HDFS-7942. NFS: support regexp grouping in nfs.exports.allowed.hosts. Contributed by Brandon Li

This commit is contained in:
Brandon Li 2015-03-23 10:06:47 -07:00
parent 82eda771e0
commit 36af4a913c
4 changed files with 28 additions and 6 deletions

View File

@ -391,7 +391,7 @@ private static Match getMatch(String line) {
return new CIDRMatch(privilege,
new SubnetUtils(pair[0], pair[1]).getInfo());
} else if (host.contains("*") || host.contains("?") || host.contains("[")
|| host.contains("]")) {
|| host.contains("]") || host.contains("(") || host.contains(")")) {
if (LOG.isDebugEnabled()) {
LOG.debug("Using Regex match for '" + host + "' and " + privilege);
}

View File

@ -23,8 +23,8 @@
public class TestNfsExports {
private final String address1 = "192.168.0.1";
private final String address2 = "10.0.0.1";
private final String address1 = "192.168.0.12";
private final String address2 = "10.0.0.12";
private final String hostname1 = "a.b.com";
private final String hostname2 = "a.b.org";
@ -164,6 +164,24 @@ public void testRegexHostRO() {
matcher.getAccessPrivilege(address1, hostname2));
}
@Test
public void testRegexGrouping() {
NfsExports matcher = new NfsExports(CacheSize, ExpirationPeriod,
"192.168.0.(12|34)");
Assert.assertEquals(AccessPrivilege.READ_ONLY,
matcher.getAccessPrivilege(address1, hostname1));
// address1 will hit the cache
Assert.assertEquals(AccessPrivilege.READ_ONLY,
matcher.getAccessPrivilege(address1, hostname2));
matcher = new NfsExports(CacheSize, ExpirationPeriod, "\\w*.a.b.com");
Assert.assertEquals(AccessPrivilege.READ_ONLY,
matcher.getAccessPrivilege("1.2.3.4", "web.a.b.com"));
// address "1.2.3.4" will hit the cache
Assert.assertEquals(AccessPrivilege.READ_ONLY,
matcher.getAccessPrivilege("1.2.3.4", "email.a.b.org"));
}
@Test
public void testMultiMatchers() throws Exception {
long shortExpirationPeriod = 1 * 1000 * 1000 * 1000; // 1s

View File

@ -1232,6 +1232,8 @@ Release 2.7.0 - UNRELEASED
HDFS-6841. Use Time.monotonicNow() wherever applicable instead of Time.now()
(Vinayakumar B via kihwal)
HDFS-7942. NFS: support regexp grouping in nfs.exports.allowed.hosts (brandonli)
BREAKDOWN OF HDFS-7584 SUBTASKS AND RELATED JIRAS
HDFS-7720. Quota by Storage Type API, tools and ClientNameNode

View File

@ -144,10 +144,12 @@ It's strongly recommended for the users to update a few configuration properties
* By default, the export can be mounted by any client. To better control the access,
users can update the following property. The value string contains machine name and
access privilege, separated by whitespace
characters. The machine name format can be a single host, a Java regular expression, or an IPv4 address. The access
characters. The machine name format can be a single host, a "*", a Java regular expression, or an IPv4 address. The access
privilege uses rw or ro to specify read/write or read-only access of the machines to exports. If the access privilege is not provided, the default is read-only. Entries are separated by ";".
For example: "192.168.0.0/22 rw ; host.\*\\.example\\.com ; host1.test.org ro;". Only the NFS gateway needs to restart after
this property is updated.
For example: "192.168.0.0/22 rw ; \\\\w\*\\\\.example\\\\.com ; host1.test.org ro;". Only the NFS gateway needs to restart after
this property is updated. Note that, here Java regular expression is differnt with the regrulation expression used in
Linux NFS export table, such as, using "\\\\w\*\\\\.example\\\\.com" instead of "\*.example.com", "192\\\\.168\\\\.0\\\\.(11|22)"
instead of "192.168.0.[11|22]" and so on.
<property>
<name>nfs.exports.allowed.hosts</name>