Refine search
public AsyncTrash(FileSystem fs, Properties properties) throws IOException { this(fs, properties, UserGroupInformation.getCurrentUser().getShortUserName()); }
public static void logYarnEnvironmentInformation(Map<String, String> env, Logger log) throws IOException { final String yarnClientUsername = env.get(YarnConfigKeys.ENV_HADOOP_USER_NAME); Preconditions.checkArgument( yarnClientUsername != null, "YARN client user name environment variable %s not set", YarnConfigKeys.ENV_HADOOP_USER_NAME); UserGroupInformation currentUser = UserGroupInformation.getCurrentUser(); log.info("YARN daemon is running as: {} Yarn client user obtainer: {}", currentUser.getShortUserName(), yarnClientUsername); } }
@Override protected String getUserName() { try { return UserGroupInformation.getCurrentUser().getShortUserName(); } catch (IOException ex) { throw new RuntimeException(ex); } } });
private void init(HiveConf hiveConf) throws IOException { // Only do the lightweight stuff in ctor; by default, LLAP coordinator is created during // HS2 init without the knowledge of LLAP usage (or lack thereof) in the cluster. this.hiveConf = hiveConf; this.clusterUser = UserGroupInformation.getCurrentUser().getShortUserName(); // TODO: if two HS2s start at exactly the same time, which could happen during a coordinated // restart, they could start generating the same IDs. Should we store the startTime // somewhere like ZK? Try to randomize it a bit for now... long randomBits = (long)(new Random().nextInt()) << 32; this.startTime = Math.abs((System.currentTimeMillis() & (long)Integer.MAX_VALUE) | randomBits); }
/** {@inheritDoc} */ @Override public String getStagingAreaDir() throws IOException, InterruptedException { String usr = UserGroupInformation.getCurrentUser().getShortUserName(); return HadoopUtils.stagingAreaDir(conf, usr).toString(); }
/** * Gets non-null user name as per the Hadoop file system viewpoint. * @return the user name, never null. * @throws IOException On error. */ public static String getFsHadoopUser() throws IOException { UserGroupInformation currUgi = UserGroupInformation.getCurrentUser(); String user = currUgi.getShortUserName(); user = IgfsUtils.fixUserName(user); assert user != null; return user; }
/** * @return the hadoop subject if exists, null if not exist */ @Nullable private Subject getHadoopSubject() { try { UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); String username = ugi.getShortUserName(); if (username != null && !username.isEmpty()) { User user = new User(ugi.getShortUserName()); HashSet<Principal> principals = new HashSet<>(); principals.add(user); return new Subject(false, principals, new HashSet<>(), new HashSet<>()); } return null; } catch (IOException e) { return null; } }
/** * Get {@link org.apache.gobblin.data.management.trash.Trash} instance for the specified user. * @param user user for whom {@link org.apache.gobblin.data.management.trash.Trash} should be generated. * @return {@link org.apache.gobblin.data.management.trash.Trash} as generated by proxied user. * @throws IOException */ protected Trash getUserTrash(final String user) throws IOException { if (UserGroupInformation.getCurrentUser().getShortUserName().equals(user)) { return this; } try { return this.trashCache.get(user, new Callable<Trash>() { @Override public Trash call() throws Exception { return createNewTrashForUser(ProxiedTrash.this.fs, ProxiedTrash.this.properties, user); } }); } catch (ExecutionException ee) { throw new IOException("Failed to get trash for user " + user); } }
public static Trash createTrash(FileSystem fs, Properties props) throws IOException { return createTrash(fs, props, UserGroupInformation.getCurrentUser().getShortUserName()); }
public static ProxiedTrash createProxiedTrash(FileSystem fs, Properties props) throws IOException { return createProxiedTrash(fs, props, UserGroupInformation.getCurrentUser().getShortUserName()); }
/** * Get the doAs user name. * * 'actualUGI' is the UGI of the user creating the client * It is possible that the creator of the KMSClientProvier * calls this method on behalf of a proxyUser (the doAsUser). * In which case this call has to be made as the proxy user. * * @return the doAs user name. * @throws IOException */ private String getDoAsUser() throws IOException { UserGroupInformation currentUgi = UserGroupInformation.getCurrentUser(); return (currentUgi.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) ? currentUgi.getShortUserName() : null; }
/** * Get the persist directory for this job. * @param state {@link State} containing job information. * @return A {@link Path} used as persist directory for this job. Note this path is user-specific for security reasons. * @throws java.io.IOException */ public static Optional<Path> getPersistDir(State state) throws IOException { if (state.contains(PERSIST_DIR_KEY)) { return Optional .of(new Path(state.getProp(PERSIST_DIR_KEY), UserGroupInformation.getCurrentUser().getShortUserName())); } return Optional.absent(); }
@VisibleForTesting void addDelegationTokens(Collection<Token<? extends TokenIdentifier>> tokens) throws IOException { for (Token<? extends TokenIdentifier> token : tokens) { if (!UserGroupInformation.getCurrentUser().addToken(token)) { LOGGER.error(String.format("Failed to add token %s to user %s", token.toString(), UserGroupInformation.getLoginUser().getShortUserName())); } } } }
public Token<LlapTokenIdentifier> createLlapToken( String appId, String user, boolean isSignatureRequired) throws IOException { Text realUser = null, renewer = null; if (user == null) { UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); user = ugi.getUserName(); if (ugi.getRealUser() != null) { realUser = new Text(ugi.getRealUser().getUserName()); } renewer = new Text(ugi.getShortUserName()); } else { renewer = new Text(user); } LlapTokenIdentifier llapId = new LlapTokenIdentifier( new Text(user), renewer, realUser, clusterId, appId, isSignatureRequired); // TODO: note that the token is not renewable right now and will last for 2 weeks by default. Token<LlapTokenIdentifier> token = new Token<LlapTokenIdentifier>(llapId, this); if (LOG.isInfoEnabled()) { LOG.info("Created LLAP token {}", token); } return token; }
public synchronized long renewDelegationToken(String tokenStrForm) throws IOException { Token<DelegationTokenIdentifier> t= new Token<>(); t.decodeFromUrlString(tokenStrForm); //when a token is created the renewer of the token is stored //as shortName in AbstractDelegationTokenIdentifier.setRenewer() //this seems like an inconsistency because while cancelling the token //it uses the shortname to compare the renewer while it does not use //shortname during token renewal. Use getShortUserName() until its fixed //in HADOOP-15068 String user = UserGroupInformation.getCurrentUser().getShortUserName(); return renewToken(t, user); }
public static void checkPermissions( String clusterId, String userName, String appId, Object hint) throws IOException { if (!UserGroupInformation.isSecurityEnabled()) return; Preconditions.checkNotNull(userName); UserGroupInformation current = UserGroupInformation.getCurrentUser(); String kerberosName = current.hasKerberosCredentials() ? current.getShortUserName() : null; List<LlapTokenIdentifier> tokens = getLlapTokens(current, clusterId); checkPermissionsInternal(kerberosName, tokens, userName, appId, hint); }
public static LlapTokenInfo getTokenInfo(String clusterId) throws IOException { if (!UserGroupInformation.isSecurityEnabled()) return NO_SECURITY; UserGroupInformation current = UserGroupInformation.getCurrentUser(); String kerberosName = current.hasKerberosCredentials() ? current.getShortUserName() : null; List<LlapTokenIdentifier> tokens = getLlapTokens(current, clusterId); if ((tokens == null || tokens.isEmpty()) && kerberosName == null) { throw new SecurityException("No tokens or kerberos for " + current); } warnMultipleTokens(tokens); return getTokenInfoInternal(kerberosName, tokens); }
private void mockUserGroupInformation(String username) throws IOException { // need to mock out since FileSystem.create calls UGI, which occasionally has issues on some // systems PowerMockito.mockStatic(UserGroupInformation.class); final UserGroupInformation ugi = mock(UserGroupInformation.class); when(UserGroupInformation.getCurrentUser()).thenReturn(ugi); when(ugi.getUserName()).thenReturn(username); when(ugi.getShortUserName()).thenReturn(username.split("@")[0]); }
public String getDelegationToken(final String owner, final String renewer, String remoteAddr) throws IOException, InterruptedException { /* * If the user asking the token is same as the 'owner' then don't do * any proxy authorization checks. For cases like oozie, where it gets * a delegation token for another user, we need to make sure oozie is * authorized to get a delegation token. */ // Do all checks on short names UserGroupInformation currUser = UserGroupInformation.getCurrentUser(); UserGroupInformation ownerUgi = UserGroupInformation.createRemoteUser(owner); if (!ownerUgi.getShortUserName().equals(currUser.getShortUserName())) { // in the case of proxy users, the getCurrentUser will return the // real user (for e.g. oozie) due to the doAs that happened just before the // server started executing the method getDelegationToken in the MetaStore ownerUgi = UserGroupInformation.createProxyUser(owner, UserGroupInformation.getCurrentUser()); ProxyUsers.authorize(ownerUgi, remoteAddr, null); } //if impersonation is turned on this called using the HiveSessionImplWithUGI //using sessionProxy. so the currentUser will be the impersonated user here eg. oozie //we cannot create a proxy user which represents Oozie's client user here since //we cannot authenticate it using Kerberos/Digest. We trust the user which opened //session using Kerberos in this case. //if impersonation is turned off, the current user is Hive which can open //kerberos connections to HMS if required. return secretManager.getDelegationToken(owner, renewer); }
if (tokenUser == null) { try { tokenUser = UserGroupInformation.getCurrentUser().getShortUserName(); } catch (IOException e) { throw new RuntimeException(e);