List of usage examples for org.apache.hadoop.security UserGroupInformation getBestUGI
public static UserGroupInformation getBestUGI(String ticketCachePath, String user) throws IOException
From source file:org.apache.ambari.view.slider.SliderAppsViewControllerImpl.java
License:Apache License
private <T> T invokeHDFSClientRunnable(final HDFSClientRunnable<T> runnable, final Map<String, String> hadoopConfigs) throws IOException, InterruptedException { ClassLoader currentClassLoader = Thread.currentThread().getContextClassLoader(); Thread.currentThread().setContextClassLoader(getClass().getClassLoader()); try {/*from w w w .j ava2s . co m*/ boolean securityEnabled = Boolean.valueOf(hadoopConfigs.get("security_enabled")); final HdfsConfiguration hdfsConfiguration = new HdfsConfiguration(); for (Entry<String, String> entry : hadoopConfigs.entrySet()) { hdfsConfiguration.set(entry.getKey(), entry.getValue()); } UserGroupInformation.setConfiguration(hdfsConfiguration); UserGroupInformation sliderUser; String loggedInUser = getUserToRunAs(hadoopConfigs); if (securityEnabled) { String viewPrincipal = getViewParameterValue(PARAM_VIEW_PRINCIPAL); String viewPrincipalKeytab = getViewParameterValue(PARAM_VIEW_PRINCIPAL_KEYTAB); UserGroupInformation ambariUser = UserGroupInformation .loginUserFromKeytabAndReturnUGI(viewPrincipal, viewPrincipalKeytab); if (loggedInUser.equals(ambariUser.getShortUserName())) { // HDFS throws exception when caller tries to impresonate themselves. // User: admin@EXAMPLE.COM is not allowed to impersonate admin sliderUser = ambariUser; } else { sliderUser = UserGroupInformation.createProxyUser(loggedInUser, ambariUser); } } else { sliderUser = UserGroupInformation.getBestUGI(null, loggedInUser); } try { T value = sliderUser.doAs(new PrivilegedExceptionAction<T>() { @Override public T run() throws Exception { String fsPath = hadoopConfigs.get("fs.defaultFS"); FileSystem fs = FileSystem.get(URI.create(fsPath), hdfsConfiguration); try { return runnable.run(fs); } finally { fs.close(); } } }); return value; } catch (UndeclaredThrowableException e) { throw e; } } finally { Thread.currentThread().setContextClassLoader(currentClassLoader); } }
From source file:org.apache.ambari.view.slider.SliderAppsViewControllerImpl.java
License:Apache License
private <T> T invokeSliderClientRunnable(final SliderClientContextRunnable<T> runnable) throws IOException, InterruptedException, YarnException { ClassLoader currentClassLoader = Thread.currentThread().getContextClassLoader(); Thread.currentThread().setContextClassLoader(getClass().getClassLoader()); try {//from www. j av a 2 s .c om boolean securityEnabled = Boolean.valueOf(getHadoopConfigs().get("security_enabled")); UserGroupInformation.setConfiguration(getSliderClientConfiguration()); UserGroupInformation sliderUser; String loggedInUser = getUserToRunAs(); if (securityEnabled) { String viewPrincipal = getViewParameterValue(PARAM_VIEW_PRINCIPAL); String viewPrincipalKeytab = getViewParameterValue(PARAM_VIEW_PRINCIPAL_KEYTAB); UserGroupInformation ambariUser = UserGroupInformation .loginUserFromKeytabAndReturnUGI(viewPrincipal, viewPrincipalKeytab); if (loggedInUser.equals(ambariUser.getShortUserName())) { // HDFS throws exception when caller tries to impresonate themselves. // User: admin@EXAMPLE.COM is not allowed to impersonate admin sliderUser = ambariUser; } else { sliderUser = UserGroupInformation.createProxyUser(loggedInUser, ambariUser); } } else { sliderUser = UserGroupInformation.getBestUGI(null, loggedInUser); } try { T value = sliderUser.doAs(new PrivilegedExceptionAction<T>() { @Override public T run() throws Exception { final SliderClient sliderClient = createSliderClient(); try { return runnable.run(sliderClient); } finally { destroySliderClient(sliderClient); } } }); return value; } catch (UndeclaredThrowableException e) { Throwable cause = e.getCause(); if (cause instanceof YarnException) { YarnException ye = (YarnException) cause; throw ye; } throw e; } } finally { Thread.currentThread().setContextClassLoader(currentClassLoader); } }
From source file:org.apache.beam.sdk.io.hdfs.UGIHelper.java
License:Apache License
/** * Find the most appropriate UserGroupInformation to use. * @param username the user name, or NULL if none is specified. * @return the most appropriate UserGroupInformation *///from w ww . j a va2s . c o m public static UserGroupInformation getBestUGI(@Nullable String username) throws IOException { return UserGroupInformation.getBestUGI(null, username); }
From source file:org.apache.ignite.internal.processors.hadoop.impl.igfs.HadoopIgfs20FileSystemAbstractSelfTest.java
License:Apache License
/** {@inheritDoc} */ @Override/*from w w w . j a v a2 s. c o m*/ protected void beforeTest() throws Exception { primaryFsUri = new URI(primaryFileSystemUriPath()); primaryFsCfg = new Configuration(); primaryFsCfg.addResource(U.resolveIgniteUrl(primaryFileSystemConfigPath())); UserGroupInformation ugi = UserGroupInformation.getBestUGI(null, getClientFsUser()); // Create Fs on behalf of the client user: ugi.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { fs = AbstractFileSystem.get(primaryFsUri, primaryFsCfg); return null; } }); barrier = new CyclicBarrier(THREAD_CNT); }
From source file:org.apache.ignite.internal.processors.hadoop.impl.igfs.IgniteHadoopFileSystemAbstractSelfTest.java
License:Apache License
/** {@inheritDoc} */ @Override/* www. j a va 2s . c o m*/ protected void beforeTest() throws Exception { primaryFsUri = new URI(PRIMARY_URI); primaryFsCfg = configuration(PRIMARY_AUTHORITY, skipEmbed, skipLocShmem); UserGroupInformation clientUgi = UserGroupInformation.getBestUGI(null, getClientFsUser()); assertNotNull(clientUgi); // Create the Fs on behalf of the specific user: clientUgi.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { fs = FileSystem.get(primaryFsUri, primaryFsCfg); return null; } }); barrier = new CyclicBarrier(THREAD_CNT); }
From source file:org.apache.ignite.internal.processors.hadoop.impl.v2.HadoopV2TaskContext.java
License:Apache License
/** {@inheritDoc} */ @Override/*from ww w.j av a2 s . c o m*/ public <T> T runAsJobOwner(final Callable<T> c) throws IgniteCheckedException { String user = job.info().user(); user = IgfsUtils.fixUserName(user); assert user != null; String ugiUser; try { UserGroupInformation currUser = UserGroupInformation.getCurrentUser(); assert currUser != null; ugiUser = currUser.getShortUserName(); } catch (IOException ioe) { throw new IgniteCheckedException(ioe); } try { if (F.eq(user, ugiUser)) // if current UGI context user is the same, do direct call: return c.call(); else { UserGroupInformation ugi = UserGroupInformation.getBestUGI(null, user); return ugi.doAs(new PrivilegedExceptionAction<T>() { @Override public T run() throws Exception { return c.call(); } }); } } catch (Exception e) { throw new IgniteCheckedException(e); } }
From source file:org.trustedanalytics.auth.gateway.configuration.simple.SimpleAuthenticator.java
License:Apache License
@Override public UserGroupInformation getUserUGI() throws LoginException, IOException, KrbException { return UserGroupInformation.getBestUGI(null, config.getSuperUser()); }
From source file:org.trustedanalytics.servicebroker.gearpump.yarn.YarnClientFactory.java
License:Apache License
public YarnClient getYarnClient() throws IOException, LoginException { kerberosService.login();//from w w w .j a v a 2s.c om String ticketCachePath = yarnConfiguration.get(CommonConfigurationKeys.KERBEROS_TICKET_CACHE_PATH); UserGroupInformation ugi = UserGroupInformation.getBestUGI(ticketCachePath, kerberosService.getKerberosProperties().getUser()); YarnClient yarnClient = new DelegatingYarnClient(YarnClient.createYarnClient(), new UgiWrapper(ugi)); yarnClient.init(yarnConfiguration); yarnClient.start(); return yarnClient; }
From source file:org.trustedanalytics.servicebroker.h2oprovisioner.cdhclients.DeprovisionerYarnClientProvider.java
License:Apache License
public DeprovisionerYarnClient getClient(String user, Configuration hadoopConf) throws IOException { String ticketCachePath = hadoopConf.get("hadoop.security.kerberos.ticket.cache.path"); UserGroupInformation ugi = UserGroupInformation.getBestUGI(ticketCachePath, user); UserGroupInformation.setLoginUser(ugi); YarnClient client = new DelegatingYarnClient(YarnClient.createYarnClient(), new UgiWrapper(ugi)); client.init(hadoopConf);// w ww.ja va 2 s.c om return new DeprovisionerYarnClient(client); }
From source file:org.trustedanalytics.servicebroker.hive.config.KerberosDataSource.java
License:Apache License
@Override public Connection getConnection() { try {/*from w ww .j a va2s .c om*/ Subject subject = loginManager.loginWithKeyTab(user, keyTabLocation); loginManager.loginInHadoop(subject, hadoopConf); UserGroupInformation ugi = UserGroupInformation.getBestUGI(hadoopConf.get(TICKET_CACHE_PATH_PARAM), user); return getConnection(ugi); } catch (LoginException | PrivilegedActionException | KrbException | IOException | InterruptedException e) { throw new IllegalStateException( String.format("Could not login %s with keytab %s", user, keyTabLocation), e); } }