private static void bindACLProperties(final ACL acl, final Properties extensionProperties)
throws FalconException {
if (!SecurityUtil.isAuthorizationEnabled()) {
return;
}
String aclowner = extensionProperties.getProperty(ExtensionProperties.JOB_ACL_OWNER.getName());
if (StringUtils.isNotEmpty(aclowner)) {
acl.setOwner(aclowner);
} else {
throw new FalconException(
"ACL owner extension property cannot be null or empty when authorization is "
+ "enabled");
}
String aclGroup = extensionProperties.getProperty(ExtensionProperties.JOB_ACL_GROUP.getName());
if (StringUtils.isNotEmpty(aclGroup)) {
acl.setGroup(aclGroup);
} else {
throw new FalconException(
"ACL group extension property cannot be null or empty when authorization is "
+ "enabled");
}
String aclPermission =
extensionProperties.getProperty(ExtensionProperties.JOB_ACL_PERMISSION.getName());
if (StringUtils.isNotEmpty(aclPermission)) {
acl.setPermission(aclPermission);
} else {
throw new FalconException(
"ACL permission extension property cannot be null or empty when authorization is "
+ "enabled");
}
}
/**
* KLUDGE - Until ACL is mandated entity passed should be decorated for equals check to pass.
* existingEntity in config store will have teh decoration and equals check fails if entity passed
* is not decorated for checking if entity already exists.
*
* @param entity entity
*/
private void decorateEntityWithACL(Entity entity) {
if (SecurityUtil.isAuthorizationEnabled() || entity.getACL() != null) {
return; // not necessary to decorate
}
final String proxyUser = CurrentUser.getUser();
final String defaultGroupName = CurrentUser.getPrimaryGroupName();
switch (entity.getEntityType()) {
case CLUSTER:
org.apache.falcon.entity.v0.cluster.ACL clusterACL =
new org.apache.falcon.entity.v0.cluster.ACL();
clusterACL.setOwner(proxyUser);
clusterACL.setGroup(defaultGroupName);
((org.apache.falcon.entity.v0.cluster.Cluster) entity).setACL(clusterACL);
break;
case FEED:
org.apache.falcon.entity.v0.feed.ACL feedACL = new org.apache.falcon.entity.v0.feed.ACL();
feedACL.setOwner(proxyUser);
feedACL.setGroup(defaultGroupName);
((org.apache.falcon.entity.v0.feed.Feed) entity).setACL(feedACL);
break;
case PROCESS:
org.apache.falcon.entity.v0.process.ACL processACL =
new org.apache.falcon.entity.v0.process.ACL();
processACL.setOwner(proxyUser);
processACL.setGroup(defaultGroupName);
((org.apache.falcon.entity.v0.process.Process) entity).setACL(processACL);
break;
default:
break;
}
}
private Entity buildProcess(String name, String username, String tags, String pipelines) {
ACL acl = new ACL();
acl.setOwner(username);
acl.setGroup("hdfs");
acl.setPermission("*");
Process process = new Process();
process.setName(name);
process.setACL(acl);
if (!StringUtils.isEmpty(pipelines)) {
process.setPipelines(pipelines);
}
if (!StringUtils.isEmpty(tags)) {
process.setTags(tags);
}
process.setClusters(buildClusters("cluster" + name));
return process;
}