HADOOP-14251. Credential provider should handle property key deprecation. Contributed by John Zhuge.

(cherry picked from commit 7e6463d2fb)

Conflicts:
	hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/conf/TestConfiguration.java
This commit is contained in:
John Zhuge 2017-08-23 12:16:04 -07:00
parent bc1c8f3e5a
commit 832b0b82e2
2 changed files with 128 additions and 4 deletions

View File

@ -290,18 +290,25 @@ public class Configuration implements Iterable<Map.Entry<String,String>>,
this.customMessage = customMessage; this.customMessage = customMessage;
} }
private final String getWarningMessage(String key) {
return getWarningMessage(key, null);
}
/** /**
* Method to provide the warning message. It gives the custom message if * Method to provide the warning message. It gives the custom message if
* non-null, and default message otherwise. * non-null, and default message otherwise.
* @param key the associated deprecated key. * @param key the associated deprecated key.
* @param source the property source.
* @return message that is to be logged when a deprecated key is used. * @return message that is to be logged when a deprecated key is used.
*/ */
private final String getWarningMessage(String key) { private String getWarningMessage(String key, String source) {
String warningMessage; String warningMessage;
if(customMessage == null) { if(customMessage == null) {
StringBuilder message = new StringBuilder(key); StringBuilder message = new StringBuilder(key);
String deprecatedKeySuffix = " is deprecated. Instead, use "; if (source != null) {
message.append(deprecatedKeySuffix); message.append(" in " + source);
}
message.append(" is deprecated. Instead, use ");
for (int i = 0; i < newKeys.length; i++) { for (int i = 0; i < newKeys.length; i++) {
message.append(newKeys[i]); message.append(newKeys[i]);
if(i != newKeys.length-1) { if(i != newKeys.length-1) {
@ -577,6 +584,14 @@ public class Configuration implements Iterable<Map.Entry<String,String>>,
return deprecationContext.get().getDeprecatedKeyMap().containsKey(key); return deprecationContext.get().getDeprecatedKeyMap().containsKey(key);
} }
private static String getDeprecatedKey(String key) {
return deprecationContext.get().getReverseDeprecatedKeyMap().get(key);
}
private static DeprecatedKeyInfo getDeprecatedKeyInfo(String key) {
return deprecationContext.get().getDeprecatedKeyMap().get(key);
}
/** /**
* Sets all deprecated properties that are not currently set but have a * Sets all deprecated properties that are not currently set but have a
* corresponding new property that is set. Useful for iterating the * corresponding new property that is set. Useful for iterating the
@ -1200,6 +1215,13 @@ public class Configuration implements Iterable<Map.Entry<String,String>>,
LOG_DEPRECATION.info(message); LOG_DEPRECATION.info(message);
} }
void logDeprecationOnce(String name, String source) {
DeprecatedKeyInfo keyInfo = getDeprecatedKeyInfo(name);
if (keyInfo != null && !keyInfo.getAndSetAccessed()) {
LOG_DEPRECATION.info(keyInfo.getWarningMessage(name, source));
}
}
/** /**
* Unset a previously set property. * Unset a previously set property.
*/ */
@ -1971,6 +1993,47 @@ public class Configuration implements Iterable<Map.Entry<String,String>>,
return pass; return pass;
} }
/**
* Get the credential entry by name from a credential provider.
*
* Handle key deprecation.
*
* @param provider a credential provider
* @param name alias of the credential
* @return the credential entry or null if not found
*/
private CredentialEntry getCredentialEntry(CredentialProvider provider,
String name) throws IOException {
CredentialEntry entry = provider.getCredentialEntry(name);
if (entry != null) {
return entry;
}
// The old name is stored in the credential provider.
String oldName = getDeprecatedKey(name);
if (oldName != null) {
entry = provider.getCredentialEntry(oldName);
if (entry != null) {
logDeprecationOnce(oldName, provider.toString());
return entry;
}
}
// The name is deprecated.
DeprecatedKeyInfo keyInfo = getDeprecatedKeyInfo(name);
if (keyInfo != null && keyInfo.newKeys != null) {
for (String newName : keyInfo.newKeys) {
entry = provider.getCredentialEntry(newName);
if (entry != null) {
logDeprecationOnce(name, null);
return entry;
}
}
}
return null;
}
/** /**
* Try and resolve the provided element name as a credential provider * Try and resolve the provided element name as a credential provider
* alias. * alias.
@ -1988,7 +2051,7 @@ public class Configuration implements Iterable<Map.Entry<String,String>>,
if (providers != null) { if (providers != null) {
for (CredentialProvider provider : providers) { for (CredentialProvider provider : providers) {
try { try {
CredentialEntry entry = provider.getCredentialEntry(name); CredentialEntry entry = getCredentialEntry(provider, name);
if (entry != null) { if (entry != null) {
pass = entry.getCredential(); pass = entry.getCredential();
break; break;

View File

@ -29,6 +29,7 @@ import java.io.OutputStreamWriter;
import java.io.StringWriter; import java.io.StringWriter;
import java.net.InetAddress; import java.net.InetAddress;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
import java.net.URI;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
@ -46,15 +47,21 @@ import static org.junit.Assert.assertArrayEquals;
import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration.IntegerRanges; import org.apache.hadoop.conf.Configuration.IntegerRanges;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic; import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.fs.Path; import org.apache.hadoop.fs.Path;
import org.apache.hadoop.io.IOUtils; import org.apache.hadoop.io.IOUtils;
import org.apache.hadoop.net.NetUtils; import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.alias.CredentialProvider;
import org.apache.hadoop.security.alias.CredentialProviderFactory;
import org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider;
import org.apache.hadoop.test.GenericTestUtils; import org.apache.hadoop.test.GenericTestUtils;
import static org.apache.hadoop.util.PlatformName.IBM_JAVA; import static org.apache.hadoop.util.PlatformName.IBM_JAVA;
import static org.junit.Assert.fail; import static org.junit.Assert.fail;
import org.codehaus.jackson.map.ObjectMapper; import org.codehaus.jackson.map.ObjectMapper;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
public class TestConfiguration extends TestCase { public class TestConfiguration extends TestCase {
@ -1576,6 +1583,60 @@ public class TestConfiguration extends TestCase {
+ classes.length, 0, classes.length); + classes.length, 0, classes.length);
} }
public void testGetPasswordDeprecatedKeyStored() throws Exception {
final String oldKey = "test.password.old.key";
final String newKey = "test.password.new.key";
final String password = "MyPasswordForDeprecatedKey";
final File tmpDir = GenericTestUtils.getRandomizedTestDir();
tmpDir.mkdirs();
final String ourUrl = new URI(LocalJavaKeyStoreProvider.SCHEME_NAME,
"file", new File(tmpDir, "test.jks").toString(), null).toString();
conf = new Configuration(false);
conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);
CredentialProvider provider =
CredentialProviderFactory.getProviders(conf).get(0);
provider.createCredentialEntry(oldKey, password.toCharArray());
provider.flush();
Configuration.addDeprecation(oldKey, newKey);
Assert.assertThat(conf.getPassword(newKey),
CoreMatchers.is(password.toCharArray()));
Assert.assertThat(conf.getPassword(oldKey),
CoreMatchers.is(password.toCharArray()));
FileUtil.fullyDelete(tmpDir);
}
public void testGetPasswordByDeprecatedKey() throws Exception {
final String oldKey = "test.password.old.key";
final String newKey = "test.password.new.key";
final String password = "MyPasswordForDeprecatedKey";
final File tmpDir = GenericTestUtils.getRandomizedTestDir();
tmpDir.mkdirs();
final String ourUrl = new URI(LocalJavaKeyStoreProvider.SCHEME_NAME,
"file", new File(tmpDir, "test.jks").toString(), null).toString();
conf = new Configuration(false);
conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);
CredentialProvider provider =
CredentialProviderFactory.getProviders(conf).get(0);
provider.createCredentialEntry(newKey, password.toCharArray());
provider.flush();
Configuration.addDeprecation(oldKey, newKey);
Assert.assertThat(conf.getPassword(newKey),
CoreMatchers.is(password.toCharArray()));
Assert.assertThat(conf.getPassword(oldKey),
CoreMatchers.is(password.toCharArray()));
FileUtil.fullyDelete(tmpDir);
}
public static void main(String[] argv) throws Exception { public static void main(String[] argv) throws Exception {
junit.textui.TestRunner.main(new String[]{ junit.textui.TestRunner.main(new String[]{
TestConfiguration.class.getName() TestConfiguration.class.getName()