Examples with NamespaceConfig co.cask.cdap.proto.NamespaceConfig used on opensource projects

Example 1 with NamespaceConfig

use of co.cask.cdap.proto.NamespaceConfig in project cdap by caskdata.

the class SchedulerQueueResolver method getQueue.

/**
   * Get queue at namespace level if it is empty returns the default queue.
   *
   * @param namespaceId NamespaceId
   * @return schedule queue at namespace level or default queue.
   */
@Nullable
public String getQueue(Id.Namespace namespaceId) throws IOException, NamespaceNotFoundException {
    NamespaceMeta meta;
    try {
        meta = namespaceQueryAdmin.get(namespaceId.toEntityId());
    } catch (NamespaceNotFoundException e) {
        throw e;
    } catch (Exception e) {
        throw new IOException(e);
    }
    if (meta != null) {
        NamespaceConfig config = meta.getConfig();
        String namespaceQueue = config.getSchedulerQueueName();
        return Strings.isNullOrEmpty(namespaceQueue) ? getDefaultQueue() : namespaceQueue;
    } else {
        return getDefaultQueue();
    }
}

Example 2 with NamespaceConfig

use of co.cask.cdap.proto.NamespaceConfig in project cdap by caskdata.

the class NamespaceHttpHandlerTest method testProperties.

@Test
public void testProperties() throws Exception {
    // create with no metadata
    HttpResponse response = createNamespace(NAME);
    assertResponseCode(200, response);
    // verify
    response = getNamespace(NAME);
    JsonObject namespace = readGetResponse(response);
    Assert.assertNotNull(namespace);
    Assert.assertEquals(NAME, namespace.get(NAME_FIELD).getAsString());
    Assert.assertEquals(EMPTY, namespace.get(DESCRIPTION_FIELD).getAsString());
    // Update scheduler queue name.
    String nonexistentName = NAME + "nonexistent";
    NamespaceMeta meta = new NamespaceMeta.Builder().setName(nonexistentName).setSchedulerQueueName("prod").build();
    setProperties(NAME, meta);
    // assert that the name in the metadata is ignored (the name from the url should be used, instead
    HttpResponse nonexistentGet = getNamespace(nonexistentName);
    Assert.assertEquals(404, nonexistentGet.getStatusLine().getStatusCode());
    response = getNamespace(NAME);
    namespace = readGetResponse(response);
    Assert.assertNotNull(namespace);
    NamespaceConfig config = GSON.fromJson(namespace.get(CONFIG_FIELD).getAsJsonObject(), NamespaceConfig.class);
    Assert.assertEquals("prod", config.getSchedulerQueueName());
    Assert.assertEquals(NAME, namespace.get(NAME_FIELD).getAsString());
    Assert.assertEquals(EMPTY, namespace.get(DESCRIPTION_FIELD).getAsString());
    // Update description
    meta = new NamespaceMeta.Builder().setName(NAME).setDescription("new fancy description").build();
    setProperties(NAME, meta);
    response = getNamespace(NAME);
    namespace = readGetResponse(response);
    Assert.assertNotNull(namespace);
    //verify that the description has changed
    Assert.assertEquals("new fancy description", namespace.get(DESCRIPTION_FIELD).getAsString());
    Assert.assertEquals(NAME, namespace.get(NAME_FIELD).getAsString());
    // verify other properties set earlier has not changed.
    config = GSON.fromJson(namespace.get(CONFIG_FIELD).getAsJsonObject(), NamespaceConfig.class);
    Assert.assertEquals("prod", config.getSchedulerQueueName());
    // cleanup
    response = deleteNamespace(NAME);
    Assert.assertEquals(200, response.getStatusLine().getStatusCode());
}

Example 3 with NamespaceConfig

use of co.cask.cdap.proto.NamespaceConfig in project cdap by caskdata.

the class DefaultOwnerAdmin method getImpersonationInfo.

@Nullable
@Override
public ImpersonationInfo getImpersonationInfo(NamespacedEntityId entityId) throws IOException {
    entityId = getEffectiveEntity(entityId);
    if (!entityId.getEntityType().equals(EntityType.NAMESPACE)) {
        KerberosPrincipalId effectiveOwner = ownerStore.getOwner(entityId);
        if (effectiveOwner != null) {
            return new ImpersonationInfo(effectiveOwner.getPrincipal(), SecurityUtil.getKeytabURIforPrincipal(effectiveOwner.getPrincipal(), cConf));
        }
    }
    // (CDAP-8176) Since no owner was found for the entity return namespace principal if present.
    NamespaceConfig nsConfig = getNamespaceConfig(entityId.getNamespaceId());
    return nsConfig.getPrincipal() == null ? null : new ImpersonationInfo(nsConfig.getPrincipal(), nsConfig.getKeytabURI());
}

Example 4 with NamespaceConfig

use of co.cask.cdap.proto.NamespaceConfig in project cdap by caskdata.

the class DefaultUGIProvider method createUGI.

/**
   * Resolves the {@link UserGroupInformation} for a given user, performing any keytab localization, if necessary.
   *
   * @return a {@link UserGroupInformation}, based upon the information configured for a particular user
   * @throws IOException if there was any IOException during localization of the keytab
   */
@Override
protected UGIWithPrincipal createUGI(ImpersonationRequest impersonationRequest) throws IOException {
    if (impersonationRequest.getEntityId().getEntityType().equals(EntityType.NAMESPACE) && impersonationRequest.getImpersonatedOpType().equals(ImpersonatedOpType.EXPLORE)) {
        // more prominent calls.
        try {
            NamespaceConfig nsConfig = namespaceQueryAdmin.get(impersonationRequest.getEntityId().getNamespaceId()).getConfig();
            if (!nsConfig.isExploreAsPrincipal()) {
                throw new FeatureDisabledException(FeatureDisabledException.Feature.EXPLORE, NamespaceConfig.class.getSimpleName() + " of " + impersonationRequest.getEntityId(), NamespaceConfig.EXPLORE_AS_PRINCIPAL, String.valueOf(true));
            }
        } catch (IOException e) {
            throw e;
        } catch (Exception e) {
            throw new IOException(e);
        }
    }
    ImpersonationInfo impersonationInfo = SecurityUtil.createImpersonationInfo(ownerAdmin, cConf, impersonationRequest.getEntityId());
    LOG.debug("Obtained impersonation info: {} for entity {}", impersonationInfo, impersonationRequest.getEntityId());
    // no need to get a UGI if the current UGI is the one we're requesting; simply return it
    String configuredPrincipalShortName = new KerberosName(impersonationInfo.getPrincipal()).getShortName();
    if (UserGroupInformation.getCurrentUser().getShortUserName().equals(configuredPrincipalShortName)) {
        return new UGIWithPrincipal(impersonationInfo.getPrincipal(), UserGroupInformation.getCurrentUser());
    }
    URI keytabURI = URI.create(impersonationInfo.getKeytabURI());
    boolean isKeytabLocal = keytabURI.getScheme() == null || "file".equals(keytabURI.getScheme());
    File localKeytabFile = isKeytabLocal ? new File(keytabURI.getPath()) : localizeKeytab(locationFactory.create(keytabURI));
    try {
        String expandedPrincipal = SecurityUtil.expandPrincipal(impersonationInfo.getPrincipal());
        LOG.debug("Logging in as: principal={}, keytab={}", expandedPrincipal, localKeytabFile);
        // keytab file is not readable to ensure that the client gets the same exception in both the modes.
        if (!Files.isReadable(localKeytabFile.toPath())) {
            throw new IOException(String.format("Keytab file is not a readable file: %s", localKeytabFile));
        }
        UserGroupInformation loggedInUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(expandedPrincipal, localKeytabFile.getAbsolutePath());
        return new UGIWithPrincipal(impersonationInfo.getPrincipal(), loggedInUGI);
    } finally {
        if (!isKeytabLocal && !localKeytabFile.delete()) {
            LOG.warn("Failed to delete file: {}", localKeytabFile);
        }
    }
}

Example 5 with NamespaceConfig

use of co.cask.cdap.proto.NamespaceConfig in project cdap by caskdata.

the class DefaultNamespaceAdmin method updateProperties.

@Override
public synchronized void updateProperties(NamespaceId namespaceId, NamespaceMeta namespaceMeta) throws Exception {
    if (!exists(namespaceId)) {
        throw new NamespaceNotFoundException(namespaceId);
    }
    authorizationEnforcer.enforce(namespaceId, authenticationContext.getPrincipal(), Action.ADMIN);
    NamespaceMeta existingMeta = nsStore.get(namespaceId);
    // Already ensured that namespace exists, so namespace meta should not be null
    Preconditions.checkNotNull(existingMeta);
    NamespaceMeta.Builder builder = new NamespaceMeta.Builder(existingMeta);
    if (namespaceMeta.getDescription() != null) {
        builder.setDescription(namespaceMeta.getDescription());
    }
    NamespaceConfig config = namespaceMeta.getConfig();
    if (config != null && !Strings.isNullOrEmpty(config.getSchedulerQueueName())) {
        builder.setSchedulerQueueName(config.getSchedulerQueueName());
    }
    if (config != null) {
        builder.setExploreAsPrincipal(config.isExploreAsPrincipal());
    }
    Set<String> difference = existingMeta.getConfig().getDifference(config);
    if (!difference.isEmpty()) {
        throw new BadRequestException(String.format("Mappings %s for namespace %s cannot be updated once the namespace " + "is created.", difference, namespaceId));
    }
    NamespaceMeta updatedMeta = builder.build();
    nsStore.update(updatedMeta);
    // refresh the cache with new meta
    namespaceMetaCache.refresh(namespaceId);
    LOG.info("Namespace {} updated with meta {}", namespaceId, updatedMeta);
}