List of usage examples for org.apache.hadoop.security UserGroupInformation setLoginUser
@InterfaceAudience.Private @InterfaceStability.Unstable @VisibleForTesting public static void setLoginUser(UserGroupInformation ugi)
From source file:org.apache.sentry.tests.e2e.solr.SolrSentryServiceTestBase.java
License:Apache License
@BeforeClass public static void setupClass() throws Exception { Path testDataPath = createTempDir("solr-integration-db-"); try {//from ww w . j a v a 2 s. c om sentrySvc = new TestSentryServer(testDataPath, getUserGroupMappings()); sentrySvc.startSentryService(); sentryClient = sentrySvc.connectToSentryService(); log.info("Successfully started Sentry service"); } catch (Exception ex) { log.error("Unexpected exception while starting Sentry service", ex); throw ex; } for (int i = 0; i < 4; i++) { sentryClient.createRole(TestSentryServer.ADMIN_USER, "role" + i, COMPONENT_SOLR); sentryClient.grantRoleToGroups(TestSentryServer.ADMIN_USER, "role" + i, COMPONENT_SOLR, Collections.singleton("group" + i)); } log.info("Successfully created roles in Sentry service"); sentryClient.createRole(TestSentryServer.ADMIN_USER, ADMIN_ROLE, COMPONENT_SOLR); sentryClient.grantRoleToGroups(TestSentryServer.ADMIN_USER, ADMIN_ROLE, COMPONENT_SOLR, Collections.singleton(TestSentryServer.ADMIN_GROUP)); grantAdminPrivileges(TestSentryServer.ADMIN_USER, ADMIN_ROLE, SolrConstants.ALL, SolrConstants.ALL); log.info("Successfully granted admin privileges to " + ADMIN_ROLE); System.setProperty(SENTRY_SITE_LOC_SYSPROP, sentrySvc.getSentrySitePath().toString()); // set the solr for the loginUser and belongs to solr group // Note - Solr/Sentry unit tests don't use Hadoop authentication framework. Hence the // UserGroupInformation is not available when the request is being processed by the Solr server. // The document level security search component requires this UserGroupInformation while querying // the roles associated with the user. Please refer to implementation of // SentryGenericProviderBackend#getRoles(...) method. Hence this is a workaround to satisfy this requirement. UserGroupInformation .setLoginUser(UserGroupInformation.createUserForTesting("solr", new String[] { "solr" })); try { configureCluster(NUM_SERVERS).withSecurityJson(TEST_PATH().resolve("security").resolve("security.json")) .addConfig("cloud-minimal", TEST_PATH().resolve("configsets").resolve("cloud-minimal").resolve("conf")) .addConfig("cloud-managed", TEST_PATH().resolve("configsets").resolve("cloud-managed").resolve("conf")) .addConfig("cloud-minimal_doc_level_security", TEST_PATH().resolve("configsets").resolve("cloud-minimal_doc_level_security") .resolve("conf")) .addConfig("cloud-minimal_subset_match", TEST_PATH().resolve("configsets").resolve("cloud-minimal_subset_match").resolve("conf")) .addConfig("cloud-minimal_subset_match_missing_false", TEST_PATH().resolve("configsets").resolve("cloud-minimal_subset_match_missing_false") .resolve("conf")) .addConfig("cloud-minimal_abac", TEST_PATH().resolve("configsets").resolve("cloud-minimal_abac").resolve("conf")) .configure(); log.info("Successfully started Solr service"); } catch (Exception ex) { log.error("Unexpected exception while starting SolrCloud", ex); throw ex; } log.info("Successfully setup Solr with Sentry service"); }
From source file:org.trustedanalytics.servicebroker.h2oprovisioner.cdhclients.DeprovisionerYarnClientProvider.java
License:Apache License
public DeprovisionerYarnClient getClient(String user, Configuration hadoopConf) throws IOException { String ticketCachePath = hadoopConf.get("hadoop.security.kerberos.ticket.cache.path"); UserGroupInformation ugi = UserGroupInformation.getBestUGI(ticketCachePath, user); UserGroupInformation.setLoginUser(ugi); YarnClient client = new DelegatingYarnClient(YarnClient.createYarnClient(), new UgiWrapper(ugi)); client.init(hadoopConf);// ww w.j ava 2 s. co m return new DeprovisionerYarnClient(client); }