Example 1 with KerberosPrincipalId
use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.
the class FileStreamAdmin method create.
@Override
@Nullable
public StreamConfig create(final StreamId streamId, @Nullable final Properties props) throws Exception {
final Properties properties = (props == null) ? new Properties() : props;
String specifiedOwnerPrincipal = properties.containsKey(Constants.Security.PRINCIPAL) ? properties.getProperty(Constants.Security.PRINCIPAL) : null;
if (exists(streamId)) {
// if stream exists then make sure owner for this create request is same
SecurityUtil.verifyOwnerPrincipal(streamId, specifiedOwnerPrincipal, ownerAdmin);
// stream create is an idempotent operation as of now so just return null and don't do anything
return null;
}
// if the stream didn't exist then add the owner information
if (specifiedOwnerPrincipal != null) {
ownerAdmin.add(streamId, new KerberosPrincipalId(specifiedOwnerPrincipal));
}
try {
final Location streamLocation = impersonator.doAs(streamId, new Callable<Location>() {
@Override
public Location call() throws Exception {
assertNamespaceHomeExists(streamId.getParent());
Location streamLocation = getStreamLocation(streamId);
Locations.mkdirsIfNotExists(streamLocation);
return streamLocation;
}
});
return createStream(streamId, properties, streamLocation);
} catch (Exception e) {
// there was a problem creating the stream so delete owner information
// safe to call even if entry doesn't exists
ownerAdmin.delete(streamId);
throw e;
}
}
Also used :
StreamProperties(co.cask.cdap.proto.StreamProperties)
CoordinatorStreamProperties(co.cask.cdap.data.stream.CoordinatorStreamProperties)
Properties(java.util.Properties)
KerberosPrincipalId(co.cask.cdap.proto.id.KerberosPrincipalId)
NotificationFeedException(co.cask.cdap.notifications.feeds.NotificationFeedException)
FileNotFoundException(java.io.FileNotFoundException)
IOException(java.io.IOException)
NotFoundException(co.cask.cdap.common.NotFoundException)
StreamNotFoundException(co.cask.cdap.common.StreamNotFoundException)
Location(org.apache.twill.filesystem.Location)
Nullable(javax.annotation.Nullable)
Example 2 with KerberosPrincipalId
use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.
the class AuthorizableTest method testPrincipal.
@Test
public void testPrincipal() {
KerberosPrincipalId kerberosPrincipalId = new KerberosPrincipalId("eve/host*.com@domai?.net");
Authorizable authorizable = Authorizable.fromEntityId(kerberosPrincipalId);
Assert.assertEquals(kerberosPrincipalId.toString(), authorizable.toString());
Assert.assertEquals(kerberosPrincipalId.toString() + "*.com", Authorizable.fromString(authorizable.toString() + "*.com").toString());
}
Also used :
KerberosPrincipalId(co.cask.cdap.proto.id.KerberosPrincipalId)
Test(org.junit.Test)
Example 3 with KerberosPrincipalId
use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.
the class UGIProviderTest method init.
@BeforeClass
public static void init() throws Exception {
cConf = CConfiguration.create();
cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMP_FOLDER.newFolder().getAbsolutePath());
namespaceClient = new InMemoryNamespaceClient();
// Start KDC
miniKdc = new MiniKdc(MiniKdc.createConf(), TEMP_FOLDER.newFolder());
miniKdc.start();
System.setProperty("java.security.krb5.conf", miniKdc.getKrb5conf().getAbsolutePath());
localKeytabDirPath = TEMP_FOLDER.newFolder();
// Generate keytab
aliceKeytabFile = createPrincipal(localKeytabDirPath, "alice");
bobKeytabFile = createPrincipal(localKeytabDirPath, "bob");
eveKeytabFile = createPrincipal(localKeytabDirPath, "eve");
// construct Kerberos PrincipalIds
aliceKerberosPrincipalId = new KerberosPrincipalId(getPrincipal("alice"));
bobKerberosPrincipalId = new KerberosPrincipalId(getPrincipal("bob"));
eveKerberosPrincipalId = new KerberosPrincipalId(getPrincipal("eve"));
// Start mini DFS cluster
Configuration hConf = new Configuration();
hConf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, TEMP_FOLDER.newFolder().getAbsolutePath());
hConf.setBoolean("ipc.client.fallback-to-simple-auth-allowed", true);
miniDFSCluster = new MiniDFSCluster.Builder(hConf).numDataNodes(1).build();
miniDFSCluster.waitClusterUp();
locationFactory = new FileContextLocationFactory(miniDFSCluster.getFileSystem().getConf());
hConf = new Configuration();
hConf.set("hadoop.security.authentication", "kerberos");
UserGroupInformation.setConfiguration(hConf);
}
Also used :
MiniDFSCluster(org.apache.hadoop.hdfs.MiniDFSCluster)
CConfiguration(co.cask.cdap.common.conf.CConfiguration)
Configuration(org.apache.hadoop.conf.Configuration)
MiniKdc(org.apache.hadoop.minikdc.MiniKdc)
InMemoryNamespaceClient(co.cask.cdap.common.namespace.InMemoryNamespaceClient)
FileContextLocationFactory(org.apache.twill.filesystem.FileContextLocationFactory)
KerberosPrincipalId(co.cask.cdap.proto.id.KerberosPrincipalId)
BeforeClass(org.junit.BeforeClass)
Example 4 with KerberosPrincipalId
use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.
the class DefaultOwnerAdmin method getImpersonationPrincipal.
@Nullable
@Override
public String getImpersonationPrincipal(NamespacedEntityId entityId) throws IOException {
entityId = getEffectiveEntity(entityId);
KerberosPrincipalId effectiveOwner = null;
if (!entityId.getEntityType().equals(EntityType.NAMESPACE)) {
effectiveOwner = ownerStore.getOwner(entityId);
}
// (CDAP-8176) Since no owner was found for the entity return namespace principal if present.
return effectiveOwner != null ? effectiveOwner.getPrincipal() : getNamespaceConfig(entityId).getPrincipal();
}
Also used :
KerberosPrincipalId(co.cask.cdap.proto.id.KerberosPrincipalId)
Nullable(javax.annotation.Nullable)
Example 5 with KerberosPrincipalId
use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.
the class DefaultOwnerAdmin method getImpersonationInfo.
@Nullable
@Override
public ImpersonationInfo getImpersonationInfo(NamespacedEntityId entityId) throws IOException {
entityId = getEffectiveEntity(entityId);
if (!entityId.getEntityType().equals(EntityType.NAMESPACE)) {
KerberosPrincipalId effectiveOwner = ownerStore.getOwner(entityId);
if (effectiveOwner != null) {
return new ImpersonationInfo(effectiveOwner.getPrincipal(), SecurityUtil.getKeytabURIforPrincipal(effectiveOwner.getPrincipal(), cConf));
}
}
// (CDAP-8176) Since no owner was found for the entity return namespace principal if present.
NamespaceConfig nsConfig = getNamespaceConfig(entityId.getNamespaceId());
return nsConfig.getPrincipal() == null ? null : new ImpersonationInfo(nsConfig.getPrincipal(), nsConfig.getKeytabURI());
}
Also used :
NamespaceConfig(co.cask.cdap.proto.NamespaceConfig)
KerberosPrincipalId(co.cask.cdap.proto.id.KerberosPrincipalId)
Nullable(javax.annotation.Nullable)
Aggregations
KerberosPrincipalId (co.cask.cdap.proto.id.KerberosPrincipalId)22
IOException (java.io.IOException)8
NamespaceId (co.cask.cdap.proto.id.NamespaceId)7
UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)7
ExecutionException (java.util.concurrent.ExecutionException)6
NotFoundException (co.cask.cdap.common.NotFoundException)5
Principal (co.cask.cdap.proto.security.Principal)5
Nullable (javax.annotation.Nullable)5
DatasetManagementException (co.cask.cdap.api.dataset.DatasetManagementException)4
NamespaceNotFoundException (co.cask.cdap.common.NamespaceNotFoundException)4
ApplicationNotFoundException (co.cask.cdap.common.ApplicationNotFoundException)3
ArtifactAlreadyExistsException (co.cask.cdap.common.ArtifactAlreadyExistsException)3
ArtifactNotFoundException (co.cask.cdap.common.ArtifactNotFoundException)3
BadRequestException (co.cask.cdap.common.BadRequestException)3
InvalidArtifactException (co.cask.cdap.common.InvalidArtifactException)3
DatasetId (co.cask.cdap.proto.id.DatasetId)3
ApplicationSpecification (co.cask.cdap.api.app.ApplicationSpecification)2
ArtifactSummary (co.cask.cdap.api.artifact.ArtifactSummary)2
ConflictException (co.cask.cdap.common.ConflictException)2
AbstractBodyConsumer (co.cask.cdap.common.http.AbstractBodyConsumer)2
