This is an automated email from the ASF dual-hosted git repository.
andras pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/oozie.git
The following commit(s) were added to refs/heads/master by this push:
new 32a0baf OOZIE-3186 [core] Oozie is unable to use configuration linked
using jceks://file/ (dionusos via andras.piros)
32a0baf is described below
commit 32a0baf8add69e7a87e3963e6eace00e7e3fafe1
Author: Andras Piros <[email protected]>
AuthorDate: Fri Jan 4 11:29:26 2019 +0100
OOZIE-3186 [core] Oozie is unable to use configuration linked using
jceks://file/ (dionusos via andras.piros)
---
.../apache/oozie/service/ConfigurationService.java | 18 ++++++++++++
.../oozie/service/TestConfigurationService.java | 33 ++++++++++++++++++++++
.../oozie-site-with-jceks-filesomething.xml | 26 +++++++++++++++++
.../resources/oozie-site-with-jceks-nonfile.xml | 26 +++++++++++++++++
core/src/test/resources/oozie-site-with-jceks.xml | 26 +++++++++++++++++
.../test/resources/oozie-site-with-localjceks.xml | 26 +++++++++++++++++
release-log.txt | 1 +
7 files changed, 156 insertions(+)
diff --git
a/core/src/main/java/org/apache/oozie/service/ConfigurationService.java
b/core/src/main/java/org/apache/oozie/service/ConfigurationService.java
index 702a8f1..8345da7 100644
--- a/core/src/main/java/org/apache/oozie/service/ConfigurationService.java
+++ b/core/src/main/java/org/apache/oozie/service/ConfigurationService.java
@@ -20,6 +20,7 @@ package org.apache.oozie.service;
import com.google.common.base.Strings;
import com.google.common.annotations.VisibleForTesting;
+import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.oozie.ErrorCode;
import org.apache.oozie.util.ConfigUtils;
@@ -98,6 +99,8 @@ public class ConfigurationService implements Service,
Instrumentable {
private static final String IGNORE_TEST_SYS_PROPS = "oozie.test.";
private static final Set<String> MASK_PROPS = new HashSet<String>();
+ public static final String HADOOP_SECURITY_CREDENTIAL_PROVIDER_PATH =
"hadoop.security.credential.provider.path";
+ public static final String JCEKS_FILE_PREFIX = "jceks://file/";
private static Map<String,String> defaultConfigs = new
HashMap<String,String>();
static {
@@ -247,6 +250,7 @@ public class ConfigurationService implements Service,
Instrumentable {
else {
inputStream = new FileInputStream(configFile);
XConfiguration siteConfiguration = loadConfig(inputStream,
false);
+ fixJceksUrl(siteConfiguration);
XConfiguration.injectDefaults(configuration,
siteConfiguration);
configuration = siteConfiguration;
}
@@ -632,4 +636,18 @@ public class ConfigurationService implements Service,
Instrumentable {
final Configuration conf = Services.get().getConf();
return conf.getValByRegex(regex);
}
+
+ private void fixJceksUrl(Configuration siteConfiguration) {
+ String jceksUrl =
siteConfiguration.get(HADOOP_SECURITY_CREDENTIAL_PROVIDER_PATH);
+ if (Strings.isNullOrEmpty(jceksUrl)) {
+ return;
+ }
+ if (jceksUrl.startsWith(JCEKS_FILE_PREFIX)) {
+ siteConfiguration.set(
+ HADOOP_SECURITY_CREDENTIAL_PROVIDER_PATH,
+ jceksUrl.replaceFirst("jceks", "localjceks"));
+ log.info(HADOOP_SECURITY_CREDENTIAL_PROVIDER_PATH + " is changed
to " +
+
siteConfiguration.get(HADOOP_SECURITY_CREDENTIAL_PROVIDER_PATH));
+ }
+ }
}
diff --git
a/core/src/test/java/org/apache/oozie/service/TestConfigurationService.java
b/core/src/test/java/org/apache/oozie/service/TestConfigurationService.java
index 1b68090..49c81ac 100644
--- a/core/src/test/java/org/apache/oozie/service/TestConfigurationService.java
+++ b/core/src/test/java/org/apache/oozie/service/TestConfigurationService.java
@@ -28,6 +28,7 @@ import org.apache.oozie.command.wf.JobXCommand;
import org.apache.oozie.compression.CodecFactory;
import org.apache.oozie.event.listener.ZKConnectionListener;
import org.apache.oozie.executor.jpa.CoordActionGetForInfoJPAExecutor;
+import static
org.apache.oozie.service.ConfigurationService.HADOOP_SECURITY_CREDENTIAL_PROVIDER_PATH;
import org.apache.oozie.servlet.AuthFilter;
import org.apache.oozie.servlet.V1JobServlet;
import org.apache.oozie.sla.service.SLAService;
@@ -308,6 +309,38 @@ public class TestConfigurationService extends XTestCase {
verifyDocumentBuilderFactoryClass(null, dbfClass);
}
+ public void testJceksUrlReplacement() throws Exception {
+ assertForJceksReplacement(
+ "oozie-site-with-jceks.xml",
+ "localjceks://file/somewhere/on/local/filesystem");
+ }
+
+ public void testJceksLocaljceksUrlReplacement() throws Exception {
+ assertForJceksReplacement(
+ "oozie-site-with-localjceks.xml",
+ "localjceks://file/somewhere/on/local/filesystem");
+ }
+
+ public void testJceksUrlReplacementWithNonFileContinuation() throws
Exception {
+ assertForJceksReplacement(
+ "oozie-site-with-jceks-nonfile.xml",
+ "jceks://something/somewhere/on/local/filesystem");
+ }
+
+ public void testJceksUrlReplacementWithFilesomethingContinuation() throws
Exception {
+ assertForJceksReplacement(
+ "oozie-site-with-jceks-filesomething.xml",
+ "jceks://filesomething/somewhere/on/local/filesystem");
+ }
+
+ private void assertForJceksReplacement(String siteXml, String
expectedResult) throws Exception{
+ prepareOozieConfDir(siteXml);
+ ConfigurationService cl = new ConfigurationService();
+ cl.init(null);
+ assertEquals(expectedResult,
cl.getConf().get(HADOOP_SECURITY_CREDENTIAL_PROVIDER_PATH));
+ cl.destroy();
+ }
+
private void verifyDocumentBuilderFactoryClass(String
expectedPropertyValue, Class<?> expectedClass) throws Exception {
setSystemProperty("javax.xml.parsers.DocumentBuilderFactory", null);
assertNull(System.getProperty("javax.xml.parsers.DocumentBuilderFactory"));
diff --git a/core/src/test/resources/oozie-site-with-jceks-filesomething.xml
b/core/src/test/resources/oozie-site-with-jceks-filesomething.xml
new file mode 100644
index 0000000..a9f7576
--- /dev/null
+++ b/core/src/test/resources/oozie-site-with-jceks-filesomething.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration>
+
+ <property>
+ <name>hadoop.security.credential.provider.path</name>
+ <value>jceks://filesomething/somewhere/on/local/filesystem</value>
+ </property>
+
+</configuration>
diff --git a/core/src/test/resources/oozie-site-with-jceks-nonfile.xml
b/core/src/test/resources/oozie-site-with-jceks-nonfile.xml
new file mode 100644
index 0000000..8d5c7df
--- /dev/null
+++ b/core/src/test/resources/oozie-site-with-jceks-nonfile.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration>
+
+ <property>
+ <name>hadoop.security.credential.provider.path</name>
+ <value>jceks://something/somewhere/on/local/filesystem</value>
+ </property>
+
+</configuration>
diff --git a/core/src/test/resources/oozie-site-with-jceks.xml
b/core/src/test/resources/oozie-site-with-jceks.xml
new file mode 100644
index 0000000..3d480e7
--- /dev/null
+++ b/core/src/test/resources/oozie-site-with-jceks.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration>
+
+ <property>
+ <name>hadoop.security.credential.provider.path</name>
+ <value>jceks://file/somewhere/on/local/filesystem</value>
+ </property>
+
+</configuration>
diff --git a/core/src/test/resources/oozie-site-with-localjceks.xml
b/core/src/test/resources/oozie-site-with-localjceks.xml
new file mode 100644
index 0000000..ada239c
--- /dev/null
+++ b/core/src/test/resources/oozie-site-with-localjceks.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration>
+
+ <property>
+ <name>hadoop.security.credential.provider.path</name>
+ <value>localjceks://file/somewhere/on/local/filesystem</value>
+ </property>
+
+</configuration>
diff --git a/release-log.txt b/release-log.txt
index 68f21bc..6721828 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -1,5 +1,6 @@
-- Oozie 5.2.0 release (trunk - unreleased)
+OOZIE-3186 [core] Oozie is unable to use configuration linked using
jceks://file/ (dionusos via andras.piros)
OOZIE-3194 [tools] Oozie should set proper permissions to sharelib after
upload (dionusos via andras.piros)
OOZIE-3341 [docs] Fix difference between command line help and documentation
(asalamon74 via andras.piros)
OOZIE-3400 [core] Fix PurgeService sub-sub-workflow checking (asalamon74 via
andras.piros)
