/** {@inheritDoc} */ @Override protected FileSystem create(String usrName) throws IOException, InterruptedException { UserGroupInformation proxyUgi = UserGroupInformation.createProxyUser(usrName, user); return proxyUgi.doAs(new PrivilegedExceptionAction<FileSystem>() { @Override public FileSystem run() throws Exception { FileSystem fs = FileSystem.get(fullUri, cfg); if (workDir != null) fs.setWorkingDirectory(workDir); return fs; } }); }
private UserGroupInformation createProxyUser(String user) { return UserGroupInformation.createProxyUser(user, hadoopAuthentication.getUserGroupInformation()); } }
public static UserGroupInformation getUGI() throws LoginException, IOException { String doAs = System.getenv("HADOOP_USER_NAME"); if(doAs != null && doAs.length() > 0) { /* * this allows doAs (proxy user) to be passed along across process boundary where * delegation tokens are not supported. For example, a DDL stmt via WebHCat with * a doAs parameter, forks to 'hcat' which needs to start a Session that * proxies the end user */ return UserGroupInformation.createProxyUser(doAs, UserGroupInformation.getLoginUser()); } return UserGroupInformation.getCurrentUser(); }
public static UserGroupInformation getUGI() throws LoginException, IOException { String doAs = System.getenv("HADOOP_USER_NAME"); if (doAs != null && doAs.length() > 0) { /* * this allows doAs (proxy user) to be passed along across process boundary where * delegation tokens are not supported. For example, a DDL stmt via WebHCat with * a doAs parameter, forks to 'hcat' which needs to start a Session that * proxies the end user */ return UserGroupInformation.createProxyUser(doAs, UserGroupInformation.getLoginUser()); } return UserGroupInformation.getCurrentUser(); } /**
@Override public boolean runDistCpAs(List<Path> srcPaths, Path dst, Configuration conf, String doAsUser) throws IOException { UserGroupInformation proxyUser = UserGroupInformation.createProxyUser( doAsUser, UserGroupInformation.getLoginUser()); try { return proxyUser.doAs(new PrivilegedExceptionAction<Boolean>() { @Override public Boolean run() throws Exception { return runDistCp(srcPaths, dst, conf); } }); } catch (InterruptedException e) { throw new IOException(e); } }
public static UserGroupInformation getUgi(String user) throws IOException { UserGroupInformation ugi = userUgiMap.get(user); if (ugi == null) { //create new ugi and add to map final UserGroupInformation newUgi = UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser()); //if another thread adds an entry before the check in this one // the one created here will not be added. userUgiMap.putIfAbsent(user, newUgi); //use the UGI object that got added return userUgiMap.get(user); } return ugi; }
public static boolean runDistCpAs(List<Path> srcPaths, Path dst, Configuration conf, String doAsUser) throws IOException { UserGroupInformation proxyUser = UserGroupInformation.createProxyUser( doAsUser, UserGroupInformation.getLoginUser()); try { return proxyUser.doAs(new PrivilegedExceptionAction<Boolean>() { @Override public Boolean run() throws Exception { return runDistCp(srcPaths, dst, conf); } }); } catch (InterruptedException e) { throw new IOException(e); } }
@Override public synchronized PrivilegedExecutor proxyAs(String proxyUserName) { if (proxyUserName == null || proxyUserName.isEmpty()) { return this; } if (proxyCache.get(proxyUserName) == null) { UserGroupInformation proxyUgi; proxyUgi = UserGroupInformation.createProxyUser(proxyUserName, ugi); printUGI(proxyUgi); proxyCache.put(proxyUserName, new UGIExecutor(proxyUgi)); } return proxyCache.get(proxyUserName); }
private static UserGroupInformation loginAndProxyAsUser(@NonNull String userNameToProxyAs, @NonNull String superUserName, Path superUserKeytabLocation) throws IOException { if (!UserGroupInformation.getLoginUser().getUserName().equals(superUserName)) { Preconditions.checkNotNull(superUserKeytabLocation); UserGroupInformation.loginUserFromKeytab(superUserName, superUserKeytabLocation.toString()); } return UserGroupInformation.createProxyUser(userNameToProxyAs, UserGroupInformation.getLoginUser()); }
private static UserGroupInformation getUserGroupInfo(String user) throws ImpersonationFailed { try { return UserGroupInformation.createProxyUser( user, UserGroupInformation.getLoginUser()); } catch (IOException e) { LOG.error("Unable to get UserGroupInfo for user : " + user, e); throw new ImpersonationFailed(user,e); } }
@Override public synchronized PrivilegedExecutor proxyAs(String proxyUserName) { if (proxyUserName == null || proxyUserName.isEmpty()) { return this; } if (proxyCache.get(proxyUserName) == null) { UserGroupInformation proxyUgi; try { proxyUgi = UserGroupInformation.createProxyUser(proxyUserName, UserGroupInformation.getCurrentUser()); } catch (IOException e) { throw new SecurityException("Unable to create proxy User", e); } proxyCache.put(proxyUserName, new UGIExecutor(proxyUgi)); } return proxyCache.get(proxyUserName); }
private static void getFsAndJtTokens(final State state, final Configuration conf, final Optional<String> userToProxy, final Credentials cred) throws IOException, InterruptedException { if (userToProxy.isPresent()) { UserGroupInformation.createProxyUser(userToProxy.get(), UserGroupInformation.getLoginUser()) .doAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { getFsAndJtTokensImpl(state, conf, cred); return null; } }); } else { getFsAndJtTokensImpl(state, conf, cred); } }
final UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(topologySubmitterUser, ugi);
public static boolean isOwnerOfFileHierarchy(final FileSystem fs, final FileStatus fileStatus, final String userName, final boolean recurse) throws IOException, InterruptedException { UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(userName, UserGroupInformation.getLoginUser()); try { boolean isOwner = proxyUser.doAs(new PrivilegedExceptionAction<Boolean>() { @Override public Boolean run() throws Exception { FileSystem fsAsUser = FileSystem.get(fs.getUri(), fs.getConf()); return checkIsOwnerOfFileHierarchy(fsAsUser, fileStatus, userName, recurse); } }); return isOwner; } finally { FileSystem.closeAllForUGI(proxyUser); } }
/** * Create a {@link FileSystem} that can perform any operations allowed the by the specified userNameToProxyAs. The * method first proxies as userNameToProxyAs, and then adds the specified {@link Token} to the given * {@link UserGroupInformation} object. It then uses the {@link UserGroupInformation#doAs(PrivilegedExceptionAction)} * method to create a {@link FileSystem}. * * @param userNameToProxyAs The name of the user the super user should proxy as * @param userNameToken The {@link Token} to add to the proxied user's {@link UserGroupInformation}. * @param fsURI The {@link URI} for the {@link FileSystem} that should be created * @param conf The {@link Configuration} for the {@link FileSystem} that should be created * * @return a {@link FileSystem} that can execute commands on behalf of the specified userNameToProxyAs */ static FileSystem createProxiedFileSystemUsingToken(@NonNull String userNameToProxyAs, @NonNull Token<?> userNameToken, URI fsURI, Configuration conf) throws IOException, InterruptedException { UserGroupInformation ugi = UserGroupInformation.createProxyUser(userNameToProxyAs, UserGroupInformation.getLoginUser()); ugi.addToken(userNameToken); return ugi.doAs(new ProxiedFileSystem(fsURI, conf)); }
public void setSessionUGI(String owner) throws HiveSQLException { if (owner == null) { throw new HiveSQLException("No username provided for impersonation"); } try { sessionUgi = UserGroupInformation.createProxyUser( owner, UserGroupInformation.getLoginUser()); } catch (IOException e) { throw new HiveSQLException("Couldn't setup proxy user", e); } }
UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(topologySubmitterUser, currentUser); try { Token<DelegationTokenIdentifier> delegationTokenId =
final UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(topologySubmitterUser, ugi);
public static User toUserInfo(UserInformation userInfoProto) { if (userInfoProto.hasEffectiveUser()) { String effectiveUser = userInfoProto.getEffectiveUser(); if (userInfoProto.hasRealUser()) { String realUser = userInfoProto.getRealUser(); UserGroupInformation realUserUgi = UserGroupInformation.createRemoteUser(realUser); return User.create(UserGroupInformation.createProxyUser(effectiveUser, realUserUgi)); } return User.create(UserGroupInformation.createRemoteUser(effectiveUser)); } return null; }
public static UserGroupInformation getUgi(UserInformationProto userInfo) { UserGroupInformation ugi = null; String effectiveUser = userInfo.hasEffectiveUser() ? userInfo .getEffectiveUser() : null; String realUser = userInfo.hasRealUser() ? userInfo.getRealUser() : null; if (effectiveUser != null) { if (realUser != null) { UserGroupInformation realUserUgi = UserGroupInformation .createRemoteUser(realUser); ugi = UserGroupInformation .createProxyUser(effectiveUser, realUserUgi); } else { ugi = org.apache.hadoop.security.UserGroupInformation .createRemoteUser(effectiveUser); } } return ugi; }