public Builder(NamespaceMeta meta) { this.name = meta.getName(); this.description = meta.getDescription(); NamespaceConfig config = meta.getConfig(); if (config != null) { this.schedulerQueueName = config.getSchedulerQueueName(); this.rootDirectory = config.getRootDirectory(); this.hbaseNamespace = config.getHbaseNamespace(); this.hiveDatabase = config.getHiveDatabase(); this.principal = config.getPrincipal(); this.groupName = config.getGroupName(); this.keytabURIWithoutVersion = config.getKeytabURIWithoutVersion(); this.keytabURIVersion = config.getKeytabURIVersion(); this.exploreAsPrincipal = config.isExploreAsPrincipal(); } }
if (!namespaceConfig.getSchedulerQueueName().isEmpty()) { builder.append(ArgumentName.NAMESPACE_SCHEDULER_QUEUENAME); builder.append("='").append(namespaceConfig.getSchedulerQueueName()).append("', "); if (namespaceConfig.getRootDirectory() != null) { builder.append(ArgumentName.NAMESPACE_ROOT_DIR); builder.append("='").append(namespaceConfig.getRootDirectory()).append("', "); if (namespaceConfig.getHbaseNamespace() != null) { builder.append(ArgumentName.NAMESPACE_HBASE_NAMESPACE); builder.append("='").append(namespaceConfig.getHbaseNamespace()).append("', "); if (namespaceConfig.getHiveDatabase() != null) { builder.append(ArgumentName.NAMESPACE_HIVE_DATABASE); builder.append("='").append(namespaceConfig.getHiveDatabase()).append("', "); if (namespaceConfig.getPrincipal() != null) { builder.append(ArgumentName.PRINCIPAL); builder.append("='").append(namespaceConfig.getPrincipal()).append("', "); if (namespaceConfig.getKeytabURI() != null) { builder.append(ArgumentName.NAMESPACE_KEYTAB_PATH); builder.append("='").append(namespaceConfig.getKeytabURI()).append("', "); if (namespaceConfig.getGroupName() != null) { builder.append(ArgumentName.NAMESPACE_GROUP_NAME); builder.append("='").append(namespaceConfig.getGroupName()).append("', "); if (namespaceConfig.isExploreAsPrincipal() != null) {
private boolean hasCustomMapping(NamespaceMeta metadata) { NamespaceConfig config = metadata.getConfig(); return !(Strings.isNullOrEmpty(config.getRootDirectory()) && Strings.isNullOrEmpty(config.getHbaseNamespace()) && Strings.isNullOrEmpty(config.getHiveDatabase())); }
if (config != null && !Strings.isNullOrEmpty(config.getSchedulerQueueName())) { builder.setSchedulerQueueName(config.getSchedulerQueueName()); if (config != null && config.getKeytabURI() != null) { String keytabURI = config.getKeytabURI(); if (keytabURI.isEmpty()) { throw new BadRequestException("Cannot update keytab URI with an empty URI."); String existingKeytabURI = existingMeta.getConfig().getKeytabURIWithoutVersion(); if (existingKeytabURI == null) { throw new BadRequestException("Cannot update keytab URI since there is no existing principal or keytab URI."); builder.setExploreAsPrincipal(config.isExploreAsPrincipal()); Set<String> difference = existingMeta.getConfig().getDifference(config); if (!difference.isEmpty()) { throw new BadRequestException(String.format("Mappings %s for namespace %s cannot be updated once the namespace " +
String ownerPrincipal = metadata.getConfig().getPrincipal(); Principal requestingUser = authenticationContext.getPrincipal(); if (ownerPrincipal != null) { String configuredPrincipal = metadata.getConfig().getPrincipal(); String configuredKeytabURI = metadata.getConfig().getKeytabURI(); if ((!Strings.isNullOrEmpty(configuredPrincipal) && Strings.isNullOrEmpty(configuredKeytabURI)) || (Strings.isNullOrEmpty(configuredPrincipal) && !Strings.isNullOrEmpty(configuredKeytabURI))) { if (!metadata.getConfig().isExploreAsPrincipal() && !hasValidKerberosConf) { throw new BadRequestException( String.format("No kerberos principal or keytab-uri was provided while '%s' was set to true.",
@Override public boolean apply(NamespaceMeta input) { return principal.getName().equals(input.getConfig().getPrincipal()); } });
@Nullable @Override public ImpersonationInfo getImpersonationInfo(NamespacedEntityId entityId) throws IOException { entityId = getEffectiveEntity(entityId); if (!entityId.getEntityType().equals(EntityType.NAMESPACE)) { KerberosPrincipalId effectiveOwner = ownerStore.getOwner(entityId); if (effectiveOwner != null) { return new ImpersonationInfo(effectiveOwner.getPrincipal(), SecurityUtil.getKeytabURIforPrincipal(effectiveOwner.getPrincipal(), cConf)); } } // (CDAP-8176) Since no owner was found for the entity return namespace principal if present. NamespaceConfig nsConfig = getNamespaceConfig(entityId.getNamespaceId()); return nsConfig.getPrincipal() == null ? null : new ImpersonationInfo(nsConfig.getPrincipal(), nsConfig.getKeytabURI()); }
"with sufficient privileges for the user %s and then try creating a namespace.", customNamespacedLocation.toString(), namespaceMeta.getNamespaceId(), namespaceMeta.getConfig().getPrincipal())); "namespace with sufficient privileges for the user %s and then try creating a namespace.", customNamespacedLocation.toString(), namespaceMeta.getNamespaceId(), namespaceMeta.getConfig().getPrincipal())); "again with an empty directory mapping and sufficient privileges for the user %s.", customNamespacedLocation.toString(), namespaceMeta.getNamespaceId(), namespaceMeta.getConfig().getPrincipal())); if (namespaceMeta.getConfig().getGroupName() != null) { String groupName = customNamespacedLocation.getGroup(); String permissions = customNamespacedLocation.getPermissions().substring(3, 6); if (!groupName.equals(namespaceMeta.getConfig().getGroupName())) { LOG.warn("The provided home directory '{}' for namespace '{}' has group '{}', which is different from " + "the configured group '{}' of the namespace.", customNamespacedLocation.toString(), namespaceMeta.getNamespaceId(), groupName, namespaceMeta.getConfig().getGroupName());
if (Strings.isNullOrEmpty(namespaceMeta.getConfig().getHbaseNamespace())) { try (HBaseDDLExecutor executor = hBaseDDLExecutorFactory.get()) { boolean created = executor.createNamespaceIfNotExists(hbaseNamespace); if (namespaceMeta.getConfig().getGroupName() != null) { try { executor.grantPermissions(hbaseNamespace, null, ImmutableMap.of("@" + namespaceMeta.getConfig().getGroupName(), "C")); } catch (IOException | RuntimeException e) {
private boolean hasCustomLocation(NamespaceMeta namespaceMeta) { return !Strings.isNullOrEmpty(namespaceMeta.getConfig().getRootDirectory()); }
@Nullable // returns null iff the input is null private String getHiveDatabase(@Nullable String namespace) { // null namespace implies that the operation happens across all databases if (isNullOrDefault(namespace)) { return namespace; } try { String customHiveDb = namespaceQueryAdmin.get(new NamespaceId(namespace)).getConfig().getHiveDatabase(); if (!Strings.isNullOrEmpty(customHiveDb)) { return customHiveDb; } } catch (Exception e) { throw Throwables.propagate(e); } return getCDAPFormatDBName(namespace); }
Assert.assertEquals("prod", config.getSchedulerQueueName()); Assert.assertEquals(NAME, namespace.get(NAME_FIELD).getAsString()); Assert.assertEquals(EMPTY, namespace.get(DESCRIPTION_FIELD).getAsString()); Assert.assertEquals("prod", config.getSchedulerQueueName()); config = GSON.fromJson(namespace.get(CONFIG_FIELD).getAsJsonObject(), NamespaceConfig.class); Assert.assertEquals("new/url", config.getKeytabURI());
public String getHBaseNamespace(NamespaceMeta namespaceMeta) { if (!Strings.isNullOrEmpty(namespaceMeta.getConfig().getHbaseNamespace())) { return namespaceMeta.getConfig().getHbaseNamespace(); } return toCDAPManagedHBaseNamespace(namespaceMeta.getNamespaceId()); }
NamespaceConfig nsConfig = namespaceQueryAdmin.get(impersonationRequest.getEntityId().getNamespaceId()).getConfig(); if (!nsConfig.isExploreAsPrincipal()) { throw new FeatureDisabledException(FeatureDisabledException.Feature.EXPLORE, NamespaceConfig.class.getSimpleName() + " of " +
/** * Get queue at namespace level if it is empty returns the default queue. * * @param namespaceId NamespaceId * @return schedule queue at namespace level or default queue. */ @Nullable public String getQueue(Id.Namespace namespaceId) throws IOException, NamespaceNotFoundException { if (namespaceId.equals(Id.Namespace.SYSTEM)) { return systemQueue; } NamespaceMeta meta; try { meta = namespaceQueryAdmin.get(namespaceId.toEntityId()); } catch (NamespaceNotFoundException e) { throw e; } catch (Exception e) { throw new IOException(e); } if (meta != null) { NamespaceConfig config = meta.getConfig(); String namespaceQueue = config.getSchedulerQueueName(); return Strings.isNullOrEmpty(namespaceQueue) ? getDefaultQueue() : namespaceQueue; } else { return getDefaultQueue(); } } }
@Test public void testUpdateExistingKeytab() throws Exception { String namespace = "updateNamespace"; NamespaceId namespaceId = new NamespaceId(namespace); NamespaceMeta nsMeta = new NamespaceMeta.Builder().setName(namespaceId) .setPrincipal("alice").setKeytabURI("/alice/keytab").build(); namespaceAdmin.create(nsMeta); Assert.assertTrue(namespaceAdmin.exists(namespaceId)); // update the keytab URI String newKeytab = "/alice/new_keytab"; NamespaceMeta newKeytabMeta = new NamespaceMeta.Builder(nsMeta).setKeytabURI(newKeytab).build(); namespaceAdmin.updateProperties(nsMeta.getNamespaceId(), newKeytabMeta); // assert the keytab URI is updated and the version remains 0 Assert.assertEquals(newKeytab, namespaceAdmin.get(namespaceId).getConfig().getKeytabURIWithoutVersion()); Assert.assertEquals(0, namespaceAdmin.get(namespaceId).getConfig().getKeytabURIVersion()); // update the namespace with the same keytab URI namespaceAdmin.updateProperties(nsMeta.getNamespaceId(), newKeytabMeta); // assert the keytab URI without version remains the same and the version is incremented to 1 Assert.assertEquals(newKeytab, namespaceAdmin.get(namespaceId).getConfig().getKeytabURIWithoutVersion()); Assert.assertEquals(1, namespaceAdmin.get(namespaceId).getConfig().getKeytabURIVersion()); //clean up namespaceAdmin.delete(namespaceId); }
String configuredGroupName = namespaceMeta.getConfig().getGroupName(); boolean createdData = false; boolean createdTemp = false;
if (config != null && !Strings.isNullOrEmpty(config.getSchedulerQueueName())) { builder.setSchedulerQueueName(config.getSchedulerQueueName()); if (config != null && config.getKeytabURI() != null) { String keytabURI = config.getKeytabURI(); if (keytabURI.isEmpty()) { throw new BadRequestException("Cannot update keytab URI with an empty URI."); String existingKeytabURI = existingMeta.getConfig().getKeytabURIWithoutVersion(); if (existingKeytabURI == null) { throw new BadRequestException("Cannot update keytab URI since there is no existing principal or keytab URI."); builder.setExploreAsPrincipal(config.isExploreAsPrincipal()); Set<String> difference = existingMeta.getConfig().getDifference(config); if (!difference.isEmpty()) { throw new BadRequestException(String.format("Mappings %s for namespace %s cannot be updated once the namespace " +
private boolean hasCustomMapping(NamespaceMeta metadata) { NamespaceConfig config = metadata.getConfig(); return !(Strings.isNullOrEmpty(config.getRootDirectory()) && Strings.isNullOrEmpty(config.getHbaseNamespace()) && Strings.isNullOrEmpty(config.getHiveDatabase())); }
String ownerPrincipal = metadata.getConfig().getPrincipal(); Principal requestingUser = authenticationContext.getPrincipal(); if (ownerPrincipal != null) { String configuredPrincipal = metadata.getConfig().getPrincipal(); String configuredKeytabURI = metadata.getConfig().getKeytabURI(); if ((!Strings.isNullOrEmpty(configuredPrincipal) && Strings.isNullOrEmpty(configuredKeytabURI)) || (Strings.isNullOrEmpty(configuredPrincipal) && !Strings.isNullOrEmpty(configuredKeytabURI))) { if (!metadata.getConfig().isExploreAsPrincipal() && !hasValidKerberosConf) { throw new BadRequestException( String.format("No kerberos principal or keytab-uri was provided while '%s' was set to true.",