/** * In remote mode, we should not cache the explore request */ @Override protected boolean checkExploreAndDetermineCache(ImpersonationRequest impersonationRequest) throws IOException { return !(impersonationRequest.getEntityId().getEntityType().equals(EntityType.NAMESPACE) && impersonationRequest.getImpersonatedOpType().equals(ImpersonatedOpType.EXPLORE)); }
@Override public final UGIWithPrincipal getConfiguredUGI(ImpersonationRequest impersonationRequest) throws IOException { try { UGIWithPrincipal ugi = impersonationRequest.getImpersonatedOpType().equals(ImpersonatedOpType.EXPLORE) || impersonationRequest.getPrincipal() == null ? null : ugiCache.getIfPresent(new UGICacheKey(impersonationRequest)); if (ugi != null) { return ugi; } boolean isCache = checkExploreAndDetermineCache(impersonationRequest); ImpersonationInfo info = getPrincipalForEntity(impersonationRequest); ImpersonationRequest newRequest = new ImpersonationRequest(impersonationRequest.getEntityId(), impersonationRequest.getImpersonatedOpType(), info.getPrincipal(), info.getKeytabURI()); return isCache ? ugiCache.get(new UGICacheKey(newRequest)) : createUGI(newRequest); } catch (ExecutionException e) { Throwable cause = e.getCause(); // Propagate if the cause is an IOException or RuntimeException Throwables.propagateIfPossible(cause, IOException.class); // Otherwise always wrap it with IOException throw new IOException(cause); } }
@Override protected UGIWithPrincipal createUGI(ImpersonationRequest impersonationRequest) throws IOException { ImpersonationRequest jsonRequest = new ImpersonationRequest(impersonationRequest.getEntityId(), impersonationRequest.getImpersonatedOpType(), impersonationRequest.getPrincipal()); PrincipalCredentials principalCredentials = GSON.fromJson(executeRequest(jsonRequest).getResponseBodyAsString(), PrincipalCredentials.class); LOG.debug("Received response: {}", principalCredentials); Location location = locationFactory.create(URI.create(principalCredentials.getCredentialsPath())); try { String user = principalCredentials.getPrincipal(); if (impersonationRequest.getImpersonatedOpType() == ImpersonatedOpType.EXPLORE) { // For explore operations, we use the short name in UserGroupInformation, to avoid an incorrect // check in Hive. See CDAP-12930 user = new KerberosName(user).getShortName(); } UserGroupInformation impersonatedUGI = UserGroupInformation.createRemoteUser(user); impersonatedUGI.addCredentials(readCredentials(location)); return new UGIWithPrincipal(principalCredentials.getPrincipal(), impersonatedUGI); } finally { try { if (!location.delete()) { LOG.warn("Failed to delete location: {}", location); } } catch (IOException e) { LOG.warn("Exception raised when deleting location {}", location, e); } } }
protected boolean checkExploreAndDetermineCache(ImpersonationRequest impersonationRequest) throws IOException { if (impersonationRequest.getEntityId().getEntityType().equals(EntityType.NAMESPACE) && impersonationRequest.getImpersonatedOpType().equals(ImpersonatedOpType.EXPLORE)) {
new Text("service"))); credentials.addToken(new Text("opType"), new Token<>(impersonationRequest.getImpersonatedOpType().toString() .getBytes(StandardCharsets.UTF_8), impersonationRequest.getImpersonatedOpType().toString() .getBytes(StandardCharsets.UTF_8), new Text("opType"),
Assert.assertArrayEquals(aliceImpRequest.getImpersonatedOpType().toString().getBytes(StandardCharsets.UTF_8), token.getIdentifier()); Assert.assertArrayEquals(aliceImpRequest.getImpersonatedOpType().toString().getBytes(StandardCharsets.UTF_8), token.getPassword()); Assert.assertEquals(new Text("opType"), token.getKind());