Examples with OzoneBlockTokenIdentifier org.apache.hadoop.hdds.security.token.OzoneBlockTokenIdentifier used on opensource projects

Search in sources :

Example 1 with OzoneBlockTokenIdentifier

use of org.apache.hadoop.hdds.security.token.OzoneBlockTokenIdentifier in project ozone by apache.

the class ReplicatedFileChecksumHelper method getChunkInfos.

// copied from BlockInputStream
/**
 * Send RPC call to get the block info from the container.
 * @return List of chunks in this block.
 */
protected List<ContainerProtos.ChunkInfo> getChunkInfos(OmKeyLocationInfo keyLocationInfo) throws IOException {
    // irrespective of the container state, we will always read via Standalone
    // protocol.
    Token<OzoneBlockTokenIdentifier> token = keyLocationInfo.getToken();
    Pipeline pipeline = keyLocationInfo.getPipeline();
    BlockID blockID = keyLocationInfo.getBlockID();
    if (pipeline.getType() != HddsProtos.ReplicationType.STAND_ALONE) {
        pipeline = Pipeline.newBuilder(pipeline).setReplicationConfig(StandaloneReplicationConfig.getInstance(ReplicationConfig.getLegacyFactor(pipeline.getReplicationConfig()))).build();
    }
    boolean success = false;
    List<ContainerProtos.ChunkInfo> chunks;
    XceiverClientSpi xceiverClientSpi = null;
    try {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Initializing BlockInputStream for get key to access {}", blockID.getContainerID());
        }
        xceiverClientSpi = getXceiverClientFactory().acquireClientForReadData(pipeline);
        ContainerProtos.DatanodeBlockID datanodeBlockID = blockID.getDatanodeBlockIDProtobuf();
        ContainerProtos.GetBlockResponseProto response = ContainerProtocolCalls.getBlock(xceiverClientSpi, datanodeBlockID, token);
        chunks = response.getBlockData().getChunksList();
        success = true;
    } finally {
        if (!success && xceiverClientSpi != null) {
            getXceiverClientFactory().releaseClientForReadData(xceiverClientSpi, false);
        }
    }
    return chunks;
}
Also used : ContainerProtos(org.apache.hadoop.hdds.protocol.datanode.proto.ContainerProtos) BlockID(org.apache.hadoop.hdds.client.BlockID) XceiverClientSpi(org.apache.hadoop.hdds.scm.XceiverClientSpi) OzoneBlockTokenIdentifier(org.apache.hadoop.hdds.security.token.OzoneBlockTokenIdentifier) Pipeline(org.apache.hadoop.hdds.scm.pipeline.Pipeline)

Example 2 with OzoneBlockTokenIdentifier

use of org.apache.hadoop.hdds.security.token.OzoneBlockTokenIdentifier in project ozone by apache.

the class TestSecureContainerServer method runTestClientServer.

private static void runTestClientServer(int numDatanodes, CheckedBiConsumer<Pipeline, OzoneConfiguration, IOException> initConf, CheckedBiFunction<Pipeline, OzoneConfiguration, XceiverClientSpi, IOException> createClient, CheckedBiFunction<DatanodeDetails, OzoneConfiguration, XceiverServerSpi, IOException> createServer, CheckedBiConsumer<DatanodeDetails, Pipeline, IOException> initServer, Consumer<Pipeline> stopServer) throws Exception {
    final List<XceiverServerSpi> servers = new ArrayList<>();
    final Pipeline pipeline = MockPipeline.createPipeline(numDatanodes);
    initConf.accept(pipeline, CONF);
    for (DatanodeDetails dn : pipeline.getNodes()) {
        final XceiverServerSpi s = createServer.apply(dn, CONF);
        servers.add(s);
        s.start();
        initServer.accept(dn, pipeline);
    }
    try (XceiverClientSpi client = createClient.apply(pipeline, CONF)) {
        client.connect();
        long containerID = getTestContainerID();
        BlockID blockID = getTestBlockID(containerID);
        assertFailsTokenVerification(client, getCreateContainerRequest(containerID, pipeline));
        // create the container
        ContainerProtocolCalls.createContainer(client, containerID, getToken(ContainerID.valueOf(containerID)));
        Token<OzoneBlockTokenIdentifier> token = blockTokenSecretManager.generateToken(blockID, EnumSet.allOf(AccessModeProto.class), RandomUtils.nextLong());
        String encodedToken = token.encodeToUrlString();
        ContainerCommandRequestProto.Builder writeChunk = newWriteChunkRequestBuilder(pipeline, blockID, 1024, 0);
        assertRequiresToken(client, encodedToken, writeChunk);
        ContainerCommandRequestProto.Builder putBlock = newPutBlockRequestBuilder(pipeline, writeChunk.getWriteChunk());
        assertRequiresToken(client, encodedToken, putBlock);
        ContainerCommandRequestProto.Builder readChunk = newReadChunkRequestBuilder(pipeline, writeChunk.getWriteChunk());
        assertRequiresToken(client, encodedToken, readChunk);
        ContainerCommandRequestProto.Builder getBlock = newGetBlockRequestBuilder(pipeline, putBlock.getPutBlock());
        assertRequiresToken(client, encodedToken, getBlock);
        ContainerCommandRequestProto.Builder getCommittedBlockLength = newGetCommittedBlockLengthBuilder(pipeline, putBlock.getPutBlock());
        assertRequiresToken(client, encodedToken, getCommittedBlockLength);
    } finally {
        stopServer.accept(pipeline);
        servers.forEach(XceiverServerSpi::stop);
    }
}
Also used : ArrayList(java.util.ArrayList) XceiverClientSpi(org.apache.hadoop.hdds.scm.XceiverClientSpi) OzoneBlockTokenIdentifier(org.apache.hadoop.hdds.security.token.OzoneBlockTokenIdentifier) XceiverServerSpi(org.apache.hadoop.ozone.container.common.transport.server.XceiverServerSpi) MockPipeline(org.apache.hadoop.hdds.scm.pipeline.MockPipeline) Pipeline(org.apache.hadoop.hdds.scm.pipeline.Pipeline) AccessModeProto(org.apache.hadoop.hdds.protocol.proto.HddsProtos.BlockTokenSecretProto.AccessModeProto) MockDatanodeDetails(org.apache.hadoop.hdds.protocol.MockDatanodeDetails) DatanodeDetails(org.apache.hadoop.hdds.protocol.DatanodeDetails) ContainerTestHelper.getTestBlockID(org.apache.hadoop.ozone.container.ContainerTestHelper.getTestBlockID) BlockID(org.apache.hadoop.hdds.client.BlockID) ContainerCommandRequestProto(org.apache.hadoop.hdds.protocol.datanode.proto.ContainerProtos.ContainerCommandRequestProto)

Example 3 with OzoneBlockTokenIdentifier

use of org.apache.hadoop.hdds.security.token.OzoneBlockTokenIdentifier in project ozone by apache.

the class OzoneBlockTokenSecretManager method generateToken.

/**
 * Generate an block token for specified user, blockId. Service field for
 * token is set to blockId.
 */
public Token<OzoneBlockTokenIdentifier> generateToken(String user, BlockID blockId, Set<AccessModeProto> modes, long maxLength) {
    OzoneBlockTokenIdentifier tokenIdentifier = createIdentifier(user, blockId, modes, maxLength);
    if (LOG.isDebugEnabled()) {
        long expiryTime = tokenIdentifier.getExpiryDate();
        LOG.info("Issued delegation token -> expiryTime:{}, tokenId:{}", Instant.ofEpochMilli(expiryTime), tokenIdentifier);
    }
    return new Token<>(tokenIdentifier.getBytes(), createPassword(tokenIdentifier), tokenIdentifier.getKind(), new Text(tokenIdentifier.getService()));
}
Also used : Token(org.apache.hadoop.security.token.Token) Text(org.apache.hadoop.io.Text) OzoneBlockTokenIdentifier(org.apache.hadoop.hdds.security.token.OzoneBlockTokenIdentifier)

Example 4 with OzoneBlockTokenIdentifier

use of org.apache.hadoop.hdds.security.token.OzoneBlockTokenIdentifier in project ozone by apache.

the class TestOzoneBlockTokenSecretManager method tokenCannotBeUsedForOtherBlock.

@Test
public void tokenCannotBeUsedForOtherBlock() throws Exception {
    // GIVEN
    BlockID blockID = new BlockID(101, 0);
    BlockID otherBlockID = new BlockID(102, 0);
    // WHEN
    Token<OzoneBlockTokenIdentifier> token = secretManager.generateToken("testUser", blockID, EnumSet.allOf(AccessModeProto.class), 100);
    String encodedToken = token.encodeToUrlString();
    ContainerCommandRequestProto writeChunkRequest = getWriteChunkRequest(pipeline, otherBlockID, 100, encodedToken);
    // THEN
    BlockTokenException e = assertThrows(BlockTokenException.class, () -> tokenVerifier.verify("testUser", token, writeChunkRequest));
    String msg = e.getMessage();
    assertTrue(msg, msg.contains("Token for ID: " + OzoneBlockTokenIdentifier.getTokenService(blockID) + " can't be used to access: " + OzoneBlockTokenIdentifier.getTokenService(otherBlockID)));
}
Also used : AccessModeProto(org.apache.hadoop.hdds.protocol.proto.HddsProtos.BlockTokenSecretProto.AccessModeProto) BlockID(org.apache.hadoop.hdds.client.BlockID) ContainerCommandRequestProto(org.apache.hadoop.hdds.protocol.datanode.proto.ContainerProtos.ContainerCommandRequestProto) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) BlockTokenException(org.apache.hadoop.hdds.security.token.BlockTokenException) OzoneBlockTokenIdentifier(org.apache.hadoop.hdds.security.token.OzoneBlockTokenIdentifier) Test(org.junit.Test)

Example 5 with OzoneBlockTokenIdentifier

use of org.apache.hadoop.hdds.security.token.OzoneBlockTokenIdentifier in project ozone by apache.

the class TestOzoneBlockTokenSecretManager method testBlockTokenReadAccessMode.

@Test
public void testBlockTokenReadAccessMode() throws Exception {
    final String testUser1 = "testUser1";
    BlockID blockID = new BlockID(101, 0);
    Token<OzoneBlockTokenIdentifier> token = secretManager.generateToken(testUser1, blockID, EnumSet.of(AccessModeProto.READ), 100);
    String encodedToken = token.encodeToUrlString();
    ContainerCommandRequestProto writeChunkRequest = getWriteChunkRequest(pipeline, blockID, 100, encodedToken);
    ContainerCommandRequestProto putBlockCommand = getPutBlockRequest(pipeline, encodedToken, writeChunkRequest.getWriteChunk());
    ContainerCommandRequestProto getBlockCommand = getBlockRequest(pipeline, putBlockCommand.getPutBlock());
    BlockTokenException e = assertThrows(BlockTokenException.class, () -> tokenVerifier.verify(testUser1, token, putBlockCommand));
    String msg = e.getMessage();
    assertTrue(msg, msg.contains("doesn't have WRITE permission"));
    tokenVerifier.verify(testUser1, token, getBlockCommand);
}
Also used : BlockID(org.apache.hadoop.hdds.client.BlockID) ContainerCommandRequestProto(org.apache.hadoop.hdds.protocol.datanode.proto.ContainerProtos.ContainerCommandRequestProto) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) BlockTokenException(org.apache.hadoop.hdds.security.token.BlockTokenException) OzoneBlockTokenIdentifier(org.apache.hadoop.hdds.security.token.OzoneBlockTokenIdentifier) Test(org.junit.Test)

Aggregations

OzoneBlockTokenIdentifier (org.apache.hadoop.hdds.security.token.OzoneBlockTokenIdentifier)15 Test (org.junit.Test)11 BlockID (org.apache.hadoop.hdds.client.BlockID)10 AccessModeProto (org.apache.hadoop.hdds.protocol.proto.HddsProtos.BlockTokenSecretProto.AccessModeProto)8 ContainerCommandRequestProto (org.apache.hadoop.hdds.protocol.datanode.proto.ContainerProtos.ContainerCommandRequestProto)7 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)6 BlockTokenException (org.apache.hadoop.hdds.security.token.BlockTokenException)5 X509Certificate (java.security.cert.X509Certificate)4 ArrayList (java.util.ArrayList)3 XceiverClientSpi (org.apache.hadoop.hdds.scm.XceiverClientSpi)2 Pipeline (org.apache.hadoop.hdds.scm.pipeline.Pipeline)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 DataInputStream (java.io.DataInputStream)1 File (java.io.File)1 KeyPair (java.security.KeyPair)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 PrivateKey (java.security.PrivateKey)1 KeyGenerator (javax.crypto.KeyGenerator)1 Mac (javax.crypto.Mac)1 SecretKey (javax.crypto.SecretKey)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial