Search in sources :

Example 1 with TenantUserInfoValue

use of org.apache.hadoop.ozone.om.helpers.TenantUserInfoValue in project ozone by apache.

the class OzoneManagerRequestHandler method tenantGetUserInfo.

@DisallowedUntilLayoutVersion(MULTITENANCY_SCHEMA)
private TenantGetUserInfoResponse tenantGetUserInfo(TenantGetUserInfoRequest request) throws IOException {
    final TenantGetUserInfoResponse.Builder resp = TenantGetUserInfoResponse.newBuilder();
    final String userPrincipal = request.getUserPrincipal();
    TenantUserInfoValue ret = impl.tenantGetUserInfo(userPrincipal);
    // Note impl.tenantGetUserInfo() throws if errs
    if (ret != null) {
        resp.addAllAccessIdInfo(ret.getAccessIdInfoList());
    }
    return resp.build();
}
Also used : TenantGetUserInfoResponse(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.TenantGetUserInfoResponse) TenantUserInfoValue(org.apache.hadoop.ozone.om.helpers.TenantUserInfoValue) DisallowedUntilLayoutVersion(org.apache.hadoop.ozone.om.upgrade.DisallowedUntilLayoutVersion)

Example 2 with TenantUserInfoValue

use of org.apache.hadoop.ozone.om.helpers.TenantUserInfoValue in project ozone by apache.

the class OzoneManager method tenantGetUserInfo.

/**
 * Tenant get user info.
 */
public TenantUserInfoValue tenantGetUserInfo(String userPrincipal) throws IOException {
    metrics.incNumTenantGetUserInfos();
    if (StringUtils.isEmpty(userPrincipal)) {
        return null;
    }
    final List<ExtendedUserAccessIdInfo> accessIdInfoList = new ArrayList<>();
    // Won't iterate cache here for a similar reason as in OM#listTenant
    // tenantGetUserInfo lists all accessIds assigned to a user across
    // multiple tenants.
    // Retrieve the list of accessIds associated to this user principal
    final OmDBUserPrincipalInfo kerberosPrincipalInfo = metadataManager.getPrincipalToAccessIdsTable().get(userPrincipal);
    if (kerberosPrincipalInfo == null) {
        return null;
    }
    final Set<String> accessIds = kerberosPrincipalInfo.getAccessIds();
    final Map<String, String> auditMap = new LinkedHashMap<>();
    auditMap.put("userPrincipal", userPrincipal);
    accessIds.forEach(accessId -> {
        try {
            final OmDBAccessIdInfo accessIdInfo = metadataManager.getTenantAccessIdTable().get(accessId);
            if (accessIdInfo == null) {
                // As we are not acquiring a lock, the accessId entry might have been
                // removed from the TenantAccessIdTable already.
                // Log a warning (shouldn't happen very often) and move on.
                LOG.warn("Expected accessId '{}' not found in TenantAccessIdTable. " + "Might have been removed already.", accessId);
                return;
            }
            assert (accessIdInfo.getUserPrincipal().equals(userPrincipal));
            accessIdInfoList.add(ExtendedUserAccessIdInfo.newBuilder().setUserPrincipal(userPrincipal).setAccessId(accessId).setTenantId(accessIdInfo.getTenantId()).setIsAdmin(accessIdInfo.getIsAdmin()).setIsDelegatedAdmin(accessIdInfo.getIsDelegatedAdmin()).build());
        } catch (IOException e) {
            LOG.error("Potential DB issue. Failed to retrieve OmDBAccessIdInfo " + "for accessId '{}' in TenantAccessIdTable.", accessId);
            // Audit
            auditMap.put("accessId", accessId);
            AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.TENANT_GET_USER_INFO, auditMap, e));
            auditMap.remove("accessId");
        }
    });
    AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.TENANT_GET_USER_INFO, auditMap));
    return new TenantUserInfoValue(accessIdInfoList);
}
Also used : ExtendedUserAccessIdInfo(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.ExtendedUserAccessIdInfo) OmDBAccessIdInfo(org.apache.hadoop.ozone.om.helpers.OmDBAccessIdInfo) ArrayList(java.util.ArrayList) OmDBUserPrincipalInfo(org.apache.hadoop.ozone.om.helpers.OmDBUserPrincipalInfo) CertificateSignRequest.getEncodedString(org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest.getEncodedString) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) LinkedHashMap(java.util.LinkedHashMap) TenantUserInfoValue(org.apache.hadoop.ozone.om.helpers.TenantUserInfoValue)

Example 3 with TenantUserInfoValue

use of org.apache.hadoop.ozone.om.helpers.TenantUserInfoValue in project ozone by apache.

the class GetUserInfoHandler method execute.

@Override
protected void execute(OzoneClient client, OzoneAddress address) throws IOException {
    if (StringUtils.isEmpty(userPrincipal)) {
        GenericCli.missingSubcommand(spec);
        return;
    }
    final TenantUserInfoValue tenantUserInfo = client.getObjectStore().tenantGetUserInfo(userPrincipal);
    final List<ExtendedUserAccessIdInfo> accessIdInfoList = tenantUserInfo.getAccessIdInfoList();
    if (accessIdInfoList.size() == 0) {
        err().println("User '" + userPrincipal + "' is not assigned to any tenant.");
        return;
    }
    if (!printJson) {
        out().println("User '" + userPrincipal + "' is assigned to:");
        accessIdInfoList.forEach(accessIdInfo -> {
            // Get admin info
            final String adminInfoString;
            if (accessIdInfo.getIsAdmin()) {
                adminInfoString = accessIdInfo.getIsDelegatedAdmin() ? " delegated admin" : " admin";
            } else {
                adminInfoString = "";
            }
            out().format("- Tenant '%s'%s with accessId '%s'%n", accessIdInfo.getTenantId(), adminInfoString, accessIdInfo.getAccessId());
        });
    } else {
        final JsonObject resObj = new JsonObject();
        resObj.addProperty("user", userPrincipal);
        final JsonArray arr = new JsonArray();
        accessIdInfoList.forEach(accessIdInfo -> {
            final JsonObject tenantObj = new JsonObject();
            tenantObj.addProperty("accessId", accessIdInfo.getAccessId());
            tenantObj.addProperty("tenantId", accessIdInfo.getTenantId());
            tenantObj.addProperty("isAdmin", accessIdInfo.getIsAdmin());
            tenantObj.addProperty("isDelegatedAdmin", accessIdInfo.getIsDelegatedAdmin());
            arr.add(tenantObj);
        });
        resObj.add("tenants", arr);
        final Gson gson = new GsonBuilder().setPrettyPrinting().create();
        out().println(gson.toJson(resObj));
    }
}
Also used : JsonArray(com.google.gson.JsonArray) ExtendedUserAccessIdInfo(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.ExtendedUserAccessIdInfo) GsonBuilder(com.google.gson.GsonBuilder) JsonObject(com.google.gson.JsonObject) Gson(com.google.gson.Gson) TenantUserInfoValue(org.apache.hadoop.ozone.om.helpers.TenantUserInfoValue)

Aggregations

TenantUserInfoValue (org.apache.hadoop.ozone.om.helpers.TenantUserInfoValue)3 ExtendedUserAccessIdInfo (org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.ExtendedUserAccessIdInfo)2 Gson (com.google.gson.Gson)1 GsonBuilder (com.google.gson.GsonBuilder)1 JsonArray (com.google.gson.JsonArray)1 JsonObject (com.google.gson.JsonObject)1 IOException (java.io.IOException)1 UncheckedIOException (java.io.UncheckedIOException)1 ArrayList (java.util.ArrayList)1 LinkedHashMap (java.util.LinkedHashMap)1 CertificateSignRequest.getEncodedString (org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest.getEncodedString)1 OmDBAccessIdInfo (org.apache.hadoop.ozone.om.helpers.OmDBAccessIdInfo)1 OmDBUserPrincipalInfo (org.apache.hadoop.ozone.om.helpers.OmDBUserPrincipalInfo)1 DisallowedUntilLayoutVersion (org.apache.hadoop.ozone.om.upgrade.DisallowedUntilLayoutVersion)1 TenantGetUserInfoResponse (org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.TenantGetUserInfoResponse)1