HDDS-1183. Override getDelegationToken API for OzoneFileSystem. Contributed by Xiaoyu Yao.
This commit is contained in:
Xiaoyu Yao
Ajay Yadav
parent
4a3cddea70
commit
6fef6fc5ee
@ -28,6 +28,7 @@
|
||||
import org.apache.hadoop.io.Text;
|
||||
import org.apache.hadoop.security.UserGroupInformation;
|
||||
import org.apache.hadoop.security.token.TokenIdentifier;
|
||||
import org.apache.hadoop.security.token.Token.TrivialRenewer;
|
||||
|
||||
import java.io.DataInput;
|
||||
import java.io.DataInputStream;
|
||||
@ -195,5 +196,17 @@ void writeProtobuf(DataOutput out) throws IOException {
|
||||
}
|
||||
out.write(builder.build().toByteArray());
|
||||
}
|
||||
|
||||
/**
|
||||
* Default TrivialRenewer.
|
||||
*/
|
||||
@InterfaceAudience.Private
|
||||
public static class Renewer extends TrivialRenewer {
|
||||
|
||||
@Override
|
||||
protected Text getKind() {
|
||||
return KIND_NAME;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -68,18 +68,6 @@ public Text getKind() {
|
||||
return KIND_NAME;
|
||||
}
|
||||
|
||||
/**
|
||||
* Default TrivialRenewer.
|
||||
*/
|
||||
@InterfaceAudience.Private
|
||||
public static class Renewer extends Token.TrivialRenewer {
|
||||
|
||||
@Override
|
||||
protected Text getKind() {
|
||||
return KIND_NAME;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Overrides default implementation to write using Protobuf.
|
||||
*
|
||||
|
||||
@ -17,6 +17,9 @@
|
||||
*/
|
||||
package org.apache.hadoop.fs.ozone;
|
||||
|
||||
import org.apache.hadoop.ozone.security.OzoneTokenIdentifier;
|
||||
import org.apache.hadoop.security.token.Token;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.util.Iterator;
|
||||
@ -52,4 +55,6 @@ public interface OzoneClientAdapter {
|
||||
|
||||
Iterator<BasicKeyInfo> listKeys(String pathKey);
|
||||
|
||||
Token<OzoneTokenIdentifier> getDelegationToken(String renewer)
|
||||
throws IOException;
|
||||
}
|
||||
|
||||
@ -22,9 +22,12 @@
|
||||
import java.util.HashMap;
|
||||
import java.util.Iterator;
|
||||
|
||||
import org.apache.hadoop.classification.InterfaceAudience;
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.hdds.client.ReplicationFactor;
|
||||
import org.apache.hadoop.hdds.client.ReplicationType;
|
||||
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
|
||||
import org.apache.hadoop.io.Text;
|
||||
import org.apache.hadoop.ozone.OzoneConfigKeys;
|
||||
import org.apache.hadoop.ozone.client.ObjectStore;
|
||||
import org.apache.hadoop.ozone.client.OzoneBucket;
|
||||
@ -35,6 +38,10 @@
|
||||
import org.apache.hadoop.ozone.client.io.OzoneOutputStream;
|
||||
|
||||
import static org.apache.hadoop.ozone.OzoneConsts.OZONE_URI_DELIMITER;
|
||||
|
||||
import org.apache.hadoop.ozone.security.OzoneTokenIdentifier;
|
||||
import org.apache.hadoop.security.token.Token;
|
||||
import org.apache.hadoop.security.token.TokenRenewer;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
@ -251,8 +258,64 @@ public Iterator<BasicKeyInfo> listKeys(String pathKey) {
|
||||
return new IteratorAdapter(bucket.listKeys(pathKey));
|
||||
}
|
||||
|
||||
@Override
|
||||
public Token<OzoneTokenIdentifier> getDelegationToken(String renewer)
|
||||
throws IOException {
|
||||
Token<OzoneTokenIdentifier> token =
|
||||
ozoneClient.getObjectStore().getDelegationToken(new Text(renewer));
|
||||
token.setKind(OzoneTokenIdentifier.KIND_NAME);
|
||||
return token;
|
||||
}
|
||||
|
||||
/**
|
||||
* Adapter to conver OzoneKey to a safe and simple Key implementation.
|
||||
* Ozone Delegation Token Renewer.
|
||||
*/
|
||||
@InterfaceAudience.Private
|
||||
public static class Renewer extends TokenRenewer {
|
||||
|
||||
//Ensure that OzoneConfiguration files are loaded before trying to use
|
||||
// the renewer.
|
||||
static {
|
||||
OzoneConfiguration.activate();
|
||||
}
|
||||
|
||||
public Text getKind() {
|
||||
return OzoneTokenIdentifier.KIND_NAME;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean handleKind(Text kind) {
|
||||
return getKind().equals(kind);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isManaged(Token<?> token) throws IOException {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public long renew(Token<?> token, Configuration conf)
|
||||
throws IOException, InterruptedException {
|
||||
Token<OzoneTokenIdentifier> ozoneDt =
|
||||
(Token<OzoneTokenIdentifier>) token;
|
||||
OzoneClient ozoneClient =
|
||||
OzoneClientFactory.getRpcClient(conf);
|
||||
return ozoneClient.getObjectStore().renewDelegationToken(ozoneDt);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void cancel(Token<?> token, Configuration conf)
|
||||
throws IOException, InterruptedException {
|
||||
Token<OzoneTokenIdentifier> ozoneDt =
|
||||
(Token<OzoneTokenIdentifier>) token;
|
||||
OzoneClient ozoneClient =
|
||||
OzoneClientFactory.getRpcClient(conf);
|
||||
ozoneClient.getObjectStore().cancelDelegationToken(ozoneDt);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Adapter to convert OzoneKey to a safe and simple Key implementation.
|
||||
*/
|
||||
public static class IteratorAdapter implements Iterator<BasicKeyInfo> {
|
||||
|
||||
|
||||
@ -48,7 +48,9 @@
|
||||
import org.apache.hadoop.fs.GlobalStorageStatistics;
|
||||
import org.apache.hadoop.fs.permission.FsPermission;
|
||||
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
|
||||
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
|
||||
import org.apache.hadoop.security.UserGroupInformation;
|
||||
import org.apache.hadoop.security.token.Token;
|
||||
import org.apache.hadoop.util.Progressable;
|
||||
|
||||
import com.google.common.base.Preconditions;
|
||||
@ -84,6 +86,7 @@ public class OzoneFileSystem extends FileSystem {
|
||||
private Path workingDir;
|
||||
|
||||
private OzoneClientAdapter adapter;
|
||||
private boolean securityEnabled;
|
||||
|
||||
|
||||
private OzoneFSStorageStatistics storageStatistics;
|
||||
@ -156,6 +159,10 @@ public void initialize(URI name, Configuration conf) throws IOException {
|
||||
} else {
|
||||
ozoneConfiguration = new OzoneConfiguration(conf);
|
||||
}
|
||||
SecurityConfig secConfig = new SecurityConfig(ozoneConfiguration);
|
||||
if (secConfig.isSecurityEnabled()) {
|
||||
this.securityEnabled = true;
|
||||
}
|
||||
this.adapter = new OzoneClientAdapterImpl(ozoneConfiguration,
|
||||
volumeStr, bucketStr, storageStatistics);
|
||||
}
|
||||
@ -669,6 +676,12 @@ public Path getWorkingDirectory() {
|
||||
return workingDir;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Token<?> getDelegationToken(String renewer) throws IOException {
|
||||
return securityEnabled? adapter.getDelegationToken(renewer) :
|
||||
super.getDelegationToken(renewer);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the username of the FS.
|
||||
*
|
||||
|
||||
Loading…
Reference in New Issue
Block a user