in catalogs/catalog-hadoop/src/main/java/org/apache/gravitino/catalog/hadoop/authentication/UserContext.java [65:147]
public static UserContext getUserContext(
NameIdentifier nameIdentifier,
Map<String, String> properties,
Configuration configuration,
CatalogInfo catalogInfo) {
// Try to get the parent user context.
NameIdentifier currentNameIdentifier = NameIdentifier.of(nameIdentifier.namespace().levels());
UserContext parentContext = null;
while (!currentNameIdentifier.namespace().isEmpty()) {
if (userContextMap.containsKey(currentNameIdentifier)) {
parentContext = userContextMap.get(currentNameIdentifier);
break;
}
currentNameIdentifier = NameIdentifier.of(currentNameIdentifier.namespace().levels());
}
if (configuration == null) {
configuration = new Configuration();
}
AuthenticationConfig authenticationConfig = new AuthenticationConfig(properties);
// If we do not set the impersonation, we will use the parent context;
boolean enableUserImpersonation = ENABLE_IMPERSONATION_ENTRY.getDefaultValue();
if (properties.containsKey(IMPERSONATION_ENABLE_KEY)) {
enableUserImpersonation = authenticationConfig.isImpersonationEnabled();
} else if (parentContext != null) {
enableUserImpersonation = parentContext.enableUserImpersonation();
}
AuthenticationType authenticationType =
AuthenticationType.fromString(AUTH_TYPE_ENTRY.getDefaultValue());
// If we do not set the authentication type explicitly, we will use the parent context. If the
// parent is null, then we will use the default value.
if (properties.containsKey(AuthenticationConfig.AUTH_TYPE_KEY)) {
authenticationType =
authenticationConfig.isSimpleAuth()
? AuthenticationType.SIMPLE
: AuthenticationType.KERBEROS;
} else if (parentContext != null) {
authenticationType =
parentContext instanceof SimpleUserContext
? AuthenticationType.SIMPLE
: AuthenticationType.KERBEROS;
}
UserGroupInformation currentUser;
try {
currentUser = UserGroupInformation.getCurrentUser();
} catch (IOException ioException) {
throw new RuntimeException("Failed to get current user", ioException);
}
if (authenticationType == AuthenticationType.SIMPLE) {
UserGroupInformation userGroupInformation =
parentContext != null ? parentContext.getUser() : currentUser;
SimpleUserContext simpleUserContext =
new SimpleUserContext(userGroupInformation, enableUserImpersonation);
addUserContext(nameIdentifier, simpleUserContext);
return simpleUserContext;
} else if (authenticationType == AuthenticationType.KERBEROS) {
// if the kerberos authentication is inherited from the parent context, we will use the
// parent context's kerberos configuration.
if (parentContext != null && authenticationConfig.isSimpleAuth()) {
KerberosUserContext kerberosUserContext = ((KerberosUserContext) parentContext).deepCopy();
kerberosUserContext.setEnableUserImpersonation(enableUserImpersonation);
addUserContext(nameIdentifier, kerberosUserContext);
return kerberosUserContext;
}
String keytabPath =
String.format(
GRAVITINO_KEYTAB_FORMAT,
catalogInfo.id() + "-" + nameIdentifier.toString().replace(".", "-"));
KerberosUserContext kerberosUserContext =
new KerberosUserContext(enableUserImpersonation, keytabPath);
kerberosUserContext.initKerberos(properties, configuration, parentContext == null);
addUserContext(nameIdentifier, kerberosUserContext);
return kerberosUserContext;
} else {
throw new RuntimeException("Unsupported authentication type: " + authenticationType);
}
}