Source code

001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *      http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018
019package org.apache.oozie.action.hadoop;
020
021import java.io.IOException;
022import java.security.PrivilegedExceptionAction;
023import java.util.Map;
024
025import org.apache.hadoop.conf.Configuration;
026import org.apache.hadoop.hbase.HBaseConfiguration;
027import org.apache.hadoop.hbase.security.User;
028import org.apache.hadoop.hbase.security.token.AuthenticationTokenIdentifier;
029import org.apache.hadoop.hbase.security.token.TokenUtil;
030import org.apache.hadoop.mapred.JobConf;
031import org.apache.oozie.action.ActionExecutor.Context;
032import org.apache.oozie.action.hadoop.Credentials;
033import org.apache.oozie.action.hadoop.CredentialsProperties;
034import org.apache.oozie.util.XLog;
035import org.apache.hadoop.security.UserGroupInformation;
036import org.apache.hadoop.security.token.Token;
037import org.apache.hadoop.security.token.TokenIdentifier;
038
039
040/**
041 * Hbase Credentials implementation to store in jobConf
042 * The jobConf is used further to pass credentials to the tasks while running
043 * Oozie server should be configured to use this Credentials class by including it via property 'oozie.credentials.credentialclasses'
044 *
045 */
046public class HbaseCredentials extends Credentials {
047
048
049    /* (non-Javadoc)
050     * @see org.apache.oozie.action.hadoop.Credentials#addtoJobConf(org.apache.hadoop.mapred.JobConf, org.apache.oozie.action.hadoop.CredentialsProperties, org.apache.oozie.action.ActionExecutor.Context)
051     */
052    @Override
053    public void addtoJobConf(JobConf jobConf, CredentialsProperties props, Context context) throws Exception {
054        try {
055            copyHbaseConfToJobConf(jobConf, props);
056            obtainToken(jobConf, context);
057        }
058        catch (Exception e) {
059            XLog.getLog(getClass()).warn("Exception in receiving hbase credentials", e);
060            throw e;
061        }
062    }
063
064    void copyHbaseConfToJobConf(JobConf jobConf, CredentialsProperties props) {
065        // Create configuration using hbase-site.xml/hbase-default.xml
066        Configuration hbaseConf = new Configuration(false);
067        HBaseConfiguration.addHbaseResources(hbaseConf);
068        // copy cred props to hbaseconf and override if values already exists
069        addPropsConf(props, hbaseConf);
070        // copy cred props to jobconf and override if values already exist
071        addPropsConf(props, jobConf);
072        // copy conf from hbaseConf to jobConf without overriding the
073        // already existing values of jobConf
074        injectConf(hbaseConf, jobConf);
075    }
076
077    private void obtainToken(final JobConf jobConf, Context context) throws IOException, InterruptedException {
078        String user = context.getWorkflow().getUser();
079        UserGroupInformation ugi =  UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser());
080        User u = User.create(ugi);
081        // A direct doAs is required here vs. User#obtainAuthTokenForJob(...)
082        // See OOZIE-2419 for more
083        Token<AuthenticationTokenIdentifier> token = u.runAs(
084            new PrivilegedExceptionAction<Token<AuthenticationTokenIdentifier>>() {
085                public Token<AuthenticationTokenIdentifier> run() throws Exception {
086                    return TokenUtil.obtainToken(jobConf);
087                }
088            }
089        );
090        jobConf.getCredentials().addToken(token.getService(), token);
091    }
092
093    private void addPropsConf(CredentialsProperties props, Configuration destConf) {
094        for (Map.Entry<String, String> entry : props.getProperties().entrySet()) {
095            destConf.set(entry.getKey(), entry.getValue());
096        }
097    }
098
099    private void injectConf(Configuration srcConf, Configuration destConf) {
100        for (Map.Entry<String, String> entry : srcConf) {
101            String name = entry.getKey();
102            if (destConf.get(name) == null) {
103                String value = entry.getValue();
104                destConf.set(name, value);
105            }
106        }
107    }
108}