Java Code Examples for org.apache.hadoop.security.UserGroupInformation#addTokenIdentifier()

The following examples show how to use org.apache.hadoop.security.UserGroupInformation#addTokenIdentifier() .
Example 1
Project: hadoop   File: TestContainerManagerRecovery.java    License: Apache License 2.0 6 votes vote down vote up
private StartContainersResponse startContainer(Context context,
    final ContainerManagerImpl cm, ContainerId cid,
    ContainerLaunchContext clc, LogAggregationContext logAggregationContext)
        throws Exception {
  UserGroupInformation user = UserGroupInformation.createRemoteUser(
      cid.getApplicationAttemptId().toString());
  StartContainerRequest scReq = StartContainerRequest.newInstance(
      clc, TestContainerManager.createContainerToken(cid, 0,
          context.getNodeId(), user.getShortUserName(),
          context.getContainerTokenSecretManager(), logAggregationContext));
  final List<StartContainerRequest> scReqList =
      new ArrayList<StartContainerRequest>();
  scReqList.add(scReq);
  NMTokenIdentifier nmToken = new NMTokenIdentifier(
      cid.getApplicationAttemptId(), context.getNodeId(),
      user.getShortUserName(),
      context.getNMTokenSecretManager().getCurrentKey().getKeyId());
  user.addTokenIdentifier(nmToken);
  return user.doAs(new PrivilegedExceptionAction<StartContainersResponse>() {
    @Override
    public StartContainersResponse run() throws Exception {
      return cm.startContainers(
          StartContainersRequest.newInstance(scReqList));
    }
  });
}
 
Example 2
Project: hbase   File: CustomSaslAuthenticationProviderTestBase.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public UserGroupInformation getAuthorizedUgi(String authzId,
  SecretManager<TokenIdentifier> secretManager) throws IOException {
  UserGroupInformation authorizedUgi;
  byte[] encodedId = SaslUtil.decodeIdentifier(authzId);
  PasswordAuthTokenIdentifier tokenId = new PasswordAuthTokenIdentifier();
  try {
    tokenId.readFields(new DataInputStream(new ByteArrayInputStream(encodedId)));
  } catch (IOException e) {
    throw new IOException("Can't de-serialize PasswordAuthTokenIdentifier", e);
  }
  authorizedUgi = tokenId.getUser();
  if (authorizedUgi == null) {
    throw new AccessDeniedException("Can't retrieve username from tokenIdentifier.");
  }
  authorizedUgi.addTokenIdentifier(tokenId);
  authorizedUgi.setAuthenticationMethod(getSaslAuthMethod().getAuthMethod());
  return authorizedUgi;
}
 
Example 3
Project: hadoop   File: Server.java    License: Apache License 2.0 6 votes vote down vote up
private UserGroupInformation getAuthorizedUgi(String authorizedId)
    throws InvalidToken, AccessControlException {
  if (authMethod == AuthMethod.TOKEN) {
    TokenIdentifier tokenId = SaslRpcServer.getIdentifier(authorizedId,
        secretManager);
    UserGroupInformation ugi = tokenId.getUser();
    if (ugi == null) {
      throw new AccessControlException(
          "Can't retrieve username from tokenIdentifier.");
    }
    ugi.addTokenIdentifier(tokenId);
    return ugi;
  } else {
    return UserGroupInformation.createRemoteUser(authorizedId, authMethod);
  }
}
 
Example 4
Project: big-c   File: TestContainerManagerRecovery.java    License: Apache License 2.0 6 votes vote down vote up
private StartContainersResponse startContainer(Context context,
    final ContainerManagerImpl cm, ContainerId cid,
    ContainerLaunchContext clc, LogAggregationContext logAggregationContext)
        throws Exception {
  UserGroupInformation user = UserGroupInformation.createRemoteUser(
      cid.getApplicationAttemptId().toString());
  StartContainerRequest scReq = StartContainerRequest.newInstance(
      clc, TestContainerManager.createContainerToken(cid, 0,
          context.getNodeId(), user.getShortUserName(),
          context.getContainerTokenSecretManager(), logAggregationContext));
  final List<StartContainerRequest> scReqList =
      new ArrayList<StartContainerRequest>();
  scReqList.add(scReq);
  NMTokenIdentifier nmToken = new NMTokenIdentifier(
      cid.getApplicationAttemptId(), context.getNodeId(),
      user.getShortUserName(),
      context.getNMTokenSecretManager().getCurrentKey().getKeyId());
  user.addTokenIdentifier(nmToken);
  return user.doAs(new PrivilegedExceptionAction<StartContainersResponse>() {
    @Override
    public StartContainersResponse run() throws Exception {
      return cm.startContainers(
          StartContainersRequest.newInstance(scReqList));
    }
  });
}
 
Example 5
Project: big-c   File: Server.java    License: Apache License 2.0 6 votes vote down vote up
private UserGroupInformation getAuthorizedUgi(String authorizedId)
    throws InvalidToken, AccessControlException {
  if (authMethod == AuthMethod.TOKEN) {
    TokenIdentifier tokenId = SaslRpcServer.getIdentifier(authorizedId,
        secretManager);
    UserGroupInformation ugi = tokenId.getUser();
    if (ugi == null) {
      throw new AccessControlException(
          "Can't retrieve username from tokenIdentifier.");
    }
    ugi.addTokenIdentifier(tokenId);
    return ugi;
  } else {
    return UserGroupInformation.createRemoteUser(authorizedId, authMethod);
  }
}
 
Example 6
Project: hadoop   File: TestContainerManager.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected ContainerManagerImpl
    createContainerManager(DeletionService delSrvc) {
  return new ContainerManagerImpl(context, exec, delSrvc, nodeStatusUpdater,
    metrics, new ApplicationACLsManager(conf), dirsHandler) {
    @Override
    public void
        setBlockNewContainerRequests(boolean blockNewContainerRequests) {
      // do nothing
    }

    @Override
    protected UserGroupInformation getRemoteUgi() throws YarnException {
      ApplicationId appId = ApplicationId.newInstance(0, 0);
      ApplicationAttemptId appAttemptId =
          ApplicationAttemptId.newInstance(appId, 1);
      UserGroupInformation ugi =
          UserGroupInformation.createRemoteUser(appAttemptId.toString());
      ugi.addTokenIdentifier(new NMTokenIdentifier(appAttemptId, context
        .getNodeId(), user, context.getNMTokenSecretManager().getCurrentKey()
        .getKeyId()));
      return ugi;
    }

    @Override
    protected void authorizeGetAndStopContainerRequest(ContainerId containerId,
        Container container, boolean stopRequest, NMTokenIdentifier identifier) throws YarnException {
      if(container == null || container.getUser().equals("Fail")){
        throw new YarnException("Reject this container");
      }
    }
  };
}
 
Example 7
Project: big-c   File: AMSimulator.java    License: Apache License 2.0 5 votes vote down vote up
private void registerAM()
        throws YarnException, IOException, InterruptedException {
  // register application master
  final RegisterApplicationMasterRequest amRegisterRequest =
          Records.newRecord(RegisterApplicationMasterRequest.class);
  amRegisterRequest.setHost("localhost");
  amRegisterRequest.setRpcPort(1000);
  amRegisterRequest.setTrackingUrl("localhost:1000");

  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(appAttemptId.toString());
  Token<AMRMTokenIdentifier> token = rm.getRMContext().getRMApps().get(appId)
      .getRMAppAttempt(appAttemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());

  ugi.doAs(
          new PrivilegedExceptionAction<RegisterApplicationMasterResponse>() {
    @Override
    public RegisterApplicationMasterResponse run() throws Exception {
      return rm.getApplicationMasterService()
              .registerApplicationMaster(amRegisterRequest);
    }
  });

  LOG.info(MessageFormat.format(
          "Register the application master for application {0}", appId));
}
 
Example 8
Project: hadoop   File: TestAMRMRPCResponseId.java    License: Apache License 2.0 5 votes vote down vote up
private AllocateResponse allocate(ApplicationAttemptId attemptId,
    final AllocateRequest req) throws Exception {
  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(attemptId.toString());
  org.apache.hadoop.security.token.Token<AMRMTokenIdentifier> token =
      rm.getRMContext().getRMApps().get(attemptId.getApplicationId())
        .getRMAppAttempt(attemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  return ugi.doAs(new PrivilegedExceptionAction<AllocateResponse>() {
    @Override
    public AllocateResponse run() throws Exception {
      return amService.allocate(req);
    }
  });
}
 
Example 9
Project: hadoop   File: TestAMRMRPCNodeUpdates.java    License: Apache License 2.0 5 votes vote down vote up
private AllocateResponse allocate(final ApplicationAttemptId attemptId,
    final AllocateRequest req) throws Exception {
  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(attemptId.toString());
  Token<AMRMTokenIdentifier> token =
      rm.getRMContext().getRMApps().get(attemptId.getApplicationId())
        .getRMAppAttempt(attemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  return ugi.doAs(new PrivilegedExceptionAction<AllocateResponse>() {
    @Override
    public AllocateResponse run() throws Exception {
      return amService.allocate(req);
    }
  });
}
 
Example 10
Project: hadoop   File: MockAM.java    License: Apache License 2.0 5 votes vote down vote up
public AllocateResponse allocate(AllocateRequest allocateRequest)
          throws Exception {
  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(attemptId.toString());
  Token<AMRMTokenIdentifier> token =
      context.getRMApps().get(attemptId.getApplicationId())
          .getRMAppAttempt(attemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  lastResponse = doAllocateAs(ugi, allocateRequest);
  return lastResponse;
}
 
Example 11
Project: hadoop   File: TestRMContainerAllocator.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected void register() {
  ApplicationAttemptId attemptId = getContext().getApplicationAttemptId();
  Token<AMRMTokenIdentifier> token =
      rm.getRMContext().getRMApps().get(attemptId.getApplicationId())
        .getRMAppAttempt(attemptId).getAMRMToken();
  try {
    UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
    ugi.addTokenIdentifier(token.decodeIdentifier());
  } catch (IOException e) {
    throw new YarnRuntimeException(e);
  }
  super.register();
}
 
Example 12
Project: hadoop   File: AMSimulator.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void lastStep() throws Exception {
  LOG.info(MessageFormat.format("Application {0} is shutting down.", appId));
  // unregister tracking
  if (isTracked) {
    untrackApp();
  }
  // unregister application master
  final FinishApplicationMasterRequest finishAMRequest = recordFactory
                .newRecordInstance(FinishApplicationMasterRequest.class);
  finishAMRequest.setFinalApplicationStatus(FinalApplicationStatus.SUCCEEDED);

  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(appAttemptId.toString());
  Token<AMRMTokenIdentifier> token = rm.getRMContext().getRMApps().get(appId)
      .getRMAppAttempt(appAttemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  ugi.doAs(new PrivilegedExceptionAction<Object>() {
    @Override
    public Object run() throws Exception {
      rm.getApplicationMasterService()
          .finishApplicationMaster(finishAMRequest);
      return null;
    }
  });

  simulateFinishTimeMS = System.currentTimeMillis() -
      SLSRunner.getRunner().getStartTimeMS();
  // record job running information
  ((ResourceSchedulerWrapper)rm.getResourceScheduler())
       .addAMRuntime(appId, 
                    traceStartTimeMS, traceFinishTimeMS, 
                    simulateStartTimeMS, simulateFinishTimeMS);
}
 
Example 13
Project: hadoop   File: AMSimulator.java    License: Apache License 2.0 5 votes vote down vote up
private void registerAM()
        throws YarnException, IOException, InterruptedException {
  // register application master
  final RegisterApplicationMasterRequest amRegisterRequest =
          Records.newRecord(RegisterApplicationMasterRequest.class);
  amRegisterRequest.setHost("localhost");
  amRegisterRequest.setRpcPort(1000);
  amRegisterRequest.setTrackingUrl("localhost:1000");

  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(appAttemptId.toString());
  Token<AMRMTokenIdentifier> token = rm.getRMContext().getRMApps().get(appId)
      .getRMAppAttempt(appAttemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());

  ugi.doAs(
          new PrivilegedExceptionAction<RegisterApplicationMasterResponse>() {
    @Override
    public RegisterApplicationMasterResponse run() throws Exception {
      return rm.getApplicationMasterService()
              .registerApplicationMaster(amRegisterRequest);
    }
  });

  LOG.info(MessageFormat.format(
          "Register the application master for application {0}", appId));
}
 
Example 14
Project: big-c   File: TestContainerManager.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected ContainerManagerImpl
    createContainerManager(DeletionService delSrvc) {
  return new ContainerManagerImpl(context, exec, delSrvc, nodeStatusUpdater,
    metrics, new ApplicationACLsManager(conf), dirsHandler) {
    @Override
    public void
        setBlockNewContainerRequests(boolean blockNewContainerRequests) {
      // do nothing
    }

    @Override
    protected UserGroupInformation getRemoteUgi() throws YarnException {
      ApplicationId appId = ApplicationId.newInstance(0, 0);
      ApplicationAttemptId appAttemptId =
          ApplicationAttemptId.newInstance(appId, 1);
      UserGroupInformation ugi =
          UserGroupInformation.createRemoteUser(appAttemptId.toString());
      ugi.addTokenIdentifier(new NMTokenIdentifier(appAttemptId, context
        .getNodeId(), user, context.getNMTokenSecretManager().getCurrentKey()
        .getKeyId()));
      return ugi;
    }

    @Override
    protected void authorizeGetAndStopContainerRequest(ContainerId containerId,
        Container container, boolean stopRequest, NMTokenIdentifier identifier) throws YarnException {
      if(container == null || container.getUser().equals("Fail")){
        throw new YarnException("Reject this container");
      }
    }
  };
}
 
Example 15
Project: big-c   File: DummyContainerManager.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected UserGroupInformation getRemoteUgi() throws YarnException {
  ApplicationId appId = ApplicationId.newInstance(0, 0);
  ApplicationAttemptId appAttemptId =
      ApplicationAttemptId.newInstance(appId, 1);
  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(appAttemptId.toString());
  ugi.addTokenIdentifier(new NMTokenIdentifier(appAttemptId, getContext()
    .getNodeId(), "testuser", getContext().getNMTokenSecretManager().getCurrentKey()
    .getKeyId()));
  return ugi;
}
 
Example 16
Project: big-c   File: MockAM.java    License: Apache License 2.0 5 votes vote down vote up
public AllocateResponse allocate(AllocateRequest allocateRequest)
          throws Exception {
  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(attemptId.toString());
  Token<AMRMTokenIdentifier> token =
      context.getRMApps().get(attemptId.getApplicationId())
          .getRMAppAttempt(attemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  lastResponse = doAllocateAs(ugi, allocateRequest);
  return lastResponse;
}
 
Example 17
Project: big-c   File: TestRMContainerAllocator.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected void register() {
  ApplicationAttemptId attemptId = getContext().getApplicationAttemptId();
  Token<AMRMTokenIdentifier> token =
      rm.getRMContext().getRMApps().get(attemptId.getApplicationId())
        .getRMAppAttempt(attemptId).getAMRMToken();
  try {
    UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
    ugi.addTokenIdentifier(token.decodeIdentifier());
  } catch (IOException e) {
    throw new YarnRuntimeException(e);
  }
  super.register();
}
 
Example 18
Project: big-c   File: AMSimulator.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void lastStep() throws Exception {
  LOG.info(MessageFormat.format("Application {0} is shutting down.", appId));
  // unregister tracking
  if (isTracked) {
    untrackApp();
  }
  // unregister application master
  final FinishApplicationMasterRequest finishAMRequest = recordFactory
                .newRecordInstance(FinishApplicationMasterRequest.class);
  finishAMRequest.setFinalApplicationStatus(FinalApplicationStatus.SUCCEEDED);

  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(appAttemptId.toString());
  Token<AMRMTokenIdentifier> token = rm.getRMContext().getRMApps().get(appId)
      .getRMAppAttempt(appAttemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  ugi.doAs(new PrivilegedExceptionAction<Object>() {
    @Override
    public Object run() throws Exception {
      rm.getApplicationMasterService()
          .finishApplicationMaster(finishAMRequest);
      return null;
    }
  });

  simulateFinishTimeMS = System.currentTimeMillis() -
      SLSRunner.getRunner().getStartTimeMS();
  // record job running information
  ((ResourceSchedulerWrapper)rm.getResourceScheduler())
       .addAMRuntime(appId, 
                    traceStartTimeMS, traceFinishTimeMS, 
                    simulateStartTimeMS, simulateFinishTimeMS);
}
 
Example 19
Project: hadoop   File: MRAMSimulator.java    License: Apache License 2.0 4 votes vote down vote up
@Override
protected void sendContainerRequest()
        throws YarnException, IOException, InterruptedException {
  if (isFinished) {
    return;
  }

  // send out request
  List<ResourceRequest> ask = null;
  if (isAMContainerRunning) {
    if (mapFinished != mapTotal) {
      // map phase
      if (! pendingMaps.isEmpty()) {
        ask = packageRequests(pendingMaps, PRIORITY_MAP);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "request for {1} mappers.", appId, pendingMaps.size()));
        scheduledMaps.addAll(pendingMaps);
        pendingMaps.clear();
      } else if (! pendingFailedMaps.isEmpty() && scheduledMaps.isEmpty()) {
        ask = packageRequests(pendingFailedMaps, PRIORITY_MAP);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "requests for {1} failed mappers.", appId,
                pendingFailedMaps.size()));
        scheduledMaps.addAll(pendingFailedMaps);
        pendingFailedMaps.clear();
      }
    } else if (reduceFinished != reduceTotal) {
      // reduce phase
      if (! pendingReduces.isEmpty()) {
        ask = packageRequests(pendingReduces, PRIORITY_REDUCE);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "requests for {1} reducers.", appId, pendingReduces.size()));
        scheduledReduces.addAll(pendingReduces);
        pendingReduces.clear();
      } else if (! pendingFailedReduces.isEmpty()
              && scheduledReduces.isEmpty()) {
        ask = packageRequests(pendingFailedReduces, PRIORITY_REDUCE);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "request for {1} failed reducers.", appId,
                pendingFailedReduces.size()));
        scheduledReduces.addAll(pendingFailedReduces);
        pendingFailedReduces.clear();
      }
    }
  }
  if (ask == null) {
    ask = new ArrayList<ResourceRequest>();
  }
  
  final AllocateRequest request = createAllocateRequest(ask);
  if (totalContainers == 0) {
    request.setProgress(1.0f);
  } else {
    request.setProgress((float) finishedContainers / totalContainers);
  }

  UserGroupInformation ugi =
          UserGroupInformation.createRemoteUser(appAttemptId.toString());
  Token<AMRMTokenIdentifier> token = rm.getRMContext().getRMApps()
          .get(appAttemptId.getApplicationId())
          .getRMAppAttempt(appAttemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  AllocateResponse response = ugi.doAs(
          new PrivilegedExceptionAction<AllocateResponse>() {
    @Override
    public AllocateResponse run() throws Exception {
      return rm.getApplicationMasterService().allocate(request);
    }
  });
  if (response != null) {
    responseQueue.put(response);
  }
}
 
Example 20
Project: big-c   File: MRAMSimulator.java    License: Apache License 2.0 4 votes vote down vote up
@Override
protected void sendContainerRequest()
        throws YarnException, IOException, InterruptedException {
  if (isFinished) {
    return;
  }

  // send out request
  List<ResourceRequest> ask = null;
  if (isAMContainerRunning) {
    if (mapFinished != mapTotal) {
      // map phase
      if (! pendingMaps.isEmpty()) {
        ask = packageRequests(pendingMaps, PRIORITY_MAP);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "request for {1} mappers.", appId, pendingMaps.size()));
        scheduledMaps.addAll(pendingMaps);
        pendingMaps.clear();
      } else if (! pendingFailedMaps.isEmpty() && scheduledMaps.isEmpty()) {
        ask = packageRequests(pendingFailedMaps, PRIORITY_MAP);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "requests for {1} failed mappers.", appId,
                pendingFailedMaps.size()));
        scheduledMaps.addAll(pendingFailedMaps);
        pendingFailedMaps.clear();
      }
    } else if (reduceFinished != reduceTotal) {
      // reduce phase
      if (! pendingReduces.isEmpty()) {
        ask = packageRequests(pendingReduces, PRIORITY_REDUCE);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "requests for {1} reducers.", appId, pendingReduces.size()));
        scheduledReduces.addAll(pendingReduces);
        pendingReduces.clear();
      } else if (! pendingFailedReduces.isEmpty()
              && scheduledReduces.isEmpty()) {
        ask = packageRequests(pendingFailedReduces, PRIORITY_REDUCE);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "request for {1} failed reducers.", appId,
                pendingFailedReduces.size()));
        scheduledReduces.addAll(pendingFailedReduces);
        pendingFailedReduces.clear();
      }
    }
  }
  if (ask == null) {
    ask = new ArrayList<ResourceRequest>();
  }
  
  final AllocateRequest request = createAllocateRequest(ask);
  if (totalContainers == 0) {
    request.setProgress(1.0f);
  } else {
    request.setProgress((float) finishedContainers / totalContainers);
  }

  UserGroupInformation ugi =
          UserGroupInformation.createRemoteUser(appAttemptId.toString());
  Token<AMRMTokenIdentifier> token = rm.getRMContext().getRMApps()
          .get(appAttemptId.getApplicationId())
          .getRMAppAttempt(appAttemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  AllocateResponse response = ugi.doAs(
          new PrivilegedExceptionAction<AllocateResponse>() {
    @Override
    public AllocateResponse run() throws Exception {
      return rm.getApplicationMasterService().allocate(request);
    }
  });
  if (response != null) {
    responseQueue.put(response);
  }
}