[2/2] hadoop git commit: HADOOP-14445. Use DelegationTokenIssuer to create KMS delegation tokens that can authenticate to all KMS instances. Contributed by Daryn Sharp, Xiao Chen, Rushabh S Shah.
HADOOP-14445. Use DelegationTokenIssuer to create KMS delegation tokens that
can authenticate to all KMS instances.
Contributed by Daryn Sharp, Xiao Chen, Rushabh S Shah.
(cherry picked from commit 5ec86b445cc492f52c33639efb6a09a0d2f27475)
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/9cb0654f
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/9cb0654f
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/9cb0654f
Branch: refs/heads/branch-3.2
Commit: 9cb0654fbb3dff15fd4ef4a9ecc81626caebfbb8
Parents: 65c1469
Author: Xiao Chen
Authored: Fri Oct 12 09:32:21 2018 -0700
Committer: Xiao Chen
Committed: Fri Oct 12 12:08:08 2018 -0700
--
.../KeyProviderDelegationTokenExtension.java| 71 ++--
.../crypto/key/KeyProviderTokenIssuer.java | 4 +-
.../crypto/key/kms/KMSClientProvider.java | 220
.../key/kms/LoadBalancingKMSClientProvider.java | 75 +++-
.../java/org/apache/hadoop/fs/FileSystem.java | 75 +---
.../web/DelegationTokenAuthenticatedURL.java| 25 +-
.../security/token/DelegationTokenIssuer.java | 112 ++
.../java/org/apache/hadoop/util/KMSUtil.java| 13 +-
...TestKeyProviderDelegationTokenExtension.java | 20 +-
.../crypto/key/kms/TestKMSClientProvider.java | 138
.../kms/TestLoadBalancingKMSClientProvider.java | 63 +++-
.../apache/hadoop/fs/TestFilterFileSystem.java | 3 +
.../org/apache/hadoop/fs/TestHarFileSystem.java | 3 +
.../hadoop/crypto/key/kms/server/TestKMS.java | 349 ---
.../java/org/apache/hadoop/hdfs/DFSClient.java | 11 +-
.../hadoop/hdfs/DistributedFileSystem.java | 14 +-
.../org/apache/hadoop/hdfs/HdfsKMSUtil.java | 60 ++--
.../hadoop/hdfs/web/WebHdfsFileSystem.java | 20 +-
18 files changed, 963 insertions(+), 313 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/hadoop/blob/9cb0654f/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
--
diff --git
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
index 9212cbc..280ee86 100644
---
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
+++
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
@@ -17,8 +17,12 @@
*/
package org.apache.hadoop.crypto.key;
+import com.google.common.annotations.VisibleForTesting;
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.token.Token;
+import
org.apache.hadoop.security.token.org.apache.hadoop.security.token.DelegationTokenIssuer;
import java.io.IOException;
@@ -28,7 +32,8 @@ import java.io.IOException;
*/
public class KeyProviderDelegationTokenExtension extends
KeyProviderExtension
- {
+
+implements DelegationTokenIssuer {
private static DelegationTokenExtension DEFAULT_EXTENSION =
new DefaultDelegationTokenExtension();
@@ -36,22 +41,9 @@ public class KeyProviderDelegationTokenExtension extends
/**
* DelegationTokenExtension is a type of Extension that exposes methods
* needed to work with Delegation Tokens.
- */
- public interface DelegationTokenExtension extends
-KeyProviderExtension.Extension {
-
-/**
- * The implementer of this class will take a renewer and add all
- * delegation tokens associated with the renewer to the
- * Credentials object if it is not already present,
- * @param renewer the user allowed to renew the delegation tokens
- * @param credentials cache in which to add new delegation tokens
- * @return list of new delegation tokens
- * @throws IOException thrown if IOException if an IO error occurs.
- */
-Token[] addDelegationTokens(final String renewer,
-Credentials credentials) throws IOException;
-
+ */
+ public interface DelegationTokenExtension
+ extends KeyProviderExtension.Extension, DelegationTokenIssuer {
/**
* Renews the given token.
* @param token The token to be renewed.
@@ -66,6 +58,12 @@ public class KeyProviderDelegationTokenExtension extends
* @throws IOException
*/
Void cancelDelegationToken(final Token token) throws IOException;
+
+// Do NOT call this. Only intended for internal use.
+@VisibleForTesting
+@InterfaceAudience.Private
+
[2/2] hadoop git commit: HADOOP-14445. Use DelegationTokenIssuer to create KMS delegation tokens that can authenticate to all KMS instances. Contributed by Daryn Sharp, Xiao Chen, Rushabh S Shah.
HADOOP-14445. Use DelegationTokenIssuer to create KMS delegation tokens that
can authenticate to all KMS instances.
Contributed by Daryn Sharp, Xiao Chen, Rushabh S Shah.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/ff7ca472
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/ff7ca472
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/ff7ca472
Branch: refs/heads/branch-3.0
Commit: ff7ca472d220c3f19d3a8ca5c76ce87ddf201659
Parents: 53b522a
Author: Xiao Chen
Authored: Fri Oct 12 11:50:54 2018 -0700
Committer: Xiao Chen
Committed: Fri Oct 12 12:08:38 2018 -0700
--
.../KeyProviderDelegationTokenExtension.java| 71 ++--
.../crypto/key/KeyProviderTokenIssuer.java | 4 +-
.../crypto/key/kms/KMSClientProvider.java | 220
.../key/kms/LoadBalancingKMSClientProvider.java | 75 +++-
.../java/org/apache/hadoop/fs/FileSystem.java | 75 +---
.../web/DelegationTokenAuthenticatedURL.java| 25 +-
.../security/token/DelegationTokenIssuer.java | 112 ++
.../java/org/apache/hadoop/util/KMSUtil.java| 13 +-
...TestKeyProviderDelegationTokenExtension.java | 20 +-
.../crypto/key/kms/TestKMSClientProvider.java | 138
.../kms/TestLoadBalancingKMSClientProvider.java | 63 +++-
.../apache/hadoop/fs/TestFilterFileSystem.java | 3 +
.../org/apache/hadoop/fs/TestHarFileSystem.java | 3 +
.../hadoop/crypto/key/kms/server/TestKMS.java | 349 ---
.../java/org/apache/hadoop/hdfs/DFSClient.java | 11 +-
.../hadoop/hdfs/DistributedFileSystem.java | 14 +-
.../org/apache/hadoop/hdfs/HdfsKMSUtil.java | 60 ++--
.../hadoop/hdfs/web/WebHdfsFileSystem.java | 20 +-
18 files changed, 963 insertions(+), 313 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/hadoop/blob/ff7ca472/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
--
diff --git
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
index 9212cbc..280ee86 100644
---
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
+++
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
@@ -17,8 +17,12 @@
*/
package org.apache.hadoop.crypto.key;
+import com.google.common.annotations.VisibleForTesting;
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.token.Token;
+import
org.apache.hadoop.security.token.org.apache.hadoop.security.token.DelegationTokenIssuer;
import java.io.IOException;
@@ -28,7 +32,8 @@ import java.io.IOException;
*/
public class KeyProviderDelegationTokenExtension extends
KeyProviderExtension
- {
+
+implements DelegationTokenIssuer {
private static DelegationTokenExtension DEFAULT_EXTENSION =
new DefaultDelegationTokenExtension();
@@ -36,22 +41,9 @@ public class KeyProviderDelegationTokenExtension extends
/**
* DelegationTokenExtension is a type of Extension that exposes methods
* needed to work with Delegation Tokens.
- */
- public interface DelegationTokenExtension extends
-KeyProviderExtension.Extension {
-
-/**
- * The implementer of this class will take a renewer and add all
- * delegation tokens associated with the renewer to the
- * Credentials object if it is not already present,
- * @param renewer the user allowed to renew the delegation tokens
- * @param credentials cache in which to add new delegation tokens
- * @return list of new delegation tokens
- * @throws IOException thrown if IOException if an IO error occurs.
- */
-Token[] addDelegationTokens(final String renewer,
-Credentials credentials) throws IOException;
-
+ */
+ public interface DelegationTokenExtension
+ extends KeyProviderExtension.Extension, DelegationTokenIssuer {
/**
* Renews the given token.
* @param token The token to be renewed.
@@ -66,6 +58,12 @@ public class KeyProviderDelegationTokenExtension extends
* @throws IOException
*/
Void cancelDelegationToken(final Token token) throws IOException;
+
+// Do NOT call this. Only intended for internal use.
+@VisibleForTesting
+@InterfaceAudience.Private
+@InterfaceStability.Unstable
+Token selectDelegationToken(Credentials creds);
[2/2] hadoop git commit: HADOOP-14445. Use DelegationTokenIssuer to create KMS delegation tokens that can authenticate to all KMS instances. Contributed by Daryn Sharp, Xiao Chen, Rushabh S Shah.
HADOOP-14445. Use DelegationTokenIssuer to create KMS delegation tokens that
can authenticate to all KMS instances.
Contributed by Daryn Sharp, Xiao Chen, Rushabh S Shah.
(cherry picked from commit 5ec86b445cc492f52c33639efb6a09a0d2f27475)
(cherry picked from commit e93e401f492c7fc112da3d0c63b3b186c1b196ec)
Conflicts:
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/6a1ce74f
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/6a1ce74f
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/6a1ce74f
Branch: refs/heads/branch-3.1
Commit: 6a1ce74fb19226daca1a04f04576c10451c62cd6
Parents: 6342a7c
Author: Xiao Chen
Authored: Fri Oct 12 09:32:21 2018 -0700
Committer: Xiao Chen
Committed: Fri Oct 12 12:08:26 2018 -0700
--
.../KeyProviderDelegationTokenExtension.java| 71 ++--
.../crypto/key/KeyProviderTokenIssuer.java | 4 +-
.../crypto/key/kms/KMSClientProvider.java | 220
.../key/kms/LoadBalancingKMSClientProvider.java | 75 +++-
.../java/org/apache/hadoop/fs/FileSystem.java | 75 +---
.../web/DelegationTokenAuthenticatedURL.java| 25 +-
.../security/token/DelegationTokenIssuer.java | 112 ++
.../java/org/apache/hadoop/util/KMSUtil.java| 13 +-
...TestKeyProviderDelegationTokenExtension.java | 20 +-
.../crypto/key/kms/TestKMSClientProvider.java | 138
.../kms/TestLoadBalancingKMSClientProvider.java | 63 +++-
.../apache/hadoop/fs/TestFilterFileSystem.java | 3 +
.../org/apache/hadoop/fs/TestHarFileSystem.java | 3 +
.../hadoop/crypto/key/kms/server/TestKMS.java | 349 ---
.../java/org/apache/hadoop/hdfs/DFSClient.java | 11 +-
.../hadoop/hdfs/DistributedFileSystem.java | 14 +-
.../org/apache/hadoop/hdfs/HdfsKMSUtil.java | 60 ++--
.../hadoop/hdfs/web/WebHdfsFileSystem.java | 20 +-
18 files changed, 963 insertions(+), 313 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/hadoop/blob/6a1ce74f/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
--
diff --git
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
index 9212cbc..280ee86 100644
---
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
+++
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
@@ -17,8 +17,12 @@
*/
package org.apache.hadoop.crypto.key;
+import com.google.common.annotations.VisibleForTesting;
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.token.Token;
+import
org.apache.hadoop.security.token.org.apache.hadoop.security.token.DelegationTokenIssuer;
import java.io.IOException;
@@ -28,7 +32,8 @@ import java.io.IOException;
*/
public class KeyProviderDelegationTokenExtension extends
KeyProviderExtension
- {
+
+implements DelegationTokenIssuer {
private static DelegationTokenExtension DEFAULT_EXTENSION =
new DefaultDelegationTokenExtension();
@@ -36,22 +41,9 @@ public class KeyProviderDelegationTokenExtension extends
/**
* DelegationTokenExtension is a type of Extension that exposes methods
* needed to work with Delegation Tokens.
- */
- public interface DelegationTokenExtension extends
-KeyProviderExtension.Extension {
-
-/**
- * The implementer of this class will take a renewer and add all
- * delegation tokens associated with the renewer to the
- * Credentials object if it is not already present,
- * @param renewer the user allowed to renew the delegation tokens
- * @param credentials cache in which to add new delegation tokens
- * @return list of new delegation tokens
- * @throws IOException thrown if IOException if an IO error occurs.
- */
-Token[] addDelegationTokens(final String renewer,
-Credentials credentials) throws IOException;
-
+ */
+ public interface DelegationTokenExtension
+ extends KeyProviderExtension.Extension, DelegationTokenIssuer {
/**
* Renews the given token.
* @param token The token to be renewed.
@@ -66,6 +58,12 @@ public class KeyProviderDelegationTokenExtension extends
* @throws IOException
*/
[2/2] hadoop git commit: HADOOP-14445. Use DelegationTokenIssuer to create KMS delegation tokens that can authenticate to all KMS instances. Contributed by Daryn Sharp, Xiao Chen, Rushabh S Shah.
HADOOP-14445. Use DelegationTokenIssuer to create KMS delegation tokens that
can authenticate to all KMS instances.
Contributed by Daryn Sharp, Xiao Chen, Rushabh S Shah.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/5ec86b44
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/5ec86b44
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/5ec86b44
Branch: refs/heads/trunk
Commit: 5ec86b445cc492f52c33639efb6a09a0d2f27475
Parents: 6e0e6da
Author: Xiao Chen
Authored: Fri Oct 12 09:32:21 2018 -0700
Committer: Xiao Chen
Committed: Fri Oct 12 09:35:52 2018 -0700
--
.../KeyProviderDelegationTokenExtension.java| 71 ++--
.../crypto/key/KeyProviderTokenIssuer.java | 4 +-
.../crypto/key/kms/KMSClientProvider.java | 220
.../key/kms/LoadBalancingKMSClientProvider.java | 75 +++-
.../java/org/apache/hadoop/fs/FileSystem.java | 75 +---
.../web/DelegationTokenAuthenticatedURL.java| 25 +-
.../security/token/DelegationTokenIssuer.java | 112 ++
.../java/org/apache/hadoop/util/KMSUtil.java| 13 +-
...TestKeyProviderDelegationTokenExtension.java | 20 +-
.../crypto/key/kms/TestKMSClientProvider.java | 138
.../kms/TestLoadBalancingKMSClientProvider.java | 63 +++-
.../apache/hadoop/fs/TestFilterFileSystem.java | 3 +
.../org/apache/hadoop/fs/TestHarFileSystem.java | 3 +
.../hadoop/crypto/key/kms/server/TestKMS.java | 349 ---
.../java/org/apache/hadoop/hdfs/DFSClient.java | 11 +-
.../hadoop/hdfs/DistributedFileSystem.java | 14 +-
.../org/apache/hadoop/hdfs/HdfsKMSUtil.java | 60 ++--
.../hadoop/hdfs/web/WebHdfsFileSystem.java | 20 +-
18 files changed, 963 insertions(+), 313 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/hadoop/blob/5ec86b44/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
--
diff --git
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
index a63b7d5..29c5bcd 100644
---
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
+++
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderDelegationTokenExtension.java
@@ -17,8 +17,12 @@
*/
package org.apache.hadoop.crypto.key;
+import com.google.common.annotations.VisibleForTesting;
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.token.Token;
+import
org.apache.hadoop.security.token.org.apache.hadoop.security.token.DelegationTokenIssuer;
import java.io.IOException;
@@ -28,7 +32,8 @@ import java.io.IOException;
*/
public class KeyProviderDelegationTokenExtension extends
KeyProviderExtension
- {
+
+implements DelegationTokenIssuer {
private static DelegationTokenExtension DEFAULT_EXTENSION =
new DefaultDelegationTokenExtension();
@@ -36,22 +41,9 @@ public class KeyProviderDelegationTokenExtension extends
/**
* DelegationTokenExtension is a type of Extension that exposes methods
* needed to work with Delegation Tokens.
- */
- public interface DelegationTokenExtension extends
-KeyProviderExtension.Extension {
-
-/**
- * The implementer of this class will take a renewer and add all
- * delegation tokens associated with the renewer to the
- * Credentials object if it is not already present,
- * @param renewer the user allowed to renew the delegation tokens
- * @param credentials cache in which to add new delegation tokens
- * @return list of new delegation tokens
- * @throws IOException thrown if IOException if an IO error occurs.
- */
-Token[] addDelegationTokens(final String renewer,
-Credentials credentials) throws IOException;
-
+ */
+ public interface DelegationTokenExtension
+ extends KeyProviderExtension.Extension, DelegationTokenIssuer {
/**
* Renews the given token.
* @param token The token to be renewed.
@@ -66,6 +58,12 @@ public class KeyProviderDelegationTokenExtension extends
* @throws IOException
*/
Void cancelDelegationToken(final Token token) throws IOException;
+
+// Do NOT call this. Only intended for internal use.
+@VisibleForTesting
+@InterfaceAudience.Private
+@InterfaceStability.Unstable
+Token selectDelegationToken(Credentials creds);
}
