Search in sources :

Example 1 with KerberosPrincipalId

use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.

the class FileStreamAdmin method create.

@Override
@Nullable
public StreamConfig create(final StreamId streamId, @Nullable final Properties props) throws Exception {
    final Properties properties = (props == null) ? new Properties() : props;
    String specifiedOwnerPrincipal = properties.containsKey(Constants.Security.PRINCIPAL) ? properties.getProperty(Constants.Security.PRINCIPAL) : null;
    if (exists(streamId)) {
        // if stream exists then make sure owner for this create request is same
        SecurityUtil.verifyOwnerPrincipal(streamId, specifiedOwnerPrincipal, ownerAdmin);
        // stream create is an idempotent operation as of now so just return null and don't do anything
        return null;
    }
    // if the stream didn't exist then add the owner information
    if (specifiedOwnerPrincipal != null) {
        ownerAdmin.add(streamId, new KerberosPrincipalId(specifiedOwnerPrincipal));
    }
    try {
        final Location streamLocation = impersonator.doAs(streamId, new Callable<Location>() {

            @Override
            public Location call() throws Exception {
                assertNamespaceHomeExists(streamId.getParent());
                Location streamLocation = getStreamLocation(streamId);
                Locations.mkdirsIfNotExists(streamLocation);
                return streamLocation;
            }
        });
        return createStream(streamId, properties, streamLocation);
    } catch (Exception e) {
        // there was a problem creating the stream so delete owner information
        // safe to call even if entry doesn't exists
        ownerAdmin.delete(streamId);
        throw e;
    }
}
Also used : StreamProperties(co.cask.cdap.proto.StreamProperties) CoordinatorStreamProperties(co.cask.cdap.data.stream.CoordinatorStreamProperties) Properties(java.util.Properties) KerberosPrincipalId(co.cask.cdap.proto.id.KerberosPrincipalId) NotificationFeedException(co.cask.cdap.notifications.feeds.NotificationFeedException) FileNotFoundException(java.io.FileNotFoundException) IOException(java.io.IOException) NotFoundException(co.cask.cdap.common.NotFoundException) StreamNotFoundException(co.cask.cdap.common.StreamNotFoundException) Location(org.apache.twill.filesystem.Location) Nullable(javax.annotation.Nullable)

Example 2 with KerberosPrincipalId

use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.

the class AuthorizableTest method testPrincipal.

@Test
public void testPrincipal() {
    KerberosPrincipalId kerberosPrincipalId = new KerberosPrincipalId("eve/host*.com@domai?.net");
    Authorizable authorizable = Authorizable.fromEntityId(kerberosPrincipalId);
    Assert.assertEquals(kerberosPrincipalId.toString(), authorizable.toString());
    Assert.assertEquals(kerberosPrincipalId.toString() + "*.com", Authorizable.fromString(authorizable.toString() + "*.com").toString());
}
Also used : KerberosPrincipalId(co.cask.cdap.proto.id.KerberosPrincipalId) Test(org.junit.Test)

Example 3 with KerberosPrincipalId

use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.

the class UGIProviderTest method init.

@BeforeClass
public static void init() throws Exception {
    cConf = CConfiguration.create();
    cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMP_FOLDER.newFolder().getAbsolutePath());
    namespaceClient = new InMemoryNamespaceClient();
    // Start KDC
    miniKdc = new MiniKdc(MiniKdc.createConf(), TEMP_FOLDER.newFolder());
    miniKdc.start();
    System.setProperty("java.security.krb5.conf", miniKdc.getKrb5conf().getAbsolutePath());
    localKeytabDirPath = TEMP_FOLDER.newFolder();
    // Generate keytab
    aliceKeytabFile = createPrincipal(localKeytabDirPath, "alice");
    bobKeytabFile = createPrincipal(localKeytabDirPath, "bob");
    eveKeytabFile = createPrincipal(localKeytabDirPath, "eve");
    // construct Kerberos PrincipalIds
    aliceKerberosPrincipalId = new KerberosPrincipalId(getPrincipal("alice"));
    bobKerberosPrincipalId = new KerberosPrincipalId(getPrincipal("bob"));
    eveKerberosPrincipalId = new KerberosPrincipalId(getPrincipal("eve"));
    // Start mini DFS cluster
    Configuration hConf = new Configuration();
    hConf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, TEMP_FOLDER.newFolder().getAbsolutePath());
    hConf.setBoolean("ipc.client.fallback-to-simple-auth-allowed", true);
    miniDFSCluster = new MiniDFSCluster.Builder(hConf).numDataNodes(1).build();
    miniDFSCluster.waitClusterUp();
    locationFactory = new FileContextLocationFactory(miniDFSCluster.getFileSystem().getConf());
    hConf = new Configuration();
    hConf.set("hadoop.security.authentication", "kerberos");
    UserGroupInformation.setConfiguration(hConf);
}
Also used : MiniDFSCluster(org.apache.hadoop.hdfs.MiniDFSCluster) CConfiguration(co.cask.cdap.common.conf.CConfiguration) Configuration(org.apache.hadoop.conf.Configuration) MiniKdc(org.apache.hadoop.minikdc.MiniKdc) InMemoryNamespaceClient(co.cask.cdap.common.namespace.InMemoryNamespaceClient) FileContextLocationFactory(org.apache.twill.filesystem.FileContextLocationFactory) KerberosPrincipalId(co.cask.cdap.proto.id.KerberosPrincipalId) BeforeClass(org.junit.BeforeClass)

Example 4 with KerberosPrincipalId

use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.

the class DefaultOwnerAdmin method getImpersonationPrincipal.

@Nullable
@Override
public String getImpersonationPrincipal(NamespacedEntityId entityId) throws IOException {
    entityId = getEffectiveEntity(entityId);
    KerberosPrincipalId effectiveOwner = null;
    if (!entityId.getEntityType().equals(EntityType.NAMESPACE)) {
        effectiveOwner = ownerStore.getOwner(entityId);
    }
    // (CDAP-8176) Since no owner was found for the entity return namespace principal if present.
    return effectiveOwner != null ? effectiveOwner.getPrincipal() : getNamespaceConfig(entityId).getPrincipal();
}
Also used : KerberosPrincipalId(co.cask.cdap.proto.id.KerberosPrincipalId) Nullable(javax.annotation.Nullable)

Example 5 with KerberosPrincipalId

use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.

the class DefaultOwnerAdmin method getImpersonationInfo.

@Nullable
@Override
public ImpersonationInfo getImpersonationInfo(NamespacedEntityId entityId) throws IOException {
    entityId = getEffectiveEntity(entityId);
    if (!entityId.getEntityType().equals(EntityType.NAMESPACE)) {
        KerberosPrincipalId effectiveOwner = ownerStore.getOwner(entityId);
        if (effectiveOwner != null) {
            return new ImpersonationInfo(effectiveOwner.getPrincipal(), SecurityUtil.getKeytabURIforPrincipal(effectiveOwner.getPrincipal(), cConf));
        }
    }
    // (CDAP-8176) Since no owner was found for the entity return namespace principal if present.
    NamespaceConfig nsConfig = getNamespaceConfig(entityId.getNamespaceId());
    return nsConfig.getPrincipal() == null ? null : new ImpersonationInfo(nsConfig.getPrincipal(), nsConfig.getKeytabURI());
}
Also used : NamespaceConfig(co.cask.cdap.proto.NamespaceConfig) KerberosPrincipalId(co.cask.cdap.proto.id.KerberosPrincipalId) Nullable(javax.annotation.Nullable)

Aggregations

KerberosPrincipalId (co.cask.cdap.proto.id.KerberosPrincipalId)22 IOException (java.io.IOException)8 NamespaceId (co.cask.cdap.proto.id.NamespaceId)7 UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)7 ExecutionException (java.util.concurrent.ExecutionException)6 NotFoundException (co.cask.cdap.common.NotFoundException)5 Principal (co.cask.cdap.proto.security.Principal)5 Nullable (javax.annotation.Nullable)5 DatasetManagementException (co.cask.cdap.api.dataset.DatasetManagementException)4 NamespaceNotFoundException (co.cask.cdap.common.NamespaceNotFoundException)4 ApplicationNotFoundException (co.cask.cdap.common.ApplicationNotFoundException)3 ArtifactAlreadyExistsException (co.cask.cdap.common.ArtifactAlreadyExistsException)3 ArtifactNotFoundException (co.cask.cdap.common.ArtifactNotFoundException)3 BadRequestException (co.cask.cdap.common.BadRequestException)3 InvalidArtifactException (co.cask.cdap.common.InvalidArtifactException)3 DatasetId (co.cask.cdap.proto.id.DatasetId)3 ApplicationSpecification (co.cask.cdap.api.app.ApplicationSpecification)2 ArtifactSummary (co.cask.cdap.api.artifact.ArtifactSummary)2 ConflictException (co.cask.cdap.common.ConflictException)2 AbstractBodyConsumer (co.cask.cdap.common.http.AbstractBodyConsumer)2