HADOOP-14251. Credential provider should handle property key deprecation. Contributed by John Zhuge.
(cherry picked from commit 7e6463d2fb
)
Conflicts:
hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/conf/TestConfiguration.java
This commit is contained in:
parent
bc1c8f3e5a
commit
832b0b82e2
|
@ -290,18 +290,25 @@ public class Configuration implements Iterable<Map.Entry<String,String>>,
|
||||||
this.customMessage = customMessage;
|
this.customMessage = customMessage;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private final String getWarningMessage(String key) {
|
||||||
|
return getWarningMessage(key, null);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Method to provide the warning message. It gives the custom message if
|
* Method to provide the warning message. It gives the custom message if
|
||||||
* non-null, and default message otherwise.
|
* non-null, and default message otherwise.
|
||||||
* @param key the associated deprecated key.
|
* @param key the associated deprecated key.
|
||||||
|
* @param source the property source.
|
||||||
* @return message that is to be logged when a deprecated key is used.
|
* @return message that is to be logged when a deprecated key is used.
|
||||||
*/
|
*/
|
||||||
private final String getWarningMessage(String key) {
|
private String getWarningMessage(String key, String source) {
|
||||||
String warningMessage;
|
String warningMessage;
|
||||||
if(customMessage == null) {
|
if(customMessage == null) {
|
||||||
StringBuilder message = new StringBuilder(key);
|
StringBuilder message = new StringBuilder(key);
|
||||||
String deprecatedKeySuffix = " is deprecated. Instead, use ";
|
if (source != null) {
|
||||||
message.append(deprecatedKeySuffix);
|
message.append(" in " + source);
|
||||||
|
}
|
||||||
|
message.append(" is deprecated. Instead, use ");
|
||||||
for (int i = 0; i < newKeys.length; i++) {
|
for (int i = 0; i < newKeys.length; i++) {
|
||||||
message.append(newKeys[i]);
|
message.append(newKeys[i]);
|
||||||
if(i != newKeys.length-1) {
|
if(i != newKeys.length-1) {
|
||||||
|
@ -577,6 +584,14 @@ public class Configuration implements Iterable<Map.Entry<String,String>>,
|
||||||
return deprecationContext.get().getDeprecatedKeyMap().containsKey(key);
|
return deprecationContext.get().getDeprecatedKeyMap().containsKey(key);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static String getDeprecatedKey(String key) {
|
||||||
|
return deprecationContext.get().getReverseDeprecatedKeyMap().get(key);
|
||||||
|
}
|
||||||
|
|
||||||
|
private static DeprecatedKeyInfo getDeprecatedKeyInfo(String key) {
|
||||||
|
return deprecationContext.get().getDeprecatedKeyMap().get(key);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sets all deprecated properties that are not currently set but have a
|
* Sets all deprecated properties that are not currently set but have a
|
||||||
* corresponding new property that is set. Useful for iterating the
|
* corresponding new property that is set. Useful for iterating the
|
||||||
|
@ -1200,6 +1215,13 @@ public class Configuration implements Iterable<Map.Entry<String,String>>,
|
||||||
LOG_DEPRECATION.info(message);
|
LOG_DEPRECATION.info(message);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void logDeprecationOnce(String name, String source) {
|
||||||
|
DeprecatedKeyInfo keyInfo = getDeprecatedKeyInfo(name);
|
||||||
|
if (keyInfo != null && !keyInfo.getAndSetAccessed()) {
|
||||||
|
LOG_DEPRECATION.info(keyInfo.getWarningMessage(name, source));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Unset a previously set property.
|
* Unset a previously set property.
|
||||||
*/
|
*/
|
||||||
|
@ -1971,6 +1993,47 @@ public class Configuration implements Iterable<Map.Entry<String,String>>,
|
||||||
return pass;
|
return pass;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the credential entry by name from a credential provider.
|
||||||
|
*
|
||||||
|
* Handle key deprecation.
|
||||||
|
*
|
||||||
|
* @param provider a credential provider
|
||||||
|
* @param name alias of the credential
|
||||||
|
* @return the credential entry or null if not found
|
||||||
|
*/
|
||||||
|
private CredentialEntry getCredentialEntry(CredentialProvider provider,
|
||||||
|
String name) throws IOException {
|
||||||
|
CredentialEntry entry = provider.getCredentialEntry(name);
|
||||||
|
if (entry != null) {
|
||||||
|
return entry;
|
||||||
|
}
|
||||||
|
|
||||||
|
// The old name is stored in the credential provider.
|
||||||
|
String oldName = getDeprecatedKey(name);
|
||||||
|
if (oldName != null) {
|
||||||
|
entry = provider.getCredentialEntry(oldName);
|
||||||
|
if (entry != null) {
|
||||||
|
logDeprecationOnce(oldName, provider.toString());
|
||||||
|
return entry;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// The name is deprecated.
|
||||||
|
DeprecatedKeyInfo keyInfo = getDeprecatedKeyInfo(name);
|
||||||
|
if (keyInfo != null && keyInfo.newKeys != null) {
|
||||||
|
for (String newName : keyInfo.newKeys) {
|
||||||
|
entry = provider.getCredentialEntry(newName);
|
||||||
|
if (entry != null) {
|
||||||
|
logDeprecationOnce(name, null);
|
||||||
|
return entry;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Try and resolve the provided element name as a credential provider
|
* Try and resolve the provided element name as a credential provider
|
||||||
* alias.
|
* alias.
|
||||||
|
@ -1988,7 +2051,7 @@ public class Configuration implements Iterable<Map.Entry<String,String>>,
|
||||||
if (providers != null) {
|
if (providers != null) {
|
||||||
for (CredentialProvider provider : providers) {
|
for (CredentialProvider provider : providers) {
|
||||||
try {
|
try {
|
||||||
CredentialEntry entry = provider.getCredentialEntry(name);
|
CredentialEntry entry = getCredentialEntry(provider, name);
|
||||||
if (entry != null) {
|
if (entry != null) {
|
||||||
pass = entry.getCredential();
|
pass = entry.getCredential();
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -29,6 +29,7 @@ import java.io.OutputStreamWriter;
|
||||||
import java.io.StringWriter;
|
import java.io.StringWriter;
|
||||||
import java.net.InetAddress;
|
import java.net.InetAddress;
|
||||||
import java.net.InetSocketAddress;
|
import java.net.InetSocketAddress;
|
||||||
|
import java.net.URI;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
@ -46,15 +47,21 @@ import static org.junit.Assert.assertArrayEquals;
|
||||||
import org.apache.commons.lang.StringUtils;
|
import org.apache.commons.lang.StringUtils;
|
||||||
import org.apache.hadoop.conf.Configuration.IntegerRanges;
|
import org.apache.hadoop.conf.Configuration.IntegerRanges;
|
||||||
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
|
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
|
||||||
|
import org.apache.hadoop.fs.FileUtil;
|
||||||
import org.apache.hadoop.fs.Path;
|
import org.apache.hadoop.fs.Path;
|
||||||
import org.apache.hadoop.io.IOUtils;
|
import org.apache.hadoop.io.IOUtils;
|
||||||
import org.apache.hadoop.net.NetUtils;
|
import org.apache.hadoop.net.NetUtils;
|
||||||
|
import org.apache.hadoop.security.alias.CredentialProvider;
|
||||||
|
import org.apache.hadoop.security.alias.CredentialProviderFactory;
|
||||||
|
import org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider;
|
||||||
import org.apache.hadoop.test.GenericTestUtils;
|
import org.apache.hadoop.test.GenericTestUtils;
|
||||||
|
|
||||||
import static org.apache.hadoop.util.PlatformName.IBM_JAVA;
|
import static org.apache.hadoop.util.PlatformName.IBM_JAVA;
|
||||||
import static org.junit.Assert.fail;
|
import static org.junit.Assert.fail;
|
||||||
|
|
||||||
import org.codehaus.jackson.map.ObjectMapper;
|
import org.codehaus.jackson.map.ObjectMapper;
|
||||||
|
import org.hamcrest.CoreMatchers;
|
||||||
|
import org.junit.Assert;
|
||||||
|
|
||||||
public class TestConfiguration extends TestCase {
|
public class TestConfiguration extends TestCase {
|
||||||
|
|
||||||
|
@ -1576,6 +1583,60 @@ public class TestConfiguration extends TestCase {
|
||||||
+ classes.length, 0, classes.length);
|
+ classes.length, 0, classes.length);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void testGetPasswordDeprecatedKeyStored() throws Exception {
|
||||||
|
final String oldKey = "test.password.old.key";
|
||||||
|
final String newKey = "test.password.new.key";
|
||||||
|
final String password = "MyPasswordForDeprecatedKey";
|
||||||
|
|
||||||
|
final File tmpDir = GenericTestUtils.getRandomizedTestDir();
|
||||||
|
tmpDir.mkdirs();
|
||||||
|
final String ourUrl = new URI(LocalJavaKeyStoreProvider.SCHEME_NAME,
|
||||||
|
"file", new File(tmpDir, "test.jks").toString(), null).toString();
|
||||||
|
|
||||||
|
conf = new Configuration(false);
|
||||||
|
conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);
|
||||||
|
CredentialProvider provider =
|
||||||
|
CredentialProviderFactory.getProviders(conf).get(0);
|
||||||
|
provider.createCredentialEntry(oldKey, password.toCharArray());
|
||||||
|
provider.flush();
|
||||||
|
|
||||||
|
Configuration.addDeprecation(oldKey, newKey);
|
||||||
|
|
||||||
|
Assert.assertThat(conf.getPassword(newKey),
|
||||||
|
CoreMatchers.is(password.toCharArray()));
|
||||||
|
Assert.assertThat(conf.getPassword(oldKey),
|
||||||
|
CoreMatchers.is(password.toCharArray()));
|
||||||
|
|
||||||
|
FileUtil.fullyDelete(tmpDir);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void testGetPasswordByDeprecatedKey() throws Exception {
|
||||||
|
final String oldKey = "test.password.old.key";
|
||||||
|
final String newKey = "test.password.new.key";
|
||||||
|
final String password = "MyPasswordForDeprecatedKey";
|
||||||
|
|
||||||
|
final File tmpDir = GenericTestUtils.getRandomizedTestDir();
|
||||||
|
tmpDir.mkdirs();
|
||||||
|
final String ourUrl = new URI(LocalJavaKeyStoreProvider.SCHEME_NAME,
|
||||||
|
"file", new File(tmpDir, "test.jks").toString(), null).toString();
|
||||||
|
|
||||||
|
conf = new Configuration(false);
|
||||||
|
conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);
|
||||||
|
CredentialProvider provider =
|
||||||
|
CredentialProviderFactory.getProviders(conf).get(0);
|
||||||
|
provider.createCredentialEntry(newKey, password.toCharArray());
|
||||||
|
provider.flush();
|
||||||
|
|
||||||
|
Configuration.addDeprecation(oldKey, newKey);
|
||||||
|
|
||||||
|
Assert.assertThat(conf.getPassword(newKey),
|
||||||
|
CoreMatchers.is(password.toCharArray()));
|
||||||
|
Assert.assertThat(conf.getPassword(oldKey),
|
||||||
|
CoreMatchers.is(password.toCharArray()));
|
||||||
|
|
||||||
|
FileUtil.fullyDelete(tmpDir);
|
||||||
|
}
|
||||||
|
|
||||||
public static void main(String[] argv) throws Exception {
|
public static void main(String[] argv) throws Exception {
|
||||||
junit.textui.TestRunner.main(new String[]{
|
junit.textui.TestRunner.main(new String[]{
|
||||||
TestConfiguration.class.getName()
|
TestConfiguration.class.getName()
|
||||||
|
|
Loading…
Reference in New Issue