• Home
• io.cdap.cdap
• cdap-app-fabric
• 6.8.3
• source code
• ImpersonatedTwillPreparer.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.cdap.cdap.app.guice.ImpersonatedTwillPreparer Maven / Gradle / Ivy

/*
 * Copyright © 2016-2017 Cask Data, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */

package io.cdap.cdap.app.guice;

import com.google.common.base.Throwables;
import io.cdap.cdap.internal.app.runtime.distributed.ForwardingTwillPreparer;
import io.cdap.cdap.proto.id.ProgramId;
import io.cdap.cdap.security.TokenSecureStoreRenewer;
import io.cdap.cdap.security.impersonation.Impersonator;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.twill.api.TwillController;
import org.apache.twill.api.TwillPreparer;
import org.apache.twill.yarn.YarnSecureStore;

import java.lang.reflect.Method;
import java.util.concurrent.TimeUnit;

/**
 * A {@link TwillPreparer} wrapper that provides impersonation support.
 */
final class ImpersonatedTwillPreparer extends ForwardingTwillPreparer {

  private final Configuration hConf;
  private final TwillPreparer delegate;
  private final Impersonator impersonator;
  private final ProgramId programId;
  private final TokenSecureStoreRenewer secureStoreRenewer;

  ImpersonatedTwillPreparer(Configuration hConf, TwillPreparer delegate, Impersonator impersonator,
                            TokenSecureStoreRenewer secureStoreRenewer, ProgramId programId) {
    this.hConf = hConf;
    this.delegate = delegate;
    this.impersonator = impersonator;
    this.programId = programId;
    this.secureStoreRenewer = secureStoreRenewer;
  }

  @Override
  public TwillPreparer getDelegate() {
    return delegate;
  }

  @Override
  public TwillController start(final long timeout, final TimeUnit timeoutUnit) {
    try {
      return impersonator.doAs(programId, () -> {
        // Add secure tokens
        if (isHBaseSecurityEnabled() || UserGroupInformation.isSecurityEnabled()) {
          addSecureStore(YarnSecureStore.create(secureStoreRenewer.createCredentials()));
        }
        return new ImpersonatedTwillController(delegate.start(timeout, timeoutUnit),
                                               impersonator, programId);
      });
    } catch (Exception e) {
      throw Throwables.propagate(e);
    }
  }

  /**
   * Determines if HBase security is enabled. This method uses reflection to invoke HBase case so that
   * we can ignore if HBase is not present in the current environment.
   */
  private boolean isHBaseSecurityEnabled() {
    try {
      Class hbaseUser = Class.forName("org.apache.hadoop.hbase.security.User");
      Method method = hbaseUser.getMethod("isHBaseSecurityEnabled", Configuration.class);
      return (boolean) method.invoke(null, hConf);
    } catch (Exception e) {
      return false;
    }
  }
}