HDFS-6386. HDFS Encryption Zones (clamb)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/fs-encryption@1603658 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Charles Lamb 2014-06-18 22:33:50 +00:00
parent c5b7236d9c
commit 6ef3a9e746
8 changed files with 719 additions and 45 deletions

View File

@ -10,6 +10,8 @@ fs-encryption (Unreleased)
IMPROVEMENTS IMPROVEMENTS
HDFS-6386. HDFS Encryption Zones (clamb)
HDFS-6473. Protocol and API for Encryption Zones (clamb) HDFS-6473. Protocol and API for Encryption Zones (clamb)
HDFS-6392. Wire crypto streams for encrypted files in HDFS-6392. Wire crypto streams for encrypted files in

View File

@ -2802,7 +2802,11 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory {
public List<EncryptionZone> listEncryptionZones() throws IOException { public List<EncryptionZone> listEncryptionZones() throws IOException {
checkOpen(); checkOpen();
return namenode.listEncryptionZones(); try {
return namenode.listEncryptionZones();
} catch (RemoteException re) {
throw re.unwrapRemoteException(AccessControlException.class);
}
} }
public void setXAttr(String src, String name, byte[] value, public void setXAttr(String src, String name, byte[] value,

View File

@ -162,6 +162,11 @@ public class HdfsConstants {
public static final String SEPARATOR_DOT_SNAPSHOT_DIR public static final String SEPARATOR_DOT_SNAPSHOT_DIR
= Path.SEPARATOR + DOT_SNAPSHOT_DIR; = Path.SEPARATOR + DOT_SNAPSHOT_DIR;
public static final String CRYPTO_XATTR_KEY_ID = "system.hdfs.crypto.key-id";
public static final String CRYPTO_XATTR_KEY_VERSION_ID =
"system.hdfs.crypto.key-version-id";
public static final String CRYPTO_XATTR_IV = "system.hdfs.crypto.iv";
public static final int CRYPTO_KEY_SIZE = 128;
/* Temporary until we stop hard-coding these values. */ /* Temporary until we stop hard-coding these values. */
public static final byte[] KEY = "0123456789012345".getBytes(); public static final byte[] KEY = "0123456789012345".getBytes();
public static final byte[] IV = "ABCDEFGJIJKLMNOP".getBytes(); public static final byte[] IV = "ABCDEFGJIJKLMNOP".getBytes();

View File

@ -1282,9 +1282,13 @@ public class ClientNamenodeProtocolTranslatorPB implements
@Override @Override
public void createEncryptionZone(String src, String keyId) public void createEncryptionZone(String src, String keyId)
throws IOException { throws IOException {
final CreateEncryptionZoneRequestProto req = final CreateEncryptionZoneRequestProto.Builder builder =
CreateEncryptionZoneRequestProto.newBuilder(). CreateEncryptionZoneRequestProto.newBuilder();
setSrc(src).setKeyId(keyId).build(); builder.setSrc(src);
if (keyId != null && !keyId.isEmpty()) {
builder.setKeyId(keyId);
}
CreateEncryptionZoneRequestProto req = builder.build();
try { try {
rpcProxy.createEncryptionZone(null, req); rpcProxy.createEncryptionZone(null, req);
} catch (ServiceException e) { } catch (ServiceException e) {

View File

@ -32,6 +32,7 @@ import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.apache.hadoop.HadoopIllegalArgumentException; import org.apache.hadoop.HadoopIllegalArgumentException;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.CryptoCodec;
import org.apache.hadoop.fs.ContentSummary; import org.apache.hadoop.fs.ContentSummary;
import org.apache.hadoop.fs.FileAlreadyExistsException; import org.apache.hadoop.fs.FileAlreadyExistsException;
import org.apache.hadoop.fs.Options; import org.apache.hadoop.fs.Options;
@ -50,6 +51,7 @@ import org.apache.hadoop.fs.permission.PermissionStatus;
import org.apache.hadoop.hdfs.DFSConfigKeys; import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.DFSUtil; import org.apache.hadoop.hdfs.DFSUtil;
import org.apache.hadoop.hdfs.DistributedFileSystem; import org.apache.hadoop.hdfs.DistributedFileSystem;
import org.apache.hadoop.hdfs.XAttrHelper;
import org.apache.hadoop.hdfs.protocol.AclException; import org.apache.hadoop.hdfs.protocol.AclException;
import org.apache.hadoop.hdfs.protocol.Block; import org.apache.hadoop.hdfs.protocol.Block;
import org.apache.hadoop.hdfs.protocol.ClientProtocol; import org.apache.hadoop.hdfs.protocol.ClientProtocol;
@ -84,6 +86,10 @@ import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions; import com.google.common.base.Preconditions;
import com.google.common.collect.Lists; import com.google.common.collect.Lists;
import static org.apache.hadoop.hdfs.protocol.HdfsConstants.CRYPTO_XATTR_KEY_ID;
import static org.apache.hadoop.hdfs.protocol.HdfsConstants.CRYPTO_XATTR_IV;
import static org.apache.hadoop.hdfs.protocol.HdfsConstants.CRYPTO_XATTR_KEY_VERSION_ID;
/************************************************* /*************************************************
* FSDirectory stores the filesystem directory state. * FSDirectory stores the filesystem directory state.
* It handles writing/loading values to disk, and logging * It handles writing/loading values to disk, and logging
@ -130,6 +136,7 @@ public class FSDirectory implements Closeable {
private final INodeMap inodeMap; // Synchronized by dirLock private final INodeMap inodeMap; // Synchronized by dirLock
private long yieldCount = 0; // keep track of lock yield count. private long yieldCount = 0; // keep track of lock yield count.
private final int inodeXAttrsLimit; //inode xattrs max limit private final int inodeXAttrsLimit; //inode xattrs max limit
private final CryptoCodec codec;
// lock to protect the directory and BlockMap // lock to protect the directory and BlockMap
private final ReentrantReadWriteLock dirLock; private final ReentrantReadWriteLock dirLock;
@ -198,6 +205,7 @@ public class FSDirectory implements Closeable {
this.inodeXAttrsLimit = conf.getInt( this.inodeXAttrsLimit = conf.getInt(
DFSConfigKeys.DFS_NAMENODE_MAX_XATTRS_PER_INODE_KEY, DFSConfigKeys.DFS_NAMENODE_MAX_XATTRS_PER_INODE_KEY,
DFSConfigKeys.DFS_NAMENODE_MAX_XATTRS_PER_INODE_DEFAULT); DFSConfigKeys.DFS_NAMENODE_MAX_XATTRS_PER_INODE_DEFAULT);
this.codec = CryptoCodec.getInstance(conf);
Preconditions.checkArgument(this.inodeXAttrsLimit >= 0, Preconditions.checkArgument(this.inodeXAttrsLimit >= 0,
"Cannot set a negative limit on the number of xattrs per inode (%s).", "Cannot set a negative limit on the number of xattrs per inode (%s).",
DFSConfigKeys.DFS_NAMENODE_MAX_XATTRS_PER_INODE_KEY); DFSConfigKeys.DFS_NAMENODE_MAX_XATTRS_PER_INODE_KEY);
@ -2662,6 +2670,44 @@ public class FSDirectory implements Closeable {
return xAttrs; return xAttrs;
} }
XAttr createEncryptionZone(String src, String keyId)
throws IOException {
writeLock();
try {
if (isNonEmptyDirectory(src)) {
throw new IOException(
"Attempt to create an encryption zone for a non-empty directory.");
}
final XAttr keyIdXAttr =
XAttrHelper.buildXAttr(CRYPTO_XATTR_KEY_ID, keyId.getBytes());
unprotectedSetXAttr(src, keyIdXAttr, EnumSet.of(XAttrSetFlag.CREATE));
return keyIdXAttr;
} finally {
writeUnlock();
}
}
XAttr deleteEncryptionZone(String src)
throws IOException {
writeLock();
try {
if (isNonEmptyDirectory(src)) {
throw new IOException(
"Attempt to delete an encryption zone for a non-empty directory.");
}
final XAttr keyIdXAttr =
XAttrHelper.buildXAttr(CRYPTO_XATTR_KEY_ID, null);
final XAttr removedXAttr = unprotectedRemoveXAttr(src, keyIdXAttr);
if (removedXAttr == null) {
throw new IOException(
src + " does not appear to be the root of an encryption zone");
}
return removedXAttr;
} finally {
writeUnlock();
}
}
void setXAttr(String src, XAttr xAttr, EnumSet<XAttrSetFlag> flag) void setXAttr(String src, XAttr xAttr, EnumSet<XAttrSetFlag> flag)
throws IOException { throws IOException {
writeLock(); writeLock();

View File

@ -83,12 +83,16 @@ import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_PERMISSIONS_SUPERUSERGROU
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_PERMISSIONS_SUPERUSERGROUP_KEY; import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_PERMISSIONS_SUPERUSERGROUP_KEY;
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_REPLICATION_DEFAULT; import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_REPLICATION_DEFAULT;
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_REPLICATION_KEY; import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_REPLICATION_KEY;
import static org.apache.hadoop.hdfs.protocol.HdfsConstants.CRYPTO_KEY_SIZE;
import static org.apache.hadoop.hdfs.protocol.HdfsConstants.CRYPTO_XATTR_IV;
import static org.apache.hadoop.hdfs.protocol.HdfsConstants.CRYPTO_XATTR_KEY_VERSION_ID;
import static org.apache.hadoop.util.Time.now; import static org.apache.hadoop.util.Time.now;
import java.io.*; import java.io.*;
import java.lang.management.ManagementFactory; import java.lang.management.ManagementFactory;
import java.net.InetAddress; import java.net.InetAddress;
import java.net.URI; import java.net.URI;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
@ -102,6 +106,7 @@ import java.util.LinkedHashSet;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import java.util.UUID;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantLock; import java.util.concurrent.locks.ReentrantLock;
import java.util.concurrent.locks.ReentrantReadWriteLock; import java.util.concurrent.locks.ReentrantReadWriteLock;
@ -116,6 +121,9 @@ import org.apache.commons.logging.impl.Log4JLogger;
import org.apache.hadoop.HadoopIllegalArgumentException; import org.apache.hadoop.HadoopIllegalArgumentException;
import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.crypto.key.KeyProvider.KeyVersion;
import org.apache.hadoop.crypto.key.KeyProviderFactory;
import org.apache.hadoop.fs.BatchedRemoteIterator.BatchedListEntries; import org.apache.hadoop.fs.BatchedRemoteIterator.BatchedListEntries;
import org.apache.hadoop.fs.CacheFlag; import org.apache.hadoop.fs.CacheFlag;
import org.apache.hadoop.fs.ContentSummary; import org.apache.hadoop.fs.ContentSummary;
@ -145,6 +153,7 @@ import org.apache.hadoop.hdfs.DFSUtil;
import org.apache.hadoop.hdfs.HAUtil; import org.apache.hadoop.hdfs.HAUtil;
import org.apache.hadoop.hdfs.HdfsConfiguration; import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.StorageType; import org.apache.hadoop.hdfs.StorageType;
import org.apache.hadoop.hdfs.XAttrHelper;
import org.apache.hadoop.hdfs.protocol.AclException; import org.apache.hadoop.hdfs.protocol.AclException;
import org.apache.hadoop.hdfs.protocol.AlreadyBeingCreatedException; import org.apache.hadoop.hdfs.protocol.AlreadyBeingCreatedException;
import org.apache.hadoop.hdfs.protocol.Block; import org.apache.hadoop.hdfs.protocol.Block;
@ -261,6 +270,7 @@ import org.mortbay.util.ajax.JSON;
import com.google.common.annotations.VisibleForTesting; import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Charsets; import com.google.common.base.Charsets;
import com.google.common.base.Joiner;
import com.google.common.base.Preconditions; import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists; import com.google.common.collect.Lists;
@ -515,6 +525,11 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
private final NNConf nnConf; private final NNConf nnConf;
private KeyProvider provider = null;
private KeyProvider.Options providerOptions = null;
private final Map<String, EncryptionZone> encryptionZones;
/** /**
* Set the last allocated inode id when fsimage or editlog is loaded. * Set the last allocated inode id when fsimage or editlog is loaded.
*/ */
@ -675,6 +690,8 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
*/ */
FSNamesystem(Configuration conf, FSImage fsImage, boolean ignoreRetryCache) FSNamesystem(Configuration conf, FSImage fsImage, boolean ignoreRetryCache)
throws IOException { throws IOException {
initializeKeyProvider(conf);
providerOptions = KeyProvider.options(conf);
if (conf.getBoolean(DFS_NAMENODE_AUDIT_LOG_ASYNC_KEY, if (conf.getBoolean(DFS_NAMENODE_AUDIT_LOG_ASYNC_KEY,
DFS_NAMENODE_AUDIT_LOG_ASYNC_DEFAULT)) { DFS_NAMENODE_AUDIT_LOG_ASYNC_DEFAULT)) {
LOG.info("Enabling async auditlog"); LOG.info("Enabling async auditlog");
@ -781,6 +798,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
auditLoggers.get(0) instanceof DefaultAuditLogger; auditLoggers.get(0) instanceof DefaultAuditLogger;
this.retryCache = ignoreRetryCache ? null : initRetryCache(conf); this.retryCache = ignoreRetryCache ? null : initRetryCache(conf);
this.nnConf = new NNConf(conf); this.nnConf = new NNConf(conf);
this.encryptionZones = new HashMap<String, EncryptionZone>();
} catch(IOException e) { } catch(IOException e) {
LOG.error(getClass().getSimpleName() + " initialization failed.", e); LOG.error(getClass().getSimpleName() + " initialization failed.", e);
close(); close();
@ -826,6 +844,42 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
} }
} }
private void initializeKeyProvider(final Configuration conf) {
try {
final List<KeyProvider> providers = KeyProviderFactory.getProviders(conf);
if (providers == null) {
return;
}
if (providers.size() == 0) {
LOG.info("No KeyProviders found.");
return;
}
if (providers.size() > 1) {
final String err =
"Multiple KeyProviders found. Only one is permitted.";
LOG.error(err);
throw new RuntimeException(err);
}
provider = providers.get(0);
if (provider.isTransient()) {
final String err =
"A KeyProvider was found but it is a transient provider.";
LOG.error(err);
throw new RuntimeException(err);
}
LOG.info("Found KeyProvider: " + provider.toString());
} catch (IOException e) {
LOG.error("Exception while initializing KeyProvider", e);
}
}
@VisibleForTesting
public KeyProvider getProvider() {
return provider;
}
@VisibleForTesting @VisibleForTesting
static RetryCache initRetryCache(Configuration conf) { static RetryCache initRetryCache(Configuration conf) {
boolean enable = conf.getBoolean(DFS_NAMENODE_ENABLE_RETRY_CACHE_KEY, boolean enable = conf.getBoolean(DFS_NAMENODE_ENABLE_RETRY_CACHE_KEY,
@ -8057,14 +8111,206 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
} }
} }
void createEncryptionZone(final String src, final String keyId) /**
throws IOException { * Create an encryption zone on directory src either using keyIdArg if
* supplied or generating a keyId if it's null.
*
* @param src the path of a directory which will be the root of the
* encryption zone. The directory must be empty.
*
* @param keyIdArg an optional keyId of a key in the configured
* KeyProvider. If this is null, then a a new key is generated.
*
* @throws AccessControlException if the caller is not the superuser.
*
* @throws UnresolvedLinkException if the path can't be resolved.
*
* @throws SafeModeException if the Namenode is in safe mode.
*/
void createEncryptionZone(final String src, String keyIdArg)
throws IOException, UnresolvedLinkException,
SafeModeException, AccessControlException {
final CacheEntry cacheEntry = RetryCache.waitForCompletion(retryCache);
if (cacheEntry != null && cacheEntry.isSuccess()) {
return; // Return previous response
}
boolean createdKey = false;
String keyId = keyIdArg;
boolean success = false;
try {
if (keyId == null || keyId.isEmpty()) {
keyId = createNewKey(src);
createdKey = true;
} else {
if (provider.getCurrentKey(keyId) == null) {
/*
* It would be nice if we threw something more specific than
* IOException when the key is not found, but the KeyProvider API
* doesn't provide for that. If that API is ever changed to throw
* something more specific (e.g. UnknownKeyException) then we can
* update this to match it, or better yet, just rethrow the
* KeyProvider's exception.
*/
throw new IOException("Key " + keyId + " doesn't exist.");
}
}
createEncryptionZoneInt(src, keyId, cacheEntry != null);
success = true;
} catch (AccessControlException e) {
logAuditEvent(false, "createEncryptionZone", src);
throw e;
} finally {
RetryCache.setState(cacheEntry, success);
if (!success && createdKey) {
/* Unwind key creation. */
provider.deleteKey(keyId);
}
}
} }
void deleteEncryptionZone(final String src) throws IOException { private void createEncryptionZoneInt(final String srcArg, String keyId,
final boolean logRetryCache) throws IOException {
String src = srcArg;
HdfsFileStatus resultingStat = null;
checkSuperuserPrivilege();
checkOperation(OperationCategory.WRITE);
final byte[][] pathComponents =
FSDirectory.getPathComponentsForReservedPath(src);
writeLock();
try {
checkSuperuserPrivilege();
checkOperation(OperationCategory.WRITE);
checkNameNodeSafeMode("Cannot create encryption zone on " + src);
src = FSDirectory.resolvePath(src, pathComponents, dir);
EncryptionZone ez = getEncryptionZoneForPath(src);
if (ez != null) {
throw new IOException("Directory " + src +
" is already in an encryption zone. (" + ez.getPath() + ")");
}
final XAttr keyIdXAttr = dir.createEncryptionZone(src, keyId);
getEditLog().logSetXAttr(src, keyIdXAttr, logRetryCache);
encryptionZones.put(src, new EncryptionZone(src, keyId));
resultingStat = getAuditFileInfo(src, false);
} finally {
writeUnlock();
}
getEditLog().logSync();
logAuditEvent(true, "createEncryptionZone", src, null, resultingStat);
}
private String createNewKey(String src)
throws IOException {
final String keyId = UUID.randomUUID().toString();
// TODO pass in hdfs://HOST:PORT (HDFS-6490)
providerOptions.setDescription(src);
providerOptions.setBitLength(CRYPTO_KEY_SIZE);
try {
provider.createKey(keyId, providerOptions);
} catch (NoSuchAlgorithmException e) {
throw new IOException(e);
}
return keyId;
}
/**
* Delete the encryption zone on directory src.
*
* @param src the path of a directory which is the root of the encryption
* zone. The directory must be empty and must be marked as an encryption
* zone.
*
* @throws AccessControlException if the caller is not the superuser.
*
* @throws UnresolvedLinkException if the path can't be resolved.
*
* @throws SafeModeException if the Namenode is in safe mode.
*/
void deleteEncryptionZone(final String src)
throws IOException, UnresolvedLinkException,
SafeModeException, AccessControlException {
final CacheEntry cacheEntry = RetryCache.waitForCompletion(retryCache);
if (cacheEntry != null && cacheEntry.isSuccess()) {
return; // Return previous response
}
boolean success = false;
try {
deleteEncryptionZoneInt(src, cacheEntry != null);
encryptionZones.remove(src);
success = true;
} catch (AccessControlException e) {
logAuditEvent(false, "deleteEncryptionZone", src);
throw e;
} finally {
RetryCache.setState(cacheEntry, success);
}
}
private void deleteEncryptionZoneInt(final String srcArg,
final boolean logRetryCache) throws IOException {
String src = srcArg;
HdfsFileStatus resultingStat = null;
checkSuperuserPrivilege();
checkOperation(OperationCategory.WRITE);
final byte[][] pathComponents =
FSDirectory.getPathComponentsForReservedPath(src);
writeLock();
try {
checkSuperuserPrivilege();
checkOperation(OperationCategory.WRITE);
checkNameNodeSafeMode("Cannot delete encryption zone on " + src);
src = FSDirectory.resolvePath(src, pathComponents, dir);
final EncryptionZone ez = encryptionZones.get(src);
if (ez == null) {
throw new IOException("Directory " + src +
" is not the root of an encryption zone.");
}
final XAttr removedXAttr = dir.deleteEncryptionZone(src);
if (removedXAttr != null) {
getEditLog().logRemoveXAttr(src, removedXAttr);
}
encryptionZones.remove(src);
resultingStat = getAuditFileInfo(src, false);
} finally {
writeUnlock();
}
getEditLog().logSync();
logAuditEvent(true, "deleteEncryptionZone", src, null, resultingStat);
} }
List<EncryptionZone> listEncryptionZones() throws IOException { List<EncryptionZone> listEncryptionZones() throws IOException {
boolean success = false;
checkSuperuserPrivilege();
checkOperation(OperationCategory.READ);
readLock();
try {
checkSuperuserPrivilege();
checkOperation(OperationCategory.READ);
final List<EncryptionZone> ret =
Lists.newArrayList(encryptionZones.values());
success = true;
return ret;
} finally {
readUnlock();
logAuditEvent(success, "listEncryptionZones", null);
}
}
/** Lookup the encryption zone of a path. */
private EncryptionZone getEncryptionZoneForPath(String src) {
final String[] components = INode.getPathNames(src);
for (int i = components.length; i > 0; i--) {
final List<String> l = Arrays.asList(Arrays.copyOfRange(components, 0, i));
String p = Joiner.on(Path.SEPARATOR).join(l);
final EncryptionZone ret = encryptionZones.get(p);
if (ret != null) {
return ret;
}
}
return null; return null;
} }

View File

@ -27,8 +27,6 @@ import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.HadoopIllegalArgumentException; import org.apache.hadoop.HadoopIllegalArgumentException;
import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.crypto.key.KeyProviderFactory;
import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Trash; import org.apache.hadoop.fs.Trash;
import org.apache.hadoop.ha.HAServiceProtocol.HAServiceState; import org.apache.hadoop.ha.HAServiceProtocol.HAServiceState;
@ -272,9 +270,6 @@ public class NameNode implements NameNodeStatusMXBean {
private NameNodeRpcServer rpcServer; private NameNodeRpcServer rpcServer;
/* The KeyProvider, if any. */
private KeyProvider provider = null;
private JvmPauseMonitor pauseMonitor; private JvmPauseMonitor pauseMonitor;
private ObjectName nameNodeStatusBeanName; private ObjectName nameNodeStatusBeanName;
/** /**
@ -586,7 +581,6 @@ public class NameNode implements NameNodeStatusMXBean {
startHttpServer(conf); startHttpServer(conf);
} }
loadNamesystem(conf); loadNamesystem(conf);
initializeKeyProvider(conf);
rpcServer = createRpcServer(conf); rpcServer = createRpcServer(conf);
if (clientNamenodeAddress == null) { if (clientNamenodeAddress == null) {
@ -705,37 +699,6 @@ public class NameNode implements NameNodeStatusMXBean {
} }
} }
private void initializeKeyProvider(final Configuration conf) {
try {
final List<KeyProvider> providers = KeyProviderFactory.getProviders(conf);
if (providers == null) {
return;
}
if (providers.size() == 0) {
LOG.info("No KeyProviders found.");
return;
}
if (providers.size() > 1) {
final String err =
"Multiple KeyProviders found. Only one is permitted.";
LOG.error(err);
throw new RuntimeException(err);
}
provider = providers.get(0);
if (provider.isTransient()) {
final String err =
"A KeyProvider was found but it is a transient provider.";
LOG.error(err);
throw new RuntimeException(err);
}
LOG.info("Found KeyProvider: " + provider.toString());
} catch (IOException e) {
LOG.error("Exception while initializing KeyProvider", e);
}
}
/** /**
* Start NameNode. * Start NameNode.
* <p> * <p>

View File

@ -0,0 +1,404 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.hadoop.hdfs;
import java.io.File;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedExceptionAction;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.key.JavaKeyStoreProvider;
import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.crypto.key.KeyProviderFactory;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.client.HdfsAdmin;
import org.apache.hadoop.hdfs.protocol.EncryptionZone;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import com.google.common.base.Preconditions;
import static org.junit.Assert.fail;
public class TestEncryptionZonesAPI {
private static final Path TEST_PATH = new Path("/test");
private static final Path TEST_PATH_WITH_CHILD = new Path(TEST_PATH, "foo");
private static final Path TEST_PATH_WITH_MULTIPLE_CHILDREN =
new Path(TEST_PATH_WITH_CHILD, "baz");
private static final String TEST_KEYID = "mykeyid";
private final Configuration conf = new Configuration();
private MiniDFSCluster cluster;
private static File tmpDir;
private FileSystem fs;
@Before
public void setUpCluster() throws IOException {
tmpDir = new File(System.getProperty("test.build.data", "target"),
UUID.randomUUID().toString()).getAbsoluteFile();
conf.set(KeyProviderFactory.KEY_PROVIDER_PATH,
JavaKeyStoreProvider.SCHEME_NAME + "://file" + tmpDir + "/test.jks");
cluster = new MiniDFSCluster.Builder(conf).numDataNodes(1).build();
fs = cluster.getFileSystem();
}
@After
public void shutDownCluster() {
if (cluster != null) {
cluster.shutdown();
}
}
/** Test failure of Create EZ on a directory that doesn't exist. */
@Test(timeout = 30000)
public void testCreateEncryptionZoneDirectoryDoesntExist() throws Exception {
final HdfsAdmin dfsAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
try {
dfsAdmin.createEncryptionZone(TEST_PATH, null);
fail("expected /test doesn't exist");
} catch (IOException e) {
GenericTestUtils.assertExceptionContains("cannot find", e);
}
}
/** Test failure of Create EZ on a directory which is already an EZ. */
@Test(timeout = 30000)
public void testCreateEncryptionZoneWhichAlreadyExists()
throws Exception {
final HdfsAdmin dfsAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
dfsAdmin.createEncryptionZone(TEST_PATH, null);
try {
dfsAdmin.createEncryptionZone(TEST_PATH, null);
} catch (IOException e) {
GenericTestUtils.assertExceptionContains("already in an encryption zone",
e);
}
}
/** Test success of Create EZ in which a key is created. */
@Test(timeout = 30000)
public void testCreateEncryptionZoneAndGenerateKeyDirectoryEmpty()
throws Exception {
final HdfsAdmin dfsAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
dfsAdmin.createEncryptionZone(TEST_PATH, null);
}
/** Test failure of Create EZ operation in an existing EZ. */
@Test(timeout = 30000)
public void testCreateEncryptionZoneInExistingEncryptionZone()
throws Exception {
final HdfsAdmin dfsAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
dfsAdmin.createEncryptionZone(TEST_PATH, null);
FileSystem.mkdirs(fs, TEST_PATH_WITH_CHILD,
new FsPermission((short) 0777));
try {
dfsAdmin.createEncryptionZone(TEST_PATH_WITH_CHILD, null);
fail("EZ in an EZ");
} catch (IOException e) {
GenericTestUtils.assertExceptionContains("already in an encryption zone", e);
}
}
/** Test failure of creating an EZ using a non-empty directory. */
@Test(timeout = 30000)
public void testCreateEncryptionZoneAndGenerateKeyDirectoryNotEmpty()
throws Exception {
final HdfsAdmin dfsAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
FileSystem.create(fs, new Path("/test/foo"),
new FsPermission((short) 0777));
try {
dfsAdmin.createEncryptionZone(TEST_PATH, null);
fail("expected key doesn't exist");
} catch (IOException e) {
GenericTestUtils.assertExceptionContains("create an encryption zone", e);
}
}
/** Test failure of creating an EZ passing a key that doesn't exist. */
@Test(timeout = 30000)
public void testCreateEncryptionZoneKeyDoesntExist() throws Exception {
final HdfsAdmin dfsAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
try {
dfsAdmin.createEncryptionZone(TEST_PATH, TEST_KEYID);
fail("expected key doesn't exist");
} catch (IOException e) {
GenericTestUtils.assertExceptionContains("doesn't exist.", e);
}
final List<EncryptionZone> zones = dfsAdmin.listEncryptionZones();
Preconditions.checkState(zones.size() == 0, "More than one zone found?");
}
/** Test success of creating an EZ when they key exists. */
@Test(timeout = 30000)
public void testCreateEncryptionZoneKeyExist() throws Exception {
final HdfsAdmin dfsAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
createAKey(TEST_KEYID);
dfsAdmin.createEncryptionZone(TEST_PATH, TEST_KEYID);
final List<EncryptionZone> zones = dfsAdmin.listEncryptionZones();
Preconditions.checkState(zones.size() == 1, "More than one zone found?");
final EncryptionZone ez = zones.get(0);
GenericTestUtils.assertMatches(ez.toString(),
"EncryptionZone \\[path=/test, keyId=");
}
/** Helper function to create a key in the Key Provider. */
private void createAKey(String keyId)
throws NoSuchAlgorithmException, IOException {
KeyProvider provider =
cluster.getNameNode().getNamesystem().getProvider();
final KeyProvider.Options options = KeyProvider.options(conf);
provider.createKey(keyId, options);
provider.flush();
}
/** Test failure of create/delete encryption zones as a non super user. */
@Test(timeout = 30000)
public void testCreateAndDeleteEncryptionZoneAsNonSuperUser()
throws Exception {
final HdfsAdmin dfsAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
final UserGroupInformation user = UserGroupInformation.
createUserForTesting("user", new String[] { "mygroup" });
FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0700));
user.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
final HdfsAdmin userAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
try {
userAdmin.createEncryptionZone(TEST_PATH, null);
fail("createEncryptionZone is superuser-only operation");
} catch (AccessControlException e) {
GenericTestUtils.assertExceptionContains(
"Superuser privilege is required", e);
}
return null;
}
});
dfsAdmin.createEncryptionZone(TEST_PATH, null);
user.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
final HdfsAdmin userAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
try {
userAdmin.deleteEncryptionZone(TEST_PATH);
fail("deleteEncryptionZone is superuser-only operation");
} catch (AccessControlException e) {
GenericTestUtils.assertExceptionContains(
"Superuser privilege is required", e);
}
return null;
}
});
}
/** Test failure of deleting an EZ passing a directory that doesn't exist. */
@Test(timeout = 30000)
public void testDeleteEncryptionZoneDirectoryDoesntExist() throws Exception {
final HdfsAdmin dfsAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
try {
dfsAdmin.deleteEncryptionZone(TEST_PATH);
fail("Directory doesn't exist");
} catch (IOException e) {
GenericTestUtils.assertExceptionContains(
"is not the root of an encryption zone", e);
}
}
/** Test failure of deleting an EZ which is not empty. */
@Test(timeout = 30000)
public void testDeleteEncryptionZoneAndGenerateKeyDirectoryNotEmpty()
throws Exception {
final HdfsAdmin dfsAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
dfsAdmin.createEncryptionZone(TEST_PATH, null);
FileSystem.create(fs, new Path("/test/foo"),
new FsPermission((short) 0777));
try {
dfsAdmin.deleteEncryptionZone(TEST_PATH);
fail("Directory not empty");
} catch (IOException e) {
GenericTestUtils.assertExceptionContains("non-empty directory", e);
}
}
/** Test success of deleting an EZ. */
@Test(timeout = 30000)
public void testDeleteEncryptionZone()
throws Exception {
final HdfsAdmin dfsAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
dfsAdmin.createEncryptionZone(TEST_PATH, null);
List<EncryptionZone> zones = dfsAdmin.listEncryptionZones();
Preconditions.checkState(zones.size() == 1, "More than one zone found?");
dfsAdmin.deleteEncryptionZone(TEST_PATH);
zones = dfsAdmin.listEncryptionZones();
Preconditions.checkState(zones.size() == 0, "More than one zone found?");
}
/**
* Test failure of deleting an EZ on a subdir that is not the root of an EZ.
*/
@Test(timeout = 30000)
public void testDeleteEncryptionZoneInExistingEncryptionZone()
throws Exception {
final HdfsAdmin dfsAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
dfsAdmin.createEncryptionZone(TEST_PATH, null);
FileSystem.mkdirs(fs, TEST_PATH_WITH_CHILD, new FsPermission((short) 0777));
try {
dfsAdmin.deleteEncryptionZone(TEST_PATH_WITH_CHILD);
fail("EZ in an EZ");
} catch (IOException e) {
GenericTestUtils.assertExceptionContains(
"is not the root of an encryption zone", e);
}
}
/**
* Test success of creating and deleting an encryption zone a few levels down.
*/
@Test(timeout = 30000)
public void testCreateAndDeleteEncryptionZoneDownAFewLevels()
throws Exception {
final HdfsAdmin dfsAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
dfsAdmin.createEncryptionZone(TEST_PATH, null);
FileSystem.mkdirs(fs, TEST_PATH_WITH_MULTIPLE_CHILDREN,
new FsPermission((short) 0777));
try {
dfsAdmin.deleteEncryptionZone(TEST_PATH_WITH_MULTIPLE_CHILDREN);
fail("EZ in an EZ");
} catch (IOException e) {
GenericTestUtils.assertExceptionContains(
"is not the root of an encryption zone", e);
}
final List<EncryptionZone> zones = dfsAdmin.listEncryptionZones();
Preconditions.checkState(zones.size() == 1, "More than one zone found?");
final EncryptionZone ez = zones.get(0);
GenericTestUtils.assertMatches(ez.toString(),
"EncryptionZone \\[path=/test, keyId=");
}
/** Test failure of creating an EZ using a non-empty directory. */
@Test(timeout = 30000)
public void testCreateFileInEncryptionZone() throws Exception {
final HdfsAdmin dfsAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
dfsAdmin.createEncryptionZone(TEST_PATH, null);
FileSystem.create(fs, TEST_PATH_WITH_CHILD, new FsPermission((short) 0777));
final List<EncryptionZone> zones = dfsAdmin.listEncryptionZones();
final EncryptionZone ez = zones.get(0);
GenericTestUtils.assertMatches(ez.toString(),
"EncryptionZone \\[path=/test, keyId=");
}
/** Test listing encryption zones. */
@Test(timeout = 30000)
public void testListEncryptionZones() throws Exception {
final HdfsAdmin dfsAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
final int N_EZs = 5;
final Set<String> ezPathNames = new HashSet<String>(N_EZs);
for (int i = 0; i < N_EZs; i++) {
final Path p = new Path(TEST_PATH, "" + i);
ezPathNames.add(p.toString());
FileSystem.mkdirs(fs, p, new FsPermission((short) 0777));
dfsAdmin.createEncryptionZone(p, null);
}
final List<EncryptionZone> zones = dfsAdmin.listEncryptionZones();
Preconditions.checkState(zones.size() == N_EZs, "wrong number of EZs returned");
for (EncryptionZone z : zones) {
final String ezPathName = z.getPath();
Preconditions.checkState(ezPathNames.remove(
ezPathName), "Path " + ezPathName + " not returned from listEZ");
}
Preconditions.checkState(ezPathNames.size() == 0);
}
/** Test listing encryption zones as a non super user. */
@Test(timeout = 30000)
public void testListEncryptionZonesAsNonSuperUser() throws Exception {
final HdfsAdmin dfsAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
final UserGroupInformation user = UserGroupInformation.
createUserForTesting("user", new String[] {"mygroup"});
final Path TEST_PATH_SUPERUSER_ONLY = new Path(TEST_PATH, "superuseronly");
final Path TEST_PATH_ALL = new Path(TEST_PATH, "accessall");
FileSystem.mkdirs(fs, TEST_PATH_SUPERUSER_ONLY,
new FsPermission((short) 0700));
dfsAdmin.createEncryptionZone(TEST_PATH_SUPERUSER_ONLY, null);
FileSystem.mkdirs(fs, TEST_PATH_ALL,
new FsPermission((short) 0707));
dfsAdmin.createEncryptionZone(TEST_PATH_ALL, null);
user.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
final HdfsAdmin userAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
try {
final List<EncryptionZone> zones = userAdmin.listEncryptionZones();
} catch (AccessControlException e) {
GenericTestUtils.assertExceptionContains(
"Superuser privilege is required", e);
}
return null;
}
});
}
}