Package org.apache.accumulo.core.conf

Class CredentialProviderFactoryShim

  • public class CredentialProviderFactoryShim
extends Object
    Shim around Hadoop: tries to use the CredentialProviderFactory provided by hadoop-common, falling back to a copy inside accumulo-core.

    The CredentialProvider classes only exist in 2.6.0, so, to use them, we have to do a bunch of reflection. This will also help us to continue to support [2.2.0,2.6.0) when 2.6.0 is officially released.

    • Field Detail

      • HADOOP_CRED_PROVIDER_FACTORY_CLASS_NAME

        public static final String HADOOP_CRED_PROVIDER_FACTORY_CLASS_NAME
        See Also:
        Constant Field Values

      • HADOOP_CRED_PROVIDER_FACTORY_GET_PROVIDERS_METHOD_NAME

        public static final String HADOOP_CRED_PROVIDER_FACTORY_GET_PROVIDERS_METHOD_NAME
        See Also:
        Constant Field Values

      • HADOOP_CRED_PROVIDER_GET_CREDENTIAL_ENTRY_METHOD_NAME

        public static final String HADOOP_CRED_PROVIDER_GET_CREDENTIAL_ENTRY_METHOD_NAME
        See Also:
        Constant Field Values

      • HADOOP_CRED_PROVIDER_GET_ALIASES_METHOD_NAME

        public static final String HADOOP_CRED_PROVIDER_GET_ALIASES_METHOD_NAME
        See Also:
        Constant Field Values

      • HADOOP_CRED_PROVIDER_CREATE_CREDENTIAL_ENTRY_METHOD_NAME

        public static final String HADOOP_CRED_PROVIDER_CREATE_CREDENTIAL_ENTRY_METHOD_NAME
        See Also:
        Constant Field Values

      • HADOOP_CRED_PROVIDER_FLUSH_METHOD_NAME

        public static final String HADOOP_CRED_PROVIDER_FLUSH_METHOD_NAME
        See Also:
        Constant Field Values

      • HADOOP_CRED_ENTRY_GET_CREDENTIAL_METHOD_NAME

        public static final String HADOOP_CRED_ENTRY_GET_CREDENTIAL_METHOD_NAME
        See Also:
        Constant Field Values

    • Constructor Detail

      • CredentialProviderFactoryShim

        public CredentialProviderFactoryShim()

    • Method Detail

      • isHadoopCredentialProviderAvailable

        public static boolean isHadoopCredentialProviderAvailable()
        Determine if we can load the necessary CredentialProvider classes. Only loaded the first time, so subsequent invocations of this method should return fast.
        Returns:
        True if the CredentialProvider classes/methods are available, false otherwise.

      • getCredentialProviders

        protected static List<Object> getCredentialProviders​(org.apache.hadoop.conf.Configuration conf)
        Wrapper to fetch the configured List<CredentialProvider>s.
        Parameters:
        conf - Configuration with Property#GENERAL_SECURITY_CREDENTIAL_PROVIDER_PATHS defined
        Returns:
        The List of CredentialProviders, or null if they could not be loaded

      • getFromHadoopCredentialProvider

        protected static char[] getFromHadoopCredentialProvider​(org.apache.hadoop.conf.Configuration conf,
                                                        String alias)

      • getAliasesFromHadoopCredentialProvider

        protected static List<String> getAliasesFromHadoopCredentialProvider​(org.apache.hadoop.conf.Configuration conf)

      • getConfiguration

        public static org.apache.hadoop.conf.Configuration getConfiguration​(org.apache.hadoop.conf.Configuration conf,
                                                                    String credentialProviders)
        Adds the Credential Provider configuration elements to the provided Configuration.
        Parameters:
        conf - Existing Hadoop Configuration
        credentialProviders - Comma-separated list of CredentialProvider URLs

      • getValueFromCredentialProvider

        public static char[] getValueFromCredentialProvider​(org.apache.hadoop.conf.Configuration conf,
                                                    String alias)
        Attempt to extract the password from any configured CredentialsProviders for the given alias. If no providers or credential is found, null is returned.
        Parameters:
        conf - Configuration for CredentialProvider
        alias - Name of CredentialEntry key
        Returns:
        The credential if found, null otherwise

      • getKeys

        public static List<String> getKeys​(org.apache.hadoop.conf.Configuration conf)
        Attempt to extract all aliases from any configured CredentialsProviders.
        Parameters:
        conf - Configuration for the CredentialProvider
        Returns:
        A list of aliases. An empty list if no CredentialProviders are configured, or the providers are empty.

      • createEntry

        public static void createEntry​(org.apache.hadoop.conf.Configuration conf,
                               String name,
                               char[] credential)
                        throws IOException
        Create a CredentialEntry using the configured Providers. If multiple CredentialProviders are configured, the first will be used.
        Parameters:
        conf - Configuration for the CredentialProvider
        name - CredentialEntry name (alias)
        credential - The credential
        Throws:
        IOException

      • createEntryInProvider

        public static void createEntryInProvider​(Object credentialProvider,
                                         String name,
                                         char[] credential)
        Create a CredentialEntry with the give name and credential in the credentialProvider. The credentialProvider argument must be an instance of Hadoop CredentialProvider.
        Parameters:
        credentialProvider - Instance of CredentialProvider
        name - CredentialEntry name (alias)
        credential - The credential to store