Merge pull request #1 from fmorg-git/HDDS-13724-base-classes

[HDDS-13724] Create initial classes for storing temporary secrets

Author: len548

hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/ObjectStore.java

@@ -204,9 +204,6 @@ public S3SecretValue getS3Secret(String kerberosID, boolean createIfNotExist)
     return proxy.getS3Secret(kerberosID, createIfNotExist);
   }
 
-  public String getS3StsToken(String accessId) throws IOException {
-    return proxy.getS3StsToken(accessId);
-  }
   /**
    * Set secretKey for accessId.
    * @param accessId

hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/protocol/ClientProtocol.java

@@ -750,13 +750,6 @@ S3SecretValue setS3Secret(String accessId, String secretKey)
    */
   void revokeS3Secret(String kerberosID) throws IOException;
 
-  /**
-   * Get STS token for given accessId and secret.
-   * @param accessID
-   * @throws IOException
-   */
-  String getS3StsToken(String accessID) throws IOException;
-
   /**
    * Create a tenant.
    * @param tenantId tenant name.

hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java

@@ -847,18 +847,6 @@ public void revokeS3Secret(String kerberosID) throws IOException {
     ozoneManagerClient.revokeS3Secret(kerberosID);
   }
 
-  /**
-   * {@inheritDoc}
-   */
-  @Override
-  public String getS3StsToken(String accessID)
-      throws IOException {
-    Preconditions.checkArgument(StringUtils.isNotBlank(accessID),
-        "accessID cannot be null or empty.");
-    System.out.println("RpcClient received getS3StsToken request.");
-    return ozoneManagerClient.getS3StsToken(accessID);
-  }
-
   /**
    * {@inheritDoc}
    */

hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/S3TemporarySecretBatcher.java

@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.ozone.om;
+
+import java.io.IOException;
+import org.apache.hadoop.ozone.om.helpers.S3TemporarySecretValue;
+
+/**
+ * Batcher for write and read operations for temporary s3 secrets. Depend on provide batch operator.
+ */
+public interface S3TemporarySecretBatcher {
+  /**
+   * Add with provided batch.
+   * @param batchOperator instance of batch operator.
+   * @param id entity id.
+   * @param s3TemporarySecretValue s3 temporary secret value.
+   * @throws IOException in case when batch operation failed.
+   */
+  void addWithBatch(AutoCloseable batchOperator,
+                    String id,
+                    S3TemporarySecretValue s3TemporarySecretValue)
+      throws IOException;
+
+  /**
+   * Delete with provided batch.
+   * @param batchOperator instance of batch operator.
+   * @param id entity id.
+   * @throws IOException in case when batch operation failed.
+   */
+  void deleteWithBatch(AutoCloseable batchOperator, String id)
+      throws IOException;
+}

hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/S3TemporarySecretCache.java

@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.ozone.om;
+
+import java.util.List;
+import org.apache.hadoop.ozone.om.helpers.S3TemporarySecretValue;
+
+/**
+ * Cache layer of S3 temporary secrets.
+ */
+public interface S3TemporarySecretCache {
+  /**
+   * Put temporary secret value to cache.
+   * @param accessKeyId temporary secret value identifier.
+   * @param temporarySecretValue temporary secret value.
+   */
+  void put(String accessKeyId, S3TemporarySecretValue temporarySecretValue);
+
+  /**
+   * Invalidate temporary secret value with provided secret identifier.
+   * @param accessKeyId temporary secret identifier.
+   */
+  void invalidate(String accessKeyId);
+
+  /**
+   * Clears the cache, removing all entries, this is called when the
+   * doubleBuffer is flushed to the DB.
+   */
+  void clearCache(List<Long> transactionIds);
+
+  /**
+   * Get value from cache.
+   * @param accessKeyId temporary secret value identifier.
+   * @return Temporary Secret value or {@code null} if value doesn't exist.
+   */
+  S3TemporarySecretValue get(String accessKeyId);
+}

hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/S3TemporarySecretFunction.java

@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.ozone.om;
+
+import java.io.IOException;
+
+/**
+ * Functional interface for s3 temporary secret locked actions.
+ * @param <T>
+ */
+public interface S3TemporarySecretFunction<T> {
+
+  T accept(S3TemporarySecretManager s3TemporarySecretManager) throws IOException;
+}

hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/S3TemporarySecretManager.java

@@ -0,0 +1,124 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.ozone.om;
+
+import java.io.IOException;
+import java.util.List;
+import org.apache.hadoop.ozone.om.helpers.S3TemporarySecretValue;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Interface to manage s3 temporary secrets.
+ */
+public interface S3TemporarySecretManager {
+  Logger LOG = LoggerFactory.getLogger(S3TemporarySecretManager.class);
+
+  /**
+   * API to get s3 temporary secret value for given access key id.
+   * @param accessKeyId s3 access key id.
+   * @return associated s3 temporary secret or null if secret doesn't exist.
+   * @throws IOException if error occurs while retrieving the secret
+   */
+  S3TemporarySecretValue getTemporarySecret(String accessKeyId) throws IOException;
+
+  /**
+   * API to get s3 temporary secret for given accessKeyId.
+   * @param accessKeyId s3 access key id.
+   * @return associated s3 temporary secret or null if secret doesn't exist.
+   * @throws IOException if error occurs while retrieving the secret
+   */
+  String getTemporarySecretString(String accessKeyId) throws IOException;
+
+  /**
+   * Store provided s3 temporary secret and associate it with access key id.
+   * @param accessKeyId s3 access key id.
+   * @param temporarySecretValue s3 temporary secret value.
+   * @throws IOException if error occurs while storing the temporary secret.
+   */
+  void storeTemporarySecret(String accessKeyId, S3TemporarySecretValue temporarySecretValue)
+      throws IOException;
+
+  /**
+   * Revoke s3 temporary secret which associated with provided access key id.
+   * @param accessKeyId s3 access key id.
+   * @throws IOException if error occurs while revoking the temporary secret.
+   */
+  void revokeTemporarySecret(String accessKeyId) throws IOException;
+
+  /**
+   * Clear s3 temporary secret cache when double buffer is flushed to the DB.
+   */
+  void clearS3TemporaryCache(List<Long> epochs);
+
+  /**
+   * Apply provided action under write lock.
+   * @param lockId lock identifier.
+   * @param action custom action.
+   * @param <T> type of action result.
+   * @return action result.
+   * @throws IOException in case the action failed.
+   */
+  <T> T doUnderLock(String lockId, S3TemporarySecretFunction<T> action)
+      throws IOException;
+
+  /**
+   * Default implementation of secret check method.
+   * @param accessKeyId s3 access key id.
+   * @return true if an associated s3 temporary secret exists for given {@code accessKeyId},
+   * false if not.
+   */
+  default boolean hasS3TemporarySecret(String accessKeyId) throws IOException {
+    return getTemporarySecret(accessKeyId) != null;
+  }
+
+  S3TemporarySecretBatcher batcher();
+
+  default boolean isBatchSupported() {
+    return batcher() != null;
+  }
+
+  /**
+   * Direct temporary secret cache accessor.
+   * @return s3 temporary secret cache.
+   */
+  S3TemporarySecretCache cache();
+
+  default void updateCache(String accessKeyId, S3TemporarySecretValue temporarySecretValue) {
+    final S3TemporarySecretCache cache = cache();
+    if (cache != null) {
+      LOG.info("Updating temporary secret cache for accessKeyId: {}.", accessKeyId);
+      cache.put(accessKeyId, temporarySecretValue);
+    }
+  }
+
+  default void invalidateCacheEntry(String id) {
+    final S3TemporarySecretCache cache = cache();
+    if (cache != null) {
+      cache.invalidate(id);
+    }
+  }
+
+  default void clearCache(List<Long> flushedTransactionIds) {
+    final S3TemporarySecretCache cache = cache();
+    if (cache != null) {
+      cache.clearCache(flushedTransactionIds);
+    }
+  }
+
+}

hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/S3TemporarySecretStore.java

@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.ozone.om;
+
+import java.io.IOException;
+import org.apache.hadoop.ozone.om.helpers.S3TemporarySecretValue;
+
+/**
+ * S3 temporary secret store interface.
+ */
+public interface S3TemporarySecretStore {
+
+  /**
+   * Store provided s3 temporary secret with associated access key id.
+   * @param accessKeyId access key id.
+   * @param temporarySecret s3 temporary secret.
+   * @throws IOException if error occurs while storing the temporary secret.
+   */
+  void storeTemporarySecret(String accessKeyId, S3TemporarySecretValue temporarySecret)
+      throws IOException;
+
+  /**
+   * Get s3 temporary secret associated with provided access key id.
+   * @param accessKeyId access key id.
+   * @return s3 temporary secret value or null if s3 temporary secret not founded.
+   * @throws IOException if error occurs while getting the temporary secret.
+   */
+  S3TemporarySecretValue getTemporarySecret(String accessKeyId) throws IOException;
+
+  /**
+   * Revoke s3 temporary secret associated with provided access key id.
+   * @param accessKeyId access key id.
+   * @throws IOException if error occurs while revoking the temporary secret.
+   */
+  void revokeTemporarySecret(String accessKeyId) throws IOException;
+
+  /**
+   * @return s3 temporary batcher instance, null if batch operation isn't supported.
+   */
+  S3TemporarySecretBatcher batcher();
+}