Merge branch 'apache:trunk' into HADOOP-19438

Author: slfan1989

hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java

@@ -33,6 +33,7 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
+import java.util.TreeMap;
 
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
@@ -392,14 +393,16 @@ private IOStreamPair doSaslHandshake(Peer peer, OutputStream underlyingOut,
       SaslMessageWithHandshake message = readSaslMessageWithHandshakeSecret(in);
       byte[] secret = message.getSecret();
       String bpid = message.getBpid();
+      Map<String, String> dynamicSaslProps = new TreeMap<>(saslProps);
       if (secret != null || bpid != null) {
         // sanity check, if one is null, the other must also not be null
         assert(secret != null && bpid != null);
         String qop = new String(secret, StandardCharsets.UTF_8);
         saslProps.put(Sasl.QOP, qop);
+        dynamicSaslProps.put(Sasl.QOP, qop);
       }
       SaslParticipant sasl = SaslParticipant.createServerSaslParticipant(
-          saslProps, callbackHandler);
+          dynamicSaslProps, callbackHandler);
 
       byte[] remoteResponse = message.getPayload();
       byte[] localResponse = sasl.evaluateChallengeOrResponse(remoteResponse);
@@ -412,7 +415,7 @@ private IOStreamPair doSaslHandshake(Peer peer, OutputStream underlyingOut,
       localResponse = sasl.evaluateChallengeOrResponse(remoteResponse);
 
       // SASL handshake is complete
-      checkSaslComplete(sasl, saslProps);
+      checkSaslComplete(sasl, dynamicSaslProps);
 
       CipherOption cipherOption = null;
       negotiatedQOP = sasl.getNegotiatedQop();

hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirXAttrOp.java

@@ -18,7 +18,6 @@
 package org.apache.hadoop.hdfs.server.namenode;
 
 import org.apache.hadoop.HadoopIllegalArgumentException;
-import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
 import org.apache.hadoop.fs.FileStatus;
 import org.apache.hadoop.fs.XAttr;
 import org.apache.hadoop.fs.XAttrSetFlag;
@@ -43,11 +42,10 @@
 import java.util.List;
 import java.util.ListIterator;
 
+import static org.apache.hadoop.hdfs.server.common.HdfsServerConstants.CRYPTO_XATTR_ENCRYPTION_ZONE;
 import static org.apache.hadoop.hdfs.server.common.HdfsServerConstants.SECURITY_XATTR_UNREADABLE_BY_SUPERUSER;
 import static org.apache.hadoop.hdfs.server.common.HdfsServerConstants.XATTR_SATISFY_STORAGE_POLICY;
-import static org.apache.hadoop.hdfs.server.common.HdfsServerConstants.CRYPTO_XATTR_FILE_ENCRYPTION_INFO;
 import static org.apache.hadoop.hdfs.server.common.HdfsServerConstants.XATTR_SNAPSHOT_DELETED;
-import static org.apache.hadoop.hdfs.server.common.HdfsServerConstants.CRYPTO_XATTR_ENCRYPTION_ZONE;
 
 public class FSDirXAttrOp {
   private static final XAttr KEYID_XATTR =
@@ -283,25 +281,6 @@ public static INode unprotectedSetXAttrs(
        * If we're adding the encryption zone xattr, then add src to the list
        * of encryption zones.
        */
-
-      if (CRYPTO_XATTR_FILE_ENCRYPTION_INFO.equals(xaName)) {
-        HdfsProtos.PerFileEncryptionInfoProto fileProto = HdfsProtos.
-                PerFileEncryptionInfoProto.parseFrom(xattr.getValue());
-        String keyVersionName = fileProto.getEzKeyVersionName();
-        String zoneKeyName = fsd.ezManager.getKeyName(iip);
-        if (zoneKeyName == null) {
-          throw new IOException("Cannot add raw feInfo XAttr to a file in a " +
-                  "non-encryption zone");
-        }
-
-        if (!KeyProviderCryptoExtension.
-                getBaseName(keyVersionName).equals(zoneKeyName)) {
-          throw new IllegalArgumentException(String.format(
-                  "KeyVersion '%s' does not belong to the key '%s'",
-                  keyVersionName, zoneKeyName));
-        }
-      }
-
       if (CRYPTO_XATTR_ENCRYPTION_ZONE.equals(xaName)) {
         final HdfsProtos.ZoneEncryptionInfoProto ezProto =
             HdfsProtos.ZoneEncryptionInfoProto.parseFrom(xattr.getValue());

hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java

@@ -35,7 +35,6 @@
 import java.util.Collection;
 import java.util.EnumSet;
 import java.util.List;
-import java.util.Map;
 import java.util.concurrent.Callable;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.ExecutionException;
@@ -68,7 +67,6 @@
 import org.apache.hadoop.fs.FileSystem;
 import org.apache.hadoop.fs.FileSystemTestHelper;
 import org.apache.hadoop.fs.FileSystemTestWrapper;
-import org.apache.hadoop.fs.FileUtil;
 import org.apache.hadoop.fs.FsServerDefaults;
 import org.apache.hadoop.fs.FsShell;
 import org.apache.hadoop.fs.Path;
@@ -330,72 +328,6 @@ public Object run() throws Exception {
     });
   }
 
-  /**
-   * Tests encrypted files with same original content placed in two different
-   * EZ are not same in encrypted form.
-   */
-  @Test
-  public void testEncryptionZonesDictCp() throws Exception {
-    final String testkey1 = "testkey1";
-    final String testkey2 = "testkey2";
-    DFSTestUtil.createKey(testkey1, cluster, conf);
-    DFSTestUtil.createKey(testkey2, cluster, conf);
-
-    final int len = 8196;
-    final Path zone1 = new Path("/zone1");
-    final Path zone1File = new Path(zone1, "file");
-    final Path raw1File = new Path("/.reserved/raw/zone1/file");
-
-    final Path zone2 = new Path("/zone2");
-    final Path zone2File = new Path(zone2, "file");
-    final Path raw2File = new Path(zone2, "/.reserved/raw/zone2/file");
-
-    // 1. Create two encrypted zones
-    fs.mkdirs(zone1, new FsPermission(700));
-    dfsAdmin.createEncryptionZone(zone1, testkey1, NO_TRASH);
-
-    fs.mkdirs(zone2, new FsPermission(700));
-    dfsAdmin.createEncryptionZone(zone2, testkey2, NO_TRASH);
-
-    // 2. Create a file in one of the zones
-    DFSTestUtil.createFile(fs, zone1File, len, (short) 1, 0xFEED);
-    // 3. Copy it to the other zone through /.raw/reserved
-    FileUtil.copy(fs, raw1File, fs, raw2File, false, conf);
-    Map<String, byte[]> attrs = fs.getXAttrs(raw1File);
-    if (attrs != null) {
-      for (Map.Entry<String, byte[]> entry : attrs.entrySet()) {
-        String xattrName = entry.getKey();
-
-        try {
-          fs.setXAttr(raw2File, xattrName, entry.getValue());
-          fail("Exception should be thrown while setting: " +
-                  xattrName + " on file:" + raw2File);
-        } catch (RemoteException e) {
-          Assert.assertEquals(e.getClassName(),
-                  IllegalArgumentException.class.getCanonicalName());
-          Assert.assertTrue(e.getMessage().
-                  contains("does not belong to the key"));
-        }
-      }
-    }
-
-    assertEquals("File can be created on the root encryption zone " +
-            "with correct length", len, fs.getFileStatus(zone1File).getLen());
-    assertTrue("/zone1 dir is encrypted",
-            fs.getFileStatus(zone1).isEncrypted());
-    assertTrue("File is encrypted", fs.getFileStatus(zone1File).isEncrypted());
-
-    assertTrue("/zone2 dir is encrypted",
-            fs.getFileStatus(zone2).isEncrypted());
-    assertTrue("File is encrypted", fs.getFileStatus(zone2File).isEncrypted());
-
-    // 4. Now the decrypted contents of the files should be different.
-    DFSTestUtil.verifyFilesNotEqual(fs, zone1File, zone2File, len);
-
-    // 5. Encrypted contents of the files should be same.
-    DFSTestUtil.verifyFilesEqual(fs, raw1File, raw2File, len);
-  }
-
   /**
    * Make sure hdfs crypto -provisionTrash command creates a trash directory
    * with sticky bits.

hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/Constants.java

@@ -1781,6 +1781,15 @@ private Constants() {
    */
   public static final boolean CHECKSUM_VALIDATION_DEFAULT = false;
 
+  /**
+   * Indicates the algorithm used to create the checksum for the object
+   * to be uploaded to S3. Unset by default. It supports the following values:
+   * 'CRC32', 'CRC32C', 'SHA1', and 'SHA256'
+   * value:{@value}
+   */
+  public static final String CHECKSUM_ALGORITHM =
+      "fs.s3a.create.checksum.algorithm";
+
   /**
    * Are extensions classes, such as {@code fs.s3a.aws.credentials.provider},
    * going to be loaded from the same classloader that loaded

hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/S3ABlockOutputStream.java

@@ -1064,6 +1064,10 @@ private void uploadBlockAsync(final S3ADataBlocks.DataBlock block,
               return CompletedPart.builder()
                   .eTag(response.eTag())
                   .partNumber(currentPartNumber)
+                  .checksumCRC32(response.checksumCRC32())
+                  .checksumCRC32C(response.checksumCRC32C())
+                  .checksumSHA1(response.checksumSHA1())
+                  .checksumSHA256(response.checksumSHA256())
                   .build();
             } catch (Exception e) {
               final IOException ex = e instanceof IOException

hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/S3AFileSystem.java

@@ -117,6 +117,7 @@
 import org.apache.hadoop.fs.s3a.impl.BulkDeleteOperationCallbacksImpl;
 import org.apache.hadoop.fs.s3a.impl.CSES3AFileSystemOperations;
 import org.apache.hadoop.fs.s3a.impl.ChangeDetectionPolicy;
+import org.apache.hadoop.fs.s3a.impl.ChecksumSupport;
 import org.apache.hadoop.fs.s3a.impl.ClientManager;
 import org.apache.hadoop.fs.s3a.impl.ClientManagerImpl;
 import org.apache.hadoop.fs.s3a.impl.ConfigurationHelper;
@@ -1327,6 +1328,7 @@ protected RequestFactory createRequestFactory() {
         .withStorageClass(storageClass)
         .withMultipartUploadEnabled(isMultipartUploadEnabled)
         .withPartUploadTimeout(partUploadTimeout)
+        .withChecksumAlgorithm(ChecksumSupport.getChecksumAlgorithm(getConf()))
         .build();
   }
 

hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/commit/files/SinglePendingCommit.java

@@ -71,7 +71,7 @@
 @InterfaceAudience.Private
 @InterfaceStability.Unstable
 public class SinglePendingCommit extends PersistentCommitData<SinglePendingCommit>
-    implements Iterable<String> {
+    implements Iterable<UploadEtag> {
 
   /**
    * Serialization ID: {@value}.
@@ -118,7 +118,7 @@ public class SinglePendingCommit extends PersistentCommitData<SinglePendingCommi
   private String text = "";
 
   /** Ordered list of etags. */
-  private List<String> etags;
+  private List<UploadEtag> etags;
 
   /**
    * Any custom extra data committer subclasses may choose to add.
@@ -222,7 +222,7 @@ public void bindCommitData(List<CompletedPart> parts) throws ValidationFailure {
     for (CompletedPart part : parts) {
       verify(part.partNumber() == counter,
           "Expected part number %s but got %s", counter, part.partNumber());
-      etags.add(part.eTag());
+      etags.add(UploadEtag.fromCompletedPart(part));
       counter++;
     }
   }
@@ -237,9 +237,10 @@ public void validate() throws ValidationFailure {
     verify(length >= 0, "Invalid length: " + length);
     destinationPath();
     verify(etags != null, "No etag list");
-    validateCollectionClass(etags, String.class);
-    for (String etag : etags) {
-      verify(StringUtils.isNotEmpty(etag), "Empty etag");
+    validateCollectionClass(etags, UploadEtag.class);
+    for (UploadEtag etag : etags) {
+      verify(etag != null && StringUtils.isNotEmpty(etag.getEtag()),
+          "Empty etag");
     }
     if (extraData != null) {
       validateCollectionClass(extraData.keySet(), String.class);
@@ -313,7 +314,7 @@ public int getPartCount() {
    * @return an iterator.
    */
   @Override
-  public Iterator<String> iterator() {
+  public Iterator<UploadEtag> iterator() {
     return etags.iterator();
   }
 
@@ -442,11 +443,11 @@ public void setText(String text) {
   }
 
   /** @return ordered list of etags. */
-  public List<String> getEtags() {
+  public List<UploadEtag> getEtags() {
     return etags;
   }
 
-  public void setEtags(List<String> etags) {
+  public void setEtags(List<UploadEtag> etags) {
     this.etags = etags;
   }