From 611718f59fd2fc331f9d9de51525115a1e1a5d29 Mon Sep 17 00:00:00 2001 From: CR Hota Date: Mon, 29 Jul 2019 11:00:22 -0700 Subject: [PATCH] HDFS-14670: RBF: Create secret manager instance using FederationUtil#newInstance. --- .../federation/router/FederationUtil.java | 19 ++++++++++ .../security/RouterSecurityManager.java | 36 ++----------------- .../security/TestRouterSecurityManager.java | 23 ++++++++++++ 3 files changed, 44 insertions(+), 34 deletions(-) diff --git a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/FederationUtil.java b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/FederationUtil.java index 9065312bc63..0811531f2d3 100644 --- a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/FederationUtil.java +++ b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/FederationUtil.java @@ -28,11 +28,13 @@ import java.net.URLConnection; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.Path; import org.apache.hadoop.hdfs.protocol.HdfsFileStatus; +import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier; import org.apache.hadoop.hdfs.server.federation.resolver.ActiveNamenodeResolver; import org.apache.hadoop.hdfs.server.federation.resolver.FileSubclusterResolver; import org.apache.hadoop.hdfs.server.federation.store.StateStoreService; import org.apache.hadoop.hdfs.web.URLConnectionFactory; import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager; import org.apache.hadoop.util.VersionInfo; import org.codehaus.jettison.json.JSONArray; import org.codehaus.jettison.json.JSONException; @@ -203,6 +205,23 @@ public final class FederationUtil { return newInstance(conf, stateStore, StateStoreService.class, clazz); } + /** + * Creates an instance of DelegationTokenSecretManager from the + * configuration. + * + * @param conf Configuration that defines the token manager class. + * @return New delegation token secret manager. + */ + public static AbstractDelegationTokenSecretManager + newSecretManager(Configuration conf) { + Class clazz = + conf.getClass( + RBFConfigKeys.DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS, + RBFConfigKeys.DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS_DEFAULT, + AbstractDelegationTokenSecretManager.class); + return newInstance(conf, null, null, clazz); + } + /** * Check if the given path is the child of parent path. * @param path Path to be check. diff --git a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/security/RouterSecurityManager.java b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/security/RouterSecurityManager.java index c367ed81907..b512e5aff5f 100644 --- a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/security/RouterSecurityManager.java +++ b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/security/RouterSecurityManager.java @@ -22,7 +22,7 @@ import com.google.common.annotations.VisibleForTesting; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hdfs.DFSUtil; import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier; -import org.apache.hadoop.hdfs.server.federation.router.RBFConfigKeys; +import org.apache.hadoop.hdfs.server.federation.router.FederationUtil; import org.apache.hadoop.hdfs.server.federation.router.RouterRpcServer; import org.apache.hadoop.hdfs.server.federation.router.Router; import org.apache.hadoop.io.Text; @@ -39,7 +39,6 @@ import org.slf4j.LoggerFactory; import java.io.IOException; import java.net.InetSocketAddress; -import java.lang.reflect.Constructor; /** * Manager to hold underlying delegation token secret manager implementations. @@ -58,7 +57,7 @@ public class RouterSecurityManager { AuthenticationMethod authMethodToInit = AuthenticationMethod.KERBEROS; if (authMethodConfigured.equals(authMethodToInit)) { - this.dtSecretManager = newSecretManager(conf); + this.dtSecretManager = FederationUtil.newSecretManager(conf); } } @@ -68,37 +67,6 @@ public class RouterSecurityManager { this.dtSecretManager = dtSecretManager; } - /** - * Creates an instance of a SecretManager from the configuration. - * - * @param conf Configuration that defines the secret manager class. - * @return New secret manager. - */ - public static AbstractDelegationTokenSecretManager - newSecretManager(Configuration conf) { - Class clazz = - conf.getClass( - RBFConfigKeys.DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS, - RBFConfigKeys.DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS_DEFAULT, - AbstractDelegationTokenSecretManager.class); - AbstractDelegationTokenSecretManager secretManager; - try { - Constructor constructor = clazz.getConstructor(Configuration.class); - secretManager = (AbstractDelegationTokenSecretManager) - constructor.newInstance(conf); - LOG.info("Delegation token secret manager object instantiated"); - } catch (ReflectiveOperationException e) { - LOG.error("Could not instantiate: {}", clazz.getSimpleName(), - e.getCause()); - return null; - } catch (RuntimeException e) { - LOG.error("RuntimeException to instantiate: {}", - clazz.getSimpleName(), e); - return null; - } - return secretManager; - } - public AbstractDelegationTokenSecretManager getSecretManager() { return this.dtSecretManager; diff --git a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/hdfs/server/federation/security/TestRouterSecurityManager.java b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/hdfs/server/federation/security/TestRouterSecurityManager.java index cc8cd1bf648..7568f6e46f5 100644 --- a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/hdfs/server/federation/security/TestRouterSecurityManager.java +++ b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/hdfs/server/federation/security/TestRouterSecurityManager.java @@ -21,6 +21,7 @@ package org.apache.hadoop.hdfs.server.federation.security; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.Path; import org.apache.hadoop.fs.contract.router.RouterHDFSContract; +import org.apache.hadoop.hdfs.HdfsConfiguration; import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier; import org.apache.hadoop.hdfs.server.federation.RouterConfigBuilder; import org.apache.hadoop.hdfs.server.federation.router.security.RouterSecurityManager; @@ -35,10 +36,14 @@ import org.junit.rules.ExpectedException; import org.junit.BeforeClass; import org.junit.Rule; import org.junit.Test; + import static org.junit.Assert.assertTrue; +import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertEquals; import static org.apache.hadoop.fs.contract.router.SecurityConfUtil.initSecurity; +import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION; +import static org.apache.hadoop.hdfs.server.federation.router.RBFConfigKeys.DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS; import org.hamcrest.core.StringContains; import java.io.IOException; @@ -71,6 +76,24 @@ public class TestRouterSecurityManager { @Rule public ExpectedException exceptionRule = ExpectedException.none(); + @Test + public void testCreateSecretManagerUsingReflection() { + Configuration conf = new HdfsConfiguration(); + conf.set( + DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS, + MockDelegationTokenSecretManager.class.getName()); + conf.set(HADOOP_SECURITY_AUTHENTICATION, + UserGroupInformation.AuthenticationMethod.KERBEROS.name()); + RouterSecurityManager routerSecurityManager = + new RouterSecurityManager(conf); + AbstractDelegationTokenSecretManager + secretManager = routerSecurityManager.getSecretManager(); + assertNotNull(secretManager); + assertTrue(secretManager.isRunning()); + routerSecurityManager.stop(); + assertFalse(secretManager.isRunning()); + } + @Test public void testDelegationTokens() throws IOException { UserGroupInformation.reset();