Search in sources :

Example 1 with PrincipalCredentials

use of io.cdap.cdap.security.impersonation.PrincipalCredentials in project cdap by caskdata.

the class ImpersonationHandler method getCredentials.

@POST
@Path("/credentials")
public void getCredentials(FullHttpRequest request, HttpResponder responder) throws Exception {
    String requestContent = request.content().toString(StandardCharsets.UTF_8);
    if (requestContent == null) {
        throw new BadRequestException("Request body is empty.");
    }
    ImpersonationRequest impersonationRequest = GSON.fromJson(requestContent, ImpersonationRequest.class);
    LOG.debug("Fetching credentials for {}", impersonationRequest);
    UGIWithPrincipal ugiWithPrincipal;
    try {
        ugiWithPrincipal = ugiProvider.getConfiguredUGI(impersonationRequest);
    } catch (AccessException e) {
        throw new ServiceException(e, HttpResponseStatus.INTERNAL_SERVER_ERROR);
    }
    Credentials credentials = ImpersonationUtils.doAs(ugiWithPrincipal.getUGI(), new Callable<Credentials>() {

        @Override
        public Credentials call() throws Exception {
            return tokenSecureStoreRenewer.createCredentials();
        }
    });
    // example: hdfs:///cdap/credentials
    Location credentialsDir = locationFactory.create("credentials");
    if (credentialsDir.isDirectory() || credentialsDir.mkdirs() || credentialsDir.isDirectory()) {
        // the getTempFile() doesn't create the file within the directory that you call it on. It simply appends the path
        // without a separator, which is why we manually append the "tmp"
        // example: hdfs:///cdap/credentials/tmp.5960fe60-6fd8-4f3e-8e92-3fb6d4726006.credentials
        Location credentialsFile = credentialsDir.append("tmp").getTempFile(".credentials");
        // 600 is owner-only READ_WRITE
        try (DataOutputStream os = new DataOutputStream(new BufferedOutputStream(credentialsFile.getOutputStream("600")))) {
            credentials.writeTokenStorageToStream(os);
        }
        LOG.debug("Wrote credentials for user {} to {}", ugiWithPrincipal.getPrincipal(), credentialsFile);
        PrincipalCredentials principalCredentials = new PrincipalCredentials(ugiWithPrincipal.getPrincipal(), credentialsFile.toURI().toString());
        responder.sendJson(HttpResponseStatus.OK, GSON.toJson(principalCredentials));
    } else {
        throw new IllegalStateException("Unable to create credentials directory.");
    }
}
Also used : PrincipalCredentials(io.cdap.cdap.security.impersonation.PrincipalCredentials) UGIWithPrincipal(io.cdap.cdap.security.impersonation.UGIWithPrincipal) DataOutputStream(java.io.DataOutputStream) AccessException(io.cdap.cdap.api.security.AccessException) ServiceException(io.cdap.cdap.common.ServiceException) IOException(java.io.IOException) BadRequestException(io.cdap.cdap.common.BadRequestException) AccessException(io.cdap.cdap.api.security.AccessException) ServiceException(io.cdap.cdap.common.ServiceException) ImpersonationRequest(io.cdap.cdap.security.impersonation.ImpersonationRequest) BadRequestException(io.cdap.cdap.common.BadRequestException) BufferedOutputStream(java.io.BufferedOutputStream) Credentials(org.apache.hadoop.security.Credentials) PrincipalCredentials(io.cdap.cdap.security.impersonation.PrincipalCredentials) Location(org.apache.twill.filesystem.Location) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Aggregations

AccessException (io.cdap.cdap.api.security.AccessException)1 BadRequestException (io.cdap.cdap.common.BadRequestException)1 ServiceException (io.cdap.cdap.common.ServiceException)1 ImpersonationRequest (io.cdap.cdap.security.impersonation.ImpersonationRequest)1 PrincipalCredentials (io.cdap.cdap.security.impersonation.PrincipalCredentials)1 UGIWithPrincipal (io.cdap.cdap.security.impersonation.UGIWithPrincipal)1 BufferedOutputStream (java.io.BufferedOutputStream)1 DataOutputStream (java.io.DataOutputStream)1 IOException (java.io.IOException)1 POST (javax.ws.rs.POST)1 Path (javax.ws.rs.Path)1 Credentials (org.apache.hadoop.security.Credentials)1 Location (org.apache.twill.filesystem.Location)1