HDFS-7942. NFS: support regexp grouping in nfs.exports.allowed.hosts. Contributed by Brandon Li

Author: Brandon Li

hadoop-common-project/hadoop-nfs/src/main/java/org/apache/hadoop/nfs/NfsExports.java

@@ -391,7 +391,7 @@ private static Match getMatch(String line) {
       return new CIDRMatch(privilege,
           new SubnetUtils(pair[0], pair[1]).getInfo());
     } else if (host.contains("*") || host.contains("?") || host.contains("[")
-        || host.contains("]")) {
+        || host.contains("]") || host.contains("(") || host.contains(")")) {
       if (LOG.isDebugEnabled()) {
         LOG.debug("Using Regex match for '" + host + "' and " + privilege);
       }

hadoop-common-project/hadoop-nfs/src/test/java/org/apache/hadoop/nfs/TestNfsExports.java

@@ -23,8 +23,8 @@
 
 public class TestNfsExports {
 
-  private final String address1 = "192.168.0.1";
-  private final String address2 = "10.0.0.1";
+  private final String address1 = "192.168.0.12";
+  private final String address2 = "10.0.0.12";
   private final String hostname1 = "a.b.com";
   private final String hostname2 = "a.b.org";
 
@@ -164,6 +164,24 @@ public void testRegexHostRO() {
         matcher.getAccessPrivilege(address1, hostname2));
   }
 
+  @Test
+  public void testRegexGrouping() {
+    NfsExports matcher = new NfsExports(CacheSize, ExpirationPeriod,
+        "192.168.0.(12|34)");
+    Assert.assertEquals(AccessPrivilege.READ_ONLY,
+        matcher.getAccessPrivilege(address1, hostname1));
+    // address1 will hit the cache
+    Assert.assertEquals(AccessPrivilege.READ_ONLY,
+        matcher.getAccessPrivilege(address1, hostname2));
+
+    matcher = new NfsExports(CacheSize, ExpirationPeriod, "\\w*.a.b.com");
+    Assert.assertEquals(AccessPrivilege.READ_ONLY,
+        matcher.getAccessPrivilege("1.2.3.4", "web.a.b.com"));
+    // address "1.2.3.4" will hit the cache
+    Assert.assertEquals(AccessPrivilege.READ_ONLY,
+        matcher.getAccessPrivilege("1.2.3.4", "email.a.b.org"));
+  }
+  
   @Test
   public void testMultiMatchers() throws Exception {
     long shortExpirationPeriod = 1 * 1000 * 1000 * 1000; // 1s

hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt

@@ -1232,6 +1232,8 @@ Release 2.7.0 - UNRELEASED
     HDFS-6841. Use Time.monotonicNow() wherever applicable instead of Time.now()
     (Vinayakumar B via kihwal)
 
+    HDFS-7942. NFS: support regexp grouping in nfs.exports.allowed.hosts (brandonli)
+
     BREAKDOWN OF HDFS-7584 SUBTASKS AND RELATED JIRAS
 
       HDFS-7720. Quota by Storage Type API, tools and ClientNameNode

hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HdfsNfsGateway.md

@@ -144,10 +144,12 @@ It's strongly recommended for the users to update a few configuration properties
 *   By default, the export can be mounted by any client. To better control the access,
     users can update the following property. The value string contains machine name and
     access privilege, separated by whitespace
-    characters. The machine name format can be a single host, a Java regular expression, or an IPv4 address. The access
+    characters. The machine name format can be a single host, a "*", a Java regular expression, or an IPv4 address. The access
     privilege uses rw or ro to specify read/write or read-only access of the machines to exports. If the access privilege is not provided, the default is read-only. Entries are separated by ";".
-    For example: "192.168.0.0/22 rw ; host.\*\\.example\\.com ; host1.test.org ro;". Only the NFS gateway needs to restart after
-    this property is updated.
+    For example: "192.168.0.0/22 rw ; \\\\w\*\\\\.example\\\\.com ; host1.test.org ro;". Only the NFS gateway needs to restart after
+    this property is updated. Note that, here Java regular expression is differnt with the regrulation expression used in 
+    Linux NFS export table, such as, using "\\\\w\*\\\\.example\\\\.com" instead of "\*.example.com", "192\\\\.168\\\\.0\\\\.(11|22)"
+    instead of "192.168.0.[11|22]" and so on.  
 
         <property>
           <name>nfs.exports.allowed.hosts</name>