HDDS-1183. Override getDelegationToken API for OzoneFileSystem. Contributed by Xiaoyu Yao. (#545)

This commit is contained in:
Xiaoyu Yao 2019-03-04 10:37:26 -08:00 committed by Ajay Yadav
parent 15098df744
commit eed8b794d8
5 changed files with 95 additions and 14 deletions

View File

@ -28,6 +28,7 @@
import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.TokenIdentifier; import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.security.token.Token.TrivialRenewer;
import java.io.DataInput; import java.io.DataInput;
import java.io.DataInputStream; import java.io.DataInputStream;
@ -195,5 +196,17 @@ void writeProtobuf(DataOutput out) throws IOException {
} }
out.write(builder.build().toByteArray()); out.write(builder.build().toByteArray());
} }
/**
* Default TrivialRenewer.
*/
@InterfaceAudience.Private
public static class Renewer extends TrivialRenewer {
@Override
protected Text getKind() {
return KIND_NAME;
}
}
} }

View File

@ -29,7 +29,6 @@
import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Text;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMTokenProto; import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMTokenProto;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier; import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
import org.apache.hadoop.security.token.Token;
/** /**
* The token identifier for Ozone Master. * The token identifier for Ozone Master.
@ -68,18 +67,6 @@ public Text getKind() {
return KIND_NAME; return KIND_NAME;
} }
/**
* Default TrivialRenewer.
*/
@InterfaceAudience.Private
public static class Renewer extends Token.TrivialRenewer {
@Override
protected Text getKind() {
return KIND_NAME;
}
}
/** /**
* Overrides default implementation to write using Protobuf. * Overrides default implementation to write using Protobuf.
* *

View File

@ -17,6 +17,9 @@
*/ */
package org.apache.hadoop.fs.ozone; package org.apache.hadoop.fs.ozone;
import org.apache.hadoop.ozone.security.OzoneTokenIdentifier;
import org.apache.hadoop.security.token.Token;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.util.Iterator; import java.util.Iterator;
@ -52,4 +55,6 @@ public interface OzoneClientAdapter {
Iterator<BasicKeyInfo> listKeys(String pathKey); Iterator<BasicKeyInfo> listKeys(String pathKey);
Token<OzoneTokenIdentifier> getDelegationToken(String renewer)
throws IOException;
} }

View File

@ -22,9 +22,12 @@
import java.util.HashMap; import java.util.HashMap;
import java.util.Iterator; import java.util.Iterator;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdds.client.ReplicationFactor; import org.apache.hadoop.hdds.client.ReplicationFactor;
import org.apache.hadoop.hdds.client.ReplicationType; import org.apache.hadoop.hdds.client.ReplicationType;
import org.apache.hadoop.hdds.conf.OzoneConfiguration; import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.ozone.OzoneConfigKeys; import org.apache.hadoop.ozone.OzoneConfigKeys;
import org.apache.hadoop.ozone.client.ObjectStore; import org.apache.hadoop.ozone.client.ObjectStore;
import org.apache.hadoop.ozone.client.OzoneBucket; import org.apache.hadoop.ozone.client.OzoneBucket;
@ -35,6 +38,10 @@
import org.apache.hadoop.ozone.client.io.OzoneOutputStream; import org.apache.hadoop.ozone.client.io.OzoneOutputStream;
import static org.apache.hadoop.ozone.OzoneConsts.OZONE_URI_DELIMITER; import static org.apache.hadoop.ozone.OzoneConsts.OZONE_URI_DELIMITER;
import org.apache.hadoop.ozone.security.OzoneTokenIdentifier;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenRenewer;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -251,8 +258,64 @@ public Iterator<BasicKeyInfo> listKeys(String pathKey) {
return new IteratorAdapter(bucket.listKeys(pathKey)); return new IteratorAdapter(bucket.listKeys(pathKey));
} }
@Override
public Token<OzoneTokenIdentifier> getDelegationToken(String renewer)
throws IOException {
Token<OzoneTokenIdentifier> token =
ozoneClient.getObjectStore().getDelegationToken(new Text(renewer));
token.setKind(OzoneTokenIdentifier.KIND_NAME);
return token;
}
/** /**
* Adapter to conver OzoneKey to a safe and simple Key implementation. * Ozone Delegation Token Renewer.
*/
@InterfaceAudience.Private
public static class Renewer extends TokenRenewer {
//Ensure that OzoneConfiguration files are loaded before trying to use
// the renewer.
static {
OzoneConfiguration.activate();
}
public Text getKind() {
return OzoneTokenIdentifier.KIND_NAME;
}
@Override
public boolean handleKind(Text kind) {
return getKind().equals(kind);
}
@Override
public boolean isManaged(Token<?> token) throws IOException {
return true;
}
@Override
public long renew(Token<?> token, Configuration conf)
throws IOException, InterruptedException {
Token<OzoneTokenIdentifier> ozoneDt =
(Token<OzoneTokenIdentifier>) token;
OzoneClient ozoneClient =
OzoneClientFactory.getRpcClient(conf);
return ozoneClient.getObjectStore().renewDelegationToken(ozoneDt);
}
@Override
public void cancel(Token<?> token, Configuration conf)
throws IOException, InterruptedException {
Token<OzoneTokenIdentifier> ozoneDt =
(Token<OzoneTokenIdentifier>) token;
OzoneClient ozoneClient =
OzoneClientFactory.getRpcClient(conf);
ozoneClient.getObjectStore().cancelDelegationToken(ozoneDt);
}
}
/**
* Adapter to convert OzoneKey to a safe and simple Key implementation.
*/ */
public static class IteratorAdapter implements Iterator<BasicKeyInfo> { public static class IteratorAdapter implements Iterator<BasicKeyInfo> {

View File

@ -48,7 +48,9 @@
import org.apache.hadoop.fs.GlobalStorageStatistics; import org.apache.hadoop.fs.GlobalStorageStatistics;
import org.apache.hadoop.fs.permission.FsPermission; import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdds.conf.OzoneConfiguration; import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.Progressable; import org.apache.hadoop.util.Progressable;
import com.google.common.base.Preconditions; import com.google.common.base.Preconditions;
@ -84,6 +86,7 @@ public class OzoneFileSystem extends FileSystem {
private Path workingDir; private Path workingDir;
private OzoneClientAdapter adapter; private OzoneClientAdapter adapter;
private boolean securityEnabled;
private OzoneFSStorageStatistics storageStatistics; private OzoneFSStorageStatistics storageStatistics;
@ -156,6 +159,10 @@ public void initialize(URI name, Configuration conf) throws IOException {
} else { } else {
ozoneConfiguration = new OzoneConfiguration(conf); ozoneConfiguration = new OzoneConfiguration(conf);
} }
SecurityConfig secConfig = new SecurityConfig(ozoneConfiguration);
if (secConfig.isSecurityEnabled()) {
this.securityEnabled = true;
}
this.adapter = new OzoneClientAdapterImpl(ozoneConfiguration, this.adapter = new OzoneClientAdapterImpl(ozoneConfiguration,
volumeStr, bucketStr, storageStatistics); volumeStr, bucketStr, storageStatistics);
} }
@ -669,6 +676,12 @@ public Path getWorkingDirectory() {
return workingDir; return workingDir;
} }
@Override
public Token<?> getDelegationToken(String renewer) throws IOException {
return securityEnabled? adapter.getDelegationToken(renewer) :
super.getDelegationToken(renewer);
}
/** /**
* Get the username of the FS. * Get the username of the FS.
* *