@Override public void add(NamespacedEntityId entityId, KerberosPrincipalId kerberosPrincipalId) throws IOException, AlreadyExistsException { ownerStore.add(entityId, kerberosPrincipalId); }
@Override public void delete(NamespacedEntityId entityId) throws IOException { ownerStore.delete(entityId); } }
@Override public boolean exists(NamespacedEntityId entityId) throws IOException { return ownerStore.exists(entityId); }
Assert.assertNull(ownerStore.getOwner(datasetId)); ownerStore.delete(datasetId); ownerStore.add(datasetId, kerberosPrincipalId); Assert.assertTrue(ownerStore.exists(datasetId)); Assert.assertEquals(kerberosPrincipalId, ownerStore.getOwner(datasetId)); ownerStore.add(datasetId, new KerberosPrincipalId("bob@SOMEKDC.NET")); Assert.fail(); } catch (AlreadyExistsException e) { ownerStore.add(datasetId, new KerberosPrincipalId("somePrincipal")); Assert.fail(); } catch (AlreadyExistsException e) { ownerStore.add(datasetId, new KerberosPrincipalId("b@ob@SOMEKDC.NET")); Assert.fail(); } catch (IllegalArgumentException e) { ownerStore.add(NamespaceId.DEFAULT.topic("anotherStream"), new KerberosPrincipalId("somePrincipal")); Assert.fail(); } catch (IllegalArgumentException e) { ownerStore.delete(datasetId); Assert.assertFalse(ownerStore.exists(datasetId)); Assert.assertNull(ownerStore.getOwner(datasetId));
@Nullable @Override public KerberosPrincipalId getOwner(NamespacedEntityId entityId) throws IOException { return ownerStore.getOwner(entityId); }
/** * Validates the given {@link NamespacedEntityId} to be supported by the {@link OwnerStore} * i.e. the entity can be associated with an owner. * Validated the given {@link KerberosPrincipalId} to be valid i.e. it can be used to create a * {@link org.apache.hadoop.security.authentication.util.KerberosName}. * See {@link SecurityUtil#validateKerberosPrincipal(KerberosPrincipalId)} * * @param entityId {@link NamespacedEntityId} to be validated * @param principalId {@link KerberosPrincipalId} to be validated */ protected final void validate(NamespacedEntityId entityId, KerberosPrincipalId principalId) { validate(entityId); SecurityUtil.validateKerberosPrincipal(principalId); }
@Nullable @Override public String getImpersonationPrincipal(NamespacedEntityId entityId) throws IOException { entityId = getEffectiveEntity(entityId); KerberosPrincipalId effectiveOwner = null; if (!entityId.getEntityType().equals(EntityType.NAMESPACE)) { effectiveOwner = ownerStore.getOwner(entityId); } // (CDAP-8176) Since no owner was found for the entity return namespace principal if present. return effectiveOwner != null ? effectiveOwner.getPrincipal() : getNamespaceConfig(entityId).getPrincipal(); }
@Nullable @Override public ImpersonationInfo getImpersonationInfo(NamespacedEntityId entityId) throws IOException { entityId = getEffectiveEntity(entityId); if (!entityId.getEntityType().equals(EntityType.NAMESPACE)) { KerberosPrincipalId effectiveOwner = ownerStore.getOwner(entityId); if (effectiveOwner != null) { return new ImpersonationInfo(effectiveOwner.getPrincipal(), SecurityUtil.getKeytabURIforPrincipal(effectiveOwner.getPrincipal(), cConf)); } } // (CDAP-8176) Since no owner was found for the entity return namespace principal if present. NamespaceConfig nsConfig = getNamespaceConfig(entityId.getNamespaceId()); return nsConfig.getPrincipal() == null ? null : new ImpersonationInfo(nsConfig.getPrincipal(), nsConfig.getKeytabURI()); }