public void preload(Configuration configuration) { try { FileSystem.get(configuration).close(); UserGroupInformation.setConfiguration(configuration); } catch (IOException ioe) { // Suppress exception as future uses of this configuration will fail } }
public void preload(Configuration configuration) { try { FileSystem.get(configuration).close(); UserGroupInformation.setConfiguration(configuration); } catch (IOException ioe) { // Suppress exception as future uses of this configuration will fail } }
protected void fillHadoopConfiguration(Map topologyConf, String configKey, Configuration configuration) { Map<String, Object> config = (Map<String, Object>) topologyConf.get(configKey); LOG.info("TopoConf {}, got config {}, for configKey {}", ConfigUtils.maskPasswords(topologyConf), ConfigUtils.maskPasswords(config), configKey); if (config != null) { List<String> resourcesToLoad = new ArrayList<>(); for (Map.Entry<String, Object> entry : config.entrySet()) { if (entry.getKey().equals(CONFIG_KEY_RESOURCES)) { resourcesToLoad.addAll((List<String>) entry.getValue()); } else { configuration.set(entry.getKey(), String.valueOf(entry.getValue())); } } LOG.info("Resources to load {}", resourcesToLoad); // add configs from resources like hdfs-site.xml for (String pathStr : resourcesToLoad) { configuration.addResource(new Path(Paths.get(pathStr).toUri())); } } LOG.info("Initializing UGI with config {}", configuration); UserGroupInformation.setConfiguration(configuration); }
public UserGroupInformation getCurrentUGIWithConf(String authMethod) throws IOException { UserGroupInformation ugi; try { ugi = UserGroupInformation.getCurrentUser(); } catch(IOException e) { throw new IllegalStateException("Unable to get current user: " + e, e); } if (loginUserHasCurrentAuthMethod(ugi, authMethod)) { LOG.debug("Not setting UGI conf as passed-in authMethod of " + authMethod + " = current."); return ugi; } else { LOG.debug("Setting UGI conf as passed-in authMethod of " + authMethod + " != current."); Configuration conf = new Configuration(); conf.set(HADOOP_SECURITY_AUTHENTICATION, authMethod); UserGroupInformation.setConfiguration(conf); return UserGroupInformation.getCurrentUser(); } }
/** * Initializes UserGroupInformation with the given Configuration and returns UserGroupInformation.getLoginUser(). * All logins should happen through this class to ensure other threads are not concurrently modifying * UserGroupInformation. * * @param config the configuration instance * * @return the UGI for the given principal * * @throws IOException if login failed */ public static synchronized UserGroupInformation loginSimple(final Configuration config) throws IOException { Validate.notNull(config); UserGroupInformation.setConfiguration(config); return UserGroupInformation.getLoginUser(); }
public static KerberosHadoopAuthentication createKerberosHadoopAuthentication(KerberosAuthentication kerberosAuthentication, HdfsConfigurationUpdater updater) { Configuration configuration = getInitialConfiguration(); updater.updateConfiguration(configuration); // In order to enable KERBEROS authentication method for HDFS // UserGroupInformation.authenticationMethod static field must be set to KERBEROS // It is further used in many places in DfsClient configuration.set("hadoop.security.authentication", "kerberos"); UserGroupInformation.setConfiguration(configuration); return new KerberosHadoopAuthentication(kerberosAuthentication); }
@Inject public HdfsAuth(final Props props, final Configuration conf) { UserGroupInformation.setConfiguration(conf); this.isSecurityEnabled = UserGroupInformation.isSecurityEnabled(); if (this.isSecurityEnabled) { log.info("The Hadoop cluster has enabled security"); this.keytabPath = requireNonNull(props.getString(AZKABAN_KEYTAB_PATH)); this.keytabPrincipal = requireNonNull(props.getString(AZKABAN_KERBEROS_PRINCIPAL)); } }
private void authenticate(Configuration hadoopConf, org.apache.commons.configuration.Configuration configs) { String principal = configs.getString(PRINCIPAL); String keytab = configs.getString(KEYTAB); if (!Strings.isNullOrEmpty(principal) && !Strings.isNullOrEmpty(keytab)) { UserGroupInformation.setConfiguration(hadoopConf); if (UserGroupInformation.isSecurityEnabled()) { try { if (!UserGroupInformation.getCurrentUser().hasKerberosCredentials() || !UserGroupInformation.getCurrentUser() .getUserName().equals(principal)) { LOGGER.info("Trying to authenticate user [%s] with keytab [%s]..", principal, keytab); UserGroupInformation.loginUserFromKeytab(principal, keytab); } } catch (IOException e) { throw new RuntimeException( String.format("Failed to authenticate user principal [%s] with keytab [%s]", principal, keytab), e); } } } }
@Override public AtlasClientV2 createClient(String[] baseUrls) { final Configuration hadoopConf = new Configuration(); hadoopConf.set("hadoop.security.authentication", "kerberos"); UserGroupInformation.setConfiguration(hadoopConf); final UserGroupInformation ugi; try { UserGroupInformation.loginUserFromKeytab(principal, keytab); ugi = UserGroupInformation.getCurrentUser(); } catch (IOException e) { throw new RuntimeException("Failed to login with Kerberos due to: " + e, e); } return new AtlasClientV2(ugi, null, baseUrls); } }
/** {@inheritDoc} */ @Override protected void startUp() throws Exception { try { UserGroupInformation.setConfiguration(_hadoopConf); if (UserGroupInformation.isSecurityEnabled()) { UserGroupInformation.loginUserFromKeytab(_loginUser, _loginUserKeytabFile); } } catch (Throwable t) { log.error("Failed to start up HadoopKerberosKeytabAuthenticationPlugin", t); throw t; } }
public Client createClientWithConf(String authMethod) { UserGroupInformation ugi; try { ugi = UserGroupInformation.getLoginUser(); } catch(IOException e) { throw new IllegalStateException("Unable to get current login user: " + e, e); } if (loginUserHasCurrentAuthMethod(ugi, authMethod)) { LOG.debug("Not setting UGI conf as passed-in authMethod of " + authMethod + " = current."); return new Client(); } else { LOG.debug("Setting UGI conf as passed-in authMethod of " + authMethod + " != current."); Configuration conf = new Configuration(); conf.set(HADOOP_SECURITY_AUTHENTICATION, authMethod); UserGroupInformation.setConfiguration(conf); return new Client(); } }
public static HttpURLConnection loginAuthenticatedURL(final URL url, final String keytabPrincipal, final String keytabPath) throws Exception { final List<URL> resources = new ArrayList<>(); resources.add(url); final URLClassLoader ucl = new URLClassLoader(resources.toArray(new URL[resources.size()])); final Configuration conf = new Configuration(); conf.setClassLoader(ucl); UserGroupInformation.setConfiguration(conf); logger.info( "Logging in URL: " + url.toString() + " using Principal: " + keytabPrincipal + ", Keytab: " + keytabPath); UserGroupInformation.loginUserFromKeytab(keytabPrincipal, keytabPath); final HttpURLConnection connection = UserGroupInformation.getLoginUser().doAs( (PrivilegedExceptionAction<HttpURLConnection>) () -> { final Token token = new Token(); return new AuthenticatedURL().openConnection(url, token); }); return connection; } }
/** * Dose authenticate against a secured hadoop cluster * In case of any bug fix make sure to fix the code at HdfsStorageAuthentication#authenticate as well. * * @param config containing the principal name and keytab path. */ public static void authenticate(HadoopDruidIndexerConfig config) { String principal = config.HADOOP_KERBEROS_CONFIG.getPrincipal(); String keytab = config.HADOOP_KERBEROS_CONFIG.getKeytab(); if (!Strings.isNullOrEmpty(principal) && !Strings.isNullOrEmpty(keytab)) { Configuration conf = new Configuration(); UserGroupInformation.setConfiguration(conf); if (UserGroupInformation.isSecurityEnabled()) { try { if (UserGroupInformation.getCurrentUser().hasKerberosCredentials() == false || !UserGroupInformation.getCurrentUser().getUserName().equals(principal)) { log.info("trying to authenticate user [%s] with keytab [%s]", principal, keytab); UserGroupInformation.loginUserFromKeytab(principal, keytab); } } catch (IOException e) { throw new ISE(e, "Failed to authenticate user principal [%s] with keytab [%s]", principal, keytab); } } } }
/** * Dose authenticate against a secured hadoop cluster * In case of any bug fix make sure to fix the code in JobHelper#authenticate as well. */ @LifecycleStart public void authenticate() { String principal = hdfsKerberosConfig.getPrincipal(); String keytab = hdfsKerberosConfig.getKeytab(); if (!Strings.isNullOrEmpty(principal) && !Strings.isNullOrEmpty(keytab)) { UserGroupInformation.setConfiguration(hadoopConf); if (UserGroupInformation.isSecurityEnabled()) { try { if (UserGroupInformation.getCurrentUser().hasKerberosCredentials() == false || !UserGroupInformation.getCurrentUser().getUserName().equals(principal)) { log.info("Trying to authenticate user [%s] with keytab [%s]..", principal, keytab); UserGroupInformation.loginUserFromKeytab(principal, keytab); } } catch (IOException e) { throw new ISE(e, "Failed to authenticate user principal [%s] with keytab [%s]", principal, keytab); } } } }
private UserGroupInformation loginKerberosPrincipal(String krbKeytab, String krbPrincipal) throws Exception { Configuration cnf = new Configuration(); cnf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(cnf); UserGroupInformation.loginUserFromKeytab(krbPrincipal, krbKeytab); return UserGroupInformation.getLoginUser(); }
conf.setClassLoader(DruidKerberosModule.class.getClassLoader()); conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); try {
protected void init() throws IOException { getConf().setQuietMode(true); UserGroupInformation.setConfiguration(getConf()); if (commandFactory == null) { commandFactory = new CommandFactory(getConf()); commandFactory.addObject(new Help(), "-help"); commandFactory.addObject(new Usage(), "-usage"); registerCommands(commandFactory); } }
@Test public void testAuthUtilLogin() throws Exception { String clientKeytab = getClientKeytabForTesting(); String clientPrincipal = getClientPrincipalForTesting(); Configuration conf = getSecuredConfiguration(); conf.set(AuthUtil.HBASE_CLIENT_KEYTAB_FILE, clientKeytab); conf.set(AuthUtil.HBASE_CLIENT_KERBEROS_PRINCIPAL, clientPrincipal); UserGroupInformation.setConfiguration(conf); User user = AuthUtil.loginClient(conf); assertTrue(user.isLoginFromKeytab()); assertEquals(CLIENT_NAME, user.getShortName()); assertEquals(getClientPrincipalForTesting(), user.getName()); } }
@Override public void start() throws IgniteException { super.start(); KerberosHadoopFileSystemFactory proxy0 = (KerberosHadoopFileSystemFactory)proxy; A.ensure(!F.isEmpty(proxy0.getKeyTab()), "keyTab cannot not be empty."); A.ensure(!F.isEmpty(proxy0.getKeyTabPrincipal()), "keyTabPrincipal cannot not be empty."); A.ensure(proxy0.getReloginInterval() >= 0, "reloginInterval cannot not be negative."); reloginInterval = proxy0.getReloginInterval(); try { UserGroupInformation.setConfiguration(cfg); user = UserGroupInformation.loginUserFromKeytabAndReturnUGI(proxy0.getKeyTabPrincipal(), proxy0.getKeyTab()); } catch (IOException ioe) { throw new IgniteException("Failed login from keytab [keyTab=" + proxy0.getKeyTab() + ", keyTabPrincipal=" + proxy0.getKeyTabPrincipal() + ']', ioe); } }
@Test public void testLoginWithUserKeytabAndPrincipal() throws Exception { String clientKeytab = getClientKeytabForTesting(); String clientPrincipal = getClientPrincipalForTesting(); assertNotNull("Path for client keytab is not specified.", clientKeytab); assertNotNull("Client principal is not specified.", clientPrincipal); Configuration conf = getSecuredConfiguration(); conf.set(AuthUtil.HBASE_CLIENT_KEYTAB_FILE, clientKeytab); conf.set(AuthUtil.HBASE_CLIENT_KERBEROS_PRINCIPAL, clientPrincipal); UserGroupInformation.setConfiguration(conf); UserProvider provider = UserProvider.instantiate(conf); assertTrue("Client principal or keytab is empty", provider.shouldLoginFromKeytab()); provider.login(AuthUtil.HBASE_CLIENT_KEYTAB_FILE, AuthUtil.HBASE_CLIENT_KERBEROS_PRINCIPAL); User loginUser = provider.getCurrent(); assertEquals(CLIENT_NAME, loginUser.getShortName()); assertEquals(getClientPrincipalForTesting(), loginUser.getName()); }