HADOOP-12954. Add a way to change hadoop.security.token.service.use_ip (rkanter)

(cherry picked from commit 8cac1bb09f)
2016-03-28 10:36:59 -07:00 · 2016-03-28 10:36:59 -07:00 · 5a552973f4
parent d2f9adca88
commit 5a552973f4
2 changed files with 44 additions and 25 deletions
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
@ -73,16 +73,38 @@ public class SecurityUtil {
  @VisibleForTesting
  static HostResolver hostResolver;

+  private static boolean logSlowLookups;
+  private static int slowLookupThresholdMs;
+
  static {
-    Configuration conf = new Configuration();
+    setConfigurationInternal(new Configuration());
+  }
+
+  @InterfaceAudience.Public
+  @InterfaceStability.Evolving
+  public static void setConfiguration(Configuration conf) {
+    LOG.info("Updating Configuration");
+    setConfigurationInternal(conf);
+  }
+
+  private static void setConfigurationInternal(Configuration conf) {
    boolean useIp = conf.getBoolean(
        CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP,
        CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP_DEFAULT);
    setTokenServiceUseIp(useIp);
-  }

-  private static boolean logSlowLookups = getLogSlowLookupsEnabled();
-  private static int slowLookupThresholdMs = getSlowLookupThresholdMs();
+    logSlowLookups = conf.getBoolean(
+        CommonConfigurationKeys
+            .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_ENABLED_KEY,
+        CommonConfigurationKeys
+            .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_ENABLED_DEFAULT);
+
+    slowLookupThresholdMs = conf.getInt(
+        CommonConfigurationKeys
+            .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_THRESHOLD_MS_KEY,
+        CommonConfigurationKeys
+            .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_THRESHOLD_MS_DEFAULT);
+  }

  /**
   * For use only by tests and initialization
@ -90,6 +112,11 @@ public class SecurityUtil {
  @InterfaceAudience.Private
  @VisibleForTesting
  public static void setTokenServiceUseIp(boolean flag) {
+    if (LOG.isDebugEnabled()) {
+      LOG.debug("Setting "
+          + CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP
+          + " to " + flag);
+    }
    useIpForTokenService = flag;
    hostResolver = !useIpForTokenService
        ? new QualifiedHostResolver()
@ -485,24 +512,6 @@ public class SecurityUtil {
    }
  }

-  private static boolean getLogSlowLookupsEnabled() {
-    Configuration conf = new Configuration();
-
-    return conf.getBoolean(CommonConfigurationKeys
-            .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_ENABLED_KEY,
-        CommonConfigurationKeys
-            .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_ENABLED_DEFAULT);
-  }
-
-  private static int getSlowLookupThresholdMs() {
-    Configuration conf = new Configuration();
-
-    return conf.getInt(CommonConfigurationKeys
-            .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_THRESHOLD_MS_KEY,
-        CommonConfigurationKeys
-            .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_THRESHOLD_MS_DEFAULT);
-  }
-
  /**
   * Resolves a host subject to the security requirements determined by
   * hadoop.security.token.service.use_ip. Optionally logs slow resolutions.
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java
@ -28,6 +28,7 @@ import java.net.URI;
 import javax.security.auth.kerberos.KerberosPrincipal;

 import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.CommonConfigurationKeys;
 import org.apache.hadoop.io.Text;
 import org.apache.hadoop.net.NetUtils;
 import org.apache.hadoop.security.token.Token;
@ -144,7 +145,10 @@ public class TestSecurityUtil {

  @Test
  public void testBuildDTServiceName() {
-    SecurityUtil.setTokenServiceUseIp(true);
+    Configuration conf = new Configuration(false);
+    conf.setBoolean(
+        CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP, true);
+    SecurityUtil.setConfiguration(conf);
    assertEquals("127.0.0.1:123",
        SecurityUtil.buildDTServiceName(URI.create("test://LocalHost"), 123)
    );
@ -161,7 +165,10 @@ public class TestSecurityUtil {
  
  @Test
  public void testBuildTokenServiceSockAddr() {
-    SecurityUtil.setTokenServiceUseIp(true);
+    Configuration conf = new Configuration(false);
+    conf.setBoolean(
+        CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP, true);
+    SecurityUtil.setConfiguration(conf);
    assertEquals("127.0.0.1:123",
        SecurityUtil.buildTokenService(new InetSocketAddress("LocalHost", 123)).toString()
    );
@ -260,7 +267,10 @@ public class TestSecurityUtil {
  verifyTokenService(InetSocketAddress addr, String host, String ip, int port, boolean useIp) {
    //LOG.info("address:"+addr+" host:"+host+" ip:"+ip+" port:"+port);

-    SecurityUtil.setTokenServiceUseIp(useIp);
+    Configuration conf = new Configuration(false);
+    conf.setBoolean(
+        CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP, useIp);
+    SecurityUtil.setConfiguration(conf);
    String serviceHost = useIp ? ip : StringUtils.toLowerCase(host);
    
    Token<?> token = new Token<TokenIdentifier>();