use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.
the class FileStreamAdmin method create.
@Override
@Nullable
public StreamConfig create(final StreamId streamId, @Nullable final Properties props) throws Exception {
final Properties properties = (props == null) ? new Properties() : props;
String specifiedOwnerPrincipal = properties.containsKey(Constants.Security.PRINCIPAL) ? properties.getProperty(Constants.Security.PRINCIPAL) : null;
if (exists(streamId)) {
// if stream exists then make sure owner for this create request is same
SecurityUtil.verifyOwnerPrincipal(streamId, specifiedOwnerPrincipal, ownerAdmin);
// stream create is an idempotent operation as of now so just return null and don't do anything
return null;
}
// if the stream didn't exist then add the owner information
if (specifiedOwnerPrincipal != null) {
ownerAdmin.add(streamId, new KerberosPrincipalId(specifiedOwnerPrincipal));
}
try {
final Location streamLocation = impersonator.doAs(streamId, new Callable<Location>() {
@Override
public Location call() throws Exception {
assertNamespaceHomeExists(streamId.getParent());
Location streamLocation = getStreamLocation(streamId);
Locations.mkdirsIfNotExists(streamLocation);
return streamLocation;
}
});
return createStream(streamId, properties, streamLocation);
} catch (Exception e) {
// there was a problem creating the stream so delete owner information
// safe to call even if entry doesn't exists
ownerAdmin.delete(streamId);
throw e;
}
}
use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.
the class AuthorizableTest method testPrincipal.
@Test
public void testPrincipal() {
KerberosPrincipalId kerberosPrincipalId = new KerberosPrincipalId("eve/host*.com@domai?.net");
Authorizable authorizable = Authorizable.fromEntityId(kerberosPrincipalId);
Assert.assertEquals(kerberosPrincipalId.toString(), authorizable.toString());
Assert.assertEquals(kerberosPrincipalId.toString() + "*.com", Authorizable.fromString(authorizable.toString() + "*.com").toString());
}
use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.
the class UGIProviderTest method init.
@BeforeClass
public static void init() throws Exception {
cConf = CConfiguration.create();
cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMP_FOLDER.newFolder().getAbsolutePath());
namespaceClient = new InMemoryNamespaceClient();
// Start KDC
miniKdc = new MiniKdc(MiniKdc.createConf(), TEMP_FOLDER.newFolder());
miniKdc.start();
System.setProperty("java.security.krb5.conf", miniKdc.getKrb5conf().getAbsolutePath());
localKeytabDirPath = TEMP_FOLDER.newFolder();
// Generate keytab
aliceKeytabFile = createPrincipal(localKeytabDirPath, "alice");
bobKeytabFile = createPrincipal(localKeytabDirPath, "bob");
eveKeytabFile = createPrincipal(localKeytabDirPath, "eve");
// construct Kerberos PrincipalIds
aliceKerberosPrincipalId = new KerberosPrincipalId(getPrincipal("alice"));
bobKerberosPrincipalId = new KerberosPrincipalId(getPrincipal("bob"));
eveKerberosPrincipalId = new KerberosPrincipalId(getPrincipal("eve"));
// Start mini DFS cluster
Configuration hConf = new Configuration();
hConf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, TEMP_FOLDER.newFolder().getAbsolutePath());
hConf.setBoolean("ipc.client.fallback-to-simple-auth-allowed", true);
miniDFSCluster = new MiniDFSCluster.Builder(hConf).numDataNodes(1).build();
miniDFSCluster.waitClusterUp();
locationFactory = new FileContextLocationFactory(miniDFSCluster.getFileSystem().getConf());
hConf = new Configuration();
hConf.set("hadoop.security.authentication", "kerberos");
UserGroupInformation.setConfiguration(hConf);
}
use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.
the class DefaultOwnerAdmin method getImpersonationPrincipal.
@Nullable
@Override
public String getImpersonationPrincipal(NamespacedEntityId entityId) throws IOException {
entityId = getEffectiveEntity(entityId);
KerberosPrincipalId effectiveOwner = null;
if (!entityId.getEntityType().equals(EntityType.NAMESPACE)) {
effectiveOwner = ownerStore.getOwner(entityId);
}
// (CDAP-8176) Since no owner was found for the entity return namespace principal if present.
return effectiveOwner != null ? effectiveOwner.getPrincipal() : getNamespaceConfig(entityId).getPrincipal();
}
use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.
the class DefaultOwnerAdmin method getImpersonationInfo.
@Nullable
@Override
public ImpersonationInfo getImpersonationInfo(NamespacedEntityId entityId) throws IOException {
entityId = getEffectiveEntity(entityId);
if (!entityId.getEntityType().equals(EntityType.NAMESPACE)) {
KerberosPrincipalId effectiveOwner = ownerStore.getOwner(entityId);
if (effectiveOwner != null) {
return new ImpersonationInfo(effectiveOwner.getPrincipal(), SecurityUtil.getKeytabURIforPrincipal(effectiveOwner.getPrincipal(), cConf));
}
}
// (CDAP-8176) Since no owner was found for the entity return namespace principal if present.
NamespaceConfig nsConfig = getNamespaceConfig(entityId.getNamespaceId());
return nsConfig.getPrincipal() == null ? null : new ImpersonationInfo(nsConfig.getPrincipal(), nsConfig.getKeytabURI());
}
Aggregations