Search in sources :

Example 1 with TenantUserList

use of org.apache.hadoop.ozone.om.helpers.TenantUserList in project ozone by apache.

the class OzoneManagerRequestHandler method tenantListUsers.

@DisallowedUntilLayoutVersion(MULTITENANCY_SCHEMA)
private TenantListUserResponse tenantListUsers(TenantListUserRequest request) throws IOException {
    TenantListUserResponse.Builder builder = TenantListUserResponse.newBuilder();
    TenantUserList usersInTenant = impl.listUsersInTenant(request.getTenantId(), request.getPrefix());
    // Note impl.listUsersInTenant() throws if errs
    if (usersInTenant != null) {
        builder.addAllUserAccessIdInfo(usersInTenant.getUserAccessIds());
    }
    return builder.build();
}
Also used : TenantListUserResponse(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.TenantListUserResponse) TenantUserList(org.apache.hadoop.ozone.om.helpers.TenantUserList) DisallowedUntilLayoutVersion(org.apache.hadoop.ozone.om.upgrade.DisallowedUntilLayoutVersion)

Example 2 with TenantUserList

use of org.apache.hadoop.ozone.om.helpers.TenantUserList in project ozone by apache.

the class OzoneManager method listUsersInTenant.

@Override
public TenantUserList listUsersInTenant(String tenantId, String prefix) throws IOException {
    metrics.incNumTenantUserLists();
    if (StringUtils.isEmpty(tenantId)) {
        return null;
    }
    multiTenantManager.checkTenantExistence(tenantId);
    final String volumeName = multiTenantManager.getTenantVolumeName(tenantId);
    final Map<String, String> auditMap = new LinkedHashMap<>();
    auditMap.put(OzoneConsts.TENANT, tenantId);
    auditMap.put(OzoneConsts.VOLUME, volumeName);
    auditMap.put(OzoneConsts.USER_PREFIX, prefix);
    boolean lockAcquired = metadataManager.getLock().acquireReadLock(VOLUME_LOCK, volumeName);
    try {
        final UserGroupInformation ugi = ProtobufRpcEngine.Server.getRemoteUser();
        if (!multiTenantManager.isTenantAdmin(ugi, tenantId, false)) {
            throw new OMException("Only tenant and ozone admins can access this " + "API. '" + ugi.getShortUserName() + "' is not an admin.", PERMISSION_DENIED);
        }
        final TenantUserList userList = multiTenantManager.listUsersInTenant(tenantId, prefix);
        AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.TENANT_LIST_USER, auditMap));
        return userList;
    } catch (IOException ex) {
        AUDIT.logReadFailure(buildAuditMessageForFailure(OMAction.TENANT_LIST_USER, auditMap, ex));
        throw ex;
    } finally {
        if (lockAcquired) {
            metadataManager.getLock().releaseReadLock(VOLUME_LOCK, volumeName);
        }
    }
}
Also used : TenantUserList(org.apache.hadoop.ozone.om.helpers.TenantUserList) CertificateSignRequest.getEncodedString(org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest.getEncodedString) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) OMException(org.apache.hadoop.ozone.om.exceptions.OMException) LinkedHashMap(java.util.LinkedHashMap) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 3 with TenantUserList

use of org.apache.hadoop.ozone.om.helpers.TenantUserList in project ozone by apache.

the class TestOMMultiTenantManagerImpl method testListUsersInTenant.

@Test
public void testListUsersInTenant() throws Exception {
    tenantManager.getCacheOp().assignUserToTenant("user1", TENANT_ID, "accessId1");
    TenantUserList tenantUserList = tenantManager.listUsersInTenant(TENANT_ID, "");
    List<UserAccessIdInfo> userAccessIds = tenantUserList.getUserAccessIds();
    assertEquals(2, userAccessIds.size());
    for (final UserAccessIdInfo userAccessId : userAccessIds) {
        String user = userAccessId.getUserPrincipal();
        if (user.equals("user1")) {
            assertEquals("accessId1", userAccessId.getAccessId());
        } else if (user.equals("seed-user1")) {
            assertEquals("seed-accessId1", userAccessId.getAccessId());
        } else {
            Assert.fail();
        }
    }
    LambdaTestUtils.intercept(IOException.class, "Tenant 'tenant2' not found", () -> {
        tenantManager.listUsersInTenant("tenant2", null);
    });
    assertTrue(tenantManager.listUsersInTenant(TENANT_ID, "abc").getUserAccessIds().isEmpty());
}
Also used : TenantUserList(org.apache.hadoop.ozone.om.helpers.TenantUserList) UserAccessIdInfo(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.UserAccessIdInfo) Test(org.junit.Test)

Example 4 with TenantUserList

use of org.apache.hadoop.ozone.om.helpers.TenantUserList in project ozone by apache.

the class OMMultiTenantManagerImpl method listUsersInTenant.

@Override
public TenantUserList listUsersInTenant(String tenantID, String prefix) throws IOException {
    List<UserAccessIdInfo> userAccessIds = new ArrayList<>();
    tenantCacheLock.readLock().lock();
    try {
        if (!omMetadataManager.getTenantStateTable().isExist(tenantID)) {
            throw new IOException("Tenant '" + tenantID + "' not found!");
        }
        CachedTenantState cachedTenantState = tenantCache.get(tenantID);
        if (cachedTenantState == null) {
            throw new IOException("Inconsistent in memory Tenant cache '" + tenantID + "' not found in cache, but present in OM DB!");
        }
        cachedTenantState.getAccessIdInfoMap().entrySet().stream().filter(// Include if user principal matches the prefix
        k -> StringUtils.isEmpty(prefix) || k.getValue().getUserPrincipal().startsWith(prefix)).forEach(k -> {
            final String accessId = k.getKey();
            final CachedAccessIdInfo cacheEntry = k.getValue();
            userAccessIds.add(UserAccessIdInfo.newBuilder().setUserPrincipal(cacheEntry.getUserPrincipal()).setAccessId(accessId).build());
        });
    } finally {
        tenantCacheLock.readLock().unlock();
    }
    return new TenantUserList(userAccessIds);
}
Also used : ALLOW(org.apache.hadoop.ozone.om.multitenant.AccessPolicy.AccessGrantType.ALLOW) OZONE_OM_MULTITENANCY_RANGER_SYNC_TIMEOUT_DEFAULT(org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_OM_MULTITENANCY_RANGER_SYNC_TIMEOUT_DEFAULT) INTERNAL_ERROR(org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.INTERNAL_ERROR) ProtobufRpcEngine(org.apache.hadoop.ipc.ProtobufRpcEngine) AuthorizerLock(org.apache.hadoop.ozone.om.multitenant.AuthorizerLock) LoggerFactory(org.slf4j.LoggerFactory) LIST(org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType.LIST) READ(org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType.READ) MultiTenantAccessAuthorizer(org.apache.hadoop.ozone.om.multitenant.MultiTenantAccessAuthorizer) StringUtils(org.apache.commons.lang3.StringUtils) VOLUME(org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType.VOLUME) AccessPolicy(org.apache.hadoop.ozone.om.multitenant.AccessPolicy) READ_ACL(org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType.READ_ACL) AuthorizerLockImpl(org.apache.hadoop.ozone.om.multitenant.AuthorizerLockImpl) Optional(com.google.common.base.Optional) Map(java.util.Map) ALL(org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType.ALL) TenantUserList(org.apache.hadoop.ozone.om.helpers.TenantUserList) UserAccessIdInfo(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.UserAccessIdInfo) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) TENANT_NOT_FOUND(org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.TENANT_NOT_FOUND) List(java.util.List) OMRangerBGSyncService(org.apache.hadoop.ozone.om.multitenant.OMRangerBGSyncService) OmDBAccessIdInfo(org.apache.hadoop.ozone.om.helpers.OmDBAccessIdInfo) OzoneObjInfo(org.apache.hadoop.ozone.security.acl.OzoneObjInfo) OMException(org.apache.hadoop.ozone.om.exceptions.OMException) OzoneObj(org.apache.hadoop.ozone.security.acl.OzoneObj) MultiTenantAccessAuthorizerDummyPlugin(org.apache.hadoop.ozone.om.multitenant.MultiTenantAccessAuthorizerDummyPlugin) OZONE_OM_MULTITENANCY_RANGER_SYNC_INTERVAL(org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_OM_MULTITENANCY_RANGER_SYNC_INTERVAL) CREATE(org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType.CREATE) KeyValue(org.apache.hadoop.hdds.utils.db.Table.KeyValue) OzoneConfiguration(org.apache.hadoop.hdds.conf.OzoneConfiguration) MultiTenantAccessAuthorizerRangerPlugin(org.apache.hadoop.ozone.om.multitenant.MultiTenantAccessAuthorizerRangerPlugin) OZONE(org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE) HashMap(java.util.HashMap) BucketNameSpace(org.apache.hadoop.ozone.om.multitenant.BucketNameSpace) ReentrantReadWriteLock(java.util.concurrent.locks.ReentrantReadWriteLock) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) TENANT_AUTHORIZER_ERROR(org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.TENANT_AUTHORIZER_ERROR) BUCKET(org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType.BUCKET) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) OmDBUserPrincipalInfo(org.apache.hadoop.ozone.om.helpers.OmDBUserPrincipalInfo) OZONE_OM_MULTITENANCY_RANGER_SYNC_INTERVAL_DEFAULT(org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_OM_MULTITENANCY_RANGER_SYNC_INTERVAL_DEFAULT) OzoneTenant(org.apache.hadoop.ozone.om.multitenant.OzoneTenant) Tenant(org.apache.hadoop.ozone.om.multitenant.Tenant) INVALID_ACCESS_ID(org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.INVALID_ACCESS_ID) OzoneOwnerPrincipal(org.apache.hadoop.ozone.om.multitenant.OzoneOwnerPrincipal) Logger(org.slf4j.Logger) IOException(java.io.IOException) OmDBTenantState(org.apache.hadoop.ozone.om.helpers.OmDBTenantState) CachedTenantState(org.apache.hadoop.ozone.om.multitenant.CachedTenantState) KEY(org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType.KEY) TimeUnit(java.util.concurrent.TimeUnit) OzoneTenantRolePrincipal(org.apache.hadoop.ozone.om.multitenant.OzoneTenantRolePrincipal) Table(org.apache.hadoop.hdds.utils.db.Table) OZONE_OM_MULTITENANCY_RANGER_SYNC_TIMEOUT(org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_OM_MULTITENANCY_RANGER_SYNC_TIMEOUT) Preconditions(com.google.common.base.Preconditions) VisibleForTesting(com.google.common.annotations.VisibleForTesting) TableIterator(org.apache.hadoop.hdds.utils.db.TableIterator) CachedAccessIdInfo(org.apache.hadoop.ozone.om.multitenant.CachedTenantState.CachedAccessIdInfo) Collections(java.util.Collections) RangerAccessPolicy(org.apache.hadoop.ozone.om.multitenant.RangerAccessPolicy) ArrayList(java.util.ArrayList) TenantUserList(org.apache.hadoop.ozone.om.helpers.TenantUserList) IOException(java.io.IOException) CachedTenantState(org.apache.hadoop.ozone.om.multitenant.CachedTenantState) UserAccessIdInfo(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.UserAccessIdInfo) CachedAccessIdInfo(org.apache.hadoop.ozone.om.multitenant.CachedTenantState.CachedAccessIdInfo)

Example 5 with TenantUserList

use of org.apache.hadoop.ozone.om.helpers.TenantUserList in project ozone by apache.

the class TenantListUsersHandler method execute.

@Override
protected void execute(OzoneClient client, OzoneAddress address) throws IOException {
    final TenantUserList usersInTenant = client.getObjectStore().listUsersInTenant(tenantId, prefix);
    if (!printJson) {
        usersInTenant.getUserAccessIds().forEach(accessIdInfo -> {
            out().println("- User '" + accessIdInfo.getUserPrincipal() + "' with accessId '" + accessIdInfo.getAccessId() + "'");
        });
    } else {
        final JsonArray resArray = new JsonArray();
        usersInTenant.getUserAccessIds().forEach(accessIdInfo -> {
            final JsonObject obj = new JsonObject();
            obj.addProperty("user", accessIdInfo.getUserPrincipal());
            obj.addProperty("accessId", accessIdInfo.getAccessId());
            resArray.add(obj);
        });
        final Gson gson = new GsonBuilder().setPrettyPrinting().create();
        out().println(gson.toJson(resArray));
    }
}
Also used : JsonArray(com.google.gson.JsonArray) GsonBuilder(com.google.gson.GsonBuilder) TenantUserList(org.apache.hadoop.ozone.om.helpers.TenantUserList) JsonObject(com.google.gson.JsonObject) Gson(com.google.gson.Gson)

Aggregations

TenantUserList (org.apache.hadoop.ozone.om.helpers.TenantUserList)5 IOException (java.io.IOException)2 OMException (org.apache.hadoop.ozone.om.exceptions.OMException)2 UserAccessIdInfo (org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.UserAccessIdInfo)2 VisibleForTesting (com.google.common.annotations.VisibleForTesting)1 Optional (com.google.common.base.Optional)1 Preconditions (com.google.common.base.Preconditions)1 Gson (com.google.gson.Gson)1 GsonBuilder (com.google.gson.GsonBuilder)1 JsonArray (com.google.gson.JsonArray)1 JsonObject (com.google.gson.JsonObject)1 UncheckedIOException (java.io.UncheckedIOException)1 ArrayList (java.util.ArrayList)1 Collections (java.util.Collections)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 LinkedHashMap (java.util.LinkedHashMap)1 List (java.util.List)1 Map (java.util.Map)1 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1