@Override public boolean apply(NamespaceMeta input) { return principal.getName().equals(input.getConfig().getPrincipal()); } });
builder.append("='").append(namespaceConfig.getHiveDatabase()).append("', "); if (namespaceConfig.getPrincipal() != null) { builder.append(ArgumentName.PRINCIPAL); builder.append("='").append(namespaceConfig.getPrincipal()).append("', ");
builder.append("='").append(namespaceConfig.getHiveDatabase()).append("', "); if (namespaceConfig.getPrincipal() != null) { builder.append(ArgumentName.PRINCIPAL); builder.append("='").append(namespaceConfig.getPrincipal()).append("', ");
/** * Lists all namespaces * * @return a list of {@link NamespaceMeta} for all namespaces */ @Override public List<NamespaceMeta> list() throws Exception { List<NamespaceMeta> namespaces = nsStore.list(); final Principal principal = authenticationContext.getPrincipal(); //noinspection ConstantConditions return AuthorizationUtil.isVisible(namespaces, authorizationEnforcer, principal, NamespaceMeta::getNamespaceId, input -> principal.getName().equals(input.getConfig().getPrincipal())); }
"with sufficient privileges for the user %s and then try creating a namespace.", customNamespacedLocation.toString(), namespaceMeta.getNamespaceId(), namespaceMeta.getConfig().getPrincipal())); "namespace with sufficient privileges for the user %s and then try creating a namespace.", customNamespacedLocation.toString(), namespaceMeta.getNamespaceId(), namespaceMeta.getConfig().getPrincipal())); "again with an empty directory mapping and sufficient privileges for the user %s.", customNamespacedLocation.toString(), namespaceMeta.getNamespaceId(), namespaceMeta.getConfig().getPrincipal()));
@Nullable @Override public String getImpersonationPrincipal(NamespacedEntityId entityId) throws IOException { entityId = getEffectiveEntity(entityId); KerberosPrincipalId effectiveOwner = null; if (!entityId.getEntityType().equals(EntityType.NAMESPACE)) { effectiveOwner = ownerStore.getOwner(entityId); } // (CDAP-8176) Since no owner was found for the entity return namespace principal if present. return effectiveOwner != null ? effectiveOwner.getPrincipal() : getNamespaceConfig(entityId).getPrincipal(); }
if (namespaceMeta != null && principal.getName().equals(namespaceMeta.getConfig().getPrincipal())) { return namespaceMeta;
"with sufficient privileges for the user %s and then try creating a namespace.", customNamespacedLocation.toString(), namespaceMeta.getNamespaceId(), namespaceMeta.getConfig().getPrincipal())); "namespace with sufficient privileges for the user %s and then try creating a namespace.", customNamespacedLocation.toString(), namespaceMeta.getNamespaceId(), namespaceMeta.getConfig().getPrincipal())); "again with an empty directory mapping and sufficient privileges for the user %s.", customNamespacedLocation.toString(), namespaceMeta.getNamespaceId(), namespaceMeta.getConfig().getPrincipal()));
if (namespaceMeta != null && principal.getName().equals(namespaceMeta.getConfig().getPrincipal())) { return namespaceMeta;
@Nullable @Override public ImpersonationInfo getImpersonationInfo(NamespacedEntityId entityId) throws IOException { entityId = getEffectiveEntity(entityId); if (!entityId.getEntityType().equals(EntityType.NAMESPACE)) { KerberosPrincipalId effectiveOwner = ownerStore.getOwner(entityId); if (effectiveOwner != null) { return new ImpersonationInfo(effectiveOwner.getPrincipal(), SecurityUtil.getKeytabURIforPrincipal(effectiveOwner.getPrincipal(), cConf)); } } // (CDAP-8176) Since no owner was found for the entity return namespace principal if present. NamespaceConfig nsConfig = getNamespaceConfig(entityId.getNamespaceId()); return nsConfig.getPrincipal() == null ? null : new ImpersonationInfo(nsConfig.getPrincipal(), nsConfig.getKeytabURI()); }
String ownerPrincipal = metadata.getConfig().getPrincipal(); Principal requestingUser = authenticationContext.getPrincipal(); if (ownerPrincipal != null) { String configuredPrincipal = metadata.getConfig().getPrincipal(); String configuredKeytabURI = metadata.getConfig().getKeytabURI(); if ((!Strings.isNullOrEmpty(configuredPrincipal) && Strings.isNullOrEmpty(configuredKeytabURI)) ||
String ownerPrincipal = metadata.getConfig().getPrincipal(); Principal requestingUser = authenticationContext.getPrincipal(); if (ownerPrincipal != null) { String configuredPrincipal = metadata.getConfig().getPrincipal(); String configuredKeytabURI = metadata.getConfig().getKeytabURI(); if ((!Strings.isNullOrEmpty(configuredPrincipal) && Strings.isNullOrEmpty(configuredKeytabURI)) ||
/** * Executes a program without blocking until its completion. */ public void execute(final ProgramId id, Map<String, String> sysArgs, Map<String, String> userArgs) throws Exception { String originalUserId = SecurityRequestContext.getUserId(); try { // if the program has a namespace user configured then set that user in the security request context. // See: CDAP-7396 String nsPrincipal = namespaceQueryAdmin.get(id.getNamespaceId()).getConfig().getPrincipal(); if (nsPrincipal != null && SecurityUtil.isKerberosEnabled(cConf)) { SecurityRequestContext.setUserId(new KerberosName(nsPrincipal).getServiceName()); } lifecycleService.runInternal(id, userArgs, sysArgs, false); } catch (ProgramNotFoundException | ApplicationNotFoundException e) { throw new TaskExecutionException(String.format(UserMessages.getMessage(UserErrors.PROGRAM_NOT_FOUND), id), e, false); } finally { SecurityRequestContext.setUserId(originalUserId); } } }
/** * Executes a program without blocking until its completion. */ public void execute(final ProgramId id, Map<String, String> sysArgs, Map<String, String> userArgs) throws Exception { String originalUserId = SecurityRequestContext.getUserId(); try { // if the program has a namespace user configured then set that user in the security request context. // See: CDAP-7396 String nsPrincipal = namespaceQueryAdmin.get(id.getNamespaceId()).getConfig().getPrincipal(); if (nsPrincipal != null && SecurityUtil.isKerberosEnabled(cConf)) { SecurityRequestContext.setUserId(new KerberosName(nsPrincipal).getServiceName()); } lifecycleService.runInternal(id, userArgs, sysArgs, false); } catch (ProgramNotFoundException | ApplicationNotFoundException e) { throw new TaskExecutionException(String.format(UserMessages.getMessage(UserErrors.PROGRAM_NOT_FOUND), id), e, false); } finally { SecurityRequestContext.setUserId(originalUserId); } } }
public Builder(NamespaceMeta meta) { this.name = meta.getName(); this.description = meta.getDescription(); NamespaceConfig config = meta.getConfig(); if (config != null) { this.schedulerQueueName = config.getSchedulerQueueName(); this.rootDirectory = config.getRootDirectory(); this.hbaseNamespace = config.getHbaseNamespace(); this.hiveDatabase = config.getHiveDatabase(); this.principal = config.getPrincipal(); this.groupName = config.getGroupName(); this.keytabURIWithoutVersion = config.getKeytabURIWithoutVersion(); this.keytabURIVersion = config.getKeytabURIVersion(); this.exploreAsPrincipal = config.isExploreAsPrincipal(); } }
public Builder(NamespaceMeta meta) { this.name = meta.getName(); this.description = meta.getDescription(); NamespaceConfig config = meta.getConfig(); if (config != null) { this.schedulerQueueName = config.getSchedulerQueueName(); this.rootDirectory = config.getRootDirectory(); this.hbaseNamespace = config.getHbaseNamespace(); this.hiveDatabase = config.getHiveDatabase(); this.principal = config.getPrincipal(); this.groupName = config.getGroupName(); this.keytabURIWithoutVersion = config.getKeytabURIWithoutVersion(); this.keytabURIVersion = config.getKeytabURIVersion(); this.exploreAsPrincipal = config.isExploreAsPrincipal(); } }
DatasetId datasetId = namespaceId.dataset("whom"); DatasetTypeId datasetTypeId = namespaceId.datasetType(KeyValueTable.class.getName()); String owner = appOwner != null ? appOwner : nsMeta.getConfig().getPrincipal(); KerberosPrincipalId principalId = new KerberosPrincipalId(owner); Principal principal = new Principal(owner, Principal.PrincipalType.USER);
impNsMeta.getName(), impNsMeta.getConfig().getPrincipal());