001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *      http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018
019package org.apache.oozie.action.hadoop;
020
021import java.io.IOException;
022import java.security.PrivilegedExceptionAction;
023import java.util.Map;
024
025import org.apache.hadoop.conf.Configuration;
026import org.apache.hadoop.hbase.HBaseConfiguration;
027import org.apache.hadoop.hbase.security.User;
028import org.apache.hadoop.hbase.security.token.AuthenticationTokenIdentifier;
029import org.apache.hadoop.hbase.security.token.TokenUtil;
030import org.apache.hadoop.mapred.JobConf;
031import org.apache.oozie.action.ActionExecutor.Context;
032import org.apache.oozie.action.hadoop.Credentials;
033import org.apache.oozie.action.hadoop.CredentialsProperties;
034import org.apache.oozie.util.XLog;
035import org.apache.hadoop.security.UserGroupInformation;
036import org.apache.hadoop.security.token.Token;
037import org.apache.hadoop.security.token.TokenIdentifier;
038
039
040/**
041 * Hbase Credentials implementation to store in jobConf
042 * The jobConf is used further to pass credentials to the tasks while running
043 * Oozie server should be configured to use this Credentials class by including it via property 'oozie.credentials.credentialclasses'
044 *
045 */
046public class HbaseCredentials extends Credentials {
047
048
049    /* (non-Javadoc)
050     * @see org.apache.oozie.action.hadoop.Credentials#addtoJobConf(org.apache.hadoop.mapred.JobConf, org.apache.oozie.action.hadoop.CredentialsProperties, org.apache.oozie.action.ActionExecutor.Context)
051     */
052    @Override
053    public void addtoJobConf(JobConf jobConf, CredentialsProperties props, Context context) throws Exception {
054        try {
055            copyHbaseConfToJobConf(jobConf, props);
056            obtainToken(jobConf, context);
057        }
058        catch (Exception e) {
059            XLog.getLog(getClass()).warn("Exception in receiving hbase credentials", e);
060            throw e;
061        }
062    }
063
064    void copyHbaseConfToJobConf(JobConf jobConf, CredentialsProperties props) {
065        // Create configuration using hbase-site.xml/hbase-default.xml
066        Configuration hbaseConf = HBaseConfiguration.create();
067        // copy cred props to hbaseconf and override if values already exists
068        addPropsConf(props, hbaseConf);
069        // copy cred props to jobconf and override if values already exist
070        addPropsConf(props, jobConf);
071        // copy conf from hbaseConf to jobConf without overriding the
072        // already existing values of jobConf
073        injectConf(hbaseConf, jobConf);
074    }
075
076    private void obtainToken(final JobConf jobConf, Context context) throws IOException, InterruptedException {
077        String user = context.getWorkflow().getUser();
078        UserGroupInformation ugi =  UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser());
079        User u = User.create(ugi);
080        // A direct doAs is required here vs. User#obtainAuthTokenForJob(...)
081        // See OOZIE-2419 for more
082        Token<AuthenticationTokenIdentifier> token = u.runAs(
083            new PrivilegedExceptionAction<Token<AuthenticationTokenIdentifier>>() {
084                public Token<AuthenticationTokenIdentifier> run() throws Exception {
085                    return TokenUtil.obtainToken(jobConf);
086                }
087            }
088        );
089        jobConf.getCredentials().addToken(token.getService(), token);
090    }
091
092    private void addPropsConf(CredentialsProperties props, Configuration destConf) {
093        for (Map.Entry<String, String> entry : props.getProperties().entrySet()) {
094            destConf.set(entry.getKey(), entry.getValue());
095        }
096    }
097
098    private void injectConf(Configuration srcConf, Configuration destConf) {
099        for (Map.Entry<String, String> entry : srcConf) {
100            String name = entry.getKey();
101            if (destConf.get(name) == null) {
102                String value = entry.getValue();
103                destConf.set(name, value);
104            }
105        }
106    }
107}