GcsDelegationTokens (gcs-connector-hadoop2 hadoop2-2.1.9 API)

java.lang.Object
- com.google.cloud.hadoop.fs.gcs.auth.GcsDelegationTokens

public class GcsDelegationTokens
extends Object

Manages delegation tokens for files system

Constructor Summary

Constructors
Constructor and Description

GcsDelegationTokens()

Constructors
Constructor and Description
`GcsDelegationTokens()`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`bindToAnyDelegationToken()` Attempt to bind to any existing DT, including unmarshalling its contents and creating the GCP credential provider used to authenticate the client.
`void`	`bindToDelegationToken(org.apache.hadoop.security.token.Token<org.apache.hadoop.security.token.delegation.web.DelegationTokenIdentifier> token)` Bind to a delegation token retrieved for this filesystem.
`void`	`bindToFileSystem(GoogleHadoopFileSystemBase fs, org.apache.hadoop.io.Text service)` Bind to the filesystem.
`AccessTokenProvider`	`deployUnbonded()` Perform the unbonded deployment operations.
`static org.apache.hadoop.security.token.delegation.web.DelegationTokenIdentifier`	`extractIdentifier(org.apache.hadoop.security.token.Token<? extends org.apache.hadoop.security.token.delegation.web.DelegationTokenIdentifier> token)` From a token, get the session token identifier.
`AccessTokenProvider`	`getAccessTokenProvider()`
`org.apache.hadoop.security.token.Token<org.apache.hadoop.security.token.delegation.web.DelegationTokenIdentifier>`	`getBoundDT()` Get any bound DT.
`org.apache.hadoop.security.token.Token<org.apache.hadoop.security.token.delegation.web.DelegationTokenIdentifier>`	`getBoundOrNewDT(String renewer)` Get any bound DT or create a new one.
`org.apache.hadoop.io.Text`	`getService()`
`void`	`init(org.apache.hadoop.conf.Configuration conf)`
`boolean`	`isBoundToDT()` Predicate: is there a bound DT?
`org.apache.hadoop.security.token.Token<org.apache.hadoop.security.token.delegation.web.DelegationTokenIdentifier>`	`selectTokenFromFsOwner()` Find a token for the FS user and service name.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - GcsDelegationTokens
```
public GcsDelegationTokens()
                    throws IOException
```
    Throws:
    
    IOException
- Method Detail
  - init
```
public void init(org.apache.hadoop.conf.Configuration conf)
```
  - getService
```
public org.apache.hadoop.io.Text getService()
```
  - getAccessTokenProvider
```
public AccessTokenProvider getAccessTokenProvider()
```
  - deployUnbonded
```
public AccessTokenProvider deployUnbonded()
                                   throws IOException
```
    Perform the unbonded deployment operations. Create the GCP credential provider chain to use when talking to GCP when there is no delegation token to work with. authenticating this client with GCP services, and saves it to accessTokenProvider
    
    Throws:
    
    IOException - any failure.
  - bindToAnyDelegationToken
```
public void bindToAnyDelegationToken()
                              throws IOException
```
    Attempt to bind to any existing DT, including unmarshalling its contents and creating the GCP credential provider used to authenticate the client.
    If successful:
    1. boundDT is set to the retrieved token.
    2. accessTokenProvider is set to the credential provider(s) returned by the token binding.
    If unsuccessful, deployUnbonded() is called for the unbonded codepath instead, which will set accessTokenProvider to its value.
    This means after this call (and only after) the token operations can be invoked.
    Throws:
    
    IOException - selection/extraction/validation failure.
  - selectTokenFromFsOwner
```
public org.apache.hadoop.security.token.Token<org.apache.hadoop.security.token.delegation.web.DelegationTokenIdentifier> selectTokenFromFsOwner()
                                                                                                                                         throws IOException
```
    Find a token for the FS user and service name.
    
    Returns:
    
    the token, or null if one cannot be found.
    
    Throws:
    
    IOException - on a failure to unmarshall the token.
  - bindToFileSystem
```
public void bindToFileSystem(GoogleHadoopFileSystemBase fs,
                             org.apache.hadoop.io.Text service)
                      throws IOException
```
    Bind to the filesystem. Subclasses can use this to perform their own binding operations - but they must always call their superclass implementation. This Must be called before calling init().
    Important: This binding will happen during FileSystem.initialize(); the FS is not live for actual use and will not yet have interacted with GCS services.
    
    Parameters:
    
    fs - owning FS.
    
    Throws:
    
    IOException - failure.
  - bindToDelegationToken
```
public void bindToDelegationToken(org.apache.hadoop.security.token.Token<org.apache.hadoop.security.token.delegation.web.DelegationTokenIdentifier> token)
                           throws IOException
```
    Bind to a delegation token retrieved for this filesystem. Extract the secrets from the token and set internal fields to the values.
    1. boundDT is set to token.
    2. accessTokenProvider is set to the credential provider(s) returned by the token binding.
    Parameters:
    
    token - token to decode and bind to.
    
    Throws:
    
    IOException - selection/extraction/validation failure.
  - isBoundToDT
```
public boolean isBoundToDT()
```
    Predicate: is there a bound DT?
    
    Returns:
    
    true if there's a value in boundDT.
  - getBoundDT
```
public org.apache.hadoop.security.token.Token<org.apache.hadoop.security.token.delegation.web.DelegationTokenIdentifier> getBoundDT()
```
    Get any bound DT.
    
    Returns:
    
    a delegation token if this instance was bound to it.
  - getBoundOrNewDT
```
public org.apache.hadoop.security.token.Token<org.apache.hadoop.security.token.delegation.web.DelegationTokenIdentifier> getBoundOrNewDT(String renewer)
                                                                                                                                  throws IOException
```
    Get any bound DT or create a new one.
    
    Returns:
    
    a delegation token.
    
    Throws:
    
    IOException - if one cannot be created
  - extractIdentifier
```
public static org.apache.hadoop.security.token.delegation.web.DelegationTokenIdentifier extractIdentifier(org.apache.hadoop.security.token.Token<? extends org.apache.hadoop.security.token.delegation.web.DelegationTokenIdentifier> token)
                                                                                                   throws IOException
```
    From a token, get the session token identifier.
    
    Parameters:
    
    token - token to process
    
    Returns:
    
    the session token identifier
    
    Throws:
    
    IOException - failure to validate/read data encoded in identifier.
    
    IllegalArgumentException - if the token isn't an GCP session token

Class GcsDelegationTokens

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

GcsDelegationTokens

Method Detail

init

getService

getAccessTokenProvider

deployUnbonded

bindToAnyDelegationToken

selectTokenFromFsOwner

bindToFileSystem

bindToDelegationToken

isBoundToDT

getBoundDT

getBoundOrNewDT

extractIdentifier