HDDS-1259. OzoneFS classpath separation is broken by the token validation. Contributed by Elek Marton.
Closes #604
This commit is contained in:
Elek, Márton
Xiaoyu Yao
parent
a7f5e742a6
commit
dc21655f2a
|
|
@ -30,6 +30,7 @@ import org.apache.hadoop.conf.Configuration;
|
|||
import org.apache.hadoop.hdds.client.ReplicationFactor;
|
||||
import org.apache.hadoop.hdds.client.ReplicationType;
|
||||
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
|
||||
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
|
||||
import org.apache.hadoop.io.Text;
|
||||
import org.apache.hadoop.ozone.OzoneConfigKeys;
|
||||
import org.apache.hadoop.ozone.client.ObjectStore;
|
||||
|
|
@ -60,7 +61,7 @@ public class OzoneClientAdapterImpl implements OzoneClientAdapter {
|
|||
private ReplicationType replicationType;
|
||||
private ReplicationFactor replicationFactor;
|
||||
private OzoneFSStorageStatistics storageStatistics;
|
||||
|
||||
private boolean securityEnabled;
|
||||
/**
|
||||
* Create new OzoneClientAdapter implementation.
|
||||
*
|
||||
|
|
@ -104,12 +105,24 @@ public class OzoneClientAdapterImpl implements OzoneClientAdapter {
|
|||
}
|
||||
|
||||
public OzoneClientAdapterImpl(String omHost, int omPort,
|
||||
OzoneConfiguration conf, String volumeStr, String bucketStr,
|
||||
Configuration hadoopConf, String volumeStr, String bucketStr,
|
||||
OzoneFSStorageStatistics storageStatistics) throws IOException {
|
||||
|
||||
ClassLoader contextClassLoader =
|
||||
Thread.currentThread().getContextClassLoader();
|
||||
Thread.currentThread().setContextClassLoader(null);
|
||||
OzoneConfiguration conf;
|
||||
if (hadoopConf instanceof OzoneConfiguration) {
|
||||
conf = (OzoneConfiguration) hadoopConf;
|
||||
} else {
|
||||
conf = new OzoneConfiguration(hadoopConf);
|
||||
}
|
||||
|
||||
SecurityConfig secConfig = new SecurityConfig(conf);
|
||||
|
||||
if (secConfig.isSecurityEnabled()) {
|
||||
this.securityEnabled = true;
|
||||
}
|
||||
|
||||
try {
|
||||
String replicationTypeConf =
|
||||
|
|
@ -276,10 +289,14 @@ public class OzoneClientAdapterImpl implements OzoneClientAdapter {
|
|||
@Override
|
||||
public Token<OzoneTokenIdentifier> getDelegationToken(String renewer)
|
||||
throws IOException {
|
||||
Token<OzoneTokenIdentifier> token =
|
||||
ozoneClient.getObjectStore().getDelegationToken(new Text(renewer));
|
||||
token.setKind(OzoneTokenIdentifier.KIND_NAME);
|
||||
return token;
|
||||
if (!securityEnabled) {
|
||||
return null;
|
||||
} else {
|
||||
Token<OzoneTokenIdentifier> token =
|
||||
ozoneClient.getObjectStore().getDelegationToken(new Text(renewer));
|
||||
token.setKind(OzoneTokenIdentifier.KIND_NAME);
|
||||
return token;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -48,8 +48,6 @@ import org.apache.hadoop.fs.Path;
|
|||
import org.apache.hadoop.fs.PathIsNotEmptyDirectoryException;
|
||||
import org.apache.hadoop.fs.GlobalStorageStatistics;
|
||||
import org.apache.hadoop.fs.permission.FsPermission;
|
||||
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
|
||||
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
|
||||
import org.apache.hadoop.security.UserGroupInformation;
|
||||
import org.apache.hadoop.security.token.Token;
|
||||
import org.apache.hadoop.util.Progressable;
|
||||
|
|
@ -87,7 +85,6 @@ public class OzoneFileSystem extends FileSystem {
|
|||
private Path workingDir;
|
||||
|
||||
private OzoneClientAdapter adapter;
|
||||
private boolean securityEnabled;
|
||||
|
||||
private OzoneFSStorageStatistics storageStatistics;
|
||||
|
||||
|
|
@ -174,19 +171,9 @@ public class OzoneFileSystem extends FileSystem {
|
|||
OzoneClientAdapterFactory.createAdapter(volumeStr, bucketStr);
|
||||
}
|
||||
} else {
|
||||
OzoneConfiguration ozoneConfiguration;
|
||||
if (conf instanceof OzoneConfiguration) {
|
||||
ozoneConfiguration = (OzoneConfiguration) conf;
|
||||
} else {
|
||||
ozoneConfiguration = new OzoneConfiguration(conf);
|
||||
}
|
||||
|
||||
SecurityConfig secConfig = new SecurityConfig(ozoneConfiguration);
|
||||
if (secConfig.isSecurityEnabled()) {
|
||||
this.securityEnabled = true;
|
||||
}
|
||||
this.adapter = new OzoneClientAdapterImpl(omHost,
|
||||
Integer.parseInt(omPort), ozoneConfiguration,
|
||||
Integer.parseInt(omPort), conf,
|
||||
volumeStr, bucketStr, storageStatistics);
|
||||
}
|
||||
|
||||
|
|
@ -701,8 +688,7 @@ public class OzoneFileSystem extends FileSystem {
|
|||
|
||||
@Override
|
||||
public Token<?> getDelegationToken(String renewer) throws IOException {
|
||||
return securityEnabled? adapter.getDelegationToken(renewer) :
|
||||
super.getDelegationToken(renewer);
|
||||
return adapter.getDelegationToken(renewer);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Reference in New Issue