Skip to content

Instantly share code, notes, and snippets.

@kazuki

kazuki/README

Last active August 29, 2015 14:05
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kazuki/6a605f33ea74b2279b55 to your computer and use it in GitHub Desktop.
Save kazuki/6a605f33ea74b2279b55 to your computer and use it in GitHub Desktop.
Download ZIP
Hadoop SwiftFileSystem KeyStone v3 TRUST Support Patch
Raw
README
Added configuration parameter "fs.swift.service.<name>.trust-id".
When you use "fs.swift.service.<name>.trust-id" parameter,
you have to set "fs.swift.service.sic.auth.url" to Keystone V3 URL (http://keystone-host:5000/v3/auth/tokens)
Example:
$ hadoop fs -ls -Dfs.swift.service.sahara.auth.url=http://localhost:5000/v3/auth/tokens \
-Dfs.swift.service.sahara.username=<swift-proxy-user> \
-Dfs.swift.service.sahara.password=<swift-proxy-user-password> \
-Dfs.swift.service.sahara.trust-id=<trust-id> \
swift://<container-name>.sahara/
This patch implements minimum Keystone V3 support.
(user+pass+trust only. user+pass or token is not impelemented)
I tested at single domain only (Trustor and trustee are same domain).
Raw
patch
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/ApiKeyAuthenticationRequest.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/ApiKeyAuthenticationRequest.java
index f5f9a8c..9018248 100644
--- a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/ApiKeyAuthenticationRequest.java
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/ApiKeyAuthenticationRequest.java
@@ -26,7 +26,7 @@
* THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
* DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS
*/
-public class ApiKeyAuthenticationRequest extends AuthenticationRequest {
+public class ApiKeyAuthenticationRequest extends AuthenticationRequestV2 {
/**
* Credentials for login
*/
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequest.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequest.java
index a2a3b55..529677b 100644
--- a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequest.java
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequest.java
@@ -26,32 +26,11 @@
*/
public class AuthenticationRequest {
- /**
- * tenant name
- */
- protected String tenantName;
-
public AuthenticationRequest() {
}
- /**
- * @return tenant name for Keystone authorization
- */
- public String getTenantName() {
- return tenantName;
- }
-
- /**
- * @param tenantName tenant name for authorization
- */
- public void setTenantName(String tenantName) {
- this.tenantName = tenantName;
- }
-
@Override
public String toString() {
- return "AuthenticationRequest{" +
- "tenantName='" + tenantName + '\'' +
- '}';
+ return "AuthenticationRequest";
}
}
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequestV2.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequestV2.java
new file mode 100644
index 0000000..ff49e2d
--- /dev/null
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequestV2.java
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.fs.swift.auth;
+
+/**
+ * Class that represents authentication request to Openstack Keystone.
+ * Contains basic authentication information.
+ * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
+ * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
+ */
+public class AuthenticationRequestV2 extends AuthenticationRequest {
+
+ /**
+ * tenant name
+ */
+ protected String tenantName;
+
+ public AuthenticationRequestV2() {
+ }
+
+ /**
+ * @return tenant name for Keystone authorization
+ */
+ public String getTenantName() {
+ return tenantName;
+ }
+
+ /**
+ * @param tenantName tenant name for authorization
+ */
+ public void setTenantName(String tenantName) {
+ this.tenantName = tenantName;
+ }
+
+ @Override
+ public String toString() {
+ return "AuthenticationRequestV2{" +
+ "tenantName='" + tenantName + '\'' +
+ '}';
+ }
+}
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequestV3.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequestV3.java
new file mode 100644
index 0000000..08f96f5
--- /dev/null
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequestV3.java
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.fs.swift.auth;
+
+/**
+ * Class that represents authentication request to Openstack Keystone.
+ * Contains basic authentication information.
+ * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
+ * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
+ */
+public class AuthenticationRequestV3 extends AuthenticationRequest {
+
+ public AuthenticationRequestV3() {
+ }
+
+ @Override
+ public String toString() {
+ return "AuthenticationRequestV3";
+ }
+}
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationResponseV3.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationResponseV3.java
new file mode 100644
index 0000000..98c0ab2
--- /dev/null
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationResponseV3.java
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.fs.swift.auth;
+
+import org.apache.hadoop.fs.swift.auth.entities.CatalogV3;
+import org.apache.hadoop.fs.swift.auth.entities.Tenant;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+
+import java.util.List;
+
+/**
+ * Response from KeyStone deserialized into AuthenticationResponse class.
+ * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
+ * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class AuthenticationResponseV3 {
+ private List<CatalogV3> catalog;
+ private String expires_at;
+ private Tenant project;
+
+ public List<CatalogV3> getCatalog() {
+ return catalog;
+ }
+
+ public void setCatalog(List<CatalogV3> catalog) {
+ this.catalog = catalog;
+ }
+
+ public String getExpires_at() {
+ return expires_at;
+ }
+
+ public void setExpires_at(String expires_at) {
+ this.expires_at = expires_at;
+ }
+
+ public Tenant getProject() {
+ return project;
+ }
+
+ public void setProject(Tenant project) {
+ this.project = project;
+ }
+
+}
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationWrapperV3.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationWrapperV3.java
new file mode 100644
index 0000000..a744095
--- /dev/null
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationWrapperV3.java
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.fs.swift.auth;
+
+/**
+ * This class is used for correct hierarchy mapping of
+ * Keystone authentication model and java code
+ * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
+ * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
+ */
+public class AuthenticationWrapperV3 {
+
+ /**
+ * authentication response field
+ */
+ private AuthenticationResponseV3 token;
+
+ /**
+ * @return authentication response
+ */
+ public AuthenticationResponseV3 getToken() {
+ return token;
+ }
+
+ /**
+ * @param access sets authentication response
+ */
+ public void setToken(AuthenticationResponseV3 token) {
+ this.token = token;
+ }
+}
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordAuthenticationRequest.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordAuthenticationRequest.java
index ee519f3..d7436fa 100644
--- a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordAuthenticationRequest.java
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordAuthenticationRequest.java
@@ -24,7 +24,7 @@
* THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
* DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
*/
-public class PasswordAuthenticationRequest extends AuthenticationRequest {
+public class PasswordAuthenticationRequest extends AuthenticationRequestV2 {
/**
* Credentials for login
*/
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordAuthenticationRequestV3.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordAuthenticationRequestV3.java
new file mode 100644
index 0000000..2933d98
--- /dev/null
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordAuthenticationRequestV3.java
@@ -0,0 +1,83 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.fs.swift.auth;
+
+/**
+ * Class that represents authentication request to Openstack Keystone v3.
+ * Contains basic authentication information.
+ * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
+ * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
+ */
+public class PasswordAuthenticationRequestV3 extends AuthenticationRequestV3 {
+ /**
+ * Credentials for login
+ */
+ private IdentityWrapper identity;
+
+ public PasswordAuthenticationRequestV3(PasswordCredentialsV3 passwordCredentials) {
+ this.identity = new IdentityWrapper(new PasswordWrapper(passwordCredentials));
+ }
+
+ public IdentityWrapper getIdentity() {
+ return identity;
+ }
+
+ public void setIdentity(IdentityWrapper identity) {
+ this.identity = identity;
+ }
+
+ @Override
+ public String toString() {
+ return "Authenticate as TODO";
+ }
+
+ public static class IdentityWrapper {
+ private PasswordWrapper password;
+ public final String[] methods;
+
+ public IdentityWrapper(PasswordWrapper password) {
+ this.password = password;
+ this.methods = new String[]{"password"};
+ }
+
+ public PasswordWrapper getPassword() {
+ return password;
+ }
+
+ public void setPassword(PasswordWrapper password) {
+ this.password = password;
+ }
+ }
+
+ public static class PasswordWrapper {
+ private PasswordCredentialsV3 user;
+
+ public PasswordWrapper(PasswordCredentialsV3 user) {
+ this.user = user;
+ }
+
+ public PasswordCredentialsV3 getUser() {
+ return user;
+ }
+
+ public void setUser(PasswordCredentialsV3 user) {
+ this.user = user;
+ }
+ }
+}
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordCredentialsV3.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordCredentialsV3.java
new file mode 100644
index 0000000..bf51826
--- /dev/null
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordCredentialsV3.java
@@ -0,0 +1,86 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.fs.swift.auth;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Describes credentials to log in Swift using Keystone v3 authentication.
+ * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
+ * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
+ */
+public class PasswordCredentialsV3 {
+ /**
+ * user login
+ */
+ private String name;
+
+ /**
+ * user password
+ */
+ private String password;
+
+ public final Map<String,String> domain;
+
+ /**
+ * @param name user login
+ * @param password user password
+ */
+ public PasswordCredentialsV3(String name, String password) {
+ this.name =name;
+ this.password = password;
+ this.domain = new HashMap();
+ this.domain.put("id", "default");
+ }
+
+ /**
+ * @return user password
+ */
+ public String getPassword() {
+ return password;
+ }
+
+ /**
+ * @param password user password
+ */
+ public void setPassword(String password) {
+ this.password = password;
+ }
+
+ /**
+ * @return login
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param username login
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ @Override
+ public String toString() {
+ return "user '" + name + '\'' +
+ " with password of length " + ((password == null) ? 0 : password.length());
+ }
+}
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/TrustAuthenticationRequest.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/TrustAuthenticationRequest.java
new file mode 100644
index 0000000..9d7d891
--- /dev/null
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/TrustAuthenticationRequest.java
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.fs.swift.auth;
+
+import org.codehaus.jackson.annotate.JsonProperty;
+
+/**
+ * Class that represents authentication request to Openstack Keystone v3.
+ * Contains basic authentication information.
+ * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
+ * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
+ */
+public class TrustAuthenticationRequest extends PasswordAuthenticationRequestV3 {
+ /**
+ * trust-id for login
+ */
+ private ScopeWrapper scope;
+
+ public TrustAuthenticationRequest(PasswordCredentialsV3 passwordCredentials, String trust_id) {
+ super(passwordCredentials);
+ scope = new ScopeWrapper(new TrustWrapper(trust_id));
+ }
+
+ public ScopeWrapper getScope() {
+ return scope;
+ }
+
+ public void setScope(ScopeWrapper scope) {
+ this.scope = scope;
+ }
+
+ @Override
+ public String toString() {
+ return "Authenticate as TODO";
+ }
+
+ public static class ScopeWrapper {
+ private TrustWrapper trust;
+
+ public ScopeWrapper(TrustWrapper trust) {
+ this.trust = trust;
+ }
+
+ @JsonProperty("OS-TRUST:trust")
+ public TrustWrapper getTrust() {
+ return trust;
+ }
+
+ @JsonProperty("OS-TRUST:trust")
+ public void setTrust(TrustWrapper trust) {
+ this.trust = trust;
+ }
+ }
+
+ public static class TrustWrapper {
+ private String id;
+
+ public TrustWrapper(String trust_id) {
+ id = trust_id;
+ }
+
+ public String getId() {
+ return id;
+ }
+
+ public void setId(String id) {
+ this.id = id;
+ }
+ }
+}
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/entities/CatalogV3.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/entities/CatalogV3.java
new file mode 100644
index 0000000..13804c5
--- /dev/null
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/entities/CatalogV3.java
@@ -0,0 +1,89 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.fs.swift.auth.entities;
+
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+
+import java.util.List;
+
+/**
+ * Describes Openstack Swift REST endpoints.
+ * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
+ * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+
+public class CatalogV3 {
+ /**
+ * List of valid swift endpoints
+ */
+ private List<EndpointV3> endpoints;
+
+ /**
+ * Openstack REST service name. In our case name = "keystone"
+ */
+ private String name;
+
+ /**
+ * Type of REST service. In our case type = "identity"
+ */
+ private String type;
+
+ /**
+ * @return List of endpoints
+ */
+ public List<EndpointV3> getEndpoints() {
+ return endpoints;
+ }
+
+ /**
+ * @param endpoints list of endpoints
+ */
+ public void setEndpoints(List<EndpointV3> endpoints) {
+ this.endpoints = endpoints;
+ }
+
+ /**
+ * @return name of Openstack REST service
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name of Openstack REST service
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return type of Openstack REST service
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * @param type of REST service
+ */
+ public void setType(String type) {
+ this.type = type;
+ }
+}
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/entities/EndpointV3.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/entities/EndpointV3.java
new file mode 100644
index 0000000..0721114
--- /dev/null
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/entities/EndpointV3.java
@@ -0,0 +1,103 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.fs.swift.auth.entities;
+
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+
+import java.net.URI;
+
+/**
+ * Openstack Swift endpoint description.
+ * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
+ * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+
+public class EndpointV3 {
+
+ /**
+ * endpoint id
+ */
+ private String id;
+
+ /**
+ * Keystone URL
+ */
+ private URI url;
+
+ /**
+ * Openstack region name
+ */
+ private String region;
+
+ /**
+ * Keystone URL type
+ */
+ private String iface;
+
+ /**
+ * @return endpoint id
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * @param id endpoint id
+ */
+ public void setId(String id) {
+ this.id = id;
+ }
+
+ /**
+ * @return Keystone URL
+ */
+ public URI getUrl() {
+ return url;
+ }
+
+ /**
+ * @param adminURL Keystone admin URL
+ */
+ public void setUrl(URI url) {
+ this.url = url;
+ }
+
+ /**
+ * @return Openstack region name
+ */
+ public String getRegion() {
+ return region;
+ }
+
+ /**
+ * @param region Openstack region name
+ */
+ public void setRegion(String region) {
+ this.region = region;
+ }
+
+ public String getInterface() {
+ return iface;
+ }
+
+ public void setInterface(String iface) {
+ this.iface = iface;
+ }
+}
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/RestClientBindings.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/RestClientBindings.java
index 25a7e93..814acd5 100644
--- a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/RestClientBindings.java
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/RestClientBindings.java
@@ -149,6 +149,7 @@ public static Properties bind(URI fsURI, Configuration conf) throws
copy(conf, prefix + DOT_APIKEY, props, SWIFT_APIKEY_PROPERTY, false);
copy(conf, prefix + DOT_PASSWORD, props, SWIFT_PASSWORD_PROPERTY,
props.contains(SWIFT_APIKEY_PROPERTY) ? true : false);
+ copy(conf, prefix + DOT_TRUST_ID, props, SWIFT_TRUST_ID_PROPERTY, false);
copy(conf, prefix + DOT_TENANT, props, SWIFT_TENANT_PROPERTY, false);
copy(conf, prefix + DOT_REGION, props, SWIFT_REGION_PROPERTY, false);
copy(conf, prefix + DOT_HTTP_PORT, props, SWIFT_HTTP_PORT_PROPERTY, false);
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/SwiftProtocolConstants.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/SwiftProtocolConstants.java
index 6d12504..68a66e4 100644
--- a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/SwiftProtocolConstants.java
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/SwiftProtocolConstants.java
@@ -214,6 +214,7 @@
public static final String DOT_TENANT = ".tenant";
public static final String DOT_USERNAME = ".username";
public static final String DOT_PASSWORD = ".password";
+ public static final String DOT_TRUST_ID = ".trust-id";
public static final String DOT_HTTP_PORT = ".http.port";
public static final String DOT_HTTPS_PORT = ".https.port";
public static final String DOT_REGION = ".region";
@@ -235,6 +236,7 @@
public static final String SWIFT_TENANT_PROPERTY = FS_SWIFT + DOT_TENANT;
public static final String SWIFT_USERNAME_PROPERTY = FS_SWIFT + DOT_USERNAME;
public static final String SWIFT_PASSWORD_PROPERTY = FS_SWIFT + DOT_PASSWORD;
+ public static final String SWIFT_TRUST_ID_PROPERTY = FS_SWIFT + DOT_TRUST_ID;
public static final String SWIFT_APIKEY_PROPERTY = FS_SWIFT + DOT_APIKEY;
public static final String SWIFT_HTTP_PORT_PROPERTY = FS_SWIFT + DOT_HTTP_PORT;
public static final String SWIFT_HTTPS_PORT_PROPERTY = FS_SWIFT
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/SwiftRestClient.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/SwiftRestClient.java
index 28f8b47..7a5baeb 100644
--- a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/SwiftRestClient.java
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/SwiftRestClient.java
@@ -20,6 +20,7 @@
import org.apache.commons.httpclient.DefaultHttpMethodRetryHandler;
import org.apache.commons.httpclient.Header;
+import org.apache.commons.httpclient.HeaderElement;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpHost;
import org.apache.commons.httpclient.HttpMethod;
@@ -40,16 +41,24 @@
import org.apache.hadoop.fs.swift.auth.ApiKeyAuthenticationRequest;
import org.apache.hadoop.fs.swift.auth.ApiKeyCredentials;
import org.apache.hadoop.fs.swift.auth.AuthenticationRequest;
+import org.apache.hadoop.fs.swift.auth.AuthenticationRequestV2;
+import org.apache.hadoop.fs.swift.auth.AuthenticationRequestV3;
import org.apache.hadoop.fs.swift.auth.AuthenticationRequestWrapper;
import org.apache.hadoop.fs.swift.auth.AuthenticationResponse;
+import org.apache.hadoop.fs.swift.auth.AuthenticationResponseV3;
import org.apache.hadoop.fs.swift.auth.AuthenticationWrapper;
+import org.apache.hadoop.fs.swift.auth.AuthenticationWrapperV3;
import org.apache.hadoop.fs.swift.auth.KeyStoneAuthRequest;
import org.apache.hadoop.fs.swift.auth.KeystoneApiKeyCredentials;
import org.apache.hadoop.fs.swift.auth.PasswordAuthenticationRequest;
+import org.apache.hadoop.fs.swift.auth.TrustAuthenticationRequest;
import org.apache.hadoop.fs.swift.auth.PasswordCredentials;
+import org.apache.hadoop.fs.swift.auth.PasswordCredentialsV3;
import org.apache.hadoop.fs.swift.auth.entities.AccessToken;
import org.apache.hadoop.fs.swift.auth.entities.Catalog;
+import org.apache.hadoop.fs.swift.auth.entities.CatalogV3;
import org.apache.hadoop.fs.swift.auth.entities.Endpoint;
+import org.apache.hadoop.fs.swift.auth.entities.EndpointV3;
import org.apache.hadoop.fs.swift.exceptions.SwiftAuthenticationFailedException;
import org.apache.hadoop.fs.swift.exceptions.SwiftBadRequestException;
import org.apache.hadoop.fs.swift.exceptions.SwiftConfigurationException;
@@ -131,6 +140,11 @@
private final String password;
/**
+ * trust id
+ */
+ private final String trust_id;
+
+ /**
* user api key
*/
private final String apiKey;
@@ -454,6 +468,7 @@ private SwiftRestClient(URI filesystemURI,
String stringAuthUri = getOption(props, SWIFT_AUTH_PROPERTY);
username = getOption(props, SWIFT_USERNAME_PROPERTY);
password = props.getProperty(SWIFT_PASSWORD_PROPERTY);
+ trust_id = props.getProperty(SWIFT_TRUST_ID_PROPERTY);
apiKey = props.getProperty(SWIFT_APIKEY_PROPERTY);
//optional
region = props.getProperty(SWIFT_REGION_PROPERTY);
@@ -473,10 +488,16 @@ private SwiftRestClient(URI filesystemURI,
}
//create the (reusable) authentication request
if (password != null) {
- authRequest = new PasswordAuthenticationRequest(tenant,
- new PasswordCredentials(
- username,
- password));
+ if (trust_id == null) {
+ authRequest = new PasswordAuthenticationRequest(tenant,
+ new PasswordCredentials(
+ username,
+ password));
+ } else {
+ authRequest = new TrustAuthenticationRequest(
+ new PasswordCredentialsV3(username, password),
+ trust_id);
+ }
} else {
authRequest = new ApiKeyAuthenticationRequest(tenant,
new ApiKeyCredentials(
@@ -1118,12 +1139,23 @@ protected void setup(AuthPostMethod method) throws IOException {
@Override
public AccessToken extractResult(AuthPostMethod method) throws IOException {
+
//initial check for failure codes leading to authentication failures
if (method.getStatusCode() == SC_BAD_REQUEST) {
throw new SwiftAuthenticationFailedException(
authenticationRequest.toString(), "POST", authUri, method);
}
+ if (authenticationRequest instanceof AuthenticationRequestV2) {
+ return extractResultV2(method);
+ } else {
+ return extractResultV3(method);
+ }
+
+ }
+
+ AccessToken extractResultV2(AuthPostMethod method) throws IOException {
+
final AuthenticationResponse access =
JSONUtil.toObject(method.getResponseBodyAsString(),
AuthenticationWrapper.class).getAccess();
@@ -1218,6 +1250,76 @@ public AccessToken extractResult(AuthPostMethod method) throws IOException {
createDefaultContainer();
return accessToken;
}
+
+ AccessToken extractResultV3(AuthPostMethod method) throws IOException {
+
+ final AuthenticationResponseV3 response =
+ JSONUtil.toObject(method.getResponseBodyAsString(),
+ AuthenticationWrapperV3.class).getToken();
+
+ URI endpointURI = null;
+ for (CatalogV3 catalog : response.getCatalog()) {
+ String name = catalog.getName();
+ String type = catalog.getType();
+
+ if (!name.equals(SERVICE_CATALOG_SWIFT)
+ && !name.equals(SERVICE_CATALOG_CLOUD_FILES)
+ && !type.equals(SERVICE_CATALOG_OBJECT_STORE)) {
+ continue;
+ }
+
+ for (EndpointV3 endpoint : catalog.getEndpoints()) {
+ if (region != null && !endpoint.getRegion().equals(region)) {
+ continue;
+ }
+ if ((usePublicURL && "public".equals(endpoint.getInterface()))
+ || (!usePublicURL && "internal".equals(endpoint.getInterface()))) {
+ endpointURI = endpoint.getUrl();
+ break;
+ }
+ }
+ }
+ if (endpointURI == null) {
+ String message = "Could not find swift service from auth URL "
+ + authUri
+ + " and region '" + region + "'.";
+ throw new SwiftInvalidResponseException(message,
+ SC_OK,
+ "authenticating",
+ authUri);
+
+ }
+
+ AccessToken token = new AccessToken();
+ final Header token_header = method.getResponseHeader("X-Subject-Token");
+ if (token_header == null) {
+ throw new SwiftException("invalid Keystone response");
+ }
+ token.setId(token_header.getValue());
+ token.setExpires(response.getExpires_at());
+ token.setTenant(response.getProject());
+
+ URI objectLocation = null;
+ String path = SWIFT_OBJECT_AUTH_ENDPOINT + token.getTenant().getId();
+ try {
+ objectLocation = new URI(endpointURI.getScheme(),
+ null,
+ endpointURI.getHost(),
+ endpointURI.getPort(),
+ path,
+ null,
+ null);
+ } catch (URISyntaxException e) {
+ throw new SwiftException("object endpoint URI is incorrect: "
+ + endpointURI
+ + " + " + path,
+ e);
+ }
+
+ setAuthDetails(endpointURI, objectLocation, token);
+ createDefaultContainer();
+ return token;
+ }
}
private StringRequestEntity getAuthenticationRequst(AuthenticationRequest authenticationRequest)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment