From 503d8e4164ff3da29fcaf56436fe6fab6a450105 Mon Sep 17 00:00:00 2001 From: Brandon Li Date: Mon, 23 Mar 2015 10:06:47 -0700 Subject: [PATCH] HDFS-7942. NFS: support regexp grouping in nfs.exports.allowed.hosts. Contributed by Brandon Li (cherry picked from commit 36af4a913c97113bd0486c48e1cb864c5cba46fd) --- .../org/apache/hadoop/nfs/NfsExports.java | 2 +- .../org/apache/hadoop/nfs/TestNfsExports.java | 22 +++++++++++++++++-- hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt | 2 ++ .../src/site/markdown/HdfsNfsGateway.md | 8 ++++--- 4 files changed, 28 insertions(+), 6 deletions(-) diff --git a/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/nfs/NfsExports.java b/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/nfs/NfsExports.java index 8b6b46a7237..af965655ed3 100644 --- a/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/nfs/NfsExports.java +++ b/hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/nfs/NfsExports.java @@ -391,7 +391,7 @@ public class NfsExports { return new CIDRMatch(privilege, new SubnetUtils(pair[0], pair[1]).getInfo()); } else if (host.contains("*") || host.contains("?") || host.contains("[") - || host.contains("]")) { + || host.contains("]") || host.contains("(") || host.contains(")")) { if (LOG.isDebugEnabled()) { LOG.debug("Using Regex match for '" + host + "' and " + privilege); } diff --git a/hadoop-common-project/hadoop-nfs/src/test/java/org/apache/hadoop/nfs/TestNfsExports.java b/hadoop-common-project/hadoop-nfs/src/test/java/org/apache/hadoop/nfs/TestNfsExports.java index 349e82adbad..542975d1292 100644 --- a/hadoop-common-project/hadoop-nfs/src/test/java/org/apache/hadoop/nfs/TestNfsExports.java +++ b/hadoop-common-project/hadoop-nfs/src/test/java/org/apache/hadoop/nfs/TestNfsExports.java @@ -23,8 +23,8 @@ import org.junit.Test; public class TestNfsExports { - private final String address1 = "192.168.0.1"; - private final String address2 = "10.0.0.1"; + private final String address1 = "192.168.0.12"; + private final String address2 = "10.0.0.12"; private final String hostname1 = "a.b.com"; private final String hostname2 = "a.b.org"; @@ -164,6 +164,24 @@ public class TestNfsExports { matcher.getAccessPrivilege(address1, hostname2)); } + @Test + public void testRegexGrouping() { + NfsExports matcher = new NfsExports(CacheSize, ExpirationPeriod, + "192.168.0.(12|34)"); + Assert.assertEquals(AccessPrivilege.READ_ONLY, + matcher.getAccessPrivilege(address1, hostname1)); + // address1 will hit the cache + Assert.assertEquals(AccessPrivilege.READ_ONLY, + matcher.getAccessPrivilege(address1, hostname2)); + + matcher = new NfsExports(CacheSize, ExpirationPeriod, "\\w*.a.b.com"); + Assert.assertEquals(AccessPrivilege.READ_ONLY, + matcher.getAccessPrivilege("1.2.3.4", "web.a.b.com")); + // address "1.2.3.4" will hit the cache + Assert.assertEquals(AccessPrivilege.READ_ONLY, + matcher.getAccessPrivilege("1.2.3.4", "email.a.b.org")); + } + @Test public void testMultiMatchers() throws Exception { long shortExpirationPeriod = 1 * 1000 * 1000 * 1000; // 1s diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt index 61df4d86901..98ea2601b3e 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt +++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt @@ -929,6 +929,8 @@ Release 2.7.0 - UNRELEASED HDFS-6841. Use Time.monotonicNow() wherever applicable instead of Time.now() (Vinayakumar B via kihwal) + HDFS-7942. NFS: support regexp grouping in nfs.exports.allowed.hosts (brandonli) + BREAKDOWN OF HDFS-7584 SUBTASKS AND RELATED JIRAS HDFS-7720. Quota by Storage Type API, tools and ClientNameNode diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HdfsNfsGateway.md b/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HdfsNfsGateway.md index 84a41c16439..f1bd6960b37 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HdfsNfsGateway.md +++ b/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HdfsNfsGateway.md @@ -144,10 +144,12 @@ It's strongly recommended for the users to update a few configuration properties * By default, the export can be mounted by any client. To better control the access, users can update the following property. The value string contains machine name and access privilege, separated by whitespace - characters. The machine name format can be a single host, a Java regular expression, or an IPv4 address. The access + characters. The machine name format can be a single host, a "*", a Java regular expression, or an IPv4 address. The access privilege uses rw or ro to specify read/write or read-only access of the machines to exports. If the access privilege is not provided, the default is read-only. Entries are separated by ";". - For example: "192.168.0.0/22 rw ; host.\*\\.example\\.com ; host1.test.org ro;". Only the NFS gateway needs to restart after - this property is updated. + For example: "192.168.0.0/22 rw ; \\\\w\*\\\\.example\\\\.com ; host1.test.org ro;". Only the NFS gateway needs to restart after + this property is updated. Note that, here Java regular expression is differnt with the regrulation expression used in + Linux NFS export table, such as, using "\\\\w\*\\\\.example\\\\.com" instead of "\*.example.com", "192\\\\.168\\\\.0\\\\.(11|22)" + instead of "192.168.0.[11|22]" and so on. nfs.exports.allowed.hosts