HADOOP-15719. Fail-fast when using OAuth over http.
Contributed by Da Zhou.
This commit is contained in:
parent
51d368982b
commit
df2166a643
@ -101,12 +101,11 @@ public void initialize(URI uri, Configuration configuration)
|
|||||||
this.userGroupInformation = UserGroupInformation.getCurrentUser();
|
this.userGroupInformation = UserGroupInformation.getCurrentUser();
|
||||||
this.user = userGroupInformation.getUserName();
|
this.user = userGroupInformation.getUserName();
|
||||||
this.abfsStore = new AzureBlobFileSystemStore(uri, this.isSecure(), configuration, userGroupInformation);
|
this.abfsStore = new AzureBlobFileSystemStore(uri, this.isSecure(), configuration, userGroupInformation);
|
||||||
|
final AbfsConfiguration abfsConfiguration = abfsStore.getAbfsConfiguration();
|
||||||
LOG.debug("Initializing NativeAzureFileSystem for {}", uri);
|
|
||||||
|
|
||||||
this.setWorkingDirectory(this.getHomeDirectory());
|
this.setWorkingDirectory(this.getHomeDirectory());
|
||||||
|
|
||||||
if (abfsStore.getAbfsConfiguration().getCreateRemoteFileSystemDuringInitialization()) {
|
if (abfsConfiguration.getCreateRemoteFileSystemDuringInitialization()) {
|
||||||
if (!this.fileSystemExists()) {
|
if (!this.fileSystemExists()) {
|
||||||
try {
|
try {
|
||||||
this.createFileSystem();
|
this.createFileSystem();
|
||||||
@ -116,7 +115,7 @@ public void initialize(URI uri, Configuration configuration)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!abfsStore.getAbfsConfiguration().getSkipUserGroupMetadataDuringInitialization()) {
|
if (!abfsConfiguration.getSkipUserGroupMetadataDuringInitialization()) {
|
||||||
this.primaryUserGroup = userGroupInformation.getPrimaryGroupName();
|
this.primaryUserGroup = userGroupInformation.getPrimaryGroupName();
|
||||||
} else {
|
} else {
|
||||||
//Provide a default group name
|
//Provide a default group name
|
||||||
@ -124,15 +123,15 @@ public void initialize(URI uri, Configuration configuration)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (UserGroupInformation.isSecurityEnabled()) {
|
if (UserGroupInformation.isSecurityEnabled()) {
|
||||||
this.delegationTokenEnabled = abfsStore.getAbfsConfiguration().isDelegationTokenManagerEnabled();
|
this.delegationTokenEnabled = abfsConfiguration.isDelegationTokenManagerEnabled();
|
||||||
|
|
||||||
if (this.delegationTokenEnabled) {
|
if (this.delegationTokenEnabled) {
|
||||||
LOG.debug("Initializing DelegationTokenManager for {}", uri);
|
LOG.debug("Initializing DelegationTokenManager for {}", uri);
|
||||||
this.delegationTokenManager = abfsStore.getAbfsConfiguration().getDelegationTokenManager();
|
this.delegationTokenManager = abfsConfiguration.getDelegationTokenManager();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
AbfsClientThrottlingIntercept.initializeSingleton(abfsStore.getAbfsConfiguration().isAutoThrottlingEnabled());
|
AbfsClientThrottlingIntercept.initializeSingleton(abfsConfiguration.isAutoThrottlingEnabled());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -88,6 +88,7 @@
|
|||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
import static org.apache.hadoop.fs.azurebfs.constants.ConfigurationKeys.AZURE_ABFS_ENDPOINT;
|
import static org.apache.hadoop.fs.azurebfs.constants.ConfigurationKeys.AZURE_ABFS_ENDPOINT;
|
||||||
|
import static org.apache.hadoop.fs.azurebfs.constants.ConfigurationKeys.FS_AZURE_ACCOUNT_AUTH_TYPE_PROPERTY_NAME;
|
||||||
import static org.apache.hadoop.util.Time.now;
|
import static org.apache.hadoop.util.Time.now;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -130,6 +131,12 @@ public AzureBlobFileSystemStore(URI uri, boolean isSecure, Configuration configu
|
|||||||
this.azureAtomicRenameDirSet = new HashSet<>(Arrays.asList(
|
this.azureAtomicRenameDirSet = new HashSet<>(Arrays.asList(
|
||||||
abfsConfiguration.getAzureAtomicRenameDirs().split(AbfsHttpConstants.COMMA)));
|
abfsConfiguration.getAzureAtomicRenameDirs().split(AbfsHttpConstants.COMMA)));
|
||||||
|
|
||||||
|
if (AuthType.OAuth == abfsConfiguration.getEnum(FS_AZURE_ACCOUNT_AUTH_TYPE_PROPERTY_NAME, AuthType.SharedKey)
|
||||||
|
&& !FileSystemUriSchemes.ABFS_SECURE_SCHEME.equals(uri.getScheme())) {
|
||||||
|
throw new IllegalArgumentException(
|
||||||
|
String.format("Incorrect URI %s, URI scheme must be abfss when authenticating using Oauth.", uri));
|
||||||
|
}
|
||||||
|
|
||||||
initializeClient(uri, fileSystemName, accountName, isSecure);
|
initializeClient(uri, fileSystemName, accountName, isSecure);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -27,6 +27,6 @@
|
|||||||
@InterfaceStability.Evolving
|
@InterfaceStability.Evolving
|
||||||
public class ConfigurationPropertyNotFoundException extends AzureBlobFileSystemException {
|
public class ConfigurationPropertyNotFoundException extends AzureBlobFileSystemException {
|
||||||
public ConfigurationPropertyNotFoundException(String property) {
|
public ConfigurationPropertyNotFoundException(String property) {
|
||||||
super("Configuration property " + property + "not found.");
|
super("Configuration property " + property + " not found.");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1,55 @@
|
|||||||
|
/**
|
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
* or more contributor license agreements. See the NOTICE file
|
||||||
|
* distributed with this work for additional information
|
||||||
|
* regarding copyright ownership. The ASF licenses this file
|
||||||
|
* to you under the Apache License, Version 2.0 (the
|
||||||
|
* "License"); you may not use this file except in compliance
|
||||||
|
* with the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.apache.hadoop.fs.azurebfs.services;
|
||||||
|
|
||||||
|
import java.net.URI;
|
||||||
|
|
||||||
|
import org.junit.Test;
|
||||||
|
|
||||||
|
import org.apache.hadoop.conf.Configuration;
|
||||||
|
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
|
||||||
|
import org.apache.hadoop.fs.FileSystem;
|
||||||
|
import org.apache.hadoop.fs.azurebfs.constants.FileSystemUriSchemes;
|
||||||
|
|
||||||
|
import static org.apache.hadoop.fs.azurebfs.constants.ConfigurationKeys.FS_AZURE_ACCOUNT_AUTH_TYPE_PROPERTY_NAME;
|
||||||
|
import static org.apache.hadoop.fs.azurebfs.constants.TestConfigurationKeys.FS_AZURE_ABFS_ACCOUNT_NAME;
|
||||||
|
import static org.apache.hadoop.test.LambdaTestUtils.intercept;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test Oauth fail fast when uri scheme is incorrect.
|
||||||
|
*/
|
||||||
|
public class TestOauthFailOverHttp {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testOauthFailWithSchemeAbfs() throws Exception {
|
||||||
|
Configuration conf = new Configuration();
|
||||||
|
final String account = "fakeaccount.dfs.core.windows.net";
|
||||||
|
conf.set(FS_AZURE_ABFS_ACCOUNT_NAME, account);
|
||||||
|
conf.setEnum(FS_AZURE_ACCOUNT_AUTH_TYPE_PROPERTY_NAME, AuthType.OAuth);
|
||||||
|
URI defaultUri = new URI(FileSystemUriSchemes.ABFS_SCHEME,
|
||||||
|
"fakecontainer@" + account,
|
||||||
|
null,
|
||||||
|
null,
|
||||||
|
null);
|
||||||
|
conf.set(CommonConfigurationKeysPublic.FS_DEFAULT_NAME_KEY, defaultUri.toString());
|
||||||
|
// IllegalArgumentException is expected
|
||||||
|
// when authenticating using Oauth and scheme is not abfss
|
||||||
|
intercept(IllegalArgumentException.class, "Incorrect URI",
|
||||||
|
() -> FileSystem.get(conf));
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user