IdentityTransformer (Apache Hadoop Azure support 3.4.1.300-dep-1001 API)

java.lang.Object
- org.apache.hadoop.fs.azurebfs.oauth2.IdentityTransformer

All Implemented Interfaces:

IdentityTransformerInterface

Direct Known Subclasses:

LocalIdentityTransformer
```
public class IdentityTransformer
extends java.lang.Object
implements IdentityTransformerInterface
```
Perform transformation for Azure Active Directory identities used in owner, group and acls.

Constructor Summary

Constructors
Constructor Description

IdentityTransformer(org.apache.hadoop.conf.Configuration configuration)

Constructors
Constructor	Description
`IdentityTransformer(org.apache.hadoop.conf.Configuration configuration)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`transformAclEntriesForGetRequest(java.util.List<org.apache.hadoop.fs.permission.AclEntry> aclEntries, java.lang.String localUser, java.lang.String localGroup)`	Perform Identity transformation when calling GetAclStatus() If the AclEntry type is a user or group, and its name is one of the following:
`void`	`transformAclEntriesForSetRequest(java.util.List<org.apache.hadoop.fs.permission.AclEntry> aclEntries)`	Perform Identity transformation when calling setAcl(),removeAclEntries() and modifyAclEntries() If the AclEntry type is a user or group, and its name is one of the following: 1.short name; 2.$superuser; 3.Fully qualified name; 4.
`java.lang.String`	`transformIdentityForGetRequest(java.lang.String originalIdentity, boolean isUserName, java.lang.String localIdentity)`	Perform identity transformation for the Get request results in AzureBlobFileSystemStore: getFileStatus(), listStatus(), getAclStatus().
`java.lang.String`	`transformUserOrGroupForSetRequest(java.lang.String userOrGroup)`	Perform Identity transformation when setting owner on a path.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

IdentityTransformer

public IdentityTransformer(org.apache.hadoop.conf.Configuration configuration)
                    throws java.io.IOException

Throws:: java.io.IOException

Method Detail

transformIdentityForGetRequest

public java.lang.String transformIdentityForGetRequest(java.lang.String originalIdentity,
                                                       boolean isUserName,
                                                       java.lang.String localIdentity)
                                                throws java.io.IOException

Perform identity transformation for the Get request results in AzureBlobFileSystemStore: getFileStatus(), listStatus(), getAclStatus(). Input originalIdentity can be one of the following:

 1. $superuser:
     by default it will be transformed to local user/group, this can be disabled by setting
     "fs.azure.identity.transformer.skip.superuser.replacement" to true.

 2. User principal id:
     can be transformed to localIdentity, if this principal id matches the principal id set in
     "fs.azure.identity.transformer.service.principal.id" and localIdentity is stated in
     "fs.azure.identity.transformer.service.principal.substitution.list"

 3. User principal name (UPN):
     can be transformed to a short name(localIdentity) if originalIdentity is owner name, and
     "fs.azure.identity.transformer.enable.short.name" is enabled.

Specified by:: transformIdentityForGetRequest in interface IdentityTransformerInterface
Parameters:: originalIdentity - the original user or group in the get request results: FileStatus, AclStatus.; isUserName - indicate whether the input originalIdentity is an owner name or owning group name.; localIdentity - the local user or group, should be parsed from UserGroupInformation.
Returns:: owner or group after transformation.
Throws:: java.io.IOException

transformUserOrGroupForSetRequest

public java.lang.String transformUserOrGroupForSetRequest(java.lang.String userOrGroup)

Perform Identity transformation when setting owner on a path. There are four possible input: 1.short name; 2.$superuser; 3.Fully qualified name; 4. principal id.

 short name could be transformed to:
    - A service principal id or $superuser, if short name belongs a daemon service
      stated in substitution list AND "fs.azure.identity.transformer.service.principal.id"
      is set with $superuser or a principal id.
    - Fully qualified name, if "fs.azure.identity.transformer.domain.name" is set in configuration.

 $superuser, fully qualified name and principalId should not be transformed.

Specified by:: transformUserOrGroupForSetRequest in interface IdentityTransformerInterface
Parameters:: userOrGroup - the user or group to be set as owner.
Returns:: user or group after transformation.

transformAclEntriesForSetRequest

public void transformAclEntriesForSetRequest(java.util.List<org.apache.hadoop.fs.permission.AclEntry> aclEntries)

Perform Identity transformation when calling setAcl(),removeAclEntries() and modifyAclEntries() If the AclEntry type is a user or group, and its name is one of the following: 1.short name; 2.$superuser; 3.Fully qualified name; 4. principal id.

 Short name could be transformed to:
    - A service principal id or $superuser, if short name belongs a daemon service
      stated in substitution list AND "fs.azure.identity.transformer.service.principal.id"
      is set with $superuser or a principal id.
    - A fully qualified name, if the AclEntry type is User AND if "fs.azure.identity.transformer.domain.name"
      is set in configuration. This is to make the behavior consistent with HDI.

 $superuser, fully qualified name and principal id should not be transformed.

Specified by:: transformAclEntriesForSetRequest in interface IdentityTransformerInterface
Parameters:: aclEntries - list of AclEntry

transformAclEntriesForGetRequest

public void transformAclEntriesForGetRequest(java.util.List<org.apache.hadoop.fs.permission.AclEntry> aclEntries,
                                             java.lang.String localUser,
                                             java.lang.String localGroup)
                                      throws java.io.IOException

Perform Identity transformation when calling GetAclStatus() If the AclEntry type is a user or group, and its name is one of the following:

 1. $superuser:
     by default it will be transformed to local user/group, this can be disabled by setting
     "fs.azure.identity.transformer.skip.superuser.replacement" to true.

 2. User principal id:
     can be transformed to localUser/localGroup, if this principal id matches the principal id set in
     "fs.azure.identity.transformer.service.principal.id" and localIdentity is stated in
     "fs.azure.identity.transformer.service.principal.substitution.list"

 3. User principal name (UPN):
     can be transformed to a short name(local identity) if originalIdentity is owner name, and
     "fs.azure.identity.transformer.enable.short.name" is enabled.

Specified by:: transformAclEntriesForGetRequest in interface IdentityTransformerInterface
Parameters:: aclEntries - list of AclEntry; localUser - local user name; localGroup - local primary group
Throws:: java.io.IOException

Class IdentityTransformer

Constructor Summary