/** * Returns the list of groups of which this user is a member. On secure * Hadoop this returns the group information for the user as resolved on the * server. For 0.20 based Hadoop, the group names are passed from the client. */ public String[] getGroupNames() { return ugi.getGroupNames(); }
private void print() throws IOException { System.out.println("User: " + getUserName()); System.out.print("Group Ids: "); System.out.println(); String[] groups = getGroupNames(); System.out.print("Groups: "); for(int i=0; i < groups.length; i++) { System.out.print(groups[i] + " "); } System.out.println(); }
@Override public void setConf(Configuration conf) { this.conf = conf; UserGroupInformation ugi = null; try { ugi = Utils.getUGI(); } catch (Exception e) { throw new RuntimeException(e); } if (ugi == null) { throw new RuntimeException( "Can not initialize HadoopDefaultAuthenticator."); } this.userName = ugi.getShortUserName(); if (ugi.getGroupNames() != null) { this.groupNames = Arrays.asList(ugi.getGroupNames()); } }
@Override public void setConf(Configuration conf) { this.conf = conf; UserGroupInformation ugi = null; try { ugi = Utils.getUGI(); } catch (Exception e) { throw new RuntimeException(e); } if (ugi == null) { throw new RuntimeException( "Can not initialize HadoopDefaultAuthenticator."); } this.userName = ugi.getShortUserName(); if (ugi.getGroupNames() != null) { this.groupNames = Arrays.asList(ugi.getGroupNames()); } }
public static void checkFileAccess(FileSystem fs, FileStatus stat, FsAction action) throws IOException, AccessControlException, LoginException { // Get the user/groups for checking permissions based on the current UGI. UserGroupInformation currentUgi = Utils.getUGI(); DefaultFileAccess.checkFileAccess(fs, stat, action, currentUgi.getShortUserName(), Arrays.asList(currentUgi.getGroupNames())); }
@Override public void setConf(Configuration conf) { this.conf = conf; UserGroupInformation ugi = null; String proxyUser = conf.get(PROXY_USER_NAME); if (proxyUser == null){ super.setConf(conf); return; } // If we're here, proxy user is set. try { ugi = UserGroupInformation.createRemoteUser(proxyUser); } catch (Exception e) { throw new RuntimeException(e); } if (ugi == null) { throw new RuntimeException( "Can not initialize ProxyUserAuthenticator for user ["+proxyUser+"]"); } this.userName = ugi.getShortUserName(); if (ugi.getGroupNames() != null) { this.groupNames = Arrays.asList(ugi.getGroupNames()); } }
@Override public String[] getGroupNames() { if (cache != null) { try { return this.cache.get(getShortName()); } catch (ExecutionException e) { return new String[0]; } } return ugi.getGroupNames(); }
@Override public void setConf(Configuration conf) { this.conf = conf; UserGroupInformation ugi = null; String proxyUser = conf.get(PROXY_USER_NAME); if (proxyUser == null){ super.setConf(conf); return; } // If we're here, proxy user is set. try { ugi = UserGroupInformation.createRemoteUser(proxyUser); } catch (Exception e) { throw new RuntimeException(e); } if (ugi == null) { throw new RuntimeException( "Can not initialize ProxyUserAuthenticator for user ["+proxyUser+"]"); } this.userName = ugi.getShortUserName(); if (ugi.getGroupNames() != null) { this.groupNames = Arrays.asList(ugi.getGroupNames()); } }
private UserGroupInformation ugiInvalidUserInvalidGroups() { UserGroupInformation ugi = Mockito.mock(UserGroupInformation.class); Mockito.when(ugi.getShortUserName()).thenReturn("nosuchuser"); Mockito.when(ugi.getGroupNames()).thenReturn(new String[]{"nosuchgroup"}); return ugi; }
private UserGroupInformation ugiInvalidUserValidGroups() throws LoginException, IOException { UserGroupInformation ugi = Mockito.mock(UserGroupInformation.class); Mockito.when(ugi.getShortUserName()).thenReturn("nosuchuser"); Mockito.when(ugi.getGroupNames()).thenReturn(SecurityUtils.getUGI().getGroupNames()); return ugi; }
@Override public FileStatus[] listStatus(Path f) throws AccessControlException, FileNotFoundException, IOException { checkPathIsSlash(f); FileStatus[] result = new FileStatus[theInternalDir.getChildren().size()]; int i = 0; for (Entry<String, INode<FileSystem>> iEntry : theInternalDir.getChildren().entrySet()) { INode<FileSystem> inode = iEntry.getValue(); if (inode.isLink()) { INodeLink<FileSystem> link = (INodeLink<FileSystem>) inode; result[i++] = new FileStatus(0, false, 0, 0, creationTime, creationTime, PERMISSION_555, ugi.getShortUserName(), ugi.getPrimaryGroupName(), link.getTargetLink(), new Path(inode.fullPath).makeQualified( myUri, null)); } else { result[i++] = new FileStatus(0, true, 0, 0, creationTime, creationTime, PERMISSION_555, ugi.getShortUserName(), ugi.getGroupNames()[0], new Path(inode.fullPath).makeQualified( myUri, null)); } } return result; }
@Override public FileStatus[] listStatus(final Path f) throws AccessControlException, IOException { checkPathIsSlash(f); FileStatus[] result = new FileStatus[theInternalDir.getChildren().size()]; int i = 0; for (Entry<String, INode<AbstractFileSystem>> iEntry : theInternalDir.getChildren().entrySet()) { INode<AbstractFileSystem> inode = iEntry.getValue(); if (inode.isLink()) { INodeLink<AbstractFileSystem> link = (INodeLink<AbstractFileSystem>) inode; result[i++] = new FileStatus(0, false, 0, 0, creationTime, creationTime, PERMISSION_555, ugi.getShortUserName(), ugi.getPrimaryGroupName(), link.getTargetLink(), new Path(inode.fullPath).makeQualified( myUri, null)); } else { result[i++] = new FileStatus(0, true, 0, 0, creationTime, creationTime, PERMISSION_555, ugi.getShortUserName(), ugi.getGroupNames()[0], new Path(inode.fullPath).makeQualified( myUri, null)); } } return result; }
String[] groups = ugi.getGroupNames();
client.set_ugi(ugi.getUserName(), Arrays.asList(ugi.getGroupNames())); } catch (LoginException e) { LOG.warn("Failed to do login. set_ugi() is not successful, " +
client.set_ugi(ugi.getUserName(), Arrays.asList(ugi.getGroupNames())); } catch (LoginException e) { LOG.warn("Failed to do login. set_ugi() is not successful, " +
/** * Throw an exception if an action is not permitted by a user on a file. * * @param ugi * the user * @param file * the file * @param action * the action */ public static void checkAccess(UserGroupInformation ugi, FileStatus file, FsAction action) throws AccessDeniedException { if (ugi.getShortUserName().equals(file.getOwner())) { if (file.getPermission().getUserAction().implies(action)) { return; } } else if (contains(ugi.getGroupNames(), file.getGroup())) { if (file.getPermission().getGroupAction().implies(action)) { return; } } else if (file.getPermission().getOtherAction().implies(action)) { return; } throw new AccessDeniedException("Permission denied:" + " action=" + action + " path=" + file.getPath() + " user=" + ugi.getShortUserName()); }
client.set_ugi(ugi.getUserName(), Arrays.asList(ugi.getGroupNames())); } catch (LoginException e) { LOG.warn("Failed to do login. set_ugi() is not successful, " +
@Test public void testCacheGetGroupsRoot() throws Exception { // Windows users don't have a root user. // However pretty much every other *NIX os will have root. if (!SystemUtils.IS_OS_WINDOWS) { Configuration conf = HBaseConfiguration.create(); UserProvider up = UserProvider.instantiate(conf); String rootUserName = "root"; // Create two UGI's for this username UserGroupInformation ugiOne = UserGroupInformation.createRemoteUser(rootUserName); UserGroupInformation ugiTwo = UserGroupInformation.createRemoteUser(rootUserName); // Now try and get the user twice. User uOne = up.create(ugiOne); User uTwo = up.create(ugiTwo); // Make sure that we didn't break groups and everything worked well. assertArrayEquals(uOne.getGroupNames(),uTwo.getGroupNames()); String[] groupNames = ugiOne.getGroupNames(); assertTrue(groupNames.length > 0); } }
ugi.getRealAuthenticationMethod()); title("Group names"); for (String name : ugi.getGroupNames()) { println(name);
@Test public void testCacheGetGroups() throws Exception { Configuration conf = HBaseConfiguration.create(); UserProvider up = UserProvider.instantiate(conf); // VERY unlikely that this user will exist on the box. // This should mean the user has no groups. String nonUser = "kklvfnvhdhcenfnniilggljhdecjhidkle"; // Create two UGI's for this username UserGroupInformation ugiOne = UserGroupInformation.createRemoteUser(nonUser); UserGroupInformation ugiTwo = UserGroupInformation.createRemoteUser(nonUser); // Now try and get the user twice. User uOne = up.create(ugiOne); User uTwo = up.create(ugiTwo); // Make sure that we didn't break groups and everything worked well. assertArrayEquals(uOne.getGroupNames(),uTwo.getGroupNames()); // Check that they are referentially equal. // Since getting a group for a users that doesn't exist creates a new string array // the only way that they should be referentially equal is if the cache worked and // made sure we didn't go to hadoop's script twice. assertTrue(uOne.getGroupNames() == uTwo.getGroupNames()); assertEquals(0, ugiOne.getGroupNames().length); }