HADOOP-14802. Add support for using container saskeys for all accesses.
Contributed by Sivaguru Sankaridurg
This commit is contained in:
parent
1f6dc4ee9a
commit
021974f4cb
@ -1380,7 +1380,15 @@
|
|||||||
This flag is relevant only when fs.azure.authorization is enabled.
|
This flag is relevant only when fs.azure.authorization is enabled.
|
||||||
</description>
|
</description>
|
||||||
</property>
|
</property>
|
||||||
|
<property>
|
||||||
|
<name>fs.azure.saskey.usecontainersaskeyforallaccess</name>
|
||||||
|
<value>true</value>
|
||||||
|
<description>
|
||||||
|
Use container saskey for access to all blobs within the container.
|
||||||
|
Blob-specific saskeys are not used when this setting is enabled.
|
||||||
|
This setting provides better performance compared to blob-specific saskeys.
|
||||||
|
</description>
|
||||||
|
</property>
|
||||||
<property>
|
<property>
|
||||||
<name>io.seqfile.compress.blocksize</name>
|
<name>io.seqfile.compress.blocksize</name>
|
||||||
<value>1000000</value>
|
<value>1000000</value>
|
||||||
|
@ -123,6 +123,7 @@ public void initializeMemberVariables() {
|
|||||||
xmlPropsToSkipCompare.add("fs.azure.secure.mode");
|
xmlPropsToSkipCompare.add("fs.azure.secure.mode");
|
||||||
xmlPropsToSkipCompare.add("fs.azure.authorization");
|
xmlPropsToSkipCompare.add("fs.azure.authorization");
|
||||||
xmlPropsToSkipCompare.add("fs.azure.authorization.caching.enable");
|
xmlPropsToSkipCompare.add("fs.azure.authorization.caching.enable");
|
||||||
|
xmlPropsToSkipCompare.add("fs.azure.saskey.usecontainersaskeyforallaccess");
|
||||||
xmlPropsToSkipCompare.add("fs.azure.user.agent.prefix");
|
xmlPropsToSkipCompare.add("fs.azure.user.agent.prefix");
|
||||||
|
|
||||||
// Deprecated properties. These should eventually be removed from the
|
// Deprecated properties. These should eventually be removed from the
|
||||||
|
@ -71,6 +71,13 @@ public class SecureStorageInterfaceImpl extends StorageInterface {
|
|||||||
private String storageAccount;
|
private String storageAccount;
|
||||||
private RetryPolicyFactory retryPolicy;
|
private RetryPolicyFactory retryPolicy;
|
||||||
private int timeoutIntervalInMs;
|
private int timeoutIntervalInMs;
|
||||||
|
private boolean useContainerSasKeyForAllAccess;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Configuration key to specify if containerSasKey should be used for all accesses
|
||||||
|
*/
|
||||||
|
public static final String KEY_USE_CONTAINER_SASKEY_FOR_ALL_ACCESS =
|
||||||
|
"fs.azure.saskey.usecontainersaskeyforallaccess";
|
||||||
|
|
||||||
public SecureStorageInterfaceImpl(boolean useLocalSASKeyMode,
|
public SecureStorageInterfaceImpl(boolean useLocalSASKeyMode,
|
||||||
Configuration conf) throws SecureModeException {
|
Configuration conf) throws SecureModeException {
|
||||||
@ -88,6 +95,7 @@ public SecureStorageInterfaceImpl(boolean useLocalSASKeyMode,
|
|||||||
}
|
}
|
||||||
this.sasKeyGenerator = remoteSasKeyGenerator;
|
this.sasKeyGenerator = remoteSasKeyGenerator;
|
||||||
}
|
}
|
||||||
|
this.useContainerSasKeyForAllAccess = conf.getBoolean(KEY_USE_CONTAINER_SASKEY_FOR_ALL_ACCESS, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -145,7 +153,9 @@ public CloudBlobContainerWrapper getContainerReference(String name)
|
|||||||
if (timeoutIntervalInMs > 0) {
|
if (timeoutIntervalInMs > 0) {
|
||||||
container.getServiceClient().getDefaultRequestOptions().setTimeoutIntervalInMs(timeoutIntervalInMs);
|
container.getServiceClient().getDefaultRequestOptions().setTimeoutIntervalInMs(timeoutIntervalInMs);
|
||||||
}
|
}
|
||||||
return new SASCloudBlobContainerWrapperImpl(storageAccount, container, sasKeyGenerator);
|
return (useContainerSasKeyForAllAccess)
|
||||||
|
? new SASCloudBlobContainerWrapperImpl(storageAccount, container, null)
|
||||||
|
: new SASCloudBlobContainerWrapperImpl(storageAccount, container, sasKeyGenerator);
|
||||||
} catch (SASKeyGenerationException sasEx) {
|
} catch (SASKeyGenerationException sasEx) {
|
||||||
String errorMsg = "Encountered SASKeyGeneration exception while "
|
String errorMsg = "Encountered SASKeyGeneration exception while "
|
||||||
+ "generating SAS Key for container : " + name
|
+ "generating SAS Key for container : " + name
|
||||||
@ -226,12 +236,12 @@ public CloudBlobDirectoryWrapper getDirectoryReference(String relativePath)
|
|||||||
public CloudBlobWrapper getBlockBlobReference(String relativePath)
|
public CloudBlobWrapper getBlockBlobReference(String relativePath)
|
||||||
throws URISyntaxException, StorageException {
|
throws URISyntaxException, StorageException {
|
||||||
try {
|
try {
|
||||||
CloudBlockBlob blob = new CloudBlockBlob(sasKeyGenerator.getRelativeBlobSASUri(
|
CloudBlockBlob blob = (sasKeyGenerator!=null)
|
||||||
storageAccount, getName(), relativePath));
|
? new CloudBlockBlob(sasKeyGenerator.getRelativeBlobSASUri(storageAccount, getName(), relativePath))
|
||||||
|
: container.getBlockBlobReference(relativePath);
|
||||||
blob.getServiceClient().setDefaultRequestOptions(
|
blob.getServiceClient().setDefaultRequestOptions(
|
||||||
container.getServiceClient().getDefaultRequestOptions());
|
container.getServiceClient().getDefaultRequestOptions());
|
||||||
return new SASCloudBlockBlobWrapperImpl(
|
return new SASCloudBlockBlobWrapperImpl(blob);
|
||||||
blob);
|
|
||||||
} catch (SASKeyGenerationException sasEx) {
|
} catch (SASKeyGenerationException sasEx) {
|
||||||
String errorMsg = "Encountered SASKeyGeneration exception while "
|
String errorMsg = "Encountered SASKeyGeneration exception while "
|
||||||
+ "generating SAS Key for relativePath : " + relativePath
|
+ "generating SAS Key for relativePath : " + relativePath
|
||||||
@ -245,12 +255,13 @@ public CloudBlobWrapper getBlockBlobReference(String relativePath)
|
|||||||
public CloudBlobWrapper getPageBlobReference(String relativePath)
|
public CloudBlobWrapper getPageBlobReference(String relativePath)
|
||||||
throws URISyntaxException, StorageException {
|
throws URISyntaxException, StorageException {
|
||||||
try {
|
try {
|
||||||
CloudPageBlob blob = new CloudPageBlob(sasKeyGenerator.getRelativeBlobSASUri(
|
CloudPageBlob blob = (sasKeyGenerator!=null)
|
||||||
storageAccount, getName(), relativePath));
|
? new CloudPageBlob(sasKeyGenerator.getRelativeBlobSASUri(storageAccount, getName(), relativePath))
|
||||||
|
: container.getPageBlobReference(relativePath);
|
||||||
|
|
||||||
blob.getServiceClient().setDefaultRequestOptions(
|
blob.getServiceClient().setDefaultRequestOptions(
|
||||||
container.getServiceClient().getDefaultRequestOptions());
|
container.getServiceClient().getDefaultRequestOptions());
|
||||||
return new SASCloudPageBlobWrapperImpl(
|
return new SASCloudPageBlobWrapperImpl(blob);
|
||||||
blob);
|
|
||||||
} catch (SASKeyGenerationException sasEx) {
|
} catch (SASKeyGenerationException sasEx) {
|
||||||
String errorMsg = "Encountered SASKeyGeneration exception while "
|
String errorMsg = "Encountered SASKeyGeneration exception while "
|
||||||
+ "generating SAS Key for relativePath : " + relativePath
|
+ "generating SAS Key for relativePath : " + relativePath
|
||||||
|
@ -476,6 +476,15 @@ The maximum number of entries that that cache can hold can be customized using t
|
|||||||
</property>
|
</property>
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Use container saskey for access to all blobs within the container.
|
||||||
|
Blob-specific saskeys are not used when this setting is enabled.
|
||||||
|
This setting provides better performance compared to blob-specific saskeys.
|
||||||
|
```
|
||||||
|
<property>
|
||||||
|
<name>fs.azure.saskey.usecontainersaskeyforallaccess</name>
|
||||||
|
<value>true</value>
|
||||||
|
</property>
|
||||||
|
```
|
||||||
## Testing the hadoop-azure Module
|
## Testing the hadoop-azure Module
|
||||||
|
|
||||||
The hadoop-azure module includes a full suite of unit tests. Most of the tests
|
The hadoop-azure module includes a full suite of unit tests. Most of the tests
|
||||||
|
@ -0,0 +1,44 @@
|
|||||||
|
/**
|
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
* or more contributor license agreements. See the NOTICE file
|
||||||
|
* distributed with this work for additional information
|
||||||
|
* regarding copyright ownership. The ASF licenses this file
|
||||||
|
* to you under the Apache License, Version 2.0 (the
|
||||||
|
* "License"); you may not use this file except in compliance
|
||||||
|
* with the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.apache.hadoop.fs.azure;
|
||||||
|
|
||||||
|
import org.apache.hadoop.conf.Configuration;
|
||||||
|
|
||||||
|
import static org.apache.hadoop.fs.azure.SecureStorageInterfaceImpl.KEY_USE_CONTAINER_SASKEY_FOR_ALL_ACCESS;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test class to hold all WASB authorization tests that use blob-specific keys
|
||||||
|
* to access storage.
|
||||||
|
*/
|
||||||
|
public class TestNativeAzureFSAuthWithBlobSpecificKeys
|
||||||
|
extends TestNativeAzureFileSystemAuthorizationWithOwner {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Configuration getConfiguration() {
|
||||||
|
Configuration conf = super.getConfiguration();
|
||||||
|
conf.set(KEY_USE_CONTAINER_SASKEY_FOR_ALL_ACCESS, "false");
|
||||||
|
return conf;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected AzureBlobStorageTestAccount createTestAccount() throws Exception {
|
||||||
|
Configuration conf = getConfiguration();
|
||||||
|
return AzureBlobStorageTestAccount.create(conf);
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user