Java Code Examples for org.apache.hadoop.fs.CommonConfigurationKeys#HADOOP_SECURITY_KEY_PROVIDER_PATH

The following examples show how to use org.apache.hadoop.fs.CommonConfigurationKeys#HADOOP_SECURITY_KEY_PROVIDER_PATH . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: OMBucketCreateRequest.java    From hadoop-ozone with Apache License 2.0 5 votes vote down vote up 
private BucketEncryptionInfoProto getBeinfo(
    KeyProviderCryptoExtension kmsProvider, BucketInfo bucketInfo)
    throws IOException {
  BucketEncryptionInfoProto bek = bucketInfo.getBeinfo();
  BucketEncryptionInfoProto.Builder bekb = null;
  if (kmsProvider == null) {
    throw new OMException("Invalid KMS provider, check configuration " +
        CommonConfigurationKeys.HADOOP_SECURITY_KEY_PROVIDER_PATH,
        OMException.ResultCodes.INVALID_KMS_PROVIDER);
  }
  if (bek.getKeyName() == null) {
    throw new OMException("Bucket encryption key needed.", OMException
        .ResultCodes.BUCKET_ENCRYPTION_KEY_NOT_FOUND);
  }
  // Talk to KMS to retrieve the bucket encryption key info.
  KeyProvider.Metadata metadata = kmsProvider.getMetadata(
      bek.getKeyName());
  if (metadata == null) {
    throw new OMException("Bucket encryption key " + bek.getKeyName()
        + " doesn't exist.",
        OMException.ResultCodes.BUCKET_ENCRYPTION_KEY_NOT_FOUND);
  }
  // If the provider supports pool for EDEKs, this will fill in the pool
  kmsProvider.warmUpEncryptedKeys(bek.getKeyName());
  bekb = BucketEncryptionInfoProto.newBuilder()
      .setKeyName(bek.getKeyName())
      .setCryptoProtocolVersion(ENCRYPTION_ZONES)
      .setSuite(OMPBHelper.convert(
          CipherSuite.convert(metadata.getCipher())));
  return bekb.build();
}
Example 2
Source File: BucketManagerImpl.java    From hadoop-ozone with Apache License 2.0 4 votes vote down vote up 
/**
 * Creates a bucket.
 *
 * @param bucketInfo - OmBucketInfo.
 */
@Override
public void createBucket(OmBucketInfo bucketInfo) throws IOException {
  Preconditions.checkNotNull(bucketInfo);
  String volumeName = bucketInfo.getVolumeName();
  String bucketName = bucketInfo.getBucketName();
  boolean acquiredBucketLock = false;
  metadataManager.getLock().acquireLock(VOLUME_LOCK, volumeName);
  try {
    acquiredBucketLock = metadataManager.getLock().acquireLock(BUCKET_LOCK,
        volumeName, bucketName);
    String volumeKey = metadataManager.getVolumeKey(volumeName);
    String bucketKey = metadataManager.getBucketKey(volumeName, bucketName);
    OmVolumeArgs volumeArgs = metadataManager.getVolumeTable().get(volumeKey);

    //Check if the volume exists
    if (volumeArgs == null) {
      LOG.debug("volume: {} not found ", volumeName);
      throw new OMException("Volume doesn't exist",
          OMException.ResultCodes.VOLUME_NOT_FOUND);
    }
    //Check if bucket already exists
    if (metadataManager.getBucketTable().get(bucketKey) != null) {
      LOG.debug("bucket: {} already exists ", bucketName);
      throw new OMException("Bucket already exist",
          OMException.ResultCodes.BUCKET_ALREADY_EXISTS);
    }
    BucketEncryptionKeyInfo bek = bucketInfo.getEncryptionKeyInfo();
    BucketEncryptionKeyInfo.Builder bekb = null;
    if (bek != null) {
      if (kmsProvider == null) {
        throw new OMException("Invalid KMS provider, check configuration " +
            CommonConfigurationKeys.HADOOP_SECURITY_KEY_PROVIDER_PATH,
            OMException.ResultCodes.INVALID_KMS_PROVIDER);
      }
      if (bek.getKeyName() == null) {
        throw new OMException("Bucket encryption key needed.", OMException
            .ResultCodes.BUCKET_ENCRYPTION_KEY_NOT_FOUND);
      }
      // Talk to KMS to retrieve the bucket encryption key info.
      KeyProvider.Metadata metadata = getKMSProvider().getMetadata(
          bek.getKeyName());
      if (metadata == null) {
        throw new OMException("Bucket encryption key " + bek.getKeyName()
            + " doesn't exist.",
            OMException.ResultCodes.BUCKET_ENCRYPTION_KEY_NOT_FOUND);
      }
      // If the provider supports pool for EDEKs, this will fill in the pool
      kmsProvider.warmUpEncryptedKeys(bek.getKeyName());
      bekb = new BucketEncryptionKeyInfo.Builder()
          .setKeyName(bek.getKeyName())
          .setVersion(CryptoProtocolVersion.ENCRYPTION_ZONES)
          .setSuite(CipherSuite.convert(metadata.getCipher()));
    }
    List<OzoneAcl> acls = new ArrayList<>();
    acls.addAll(bucketInfo.getAcls());
    volumeArgs.getAclMap().getDefaultAclList().forEach(
        a -> acls.add(OzoneAcl.fromProtobufWithAccessType(a)));

    OmBucketInfo.Builder omBucketInfoBuilder = OmBucketInfo.newBuilder()
        .setVolumeName(bucketInfo.getVolumeName())
        .setBucketName(bucketInfo.getBucketName())
        .setAcls(acls)
        .setStorageType(bucketInfo.getStorageType())
        .setIsVersionEnabled(bucketInfo.getIsVersionEnabled())
        .setCreationTime(Time.now())
        .addAllMetadata(bucketInfo.getMetadata());

    if (bekb != null) {
      omBucketInfoBuilder.setBucketEncryptionKey(bekb.build());
    }

    OmBucketInfo omBucketInfo = omBucketInfoBuilder.build();
    commitBucketInfoToDB(omBucketInfo);
    LOG.debug("created bucket: {} in volume: {}", bucketName, volumeName);
  } catch (IOException | DBException ex) {
    if (!(ex instanceof OMException)) {
      LOG.error("Bucket creation failed for bucket:{} in volume:{}",
          bucketName, volumeName, ex);
    }
    throw ex;
  } finally {
    if (acquiredBucketLock) {
      metadataManager.getLock().releaseLock(BUCKET_LOCK, volumeName,
          bucketName);
    }
    metadataManager.getLock().releaseLock(VOLUME_LOCK, volumeName);
  }
}