public Map<String, String> getSystemProperties(Id.Program id) throws IOException, NamespaceNotFoundException { Map<String, String> systemArgs = Maps.newHashMap(); systemArgs.put(Constants.CLUSTER_NAME, cConf.get(Constants.CLUSTER_NAME, "")); systemArgs.put(Constants.AppFabric.APP_SCHEDULER_QUEUE, queueResolver.getQueue(id.getNamespace())); if (SecurityUtil.isKerberosEnabled(cConf)) { ImpersonationInfo impersonationInfo = SecurityUtil.createImpersonationInfo(ownerAdmin, cConf, id.toEntityId()); systemArgs.put(ProgramOptionConstants.PRINCIPAL, impersonationInfo.getPrincipal()); systemArgs.put(ProgramOptionConstants.APP_PRINCIPAL_EXISTS, String.valueOf(ownerAdmin.exists(id.toEntityId().getParent()))); } return systemArgs; } }
/** * This has the logic to construct an impersonation info as follows: * <ul> * <li>If the ownerAdmin has an owner and a keytab URI, return this information</li> * <li>Else the ownerAdmin does not have an owner for this entity. * Return the master impersonation info as found in the cConf</li> * </ul> */ public static ImpersonationInfo createImpersonationInfo(OwnerAdmin ownerAdmin, CConfiguration cConf, NamespacedEntityId entityId) throws IOException { ImpersonationInfo impersonationInfo = ownerAdmin.getImpersonationInfo(entityId); if (impersonationInfo == null) { return new ImpersonationInfo(getMasterPrincipal(cConf), getMasterKeytabURI(cConf)); } return impersonationInfo; }
@Override public final UGIWithPrincipal getConfiguredUGI(ImpersonationRequest impersonationRequest) throws IOException { try { UGIWithPrincipal ugi = impersonationRequest.getImpersonatedOpType().equals(ImpersonatedOpType.EXPLORE) || impersonationRequest.getPrincipal() == null ? null : ugiCache.getIfPresent(new UGICacheKey(impersonationRequest)); if (ugi != null) { return ugi; } boolean isCache = checkExploreAndDetermineCache(impersonationRequest); ImpersonationInfo info = getPrincipalForEntity(impersonationRequest); ImpersonationRequest newRequest = new ImpersonationRequest(impersonationRequest.getEntityId(), impersonationRequest.getImpersonatedOpType(), info.getPrincipal(), info.getKeytabURI()); return isCache ? ugiCache.get(new UGICacheKey(newRequest)) : createUGI(newRequest); } catch (ExecutionException e) { Throwable cause = e.getCause(); // Propagate if the cause is an IOException or RuntimeException Throwables.propagateIfPossible(cause, IOException.class); // Otherwise always wrap it with IOException throw new IOException(cause); } }
public Map<String, String> getSystemProperties(Id.Program id) throws IOException, NamespaceNotFoundException { Map<String, String> systemArgs = Maps.newHashMap(); systemArgs.put(Constants.CLUSTER_NAME, cConf.get(Constants.CLUSTER_NAME, "")); systemArgs.put(Constants.AppFabric.APP_SCHEDULER_QUEUE, queueResolver.getQueue(id.getNamespace())); if (SecurityUtil.isKerberosEnabled(cConf)) { ImpersonationInfo impersonationInfo = SecurityUtil.createImpersonationInfo(ownerAdmin, cConf, id.toEntityId()); systemArgs.put(ProgramOptionConstants.PRINCIPAL, impersonationInfo.getPrincipal()); systemArgs.put(ProgramOptionConstants.APP_PRINCIPAL_EXISTS, String.valueOf(ownerAdmin.exists(id.toEntityId().getParent()))); } return systemArgs; } }
@Nullable @Override public ImpersonationInfo getImpersonationInfo(NamespacedEntityId entityId) throws IOException { entityId = getEffectiveEntity(entityId); if (!entityId.getEntityType().equals(EntityType.NAMESPACE)) { KerberosPrincipalId effectiveOwner = ownerStore.getOwner(entityId); if (effectiveOwner != null) { return new ImpersonationInfo(effectiveOwner.getPrincipal(), SecurityUtil.getKeytabURIforPrincipal(effectiveOwner.getPrincipal(), cConf)); } } // (CDAP-8176) Since no owner was found for the entity return namespace principal if present. NamespaceConfig nsConfig = getNamespaceConfig(entityId.getNamespaceId()); return nsConfig.getPrincipal() == null ? null : new ImpersonationInfo(nsConfig.getPrincipal(), nsConfig.getKeytabURI()); }