Package org.apache.hadoop.security
Class ShellBasedIdMapping
java.lang.Object
org.apache.hadoop.security.ShellBasedIdMapping
- All Implemented Interfaces:
IdMappingServiceProvider
A simple shell-based implementation of
IdMappingServiceProvider
Map id to user name or group name. It does update every 15 minutes. Only a
single instance of this class is expected to be on the server.
The maps are incrementally updated as described below:
1. Initialize the maps as empty.
2. Incrementally update the maps
- When ShellBasedIdMapping is requested for user or group name given
an ID, or for ID given a user or group name, do look up in the map
first, if it doesn't exist, find the corresponding entry with shell
command, and insert the entry to the maps.
- When group ID is requested for a given group name, and if the
group name is numerical, the full group map is loaded. Because we
don't have a good way to find the entry for a numerical group name,
loading the full map helps to get in all entries.
3. Periodically refresh the maps for both user and group, e.g,
do step 1.
Note: for testing purpose, step 1 may initial the maps with full mapping
when using constructor
ShellBasedIdMapping(Configuration, boolean).-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidintintgetGidAllowingUnknown(String group) getGroupName(int gid, String unknown) longintintgetUidAllowingUnknown(String user) getUserName(int uid, String unknown) static booleanupdateMapInternal(org.apache.hadoop.thirdparty.com.google.common.collect.BiMap<Integer, String> map, String mapName, String command, String regex, Map<Integer, Integer> staticMapping) Get the list of users or groups returned by the specified command, and save them in the corresponding map.void
-
Constructor Details
-
ShellBasedIdMapping
@VisibleForTesting public ShellBasedIdMapping(Configuration conf, boolean constructFullMapAtInit) throws IOException - Throws:
IOException
-
ShellBasedIdMapping
- Throws:
IOException
-
-
Method Details
-
getTimeout
@VisibleForTesting public long getTimeout() -
getUidNameMap
-
getGidNameMap
-
clearNameMaps
@VisibleForTesting public void clearNameMaps() -
updateMapInternal
@VisibleForTesting public static boolean updateMapInternal(org.apache.hadoop.thirdparty.com.google.common.collect.BiMap<Integer, String> map, String mapName, String command, String regex, Map<Integer, throws IOExceptionInteger> staticMapping) Get the list of users or groups returned by the specified command, and save them in the corresponding map.- Parameters:
map- map.mapName- mapName.command- command.staticMapping- staticMapping.regex- regex.- Returns:
- updateMapInternal.
- Throws:
IOException- raised on errors performing I/O.
-
updateMaps
- Throws:
IOException
-
getUid
- Specified by:
getUidin interfaceIdMappingServiceProvider- Throws:
IOException
-
getGid
- Specified by:
getGidin interfaceIdMappingServiceProvider- Throws:
IOException
-
getUserName
- Specified by:
getUserNamein interfaceIdMappingServiceProvider
-
getGroupName
- Specified by:
getGroupNamein interfaceIdMappingServiceProvider
-
getUidAllowingUnknown
- Specified by:
getUidAllowingUnknownin interfaceIdMappingServiceProvider
-
getGidAllowingUnknown
- Specified by:
getGidAllowingUnknownin interfaceIdMappingServiceProvider
-