HDFS-14670: RBF: Create secret manager instance using FederationUtil#newInstance.

This commit is contained in:
CR Hota 2019-07-29 11:00:22 -07:00 committed by Inigo Goiri
parent 60325c9611
commit 611718f59f
3 changed files with 44 additions and 34 deletions

View File

@ -28,11 +28,13 @@ import java.net.URLConnection;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path; import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.protocol.HdfsFileStatus; import org.apache.hadoop.hdfs.protocol.HdfsFileStatus;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.server.federation.resolver.ActiveNamenodeResolver; import org.apache.hadoop.hdfs.server.federation.resolver.ActiveNamenodeResolver;
import org.apache.hadoop.hdfs.server.federation.resolver.FileSubclusterResolver; import org.apache.hadoop.hdfs.server.federation.resolver.FileSubclusterResolver;
import org.apache.hadoop.hdfs.server.federation.store.StateStoreService; import org.apache.hadoop.hdfs.server.federation.store.StateStoreService;
import org.apache.hadoop.hdfs.web.URLConnectionFactory; import org.apache.hadoop.hdfs.web.URLConnectionFactory;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
import org.apache.hadoop.util.VersionInfo; import org.apache.hadoop.util.VersionInfo;
import org.codehaus.jettison.json.JSONArray; import org.codehaus.jettison.json.JSONArray;
import org.codehaus.jettison.json.JSONException; import org.codehaus.jettison.json.JSONException;
@ -203,6 +205,23 @@ public final class FederationUtil {
return newInstance(conf, stateStore, StateStoreService.class, clazz); return newInstance(conf, stateStore, StateStoreService.class, clazz);
} }
/**
* Creates an instance of DelegationTokenSecretManager from the
* configuration.
*
* @param conf Configuration that defines the token manager class.
* @return New delegation token secret manager.
*/
public static AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>
newSecretManager(Configuration conf) {
Class<? extends AbstractDelegationTokenSecretManager> clazz =
conf.getClass(
RBFConfigKeys.DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS,
RBFConfigKeys.DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS_DEFAULT,
AbstractDelegationTokenSecretManager.class);
return newInstance(conf, null, null, clazz);
}
/** /**
* Check if the given path is the child of parent path. * Check if the given path is the child of parent path.
* @param path Path to be check. * @param path Path to be check.

View File

@ -22,7 +22,7 @@ import com.google.common.annotations.VisibleForTesting;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdfs.DFSUtil; import org.apache.hadoop.hdfs.DFSUtil;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier; import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.server.federation.router.RBFConfigKeys; import org.apache.hadoop.hdfs.server.federation.router.FederationUtil;
import org.apache.hadoop.hdfs.server.federation.router.RouterRpcServer; import org.apache.hadoop.hdfs.server.federation.router.RouterRpcServer;
import org.apache.hadoop.hdfs.server.federation.router.Router; import org.apache.hadoop.hdfs.server.federation.router.Router;
import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Text;
@ -39,7 +39,6 @@ import org.slf4j.LoggerFactory;
import java.io.IOException; import java.io.IOException;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
import java.lang.reflect.Constructor;
/** /**
* Manager to hold underlying delegation token secret manager implementations. * Manager to hold underlying delegation token secret manager implementations.
@ -58,7 +57,7 @@ public class RouterSecurityManager {
AuthenticationMethod authMethodToInit = AuthenticationMethod authMethodToInit =
AuthenticationMethod.KERBEROS; AuthenticationMethod.KERBEROS;
if (authMethodConfigured.equals(authMethodToInit)) { if (authMethodConfigured.equals(authMethodToInit)) {
this.dtSecretManager = newSecretManager(conf); this.dtSecretManager = FederationUtil.newSecretManager(conf);
} }
} }
@ -68,37 +67,6 @@ public class RouterSecurityManager {
this.dtSecretManager = dtSecretManager; this.dtSecretManager = dtSecretManager;
} }
/**
* Creates an instance of a SecretManager from the configuration.
*
* @param conf Configuration that defines the secret manager class.
* @return New secret manager.
*/
public static AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>
newSecretManager(Configuration conf) {
Class<? extends AbstractDelegationTokenSecretManager> clazz =
conf.getClass(
RBFConfigKeys.DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS,
RBFConfigKeys.DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS_DEFAULT,
AbstractDelegationTokenSecretManager.class);
AbstractDelegationTokenSecretManager secretManager;
try {
Constructor constructor = clazz.getConstructor(Configuration.class);
secretManager = (AbstractDelegationTokenSecretManager)
constructor.newInstance(conf);
LOG.info("Delegation token secret manager object instantiated");
} catch (ReflectiveOperationException e) {
LOG.error("Could not instantiate: {}", clazz.getSimpleName(),
e.getCause());
return null;
} catch (RuntimeException e) {
LOG.error("RuntimeException to instantiate: {}",
clazz.getSimpleName(), e);
return null;
}
return secretManager;
}
public AbstractDelegationTokenSecretManager<DelegationTokenIdentifier> public AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>
getSecretManager() { getSecretManager() {
return this.dtSecretManager; return this.dtSecretManager;

View File

@ -21,6 +21,7 @@ package org.apache.hadoop.hdfs.server.federation.security;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path; import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.contract.router.RouterHDFSContract; import org.apache.hadoop.fs.contract.router.RouterHDFSContract;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier; import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.server.federation.RouterConfigBuilder; import org.apache.hadoop.hdfs.server.federation.RouterConfigBuilder;
import org.apache.hadoop.hdfs.server.federation.router.security.RouterSecurityManager; import org.apache.hadoop.hdfs.server.federation.router.security.RouterSecurityManager;
@ -35,10 +36,14 @@ import org.junit.rules.ExpectedException;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.apache.hadoop.fs.contract.router.SecurityConfUtil.initSecurity; import static org.apache.hadoop.fs.contract.router.SecurityConfUtil.initSecurity;
import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION;
import static org.apache.hadoop.hdfs.server.federation.router.RBFConfigKeys.DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS;
import org.hamcrest.core.StringContains; import org.hamcrest.core.StringContains;
import java.io.IOException; import java.io.IOException;
@ -71,6 +76,24 @@ public class TestRouterSecurityManager {
@Rule @Rule
public ExpectedException exceptionRule = ExpectedException.none(); public ExpectedException exceptionRule = ExpectedException.none();
@Test
public void testCreateSecretManagerUsingReflection() {
Configuration conf = new HdfsConfiguration();
conf.set(
DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS,
MockDelegationTokenSecretManager.class.getName());
conf.set(HADOOP_SECURITY_AUTHENTICATION,
UserGroupInformation.AuthenticationMethod.KERBEROS.name());
RouterSecurityManager routerSecurityManager =
new RouterSecurityManager(conf);
AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>
secretManager = routerSecurityManager.getSecretManager();
assertNotNull(secretManager);
assertTrue(secretManager.isRunning());
routerSecurityManager.stop();
assertFalse(secretManager.isRunning());
}
@Test @Test
public void testDelegationTokens() throws IOException { public void testDelegationTokens() throws IOException {
UserGroupInformation.reset(); UserGroupInformation.reset();