List of usage examples for org.apache.hadoop.security UserGroupInformation doAs
@InterfaceAudience.Public @InterfaceStability.Evolving public <T> T doAs(PrivilegedExceptionAction<T> action) throws IOException, InterruptedException
From source file:org.apache.hcatalog.templeton.LauncherDelegator.java
License:Apache License
private String queueAsUser(UserGroupInformation ugi, final List<String> args) throws IOException, InterruptedException { String id = ugi.doAs(new PrivilegedExceptionAction<String>() { public String run() throws Exception { String[] array = new String[args.size()]; TempletonControllerJob ctrl = new TempletonControllerJob(); ToolRunner.run(ctrl, args.toArray(array)); return ctrl.getSubmittedId(); }//from w w w . j av a 2s . c o m }); return id; }
From source file:org.apache.hcatalog.templeton.SecureProxySupport.java
License:Apache License
private Token<?> getFSDelegationToken(String user, final Configuration conf) throws IOException, InterruptedException { LOG.info("user: " + user + " loginUser: " + UserGroupInformation.getLoginUser().getUserName()); final UserGroupInformation ugi = UgiFactory.getUgi(user); final TokenWrapper twrapper = new TokenWrapper(); ugi.doAs(new PrivilegedExceptionAction<Object>() { public Object run() throws IOException { FileSystem fs = FileSystem.get(conf); twrapper.token = fs.getDelegationToken(ugi.getShortUserName()); return null; }//from w w w . j a v a 2s. c om }); return twrapper.token; }
From source file:org.apache.hcatalog.templeton.SecureProxySupport.java
License:Apache License
private void writeProxyDelegationTokens(final Token<?> fsToken, final Token<?> msToken, final Configuration conf, String user, final Path tokenPath) throws IOException, InterruptedException { LOG.info("user: " + user + " loginUser: " + UserGroupInformation.getLoginUser().getUserName()); final UserGroupInformation ugi = UgiFactory.getUgi(user); ugi.doAs(new PrivilegedExceptionAction<Object>() { public Object run() throws IOException { Credentials cred = new Credentials(); cred.addToken(fsToken.getService(), fsToken); cred.addToken(msToken.getService(), msToken); cred.writeTokenStorageFile(tokenPath, conf); return null; }/*from w w w .j a v a 2 s.com*/ }); }
From source file:org.apache.hcatalog.templeton.SecureProxySupport.java
License:Apache License
private String buildHcatDelegationToken(String user) throws IOException, InterruptedException, MetaException, TException { HiveConf c = new HiveConf(); final HiveMetaStoreClient client = new HiveMetaStoreClient(c); LOG.info("user: " + user + " loginUser: " + UserGroupInformation.getLoginUser().getUserName()); final TokenWrapper twrapper = new TokenWrapper(); final UserGroupInformation ugi = UgiFactory.getUgi(user); String s = ugi.doAs(new PrivilegedExceptionAction<String>() { public String run() throws IOException, MetaException, TException { String u = ugi.getUserName(); return client.getDelegationToken(u); }//from w ww .j a v a 2s .c om }); return s; }
From source file:org.apache.hcatalog.templeton.tool.TempletonUtils.java
License:Apache License
public static Path hadoopFsPath(String fname, Configuration conf, String user) throws URISyntaxException, FileNotFoundException, IOException, InterruptedException { if (fname == null || conf == null) { return null; }/*from w w w . j a va 2 s .c o m*/ final Configuration fConf = new Configuration(conf); final String finalFName = new String(fname); UserGroupInformation ugi = UserGroupInformation.getLoginUser(); final FileSystem defaultFs = ugi.doAs(new PrivilegedExceptionAction<FileSystem>() { public FileSystem run() throws URISyntaxException, FileNotFoundException, IOException, InterruptedException { return FileSystem.get(new URI(finalFName), fConf); } }); URI u = new URI(fname); Path p = new Path(u).makeQualified(defaultFs); if (hadoopFsIsMissing(defaultFs, p)) throw new FileNotFoundException("File " + fname + " does not exist."); return p; }
From source file:org.apache.hive.hcatalog.streaming.AbstractRecordWriter.java
License:Apache License
protected AbstractRecordWriter(HiveEndPoint endPoint2, HiveConf conf, StreamingConnection conn) throws StreamingException { this.endPoint = endPoint2; this.conf = conf != null ? conf : HiveEndPoint.createHiveConf(DelimitedInputWriter.class, endPoint.metaStoreUri); try {/* www.ja v a2 s.c o m*/ msClient = HCatUtil.getHiveMetastoreClient(this.conf); UserGroupInformation ugi = conn != null ? conn.getUserGroupInformation() : null; if (ugi == null) { this.tbl = msClient.getTable(endPoint.database, endPoint.table); this.partitionPath = getPathForEndPoint(msClient, endPoint); } else { TableWriterPair twp = ugi.doAs(new PrivilegedExceptionAction<TableWriterPair>() { @Override public TableWriterPair run() throws Exception { return new TableWriterPair(msClient.getTable(endPoint.database, endPoint.table), getPathForEndPoint(msClient, endPoint)); } }); this.tbl = twp.tbl; this.partitionPath = twp.partitionPath; } this.totalBuckets = tbl.getSd().getNumBuckets(); if (totalBuckets <= 0) { throw new StreamingException("Cannot stream to table that has not been bucketed : " + endPoint); } this.bucketIds = getBucketColIDs(tbl.getSd().getBucketCols(), tbl.getSd().getCols()); this.bucketFieldData = new Object[bucketIds.size()]; String outFormatName = this.tbl.getSd().getOutputFormat(); outf = (AcidOutputFormat<?, ?>) ReflectionUtils.newInstance(JavaUtils.loadClass(outFormatName), conf); bucketFieldData = new Object[bucketIds.size()]; } catch (InterruptedException e) { throw new StreamingException(endPoint2.toString(), e); } catch (MetaException | NoSuchObjectException e) { throw new ConnectionError(endPoint2, e); } catch (TException | ClassNotFoundException | IOException e) { throw new StreamingException(e.getMessage(), e); } }
From source file:org.apache.hive.hcatalog.streaming.HiveEndPoint.java
License:Apache License
/** * Acquire a new connection to MetaStore for streaming. To connect using Kerberos, * 'authenticatedUser' argument should have been used to do a kerberos login. Additionally the * 'hive.metastore.kerberos.principal' setting should be set correctly either in hive-site.xml or * in the 'conf' argument (if not null). If using hive-site.xml, it should be in classpath. * * @param createPartIfNotExists If true, the partition specified in the endpoint * will be auto created if it does not exist * @param conf HiveConf object to be used for the connection. Can be null. * @param authenticatedUser UserGroupInformation object obtained from successful authentication. * Uses non-secure mode if this argument is null. * @param agentInfo should uniquely identify the process/entity that is using this batch. This * should be something that can be correlated with calling application log files * and/or monitoring consoles. * @return//from w w w .j a va 2 s . c o m * @throws ConnectionError if there is a connection problem * @throws InvalidPartition if specified partition is not valid (createPartIfNotExists = false) * @throws ImpersonationFailed if not able to impersonate 'username' * @throws PartitionCreationFailed if failed to create partition * @throws InterruptedException */ public StreamingConnection newConnection(final boolean createPartIfNotExists, final HiveConf conf, final UserGroupInformation authenticatedUser, final String agentInfo) throws ConnectionError, InvalidPartition, InvalidTable, PartitionCreationFailed, ImpersonationFailed, InterruptedException { if (authenticatedUser == null) { return newConnectionImpl(authenticatedUser, createPartIfNotExists, conf, agentInfo); } try { return authenticatedUser.doAs(new PrivilegedExceptionAction<StreamingConnection>() { @Override public StreamingConnection run() throws ConnectionError, InvalidPartition, InvalidTable, PartitionCreationFailed { return newConnectionImpl(authenticatedUser, createPartIfNotExists, conf, agentInfo); } }); } catch (IOException e) { throw new ConnectionError("Failed to connect as : " + authenticatedUser.getShortUserName(), e); } }
From source file:org.apache.hive.hcatalog.streaming.mutate.UgiMetaStoreClientFactory.java
License:Apache License
private IMetaStoreClient createProxy(final IMetaStoreClient delegate, final String user, final UserGroupInformation authenticatedUser) { InvocationHandler handler = new AbstractInvocationHandler() { @Override/*from w w w . j a v a 2 s.c o m*/ protected Object handleInvocation(Object proxy, final Method method, final Object[] args) throws Throwable { try { if (!I_META_STORE_CLIENT_METHODS.contains(method) || authenticatedUser == null) { return method.invoke(delegate, args); } try { return authenticatedUser.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { return method.invoke(delegate, args); } }); } catch (IOException | InterruptedException e) { throw new TException("PrivilegedExceptionAction failed as user '" + user + "'.", e); } } catch (UndeclaredThrowableException | InvocationTargetException e) { throw e.getCause(); } } }; ClassLoader classLoader = IMetaStoreClient.class.getClassLoader(); Class<?>[] interfaces = new Class<?>[] { IMetaStoreClient.class }; Object proxy = Proxy.newProxyInstance(classLoader, interfaces, handler); return IMetaStoreClient.class.cast(proxy); }
From source file:org.apache.hive.hcatalog.templeton.LauncherDelegator.java
License:Apache License
private String queueAsUser(UserGroupInformation ugi, final List<String> args) throws IOException, InterruptedException { if (LOG.isDebugEnabled()) { LOG.debug("Launching job: " + args); }// ww w . j av a 2s .c o m return ugi.doAs(new PrivilegedExceptionAction<String>() { public String run() throws Exception { String[] array = new String[args.size()]; TempletonControllerJob ctrl = new TempletonControllerJob(secureMeatastoreAccess, appConf); ToolRunner.run(ctrl, args.toArray(array)); return ctrl.getSubmittedId(); } }); }
From source file:org.apache.hive.hcatalog.templeton.SecureProxySupport.java
License:Apache License
private Token<?>[] getFSDelegationToken(String user, final Configuration conf) throws IOException, InterruptedException { LOG.info("user: " + user + " loginUser: " + UserGroupInformation.getLoginUser().getUserName()); final UserGroupInformation ugi = UgiFactory.getUgi(user); final TokenWrapper twrapper = new TokenWrapper(); ugi.doAs(new PrivilegedExceptionAction<Object>() { public Object run() throws IOException, URISyntaxException { Credentials creds = new Credentials(); //get Tokens for default FS. Not all FSs support delegation tokens, e.g. WASB collectTokens(FileSystem.get(conf), twrapper, creds, ugi.getShortUserName()); //get tokens for all other known FSs since Hive tables may result in different ones //passing "creds" prevents duplicate tokens from being added Collection<String> URIs = conf.getStringCollection("mapreduce.job.hdfs-servers"); for (String uri : URIs) { LOG.debug("Getting tokens for " + uri); collectTokens(FileSystem.get(new URI(uri), conf), twrapper, creds, ugi.getShortUserName()); }/*w w w. jav a 2s. co m*/ return null; } }); return twrapper.tokens; }