HDDS-1847: Datanode Kerberos principal and keytab config key looks inconsistent

hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/protocol/SCMSecurityProtocol.java

@@ -20,14 +20,14 @@
 import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.hdds.protocol.proto.HddsProtos.DatanodeDetailsProto;
 import org.apache.hadoop.hdds.protocol.proto.HddsProtos.OzoneManagerDetailsProto;
-import org.apache.hadoop.hdds.scm.ScmConfigKeys;
+import org.apache.hadoop.hdds.scm.ScmConfig;
 import org.apache.hadoop.security.KerberosInfo;
 
 /**
  * The protocol used to perform security related operations with SCM.
  */
 @KerberosInfo(
-    serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
+    serverPrincipal = ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
 @InterfaceAudience.Private
 public interface SCMSecurityProtocol {
 

hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/protocolPB/SCMSecurityProtocolPB.java

@@ -17,7 +17,7 @@
 package org.apache.hadoop.hdds.protocolPB;
 
 import org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMSecurityProtocolService;
-import org.apache.hadoop.hdds.scm.ScmConfigKeys;
+import org.apache.hadoop.hdds.scm.ScmConfig;
 import org.apache.hadoop.ipc.ProtocolInfo;
 import org.apache.hadoop.security.KerberosInfo;
 
@@ -28,7 +28,8 @@
 @ProtocolInfo(protocolName =
     "org.apache.hadoop.hdds.protocol.SCMSecurityProtocol",
     protocolVersion = 1)
-@KerberosInfo(serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
+@KerberosInfo(serverPrincipal = ScmConfig.ConfigStrings
+      .HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
 public interface SCMSecurityProtocolPB extends
     SCMSecurityProtocolService.BlockingInterface {
 

hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/ScmConfig.java

@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.hadoop.hdds.scm;
+
+import org.apache.hadoop.hdds.conf.Config;
+import org.apache.hadoop.hdds.conf.ConfigGroup;
+import org.apache.hadoop.hdds.conf.ConfigTag;
+import org.apache.hadoop.hdds.conf.ConfigType;
+
+/**
+ * The configuration class for the SCM service.
+ */
+@ConfigGroup(prefix = "hdds.scm")
+public class ScmConfig {
+  private String principal;
+  private String keytab;
+
+  @Config(key = "kerberos.principal",
+        type = ConfigType.STRING,
+        defaultValue = "",
+        tags = { ConfigTag.SECURITY, ConfigTag.OZONE },
+        description = "This Kerberos principal is used by the SCM service."
+  )
+  public void setKerberosPrincipal(String kerberosPrincipal) {
+    this.principal = kerberosPrincipal;
+  }
+
+  @Config(key = "kerberos.keytab.file",
+        type = ConfigType.STRING,
+        defaultValue = "",
+        tags = { ConfigTag.SECURITY, ConfigTag.OZONE },
+        description = "The keytab file used by SCM daemon to login as "+
+              "its service principal."
+  )
+  public void setKerberosKeytab(String kerberosKeytab) {
+    this.keytab = kerberosKeytab;
+  }
+
+  public String getKerberosPrincipal() {
+    return this.principal;
+  }
+
+  public String getKerberosKeytab() {
+    return this.keytab;
+  }
+
+  /**
+   * Configuration strings class.
+   * required for SCMSecurityProtocol where the KerberosInfo references
+   * the old configuration with
+   * the annotation shown below:-
+   * @KerberosInfo(serverPrincipal = ScmConfigKeys
+   *    .HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
+   */
+  public static class ConfigStrings {
+    public static final String HDDS_SCM_KERBEROS_PRINCIPAL_KEY =
+          "hdds.scm.kerberos.principal";
+    public static final String HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY =
+          "hdds.scm.kerberos.keytab.file";
+  }
+}

hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/ScmConfigKeys.java

@@ -220,10 +220,7 @@ public final class ScmConfigKeys {
       "ozone.scm.http-address";
   public static final String OZONE_SCM_HTTPS_ADDRESS_KEY =
       "ozone.scm.https-address";
-  public static final String HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY =
-      "hdds.scm.kerberos.keytab.file";
-  public static final String HDDS_SCM_KERBEROS_PRINCIPAL_KEY =
-      "hdds.scm.kerberos.principal";
+
   public static final String OZONE_SCM_HTTP_BIND_HOST_DEFAULT = "0.0.0.0";
   public static final int OZONE_SCM_HTTP_BIND_PORT_DEFAULT = 9876;
   public static final int OZONE_SCM_HTTPS_BIND_PORT_DEFAULT = 9877;
@@ -350,12 +347,6 @@ public final class ScmConfigKeys {
   public static final String HDDS_SCM_WATCHER_TIMEOUT_DEFAULT =
       "10m";
 
-  public static final String
-      HDDS_SCM_HTTP_KERBEROS_PRINCIPAL_KEY =
-      "hdds.scm.http.kerberos.principal";
-  public static final String
-      HDDS_SCM_HTTP_KERBEROS_KEYTAB_FILE_KEY =
-      "hdds.scm.http.kerberos.keytab";
 
   // Network topology
   public static final String OZONE_SCM_NETWORK_TOPOLOGY_SCHEMA_FILE =

hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/ScmBlockLocationProtocol.java

@@ -18,7 +18,7 @@
 package org.apache.hadoop.hdds.scm.protocol;
 
 import org.apache.hadoop.hdds.protocol.DatanodeDetails;
-import org.apache.hadoop.hdds.scm.ScmConfigKeys;
+import org.apache.hadoop.hdds.scm.ScmConfig;
 import org.apache.hadoop.hdds.scm.container.common.helpers.ExcludeList;
 import org.apache.hadoop.security.KerberosInfo;
 import org.apache.hadoop.hdds.scm.ScmInfo;
@@ -36,7 +36,8 @@
  * ScmBlockLocationProtocol is used by an HDFS node to find the set of nodes
  * to read/write a block.
  */
-@KerberosInfo(serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
+@KerberosInfo(serverPrincipal = ScmConfig.ConfigStrings
+      .HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
 public interface ScmBlockLocationProtocol extends Closeable {
 
   @SuppressWarnings("checkstyle:ConstantName")

hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocol/StorageContainerLocationProtocol.java

@@ -17,7 +17,7 @@
 
 package org.apache.hadoop.hdds.scm.protocol;
 
-import org.apache.hadoop.hdds.scm.ScmConfigKeys;
+import org.apache.hadoop.hdds.scm.ScmConfig;
 import org.apache.hadoop.hdds.scm.ScmInfo;
 import org.apache.hadoop.hdds.scm.container.common.helpers.ContainerWithPipeline;
 import org.apache.hadoop.hdds.scm.container.ContainerInfo;
@@ -35,7 +35,8 @@
  * ContainerLocationProtocol is used by an HDFS node to find the set of nodes
  * that currently host a container.
  */
-@KerberosInfo(serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
+@KerberosInfo(serverPrincipal = ScmConfig.ConfigStrings
+      .HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
 public interface StorageContainerLocationProtocol extends Closeable {
 
   @SuppressWarnings("checkstyle:ConstantName")

hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/ScmBlockLocationProtocolPB.java

@@ -20,7 +20,7 @@
 import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.hdds.protocol.proto.ScmBlockLocationProtocolProtos
     .ScmBlockLocationProtocolService;
-import org.apache.hadoop.hdds.scm.ScmConfigKeys;
+import org.apache.hadoop.hdds.scm.ScmConfig;
 import org.apache.hadoop.ipc.ProtocolInfo;
 import org.apache.hadoop.security.KerberosInfo;
 
@@ -33,7 +33,7 @@
     protocolVersion = 1)
 @InterfaceAudience.Private
 @KerberosInfo(
-    serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
+    serverPrincipal = ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
 public interface ScmBlockLocationProtocolPB
     extends ScmBlockLocationProtocolService.BlockingInterface {
 }

hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/protocolPB/StorageContainerLocationProtocolPB.java

@@ -21,7 +21,7 @@
 import org.apache.hadoop.hdds.protocol.proto
     .StorageContainerLocationProtocolProtos
     .StorageContainerLocationProtocolService;
-import org.apache.hadoop.hdds.scm.ScmConfigKeys;
+import org.apache.hadoop.hdds.scm.ScmConfig;
 import org.apache.hadoop.ipc.ProtocolInfo;
 import org.apache.hadoop.security.KerberosInfo;
 
@@ -33,7 +33,7 @@
     "org.apache.hadoop.hdds.scm.protocol.StorageContainerLocationProtocol",
     protocolVersion = 1)
 @KerberosInfo(
-    serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
+    serverPrincipal = ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
 @InterfaceAudience.Private
 public interface StorageContainerLocationProtocolPB
     extends StorageContainerLocationProtocolService.BlockingInterface {

hadoop-hdds/common/src/main/resources/ozone-default.xml

@@ -1741,22 +1741,6 @@
     <tag>OZONE, SECURITY, ACL</tag>
     <description>Key to enable/disable ozone acls.</description>
   </property>
-  <property>
-    <name>hdds.scm.kerberos.keytab.file</name>
-    <value></value>
-    <tag> OZONE, SECURITY</tag>
-    <description> The keytab file used by each SCM daemon to login as its
-      service principal. The principal name is configured with
-      hdds.scm.kerberos.principal.
-    </description>
-  </property>
-  <property>
-    <name>hdds.scm.kerberos.principal</name>
-    <value></value>
-    <tag> OZONE, SECURITY</tag>
-    <description>The SCM service principal. Ex scm/[email protected]</description>
-  </property>
-
   <property>
     <name>ozone.om.kerberos.keytab.file</name>
     <value></value>
@@ -1772,16 +1756,6 @@
     <tag> OZONE, SECURITY</tag>
     <description>The OzoneManager service principal. Ex om/[email protected]</description>
   </property>
-
-  <property>
-    <name>hdds.scm.http.kerberos.principal</name>
-    <value>HTTP/[email protected]</value>
-  </property>
-  <property>
-    <name>hdds.scm.http.kerberos.keytab</name>
-    <value>/etc/security/keytabs/HTTP.keytab</value>
-  </property>
-
   <property>
     <name>ozone.om.http.kerberos.principal</name>
     <value>HTTP/[email protected]</value>

hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocol/StorageContainerDatanodeProtocol.java

@@ -36,15 +36,16 @@
     .StorageContainerDatanodeProtocolProtos.SCMVersionResponseProto;
 
 import java.io.IOException;
-import org.apache.hadoop.hdds.scm.ScmConfigKeys;
+
+import org.apache.hadoop.hdds.scm.ScmConfig;
 import org.apache.hadoop.security.KerberosInfo;
 
 /**
  * The protocol spoken between datanodes and SCM. For specifics please the
  * Protoc file that defines this protocol.
  */
 @KerberosInfo(
-    serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
+    serverPrincipal = ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
 @InterfaceAudience.Private
 public interface StorageContainerDatanodeProtocol {
 

hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/protocolPB/StorageContainerDatanodeProtocolPB.java

@@ -19,7 +19,7 @@
 import org.apache.hadoop.hdds.protocol.proto
     .StorageContainerDatanodeProtocolProtos
     .StorageContainerDatanodeProtocolService;
-import org.apache.hadoop.hdds.scm.ScmConfigKeys;
+import org.apache.hadoop.hdds.scm.ScmConfig;
 import org.apache.hadoop.hdfs.DFSConfigKeys;
 import org.apache.hadoop.ipc.ProtocolInfo;
 import org.apache.hadoop.security.KerberosInfo;
@@ -33,7 +33,7 @@
     "org.apache.hadoop.ozone.protocol.StorageContainerDatanodeProtocol",
     protocolVersion = 1)
 @KerberosInfo(
-    serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY,
+    serverPrincipal = ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY,
     clientPrincipal = DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY)
 public interface StorageContainerDatanodeProtocolPB extends
     StorageContainerDatanodeProtocolService.BlockingInterface {

hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMHTTPServerConfig.java

@@ -0,0 +1,82 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license
+ * agreements. See the NOTICE file distributed with this work for additional
+ * information regarding
+ * copyright ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a
+ * copy of the License at
+ *
+ * <p>http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * <p>Unless required by applicable law or agreed to in writing, software
+ * distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hdds.scm.server;
+
+import org.apache.hadoop.hdds.conf.Config;
+import org.apache.hadoop.hdds.conf.ConfigGroup;
+import org.apache.hadoop.hdds.conf.ConfigTag;
+import org.apache.hadoop.hdds.conf.ConfigType;
+
+/**
+ * SCM HTTP Server configuration in Java style configuration class.
+ */
+@ConfigGroup(prefix = "hdds.scm.http")
+public class SCMHTTPServerConfig {
+
+  private String principal = "";
+  private String keytab = "";
+
+  @Config(key = "kerberos.principal",
+      type = ConfigType.STRING,
+      defaultValue = "",
+      tags = { ConfigTag.SECURITY },
+      description = "This Kerberos principal is used when communicating to " +
+        "the HTTP server of SCM.The protocol used is SPNEGO."
+  )
+  public void setKerberosPrincipal(String kerberosPrincipal) {
+    this.principal = kerberosPrincipal;
+  }
+
+  @Config(key = "kerberos.keytab",
+      type = ConfigType.STRING,
+      defaultValue = "",
+      tags = { ConfigTag.SECURITY },
+      description = "The keytab file used by SCM http server to login" +
+        " as its service principal."
+  )
+  public void setKerberosKeytab(String kerberosKeytab) {
+    this.keytab = kerberosKeytab;
+  }
+
+  public String getKerberosPrincipal() {
+    return this.principal;
+  }
+
+  public String getKerberosKeytab() {
+    return this.keytab;
+  }
+
+  /**
+   * This static class is required to support other classes
+   * that reference the key names and also require attributes.
+   * Example: SCMSecurityProtocol where the KerberosInfo references
+   * the old configuration with the annotation shown below:-
+   * @KerberosInfo(serverPrincipal =
+   *    ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
+   */
+  public static class ConfigStrings {
+    public static final String HDDS_SCM_HTTP_KERBEROS_PRINCIPAL_KEY =
+          "hdds.scm.http.kerberos.principal";
+    public static final String HDDS_SCM_HTTP_KERBEROS_KEYTAB_FILE_KEY =
+          "hdds.scm.http.kerberos.keytab";
+  }
+}

hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMSecurityProtocolServer.java

@@ -35,6 +35,7 @@
 import org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolPB;
 import org.apache.hadoop.hdds.scm.protocol.SCMSecurityProtocolServerSideTranslatorPB;
 import org.apache.hadoop.hdds.scm.HddsServerUtil;
+import org.apache.hadoop.hdds.scm.ScmConfig;
 import org.apache.hadoop.hdds.scm.ScmConfigKeys;
 import org.apache.hadoop.hdds.protocol.SCMSecurityProtocol;
 import org.apache.hadoop.hdds.security.x509.SecurityConfig;
@@ -55,7 +56,7 @@
  * The protocol used to perform security related operations with SCM.
  */
 @KerberosInfo(
-    serverPrincipal = ScmConfigKeys.HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
+    serverPrincipal = ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
 @InterfaceAudience.Private
 public class SCMSecurityProtocolServer implements SCMSecurityProtocol {