[2/2] hadoop git commit: HADOOP-14445. Use DelegationTokenIssuer to create KMS delegation tokens that can authenticate to all KMS instances. Contributed by Daryn Sharp, Xiao Chen, Rushabh S Shah.
HADOOP-14445. Use DelegationTokenIssuer to create KMS delegation tokens that can authenticate to all KMS instances. Contributed by Daryn Sharp, Xiao Chen, Rushabh S Shah. (cherry picked from commit 5ec86b445cc492f52c33639efb6a09a0d2f27475) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/9cb0654f Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/9cb0654f Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/9cb0654f Branch: refs/heads/branch-3.2 Commit: 9cb0654fbb3dff15fd4ef4a9ecc81626caebfbb8 Parents: 65c1469 Author: Xiao Chen Authored: Fri Oct 12 09:32:21 2018 -0700 Committer: Xiao Chen Committed: Fri Oct 12 12:08:08 2018 -0700 -- .../KeyProviderDelegationTokenExtension.java| 71 ++-- .../crypto/key/KeyProviderTokenIssuer.java | 4 +- .../crypto/key/kms/KMSClientProvider.java | 220 .../key/kms/LoadBalancingKMSClientProvider.java | 75 +++- .../java/org/apache/hadoop/fs/FileSystem.java | 75 +--- .../web/DelegationTokenAuthenticatedURL.java| 25 +- .../security/token/DelegationTokenIssuer.java | 112 ++ .../java/org/apache/hadoop/util/KMSUtil.java| 13 +- ...TestKeyProviderDelegationTokenExtension.java | 20 +- .../crypto/key/kms/TestKMSClientProvider.java | 138 .../kms/TestLoadBalancingKMSClientProvider.java | 63 +++- .../apache/hadoop/fs/TestFilterFileSystem.java | 3 + .../org/apache/hadoop/fs/TestHarFileSystem.java | 3 + .../hadoop/crypto/key/kms/server/TestKMS.java | 349 --- .../java/org/apache/hadoop/hdfs/DFSClient.java | 11 +- .../hadoop/hdfs/DistributedFileSystem.java | 14 +- .../org/apache/hadoop/hdfs/HdfsKMSUtil.java | 60 ++-- .../hadoop/hdfs/web/WebHdfsFileSystem.java | 20 +- 18 files changed, 963 insertions(+), 313 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/9cb0654f/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java index 9212cbc..280ee86 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java @@ -17,8 +17,12 @@ */ package org.apache.hadoop.crypto.key; +import com.google.common.annotations.VisibleForTesting; +import org.apache.hadoop.classification.InterfaceAudience; +import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.token.Token; +import org.apache.hadoop.security.token.org.apache.hadoop.security.token.DelegationTokenIssuer; import java.io.IOException; @@ -28,7 +32,8 @@ import java.io.IOException; */ public class KeyProviderDelegationTokenExtension extends KeyProviderExtension - { + +implements DelegationTokenIssuer { private static DelegationTokenExtension DEFAULT_EXTENSION = new DefaultDelegationTokenExtension(); @@ -36,22 +41,9 @@ public class KeyProviderDelegationTokenExtension extends /** * DelegationTokenExtension is a type of Extension that exposes methods * needed to work with Delegation Tokens. - */ - public interface DelegationTokenExtension extends -KeyProviderExtension.Extension { - -/** - * The implementer of this class will take a renewer and add all - * delegation tokens associated with the renewer to the - * Credentials object if it is not already present, - * @param renewer the user allowed to renew the delegation tokens - * @param credentials cache in which to add new delegation tokens - * @return list of new delegation tokens - * @throws IOException thrown if IOException if an IO error occurs. - */ -Token[] addDelegationTokens(final String renewer, -Credentials credentials) throws IOException; - + */ + public interface DelegationTokenExtension + extends KeyProviderExtension.Extension, DelegationTokenIssuer { /** * Renews the given token. * @param token The token to be renewed. @@ -66,6 +58,12 @@ public class KeyProviderDelegationTokenExtension extends * @throws IOException */ Void cancelDelegationToken(final Token token) throws IOException; + +// Do NOT call this. Only intended for internal use. +@VisibleForTesting +@InterfaceAudience.Private +
[2/2] hadoop git commit: HADOOP-14445. Use DelegationTokenIssuer to create KMS delegation tokens that can authenticate to all KMS instances. Contributed by Daryn Sharp, Xiao Chen, Rushabh S Shah.
HADOOP-14445. Use DelegationTokenIssuer to create KMS delegation tokens that can authenticate to all KMS instances. Contributed by Daryn Sharp, Xiao Chen, Rushabh S Shah. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/ff7ca472 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/ff7ca472 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/ff7ca472 Branch: refs/heads/branch-3.0 Commit: ff7ca472d220c3f19d3a8ca5c76ce87ddf201659 Parents: 53b522a Author: Xiao Chen Authored: Fri Oct 12 11:50:54 2018 -0700 Committer: Xiao Chen Committed: Fri Oct 12 12:08:38 2018 -0700 -- .../KeyProviderDelegationTokenExtension.java| 71 ++-- .../crypto/key/KeyProviderTokenIssuer.java | 4 +- .../crypto/key/kms/KMSClientProvider.java | 220 .../key/kms/LoadBalancingKMSClientProvider.java | 75 +++- .../java/org/apache/hadoop/fs/FileSystem.java | 75 +--- .../web/DelegationTokenAuthenticatedURL.java| 25 +- .../security/token/DelegationTokenIssuer.java | 112 ++ .../java/org/apache/hadoop/util/KMSUtil.java| 13 +- ...TestKeyProviderDelegationTokenExtension.java | 20 +- .../crypto/key/kms/TestKMSClientProvider.java | 138 .../kms/TestLoadBalancingKMSClientProvider.java | 63 +++- .../apache/hadoop/fs/TestFilterFileSystem.java | 3 + .../org/apache/hadoop/fs/TestHarFileSystem.java | 3 + .../hadoop/crypto/key/kms/server/TestKMS.java | 349 --- .../java/org/apache/hadoop/hdfs/DFSClient.java | 11 +- .../hadoop/hdfs/DistributedFileSystem.java | 14 +- .../org/apache/hadoop/hdfs/HdfsKMSUtil.java | 60 ++-- .../hadoop/hdfs/web/WebHdfsFileSystem.java | 20 +- 18 files changed, 963 insertions(+), 313 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/ff7ca472/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java index 9212cbc..280ee86 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java @@ -17,8 +17,12 @@ */ package org.apache.hadoop.crypto.key; +import com.google.common.annotations.VisibleForTesting; +import org.apache.hadoop.classification.InterfaceAudience; +import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.token.Token; +import org.apache.hadoop.security.token.org.apache.hadoop.security.token.DelegationTokenIssuer; import java.io.IOException; @@ -28,7 +32,8 @@ import java.io.IOException; */ public class KeyProviderDelegationTokenExtension extends KeyProviderExtension - { + +implements DelegationTokenIssuer { private static DelegationTokenExtension DEFAULT_EXTENSION = new DefaultDelegationTokenExtension(); @@ -36,22 +41,9 @@ public class KeyProviderDelegationTokenExtension extends /** * DelegationTokenExtension is a type of Extension that exposes methods * needed to work with Delegation Tokens. - */ - public interface DelegationTokenExtension extends -KeyProviderExtension.Extension { - -/** - * The implementer of this class will take a renewer and add all - * delegation tokens associated with the renewer to the - * Credentials object if it is not already present, - * @param renewer the user allowed to renew the delegation tokens - * @param credentials cache in which to add new delegation tokens - * @return list of new delegation tokens - * @throws IOException thrown if IOException if an IO error occurs. - */ -Token[] addDelegationTokens(final String renewer, -Credentials credentials) throws IOException; - + */ + public interface DelegationTokenExtension + extends KeyProviderExtension.Extension, DelegationTokenIssuer { /** * Renews the given token. * @param token The token to be renewed. @@ -66,6 +58,12 @@ public class KeyProviderDelegationTokenExtension extends * @throws IOException */ Void cancelDelegationToken(final Token token) throws IOException; + +// Do NOT call this. Only intended for internal use. +@VisibleForTesting +@InterfaceAudience.Private +@InterfaceStability.Unstable +Token selectDelegationToken(Credentials creds);
[2/2] hadoop git commit: HADOOP-14445. Use DelegationTokenIssuer to create KMS delegation tokens that can authenticate to all KMS instances. Contributed by Daryn Sharp, Xiao Chen, Rushabh S Shah.
HADOOP-14445. Use DelegationTokenIssuer to create KMS delegation tokens that can authenticate to all KMS instances. Contributed by Daryn Sharp, Xiao Chen, Rushabh S Shah. (cherry picked from commit 5ec86b445cc492f52c33639efb6a09a0d2f27475) (cherry picked from commit e93e401f492c7fc112da3d0c63b3b186c1b196ec) Conflicts: hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/6a1ce74f Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/6a1ce74f Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/6a1ce74f Branch: refs/heads/branch-3.1 Commit: 6a1ce74fb19226daca1a04f04576c10451c62cd6 Parents: 6342a7c Author: Xiao Chen Authored: Fri Oct 12 09:32:21 2018 -0700 Committer: Xiao Chen Committed: Fri Oct 12 12:08:26 2018 -0700 -- .../KeyProviderDelegationTokenExtension.java| 71 ++-- .../crypto/key/KeyProviderTokenIssuer.java | 4 +- .../crypto/key/kms/KMSClientProvider.java | 220 .../key/kms/LoadBalancingKMSClientProvider.java | 75 +++- .../java/org/apache/hadoop/fs/FileSystem.java | 75 +--- .../web/DelegationTokenAuthenticatedURL.java| 25 +- .../security/token/DelegationTokenIssuer.java | 112 ++ .../java/org/apache/hadoop/util/KMSUtil.java| 13 +- ...TestKeyProviderDelegationTokenExtension.java | 20 +- .../crypto/key/kms/TestKMSClientProvider.java | 138 .../kms/TestLoadBalancingKMSClientProvider.java | 63 +++- .../apache/hadoop/fs/TestFilterFileSystem.java | 3 + .../org/apache/hadoop/fs/TestHarFileSystem.java | 3 + .../hadoop/crypto/key/kms/server/TestKMS.java | 349 --- .../java/org/apache/hadoop/hdfs/DFSClient.java | 11 +- .../hadoop/hdfs/DistributedFileSystem.java | 14 +- .../org/apache/hadoop/hdfs/HdfsKMSUtil.java | 60 ++-- .../hadoop/hdfs/web/WebHdfsFileSystem.java | 20 +- 18 files changed, 963 insertions(+), 313 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/6a1ce74f/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java index 9212cbc..280ee86 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java @@ -17,8 +17,12 @@ */ package org.apache.hadoop.crypto.key; +import com.google.common.annotations.VisibleForTesting; +import org.apache.hadoop.classification.InterfaceAudience; +import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.token.Token; +import org.apache.hadoop.security.token.org.apache.hadoop.security.token.DelegationTokenIssuer; import java.io.IOException; @@ -28,7 +32,8 @@ import java.io.IOException; */ public class KeyProviderDelegationTokenExtension extends KeyProviderExtension - { + +implements DelegationTokenIssuer { private static DelegationTokenExtension DEFAULT_EXTENSION = new DefaultDelegationTokenExtension(); @@ -36,22 +41,9 @@ public class KeyProviderDelegationTokenExtension extends /** * DelegationTokenExtension is a type of Extension that exposes methods * needed to work with Delegation Tokens. - */ - public interface DelegationTokenExtension extends -KeyProviderExtension.Extension { - -/** - * The implementer of this class will take a renewer and add all - * delegation tokens associated with the renewer to the - * Credentials object if it is not already present, - * @param renewer the user allowed to renew the delegation tokens - * @param credentials cache in which to add new delegation tokens - * @return list of new delegation tokens - * @throws IOException thrown if IOException if an IO error occurs. - */ -Token[] addDelegationTokens(final String renewer, -Credentials credentials) throws IOException; - + */ + public interface DelegationTokenExtension + extends KeyProviderExtension.Extension, DelegationTokenIssuer { /** * Renews the given token. * @param token The token to be renewed. @@ -66,6 +58,12 @@ public class KeyProviderDelegationTokenExtension extends * @throws IOException */
[2/2] hadoop git commit: HADOOP-14445. Use DelegationTokenIssuer to create KMS delegation tokens that can authenticate to all KMS instances. Contributed by Daryn Sharp, Xiao Chen, Rushabh S Shah.
HADOOP-14445. Use DelegationTokenIssuer to create KMS delegation tokens that can authenticate to all KMS instances. Contributed by Daryn Sharp, Xiao Chen, Rushabh S Shah. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/5ec86b44 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/5ec86b44 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/5ec86b44 Branch: refs/heads/trunk Commit: 5ec86b445cc492f52c33639efb6a09a0d2f27475 Parents: 6e0e6da Author: Xiao Chen Authored: Fri Oct 12 09:32:21 2018 -0700 Committer: Xiao Chen Committed: Fri Oct 12 09:35:52 2018 -0700 -- .../KeyProviderDelegationTokenExtension.java| 71 ++-- .../crypto/key/KeyProviderTokenIssuer.java | 4 +- .../crypto/key/kms/KMSClientProvider.java | 220 .../key/kms/LoadBalancingKMSClientProvider.java | 75 +++- .../java/org/apache/hadoop/fs/FileSystem.java | 75 +--- .../web/DelegationTokenAuthenticatedURL.java| 25 +- .../security/token/DelegationTokenIssuer.java | 112 ++ .../java/org/apache/hadoop/util/KMSUtil.java| 13 +- ...TestKeyProviderDelegationTokenExtension.java | 20 +- .../crypto/key/kms/TestKMSClientProvider.java | 138 .../kms/TestLoadBalancingKMSClientProvider.java | 63 +++- .../apache/hadoop/fs/TestFilterFileSystem.java | 3 + .../org/apache/hadoop/fs/TestHarFileSystem.java | 3 + .../hadoop/crypto/key/kms/server/TestKMS.java | 349 --- .../java/org/apache/hadoop/hdfs/DFSClient.java | 11 +- .../hadoop/hdfs/DistributedFileSystem.java | 14 +- .../org/apache/hadoop/hdfs/HdfsKMSUtil.java | 60 ++-- .../hadoop/hdfs/web/WebHdfsFileSystem.java | 20 +- 18 files changed, 963 insertions(+), 313 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/5ec86b44/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java index a63b7d5..29c5bcd 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java @@ -17,8 +17,12 @@ */ package org.apache.hadoop.crypto.key; +import com.google.common.annotations.VisibleForTesting; +import org.apache.hadoop.classification.InterfaceAudience; +import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.token.Token; +import org.apache.hadoop.security.token.org.apache.hadoop.security.token.DelegationTokenIssuer; import java.io.IOException; @@ -28,7 +32,8 @@ import java.io.IOException; */ public class KeyProviderDelegationTokenExtension extends KeyProviderExtension - { + +implements DelegationTokenIssuer { private static DelegationTokenExtension DEFAULT_EXTENSION = new DefaultDelegationTokenExtension(); @@ -36,22 +41,9 @@ public class KeyProviderDelegationTokenExtension extends /** * DelegationTokenExtension is a type of Extension that exposes methods * needed to work with Delegation Tokens. - */ - public interface DelegationTokenExtension extends -KeyProviderExtension.Extension { - -/** - * The implementer of this class will take a renewer and add all - * delegation tokens associated with the renewer to the - * Credentials object if it is not already present, - * @param renewer the user allowed to renew the delegation tokens - * @param credentials cache in which to add new delegation tokens - * @return list of new delegation tokens - * @throws IOException thrown if IOException if an IO error occurs. - */ -Token[] addDelegationTokens(final String renewer, -Credentials credentials) throws IOException; - + */ + public interface DelegationTokenExtension + extends KeyProviderExtension.Extension, DelegationTokenIssuer { /** * Renews the given token. * @param token The token to be renewed. @@ -66,6 +58,12 @@ public class KeyProviderDelegationTokenExtension extends * @throws IOException */ Void cancelDelegationToken(final Token token) throws IOException; + +// Do NOT call this. Only intended for internal use. +@VisibleForTesting +@InterfaceAudience.Private +@InterfaceStability.Unstable +Token selectDelegationToken(Credentials creds); }