diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 3fb2e02fb3..606f46cc39 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -267,6 +267,8 @@ Release 2.0.0 - UNRELEASED HADOOP-8117. Upgrade test build to Surefire 2.12 (todd) + HADOOP-8152. Expand public APIs for security library classes. (atm via eli) + OPTIMIZATIONS BUG FIXES diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java index b7d268699c..63683bf720 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java @@ -220,6 +220,8 @@ public static void fetchServiceTicket(URL remoteHost) throws IOException { * @return converted Kerberos principal name * @throws IOException if the client address cannot be determined */ + @InterfaceAudience.Public + @InterfaceStability.Evolving public static String getServerPrincipal(String principalConfig, String hostname) throws IOException { String[] components = getComponents(principalConfig); @@ -245,6 +247,8 @@ public static String getServerPrincipal(String principalConfig, * @return converted Kerberos principal name * @throws IOException if the client address cannot be determined */ + @InterfaceAudience.Public + @InterfaceStability.Evolving public static String getServerPrincipal(String principalConfig, InetAddress addr) throws IOException { String[] components = getComponents(principalConfig); @@ -292,6 +296,8 @@ static String getLocalHostName() throws UnknownHostException { * the key to look for user's Kerberos principal name in conf * @throws IOException if login fails */ + @InterfaceAudience.Public + @InterfaceStability.Evolving public static void login(final Configuration conf, final String keytabFileKey, final String userNameKey) throws IOException { login(conf, keytabFileKey, userNameKey, getLocalHostName()); @@ -312,6 +318,8 @@ public static void login(final Configuration conf, * hostname to use for substitution * @throws IOException if the config doesn't specify a keytab */ + @InterfaceAudience.Public + @InterfaceStability.Evolving public static void login(final Configuration conf, final String keytabFileKey, final String userNameKey, String hostname) throws IOException { diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java index 8285334739..3f9d8b44d8 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java @@ -69,7 +69,7 @@ * user's username and groups. It supports both the Windows, Unix and Kerberos * login modules. */ -@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"}) +@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce", "HBase", "Hive", "Oozie"}) @InterfaceStability.Evolving public class UserGroupInformation { private static final Log LOG = LogFactory.getLog(UserGroupInformation.class); @@ -258,6 +258,8 @@ private static synchronized void initUGI(Configuration conf) { * group look up service. * @param conf the configuration to use */ + @InterfaceAudience.Public + @InterfaceStability.Evolving public static void setConfiguration(Configuration conf) { initialize(conf, false); } @@ -500,6 +502,8 @@ public boolean hasKerberosCredentials() { * @return the current user * @throws IOException if login fails */ + @InterfaceAudience.Public + @InterfaceStability.Evolving public synchronized static UserGroupInformation getCurrentUser() throws IOException { AccessControlContext context = AccessController.getContext(); @@ -516,6 +520,8 @@ static UserGroupInformation getCurrentUser() throws IOException { * @return the logged in user * @throws IOException if login fails */ + @InterfaceAudience.Public + @InterfaceStability.Evolving public synchronized static UserGroupInformation getLoginUser() throws IOException { if (loginUser == null) { @@ -652,6 +658,8 @@ public void run() { * @param path the path to the keytab file * @throws IOException if the keytab file can't be read */ + @InterfaceAudience.Public + @InterfaceStability.Evolving public synchronized static void loginUserFromKeytab(String user, String path @@ -710,6 +718,8 @@ public synchronized void checkTGTAndReloginFromKeytab() throws IOException { * the new credentials. * @throws IOException on a failure */ + @InterfaceAudience.Public + @InterfaceStability.Evolving public synchronized void reloginFromKeytab() throws IOException { if (!isSecurityEnabled() || @@ -769,6 +779,8 @@ public synchronized void reloginFromKeytab() * the new credentials. * @throws IOException on a failure */ + @InterfaceAudience.Public + @InterfaceStability.Evolving public synchronized void reloginFromTicketCache() throws IOException { if (!isSecurityEnabled() || @@ -867,6 +879,8 @@ private boolean hasSufficientTimeElapsed(long now) { * Did the login happen via keytab * @return true or false */ + @InterfaceAudience.Public + @InterfaceStability.Evolving public synchronized static boolean isLoginKeytabBased() throws IOException { return getLoginUser().isKeytab; } @@ -877,6 +891,8 @@ public synchronized static boolean isLoginKeytabBased() throws IOException { * @param user the full user principal name, must not be empty or null * @return the UserGroupInformation for the remote user. */ + @InterfaceAudience.Public + @InterfaceStability.Evolving public static UserGroupInformation createRemoteUser(String user) { if (user == null || "".equals(user)) { throw new IllegalArgumentException("Null user"); @@ -891,6 +907,7 @@ public static UserGroupInformation createRemoteUser(String user) { /** * existing types of authentications' methods */ + @InterfaceAudience.Public @InterfaceStability.Evolving public static enum AuthenticationMethod { SIMPLE, @@ -908,6 +925,8 @@ public static enum AuthenticationMethod { * @param realUser * @return proxyUser ugi */ + @InterfaceAudience.Public + @InterfaceStability.Evolving public static UserGroupInformation createProxyUser(String user, UserGroupInformation realUser) { if (user == null || "".equals(user)) { @@ -929,6 +948,8 @@ public static UserGroupInformation createProxyUser(String user, * get RealUser (vs. EffectiveUser) * @return realUser running over proxy user */ + @InterfaceAudience.Public + @InterfaceStability.Evolving public UserGroupInformation getRealUser() { for (RealUser p: subject.getPrincipals(RealUser.class)) { return p.getRealUser(); @@ -974,7 +995,8 @@ private void setUserGroups(String user, String[] groups) { * @param userGroups the names of the groups that the user belongs to * @return a fake user for running unit tests */ - @InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"}) + @InterfaceAudience.Public + @InterfaceStability.Evolving public static UserGroupInformation createUserForTesting(String user, String[] userGroups) { ensureInitialized(); @@ -1000,7 +1022,6 @@ public static UserGroupInformation createUserForTesting(String user, * the names of the groups that the user belongs to * @return a fake user for running unit tests */ - @InterfaceAudience.LimitedPrivate( { "HDFS", "MapReduce" }) public static UserGroupInformation createProxyUserForTesting(String user, UserGroupInformation realUser, String[] userGroups) { ensureInitialized(); @@ -1029,6 +1050,8 @@ public String getShortUserName() { * Get the user's full principal name. * @return the user's full principal name. */ + @InterfaceAudience.Public + @InterfaceStability.Evolving public String getUserName() { return user.getName(); } @@ -1182,6 +1205,8 @@ protected Subject getSubject() { * @param action the method to execute * @return the value from the run method */ + @InterfaceAudience.Public + @InterfaceStability.Evolving public T doAs(PrivilegedAction action) { logPrivilegedAction(subject, action); return Subject.doAs(subject, action); @@ -1198,6 +1223,8 @@ public T doAs(PrivilegedAction action) { * @throws InterruptedException if the action throws an InterruptedException * @throws UndeclaredThrowableException if the action throws something else */ + @InterfaceAudience.Public + @InterfaceStability.Evolving public T doAs(PrivilegedExceptionAction action ) throws IOException, InterruptedException { try {