HDDS-991. Fix failures in TestSecureOzoneCluster. Contributed by Ajay Kumar.

This commit is contained in:
Xiaoyu Yao 2019-01-25 10:50:23 -08:00
parent 1d523279da
commit 2ec296e659
10 changed files with 255 additions and 129 deletions

View File

@ -125,6 +125,11 @@ public enum ResultCodes {
COMPLETE_MULTIPART_UPLOAD_FAILED, COMPLETE_MULTIPART_UPLOAD_FAILED,
ENTITY_TOO_SMALL, ENTITY_TOO_SMALL,
ABORT_MULTIPART_UPLOAD_FAILED, ABORT_MULTIPART_UPLOAD_FAILED,
INVALID_REQUEST; INVALID_REQUEST,
INVALID_AUTH_METHOD,
INVALID_TOKEN,
TOKEN_EXPIRED,
TOKEN_ERROR_OTHER,
UNKNOWN
} }
} }

View File

@ -17,13 +17,13 @@
*/ */
package org.apache.hadoop.ozone.om.protocol; package org.apache.hadoop.ozone.om.protocol;
import java.io.IOException;
import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Text;
import org.apache.hadoop.io.retry.Idempotent; import org.apache.hadoop.io.retry.Idempotent;
import org.apache.hadoop.ozone.om.OMConfigKeys; import org.apache.hadoop.ozone.om.OMConfigKeys;
import org.apache.hadoop.ozone.security.OzoneTokenIdentifier; import org.apache.hadoop.ozone.security.OzoneTokenIdentifier;
import org.apache.hadoop.security.KerberosInfo; import org.apache.hadoop.security.KerberosInfo;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.ozone.om.exceptions.OMException;
/** /**
* Security protocol for a secure OzoneManager. * Security protocol for a secure OzoneManager.
@ -37,31 +37,31 @@ public interface OzoneManagerSecurityProtocol {
* *
* @param renewer the designated renewer for the token * @param renewer the designated renewer for the token
* @return Token<OzoneDelegationTokenSelector> * @return Token<OzoneDelegationTokenSelector>
* @throws IOException * @throws OMException
*/ */
@Idempotent @Idempotent
Token<OzoneTokenIdentifier> getDelegationToken(Text renewer) Token<OzoneTokenIdentifier> getDelegationToken(Text renewer)
throws IOException; throws OMException;
/** /**
* Renew an existing delegation token. * Renew an existing delegation token.
* *
* @param token delegation token obtained earlier * @param token delegation token obtained earlier
* @return the new expiration time * @return the new expiration time
* @throws IOException * @throws OMException
*/ */
@Idempotent @Idempotent
long renewDelegationToken(Token<OzoneTokenIdentifier> token) long renewDelegationToken(Token<OzoneTokenIdentifier> token)
throws IOException; throws OMException;
/** /**
* Cancel an existing delegation token. * Cancel an existing delegation token.
* *
* @param token delegation token * @param token delegation token
* @throws IOException * @throws OMException
*/ */
@Idempotent @Idempotent
void cancelDelegationToken(Token<OzoneTokenIdentifier> token) void cancelDelegationToken(Token<OzoneTokenIdentifier> token)
throws IOException; throws OMException;
} }

View File

@ -41,7 +41,7 @@
import org.apache.hadoop.ozone.om.helpers.S3SecretValue; import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
import org.apache.hadoop.ozone.om.helpers.ServiceInfo; import org.apache.hadoop.ozone.om.helpers.ServiceInfo;
import org.apache.hadoop.ozone.om.protocol.OzoneManagerProtocol; import org.apache.hadoop.ozone.om.protocol.OzoneManagerProtocol;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos; import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.protocol.proto import org.apache.hadoop.ozone.protocol.proto
.OzoneManagerProtocolProtos.AllocateBlockRequest; .OzoneManagerProtocolProtos.AllocateBlockRequest;
import org.apache.hadoop.ozone.protocol.proto import org.apache.hadoop.ozone.protocol.proto
@ -189,6 +189,12 @@
.OzoneManagerProtocolProtos.CancelDelegationTokenResponseProto; .OzoneManagerProtocolProtos.CancelDelegationTokenResponseProto;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
import static org.apache.hadoop.ozone.om.exceptions.OMException.*;
import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.TOKEN_ERROR_OTHER;
import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.UNKNOWN;
import static org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.Status.OK;
import static org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.Status.ACCESS_DENIED;
/** /**
* The client side implementation of OzoneManagerProtocol. * The client side implementation of OzoneManagerProtocol.
*/ */
@ -288,7 +294,7 @@ public void createVolume(OmVolumeArgs args) throws IOException {
CreateVolumeResponse resp = submitRequest(omRequest) CreateVolumeResponse resp = submitRequest(omRequest)
.getCreateVolumeResponse(); .getCreateVolumeResponse();
if (resp.getStatus() != Status.OK) { if (resp.getStatus() != OK) {
throw new throw new
IOException("Volume creation failed, error:" + resp.getStatus()); IOException("Volume creation failed, error:" + resp.getStatus());
} }
@ -314,7 +320,7 @@ public void setOwner(String volume, String owner) throws IOException {
SetVolumePropertyResponse resp = submitRequest(omRequest) SetVolumePropertyResponse resp = submitRequest(omRequest)
.getSetVolumePropertyResponse(); .getSetVolumePropertyResponse();
if (resp.getStatus() != Status.OK) { if (resp.getStatus() != OK) {
throw new throw new
IOException("Volume owner change failed, error:" + resp.getStatus()); IOException("Volume owner change failed, error:" + resp.getStatus());
} }
@ -340,7 +346,7 @@ public void setQuota(String volume, long quota) throws IOException {
SetVolumePropertyResponse resp = submitRequest(omRequest) SetVolumePropertyResponse resp = submitRequest(omRequest)
.getSetVolumePropertyResponse(); .getSetVolumePropertyResponse();
if (resp.getStatus() != Status.OK) { if (resp.getStatus() != OK) {
throw new throw new
IOException("Volume quota change failed, error:" + resp.getStatus()); IOException("Volume quota change failed, error:" + resp.getStatus());
} }
@ -369,9 +375,9 @@ public boolean checkVolumeAccess(String volume, OzoneAclInfo userAcl) throws
CheckVolumeAccessResponse resp = submitRequest(omRequest) CheckVolumeAccessResponse resp = submitRequest(omRequest)
.getCheckVolumeAccessResponse(); .getCheckVolumeAccessResponse();
if (resp.getStatus() == Status.ACCESS_DENIED) { if (resp.getStatus() == ACCESS_DENIED) {
return false; return false;
} else if (resp.getStatus() == Status.OK) { } else if (resp.getStatus() == OK) {
return true; return true;
} else { } else {
throw new throw new
@ -397,7 +403,7 @@ public OmVolumeArgs getVolumeInfo(String volume) throws IOException {
InfoVolumeResponse resp = submitRequest(omRequest).getInfoVolumeResponse(); InfoVolumeResponse resp = submitRequest(omRequest).getInfoVolumeResponse();
if (resp.getStatus() != Status.OK) { if (resp.getStatus() != OK) {
throw new throw new
IOException("Info Volume failed, error:" + resp.getStatus()); IOException("Info Volume failed, error:" + resp.getStatus());
} }
@ -422,7 +428,7 @@ public void deleteVolume(String volume) throws IOException {
DeleteVolumeResponse resp = submitRequest(omRequest) DeleteVolumeResponse resp = submitRequest(omRequest)
.getDeleteVolumeResponse(); .getDeleteVolumeResponse();
if (resp.getStatus() != Status.OK) { if (resp.getStatus() != OK) {
throw new throw new
IOException("Delete Volume failed, error:" + resp.getStatus()); IOException("Delete Volume failed, error:" + resp.getStatus());
} }
@ -490,7 +496,7 @@ private List<OmVolumeArgs> listVolume(ListVolumeRequest request)
ListVolumeResponse resp = submitRequest(omRequest).getListVolumeResponse(); ListVolumeResponse resp = submitRequest(omRequest).getListVolumeResponse();
if (resp.getStatus() != Status.OK) { if (resp.getStatus() != OK) {
throw new IOException("List volume failed, error: " throw new IOException("List volume failed, error: "
+ resp.getStatus()); + resp.getStatus());
} }
@ -520,7 +526,7 @@ public void createBucket(OmBucketInfo bucketInfo) throws IOException {
CreateBucketResponse resp = submitRequest(omRequest) CreateBucketResponse resp = submitRequest(omRequest)
.getCreateBucketResponse(); .getCreateBucketResponse();
if (resp.getStatus() != Status.OK) { if (resp.getStatus() != OK) {
throw new IOException("Bucket creation failed, error: " throw new IOException("Bucket creation failed, error: "
+ resp.getStatus()); + resp.getStatus());
} }
@ -548,7 +554,7 @@ public OmBucketInfo getBucketInfo(String volume, String bucket)
InfoBucketResponse resp = submitRequest(omRequest).getInfoBucketResponse(); InfoBucketResponse resp = submitRequest(omRequest).getInfoBucketResponse();
if (resp.getStatus() == Status.OK) { if (resp.getStatus() == OK) {
return OmBucketInfo.getFromProtobuf(resp.getBucketInfo()); return OmBucketInfo.getFromProtobuf(resp.getBucketInfo());
} else { } else {
throw new IOException("Info Bucket failed, error: " throw new IOException("Info Bucket failed, error: "
@ -576,7 +582,7 @@ public void setBucketProperty(OmBucketArgs args)
SetBucketPropertyResponse resp = submitRequest(omRequest) SetBucketPropertyResponse resp = submitRequest(omRequest)
.getSetBucketPropertyResponse(); .getSetBucketPropertyResponse();
if (resp.getStatus() != Status.OK) { if (resp.getStatus() != OK) {
throw new IOException("Setting bucket property failed, error: " throw new IOException("Setting bucket property failed, error: "
+ resp.getStatus()); + resp.getStatus());
} }
@ -614,7 +620,7 @@ public List<OmBucketInfo> listBuckets(String volumeName,
ListBucketsResponse resp = submitRequest(omRequest) ListBucketsResponse resp = submitRequest(omRequest)
.getListBucketsResponse(); .getListBucketsResponse();
if (resp.getStatus() == Status.OK) { if (resp.getStatus() == OK) {
buckets.addAll( buckets.addAll(
resp.getBucketInfoList().stream() resp.getBucketInfoList().stream()
.map(OmBucketInfo::getFromProtobuf) .map(OmBucketInfo::getFromProtobuf)
@ -677,7 +683,7 @@ public OpenKeySession openKey(OmKeyArgs args) throws IOException {
CreateKeyResponse resp = submitRequest(omRequest).getCreateKeyResponse(); CreateKeyResponse resp = submitRequest(omRequest).getCreateKeyResponse();
if (resp.getStatus() != Status.OK) { if (resp.getStatus() != OK) {
throw new IOException("Create key failed, error:" + resp.getStatus()); throw new IOException("Create key failed, error:" + resp.getStatus());
} }
return new OpenKeySession(resp.getID(), return new OpenKeySession(resp.getID(),
@ -703,7 +709,7 @@ public OmKeyLocationInfo allocateBlock(OmKeyArgs args, long clientId)
AllocateBlockResponse resp = submitRequest(omRequest) AllocateBlockResponse resp = submitRequest(omRequest)
.getAllocateBlockResponse(); .getAllocateBlockResponse();
if (resp.getStatus() != Status.OK) { if (resp.getStatus() != OK) {
throw new IOException("Allocate block failed, error:" + throw new IOException("Allocate block failed, error:" +
resp.getStatus()); resp.getStatus());
} }
@ -733,7 +739,7 @@ public void commitKey(OmKeyArgs args, long clientId)
CommitKeyResponse resp = submitRequest(omRequest).getCommitKeyResponse(); CommitKeyResponse resp = submitRequest(omRequest).getCommitKeyResponse();
if (resp.getStatus() != Status.OK) { if (resp.getStatus() != OK) {
throw new IOException("Commit key failed, error:" + throw new IOException("Commit key failed, error:" +
resp.getStatus()); resp.getStatus());
} }
@ -756,7 +762,7 @@ public OmKeyInfo lookupKey(OmKeyArgs args) throws IOException {
LookupKeyResponse resp = submitRequest(omRequest).getLookupKeyResponse(); LookupKeyResponse resp = submitRequest(omRequest).getLookupKeyResponse();
if (resp.getStatus() != Status.OK) { if (resp.getStatus() != OK) {
throw new IOException("Lookup key failed, error:" + throw new IOException("Lookup key failed, error:" +
resp.getStatus()); resp.getStatus());
} }
@ -780,7 +786,7 @@ public void renameKey(OmKeyArgs args, String toKeyName) throws IOException {
RenameKeyResponse resp = submitRequest(omRequest).getRenameKeyResponse(); RenameKeyResponse resp = submitRequest(omRequest).getRenameKeyResponse();
if (resp.getStatus() != Status.OK) { if (resp.getStatus() != OK) {
throw new IOException("Rename key failed, error:" + throw new IOException("Rename key failed, error:" +
resp.getStatus()); resp.getStatus());
} }
@ -807,7 +813,7 @@ public void deleteKey(OmKeyArgs args) throws IOException {
DeleteKeyResponse resp = submitRequest(omRequest).getDeleteKeyResponse(); DeleteKeyResponse resp = submitRequest(omRequest).getDeleteKeyResponse();
if (resp.getStatus() != Status.OK) { if (resp.getStatus() != OK) {
throw new IOException("Delete key failed, error:" + throw new IOException("Delete key failed, error:" +
resp.getStatus()); resp.getStatus());
} }
@ -831,7 +837,7 @@ public void deleteBucket(String volume, String bucket) throws IOException {
DeleteBucketResponse resp = submitRequest(omRequest) DeleteBucketResponse resp = submitRequest(omRequest)
.getDeleteBucketResponse(); .getDeleteBucketResponse();
if (resp.getStatus() != Status.OK) { if (resp.getStatus() != OK) {
throw new throw new
IOException("Delete Bucket failed, error:" + resp.getStatus()); IOException("Delete Bucket failed, error:" + resp.getStatus());
} }
@ -865,7 +871,7 @@ public List<OmKeyInfo> listKeys(String volumeName, String bucketName,
ListKeysResponse resp = submitRequest(omRequest).getListKeysResponse(); ListKeysResponse resp = submitRequest(omRequest).getListKeysResponse();
if (resp.getStatus() == Status.OK) { if (resp.getStatus() == OK) {
keys.addAll( keys.addAll(
resp.getKeyInfoList().stream() resp.getKeyInfoList().stream()
.map(OmKeyInfo::getFromProtobuf) .map(OmKeyInfo::getFromProtobuf)
@ -892,7 +898,7 @@ public void createS3Bucket(String userName, String s3BucketName)
S3CreateBucketResponse resp = submitRequest(omRequest) S3CreateBucketResponse resp = submitRequest(omRequest)
.getCreateS3BucketResponse(); .getCreateS3BucketResponse();
if(resp.getStatus() != Status.OK) { if(resp.getStatus() != OK) {
throw new IOException("Creating S3 bucket failed, error: " throw new IOException("Creating S3 bucket failed, error: "
+ resp.getStatus()); + resp.getStatus());
} }
@ -912,7 +918,7 @@ public void deleteS3Bucket(String s3BucketName) throws IOException {
S3DeleteBucketResponse resp = submitRequest(omRequest) S3DeleteBucketResponse resp = submitRequest(omRequest)
.getDeleteS3BucketResponse(); .getDeleteS3BucketResponse();
if(resp.getStatus() != Status.OK) { if(resp.getStatus() != OK) {
throw new IOException("Creating S3 bucket failed, error: " throw new IOException("Creating S3 bucket failed, error: "
+ resp.getStatus()); + resp.getStatus());
} }
@ -933,7 +939,7 @@ public String getOzoneBucketMapping(String s3BucketName)
S3BucketInfoResponse resp = submitRequest(omRequest) S3BucketInfoResponse resp = submitRequest(omRequest)
.getInfoS3BucketResponse(); .getInfoS3BucketResponse();
if(resp.getStatus() != Status.OK) { if(resp.getStatus() != OK) {
throw new IOException("GetOzoneBucketMapping failed, error:" + resp throw new IOException("GetOzoneBucketMapping failed, error:" + resp
.getStatus()); .getStatus());
} }
@ -963,7 +969,7 @@ public List<OmBucketInfo> listS3Buckets(String userName, String startKey,
S3ListBucketsResponse resp = submitRequest(omRequest) S3ListBucketsResponse resp = submitRequest(omRequest)
.getListS3BucketsResponse(); .getListS3BucketsResponse();
if (resp.getStatus() == Status.OK) { if (resp.getStatus() == OK) {
buckets.addAll( buckets.addAll(
resp.getBucketInfoList().stream() resp.getBucketInfoList().stream()
.map(OmBucketInfo::getFromProtobuf) .map(OmBucketInfo::getFromProtobuf)
@ -986,7 +992,7 @@ public S3SecretValue getS3Secret(String kerberosID) throws IOException {
final GetS3SecretResponse resp = submitRequest(omRequest) final GetS3SecretResponse resp = submitRequest(omRequest)
.getGetS3SecretResponse(); .getGetS3SecretResponse();
if(resp.getStatus() != Status.OK) { if(resp.getStatus() != OK) {
throw new IOException("Fetch S3 Secret failed, error: " + throw new IOException("Fetch S3 Secret failed, error: " +
resp.getStatus()); resp.getStatus());
} else { } else {
@ -1022,7 +1028,7 @@ public OmMultipartInfo initiateMultipartUpload(OmKeyArgs omKeyArgs) throws
MultipartInfoInitiateResponse resp = submitRequest(omRequest) MultipartInfoInitiateResponse resp = submitRequest(omRequest)
.getInitiateMultiPartUploadResponse(); .getInitiateMultiPartUploadResponse();
if (resp.getStatus() != Status.OK) { if (resp.getStatus() != OK) {
throw new IOException("Initiate Multipart upload failed, error:" + resp throw new IOException("Initiate Multipart upload failed, error:" + resp
.getStatus()); .getStatus());
} }
@ -1064,7 +1070,7 @@ public OmMultipartCommitUploadPartInfo commitMultipartUploadPart(
MultipartCommitUploadPartResponse response = submitRequest(omRequest) MultipartCommitUploadPartResponse response = submitRequest(omRequest)
.getCommitMultiPartUploadResponse(); .getCommitMultiPartUploadResponse();
if (response.getStatus() != Status.OK) { if (response.getStatus() != OK) {
throw new IOException("Commit multipart upload part key failed, error:" throw new IOException("Commit multipart upload part key failed, error:"
+ response.getStatus()); + response.getStatus());
} }
@ -1099,7 +1105,7 @@ public OmMultipartUploadCompleteInfo completeMultipartUpload(
MultipartUploadCompleteResponse response = submitRequest(omRequest) MultipartUploadCompleteResponse response = submitRequest(omRequest)
.getCompleteMultiPartUploadResponse(); .getCompleteMultiPartUploadResponse();
if (response.getStatus() != Status.OK) { if (response.getStatus() != OK) {
throw new IOException("Complete multipart upload failed, error:" + throw new IOException("Complete multipart upload failed, error:" +
response.getStatus()); response.getStatus());
} }
@ -1130,7 +1136,7 @@ public void abortMultipartUpload(OmKeyArgs omKeyArgs) throws IOException {
MultipartUploadAbortResponse response = MultipartUploadAbortResponse response =
submitRequest(omRequest).getAbortMultiPartUploadResponse(); submitRequest(omRequest).getAbortMultiPartUploadResponse();
if (response.getStatus() != Status.OK) { if (response.getStatus() != OK) {
throw new IOException("Abort multipart upload failed, error:" + throw new IOException("Abort multipart upload failed, error:" +
response.getStatus()); response.getStatus());
} }
@ -1147,7 +1153,7 @@ public List<ServiceInfo> getServiceList() throws IOException {
final ServiceListResponse resp = submitRequest(omRequest) final ServiceListResponse resp = submitRequest(omRequest)
.getServiceListResponse(); .getServiceListResponse();
if (resp.getStatus() == Status.OK) { if (resp.getStatus() == OK) {
return resp.getServiceInfoList().stream() return resp.getServiceInfoList().stream()
.map(ServiceInfo::getFromProtobuf) .map(ServiceInfo::getFromProtobuf)
.collect(Collectors.toList()); .collect(Collectors.toList());
@ -1162,11 +1168,11 @@ public List<ServiceInfo> getServiceList() throws IOException {
* *
* @param renewer the designated renewer for the token * @param renewer the designated renewer for the token
* @return Token<OzoneDelegationTokenSelector> * @return Token<OzoneDelegationTokenSelector>
* @throws IOException * @throws OMException
*/ */
@Override @Override
public Token<OzoneTokenIdentifier> getDelegationToken(Text renewer) public Token<OzoneTokenIdentifier> getDelegationToken(Text renewer)
throws IOException { throws OMException {
GetDelegationTokenRequestProto req = GetDelegationTokenRequestProto GetDelegationTokenRequestProto req = GetDelegationTokenRequestProto
.newBuilder() .newBuilder()
.setRenewer(renewer == null ? "" : renewer.toString()) .setRenewer(renewer == null ? "" : renewer.toString())
@ -1176,15 +1182,23 @@ public Token<OzoneTokenIdentifier> getDelegationToken(Text renewer)
.setGetDelegationTokenRequest(req) .setGetDelegationTokenRequest(req)
.build(); .build();
final GetDelegationTokenResponseProto resp = submitRequest(omRequest) final GetDelegationTokenResponseProto resp;
.getGetDelegationTokenResponse(); try {
if (resp.getStatus() == Status.OK) { resp = submitRequest(omRequest).getGetDelegationTokenResponse();
if (resp.getStatus() == OK) {
return resp.getResponse().hasToken() ? return resp.getResponse().hasToken() ?
OMPBHelper.convertToDelegationToken(resp.getResponse().getToken()) OMPBHelper.convertToDelegationToken(resp.getResponse().getToken())
: null; : null;
} else { }
throw new IOException("Get Delegation Token failed, error : " + resp throw new OMException("Get delegation token failed with response:"
.getStatus()); + resp.getStatus(), toResultStatus(resp.getStatus()));
} catch (IOException e) {
if(e instanceof OMException) {
throw (OMException)e;
}
throw new OMException("Get delegation token failed.", e,
TOKEN_ERROR_OTHER);
} }
} }
@ -1193,11 +1207,10 @@ public Token<OzoneTokenIdentifier> getDelegationToken(Text renewer)
* *
* @param token delegation token obtained earlier * @param token delegation token obtained earlier
* @return the new expiration time * @return the new expiration time
* @throws IOException
*/ */
@Override @Override
public long renewDelegationToken(Token<OzoneTokenIdentifier> token) public long renewDelegationToken(Token<OzoneTokenIdentifier> token)
throws IOException { throws OMException {
RenewDelegationTokenRequestProto req = RenewDelegationTokenRequestProto req =
RenewDelegationTokenRequestProto.newBuilder(). RenewDelegationTokenRequestProto.newBuilder().
setToken(OMPBHelper.convertToTokenProto(token)). setToken(OMPBHelper.convertToTokenProto(token)).
@ -1207,13 +1220,21 @@ public long renewDelegationToken(Token<OzoneTokenIdentifier> token)
.setRenewDelegationTokenRequest(req) .setRenewDelegationTokenRequest(req)
.build(); .build();
final RenewDelegationTokenResponseProto resp = submitRequest(omRequest) final RenewDelegationTokenResponseProto resp;
try {
resp = submitRequest(omRequest)
.getRenewDelegationTokenResponse(); .getRenewDelegationTokenResponse();
if (resp.getStatus() == Status.OK) { if (resp.getStatus() == OK) {
return resp.getResponse().getNewExpiryTime(); return resp.getResponse().getNewExpiryTime();
} else { }
throw new IOException("Renew Delegation Token failed, error : " + resp throw new OMException("Renew delegation token failed with response:"
.getStatus()); + resp.getStatus(), toResultStatus(resp.getStatus()));
} catch (IOException e) {
if(e instanceof OMException) {
throw (OMException)e;
}
throw new OMException("Renew delegation token failed.", e,
TOKEN_ERROR_OTHER);
} }
} }
@ -1221,11 +1242,10 @@ public long renewDelegationToken(Token<OzoneTokenIdentifier> token)
* Cancel an existing delegation token. * Cancel an existing delegation token.
* *
* @param token delegation token * @param token delegation token
* @throws IOException
*/ */
@Override @Override
public void cancelDelegationToken(Token<OzoneTokenIdentifier> token) public void cancelDelegationToken(Token<OzoneTokenIdentifier> token)
throws IOException { throws OMException {
CancelDelegationTokenRequestProto req = CancelDelegationTokenRequestProto CancelDelegationTokenRequestProto req = CancelDelegationTokenRequestProto
.newBuilder() .newBuilder()
.setToken(OMPBHelper.convertToTokenProto(token)) .setToken(OMPBHelper.convertToTokenProto(token))
@ -1235,11 +1255,40 @@ public void cancelDelegationToken(Token<OzoneTokenIdentifier> token)
.setCancelDelegationTokenRequest(req) .setCancelDelegationTokenRequest(req)
.build(); .build();
final CancelDelegationTokenResponseProto resp = submitRequest(omRequest) final CancelDelegationTokenResponseProto resp;
.getCancelDelegationTokenResponse(); try {
if (resp.getStatus() != Status.OK) { resp = submitRequest(omRequest).getCancelDelegationTokenResponse();
throw new IOException("Cancel Delegation Token failed, error : " + resp if (resp.getStatus() == OK) {
.getStatus()); return;
}
throw new OMException("Cancel delegation token failed with response:"
+ resp.getStatus(), toResultStatus(resp.getStatus()));
} catch (IOException e) {
if(e instanceof OMException) {
throw (OMException)e;
}
throw new OMException("Cancel delegation token failed.", e,
TOKEN_ERROR_OTHER);
}
}
/**
* Converts proto status to OMException result code.
*
* @param status Proto status received from rpc call.
*/
public ResultCodes toResultStatus(Status status) {
switch (status) {
case INVALID_AUTH_METHOD:
return ResultCodes.INVALID_AUTH_METHOD;
case INVALID_TOKEN:
return ResultCodes.INVALID_TOKEN;
case TOKEN_EXPIRED:
return ResultCodes.TOKEN_EXPIRED;
case TOKEN_ERROR_OTHER:
return TOKEN_ERROR_OTHER;
default:
return UNKNOWN;
} }
} }
} }

View File

@ -22,6 +22,7 @@
import org.apache.hadoop.hdds.conf.OzoneConfiguration; import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.security.x509.SecurityConfig; import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Text;
import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.security.OzoneSecretStore.OzoneManagerSecretState; import org.apache.hadoop.ozone.security.OzoneSecretStore.OzoneManagerSecretState;
import org.apache.hadoop.ozone.security.OzoneTokenIdentifier.TokenInfo; import org.apache.hadoop.ozone.security.OzoneTokenIdentifier.TokenInfo;
import org.apache.hadoop.security.AccessControlException; import org.apache.hadoop.security.AccessControlException;
@ -41,6 +42,8 @@
import java.util.Map; import java.util.Map;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.TOKEN_EXPIRED;
/** /**
* SecretManager for Ozone Master. Responsible for signing identifiers with * SecretManager for Ozone Master. Responsible for signing identifiers with
* private key, * private key,
@ -172,8 +175,7 @@ private void updateIdentifierDetails(OzoneTokenIdentifier identifier) {
*/ */
@Override @Override
public synchronized long renewToken(Token<OzoneTokenIdentifier> token, public synchronized long renewToken(Token<OzoneTokenIdentifier> token,
String renewer) String renewer) throws IOException {
throws IOException {
ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier()); ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier());
DataInputStream in = new DataInputStream(buf); DataInputStream in = new DataInputStream(buf);
OzoneTokenIdentifier id = OzoneTokenIdentifier.readProtoBuf(in); OzoneTokenIdentifier id = OzoneTokenIdentifier.readProtoBuf(in);
@ -184,10 +186,10 @@ public synchronized long renewToken(Token<OzoneTokenIdentifier> token,
long now = Time.monotonicNow(); long now = Time.monotonicNow();
if (id.getMaxDate() < now) { if (id.getMaxDate() < now) {
throw new InvalidToken(renewer + " tried to renew an expired token " throw new OMException(renewer + " tried to renew an expired token "
+ formatTokenId(id) + " max expiration date: " + formatTokenId(id) + " max expiration date: "
+ Time.formatTime(id.getMaxDate()) + Time.formatTime(id.getMaxDate())
+ " currentTime: " + Time.formatTime(now)); + " currentTime: " + Time.formatTime(now), TOKEN_EXPIRED);
} }
validateToken(id); validateToken(id);
if ((id.getRenewer() == null) || (id.getRenewer().toString().isEmpty())) { if ((id.getRenewer() == null) || (id.getRenewer().toString().isEmpty())) {

View File

@ -208,6 +208,12 @@ enum Status {
ABORT_MULTIPART_UPLOAD_FAILED = 31; ABORT_MULTIPART_UPLOAD_FAILED = 31;
S3_SECRET_NOT_FOUND = 32; S3_SECRET_NOT_FOUND = 32;
INVALID_AUTH_METHOD = 33;
INVALID_TOKEN = 34;
TOKEN_EXPIRED = 35;
TOKEN_ERROR_OTHER = 36;
} }

View File

@ -21,6 +21,9 @@
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS; import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ENABLED; import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ENABLED;
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_SECURITY_ENABLED_KEY; import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_SECURITY_ENABLED_KEY;
import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.INVALID_AUTH_METHOD;
import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.TOKEN_ERROR_OTHER;
import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.TOKEN_EXPIRED;
import static org.slf4j.event.Level.INFO; import static org.slf4j.event.Level.INFO;
import java.io.File; import java.io.File;
@ -50,7 +53,6 @@
import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Text;
import org.apache.hadoop.ipc.Client; import org.apache.hadoop.ipc.Client;
import org.apache.hadoop.ipc.RPC; import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.ipc.RemoteException;
import org.apache.hadoop.ipc.Server; import org.apache.hadoop.ipc.Server;
import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem; import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem;
import org.apache.hadoop.minikdc.MiniKdc; import org.apache.hadoop.minikdc.MiniKdc;
@ -58,13 +60,13 @@
import org.apache.hadoop.ozone.om.OMConfigKeys; import org.apache.hadoop.ozone.om.OMConfigKeys;
import org.apache.hadoop.ozone.om.OMStorage; import org.apache.hadoop.ozone.om.OMStorage;
import org.apache.hadoop.ozone.om.OzoneManager; import org.apache.hadoop.ozone.om.OzoneManager;
import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.om.protocolPB.OzoneManagerProtocolClientSideTranslatorPB; import org.apache.hadoop.ozone.om.protocolPB.OzoneManagerProtocolClientSideTranslatorPB;
import org.apache.hadoop.ozone.om.protocolPB.OzoneManagerProtocolPB; import org.apache.hadoop.ozone.om.protocolPB.OzoneManagerProtocolPB;
import org.apache.hadoop.ozone.security.OzoneTokenIdentifier; import org.apache.hadoop.ozone.security.OzoneTokenIdentifier;
import org.apache.hadoop.security.KerberosAuthException; import org.apache.hadoop.security.KerberosAuthException;
import org.apache.hadoop.security.SaslRpcServer.AuthMethod; import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
import org.apache.hadoop.security.authentication.client.AuthenticationException; import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.test.GenericTestUtils; import org.apache.hadoop.test.GenericTestUtils;
@ -80,7 +82,6 @@
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import javax.ws.rs.HEAD;
/** /**
* Test class to for security enabled Ozone cluster. * Test class to for security enabled Ozone cluster.
@ -345,6 +346,7 @@ public void testDelegationToken() throws Exception {
// Capture logs for assertions // Capture logs for assertions
LogCapturer logs = LogCapturer.captureLogs(Server.AUDITLOG); LogCapturer logs = LogCapturer.captureLogs(Server.AUDITLOG);
LogCapturer omLogs = LogCapturer.captureLogs(OzoneManager.getLogger());
GenericTestUtils GenericTestUtils
.setLogLevel(LoggerFactory.getLogger(Server.class.getName()), INFO); .setLogLevel(LoggerFactory.getLogger(Server.class.getName()), INFO);
@ -414,11 +416,21 @@ public Void run() throws Exception {
// Case 4: Test failure of token renewal. // Case 4: Test failure of token renewal.
// Call to renewDelegationToken will fail but it will confirm that // Call to renewDelegationToken will fail but it will confirm that
// initial connection via DT succeeded // initial connection via DT succeeded
LambdaTestUtils.intercept(RemoteException.class, "Delegation " omLogs.clearOutput();
+ "Token can be renewed only with kerberos or web authentication",
() -> omClient.renewDelegationToken(token)); LambdaTestUtils.intercept(OMException.class, "Renew delegation token " +
"failed",
() -> {
try {
omClient.renewDelegationToken(token);
} catch (OMException ex) {
Assert.assertTrue(ex.getResult().equals(INVALID_AUTH_METHOD));
throw ex;
}
});
Assert.assertTrue(logs.getOutput().contains( Assert.assertTrue(logs.getOutput().contains(
"Auth successful for " + username + " (auth:TOKEN)")); "Auth successful for " + username + " (auth:TOKEN)"));
omLogs.clearOutput();
//testUser.setAuthenticationMethod(AuthMethod.KERBEROS); //testUser.setAuthenticationMethod(AuthMethod.KERBEROS);
UserGroupInformation.setLoginUser(ugi); UserGroupInformation.setLoginUser(ugi);
omClient = new OzoneManagerProtocolClientSideTranslatorPB( omClient = new OzoneManagerProtocolClientSideTranslatorPB(
@ -438,14 +450,23 @@ public Void run() throws Exception {
// Case 6: Test failure of token cancellation. // Case 6: Test failure of token cancellation.
// Get Om client, this time authentication using Token will fail as // Get Om client, this time authentication using Token will fail as
// token is expired // token is not in cache anymore.
omClient = new OzoneManagerProtocolClientSideTranslatorPB( omClient = new OzoneManagerProtocolClientSideTranslatorPB(
RPC.getProxy(OzoneManagerProtocolPB.class, omVersion, RPC.getProxy(OzoneManagerProtocolPB.class, omVersion,
OmUtils.getOmAddress(conf), testUser, conf, OmUtils.getOmAddress(conf), testUser, conf,
NetUtils.getDefaultSocketFactory(conf), NetUtils.getDefaultSocketFactory(conf),
Client.getRpcTimeout(conf)), RandomStringUtils.randomAscii(5)); Client.getRpcTimeout(conf)), RandomStringUtils.randomAscii(5));
LambdaTestUtils.intercept(RemoteException.class, "can't be found in cache", LambdaTestUtils.intercept(OMException.class, "Cancel delegation " +
() -> omClient.cancelDelegationToken(token)); "token failed",
() -> {
try {
omClient.cancelDelegationToken(token);
} catch (OMException ex) {
Assert.assertTrue(ex.getResult().equals(TOKEN_ERROR_OTHER));
throw ex;
}
});
Assert.assertTrue(logs.getOutput().contains("Auth failed for")); Assert.assertTrue(logs.getOutput().contains("Auth failed for"));
} finally { } finally {
om.stop(); om.stop();
@ -469,6 +490,7 @@ private void generateKeyPair(OzoneConfiguration config) throws Exception {
public void testDelegationTokenRenewal() throws Exception { public void testDelegationTokenRenewal() throws Exception {
GenericTestUtils GenericTestUtils
.setLogLevel(LoggerFactory.getLogger(Server.class.getName()), INFO); .setLogLevel(LoggerFactory.getLogger(Server.class.getName()), INFO);
LogCapturer omLogs = LogCapturer.captureLogs(OzoneManager.getLogger());
// Setup secure OM for start. // Setup secure OM for start.
OzoneConfiguration newConf = new OzoneConfiguration(conf); OzoneConfiguration newConf = new OzoneConfiguration(conf);
@ -502,16 +524,35 @@ public void testDelegationTokenRenewal() throws Exception {
// Renew delegation token // Renew delegation token
long expiryTime = omClient.renewDelegationToken(token); long expiryTime = omClient.renewDelegationToken(token);
Assert.assertTrue(expiryTime > 0); Assert.assertTrue(expiryTime > 0);
omLogs.clearOutput();
// Test failure of delegation renewal // Test failure of delegation renewal
// 1. When renewer doesn't match (implicitly covers when renewer is // 1. When token maxExpiryTime exceeds
Thread.sleep(500);
LambdaTestUtils.intercept(OMException.class,
"Renew delegation token failed",
() -> {
try {
omClient.renewDelegationToken(token);
} catch (OMException ex) {
Assert.assertTrue(ex.getResult().equals(TOKEN_EXPIRED));
throw ex;
}
});
omLogs.clearOutput();
// 2. When renewer doesn't match (implicitly covers when renewer is
// null or empty ) // null or empty )
Token token2 = omClient.getDelegationToken(new Text("randomService")); Token token2 = omClient.getDelegationToken(new Text("randomService"));
LambdaTestUtils.intercept(RemoteException.class, LambdaTestUtils.intercept(OMException.class,
" with non-matching renewer randomService", "Renew delegation token failed",
() -> omClient.renewDelegationToken(token2)); () -> omClient.renewDelegationToken(token2));
Assert.assertTrue(omLogs.getOutput().contains(" with non-matching " +
"renewer randomService"));
omLogs.clearOutput();
// 2. Test tampered token // 3. Test tampered token
OzoneTokenIdentifier tokenId = OzoneTokenIdentifier.readProtoBuf( OzoneTokenIdentifier tokenId = OzoneTokenIdentifier.readProtoBuf(
token.getIdentifier()); token.getIdentifier());
tokenId.setRenewer(new Text("om")); tokenId.setRenewer(new Text("om"));
@ -519,15 +560,13 @@ public void testDelegationTokenRenewal() throws Exception {
Token<OzoneTokenIdentifier> tamperedToken = new Token<>( Token<OzoneTokenIdentifier> tamperedToken = new Token<>(
tokenId.getBytes(), token2.getPassword(), token2.getKind(), tokenId.getBytes(), token2.getPassword(), token2.getKind(),
token2.getService()); token2.getService());
LambdaTestUtils.intercept(RemoteException.class, LambdaTestUtils.intercept(OMException.class,
"can't be found in cache", "Renew delegation token failed",
() -> omClient.renewDelegationToken(tamperedToken)); () -> omClient.renewDelegationToken(tamperedToken));
Assert.assertTrue(omLogs.getOutput().contains("can't be found in " +
"cache"));
omLogs.clearOutput();
// 3. When token maxExpiryTime exceeds
Thread.sleep(500);
LambdaTestUtils.intercept(RemoteException.class,
"om tried to renew an expired" + " token",
() -> omClient.renewDelegationToken(token));
} finally { } finally {
om.stop(); om.stop();
om.join(); om.join();

View File

@ -100,7 +100,6 @@
import org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager; import org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager;
import org.apache.hadoop.ozone.security.OzoneDelegationTokenSecretManager; import org.apache.hadoop.ozone.security.OzoneDelegationTokenSecretManager;
import org.apache.hadoop.ozone.util.OzoneVersionInfo; import org.apache.hadoop.ozone.util.OzoneVersionInfo;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod; import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
@ -157,6 +156,8 @@
.OZONE_OM_METRICS_SAVE_INTERVAL; .OZONE_OM_METRICS_SAVE_INTERVAL;
import static org.apache.hadoop.ozone.om.OMConfigKeys import static org.apache.hadoop.ozone.om.OMConfigKeys
.OZONE_OM_METRICS_SAVE_INTERVAL_DEFAULT; .OZONE_OM_METRICS_SAVE_INTERVAL_DEFAULT;
import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.INVALID_AUTH_METHOD;
import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.TOKEN_ERROR_OTHER;
import static org.apache.hadoop.ozone.protocol.proto import static org.apache.hadoop.ozone.protocol.proto
.OzoneManagerProtocolProtos.OzoneManagerService .OzoneManagerProtocolProtos.OzoneManagerService
.newReflectiveBlockingService; .newReflectiveBlockingService;
@ -1031,14 +1032,15 @@ private static UserGroupInformation getRemoteUser() throws IOException {
*/ */
@Override @Override
public Token<OzoneTokenIdentifier> getDelegationToken(Text renewer) public Token<OzoneTokenIdentifier> getDelegationToken(Text renewer)
throws IOException { throws OMException {
final boolean success; final boolean success;
final String tokenId; final String tokenId;
Token<OzoneTokenIdentifier> token; Token<OzoneTokenIdentifier> token;
try {
if (!isAllowedDelegationTokenOp()) { if (!isAllowedDelegationTokenOp()) {
throw new IOException("Delegation Token can be issued only with " throw new OMException("Delegation Token can be issued only with "
+ "kerberos or web authentication"); + "kerberos or web authentication",
INVALID_AUTH_METHOD);
} }
if (delegationTokenMgr == null || !delegationTokenMgr.isRunning()) { if (delegationTokenMgr == null || !delegationTokenMgr.isRunning()) {
LOG.warn("trying to get DT with no secret manager running in OM."); LOG.warn("trying to get DT with no secret manager running in OM.");
@ -1053,8 +1055,14 @@ public Token<OzoneTokenIdentifier> getDelegationToken(Text renewer)
realUser = new Text(ugi.getRealUser().getUserName()); realUser = new Text(ugi.getRealUser().getUserName());
} }
token = delegationTokenMgr.createToken(owner, renewer, realUser); return delegationTokenMgr.createToken(owner, renewer, realUser);
return token; } catch (OMException oex) {
throw oex;
} catch (IOException ex) {
LOG.error("Get Delegation token failed, cause: {}", ex.getMessage());
throw new OMException("Get Delegation token failed.", ex,
TOKEN_ERROR_OTHER);
}
} }
/** /**
@ -1066,24 +1074,31 @@ public Token<OzoneTokenIdentifier> getDelegationToken(Text renewer)
*/ */
@Override @Override
public long renewDelegationToken(Token<OzoneTokenIdentifier> token) public long renewDelegationToken(Token<OzoneTokenIdentifier> token)
throws InvalidToken, IOException { throws OMException {
long expiryTime; long expiryTime;
try { try {
if (!isAllowedDelegationTokenOp()) { if (!isAllowedDelegationTokenOp()) {
throw new IOException("Delegation Token can be renewed only with " throw new OMException("Delegation Token can be renewed only with "
+ "kerberos or web authentication"); + "kerberos or web authentication",
INVALID_AUTH_METHOD);
} }
String renewer = getRemoteUser().getShortUserName(); String renewer = getRemoteUser().getShortUserName();
expiryTime = delegationTokenMgr.renewToken(token, renewer); expiryTime = delegationTokenMgr.renewToken(token, renewer);
} catch (AccessControlException ace) { } catch (OMException oex) {
final OzoneTokenIdentifier id = OzoneTokenIdentifier.readProtoBuf( throw oex;
token.getIdentifier()); } catch (IOException ex) {
LOG.error("Delegation token renewal failed for dt: {}, cause: {}", OzoneTokenIdentifier id = null;
id.toString(), ace.getMessage()); try {
throw ace; id = OzoneTokenIdentifier.readProtoBuf(token.getIdentifier());
} catch (IOException exe) {
}
LOG.error("Delegation token renewal failed for dt id: {}, cause: {}",
id, ex.getMessage());
throw new OMException("Delegation token renewal failed for dt: " + token,
ex, TOKEN_ERROR_OTHER);
} }
return expiryTime; return expiryTime;
} }
@ -1095,16 +1110,19 @@ public long renewDelegationToken(Token<OzoneTokenIdentifier> token)
*/ */
@Override @Override
public void cancelDelegationToken(Token<OzoneTokenIdentifier> token) public void cancelDelegationToken(Token<OzoneTokenIdentifier> token)
throws IOException { throws OMException {
OzoneTokenIdentifier id = null; OzoneTokenIdentifier id = null;
try { try {
String canceller = getRemoteUser().getUserName(); String canceller = getRemoteUser().getUserName();
id = delegationTokenMgr.cancelToken(token, canceller); id = delegationTokenMgr.cancelToken(token, canceller);
LOG.trace("Delegation token renewed for dt: {}", id); LOG.trace("Delegation token cancelled for dt: {}", id);
} catch (AccessControlException ace) { } catch (OMException oex) {
LOG.error("Delegation token renewal failed for dt: {}, cause: {}", id, throw oex;
ace.getMessage()); } catch (IOException ex) {
throw ace; LOG.error("Delegation token cancellation failed for dt id: {}, cause: {}",
id, ex.getMessage());
throw new OMException("Delegation token renewal failed for dt: " + token,
ex, TOKEN_ERROR_OTHER);
} }
} }
/** /**

View File

@ -57,7 +57,7 @@ public OzoneManagerProtocolServerSideTranslatorPB(
} }
/** /**
* Submit requests to Ratis server for OM HA implmentation. * Submit requests to Ratis server for OM HA implementation.
* TODO: Once HA is implemented fully, we should have only one server side * TODO: Once HA is implemented fully, we should have only one server side
* translator for OM protocol. * translator for OM protocol.
*/ */

View File

@ -163,7 +163,6 @@
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.GetDelegationTokenResponseProto; import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.GetDelegationTokenResponseProto;
import org.apache.hadoop.security.proto.SecurityProtos.RenewDelegationTokenRequestProto; import org.apache.hadoop.security.proto.SecurityProtos.RenewDelegationTokenRequestProto;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.RenewDelegationTokenResponseProto; import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.RenewDelegationTokenResponseProto;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.GetS3SecretRequest;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.GetS3SecretResponse; import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.GetS3SecretResponse;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
@ -418,6 +417,14 @@ private Status exceptionToResponseStatus(IOException ex) {
return Status.ENTITY_TOO_SMALL; return Status.ENTITY_TOO_SMALL;
case ABORT_MULTIPART_UPLOAD_FAILED: case ABORT_MULTIPART_UPLOAD_FAILED:
return Status.ABORT_MULTIPART_UPLOAD_FAILED; return Status.ABORT_MULTIPART_UPLOAD_FAILED;
case INVALID_AUTH_METHOD:
return Status.INVALID_AUTH_METHOD;
case INVALID_TOKEN:
return Status.INVALID_TOKEN;
case TOKEN_EXPIRED:
return Status.TOKEN_EXPIRED;
case TOKEN_ERROR_OTHER:
return Status.TOKEN_ERROR_OTHER;
default: default:
return Status.INTERNAL_ERROR; return Status.INTERNAL_ERROR;
} }