hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a...@apache.org
Subject hadoop git commit: HDFS-14026. Overload BlockPoolTokenSecretManager.checkAccess to make storageId and storageType optional. Contributed by Arpit Agarwal.
Date Thu, 25 Oct 2018 04:55:55 GMT
Repository: hadoop
Updated Branches:
  refs/heads/trunk ace06a93b -> 97bd49fc3


HDFS-14026. Overload BlockPoolTokenSecretManager.checkAccess to make storageId and storageType
optional. Contributed by Arpit Agarwal.


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/97bd49fc
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/97bd49fc
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/97bd49fc

Branch: refs/heads/trunk
Commit: 97bd49fc36fae66a7289fd94630a000d09f49f1d
Parents: ace06a9
Author: Ajay Kumar <ajay@apache.com>
Authored: Wed Oct 24 21:55:42 2018 -0700
Committer: Ajay Kumar <ajay@apache.com>
Committed: Wed Oct 24 21:55:42 2018 -0700

----------------------------------------------------------------------
 .../block/BlockPoolTokenSecretManager.java      | 20 ++++++++++++++++++++
 .../token/block/BlockTokenSecretManager.java    | 20 ++++++++++++++++++++
 .../security/token/block/TestBlockToken.java    |  8 +++++++-
 3 files changed, 47 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/97bd49fc/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java
b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java
index 4d3915e..bbd3750 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java
@@ -107,6 +107,26 @@ public class BlockPoolTokenSecretManager extends
   }
 
   /**
+   * See {@link BlockTokenSecretManager#checkAccess(BlockTokenIdentifier,
+   * String, ExtendedBlock, BlockTokenIdentifier.AccessMode)}.
+   */
+  public void checkAccess(BlockTokenIdentifier id, String userId,
+                          ExtendedBlock block, AccessMode mode)
+      throws InvalidToken {
+    get(block.getBlockPoolId()).checkAccess(id, userId, block, mode);
+  }
+
+  /**
+   * See {@link BlockTokenSecretManager#checkAccess(Token, String,
+   *                ExtendedBlock, BlockTokenIdentifier.AccessMode)}.
+   */
+  public void checkAccess(Token<BlockTokenIdentifier> token,
+      String userId, ExtendedBlock block, AccessMode mode)
+      throws InvalidToken {
+    get(block.getBlockPoolId()).checkAccess(token, userId, block, mode);
+  }
+
+  /**
    * See {@link BlockTokenSecretManager#checkAccess(Token, String,
    *                ExtendedBlock, BlockTokenIdentifier.AccessMode,
    *                StorageType[], String[])}

http://git-wip-us.apache.org/repos/asf/hadoop/blob/97bd49fc/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java
b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java
index 85fef13..3b2e8d2 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java
@@ -390,6 +390,26 @@ public class BlockTokenSecretManager extends
     }
   }
 
+  /** Check if access should be allowed. userID is not checked if null */
+  public void checkAccess(Token<BlockTokenIdentifier> token, String userId,
+      ExtendedBlock block, BlockTokenIdentifier.AccessMode mode)
+      throws InvalidToken {
+    BlockTokenIdentifier id = new BlockTokenIdentifier();
+    try {
+      id.readFields(new DataInputStream(new ByteArrayInputStream(token
+          .getIdentifier())));
+    } catch (IOException e) {
+      throw new InvalidToken(
+          "Unable to de-serialize block token identifier for user=" + userId
+              + ", block=" + block + ", access mode=" + mode);
+    }
+    checkAccess(id, userId, block, mode);
+    if (!Arrays.equals(retrievePassword(id), token.getPassword())) {
+      throw new InvalidToken("Block token with " + id
+          + " doesn't have the correct token password");
+    }
+  }
+
   private static boolean isExpired(long expiryDate) {
     return Time.now() > expiryDate;
   }

http://git-wip-us.apache.org/repos/asf/hadoop/blob/97bd49fc/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java
b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java
index 4bdd34c..9c537a4 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java
@@ -217,9 +217,14 @@ public class TestBlockToken {
       Token<BlockTokenIdentifier> t, ExtendedBlock blk,
       BlockTokenIdentifier.AccessMode mode, StorageType[] storageTypes,
       String[] storageIds) throws IOException {
-    if(storageIds == null) {
+    if (storageIds == null) {
       // Test overloaded checkAccess method.
       m.checkAccess(t.decodeIdentifier(), null, blk, mode, storageTypes);
+
+      if (storageTypes == null) {
+        // Test overloaded checkAccess method.
+        m.checkAccess(t, null, blk, mode);
+      }
     }
     m.checkAccess(t, null, blk, mode, storageTypes, storageIds);
   }
@@ -807,6 +812,7 @@ public class TestBlockToken {
     sm.checkAccess(id, null, block3, mode, storageTypes,
         null);
     sm.checkAccess(id, null, block3, mode, storageTypes);
+    sm.checkAccess(id, null, block3, mode);
   }
 
   @Test


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org


Mime
View raw message