Return-Path: X-Original-To: apmail-hadoop-common-commits-archive@www.apache.org Delivered-To: apmail-hadoop-common-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B310517674 for ; Fri, 10 Apr 2015 23:36:58 +0000 (UTC) Received: (qmail 34266 invoked by uid 500); 10 Apr 2015 23:36:58 -0000 Delivered-To: apmail-hadoop-common-commits-archive@hadoop.apache.org Received: (qmail 34198 invoked by uid 500); 10 Apr 2015 23:36:58 -0000 Mailing-List: contact common-commits-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-dev@hadoop.apache.org Delivered-To: mailing list common-commits@hadoop.apache.org Received: (qmail 34189 invoked by uid 99); 10 Apr 2015 23:36:58 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 10 Apr 2015 23:36:58 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 41120E04D8; Fri, 10 Apr 2015 23:36:58 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: wheat9@apache.org To: common-commits@hadoop.apache.org Message-Id: <62ce2bbf44e240ddb9cc9a825bf65579@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: hadoop git commit: HDFS-8103. Move BlockTokenSecretManager.AccessMode into BlockTokenIdentifier. Contributed by Haohui Mai. Date: Fri, 10 Apr 2015 23:36:58 +0000 (UTC) Repository: hadoop Updated Branches: refs/heads/branch-2 1113aca7f -> 6f97b780d HDFS-8103. Move BlockTokenSecretManager.AccessMode into BlockTokenIdentifier. Contributed by Haohui Mai. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/6f97b780 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/6f97b780 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/6f97b780 Branch: refs/heads/branch-2 Commit: 6f97b780dfedf64a35fd79f201492ea3e8ca8b49 Parents: 1113aca Author: Haohui Mai Authored: Wed Apr 8 17:31:30 2015 -0700 Committer: Haohui Mai Committed: Fri Apr 10 16:36:57 2015 -0700 ---------------------------------------------------------------------- hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt | 3 +++ .../block/BlockPoolTokenSecretManager.java | 6 +++--- .../token/block/BlockTokenIdentifier.java | 7 +++++-- .../token/block/BlockTokenSecretManager.java | 12 +++++------- .../hadoop/hdfs/server/balancer/KeyManager.java | 3 +-- .../server/blockmanagement/BlockManager.java | 11 ++++++----- .../hadoop/hdfs/server/datanode/DataNode.java | 13 ++++++------- .../hdfs/server/datanode/DataXceiver.java | 17 ++++++++--------- .../hdfs/server/namenode/FSNamesystem.java | 9 ++++----- .../security/token/block/TestBlockToken.java | 20 ++++++++++---------- .../blockmanagement/TestBlockTokenWithDFS.java | 10 +++++----- 11 files changed, 56 insertions(+), 55 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/6f97b780/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt index a056562..010c078 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt +++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt @@ -100,6 +100,9 @@ Release 2.8.0 - UNRELEASED HDFS-8100. Refactor DFSClient.Conf to a standalone class and separates short-circuit related conf to ShortCircuitConf. (szetszwo) + HDFS-8103. Move BlockTokenSecretManager.AccessMode into + BlockTokenIdentifier. (wheat9) + OPTIMIZATIONS HDFS-8026. Trace FSOutputSummer#writeChecksumChunks rather than http://git-wip-us.apache.org/repos/asf/hadoop/blob/6f97b780/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java index 0df7067..cdfe7ec 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java @@ -23,7 +23,7 @@ import java.util.HashMap; import java.util.Map; import org.apache.hadoop.hdfs.protocol.ExtendedBlock; -import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager.AccessMode; +import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode; import org.apache.hadoop.security.token.SecretManager; import org.apache.hadoop.security.token.Token; @@ -81,7 +81,7 @@ public class BlockPoolTokenSecretManager extends /** * See {@link BlockTokenSecretManager#checkAccess(BlockTokenIdentifier, - * String, ExtendedBlock, AccessMode)} + * String, ExtendedBlock, BlockTokenIdentifier.AccessMode)} */ public void checkAccess(BlockTokenIdentifier id, String userId, ExtendedBlock block, AccessMode mode) throws InvalidToken { @@ -90,7 +90,7 @@ public class BlockPoolTokenSecretManager extends /** * See {@link BlockTokenSecretManager#checkAccess(Token, String, - * ExtendedBlock, AccessMode)} + * ExtendedBlock, BlockTokenIdentifier.AccessMode)} */ public void checkAccess(Token token, String userId, ExtendedBlock block, AccessMode mode) throws InvalidToken { http://git-wip-us.apache.org/repos/asf/hadoop/blob/6f97b780/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenIdentifier.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenIdentifier.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenIdentifier.java index 67b1fe9..e293dcc 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenIdentifier.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenIdentifier.java @@ -24,7 +24,6 @@ import java.io.IOException; import java.util.EnumSet; import org.apache.hadoop.classification.InterfaceAudience; -import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager.AccessMode; import org.apache.hadoop.io.Text; import org.apache.hadoop.io.WritableUtils; import org.apache.hadoop.security.UserGroupInformation; @@ -35,6 +34,10 @@ import org.apache.hadoop.security.token.TokenIdentifier; public class BlockTokenIdentifier extends TokenIdentifier { static final Text KIND_NAME = new Text("HDFS_BLOCK_TOKEN"); + public enum AccessMode { + READ, WRITE, COPY, REPLACE + } + private long expiryDate; private int keyId; private String userId; @@ -175,7 +178,7 @@ public class BlockTokenIdentifier extends TokenIdentifier { return cache; } - + @InterfaceAudience.Private public static class Renewer extends Token.TrivialRenewer { @Override http://git-wip-us.apache.org/repos/asf/hadoop/blob/6f97b780/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java index a3685ca..b103c1a 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java @@ -80,9 +80,7 @@ public class BlockTokenSecretManager extends private final SecureRandom nonceGenerator = new SecureRandom(); - public static enum AccessMode { - READ, WRITE, COPY, REPLACE - }; + ; /** * Constructor for slaves. @@ -239,7 +237,7 @@ public class BlockTokenSecretManager extends /** Generate an block token for current user */ public Token generateToken(ExtendedBlock block, - EnumSet modes) throws IOException { + EnumSet modes) throws IOException { UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); String userID = (ugi == null ? null : ugi.getShortUserName()); return generateToken(userID, block, modes); @@ -247,7 +245,7 @@ public class BlockTokenSecretManager extends /** Generate a block token for a specified user */ public Token generateToken(String userId, - ExtendedBlock block, EnumSet modes) throws IOException { + ExtendedBlock block, EnumSet modes) throws IOException { BlockTokenIdentifier id = new BlockTokenIdentifier(userId, block .getBlockPoolId(), block.getBlockId(), modes); return new Token(id, this); @@ -259,7 +257,7 @@ public class BlockTokenSecretManager extends * when token password has already been verified (e.g., in the RPC layer). */ public void checkAccess(BlockTokenIdentifier id, String userId, - ExtendedBlock block, AccessMode mode) throws InvalidToken { + ExtendedBlock block, BlockTokenIdentifier.AccessMode mode) throws InvalidToken { if (LOG.isDebugEnabled()) { LOG.debug("Checking access for user=" + userId + ", block=" + block + ", access mode=" + mode + " using " + id.toString()); @@ -288,7 +286,7 @@ public class BlockTokenSecretManager extends /** Check if access should be allowed. userID is not checked if null */ public void checkAccess(Token token, String userId, - ExtendedBlock block, AccessMode mode) throws InvalidToken { + ExtendedBlock block, BlockTokenIdentifier.AccessMode mode) throws InvalidToken { BlockTokenIdentifier id = new BlockTokenIdentifier(); try { id.readFields(new DataInputStream(new ByteArrayInputStream(token http://git-wip-us.apache.org/repos/asf/hadoop/blob/6f97b780/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/balancer/KeyManager.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/balancer/KeyManager.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/balancer/KeyManager.java index 2ac8f48..1c6b352 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/balancer/KeyManager.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/balancer/KeyManager.java @@ -30,7 +30,6 @@ import org.apache.hadoop.hdfs.protocol.ExtendedBlock; import org.apache.hadoop.hdfs.protocol.datatransfer.sasl.DataEncryptionKeyFactory; import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier; import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager; -import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager.AccessMode; import org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey; import org.apache.hadoop.hdfs.security.token.block.ExportedBlockKeys; import org.apache.hadoop.hdfs.server.protocol.NamenodeProtocol; @@ -100,7 +99,7 @@ public class KeyManager implements Closeable, DataEncryptionKeyFactory { "Cannot get access token since BlockKeyUpdater is not running"); } return blockTokenSecretManager.generateToken(null, eb, - EnumSet.of(AccessMode.REPLACE, AccessMode.COPY)); + EnumSet.of(BlockTokenIdentifier.AccessMode.REPLACE, BlockTokenIdentifier.AccessMode.COPY)); } } http://git-wip-us.apache.org/repos/asf/hadoop/blob/6f97b780/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java index fd0db8c..d06d482 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java @@ -55,8 +55,9 @@ import org.apache.hadoop.fs.FileEncryptionInfo; import org.apache.hadoop.hdfs.protocol.LocatedBlock; import org.apache.hadoop.hdfs.protocol.LocatedBlocks; import org.apache.hadoop.hdfs.protocol.UnregisteredNodeException; +import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier; import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager; -import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager.AccessMode; +import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode; import org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey; import org.apache.hadoop.hdfs.security.token.block.ExportedBlockKeys; import org.apache.hadoop.hdfs.server.blockmanagement.CorruptReplicasMap.Reason; @@ -747,7 +748,7 @@ public class BlockManager { final long fileLength = bc.computeContentSummary(getStoragePolicySuite()).getLength(); final long pos = fileLength - ucBlock.getNumBytes(); - return createLocatedBlock(ucBlock, pos, AccessMode.WRITE); + return createLocatedBlock(ucBlock, pos, BlockTokenIdentifier.AccessMode.WRITE); } /** @@ -813,7 +814,7 @@ public class BlockManager { } private LocatedBlock createLocatedBlock(final BlockInfoContiguous blk, final long pos, - final BlockTokenSecretManager.AccessMode mode) throws IOException { + final AccessMode mode) throws IOException { final LocatedBlock lb = createLocatedBlock(blk, pos); if (mode != null) { setBlockToken(lb, mode); @@ -886,7 +887,7 @@ public class BlockManager { if (LOG.isDebugEnabled()) { LOG.debug("blocks = " + java.util.Arrays.asList(blocks)); } - final AccessMode mode = needBlockToken? AccessMode.READ: null; + final AccessMode mode = needBlockToken? BlockTokenIdentifier.AccessMode.READ: null; final List locatedblocks = createLocatedBlockList( blocks, offset, length, Integer.MAX_VALUE, mode); @@ -918,7 +919,7 @@ public class BlockManager { /** Generate a block token for the located block. */ public void setBlockToken(final LocatedBlock b, - final BlockTokenSecretManager.AccessMode mode) throws IOException { + final AccessMode mode) throws IOException { if (isBlockTokenEnabled()) { // Use cached UGI if serving RPC calls. b.setBlockToken(blockTokenSecretManager.generateToken( http://git-wip-us.apache.org/repos/asf/hadoop/blob/6f97b780/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java index 1285aaf..1b3c4ff 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java @@ -144,7 +144,7 @@ import org.apache.hadoop.hdfs.protocolPB.PBHelper; import org.apache.hadoop.hdfs.security.token.block.BlockPoolTokenSecretManager; import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier; import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager; -import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager.AccessMode; +import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode; import org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey; import org.apache.hadoop.hdfs.security.token.block.ExportedBlockKeys; import org.apache.hadoop.hdfs.security.token.block.InvalidBlockTokenException; @@ -158,7 +158,6 @@ import org.apache.hadoop.hdfs.server.common.StorageInfo; import org.apache.hadoop.hdfs.server.datanode.SecureDataNodeStarter.SecureResources; import org.apache.hadoop.hdfs.server.datanode.fsdataset.FsDatasetSpi; import org.apache.hadoop.hdfs.server.datanode.fsdataset.FsVolumeSpi; -import org.apache.hadoop.hdfs.server.datanode.fsdataset.impl.FsVolumeImpl; import org.apache.hadoop.hdfs.server.datanode.metrics.DataNodeMetrics; import org.apache.hadoop.hdfs.server.namenode.FileChecksumServlets; import org.apache.hadoop.hdfs.server.namenode.StreamFile; @@ -1547,7 +1546,7 @@ public class DataNode extends ReconfigurableBase public BlockLocalPathInfo getBlockLocalPathInfo(ExtendedBlock block, Token token) throws IOException { checkBlockLocalPathAccess(); - checkBlockToken(block, token, BlockTokenSecretManager.AccessMode.READ); + checkBlockToken(block, token, BlockTokenIdentifier.AccessMode.READ); Preconditions.checkNotNull(data, "Storage not yet initialized"); BlockLocalPathInfo info = data.getBlockLocalPathInfo(block); if (LOG.isDebugEnabled()) { @@ -1592,7 +1591,7 @@ public class DataNode extends ReconfigurableBase throw new ShortCircuitFdsUnsupportedException( fileDescriptorPassingDisabledReason); } - checkBlockToken(blk, token, BlockTokenSecretManager.AccessMode.READ); + checkBlockToken(blk, token, BlockTokenIdentifier.AccessMode.READ); int blkVersion = CURRENT_BLOCK_FORMAT_VERSION; if (maxVersion < blkVersion) { throw new ShortCircuitFdsVersionException("Your client is too old " + @@ -1629,7 +1628,7 @@ public class DataNode extends ReconfigurableBase // Check access for each block for (int i = 0; i < blockIds.length; i++) { checkBlockToken(new ExtendedBlock(bpId, blockIds[i]), - tokens.get(i), BlockTokenSecretManager.AccessMode.READ); + tokens.get(i), BlockTokenIdentifier.AccessMode.READ); } DataNodeFaultInjector.get().getHdfsBlocksMetadata(); @@ -2131,7 +2130,7 @@ public class DataNode extends ReconfigurableBase Token accessToken = BlockTokenSecretManager.DUMMY_TOKEN; if (isBlockTokenEnabled) { accessToken = blockPoolTokenSecretManager.generateToken(b, - EnumSet.of(BlockTokenSecretManager.AccessMode.WRITE)); + EnumSet.of(BlockTokenIdentifier.AccessMode.WRITE)); } long writeTimeout = dnConf.socketWriteTimeout + @@ -2854,7 +2853,7 @@ public class DataNode extends ReconfigurableBase LOG.debug("Got: " + id.toString()); } blockPoolTokenSecretManager.checkAccess(id, null, block, - BlockTokenSecretManager.AccessMode.READ); + BlockTokenIdentifier.AccessMode.READ); } } } http://git-wip-us.apache.org/repos/asf/hadoop/blob/6f97b780/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataXceiver.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataXceiver.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataXceiver.java index cf1b6be..83d6449 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataXceiver.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataXceiver.java @@ -70,7 +70,6 @@ import org.apache.hadoop.hdfs.protocol.proto.DataTransferProtos.ShortCircuitShmR import org.apache.hadoop.hdfs.protocol.proto.DataTransferProtos.Status; import org.apache.hadoop.hdfs.protocolPB.PBHelper; import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier; -import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager; import org.apache.hadoop.hdfs.server.common.HdfsServerConstants; import org.apache.hadoop.hdfs.server.datanode.DataNode.ShortCircuitFdsUnsupportedException; import org.apache.hadoop.hdfs.server.datanode.DataNode.ShortCircuitFdsVersionException; @@ -507,7 +506,7 @@ class DataXceiver extends Receiver implements Runnable { DataOutputStream out = new DataOutputStream(new BufferedOutputStream( baseStream, HdfsConstants.SMALL_BUFFER_SIZE)); checkAccess(out, true, block, blockToken, - Op.READ_BLOCK, BlockTokenSecretManager.AccessMode.READ); + Op.READ_BLOCK, BlockTokenIdentifier.AccessMode.READ); // send the block BlockSender blockSender = null; @@ -651,7 +650,7 @@ class DataXceiver extends Receiver implements Runnable { getOutputStream(), HdfsConstants.SMALL_BUFFER_SIZE)); checkAccess(replyOut, isClient, block, blockToken, - Op.WRITE_BLOCK, BlockTokenSecretManager.AccessMode.WRITE); + Op.WRITE_BLOCK, BlockTokenIdentifier.AccessMode.WRITE); DataOutputStream mirrorOut = null; // stream to next target DataInputStream mirrorIn = null; // reply from next target @@ -849,7 +848,7 @@ class DataXceiver extends Receiver implements Runnable { final DatanodeInfo[] targets, final StorageType[] targetStorageTypes) throws IOException { checkAccess(socketOut, true, blk, blockToken, - Op.TRANSFER_BLOCK, BlockTokenSecretManager.AccessMode.COPY); + Op.TRANSFER_BLOCK, BlockTokenIdentifier.AccessMode.COPY); previousOpClientName = clientName; updateCurrentThreadName(Op.TRANSFER_BLOCK + " " + blk); @@ -911,7 +910,7 @@ class DataXceiver extends Receiver implements Runnable { final DataOutputStream out = new DataOutputStream( getOutputStream()); checkAccess(out, true, block, blockToken, - Op.BLOCK_CHECKSUM, BlockTokenSecretManager.AccessMode.READ); + Op.BLOCK_CHECKSUM, BlockTokenIdentifier.AccessMode.READ); // client side now can specify a range of the block for checksum long requestLength = block.getNumBytes(); Preconditions.checkArgument(requestLength >= 0); @@ -976,7 +975,7 @@ class DataXceiver extends Receiver implements Runnable { if (datanode.isBlockTokenEnabled) { try { datanode.blockPoolTokenSecretManager.checkAccess(blockToken, null, block, - BlockTokenSecretManager.AccessMode.COPY); + BlockTokenIdentifier.AccessMode.COPY); } catch (InvalidToken e) { LOG.warn("Invalid access token in request from " + remoteAddress + " for OP_COPY_BLOCK for block " + block + " : " @@ -1064,7 +1063,7 @@ class DataXceiver extends Receiver implements Runnable { if (datanode.isBlockTokenEnabled) { try { datanode.blockPoolTokenSecretManager.checkAccess(blockToken, null, block, - BlockTokenSecretManager.AccessMode.REPLACE); + BlockTokenIdentifier.AccessMode.REPLACE); } catch (InvalidToken e) { LOG.warn("Invalid access token in request from " + remoteAddress + " for OP_REPLACE_BLOCK for block " + block + " : " @@ -1251,7 +1250,7 @@ class DataXceiver extends Receiver implements Runnable { final ExtendedBlock blk, final Token t, final Op op, - final BlockTokenSecretManager.AccessMode mode) throws IOException { + final BlockTokenIdentifier.AccessMode mode) throws IOException { if (datanode.isBlockTokenEnabled) { if (LOG.isDebugEnabled()) { LOG.debug("Checking block access token for block '" + blk.getBlockId() @@ -1264,7 +1263,7 @@ class DataXceiver extends Receiver implements Runnable { if (reply) { BlockOpResponseProto.Builder resp = BlockOpResponseProto.newBuilder() .setStatus(ERROR_ACCESS_TOKEN); - if (mode == BlockTokenSecretManager.AccessMode.WRITE) { + if (mode == BlockTokenIdentifier.AccessMode.WRITE) { DatanodeRegistration dnR = datanode.getDNRegistrationForBP(blk.getBlockPoolId()); // NB: Unconditionally using the xfer addr w/o hostname http://git-wip-us.apache.org/repos/asf/hadoop/blob/6f97b780/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java index 538c09c..c641886 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java @@ -201,8 +201,7 @@ import org.apache.hadoop.hdfs.protocol.SnapshotAccessControlException; import org.apache.hadoop.hdfs.protocol.SnapshotDiffReport; import org.apache.hadoop.hdfs.protocol.SnapshottableDirectoryStatus; import org.apache.hadoop.hdfs.protocol.datatransfer.ReplaceDatanodeOnFailure; -import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager; -import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager.AccessMode; +import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier; import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier; import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager; import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager.SecretManagerState; @@ -3288,7 +3287,7 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean, LocatedBlock lBlk = new LocatedBlock( getExtendedBlock(blk), locs, offset, false); getBlockManager().setBlockToken( - lBlk, BlockTokenSecretManager.AccessMode.WRITE); + lBlk, BlockTokenIdentifier.AccessMode.WRITE); return lBlk; } @@ -3350,7 +3349,7 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean, src, numAdditionalNodes, clientnode, chosen, excludes, preferredblocksize, storagePolicyID); final LocatedBlock lb = new LocatedBlock(blk, targets, -1, false); - blockManager.setBlockToken(lb, AccessMode.COPY); + blockManager.setBlockToken(lb, BlockTokenIdentifier.AccessMode.COPY); return lb; } @@ -6270,7 +6269,7 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean, // get a new generation stamp and an access token block.setGenerationStamp(nextGenerationStamp(blockIdManager.isLegacyBlock(block.getLocalBlock()))); locatedBlock = new LocatedBlock(block, new DatanodeInfo[0]); - blockManager.setBlockToken(locatedBlock, AccessMode.WRITE); + blockManager.setBlockToken(locatedBlock, BlockTokenIdentifier.AccessMode.WRITE); } finally { writeUnlock(); } http://git-wip-us.apache.org/repos/asf/hadoop/blob/6f97b780/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java index 1fe7ba8..d5a9426 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java @@ -139,7 +139,7 @@ public class TestBlockToken { LOG.info("Got: " + id.toString()); assertTrue("Received BlockTokenIdentifier is wrong", ident.equals(id)); sm.checkAccess(id, null, PBHelper.convert(req.getBlock()), - BlockTokenSecretManager.AccessMode.WRITE); + BlockTokenIdentifier.AccessMode.WRITE); result = id.getBlockId(); } return GetReplicaVisibleLengthResponseProto.newBuilder() @@ -149,7 +149,7 @@ public class TestBlockToken { private BlockTokenIdentifier generateTokenId(BlockTokenSecretManager sm, ExtendedBlock block, - EnumSet accessModes) + EnumSet accessModes) throws IOException { Token token = sm.generateToken(block, accessModes); BlockTokenIdentifier id = sm.createIdentifier(); @@ -164,17 +164,17 @@ public class TestBlockToken { BlockTokenSecretManager sm = new BlockTokenSecretManager( blockKeyUpdateInterval, blockTokenLifetime, 0, "fake-pool", null); TestWritable.testWritable(generateTokenId(sm, block1, - EnumSet.allOf(BlockTokenSecretManager.AccessMode.class))); + EnumSet.allOf(BlockTokenIdentifier.AccessMode.class))); TestWritable.testWritable(generateTokenId(sm, block2, - EnumSet.of(BlockTokenSecretManager.AccessMode.WRITE))); + EnumSet.of(BlockTokenIdentifier.AccessMode.WRITE))); TestWritable.testWritable(generateTokenId(sm, block3, - EnumSet.noneOf(BlockTokenSecretManager.AccessMode.class))); + EnumSet.noneOf(BlockTokenIdentifier.AccessMode.class))); } private void tokenGenerationAndVerification(BlockTokenSecretManager master, BlockTokenSecretManager slave) throws Exception { // single-mode tokens - for (BlockTokenSecretManager.AccessMode mode : BlockTokenSecretManager.AccessMode + for (BlockTokenIdentifier.AccessMode mode : BlockTokenIdentifier.AccessMode .values()) { // generated by master Token token1 = master.generateToken(block1, @@ -189,8 +189,8 @@ public class TestBlockToken { } // multi-mode tokens Token mtoken = master.generateToken(block3, - EnumSet.allOf(BlockTokenSecretManager.AccessMode.class)); - for (BlockTokenSecretManager.AccessMode mode : BlockTokenSecretManager.AccessMode + EnumSet.allOf(BlockTokenIdentifier.AccessMode.class)); + for (BlockTokenIdentifier.AccessMode mode : BlockTokenIdentifier.AccessMode .values()) { master.checkAccess(mtoken, null, block3, mode); slave.checkAccess(mtoken, null, block3, mode); @@ -246,7 +246,7 @@ public class TestBlockToken { BlockTokenSecretManager sm = new BlockTokenSecretManager( blockKeyUpdateInterval, blockTokenLifetime, 0, "fake-pool", null); Token token = sm.generateToken(block3, - EnumSet.allOf(BlockTokenSecretManager.AccessMode.class)); + EnumSet.allOf(BlockTokenIdentifier.AccessMode.class)); final Server server = createMockDatanode(sm, token, conf); @@ -285,7 +285,7 @@ public class TestBlockToken { BlockTokenSecretManager sm = new BlockTokenSecretManager( blockKeyUpdateInterval, blockTokenLifetime, 0, "fake-pool", null); Token token = sm.generateToken(block3, - EnumSet.allOf(BlockTokenSecretManager.AccessMode.class)); + EnumSet.allOf(BlockTokenIdentifier.AccessMode.class)); final Server server = createMockDatanode(sm, token, conf); server.start(); http://git-wip-us.apache.org/repos/asf/hadoop/blob/6f97b780/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/blockmanagement/TestBlockTokenWithDFS.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/blockmanagement/TestBlockTokenWithDFS.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/blockmanagement/TestBlockTokenWithDFS.java index c280027..43f2992 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/blockmanagement/TestBlockTokenWithDFS.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/blockmanagement/TestBlockTokenWithDFS.java @@ -413,21 +413,21 @@ public class TestBlockTokenWithDFS { tryRead(conf, lblock, false); // use a valid new token lblock.setBlockToken(sm.generateToken(lblock.getBlock(), - EnumSet.of(BlockTokenSecretManager.AccessMode.READ))); + EnumSet.of(BlockTokenIdentifier.AccessMode.READ))); // read should succeed tryRead(conf, lblock, true); // use a token with wrong blockID ExtendedBlock wrongBlock = new ExtendedBlock(lblock.getBlock() .getBlockPoolId(), lblock.getBlock().getBlockId() + 1); lblock.setBlockToken(sm.generateToken(wrongBlock, - EnumSet.of(BlockTokenSecretManager.AccessMode.READ))); + EnumSet.of(BlockTokenIdentifier.AccessMode.READ))); // read should fail tryRead(conf, lblock, false); // use a token with wrong access modes lblock.setBlockToken(sm.generateToken(lblock.getBlock(), - EnumSet.of(BlockTokenSecretManager.AccessMode.WRITE, - BlockTokenSecretManager.AccessMode.COPY, - BlockTokenSecretManager.AccessMode.REPLACE))); + EnumSet.of(BlockTokenIdentifier.AccessMode.WRITE, + BlockTokenIdentifier.AccessMode.COPY, + BlockTokenIdentifier.AccessMode.REPLACE))); // read should fail tryRead(conf, lblock, false);