ffa450edef68 --- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../org/apache/hadoop/fs/CommonConfigurationKeysPublic.java | 4 ++++ .../java/org/apache/hadoop/security/HadoopKerberosName.java | 4 ++-- .../hadoop-common/src/main/resources/core-default.xml | 6 ++++++ .../org/apache/hadoop/security/TestDoAsEffectiveUser.java | 3 ++- .../apache/hadoop/security/TestUserGroupInformation.java | 3 ++- .../hdfs/server/namenode/OfflineEditsViewerHelper.java | 3 ++- .../hdfs/server/namenode/ha/TestDelegationTokensWithHA.java | 3 ++- .../tools/offlineImageViewer/TestOfflineImageViewer.java | 4 +++- .../apache/hadoop/mapreduce/security/TestTokenCache.java | 4 ++-- 10 files changed, 28 insertions(+), 9 deletions(-) diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index debae44fd14..19d3dbfad99 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -57,6 +57,9 @@ Release 2.0.1-alpha - UNRELEASED HADOOP-3450. Add tests to Local Directory Allocator for asserting their URI-returning capability (Sho Shimauchi via harsh) + HADOOP-8463. hadoop.security.auth_to_local needs a key definition and doc. + (Madhukara Phatak via eli) + BUG FIXES HADOOP-8372. NetUtils.normalizeHostName() incorrectly handles hostname diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java index 67f3bc594c9..b431664086f 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java @@ -233,5 +233,9 @@ public class CommonConfigurationKeysPublic { /** See core-default.xml */ public static final String HADOOP_SECURITY_SERVICE_USER_NAME_KEY = "hadoop.security.service.user.name.key"; + /** See core-default.xml */ + public static final String HADOOP_SECURITY_AUTH_TO_LOCAL = + "hadoop.security.auth_to_local"; + } diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java index c5eb7dd420a..00ef5d7a357 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java @@ -25,7 +25,7 @@ import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.authentication.util.KerberosName; import org.apache.hadoop.security.authentication.util.KerberosUtil; - +import org.apache.hadoop.fs.CommonConfigurationKeysPublic; /** * This class implements parsing and handling of Kerberos principal names. In * particular, it splits them apart and translates them down into local @@ -63,7 +63,7 @@ public class HadoopKerberosName extends KerberosName { * @throws IOException */ public static void setConfiguration(Configuration conf) throws IOException { - String ruleString = conf.get("hadoop.security.auth_to_local", "DEFAULT"); + String ruleString = conf.get(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL, "DEFAULT"); setRules(ruleString); } diff --git a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml index 123a4a5aa79..754b2f6ebd6 100644 --- a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml +++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml @@ -250,6 +250,12 @@ + + hadoop.security.auth_to_local + + Maps kerberos principals to local user names + + io.file.buffer.size diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java index 121877bf58e..ee7bc29d1e8 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java @@ -44,6 +44,7 @@ import org.apache.hadoop.ipc.TestSaslRPC.TestTokenSecretManager; import org.apache.hadoop.ipc.TestSaslRPC.TestTokenIdentifier; import org.apache.hadoop.ipc.TestSaslRPC.TestTokenSelector; import org.apache.commons.logging.*; +import org.apache.hadoop.fs.CommonConfigurationKeysPublic; /** * @@ -66,7 +67,7 @@ public class TestDoAsEffectiveUser { static { - masterConf.set("hadoop.security.auth_to_local", + masterConf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL, "RULE:[2:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//" + "RULE:[1:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//" + "DEFAULT"); diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java index 45f3155a01e..cb6f889e8e2 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java @@ -40,6 +40,7 @@ import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod; import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.TokenIdentifier; import static org.apache.hadoop.test.MetricsAsserts.*; +import org.apache.hadoop.fs.CommonConfigurationKeysPublic; public class TestUserGroupInformation { final private static String USER_NAME = "user1@HADOOP.APACHE.ORG"; @@ -68,7 +69,7 @@ public class TestUserGroupInformation { @BeforeClass public static void setup() { Configuration conf = new Configuration(); - conf.set("hadoop.security.auth_to_local", + conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL, "RULE:[2:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//" + "RULE:[1:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//" + "DEFAULT"); diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/OfflineEditsViewerHelper.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/OfflineEditsViewerHelper.java index 392cc9dd913..9dc31c8cc1d 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/OfflineEditsViewerHelper.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/OfflineEditsViewerHelper.java @@ -46,6 +46,7 @@ import org.apache.hadoop.hdfs.server.common.Util; import org.apache.hadoop.hdfs.server.namenode.NNStorage.NameNodeDirType; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.token.Token; +import org.apache.hadoop.fs.CommonConfigurationKeysPublic; /** * OfflineEditsViewerHelper is a helper class for TestOfflineEditsViewer, @@ -106,7 +107,7 @@ public class OfflineEditsViewerHelper { // blocksize for concat (file size must be multiple of blocksize) config.setLong(DFSConfigKeys.DFS_BLOCK_SIZE_KEY, blockSize); // for security to work (fake JobTracker user) - config.set("hadoop.security.auth_to_local", + config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL, "RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//" + "DEFAULT"); config.setBoolean( DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true); diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/ha/TestDelegationTokensWithHA.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/ha/TestDelegationTokensWithHA.java index a69a0ce267b..fcb6a930178 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/ha/TestDelegationTokensWithHA.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/ha/TestDelegationTokensWithHA.java @@ -56,6 +56,7 @@ import org.junit.BeforeClass; import org.junit.Test; import com.google.common.base.Joiner; +import org.apache.hadoop.fs.CommonConfigurationKeysPublic; /** * Test case for client support of delegation tokens in an HA cluster. @@ -76,7 +77,7 @@ public class TestDelegationTokensWithHA { public static void setupCluster() throws Exception { conf.setBoolean( DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true); - conf.set("hadoop.security.auth_to_local", + conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL, "RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//" + "DEFAULT"); cluster = new MiniDFSCluster.Builder(conf) diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/tools/offlineImageViewer/TestOfflineImageViewer.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/tools/offlineImageViewer/TestOfflineImageViewer.java index 21b216d15d8..2a5b1b671de 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/tools/offlineImageViewer/TestOfflineImageViewer.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/tools/offlineImageViewer/TestOfflineImageViewer.java @@ -50,6 +50,8 @@ import org.apache.hadoop.hdfs.MiniDFSCluster; import org.apache.hadoop.hdfs.protocol.HdfsConstants.SafeModeAction; import org.apache.hadoop.hdfs.server.namenode.FSImageTestUtil; import org.apache.hadoop.hdfs.HdfsConfiguration; +import org.apache.hadoop.fs.CommonConfigurationKeysPublic; + /** * Test function of OfflineImageViewer by: @@ -96,7 +98,7 @@ public class TestOfflineImageViewer { conf.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_MAX_LIFETIME_KEY, 10000); conf.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_RENEW_INTERVAL_KEY, 5000); conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true); - conf.set("hadoop.security.auth_to_local", + conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL, "RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//" + "DEFAULT"); cluster = new MiniDFSCluster.Builder(conf).numDataNodes(4).build(); cluster.waitActive(); diff --git a/hadoop-mapreduce-project/src/test/mapred/org/apache/hadoop/mapreduce/security/TestTokenCache.java b/hadoop-mapreduce-project/src/test/mapred/org/apache/hadoop/mapreduce/security/TestTokenCache.java index 355f03fd0cd..3f9b26954ba 100644 --- a/hadoop-mapreduce-project/src/test/mapred/org/apache/hadoop/mapreduce/security/TestTokenCache.java +++ b/hadoop-mapreduce-project/src/test/mapred/org/apache/hadoop/mapreduce/security/TestTokenCache.java @@ -73,7 +73,7 @@ import org.junit.Test; import org.mockito.Mockito; import org.mockito.invocation.InvocationOnMock; import org.mockito.stubbing.Answer; - +import org.apache.hadoop.fs.CommonConfigurationKeysPublic; public class TestTokenCache { private static final int NUM_OF_KEYS = 10; @@ -157,7 +157,7 @@ public class TestTokenCache { public static void setUp() throws Exception { Configuration conf = new Configuration(); - conf.set("hadoop.security.auth_to_local", "RULE:[2:$1]"); + conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL, "RULE:[2:$1]"); dfsCluster = new MiniDFSCluster(conf, numSlaves, true, null); jConf = new JobConf(conf); mrCluster = new MiniMRCluster(0, 0, numSlaves,