Package com.google.cloud.hadoop.util
Class HadoopCredentialsConfiguration
- java.lang.Object
-
- com.google.cloud.hadoop.util.HadoopCredentialsConfiguration
-
public class HadoopCredentialsConfiguration extends Object
The Hadoop credentials configuration.When reading configuration this class makes use of a list of key prefixes that are each applied to key suffixes to create a complete configuration key. There is a base prefix of 'google.cloud.' that is included by the builder for each configuration key suffix. When constructing, other prefixes can be specified. Prefixes specified later can be used to override the values of previously set values. In this way a set of global credentials can be specified for most connectors with an override specified for any connectors that need different credentials.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
HadoopCredentialsConfiguration.AccessTokenProviderCredentials
static class
HadoopCredentialsConfiguration.AuthenticationType
Enumerates all supported authentication types
-
Field Summary
Fields Modifier and Type Field Description static HadoopConfigurationProperty<Class<? extends AccessTokenProvider>>
ACCESS_TOKEN_PROVIDER_SUFFIX
Key suffix used to configureAccessTokenProvider
that will be used to generateAccessTokenProvider.AccessToken
s.static HadoopConfigurationProperty<String>
AUTH_CLIENT_ID_SUFFIX
Configuration key for defining the OAUth2 client ID.static HadoopConfigurationProperty<RedactedString>
AUTH_CLIENT_SECRET_SUFFIX
Configuration key for defining the OAUth2 client secret.static HadoopConfigurationProperty<RedactedString>
AUTH_REFRESH_TOKEN_SUFFIX
Configuration key for defining the OAuth2 refresh token.static HadoopConfigurationProperty<HadoopCredentialsConfiguration.AuthenticationType>
AUTHENTICATION_TYPE_SUFFIX
Key suffix used to configure authentication type.static String
BASE_KEY_PREFIX
All instances constructed using the builder will usegoogle.cloud
as the first prefix checked.static String
CLOUD_PLATFORM_SCOPE
static HadoopConfigurationProperty<Map<String,String>>
GROUP_IMPERSONATION_SERVICE_ACCOUNT_SUFFIX
Key prefix for the group identifier associated with the service account to impersonate when accessing GCS.static HadoopConfigurationProperty<String>
IMPERSONATION_SERVICE_ACCOUNT_SUFFIX
Key suffix used to configure the impersonating service account with which to call GCS API to get access token.static HadoopConfigurationProperty<String>
PROXY_ADDRESS_SUFFIX
Key suffix for setting a proxy for the connector to use to connect to GCS.static HadoopConfigurationProperty<RedactedString>
PROXY_PASSWORD_SUFFIX
Key suffix for setting a proxy password for the connector to use to authenticate with proxy used to connect to GCS.static HadoopConfigurationProperty<RedactedString>
PROXY_USERNAME_SUFFIX
Key suffix for setting a proxy username for the connector to use to authenticate with proxy used to connect to GCS.static HadoopConfigurationProperty<Long>
READ_TIMEOUT_SUFFIX
Key suffix for setting the read timeout for HTTP request.static HadoopConfigurationProperty<String>
SERVICE_ACCOUNT_JSON_KEYFILE_SUFFIX
Key suffix used to configure the path to a JSON file containing a Service Account key and identifier (email).static HadoopConfigurationProperty<String>
TOKEN_SERVER_URL_SUFFIX
Key suffix for setting a token server URL to use to refresh OAuth token.static HadoopConfigurationProperty<Map<String,String>>
USER_IMPERSONATION_SERVICE_ACCOUNT_SUFFIX
Key prefix for the user identifier associated with the service account to impersonate when accessing GCS.static HadoopConfigurationProperty<String>
WORKLOAD_IDENTITY_FEDERATION_CREDENTIAL_CONFIG_FILE_SUFFIX
Key suffix used to configure the path to a JSON file containing a workload identity federation, i.e.
-
Constructor Summary
Constructors Modifier Constructor Description protected
HadoopCredentialsConfiguration()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static List<String>
getConfigKeyPrefixes(String... keyPrefixes)
Returns full list of config prefixes that will be resolved based on the order in returned list.static com.google.auth.oauth2.GoogleCredentials
getCredentials(org.apache.hadoop.conf.Configuration config, String... keyPrefixesVararg)
Get the credentials for the configuredHadoopCredentialsConfiguration.AuthenticationType
static com.google.auth.oauth2.GoogleCredentials
getImpersonatedCredentials(org.apache.hadoop.conf.Configuration config, com.google.auth.oauth2.GoogleCredentials sourceCredentials, String... keyPrefixesVararg)
Create aImpersonatedCredentials
based on service account to impersonate configuration
-
-
-
Field Detail
-
BASE_KEY_PREFIX
public static final String BASE_KEY_PREFIX
All instances constructed using the builder will usegoogle.cloud
as the first prefix checked. Other prefixes can be added and will override values in thegoogle.cloud
prefix.- See Also:
- Constant Field Values
-
CLOUD_PLATFORM_SCOPE
public static final String CLOUD_PLATFORM_SCOPE
- See Also:
- Constant Field Values
-
AUTHENTICATION_TYPE_SUFFIX
public static final HadoopConfigurationProperty<HadoopCredentialsConfiguration.AuthenticationType> AUTHENTICATION_TYPE_SUFFIX
Key suffix used to configure authentication type.
-
SERVICE_ACCOUNT_JSON_KEYFILE_SUFFIX
public static final HadoopConfigurationProperty<String> SERVICE_ACCOUNT_JSON_KEYFILE_SUFFIX
Key suffix used to configure the path to a JSON file containing a Service Account key and identifier (email). Technically, this could be a JSON containing a non-service account user, but this setting is only used in the service account flow and is namespaced as such.
-
WORKLOAD_IDENTITY_FEDERATION_CREDENTIAL_CONFIG_FILE_SUFFIX
public static final HadoopConfigurationProperty<String> WORKLOAD_IDENTITY_FEDERATION_CREDENTIAL_CONFIG_FILE_SUFFIX
Key suffix used to configure the path to a JSON file containing a workload identity federation, i.e. external account credential configuration. Technically, this could be a JSON containing an service account impersonation url and credential source. but this setting is only used in the workload identity federation flow and is namespaced as such.
-
ACCESS_TOKEN_PROVIDER_SUFFIX
public static final HadoopConfigurationProperty<Class<? extends AccessTokenProvider>> ACCESS_TOKEN_PROVIDER_SUFFIX
Key suffix used to configureAccessTokenProvider
that will be used to generateAccessTokenProvider.AccessToken
s.
-
IMPERSONATION_SERVICE_ACCOUNT_SUFFIX
public static final HadoopConfigurationProperty<String> IMPERSONATION_SERVICE_ACCOUNT_SUFFIX
Key suffix used to configure the impersonating service account with which to call GCS API to get access token.
-
USER_IMPERSONATION_SERVICE_ACCOUNT_SUFFIX
public static final HadoopConfigurationProperty<Map<String,String>> USER_IMPERSONATION_SERVICE_ACCOUNT_SUFFIX
Key prefix for the user identifier associated with the service account to impersonate when accessing GCS.
-
GROUP_IMPERSONATION_SERVICE_ACCOUNT_SUFFIX
public static final HadoopConfigurationProperty<Map<String,String>> GROUP_IMPERSONATION_SERVICE_ACCOUNT_SUFFIX
Key prefix for the group identifier associated with the service account to impersonate when accessing GCS.
-
TOKEN_SERVER_URL_SUFFIX
public static final HadoopConfigurationProperty<String> TOKEN_SERVER_URL_SUFFIX
Key suffix for setting a token server URL to use to refresh OAuth token.
-
PROXY_ADDRESS_SUFFIX
public static final HadoopConfigurationProperty<String> PROXY_ADDRESS_SUFFIX
Key suffix for setting a proxy for the connector to use to connect to GCS. The proxy must be an HTTP proxy of the form "host:port".
-
PROXY_USERNAME_SUFFIX
public static final HadoopConfigurationProperty<RedactedString> PROXY_USERNAME_SUFFIX
Key suffix for setting a proxy username for the connector to use to authenticate with proxy used to connect to GCS.
-
PROXY_PASSWORD_SUFFIX
public static final HadoopConfigurationProperty<RedactedString> PROXY_PASSWORD_SUFFIX
Key suffix for setting a proxy password for the connector to use to authenticate with proxy used to connect to GCS.
-
READ_TIMEOUT_SUFFIX
public static final HadoopConfigurationProperty<Long> READ_TIMEOUT_SUFFIX
Key suffix for setting the read timeout for HTTP request.
-
AUTH_CLIENT_ID_SUFFIX
public static final HadoopConfigurationProperty<String> AUTH_CLIENT_ID_SUFFIX
Configuration key for defining the OAUth2 client ID. Required when the authentication type is USER_CREDENTIALS
-
AUTH_CLIENT_SECRET_SUFFIX
public static final HadoopConfigurationProperty<RedactedString> AUTH_CLIENT_SECRET_SUFFIX
Configuration key for defining the OAUth2 client secret. Required when the authentication type is USER_CREDENTIALS
-
AUTH_REFRESH_TOKEN_SUFFIX
public static final HadoopConfigurationProperty<RedactedString> AUTH_REFRESH_TOKEN_SUFFIX
Configuration key for defining the OAuth2 refresh token. Required when the authentication type is USER_CREDENTIALS
-
-
Method Detail
-
getConfigKeyPrefixes
public static List<String> getConfigKeyPrefixes(String... keyPrefixes)
Returns full list of config prefixes that will be resolved based on the order in returned list.
-
getCredentials
public static com.google.auth.oauth2.GoogleCredentials getCredentials(org.apache.hadoop.conf.Configuration config, String... keyPrefixesVararg) throws IOException
Get the credentials for the configuredHadoopCredentialsConfiguration.AuthenticationType
- Throws:
IllegalStateException
- if configuredHadoopCredentialsConfiguration.AuthenticationType
is not recognizedIOException
-
getImpersonatedCredentials
public static com.google.auth.oauth2.GoogleCredentials getImpersonatedCredentials(org.apache.hadoop.conf.Configuration config, com.google.auth.oauth2.GoogleCredentials sourceCredentials, String... keyPrefixesVararg) throws IOException
Create aImpersonatedCredentials
based on service account to impersonate configuration- Throws:
IOException
-
-