use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.
the class DefaultOwnerAdmin method getImpersonationPrincipal.
@Nullable
@Override
public String getImpersonationPrincipal(NamespacedEntityId entityId) throws IOException {
entityId = getEffectiveEntity(entityId);
KerberosPrincipalId effectiveOwner = null;
if (!entityId.getEntityType().equals(EntityType.NAMESPACE)) {
effectiveOwner = ownerStore.getOwner(entityId);
}
// (CDAP-8176) Since no owner was found for the entity return namespace principal if present.
return effectiveOwner != null ? effectiveOwner.getPrincipal() : getNamespaceConfig(entityId).getPrincipal();
}
use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.
the class UGIProviderTest method init.
@BeforeClass
public static void init() throws Exception {
cConf = CConfiguration.create();
cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMP_FOLDER.newFolder().getAbsolutePath());
namespaceClient = new InMemoryNamespaceClient();
// Start KDC
miniKdc = new MiniKdc(MiniKdc.createConf(), TEMP_FOLDER.newFolder());
miniKdc.start();
System.setProperty("java.security.krb5.conf", miniKdc.getKrb5conf().getAbsolutePath());
localKeytabDirPath = TEMP_FOLDER.newFolder();
// Generate keytab
aliceKeytabFile = createPrincipal(localKeytabDirPath, "alice");
bobKeytabFile = createPrincipal(localKeytabDirPath, "bob");
eveKeytabFile = createPrincipal(localKeytabDirPath, "eve");
// construct Kerberos PrincipalIds
aliceKerberosPrincipalId = new KerberosPrincipalId(getPrincipal("alice"));
bobKerberosPrincipalId = new KerberosPrincipalId(getPrincipal("bob"));
eveKerberosPrincipalId = new KerberosPrincipalId(getPrincipal("eve"));
// Start mini DFS cluster
Configuration hConf = new Configuration();
hConf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, TEMP_FOLDER.newFolder().getAbsolutePath());
hConf.setBoolean("ipc.client.fallback-to-simple-auth-allowed", true);
miniDFSCluster = new MiniDFSCluster.Builder(hConf).numDataNodes(1).build();
miniDFSCluster.waitClusterUp();
locationFactory = new FileContextLocationFactory(miniDFSCluster.getFileSystem().getConf());
hConf = new Configuration();
hConf.set("hadoop.security.authentication", "kerberos");
UserGroupInformation.setConfiguration(hConf);
}
use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.
the class OwnerStoreTest method test.
@Test
public void test() throws Exception {
OwnerStore ownerStore = getOwnerStore();
StreamId streamId = NamespaceId.DEFAULT.stream("fooStream");
// No owner info should exist for above stream
Assert.assertNull(ownerStore.getOwner(streamId));
// delete behavior is idempotent, so won't throw NotFoundException
ownerStore.delete(streamId);
// Storing an owner for the first time should work
KerberosPrincipalId kerberosPrincipalId = new KerberosPrincipalId("alice/somehost@SOMEKDC.NET");
ownerStore.add(streamId, kerberosPrincipalId);
// owner principal should exists
Assert.assertTrue(ownerStore.exists(streamId));
// Should be able to get the principal back
Assert.assertEquals(kerberosPrincipalId, ownerStore.getOwner(streamId));
// Should not be able to update the owner principal
try {
ownerStore.add(streamId, new KerberosPrincipalId("bob@SOMEKDC.NET"));
Assert.fail();
} catch (AlreadyExistsException e) {
// expected
}
// Should not be able to update the owner principal
try {
ownerStore.add(streamId, new KerberosPrincipalId("somePrincipal"));
Assert.fail();
} catch (AlreadyExistsException e) {
// expected
}
// trying to update with invalid principal should fail early on with IllegalArgumentException
try {
ownerStore.add(streamId, new KerberosPrincipalId("b@ob@SOMEKDC.NET"));
Assert.fail();
} catch (IllegalArgumentException e) {
// expected
}
// Trying to store owner information for unsupported type should fail
try {
ownerStore.add(NamespaceId.DEFAULT.topic("anotherStream"), new KerberosPrincipalId("somePrincipal"));
Assert.fail();
} catch (IllegalArgumentException e) {
// expected
}
// delete the owner information
ownerStore.delete(streamId);
Assert.assertFalse(ownerStore.exists(streamId));
Assert.assertNull(ownerStore.getOwner(streamId));
}
use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.
the class AppLifecycleHttpHandler method deployAppFromArtifact.
// normally we wouldn't want to use a body consumer but would just want to read the request body directly
// since it wont be big. But the deploy app API has one path with different behavior based on content type
// the other behavior requires a BodyConsumer and only have one method per path is allowed,
// so we have to use a BodyConsumer
private BodyConsumer deployAppFromArtifact(final ApplicationId appId) throws IOException {
// createTempFile() needs a prefix of at least 3 characters
return new AbstractBodyConsumer(File.createTempFile("apprequest-" + appId, ".json", tmpDir)) {
@Override
protected void onFinish(HttpResponder responder, File uploadedFile) {
try (FileReader fileReader = new FileReader(uploadedFile)) {
AppRequest<?> appRequest = GSON.fromJson(fileReader, AppRequest.class);
ArtifactSummary artifactSummary = appRequest.getArtifact();
KerberosPrincipalId ownerPrincipalId = appRequest.getOwnerPrincipal() == null ? null : new KerberosPrincipalId(appRequest.getOwnerPrincipal());
// if we don't null check, it gets serialized to "null"
String configString = appRequest.getConfig() == null ? null : GSON.toJson(appRequest.getConfig());
applicationLifecycleService.deployApp(appId.getParent(), appId.getApplication(), appId.getVersion(), artifactSummary, configString, createProgramTerminator(), ownerPrincipalId, appRequest.canUpdateSchedules());
responder.sendString(HttpResponseStatus.OK, "Deploy Complete");
} catch (ArtifactNotFoundException e) {
responder.sendString(HttpResponseStatus.NOT_FOUND, e.getMessage());
} catch (ConflictException e) {
responder.sendString(HttpResponseStatus.CONFLICT, e.getMessage());
} catch (UnauthorizedException e) {
responder.sendString(HttpResponseStatus.FORBIDDEN, e.getMessage());
} catch (InvalidArtifactException e) {
responder.sendString(HttpResponseStatus.BAD_REQUEST, e.getMessage());
} catch (IOException e) {
LOG.error("Error reading request body for creating app {}.", appId);
responder.sendString(HttpResponseStatus.INTERNAL_SERVER_ERROR, String.format("Error while reading json request body for app %s.", appId));
} catch (Exception e) {
LOG.error("Deploy failure", e);
responder.sendString(HttpResponseStatus.BAD_REQUEST, e.getMessage());
}
}
};
}
use of co.cask.cdap.proto.id.KerberosPrincipalId in project cdap by caskdata.
the class AppFabricClient method deployApplication.
public Location deployApplication(Id.Namespace namespace, Class<?> applicationClz, String config, @Nullable KerberosPrincipalId ownerPrincipal, File... bundleEmbeddedJars) throws Exception {
Preconditions.checkNotNull(applicationClz, "Application cannot be null.");
Location deployedJar = AppJarHelper.createDeploymentJar(locationFactory, applicationClz, bundleEmbeddedJars);
LOG.info("Created deployedJar at {}", deployedJar);
String archiveName = String.format("%s-1.0.%d.jar", applicationClz.getSimpleName(), System.currentTimeMillis());
DefaultHttpRequest request = new DefaultHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.POST, String.format("/v3/namespaces/%s/apps", namespace.getId()));
request.setHeader(Constants.Gateway.API_KEY, "api-key-example");
request.setHeader(AbstractAppFabricHttpHandler.ARCHIVE_NAME_HEADER, archiveName);
if (config != null) {
request.setHeader(AbstractAppFabricHttpHandler.APP_CONFIG_HEADER, config);
}
String owner = null;
if (ownerPrincipal != null) {
owner = GSON.toJson(ownerPrincipal, KerberosPrincipalId.class);
request.setHeader(AbstractAppFabricHttpHandler.PRINCIPAL_HEADER, owner);
}
MockResponder mockResponder = new MockResponder();
BodyConsumer bodyConsumer = appLifecycleHttpHandler.deploy(request, mockResponder, namespace.getId(), archiveName, config, owner, true);
Preconditions.checkNotNull(bodyConsumer, "BodyConsumer from deploy call should not be null");
try (BufferFileInputStream is = new BufferFileInputStream(deployedJar.getInputStream(), 100 * 1024)) {
byte[] chunk = is.read();
while (chunk.length > 0) {
mockResponder = new MockResponder();
bodyConsumer.chunk(ChannelBuffers.wrappedBuffer(chunk), mockResponder);
Preconditions.checkState(mockResponder.getStatus() == null, "failed to deploy app");
chunk = is.read();
}
mockResponder = new MockResponder();
bodyConsumer.finished(mockResponder);
verifyResponse(HttpResponseStatus.OK, mockResponder.getStatus(), "Failed to deploy app");
}
return deployedJar;
}
Aggregations