HDFS-14670: RBF: Create secret manager instance using FederationUtil#newInstance.
This commit is contained in:
parent
60325c9611
commit
611718f59f
|
@ -28,11 +28,13 @@ import java.net.URLConnection;
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
import org.apache.hadoop.fs.Path;
|
import org.apache.hadoop.fs.Path;
|
||||||
import org.apache.hadoop.hdfs.protocol.HdfsFileStatus;
|
import org.apache.hadoop.hdfs.protocol.HdfsFileStatus;
|
||||||
|
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
|
||||||
import org.apache.hadoop.hdfs.server.federation.resolver.ActiveNamenodeResolver;
|
import org.apache.hadoop.hdfs.server.federation.resolver.ActiveNamenodeResolver;
|
||||||
import org.apache.hadoop.hdfs.server.federation.resolver.FileSubclusterResolver;
|
import org.apache.hadoop.hdfs.server.federation.resolver.FileSubclusterResolver;
|
||||||
import org.apache.hadoop.hdfs.server.federation.store.StateStoreService;
|
import org.apache.hadoop.hdfs.server.federation.store.StateStoreService;
|
||||||
import org.apache.hadoop.hdfs.web.URLConnectionFactory;
|
import org.apache.hadoop.hdfs.web.URLConnectionFactory;
|
||||||
import org.apache.hadoop.security.UserGroupInformation;
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
|
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
|
||||||
import org.apache.hadoop.util.VersionInfo;
|
import org.apache.hadoop.util.VersionInfo;
|
||||||
import org.codehaus.jettison.json.JSONArray;
|
import org.codehaus.jettison.json.JSONArray;
|
||||||
import org.codehaus.jettison.json.JSONException;
|
import org.codehaus.jettison.json.JSONException;
|
||||||
|
@ -203,6 +205,23 @@ public final class FederationUtil {
|
||||||
return newInstance(conf, stateStore, StateStoreService.class, clazz);
|
return newInstance(conf, stateStore, StateStoreService.class, clazz);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates an instance of DelegationTokenSecretManager from the
|
||||||
|
* configuration.
|
||||||
|
*
|
||||||
|
* @param conf Configuration that defines the token manager class.
|
||||||
|
* @return New delegation token secret manager.
|
||||||
|
*/
|
||||||
|
public static AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>
|
||||||
|
newSecretManager(Configuration conf) {
|
||||||
|
Class<? extends AbstractDelegationTokenSecretManager> clazz =
|
||||||
|
conf.getClass(
|
||||||
|
RBFConfigKeys.DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS,
|
||||||
|
RBFConfigKeys.DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS_DEFAULT,
|
||||||
|
AbstractDelegationTokenSecretManager.class);
|
||||||
|
return newInstance(conf, null, null, clazz);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check if the given path is the child of parent path.
|
* Check if the given path is the child of parent path.
|
||||||
* @param path Path to be check.
|
* @param path Path to be check.
|
||||||
|
|
|
@ -22,7 +22,7 @@ import com.google.common.annotations.VisibleForTesting;
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
import org.apache.hadoop.hdfs.DFSUtil;
|
import org.apache.hadoop.hdfs.DFSUtil;
|
||||||
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
|
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
|
||||||
import org.apache.hadoop.hdfs.server.federation.router.RBFConfigKeys;
|
import org.apache.hadoop.hdfs.server.federation.router.FederationUtil;
|
||||||
import org.apache.hadoop.hdfs.server.federation.router.RouterRpcServer;
|
import org.apache.hadoop.hdfs.server.federation.router.RouterRpcServer;
|
||||||
import org.apache.hadoop.hdfs.server.federation.router.Router;
|
import org.apache.hadoop.hdfs.server.federation.router.Router;
|
||||||
import org.apache.hadoop.io.Text;
|
import org.apache.hadoop.io.Text;
|
||||||
|
@ -39,7 +39,6 @@ import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.net.InetSocketAddress;
|
import java.net.InetSocketAddress;
|
||||||
import java.lang.reflect.Constructor;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Manager to hold underlying delegation token secret manager implementations.
|
* Manager to hold underlying delegation token secret manager implementations.
|
||||||
|
@ -58,7 +57,7 @@ public class RouterSecurityManager {
|
||||||
AuthenticationMethod authMethodToInit =
|
AuthenticationMethod authMethodToInit =
|
||||||
AuthenticationMethod.KERBEROS;
|
AuthenticationMethod.KERBEROS;
|
||||||
if (authMethodConfigured.equals(authMethodToInit)) {
|
if (authMethodConfigured.equals(authMethodToInit)) {
|
||||||
this.dtSecretManager = newSecretManager(conf);
|
this.dtSecretManager = FederationUtil.newSecretManager(conf);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -68,37 +67,6 @@ public class RouterSecurityManager {
|
||||||
this.dtSecretManager = dtSecretManager;
|
this.dtSecretManager = dtSecretManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Creates an instance of a SecretManager from the configuration.
|
|
||||||
*
|
|
||||||
* @param conf Configuration that defines the secret manager class.
|
|
||||||
* @return New secret manager.
|
|
||||||
*/
|
|
||||||
public static AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>
|
|
||||||
newSecretManager(Configuration conf) {
|
|
||||||
Class<? extends AbstractDelegationTokenSecretManager> clazz =
|
|
||||||
conf.getClass(
|
|
||||||
RBFConfigKeys.DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS,
|
|
||||||
RBFConfigKeys.DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS_DEFAULT,
|
|
||||||
AbstractDelegationTokenSecretManager.class);
|
|
||||||
AbstractDelegationTokenSecretManager secretManager;
|
|
||||||
try {
|
|
||||||
Constructor constructor = clazz.getConstructor(Configuration.class);
|
|
||||||
secretManager = (AbstractDelegationTokenSecretManager)
|
|
||||||
constructor.newInstance(conf);
|
|
||||||
LOG.info("Delegation token secret manager object instantiated");
|
|
||||||
} catch (ReflectiveOperationException e) {
|
|
||||||
LOG.error("Could not instantiate: {}", clazz.getSimpleName(),
|
|
||||||
e.getCause());
|
|
||||||
return null;
|
|
||||||
} catch (RuntimeException e) {
|
|
||||||
LOG.error("RuntimeException to instantiate: {}",
|
|
||||||
clazz.getSimpleName(), e);
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
return secretManager;
|
|
||||||
}
|
|
||||||
|
|
||||||
public AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>
|
public AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>
|
||||||
getSecretManager() {
|
getSecretManager() {
|
||||||
return this.dtSecretManager;
|
return this.dtSecretManager;
|
||||||
|
|
|
@ -21,6 +21,7 @@ package org.apache.hadoop.hdfs.server.federation.security;
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
import org.apache.hadoop.fs.Path;
|
import org.apache.hadoop.fs.Path;
|
||||||
import org.apache.hadoop.fs.contract.router.RouterHDFSContract;
|
import org.apache.hadoop.fs.contract.router.RouterHDFSContract;
|
||||||
|
import org.apache.hadoop.hdfs.HdfsConfiguration;
|
||||||
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
|
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
|
||||||
import org.apache.hadoop.hdfs.server.federation.RouterConfigBuilder;
|
import org.apache.hadoop.hdfs.server.federation.RouterConfigBuilder;
|
||||||
import org.apache.hadoop.hdfs.server.federation.router.security.RouterSecurityManager;
|
import org.apache.hadoop.hdfs.server.federation.router.security.RouterSecurityManager;
|
||||||
|
@ -35,10 +36,14 @@ import org.junit.rules.ExpectedException;
|
||||||
import org.junit.BeforeClass;
|
import org.junit.BeforeClass;
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
import static org.junit.Assert.assertTrue;
|
import static org.junit.Assert.assertTrue;
|
||||||
|
import static org.junit.Assert.assertFalse;
|
||||||
import static org.junit.Assert.assertNotNull;
|
import static org.junit.Assert.assertNotNull;
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.apache.hadoop.fs.contract.router.SecurityConfUtil.initSecurity;
|
import static org.apache.hadoop.fs.contract.router.SecurityConfUtil.initSecurity;
|
||||||
|
import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION;
|
||||||
|
import static org.apache.hadoop.hdfs.server.federation.router.RBFConfigKeys.DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS;
|
||||||
|
|
||||||
import org.hamcrest.core.StringContains;
|
import org.hamcrest.core.StringContains;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
@ -71,6 +76,24 @@ public class TestRouterSecurityManager {
|
||||||
@Rule
|
@Rule
|
||||||
public ExpectedException exceptionRule = ExpectedException.none();
|
public ExpectedException exceptionRule = ExpectedException.none();
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testCreateSecretManagerUsingReflection() {
|
||||||
|
Configuration conf = new HdfsConfiguration();
|
||||||
|
conf.set(
|
||||||
|
DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS,
|
||||||
|
MockDelegationTokenSecretManager.class.getName());
|
||||||
|
conf.set(HADOOP_SECURITY_AUTHENTICATION,
|
||||||
|
UserGroupInformation.AuthenticationMethod.KERBEROS.name());
|
||||||
|
RouterSecurityManager routerSecurityManager =
|
||||||
|
new RouterSecurityManager(conf);
|
||||||
|
AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>
|
||||||
|
secretManager = routerSecurityManager.getSecretManager();
|
||||||
|
assertNotNull(secretManager);
|
||||||
|
assertTrue(secretManager.isRunning());
|
||||||
|
routerSecurityManager.stop();
|
||||||
|
assertFalse(secretManager.isRunning());
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testDelegationTokens() throws IOException {
|
public void testDelegationTokens() throws IOException {
|
||||||
UserGroupInformation.reset();
|
UserGroupInformation.reset();
|
||||||
|
|
Loading…
Reference in New Issue