@Override public FileSystem call() throws Exception { FileSystem fs = ProxiedFileSystemUtils.createProxiedFileSystem(this.userNameToProxyAs, this.properties, this.uri, this.configuration); if (this.referenceFS != null) { return decorateFilesystemFromReferenceFS(fs, this.referenceFS); } return fs; } }
@Override public FileSystem call() throws Exception { FileSystem fs = ProxiedFileSystemUtils.createProxiedFileSystemUsingKeytab(this.userNameToProxyAs, this.superUser, this.keytabLocation, this.uri, this.configuration); if (this.referenceFS != null) { return decorateFilesystemFromReferenceFS(fs, this.referenceFS); } return fs; } }
@Override public FileSystem call() throws Exception { FileSystem fs = ProxiedFileSystemUtils.createProxiedFileSystemUsingToken(this.userNameToProxyAs, this.userNameToken, this.uri, this.configuration); if (this.referenceFS != null) { return decorateFilesystemFromReferenceFS(fs, this.referenceFS); } return fs; } }
Preconditions.checkArgument(properties.containsKey(AUTH_TOKEN_PATH)); Path tokenPath = new Path(properties.getProperty(AUTH_TOKEN_PATH)); Optional<Token<?>> proxyToken = getTokenFromSeqFile(userNameToProxyAs, tokenPath); if (proxyToken.isPresent()) { try { return createProxiedFileSystemUsingToken(userNameToProxyAs, proxyToken.get(), fsURI, conf); } catch (InterruptedException e) { throw new IOException("Failed to proxy as user " + userNameToProxyAs, e); Path keytabPath = new Path(properties.getProperty(ConfigurationKeys.SUPER_USER_KEY_TAB_LOCATION)); try { return createProxiedFileSystemUsingKeytab(userNameToProxyAs, superUserName, keytabPath, fsURI, conf); } catch (InterruptedException e) { throw new IOException("Failed to proxy as user " + userNameToProxyAs, e);
/** * Returns true if superUserName can proxy as userNameToProxyAs using the specified superUserKeytabLocation, false * otherwise. */ public static boolean canProxyAs(String userNameToProxyAs, String superUserName, Path superUserKeytabLocation) { try { loginAndProxyAsUser(userNameToProxyAs, superUserName, superUserKeytabLocation); } catch (IOException e) { return false; } return true; }
private static FileSystem getWriterFsUsingToken(State state, URI uri) throws IOException { try { String user = state.getProp(ConfigurationKeys.FS_PROXY_AS_USER_NAME); Optional<Token<?>> token = ProxiedFileSystemUtils .getTokenFromSeqFile(user, new Path(state.getProp(ConfigurationKeys.FS_PROXY_AS_USER_TOKEN_FILE))); if (!token.isPresent()) { throw new IOException("No token found for user " + user); } return ProxiedFileSystemCache.fromToken().userNameToken(token.get()) .userNameToProxyAs(state.getProp(ConfigurationKeys.FS_PROXY_AS_USER_NAME)).fsURI(uri) .conf(HadoopUtils.newConfiguration()).build(); } catch (ExecutionException e) { throw new IOException(e); } }
/** * Creates a {@link FileSystem} that can perform any operations allowed by the specified userNameToProxyAs. This * method first logs in as the specified super user. If Hadoop security is enabled, then logging in entails * authenticating via Kerberos. So logging in requires contacting the Kerberos infrastructure. A proxy user is then * created on behalf of the logged in user, and a {@link FileSystem} object is created using the proxy user's UGI. * * @param userNameToProxyAs The name of the user the super user should proxy as * @param superUserName The name of the super user with secure impersonation priveleges * @param superUserKeytabLocation The location of the keytab file for the super user * @param fsURI The {@link URI} for the {@link FileSystem} that should be created * @param conf The {@link Configuration} for the {@link FileSystem} that should be created * * @return a {@link FileSystem} that can execute commands on behalf of the specified userNameToProxyAs */ static FileSystem createProxiedFileSystemUsingKeytab(String userNameToProxyAs, String superUserName, Path superUserKeytabLocation, URI fsURI, Configuration conf) throws IOException, InterruptedException { return loginAndProxyAsUser(userNameToProxyAs, superUserName, superUserKeytabLocation) .doAs(new ProxiedFileSystem(fsURI, conf)); }
/** * Create a {@link FileSystem} that can perform any operations allowed the by the specified userNameToProxyAs. This * method uses the {@link #createProxiedFileSystemUsingKeytab(String, String, Path, URI, Configuration)} object to perform * all its work. A specific set of configuration keys are required to be set in the given {@link State} object: * * <ul> * <li>{@link ConfigurationKeys#FS_PROXY_AS_USER_NAME} specifies the user name to proxy as</li> * <li>{@link ConfigurationKeys#SUPER_USER_NAME_TO_PROXY_AS_OTHERS} specifies the name of the user with secure * impersonation priveleges</li> * <li>{@link ConfigurationKeys#SUPER_USER_KEY_TAB_LOCATION} specifies the location of the super user's keytab file</li> * <ul> * * @param state The {@link State} object that contains all the necessary key, value pairs for * {@link #createProxiedFileSystemUsingKeytab(String, String, Path, URI, Configuration)} * @param fsURI The {@link URI} for the {@link FileSystem} that should be created * @param conf The {@link Configuration} for the {@link FileSystem} that should be created * * @return a {@link FileSystem} that can execute commands on behalf of the specified userNameToProxyAs */ static FileSystem createProxiedFileSystemUsingKeytab(State state, URI fsURI, Configuration conf) throws IOException, InterruptedException { Preconditions.checkArgument(state.contains(ConfigurationKeys.FS_PROXY_AS_USER_NAME)); Preconditions.checkArgument(state.contains(ConfigurationKeys.SUPER_USER_NAME_TO_PROXY_AS_OTHERS)); Preconditions.checkArgument(state.contains(ConfigurationKeys.SUPER_USER_KEY_TAB_LOCATION)); return createProxiedFileSystemUsingKeytab(state.getProp(ConfigurationKeys.FS_PROXY_AS_USER_NAME), state.getProp(ConfigurationKeys.SUPER_USER_NAME_TO_PROXY_AS_OTHERS), new Path(state.getProp(ConfigurationKeys.SUPER_USER_KEY_TAB_LOCATION)), fsURI, conf); }