Java Code Examples for com.google.cloud.hadoop.util.AccessTokenProvider

The following examples show how to use com.google.cloud.hadoop.util.AccessTokenProvider. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
@Test
public void testImpsersonationServiceAccountUsed() throws Exception {
  Configuration config = new Configuration();
  config.setClass(
      "fs.gs.auth.access.token.provider.impl",
      TestingAccessTokenProvider.class,
      AccessTokenProvider.class);
  config.set(
      GCS_CONFIG_PREFIX + IMPERSONATION_SERVICE_ACCOUNT_SUFFIX.getKey(), "test-service-account");

  URI gsUri = new URI("gs://foobar/");
  GoogleHadoopFileSystem ghfs = new GoogleHadoopFileSystem();

  Exception exception =
      assertThrows(
          GoogleJsonResponseException.class,
          () -> {
            ghfs.initialize(gsUri, config);
          });
  assertThat(exception).hasMessageThat().startsWith("401 Unauthorized");
}
 
Example 2
@Test
public void testImpsersonationUserNameIdentifierUsed() throws Exception {
  Configuration config = new Configuration();
  config.setClass(
      "fs.gs.auth.access.token.provider.impl",
      TestingAccessTokenProvider.class,
      AccessTokenProvider.class);
  config.set(
      GCS_CONFIG_PREFIX
          + USER_IMPERSONATION_SERVICE_ACCOUNT_SUFFIX.getKey()
          + UserGroupInformation.getCurrentUser().getShortUserName(),
      "test-service-account");

  URI gsUri = new URI("gs://foobar/");
  GoogleHadoopFileSystem ghfs = new GoogleHadoopFileSystem();

  Exception exception =
      assertThrows(
          GoogleJsonResponseException.class,
          () -> {
            ghfs.initialize(gsUri, config);
          });
  assertThat(exception).hasMessageThat().startsWith("401 Unauthorized");
}
 
Example 3
@Test
public void testImpsersonationGroupNameIdentifierUsed() throws Exception {
  Configuration config = new Configuration();
  config.setClass(
      "fs.gs.auth.access.token.provider.impl",
      TestingAccessTokenProvider.class,
      AccessTokenProvider.class);
  config.set(
      GCS_CONFIG_PREFIX
          + GROUP_IMPERSONATION_SERVICE_ACCOUNT_SUFFIX.getKey()
          + UserGroupInformation.getCurrentUser().getGroupNames()[0],
      "test-service-account");

  URI gsUri = new URI("gs://foobar/");
  GoogleHadoopFileSystem ghfs = new GoogleHadoopFileSystem();

  Exception exception =
      assertThrows(
          GoogleJsonResponseException.class,
          () -> {
            ghfs.initialize(gsUri, config);
          });
  assertThat(exception).hasMessageThat().startsWith("401 Unauthorized");
}
 
Example 4
/**
 * Retrieve user's Credential. If user implemented {@link AccessTokenProvider} and provided the
 * class name (See {@link HadoopCredentialConfiguration#ACCESS_TOKEN_PROVIDER_IMPL_SUFFIX} then
 * build a credential with access token provided by this provider; Otherwise obtain credential
 * through {@link HadoopCredentialConfiguration#getCredentialFactory(Configuration, String...)}.
 */
private Credential getCredential(
    Configuration config, GoogleCloudStorageFileSystemOptions gcsFsOptions)
    throws IOException, GeneralSecurityException {
  Credential credential = null;

  // Check if delegation token support is configured
  if (delegationTokens != null) {
    // If so, use the delegation token to acquire the Google credentials
    AccessTokenProvider atp = delegationTokens.getAccessTokenProvider();
    if (atp != null) {
      atp.setConf(config);
      credential =
          CredentialFromAccessTokenProviderClassFactory.credential(
              atp, CredentialFactory.GCS_SCOPES);
    }
  } else {
    // If delegation token support is not configured, check if a
    // custom AccessTokenProvider implementation is configured, and attempt
    // to acquire the Google credentials using it
    credential =
        CredentialFromAccessTokenProviderClassFactory.credential(
            config, ImmutableList.of(GCS_CONFIG_PREFIX), CredentialFactory.GCS_SCOPES);

    if (credential == null) {
      // Finally, if no credentials have been acquired at this point, employ
      // the default mechanism.
      credential =
          HadoopCredentialConfiguration.getCredentialFactory(config, GCS_CONFIG_PREFIX)
              .getCredential(CredentialFactory.GCS_SCOPES);
    }
  }

  // If impersonation service account exists, then use current credential to request access token
  // for the impersonating service account.
  return getImpersonatedCredential(config, gcsFsOptions, credential).orElse(credential);
}
 
Example 5
@Test
public void testImpsersonationUserAndGroupNameIdentifiersUsed() throws Exception {
  Configuration config = new Configuration();
  config.setClass(
      "fs.gs.auth.access.token.provider.impl",
      TestingAccessTokenProvider.class,
      AccessTokenProvider.class);
  config.set(
      GCS_CONFIG_PREFIX
          + USER_IMPERSONATION_SERVICE_ACCOUNT_SUFFIX.getKey()
          + UserGroupInformation.getCurrentUser().getShortUserName(),
      "test-service-account1");
  config.set(
      GCS_CONFIG_PREFIX
          + GROUP_IMPERSONATION_SERVICE_ACCOUNT_SUFFIX.getKey()
          + UserGroupInformation.getCurrentUser().getGroupNames()[0],
      "test-service-account2");

  URI gsUri = new URI("gs://foobar/");
  GoogleHadoopFileSystem ghfs = new GoogleHadoopFileSystem();

  Exception exception =
      assertThrows(
          GoogleJsonResponseException.class,
          () -> {
            ghfs.initialize(gsUri, config);
          });
  assertThat(exception).hasMessageThat().startsWith("401 Unauthorized");
}
 
Example 6
@Test
public void testImpsersonationServiceAccountAndUserAndGroupNameIdentifierUsed() throws Exception {
  Configuration config = new Configuration();
  config.setClass(
      "fs.gs.auth.access.token.provider.impl",
      TestingAccessTokenProvider.class,
      AccessTokenProvider.class);
  config.set(
      GCS_CONFIG_PREFIX + IMPERSONATION_SERVICE_ACCOUNT_SUFFIX.getKey(), "test-service-account1");
  config.set(
      GCS_CONFIG_PREFIX
          + USER_IMPERSONATION_SERVICE_ACCOUNT_SUFFIX.getKey()
          + UserGroupInformation.getCurrentUser().getShortUserName(),
      "test-service-account2");
  config.set(
      GCS_CONFIG_PREFIX
          + GROUP_IMPERSONATION_SERVICE_ACCOUNT_SUFFIX.getKey()
          + UserGroupInformation.getCurrentUser().getGroupNames()[0],
      "test-service-account3");

  URI gsUri = new URI("gs://foobar/");
  GoogleHadoopFileSystem ghfs = new GoogleHadoopFileSystem();

  Exception exception =
      assertThrows(
          GoogleJsonResponseException.class,
          () -> {
            ghfs.initialize(gsUri, config);
          });
  assertThat(exception).hasMessageThat().startsWith("401 Unauthorized");
}
 
Example 7
@Test
public void testImpsersonationInvalidUserNameIdentifierUsed() throws Exception {
  Configuration config = new Configuration();
  config.setClass(
      "fs.gs.auth.access.token.provider.impl",
      TestingAccessTokenProvider.class,
      AccessTokenProvider.class);
  config.set(
      GCS_CONFIG_PREFIX + USER_IMPERSONATION_SERVICE_ACCOUNT_SUFFIX.getKey() + "invalid-user",
      "test-service-account");

  URI gsUri = new URI("gs://foobar/");
  GoogleHadoopFileSystem ghfs = new GoogleHadoopFileSystem();
  ghfs.initialize(gsUri, config);
}
 
Example 8
@Test
public void testTokenAuthValue() throws IOException {
  GoogleHadoopFileSystem fs = new GoogleHadoopFileSystem();
  fs.initialize(new Path("gs://test/").toUri(), loadConfig());

  AccessTokenProvider tokenProvider = fs.delegationTokens.getAccessTokenProvider();
  AccessTokenProvider.AccessToken token = tokenProvider.getAccessToken();

  assertThat(token.getToken()).isEqualTo("qWDAWFA3WWFAWFAWFAW3FAWF3AWF3WFAF33GR5G5");
}
 
Example 9
@Override
public AccessTokenProvider deployUnbonded() throws IOException {
    return new BrokerAccessTokenProvider(getService());
}
 
Example 10
@Override
public AccessTokenProvider bindToTokenIdentifier(DelegationTokenIdentifier retrievedIdentifier) throws IOException {
    return new BrokerAccessTokenProvider(getService(), (BrokerTokenIdentifier) retrievedIdentifier);
}
 
Example 11
Source Project: hadoop-connectors   Source File: GcsDelegationTokens.java    License: Apache License 2.0 4 votes vote down vote up
public AccessTokenProvider getAccessTokenProvider() {
  return accessTokenProvider;
}
 
Example 12
@Override
public AccessTokenProvider deployUnbonded() throws IOException {
  return new TestAccessTokenProviderImpl();
}
 
Example 13
@Override
public AccessTokenProvider bindToTokenIdentifier(DelegationTokenIdentifier retrievedIdentifier)
    throws IOException {
  return deployUnbonded();
}
 
Example 14
Source Project: hadoop-connectors   Source File: GcsDelegationTokens.java    License: Apache License 2.0 3 votes vote down vote up
/**
 * Perform the unbonded deployment operations. Create the GCP credential provider chain to use
 * when talking to GCP when there is no delegation token to work with. authenticating this client
 * with GCP services, and saves it to {@link #accessTokenProvider}
 *
 * @throws IOException any failure.
 */
public AccessTokenProvider deployUnbonded() throws IOException {
  checkState(!isBoundToDT(), "Already Bound to a delegation token");
  logger.atFine().log("No delegation tokens present: using direct authentication");
  accessTokenProvider = tokenBinding.deployUnbonded();
  return accessTokenProvider;
}
 
Example 15
/**
 * Perform any actions when deploying unbonded, and return a list of credential providers.
 *
 * @throws IOException any failure.
 */
public abstract AccessTokenProvider deployUnbonded() throws IOException;
 
Example 16
/**
 * Bind to the token identifier, returning the credential providers to use for the owner to talk
 * to GCP services.
 *
 * @param retrievedIdentifier the unmarshalled data
 * @return non-empty list of GCP credential providers to use for authenticating this client with
 *     GCP services.
 * @throws IOException any failure.
 */
public abstract AccessTokenProvider bindToTokenIdentifier(
    DelegationTokenIdentifier retrievedIdentifier) throws IOException;