Package org.apache.hadoop.security

Class ShellBasedUnixGroupsMapping

java.lang.Object

org.apache.hadoop.conf.Configured

org.apache.hadoop.security.ShellBasedUnixGroupsMapping

All Implemented Interfaces:

Configurable, GroupMappingServiceProvider

Direct Known Subclasses:

ShellBasedUnixGroupsNetgroupMapping

@LimitedPrivate({"HDFS","MapReduce"})
@Evolving
public class ShellBasedUnixGroupsMapping
extends Configured
implements GroupMappingServiceProvider

A simple shell-based implementation of GroupMappingServiceProvider that exec's the groups shell command to fetch the group memberships of a given user.

Field Summary

Fields

Modifier and Type	Field	Description
protected static final org.slf4j.Logger	LOG

Fields inherited from interface org.apache.hadoop.security.GroupMappingServiceProvider

GROUP_MAPPING_CONFIG_PREFIX

Constructor Summary

Constructors

Constructor	Description
ShellBasedUnixGroupsMapping()

Method Summary

Modifier and Type	Method	Description
void	cacheGroupsAdd(List<String> groups)	Adds groups to cache, no need to do that for this provider
void	cacheGroupsRefresh()	Caches groups, no need to do that for this provider
protected Shell.ShellCommandExecutor	createGroupExecutor(String userName)	Create a ShellCommandExecutor object using the user's name.
protected Shell.ShellCommandExecutor	createGroupIDExecutor(String userName)	Create a ShellCommandExecutor object for fetch a user's group id list.
List<String>	getGroups(String userName)	Returns list of groups for a user
protected String[]	getGroupsForUserCommand(String userName)	Returns just the shell command to be used to fetch a user's groups list.
protected String[]	getGroupsIDForUserCommand(String userName)	Returns just the shell command to be used to fetch a user's group IDs list.
Set<String>	getGroupsSet(String userName)	Get all various group memberships of a given user.
protected Set<String>	resolveFullGroupNames(String groupNames)	Split group names into a set.
void	setConf(Configuration conf)	Set the configuration to be used by this object.

Methods inherited from class org.apache.hadoop.conf.Configured

getConf

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

LOG

@VisibleForTesting
protected static final org.slf4j.Logger LOG

Constructor Details

ShellBasedUnixGroupsMapping

public ShellBasedUnixGroupsMapping()

Method Details

setConf

public void setConf(Configuration conf)

Description copied from interface: Configurable

Set the configuration to be used by this object.

Specified by:

setConf in interface Configurable

Overrides:

setConf in class Configured

Parameters:

conf - configuration to be used

getGroups

public List<String> getGroups(String userName)
                       throws IOException

Returns list of groups for a user

Specified by:

getGroups in interface GroupMappingServiceProvider

Parameters:

userName - get groups for this user

Returns:

list of groups for a given user

Throws:

IOException - raised on errors performing I/O.

cacheGroupsRefresh

public void cacheGroupsRefresh()
                        throws IOException

Caches groups, no need to do that for this provider

Specified by:

cacheGroupsRefresh in interface GroupMappingServiceProvider

Throws:

IOException - raised on errors performing I/O.

cacheGroupsAdd

public void cacheGroupsAdd(List<String> groups)
                    throws IOException

Adds groups to cache, no need to do that for this provider

Specified by:

cacheGroupsAdd in interface GroupMappingServiceProvider

Parameters:

groups - unused

Throws:

IOException - raised on errors performing I/O.

getGroupsSet

public Set<String> getGroupsSet(String userName)
                         throws IOException

Description copied from interface: GroupMappingServiceProvider

Get all various group memberships of a given user. Returns EMPTY set in case of non-existing user

Specified by:

getGroupsSet in interface GroupMappingServiceProvider

Parameters:

userName - User's name

Returns:

set of group memberships of user

Throws:

IOException - raised on errors performing I/O.

createGroupExecutor

protected Shell.ShellCommandExecutor createGroupExecutor(String userName)

Create a ShellCommandExecutor object using the user's name.

Parameters:

userName - user's name

Returns:

a ShellCommandExecutor object

getGroupsForUserCommand

protected String[] getGroupsForUserCommand(String userName)

Returns just the shell command to be used to fetch a user's groups list. This is mainly separate to make some tests easier.

Parameters:

userName - The username that needs to be passed into the command built

Returns:

An appropriate shell command with arguments

createGroupIDExecutor

protected Shell.ShellCommandExecutor createGroupIDExecutor(String userName)

Create a ShellCommandExecutor object for fetch a user's group id list.

Parameters:

userName - the user's name

Returns:

a ShellCommandExecutor object

getGroupsIDForUserCommand

protected String[] getGroupsIDForUserCommand(String userName)

Returns just the shell command to be used to fetch a user's group IDs list. This is mainly separate to make some tests easier.

Parameters:

userName - The username that needs to be passed into the command built

Returns:

An appropriate shell command with arguments

resolveFullGroupNames

@VisibleForTesting
protected Set<String> resolveFullGroupNames(String groupNames)

Split group names into a set.

Parameters:

groupNames - a string representing the user's group names

Returns:

a set of group names