@Override public UGIWithPrincipal load(UGICacheKey key) throws Exception { return createUGI(key.getRequest()); } });
/** * Validates the given {@link NamespacedEntityId} to be supported by the {@link OwnerStore} * i.e. the entity can be associated with an owner. * Validated the given {@link KerberosPrincipalId} to be valid i.e. it can be used to create a * {@link org.apache.hadoop.security.authentication.util.KerberosName}. * See {@link SecurityUtil#validateKerberosPrincipal(KerberosPrincipalId)} * * @param entityId {@link NamespacedEntityId} to be validated * @param principalId {@link KerberosPrincipalId} to be validated */ protected final void validate(NamespacedEntityId entityId, KerberosPrincipalId principalId) { validate(entityId); SecurityUtil.validateKerberosPrincipal(principalId); }
protected AbstractCachedUGIProvider(CConfiguration cConf, OwnerAdmin ownerAdmin) { this.cConf = cConf; this.ownerAdmin = ownerAdmin; this.ugiCache = createUGICache(cConf); }
@Override public void truncate(final StreamId streamId) throws Exception { impersonator.doAs(streamId, new Callable<Void>() { @Override public Void call() throws Exception { doTruncate(streamId, getStreamLocation(streamId)); return null; } }); }
/** * In remote mode, we should not cache the explore request */ @Override protected boolean checkExploreAndDetermineCache(ImpersonationRequest impersonationRequest) throws IOException { return !(impersonationRequest.getEntityId().getEntityType().equals(EntityType.NAMESPACE) && impersonationRequest.getImpersonatedOpType().equals(ImpersonatedOpType.EXPLORE)); }
@Override public <T> T doAs(NamespacedEntityId entityId, Callable<T> callable, ImpersonatedOpType impersonatedOpType) throws Exception { UserGroupInformation ugi = getUGI(entityId, impersonatedOpType); if (!UserGroupInformation.getCurrentUser().equals(ugi)) { LOG.debug("Performing doAs with UGI {} for entity {} and impersonation operation type {}", ugi, entityId, impersonatedOpType); } return ImpersonationUtils.doAs(ugi, callable); }
/** * This has the logic to construct an impersonation info as follows: * <ul> * <li>If the ownerAdmin has an owner and a keytab URI, return this information</li> * <li>Else the ownerAdmin does not have an owner for this entity. * Return the master impersonation info as found in the cConf</li> * </ul> */ public static ImpersonationInfo createImpersonationInfo(OwnerAdmin ownerAdmin, CConfiguration cConf, NamespacedEntityId entityId) throws IOException { ImpersonationInfo impersonationInfo = ownerAdmin.getImpersonationInfo(entityId); if (impersonationInfo == null) { return new ImpersonationInfo(getMasterPrincipal(cConf), getMasterKeytabURI(cConf)); } return impersonationInfo; }
private ImpersonationInfo getPrincipalForEntity(ImpersonationRequest request) throws IOException { ImpersonationInfo impersonationInfo = SecurityUtil.createImpersonationInfo(ownerAdmin, cConf, request.getEntityId()); LOG.debug("Obtained impersonation info: {} for entity {}", impersonationInfo, request.getEntityId()); return impersonationInfo; }
/** * Wrapper around {@link #validateKerberosPrincipal(KerberosPrincipalId)} to validate a principal in string format */ public static void validateKerberosPrincipal(String principal) { validateKerberosPrincipal(new KerberosPrincipalId(principal)); }
private OwnerAdmin getOwnerAdmin() { return new DefaultOwnerAdmin(cConf, new InMemoryOwnerStore(), namespaceClient); } }
@Override public void delete(NamespacedEntityId entityId) throws IOException { ownerStore.delete(entityId); } }
@Override public void add(NamespacedEntityId entityId, KerberosPrincipalId kerberosPrincipalId) throws IOException, AlreadyExistsException { ownerStore.add(entityId, kerberosPrincipalId); }
@Override public boolean exists(NamespacedEntityId entityId) throws IOException { return ownerStore.exists(entityId); }
@Override public boolean equals(Object o) { if (this == o) { return true; } if (o == null || getClass() != o.getClass()) { return false; } UGICacheKey cachekey = (UGICacheKey) o; return Objects.equals(request.getPrincipal(), cachekey.getRequest().getPrincipal()); }
@Override public synchronized boolean exists(NamespacedEntityId entityId) throws IOException { validate(entityId); return ownerInfo.containsKey(entityId); }
@Override public UserGroupInformation getUGI(NamespacedEntityId entityId) throws IOException { return getUGI(entityId, ImpersonatedOpType.OTHER); }
/** * Checks if the given {@link KerberosPrincipalId} is valid or not by calling * {@link #getKerberosName(KerberosPrincipalId)}. This is just a wrapper around * {@link #getKerberosName(KerberosPrincipalId)} to not return an object to the caller for simplicity. * * @param principalId {@link KerberosPrincipalId} which needs to be validated * @throws IllegalArgumentException if failed to create a {@link KerberosName} from the given * {@link KerberosPrincipalId} */ public static void validateKerberosPrincipal(KerberosPrincipalId principalId) { getKerberosName(principalId); }
@Override public <T> T doAs(NamespacedEntityId entityId, final Callable<T> callable) throws Exception { return doAs(entityId, callable, ImpersonatedOpType.OTHER); }
private OwnerAdmin getOwnerAdmin() { return new DefaultOwnerAdmin(cConf, new InMemoryOwnerStore(), namespaceClient); }
@Override public synchronized void delete(NamespacedEntityId entityId) throws IOException { validate(entityId); ownerInfo.remove(entityId); } }