Example 1 with ImpersonationRequest
use of co.cask.cdap.security.impersonation.ImpersonationRequest in project cdap by caskdata.
the class ImpersonationHandler method getCredentials.
@POST
@Path("/credentials")
public void getCredentials(HttpRequest request, HttpResponder responder) throws Exception {
String requestContent = request.getContent().toString(Charsets.UTF_8);
if (requestContent == null) {
throw new BadRequestException("Request body is empty.");
}
ImpersonationRequest impersonationRequest = GSON.fromJson(requestContent, ImpersonationRequest.class);
LOG.debug("Fetching credentials for {}", impersonationRequest);
UGIWithPrincipal ugiWithPrincipal = ugiProvider.getConfiguredUGI(impersonationRequest);
Credentials credentials = ImpersonationUtils.doAs(ugiWithPrincipal.getUGI(), new Callable<Credentials>() {
@Override
public Credentials call() throws Exception {
return tokenSecureStoreRenewer.createCredentials();
}
});
// example: hdfs:///cdap/credentials
Location credentialsDir = locationFactory.create("credentials");
if (credentialsDir.isDirectory() || credentialsDir.mkdirs() || credentialsDir.isDirectory()) {
// the getTempFile() doesn't create the file within the directory that you call it on. It simply appends the path
// without a separator, which is why we manually append the "tmp"
// example: hdfs:///cdap/credentials/tmp.5960fe60-6fd8-4f3e-8e92-3fb6d4726006.credentials
Location credentialsFile = credentialsDir.append("tmp").getTempFile(".credentials");
// 600 is owner-only READ_WRITE
try (DataOutputStream os = new DataOutputStream(new BufferedOutputStream(credentialsFile.getOutputStream("600")))) {
credentials.writeTokenStorageToStream(os);
}
LOG.debug("Wrote credentials for user {} to {}", ugiWithPrincipal.getPrincipal(), credentialsFile);
PrincipalCredentials principalCredentials = new PrincipalCredentials(ugiWithPrincipal.getPrincipal(), credentialsFile.toURI().toString());
responder.sendJson(HttpResponseStatus.OK, principalCredentials);
} else {
throw new IllegalStateException("Unable to create credentials directory.");
}
}
Also used :
PrincipalCredentials(co.cask.cdap.security.impersonation.PrincipalCredentials)
UGIWithPrincipal(co.cask.cdap.security.impersonation.UGIWithPrincipal)
DataOutputStream(java.io.DataOutputStream)
BadRequestException(co.cask.cdap.common.BadRequestException)
ImpersonationRequest(co.cask.cdap.security.impersonation.ImpersonationRequest)
BadRequestException(co.cask.cdap.common.BadRequestException)
BufferedOutputStream(java.io.BufferedOutputStream)
Credentials(org.apache.hadoop.security.Credentials)
PrincipalCredentials(co.cask.cdap.security.impersonation.PrincipalCredentials)
Location(org.apache.twill.filesystem.Location)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Aggregations
BadRequestException (co.cask.cdap.common.BadRequestException)1
ImpersonationRequest (co.cask.cdap.security.impersonation.ImpersonationRequest)1
PrincipalCredentials (co.cask.cdap.security.impersonation.PrincipalCredentials)1
UGIWithPrincipal (co.cask.cdap.security.impersonation.UGIWithPrincipal)1
BufferedOutputStream (java.io.BufferedOutputStream)1
DataOutputStream (java.io.DataOutputStream)1
POST (javax.ws.rs.POST)1
Path (javax.ws.rs.Path)1
Credentials (org.apache.hadoop.security.Credentials)1
Location (org.apache.twill.filesystem.Location)1
