List of usage examples for org.apache.hadoop.security UserGroupInformation createRemoteUser
@InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation createRemoteUser(String user)
From source file:org.apache.hive.service.cli.session.HiveSessionImplwithUGI.java
License:Apache License
public void setSessionUGI(String owner) throws HiveSQLException { if (owner == null) { throw new HiveSQLException("No username provided for impersonation"); }/*from w w w .ja va 2 s .c om*/ if (UserGroupInformation.isSecurityEnabled()) { try { sessionUgi = UserGroupInformation.createProxyUser(owner, UserGroupInformation.getLoginUser()); } catch (IOException e) { throw new HiveSQLException("Couldn't setup proxy user", e); } } else { sessionUgi = UserGroupInformation.createRemoteUser(owner); } }
From source file:org.apache.hoya.core.launch.ContainerLauncher.java
License:Apache License
/** * This code is in the dist shell examples -it's been moved here * so that if it is needed, it's still here * @return a remote user with a token to access the container. */// w w w . j a v a 2 s .c om public UserGroupInformation setupUGI() { UserGroupInformation user = UserGroupInformation.createRemoteUser(container.getId().toString()); String cmIpPortStr = container.getNodeId().getHost() + ":" + container.getNodeId().getPort(); final InetSocketAddress cmAddress = NetUtils.createSocketAddr(cmIpPortStr); org.apache.hadoop.yarn.api.records.Token containerToken = container.getContainerToken(); if (containerToken != null) { Token<ContainerTokenIdentifier> token = ConverterUtils.convertFromYarn(containerToken, cmAddress); user.addToken(token); } return user; }
From source file:org.apache.hoya.yarn.appmaster.rpc.RpcBinder.java
License:Apache License
public static HoyaClusterProtocol getProxy(final Configuration conf, ApplicationReport application, final int rpcTimeout) throws IOException, HoyaException, InterruptedException { String host = application.getHost(); int port = application.getRpcPort(); String address = host + ":" + port; if (host == null || 0 == port) { throw new HoyaException(HoyaExitCodes.EXIT_CONNECTIVITY_PROBLEM, "Hoya YARN instance " + application.getName() + " isn't providing a valid address for the" + " Hoya RPC protocol: " + address); }/*from w w w . jav a 2 s . c o m*/ UserGroupInformation currentUser = UserGroupInformation.getCurrentUser(); final UserGroupInformation newUgi = UserGroupInformation.createRemoteUser(currentUser.getUserName()); final InetSocketAddress serviceAddr = NetUtils.createSocketAddrForHost(application.getHost(), application.getRpcPort()); HoyaClusterProtocol realProxy; log.debug("Connecting to {}", serviceAddr); if (UserGroupInformation.isSecurityEnabled()) { org.apache.hadoop.yarn.api.records.Token clientToAMToken = application.getClientToAMToken(); Token<ClientToAMTokenIdentifier> token = ConverterUtils.convertFromYarn(clientToAMToken, serviceAddr); newUgi.addToken(token); realProxy = newUgi.doAs(new PrivilegedExceptionAction<HoyaClusterProtocol>() { @Override public HoyaClusterProtocol run() throws IOException { return connectToServer(serviceAddr, newUgi, conf, rpcTimeout); } }); } else { return connectToServer(serviceAddr, newUgi, conf, rpcTimeout); } return realProxy; }
From source file:org.apache.impala.util.RequestPoolService.java
License:Apache License
/** * Indicates if a user has access to the pool. * * @param pool the pool to check if the user has access to. NOTE: it should always be * called with a pool returned by the {@link #assignToPool(String, String)} method. * @param user the user to check if it has access to the pool. * @return True if the user has access to the pool. *///from ww w .j av a2 s . c o m @VisibleForTesting boolean hasAccess(String pool, String user) throws InternalException { Preconditions.checkState(running_.get()); Preconditions.checkArgument(!Strings.isNullOrEmpty(pool)); Preconditions.checkArgument(!Strings.isNullOrEmpty(user)); // Convert the user name to a short name (e.g. 'user1@domain' to 'user1') because // the UserGroupInformation will check group membership which should always be done // on the short name of the principal. String shortName; User requestingUser = new User(user); shortName = requestingUser.getShortName(); UserGroupInformation ugi = UserGroupInformation.createRemoteUser(shortName); return allocationConf_.get().hasAccess(pool, QueueACL.SUBMIT_APPLICATIONS, ugi); }
From source file:org.apache.ivory.cluster.util.EmbeddedCluster.java
License:Apache License
public static EmbeddedCluster newCluster(final String name, final boolean withMR, final String user) throws Exception { UserGroupInformation hdfsUser = UserGroupInformation.createRemoteUser(user); return hdfsUser.doAs(new PrivilegedExceptionAction<EmbeddedCluster>() { @Override//from ww w .j av a2 s . c o m public EmbeddedCluster run() throws Exception { return createClusterAsUser(name, withMR); } }); }
From source file:org.apache.metron.maas.service.yarn.YarnUtils.java
License:Apache License
public UserGroupInformation createUserGroup(Credentials credentials) throws IOException { credentials = credentials == null ? UserGroupInformation.getCurrentUser().getCredentials() : credentials; String appSubmitterUserName = System.getenv(ApplicationConstants.Environment.USER.name()); UserGroupInformation appSubmitterUgi = UserGroupInformation.createRemoteUser(appSubmitterUserName); appSubmitterUgi.addCredentials(credentials); return appSubmitterUgi; }
From source file:org.apache.oozie.action.hadoop.LauncherAM.java
License:Apache License
private static UserGroupInformation getUserGroupInformation(Configuration launcherConf, Text... kindToFilter) throws IOException { final String submitterUser = launcherConf.get(OOZIE_SUBMITTER_USER); Credentials credentials = UserGroupInformation.getCurrentUser().getCredentials(); filterTokensByKind(credentials, kindToFilter); UserGroupInformation ugi = UserGroupInformation.createRemoteUser(submitterUser); ugi.addCredentials(credentials);/* w ww . j av a 2 s .c om*/ return ugi; }
From source file:org.apache.ranger.audit.provider.MiscUtil.java
License:Apache License
/** * @param userName//from w w w . ja v a 2 s . c o m * @return */ static public Set<String> getGroupsForRequestUser(String userName) { if (userName == null) { return null; } try { UserGroupInformation ugi = UserGroupInformation.createRemoteUser(userName); String groups[] = ugi.getGroupNames(); if (groups != null && groups.length > 0) { Set<String> groupsSet = new java.util.HashSet<String>(); for (int i = 0; i < groups.length; i++) { groupsSet.add(groups[i]); } return groupsSet; } } catch (Throwable e) { logErrorMessageByInterval(logger, "Error getting groups for users. userName=" + userName, e); } return null; }
From source file:org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerBase.java
License:Apache License
public RangerHiveAuthorizerBase(HiveMetastoreClientFactory metastoreClientFactory, HiveConf hiveConf, HiveAuthenticationProvider hiveAuthenticator, HiveAuthzSessionContext context) { mMetastoreClientFactory = metastoreClientFactory; mHiveConf = hiveConf;//from w w w.ja va 2 s. c om mHiveAuthenticator = hiveAuthenticator; mSessionContext = context; String userName = mHiveAuthenticator == null ? null : mHiveAuthenticator.getUserName(); mUgi = userName == null ? null : UserGroupInformation.createRemoteUser(userName); if (mHiveAuthenticator == null) { LOG.warn("RangerHiveAuthorizerBase.RangerHiveAuthorizerBase(): hiveAuthenticator is null"); } else if (StringUtil.isEmpty(userName)) { LOG.warn( "RangerHiveAuthorizerBase.RangerHiveAuthorizerBase(): hiveAuthenticator.getUserName() returned null/empty"); } else if (mUgi == null) { LOG.warn(String.format( "RangerHiveAuthorizerBase.RangerHiveAuthorizerBase(): UserGroupInformation.createRemoteUser(%s) returned null", userName)); } }
From source file:org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizerTest.java
License:Apache License
@Test public void testCreateKeys() throws Throwable { if (!UNRESTRICTED_POLICIES_INSTALLED) { return;/*www . jav a 2s . com*/ } // bob should have permission to create final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob"); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { KMSWebApp.getACLs().assertAccess(Type.CREATE, ugi, KMSOp.CREATE_KEY, "newkey1", "127.0.0.1"); return null; } }); // "eve" should not have permission to create final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve"); ugi2.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.CREATE, ugi2, KMSOp.CREATE_KEY, "newkey2", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); // the IT group should not have permission to create final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" }); ugi3.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.CREATE, ugi3, KMSOp.CREATE_KEY, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); }