Search in sources :

Example 1 with NamespaceCannotBeCreatedException

use of co.cask.cdap.common.NamespaceCannotBeCreatedException in project cdap by caskdata.

the class DefaultNamespaceAdmin method create.

/**
   * Creates a new namespace
   *
   * @param metadata the {@link NamespaceMeta} for the new namespace to be created
   * @throws NamespaceAlreadyExistsException if the specified namespace already exists
   */
@Override
@AuthEnforce(entities = "instanceId", enforceOn = InstanceId.class, actions = Action.ADMIN)
public synchronized void create(final NamespaceMeta metadata) throws Exception {
    // TODO: CDAP-1427 - This should be transactional, but we don't support transactions on files yet
    Preconditions.checkArgument(metadata != null, "Namespace metadata should not be null.");
    NamespaceId namespace = metadata.getNamespaceId();
    if (exists(namespace)) {
        throw new NamespaceAlreadyExistsException(namespace);
    }
    // If this namespace has custom mapping then validate the given custom mapping
    if (hasCustomMapping(metadata)) {
        validateCustomMapping(metadata);
    }
    // check that the user has configured either both of none of the following configuration: principal and keytab URI
    boolean hasValidKerberosConf = false;
    if (metadata.getConfig() != null) {
        String configuredPrincipal = metadata.getConfig().getPrincipal();
        String configuredKeytabURI = metadata.getConfig().getKeytabURI();
        if ((!Strings.isNullOrEmpty(configuredPrincipal) && Strings.isNullOrEmpty(configuredKeytabURI)) || (Strings.isNullOrEmpty(configuredPrincipal) && !Strings.isNullOrEmpty(configuredKeytabURI))) {
            throw new BadRequestException(String.format("Either neither or both of the following two configurations must be configured. " + "Configured principal: %s, Configured keytabURI: %s", configuredPrincipal, configuredKeytabURI));
        }
        hasValidKerberosConf = true;
    }
    // check that if explore as principal is explicitly set to false then user has kerberos configuration
    if (!metadata.getConfig().isExploreAsPrincipal() && !hasValidKerberosConf) {
        throw new BadRequestException(String.format("No kerberos principal or keytab-uri was provided while '%s' was set to true.", NamespaceConfig.EXPLORE_AS_PRINCIPAL));
    }
    // Namespace can be created. Grant all the permissions to the user.
    Principal principal = authenticationContext.getPrincipal();
    privilegesManager.grant(namespace, principal, EnumSet.allOf(Action.class));
    // Also grant the user who will execute programs in this namespace all privileges on the namespace
    String executionUserName;
    if (SecurityUtil.isKerberosEnabled(cConf) && !NamespaceId.SYSTEM.equals(namespace)) {
        String namespacePrincipal = metadata.getConfig().getPrincipal();
        if (Strings.isNullOrEmpty(namespacePrincipal)) {
            executionUserName = new KerberosName(SecurityUtil.getMasterPrincipal(cConf)).getShortName();
        } else {
            executionUserName = new KerberosName(namespacePrincipal).getShortName();
        }
    } else {
        executionUserName = UserGroupInformation.getCurrentUser().getShortUserName();
    }
    Principal executionUser = new Principal(executionUserName, Principal.PrincipalType.USER);
    privilegesManager.grant(namespace, executionUser, EnumSet.allOf(Action.class));
    // store the meta first in the namespace store because namespacedLocationFactory needs to look up location
    // mapping from namespace config
    nsStore.create(metadata);
    try {
        UserGroupInformation ugi;
        if (NamespaceId.DEFAULT.equals(namespace)) {
            ugi = UserGroupInformation.getCurrentUser();
        } else {
            ugi = impersonator.getUGI(namespace);
        }
        ImpersonationUtils.doAs(ugi, new Callable<Void>() {

            @Override
            public Void call() throws Exception {
                storageProviderNamespaceAdmin.get().create(metadata);
                return null;
            }
        });
    } catch (Throwable t) {
        // failed to create namespace in underlying storage so delete the namespace meta stored in the store earlier
        deleteNamespaceMeta(metadata.getNamespaceId());
        privilegesManager.revoke(namespace);
        throw new NamespaceCannotBeCreatedException(namespace, t);
    }
    LOG.info("Namespace {} created with meta {}", metadata.getNamespaceId(), metadata);
}
Also used : Action(co.cask.cdap.proto.security.Action) NamespaceCannotBeCreatedException(co.cask.cdap.common.NamespaceCannotBeCreatedException) KerberosName(org.apache.hadoop.security.authentication.util.KerberosName) NamespaceCannotBeCreatedException(co.cask.cdap.common.NamespaceCannotBeCreatedException) NamespaceNotFoundException(co.cask.cdap.common.NamespaceNotFoundException) BadRequestException(co.cask.cdap.common.BadRequestException) UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException) NamespaceCannotBeDeletedException(co.cask.cdap.common.NamespaceCannotBeDeletedException) DatasetManagementException(co.cask.cdap.api.dataset.DatasetManagementException) IOException(java.io.IOException) ExecutionException(java.util.concurrent.ExecutionException) NamespaceAlreadyExistsException(co.cask.cdap.common.NamespaceAlreadyExistsException) BadRequestException(co.cask.cdap.common.BadRequestException) NamespaceId(co.cask.cdap.proto.id.NamespaceId) NamespaceAlreadyExistsException(co.cask.cdap.common.NamespaceAlreadyExistsException) Principal(co.cask.cdap.proto.security.Principal) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) AuthEnforce(co.cask.cdap.common.security.AuthEnforce)

Example 2 with NamespaceCannotBeCreatedException

use of co.cask.cdap.common.NamespaceCannotBeCreatedException in project cdap by caskdata.

the class TestSQLQueryTestRun method testSQLQueryWithCustomMapping.

@Test(timeout = 120000L)
public void testSQLQueryWithCustomMapping() throws Exception {
    // trying to create a cdap namespace with custom hive database when the database does not exists in hive should
    // fail.
    String customHiveDatabase = "custom_db";
    try {
        namespaceAdmin.create(new NamespaceMeta.Builder().setName(testSpace).setHiveDatabase(customHiveDatabase).build());
        Assert.fail();
    } catch (NamespaceCannotBeCreatedException e) {
        // expected exception. Make sure that the namespace creation failed because of explore exception
        Assert.assertTrue(e.getCause() instanceof ExploreException);
    }
    // create the custom database in hive
    try (Connection connection = getQueryClient();
        ResultSet results = connection.prepareStatement(String.format("CREATE DATABASE %s", customHiveDatabase)).executeQuery()) {
        // run a query over the dataset
        Assert.assertNotNull(results);
    }
    // check that the custom hive database got created
    checkDatabaseExists(customHiveDatabase);
    // now the namespace create should work
    namespaceAdmin.create(new NamespaceMeta.Builder().setName(testSpace).setHiveDatabase(customHiveDatabase).build());
    // test some sql query on this custom hive database
    testSQLQuery();
    // delete the cdap namespace
    namespaceAdmin.delete(testSpace);
    // deleting the cdap namespace should not have deleted the custom hive database
    checkDatabaseExists(customHiveDatabase);
}
Also used : NamespaceCannotBeCreatedException(co.cask.cdap.common.NamespaceCannotBeCreatedException) Connection(java.sql.Connection) ResultSet(java.sql.ResultSet) ExploreException(co.cask.cdap.explore.service.ExploreException) Test(org.junit.Test)

Aggregations

NamespaceCannotBeCreatedException (co.cask.cdap.common.NamespaceCannotBeCreatedException)2 DatasetManagementException (co.cask.cdap.api.dataset.DatasetManagementException)1 BadRequestException (co.cask.cdap.common.BadRequestException)1 NamespaceAlreadyExistsException (co.cask.cdap.common.NamespaceAlreadyExistsException)1 NamespaceCannotBeDeletedException (co.cask.cdap.common.NamespaceCannotBeDeletedException)1 NamespaceNotFoundException (co.cask.cdap.common.NamespaceNotFoundException)1 AuthEnforce (co.cask.cdap.common.security.AuthEnforce)1 ExploreException (co.cask.cdap.explore.service.ExploreException)1 NamespaceId (co.cask.cdap.proto.id.NamespaceId)1 Action (co.cask.cdap.proto.security.Action)1 Principal (co.cask.cdap.proto.security.Principal)1 UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)1 IOException (java.io.IOException)1 Connection (java.sql.Connection)1 ResultSet (java.sql.ResultSet)1 ExecutionException (java.util.concurrent.ExecutionException)1 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1 KerberosName (org.apache.hadoop.security.authentication.util.KerberosName)1 Test (org.junit.Test)1