use of org.apache.hadoop.ozone.om.multitenant.Tenant in project ozone by apache.
the class OMTenantDeleteRequest method preExecute.
@Override
@DisallowedUntilLayoutVersion(MULTITENANCY_SCHEMA)
public OMRequest preExecute(OzoneManager ozoneManager) throws IOException {
final OMRequest omRequest = super.preExecute(ozoneManager);
final OMMultiTenantManager multiTenantManager = ozoneManager.getMultiTenantManager();
// Check Ozone cluster admin privilege
multiTenantManager.checkAdmin();
// First get tenant name
final String tenantId = omRequest.getDeleteTenantRequest().getTenantId();
Preconditions.checkNotNull(tenantId);
// Get tenant object by tenant name
final Tenant tenantObj = multiTenantManager.getTenantFromDBById(tenantId);
// Acquire write lock to authorizer (Ranger)
multiTenantManager.getAuthorizerLock().tryWriteLockInOMRequest();
try {
// Remove policies and roles from Ranger
// TODO: Deactivate (disable) policies instead of delete?
multiTenantManager.getAuthorizerOp().deleteTenant(tenantObj);
} catch (Exception e) {
multiTenantManager.getAuthorizerLock().unlockWriteInOMRequest();
throw e;
}
return omRequest;
}
use of org.apache.hadoop.ozone.om.multitenant.Tenant in project ozone by apache.
the class TestS3GetSecretRequest method setUp.
@Before
public void setUp() throws Exception {
KerberosName.setRuleMechanism(DEFAULT_MECHANISM);
KerberosName.setRules("RULE:[2:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + "DEFAULT");
ugiAlice = UserGroupInformation.createRemoteUser(USER_ALICE);
Assert.assertEquals("alice", ugiAlice.getShortUserName());
ozoneManager = mock(OzoneManager.class);
Call call = spy(new Call(1, 1, null, null, RPC.RpcKind.RPC_BUILTIN, new byte[] { 1, 2, 3 }));
// Run as alice, so that Server.getRemoteUser() won't return null.
when(call.getRemoteUser()).thenReturn(ugiAlice);
Server.getCurCall().set(call);
omMetrics = OMMetrics.create();
OzoneConfiguration conf = new OzoneConfiguration();
conf.set(OMConfigKeys.OZONE_OM_DB_DIRS, folder.newFolder().getAbsolutePath());
// No need to conf.set(OzoneConfigKeys.OZONE_ADMINISTRATORS, ...) here
// as we did the trick earlier with mockito.
omMetadataManager = new OmMetadataManagerImpl(conf);
when(ozoneManager.getMetrics()).thenReturn(omMetrics);
when(ozoneManager.getMetadataManager()).thenReturn(omMetadataManager);
when(ozoneManager.isRatisEnabled()).thenReturn(true);
auditLogger = mock(AuditLogger.class);
when(ozoneManager.getAuditLogger()).thenReturn(auditLogger);
doNothing().when(auditLogger).logWrite(any(AuditMessage.class));
// Multi-tenant related initializations
omMultiTenantManager = mock(OMMultiTenantManager.class);
tenant = mock(Tenant.class);
when(ozoneManager.getMultiTenantManager()).thenReturn(omMultiTenantManager);
when(tenant.getTenantAccessPolicies()).thenReturn(new ArrayList<>());
when(omMultiTenantManager.getAuthorizerLock()).thenReturn(new AuthorizerLockImpl());
TenantOp authorizerOp = mock(TenantOp.class);
TenantOp cacheOp = mock(TenantOp.class);
when(omMultiTenantManager.getAuthorizerOp()).thenReturn(authorizerOp);
when(omMultiTenantManager.getCacheOp()).thenReturn(cacheOp);
}
use of org.apache.hadoop.ozone.om.multitenant.Tenant in project ozone by apache.
the class OMMultiTenantManagerImpl method getTenantFromDBById.
@Override
public Tenant getTenantFromDBById(String tenantId) throws IOException {
// Policy names (not cached at the moment) have to retrieved from OM DB.
// TODO: Store policy names in cache as well if needed.
final OmDBTenantState tenantState = omMetadataManager.getTenantStateTable().get(tenantId);
if (tenantState == null) {
throw new OMException("Tenant '" + tenantId + "' does not exist", OMException.ResultCodes.TENANT_NOT_FOUND);
}
final Tenant tenantObj = new OzoneTenant(tenantState.getTenantId());
tenantObj.addTenantAccessPolicy(new RangerAccessPolicy(tenantState.getBucketNamespacePolicyName()));
tenantObj.addTenantAccessPolicy(new RangerAccessPolicy(tenantState.getBucketNamespaceName()));
tenantObj.addTenantAccessRole(tenantState.getUserRoleName());
tenantObj.addTenantAccessRole(tenantState.getAdminRoleName());
return tenantObj;
}
use of org.apache.hadoop.ozone.om.multitenant.Tenant in project ozone by apache.
the class OMMultiTenantManagerImpl method listUsersInTenant.
@Override
public TenantUserList listUsersInTenant(String tenantID, String prefix) throws IOException {
List<UserAccessIdInfo> userAccessIds = new ArrayList<>();
tenantCacheLock.readLock().lock();
try {
if (!omMetadataManager.getTenantStateTable().isExist(tenantID)) {
throw new IOException("Tenant '" + tenantID + "' not found!");
}
CachedTenantState cachedTenantState = tenantCache.get(tenantID);
if (cachedTenantState == null) {
throw new IOException("Inconsistent in memory Tenant cache '" + tenantID + "' not found in cache, but present in OM DB!");
}
cachedTenantState.getAccessIdInfoMap().entrySet().stream().filter(// Include if user principal matches the prefix
k -> StringUtils.isEmpty(prefix) || k.getValue().getUserPrincipal().startsWith(prefix)).forEach(k -> {
final String accessId = k.getKey();
final CachedAccessIdInfo cacheEntry = k.getValue();
userAccessIds.add(UserAccessIdInfo.newBuilder().setUserPrincipal(cacheEntry.getUserPrincipal()).setAccessId(accessId).build());
});
} finally {
tenantCacheLock.readLock().unlock();
}
return new TenantUserList(userAccessIds);
}
Aggregations