HDFS-1814. Add "hdfs groups" command to query the server-side groups resolved for a user. Contributed by Aaron T. Myers.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/hdfs/trunk@1102513 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/CHANGES.txt b/CHANGES.txt
index e1a47ce..dcc2b21 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -275,6 +275,9 @@
HDFS 1911 HDFS tests for the newly added viewfs
+ HDFS-1814. Add "hdfs groups" command to query the server-side groups
+ resolved for a user. (Aaron T. Myers via todd)
+
IMPROVEMENTS
diff --git a/bin/hdfs b/bin/hdfs
index e2bc4a7..76ff689 100755
--- a/bin/hdfs
+++ b/bin/hdfs
@@ -35,6 +35,7 @@
echo " oev apply the offline edits viewer to an edits file"
echo " fetchdt fetch a delegation token from the NameNode"
echo " getconf get config values from configuration"
+ echo " groups get the groups which users belong to"
echo " Use -help to see options"
echo ""
echo "Most commands print help when invoked w/o parameters."
@@ -97,6 +98,8 @@
CLASS=org.apache.hadoop.hdfs.tools.DelegationTokenFetcher
elif [ "$COMMAND" = "getconf" ] ; then
CLASS=org.apache.hadoop.hdfs.tools.GetConf
+elif [ "$COMMAND" = "groups" ] ; then
+ CLASS=org.apache.hadoop.hdfs.tools.GetGroups
else
echo $COMMAND - invalid command
print_usage
diff --git a/src/java/org/apache/hadoop/hdfs/HDFSPolicyProvider.java b/src/java/org/apache/hadoop/hdfs/HDFSPolicyProvider.java
index b5cfa5f..edfc41f 100644
--- a/src/java/org/apache/hadoop/hdfs/HDFSPolicyProvider.java
+++ b/src/java/org/apache/hadoop/hdfs/HDFSPolicyProvider.java
@@ -27,6 +27,7 @@
import org.apache.hadoop.security.authorize.PolicyProvider;
import org.apache.hadoop.security.authorize.RefreshAuthorizationPolicyProtocol;
import org.apache.hadoop.security.authorize.Service;
+import org.apache.hadoop.tools.GetUserMappingsProtocol;
/**
* {@link PolicyProvider} for HDFS protocols.
@@ -46,6 +47,8 @@
RefreshAuthorizationPolicyProtocol.class),
new Service("security.refresh.user.mappings.protocol.acl",
RefreshUserMappingsProtocol.class),
+ new Service("security.get.user.mappings.protocol.acl",
+ GetUserMappingsProtocol.class)
};
@Override
diff --git a/src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java b/src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java
index 6381065..65edc29 100644
--- a/src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java
+++ b/src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java
@@ -100,6 +100,7 @@
import org.apache.hadoop.security.authorize.RefreshAuthorizationPolicyProtocol;
import org.apache.hadoop.security.token.SecretManager.InvalidToken;
import org.apache.hadoop.security.token.Token;
+import org.apache.hadoop.tools.GetUserMappingsProtocol;
import org.apache.hadoop.util.ServicePlugin;
import org.apache.hadoop.util.StringUtils;
@@ -156,6 +157,8 @@
return RefreshAuthorizationPolicyProtocol.versionID;
} else if (protocol.equals(RefreshUserMappingsProtocol.class.getName())){
return RefreshUserMappingsProtocol.versionID;
+ } else if (protocol.equals(GetUserMappingsProtocol.class.getName())){
+ return GetUserMappingsProtocol.versionID;
} else {
throw new IOException("Unknown protocol to name node: " + protocol);
}
@@ -1543,6 +1546,14 @@
ProxyUsers.refreshSuperUserGroupsConfiguration();
}
+
+ @Override
+ public String[] getGroupsForUser(String user) throws IOException {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Getting groups for user " + user);
+ }
+ return UserGroupInformation.createRemoteUser(user).getGroupNames();
+ }
private static void printUsage() {
System.err.println(
diff --git a/src/java/org/apache/hadoop/hdfs/server/protocol/NamenodeProtocols.java b/src/java/org/apache/hadoop/hdfs/server/protocol/NamenodeProtocols.java
index 5ae7c45..4de386f 100644
--- a/src/java/org/apache/hadoop/hdfs/server/protocol/NamenodeProtocols.java
+++ b/src/java/org/apache/hadoop/hdfs/server/protocol/NamenodeProtocols.java
@@ -22,6 +22,7 @@
import org.apache.hadoop.hdfs.protocol.ClientProtocol;
import org.apache.hadoop.security.authorize.RefreshAuthorizationPolicyProtocol;
import org.apache.hadoop.security.RefreshUserMappingsProtocol;
+import org.apache.hadoop.tools.GetUserMappingsProtocol;
/** The full set of RPC methods implemented by the Namenode. */
@InterfaceAudience.Private
@@ -30,5 +31,6 @@
DatanodeProtocol,
NamenodeProtocol,
RefreshAuthorizationPolicyProtocol,
- RefreshUserMappingsProtocol {
+ RefreshUserMappingsProtocol,
+ GetUserMappingsProtocol {
}
diff --git a/src/java/org/apache/hadoop/hdfs/tools/GetGroups.java b/src/java/org/apache/hadoop/hdfs/tools/GetGroups.java
new file mode 100644
index 0000000..c84d3bb
--- /dev/null
+++ b/src/java/org/apache/hadoop/hdfs/tools/GetGroups.java
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hdfs.tools;
+
+import java.io.IOException;
+import java.io.PrintStream;
+import java.net.InetSocketAddress;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hdfs.HdfsConfiguration;
+import org.apache.hadoop.hdfs.server.namenode.NameNode;
+import org.apache.hadoop.tools.GetGroupsBase;
+import org.apache.hadoop.util.ToolRunner;
+
+/**
+ * HDFS implementation of a tool for getting the groups which a given user
+ * belongs to.
+ */
+public class GetGroups extends GetGroupsBase {
+
+ static {
+ Configuration.addDefaultResource("hdfs-default.xml");
+ Configuration.addDefaultResource("hdfs-site.xml");
+ }
+
+ GetGroups(Configuration conf) {
+ super(conf);
+ }
+
+ GetGroups(Configuration conf, PrintStream out) {
+ super(conf, out);
+ }
+
+ @Override
+ protected InetSocketAddress getProtocolAddress(Configuration conf)
+ throws IOException {
+ return NameNode.getAddress(conf);
+ }
+
+ public static void main(String[] argv) throws Exception {
+ int res = ToolRunner.run(new GetGroups(new HdfsConfiguration()), argv);
+ System.exit(res);
+ }
+}
\ No newline at end of file
diff --git a/src/test/hdfs/org/apache/hadoop/hdfs/MiniDFSCluster.java b/src/test/hdfs/org/apache/hadoop/hdfs/MiniDFSCluster.java
index 6be64bc..c95880b 100644
--- a/src/test/hdfs/org/apache/hadoop/hdfs/MiniDFSCluster.java
+++ b/src/test/hdfs/org/apache/hadoop/hdfs/MiniDFSCluster.java
@@ -69,6 +69,7 @@
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.security.authorize.RefreshAuthorizationPolicyProtocol;
import org.apache.hadoop.test.GenericTestUtils;
+import org.apache.hadoop.tools.GetUserMappingsProtocol;
import org.apache.hadoop.util.StringUtils;
import org.apache.hadoop.util.ToolRunner;
@@ -485,6 +486,7 @@
setRpcEngine(conf, DatanodeProtocol.class, rpcEngine);
setRpcEngine(conf, RefreshAuthorizationPolicyProtocol.class, rpcEngine);
setRpcEngine(conf, RefreshUserMappingsProtocol.class, rpcEngine);
+ setRpcEngine(conf, GetUserMappingsProtocol.class, rpcEngine);
} catch (ClassNotFoundException e) {
throw new RuntimeException(e);
}
diff --git a/src/test/hdfs/org/apache/hadoop/hdfs/tools/TestGetGroups.java b/src/test/hdfs/org/apache/hadoop/hdfs/tools/TestGetGroups.java
new file mode 100644
index 0000000..d02ec96
--- /dev/null
+++ b/src/test/hdfs/org/apache/hadoop/hdfs/tools/TestGetGroups.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hdfs.tools;
+
+import java.io.IOException;
+import java.io.PrintStream;
+
+import org.apache.hadoop.hdfs.HdfsConfiguration;
+import org.apache.hadoop.hdfs.MiniDFSCluster;
+import org.apache.hadoop.tools.GetGroupsTestBase;
+import org.apache.hadoop.util.Tool;
+import org.junit.After;
+import org.junit.Before;
+
+/**
+ * Tests for the HDFS implementation of {@link GetGroups}
+ */
+public class TestGetGroups extends GetGroupsTestBase {
+
+ private MiniDFSCluster cluster;
+
+ @Before
+ public void setUpNameNode() throws IOException {
+ conf = new HdfsConfiguration();
+ cluster = new MiniDFSCluster.Builder(conf).numDataNodes(0).build();
+ }
+
+ @After
+ public void tearDownNameNode() {
+ cluster.shutdown();
+ }
+
+ @Override
+ protected Tool getTool(PrintStream o) {
+ return new GetGroups(conf, o);
+ }
+
+}
