From 1bd5b5cf7bacb75fb3d51bddd0a4f1141f4ae002 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B0=8F=E4=BF=9D?= Date: Wed, 24 Apr 2019 08:16:32 +0800 Subject: [PATCH] HBASE-22250 The same constants used in many places should be placed in constant classes Signed-off-by: stack --- .../hadoop/hbase/security/SecurityInfo.java | 10 ++--- .../hbase/security/SecurityConstants.java | 40 +++++++++++++++++++ .../IntegrationTestZKAndFSPermissions.java | 3 +- .../apache/hadoop/hbase/master/HMaster.java | 5 ++- .../hbase/regionserver/HRegionServer.java | 10 +++-- .../hbase/security/HBaseKerberosUtils.java | 6 +-- 6 files changed, 60 insertions(+), 14 deletions(-) create mode 100644 hbase-common/src/main/java/org/apache/hadoop/hbase/security/SecurityConstants.java diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/SecurityInfo.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/SecurityInfo.java index eb9d209be2f..d96b676a041 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/SecurityInfo.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/SecurityInfo.java @@ -38,17 +38,17 @@ public class SecurityInfo { // populate info for known services static { infos.put(AdminProtos.AdminService.getDescriptor().getName(), - new SecurityInfo("hbase.regionserver.kerberos.principal", + new SecurityInfo(SecurityConstants.REGIONSERVER_KRB_PRINCIPAL, Kind.HBASE_AUTH_TOKEN)); infos.put(ClientProtos.ClientService.getDescriptor().getName(), - new SecurityInfo("hbase.regionserver.kerberos.principal", + new SecurityInfo(SecurityConstants.REGIONSERVER_KRB_PRINCIPAL, Kind.HBASE_AUTH_TOKEN)); infos.put(MasterService.getDescriptor().getName(), - new SecurityInfo("hbase.master.kerberos.principal", Kind.HBASE_AUTH_TOKEN)); + new SecurityInfo(SecurityConstants.MASTER_KRB_PRINCIPAL, Kind.HBASE_AUTH_TOKEN)); infos.put(RegionServerStatusProtos.RegionServerStatusService.getDescriptor().getName(), - new SecurityInfo("hbase.master.kerberos.principal", Kind.HBASE_AUTH_TOKEN)); + new SecurityInfo(SecurityConstants.MASTER_KRB_PRINCIPAL, Kind.HBASE_AUTH_TOKEN)); infos.put(MasterProtos.HbckService.getDescriptor().getName(), - new SecurityInfo("hbase.master.kerberos.principal", Kind.HBASE_AUTH_TOKEN)); + new SecurityInfo(SecurityConstants.MASTER_KRB_PRINCIPAL, Kind.HBASE_AUTH_TOKEN)); // NOTE: IF ADDING A NEW SERVICE, BE SURE TO UPDATE HBasePolicyProvider ALSO ELSE // new Service will not be found when all is Kerberized!!!! } diff --git a/hbase-common/src/main/java/org/apache/hadoop/hbase/security/SecurityConstants.java b/hbase-common/src/main/java/org/apache/hadoop/hbase/security/SecurityConstants.java new file mode 100644 index 00000000000..b5540d80d2e --- /dev/null +++ b/hbase-common/src/main/java/org/apache/hadoop/hbase/security/SecurityConstants.java @@ -0,0 +1,40 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.hbase.security; + +import org.apache.yetus.audience.InterfaceAudience; + +/** + * SecurityConstants holds a bunch of kerberos-related constants + */ +@InterfaceAudience.Private +public final class SecurityConstants { + + /** + * Configuration keys for programmatic JAAS configuration for secured master + * and regionserver interaction + */ + public static final String MASTER_KRB_PRINCIPAL = "hbase.master.kerberos.principal"; + public static final String MASTER_KRB_KEYTAB_FILE = "hbase.master.keytab.file"; + public static final String REGIONSERVER_KRB_PRINCIPAL = "hbase.regionserver.kerberos.principal"; + public static final String REGIONSERVER_KRB_KEYTAB_FILE = "hbase.regionserver.keytab.file"; + + private SecurityConstants() { + // Can't be instantiated with this ctor. + } +} \ No newline at end of file diff --git a/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestZKAndFSPermissions.java b/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestZKAndFSPermissions.java index 08edd74bc1a..866f0173ce8 100644 --- a/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestZKAndFSPermissions.java +++ b/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestZKAndFSPermissions.java @@ -31,6 +31,7 @@ import org.apache.hadoop.fs.Path; import org.apache.hadoop.fs.permission.FsPermission; import org.apache.hadoop.hbase.HBaseConfiguration; import org.apache.hadoop.hbase.IntegrationTestingUtility; +import org.apache.hadoop.hbase.security.SecurityConstants; import org.apache.hadoop.hbase.testclassification.IntegrationTests; import org.apache.hadoop.hbase.util.AbstractHBaseTool; import org.apache.hadoop.hbase.util.FSUtils; @@ -104,7 +105,7 @@ public class IntegrationTestZKAndFSPermissions extends AbstractHBaseTool { @Override protected void processOptions(CommandLine cmd) { isForce = cmd.hasOption(FORCE_CHECK_ARG); - masterPrincipal = getShortUserName(conf.get("hbase.master.kerberos.principal")); + masterPrincipal = getShortUserName(conf.get(SecurityConstants.MASTER_KRB_PRINCIPAL)); superUser = cmd.getOptionValue(SUPERUSER_ARG, conf.get("hbase.superuser")); masterPrincipal = cmd.getOptionValue(PRINCIPAL_ARG, masterPrincipal); fsPerms = cmd.getOptionValue(FS_PERMS, "700"); diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java index f3fc9130d57..fc087fc2ab0 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java @@ -190,6 +190,7 @@ import org.apache.hadoop.hbase.replication.master.ReplicationHFileCleaner; import org.apache.hadoop.hbase.replication.master.ReplicationLogCleaner; import org.apache.hadoop.hbase.replication.master.ReplicationPeerConfigUpgrader; import org.apache.hadoop.hbase.security.AccessDeniedException; +import org.apache.hadoop.hbase.security.SecurityConstants; import org.apache.hadoop.hbase.security.UserProvider; import org.apache.hadoop.hbase.trace.TraceUtil; import org.apache.hadoop.hbase.util.Addressing; @@ -688,8 +689,8 @@ public class HMaster extends HRegionServer implements MasterServices { try { super.login(user, host); } catch (IOException ie) { - user.login("hbase.master.keytab.file", - "hbase.master.kerberos.principal", host); + user.login(SecurityConstants.MASTER_KRB_KEYTAB_FILE, + SecurityConstants.MASTER_KRB_PRINCIPAL, host); } } diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java index deb17ec1c18..4d2c37465b5 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java @@ -139,6 +139,7 @@ import org.apache.hadoop.hbase.regionserver.throttle.ThroughputController; import org.apache.hadoop.hbase.replication.regionserver.ReplicationLoad; import org.apache.hadoop.hbase.replication.regionserver.ReplicationSourceInterface; import org.apache.hadoop.hbase.replication.regionserver.ReplicationStatus; +import org.apache.hadoop.hbase.security.SecurityConstants; import org.apache.hadoop.hbase.security.Superusers; import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.security.UserProvider; @@ -529,6 +530,9 @@ public class HRegionServer extends HasThread implements private final boolean masterless; static final String MASTERLESS_CONFIG_NAME = "hbase.masterless"; + /**regionserver codec list **/ + public static final String REGIONSERVER_CODEC = "hbase.regionserver.codecs"; + /** * Starts a HRegionServer at the default location */ @@ -725,8 +729,8 @@ public class HRegionServer extends HasThread implements } protected void login(UserProvider user, String host) throws IOException { - user.login("hbase.regionserver.keytab.file", - "hbase.regionserver.kerberos.principal", host); + user.login(SecurityConstants.REGIONSERVER_KRB_KEYTAB_FILE, + SecurityConstants.REGIONSERVER_KRB_PRINCIPAL, host); } @@ -811,7 +815,7 @@ public class HRegionServer extends HasThread implements */ private static void checkCodecs(final Configuration c) throws IOException { // check to see if the codec list is available: - String [] codecs = c.getStrings("hbase.regionserver.codecs", (String[])null); + String [] codecs = c.getStrings(REGIONSERVER_CODEC, (String[])null); if (codecs == null) return; for (String codec : codecs) { if (!CompressionTest.testCompression(codec)) { diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/HBaseKerberosUtils.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/HBaseKerberosUtils.java index 67b5338db55..f80e5f48919 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/HBaseKerberosUtils.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/HBaseKerberosUtils.java @@ -40,9 +40,9 @@ import org.apache.hadoop.security.UserGroupInformation; public class HBaseKerberosUtils { private static final Logger LOG = LoggerFactory.getLogger(HBaseKerberosUtils.class); - public static final String KRB_PRINCIPAL = "hbase.regionserver.kerberos.principal"; - public static final String MASTER_KRB_PRINCIPAL = "hbase.master.kerberos.principal"; - public static final String KRB_KEYTAB_FILE = "hbase.regionserver.keytab.file"; + public static final String KRB_PRINCIPAL = SecurityConstants.REGIONSERVER_KRB_PRINCIPAL; + public static final String MASTER_KRB_PRINCIPAL = SecurityConstants.MASTER_KRB_PRINCIPAL; + public static final String KRB_KEYTAB_FILE = SecurityConstants.REGIONSERVER_KRB_KEYTAB_FILE; public static final String CLIENT_PRINCIPAL = AuthUtil.HBASE_CLIENT_KERBEROS_PRINCIPAL; public static final String CLIENT_KEYTAB = AuthUtil.HBASE_CLIENT_KEYTAB_FILE;