Java Code Examples for org.apache.hadoop.security.UserGroupInformation#addTokenIdentifier()

The following examples show how to use org.apache.hadoop.security.UserGroupInformation#addTokenIdentifier() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
private StartContainersResponse startContainer(Context context,
    final ContainerManagerImpl cm, ContainerId cid,
    ContainerLaunchContext clc, LogAggregationContext logAggregationContext)
        throws Exception {
  UserGroupInformation user = UserGroupInformation.createRemoteUser(
      cid.getApplicationAttemptId().toString());
  StartContainerRequest scReq = StartContainerRequest.newInstance(
      clc, TestContainerManager.createContainerToken(cid, 0,
          context.getNodeId(), user.getShortUserName(),
          context.getContainerTokenSecretManager(), logAggregationContext));
  final List<StartContainerRequest> scReqList =
      new ArrayList<StartContainerRequest>();
  scReqList.add(scReq);
  NMTokenIdentifier nmToken = new NMTokenIdentifier(
      cid.getApplicationAttemptId(), context.getNodeId(),
      user.getShortUserName(),
      context.getNMTokenSecretManager().getCurrentKey().getKeyId());
  user.addTokenIdentifier(nmToken);
  return user.doAs(new PrivilegedExceptionAction<StartContainersResponse>() {
    @Override
    public StartContainersResponse run() throws Exception {
      return cm.startContainers(
          StartContainersRequest.newInstance(scReqList));
    }
  });
}
 
Example 2
@Override
public UserGroupInformation getAuthorizedUgi(String authzId,
  SecretManager<TokenIdentifier> secretManager) throws IOException {
  UserGroupInformation authorizedUgi;
  byte[] encodedId = SaslUtil.decodeIdentifier(authzId);
  PasswordAuthTokenIdentifier tokenId = new PasswordAuthTokenIdentifier();
  try {
    tokenId.readFields(new DataInputStream(new ByteArrayInputStream(encodedId)));
  } catch (IOException e) {
    throw new IOException("Can't de-serialize PasswordAuthTokenIdentifier", e);
  }
  authorizedUgi = tokenId.getUser();
  if (authorizedUgi == null) {
    throw new AccessDeniedException("Can't retrieve username from tokenIdentifier.");
  }
  authorizedUgi.addTokenIdentifier(tokenId);
  authorizedUgi.setAuthenticationMethod(getSaslAuthMethod().getAuthMethod());
  return authorizedUgi;
}
 
Example 3
Source Project: hadoop   File: Server.java    License: Apache License 2.0 6 votes vote down vote up
private UserGroupInformation getAuthorizedUgi(String authorizedId)
    throws InvalidToken, AccessControlException {
  if (authMethod == AuthMethod.TOKEN) {
    TokenIdentifier tokenId = SaslRpcServer.getIdentifier(authorizedId,
        secretManager);
    UserGroupInformation ugi = tokenId.getUser();
    if (ugi == null) {
      throw new AccessControlException(
          "Can't retrieve username from tokenIdentifier.");
    }
    ugi.addTokenIdentifier(tokenId);
    return ugi;
  } else {
    return UserGroupInformation.createRemoteUser(authorizedId, authMethod);
  }
}
 
Example 4
private StartContainersResponse startContainer(Context context,
    final ContainerManagerImpl cm, ContainerId cid,
    ContainerLaunchContext clc, LogAggregationContext logAggregationContext)
        throws Exception {
  UserGroupInformation user = UserGroupInformation.createRemoteUser(
      cid.getApplicationAttemptId().toString());
  StartContainerRequest scReq = StartContainerRequest.newInstance(
      clc, TestContainerManager.createContainerToken(cid, 0,
          context.getNodeId(), user.getShortUserName(),
          context.getContainerTokenSecretManager(), logAggregationContext));
  final List<StartContainerRequest> scReqList =
      new ArrayList<StartContainerRequest>();
  scReqList.add(scReq);
  NMTokenIdentifier nmToken = new NMTokenIdentifier(
      cid.getApplicationAttemptId(), context.getNodeId(),
      user.getShortUserName(),
      context.getNMTokenSecretManager().getCurrentKey().getKeyId());
  user.addTokenIdentifier(nmToken);
  return user.doAs(new PrivilegedExceptionAction<StartContainersResponse>() {
    @Override
    public StartContainersResponse run() throws Exception {
      return cm.startContainers(
          StartContainersRequest.newInstance(scReqList));
    }
  });
}
 
Example 5
Source Project: big-c   File: Server.java    License: Apache License 2.0 6 votes vote down vote up
private UserGroupInformation getAuthorizedUgi(String authorizedId)
    throws InvalidToken, AccessControlException {
  if (authMethod == AuthMethod.TOKEN) {
    TokenIdentifier tokenId = SaslRpcServer.getIdentifier(authorizedId,
        secretManager);
    UserGroupInformation ugi = tokenId.getUser();
    if (ugi == null) {
      throw new AccessControlException(
          "Can't retrieve username from tokenIdentifier.");
    }
    ugi.addTokenIdentifier(tokenId);
    return ugi;
  } else {
    return UserGroupInformation.createRemoteUser(authorizedId, authMethod);
  }
}
 
Example 6
Source Project: hadoop   File: TestContainerManager.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected ContainerManagerImpl
    createContainerManager(DeletionService delSrvc) {
  return new ContainerManagerImpl(context, exec, delSrvc, nodeStatusUpdater,
    metrics, new ApplicationACLsManager(conf), dirsHandler) {
    @Override
    public void
        setBlockNewContainerRequests(boolean blockNewContainerRequests) {
      // do nothing
    }

    @Override
    protected UserGroupInformation getRemoteUgi() throws YarnException {
      ApplicationId appId = ApplicationId.newInstance(0, 0);
      ApplicationAttemptId appAttemptId =
          ApplicationAttemptId.newInstance(appId, 1);
      UserGroupInformation ugi =
          UserGroupInformation.createRemoteUser(appAttemptId.toString());
      ugi.addTokenIdentifier(new NMTokenIdentifier(appAttemptId, context
        .getNodeId(), user, context.getNMTokenSecretManager().getCurrentKey()
        .getKeyId()));
      return ugi;
    }

    @Override
    protected void authorizeGetAndStopContainerRequest(ContainerId containerId,
        Container container, boolean stopRequest, NMTokenIdentifier identifier) throws YarnException {
      if(container == null || container.getUser().equals("Fail")){
        throw new YarnException("Reject this container");
      }
    }
  };
}
 
Example 7
Source Project: big-c   File: AMSimulator.java    License: Apache License 2.0 5 votes vote down vote up
private void registerAM()
        throws YarnException, IOException, InterruptedException {
  // register application master
  final RegisterApplicationMasterRequest amRegisterRequest =
          Records.newRecord(RegisterApplicationMasterRequest.class);
  amRegisterRequest.setHost("localhost");
  amRegisterRequest.setRpcPort(1000);
  amRegisterRequest.setTrackingUrl("localhost:1000");

  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(appAttemptId.toString());
  Token<AMRMTokenIdentifier> token = rm.getRMContext().getRMApps().get(appId)
      .getRMAppAttempt(appAttemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());

  ugi.doAs(
          new PrivilegedExceptionAction<RegisterApplicationMasterResponse>() {
    @Override
    public RegisterApplicationMasterResponse run() throws Exception {
      return rm.getApplicationMasterService()
              .registerApplicationMaster(amRegisterRequest);
    }
  });

  LOG.info(MessageFormat.format(
          "Register the application master for application {0}", appId));
}
 
Example 8
Source Project: hadoop   File: TestAMRMRPCResponseId.java    License: Apache License 2.0 5 votes vote down vote up
private AllocateResponse allocate(ApplicationAttemptId attemptId,
    final AllocateRequest req) throws Exception {
  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(attemptId.toString());
  org.apache.hadoop.security.token.Token<AMRMTokenIdentifier> token =
      rm.getRMContext().getRMApps().get(attemptId.getApplicationId())
        .getRMAppAttempt(attemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  return ugi.doAs(new PrivilegedExceptionAction<AllocateResponse>() {
    @Override
    public AllocateResponse run() throws Exception {
      return amService.allocate(req);
    }
  });
}
 
Example 9
Source Project: hadoop   File: TestAMRMRPCNodeUpdates.java    License: Apache License 2.0 5 votes vote down vote up
private AllocateResponse allocate(final ApplicationAttemptId attemptId,
    final AllocateRequest req) throws Exception {
  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(attemptId.toString());
  Token<AMRMTokenIdentifier> token =
      rm.getRMContext().getRMApps().get(attemptId.getApplicationId())
        .getRMAppAttempt(attemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  return ugi.doAs(new PrivilegedExceptionAction<AllocateResponse>() {
    @Override
    public AllocateResponse run() throws Exception {
      return amService.allocate(req);
    }
  });
}
 
Example 10
Source Project: hadoop   File: MockAM.java    License: Apache License 2.0 5 votes vote down vote up
public AllocateResponse allocate(AllocateRequest allocateRequest)
          throws Exception {
  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(attemptId.toString());
  Token<AMRMTokenIdentifier> token =
      context.getRMApps().get(attemptId.getApplicationId())
          .getRMAppAttempt(attemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  lastResponse = doAllocateAs(ugi, allocateRequest);
  return lastResponse;
}
 
Example 11
Source Project: hadoop   File: TestRMContainerAllocator.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected void register() {
  ApplicationAttemptId attemptId = getContext().getApplicationAttemptId();
  Token<AMRMTokenIdentifier> token =
      rm.getRMContext().getRMApps().get(attemptId.getApplicationId())
        .getRMAppAttempt(attemptId).getAMRMToken();
  try {
    UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
    ugi.addTokenIdentifier(token.decodeIdentifier());
  } catch (IOException e) {
    throw new YarnRuntimeException(e);
  }
  super.register();
}
 
Example 12
Source Project: hadoop   File: AMSimulator.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void lastStep() throws Exception {
  LOG.info(MessageFormat.format("Application {0} is shutting down.", appId));
  // unregister tracking
  if (isTracked) {
    untrackApp();
  }
  // unregister application master
  final FinishApplicationMasterRequest finishAMRequest = recordFactory
                .newRecordInstance(FinishApplicationMasterRequest.class);
  finishAMRequest.setFinalApplicationStatus(FinalApplicationStatus.SUCCEEDED);

  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(appAttemptId.toString());
  Token<AMRMTokenIdentifier> token = rm.getRMContext().getRMApps().get(appId)
      .getRMAppAttempt(appAttemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  ugi.doAs(new PrivilegedExceptionAction<Object>() {
    @Override
    public Object run() throws Exception {
      rm.getApplicationMasterService()
          .finishApplicationMaster(finishAMRequest);
      return null;
    }
  });

  simulateFinishTimeMS = System.currentTimeMillis() -
      SLSRunner.getRunner().getStartTimeMS();
  // record job running information
  ((ResourceSchedulerWrapper)rm.getResourceScheduler())
       .addAMRuntime(appId, 
                    traceStartTimeMS, traceFinishTimeMS, 
                    simulateStartTimeMS, simulateFinishTimeMS);
}
 
Example 13
Source Project: hadoop   File: AMSimulator.java    License: Apache License 2.0 5 votes vote down vote up
private void registerAM()
        throws YarnException, IOException, InterruptedException {
  // register application master
  final RegisterApplicationMasterRequest amRegisterRequest =
          Records.newRecord(RegisterApplicationMasterRequest.class);
  amRegisterRequest.setHost("localhost");
  amRegisterRequest.setRpcPort(1000);
  amRegisterRequest.setTrackingUrl("localhost:1000");

  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(appAttemptId.toString());
  Token<AMRMTokenIdentifier> token = rm.getRMContext().getRMApps().get(appId)
      .getRMAppAttempt(appAttemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());

  ugi.doAs(
          new PrivilegedExceptionAction<RegisterApplicationMasterResponse>() {
    @Override
    public RegisterApplicationMasterResponse run() throws Exception {
      return rm.getApplicationMasterService()
              .registerApplicationMaster(amRegisterRequest);
    }
  });

  LOG.info(MessageFormat.format(
          "Register the application master for application {0}", appId));
}
 
Example 14
Source Project: big-c   File: TestContainerManager.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected ContainerManagerImpl
    createContainerManager(DeletionService delSrvc) {
  return new ContainerManagerImpl(context, exec, delSrvc, nodeStatusUpdater,
    metrics, new ApplicationACLsManager(conf), dirsHandler) {
    @Override
    public void
        setBlockNewContainerRequests(boolean blockNewContainerRequests) {
      // do nothing
    }

    @Override
    protected UserGroupInformation getRemoteUgi() throws YarnException {
      ApplicationId appId = ApplicationId.newInstance(0, 0);
      ApplicationAttemptId appAttemptId =
          ApplicationAttemptId.newInstance(appId, 1);
      UserGroupInformation ugi =
          UserGroupInformation.createRemoteUser(appAttemptId.toString());
      ugi.addTokenIdentifier(new NMTokenIdentifier(appAttemptId, context
        .getNodeId(), user, context.getNMTokenSecretManager().getCurrentKey()
        .getKeyId()));
      return ugi;
    }

    @Override
    protected void authorizeGetAndStopContainerRequest(ContainerId containerId,
        Container container, boolean stopRequest, NMTokenIdentifier identifier) throws YarnException {
      if(container == null || container.getUser().equals("Fail")){
        throw new YarnException("Reject this container");
      }
    }
  };
}
 
Example 15
Source Project: big-c   File: DummyContainerManager.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected UserGroupInformation getRemoteUgi() throws YarnException {
  ApplicationId appId = ApplicationId.newInstance(0, 0);
  ApplicationAttemptId appAttemptId =
      ApplicationAttemptId.newInstance(appId, 1);
  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(appAttemptId.toString());
  ugi.addTokenIdentifier(new NMTokenIdentifier(appAttemptId, getContext()
    .getNodeId(), "testuser", getContext().getNMTokenSecretManager().getCurrentKey()
    .getKeyId()));
  return ugi;
}
 
Example 16
Source Project: big-c   File: MockAM.java    License: Apache License 2.0 5 votes vote down vote up
public AllocateResponse allocate(AllocateRequest allocateRequest)
          throws Exception {
  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(attemptId.toString());
  Token<AMRMTokenIdentifier> token =
      context.getRMApps().get(attemptId.getApplicationId())
          .getRMAppAttempt(attemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  lastResponse = doAllocateAs(ugi, allocateRequest);
  return lastResponse;
}
 
Example 17
Source Project: big-c   File: TestRMContainerAllocator.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected void register() {
  ApplicationAttemptId attemptId = getContext().getApplicationAttemptId();
  Token<AMRMTokenIdentifier> token =
      rm.getRMContext().getRMApps().get(attemptId.getApplicationId())
        .getRMAppAttempt(attemptId).getAMRMToken();
  try {
    UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
    ugi.addTokenIdentifier(token.decodeIdentifier());
  } catch (IOException e) {
    throw new YarnRuntimeException(e);
  }
  super.register();
}
 
Example 18
Source Project: big-c   File: AMSimulator.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void lastStep() throws Exception {
  LOG.info(MessageFormat.format("Application {0} is shutting down.", appId));
  // unregister tracking
  if (isTracked) {
    untrackApp();
  }
  // unregister application master
  final FinishApplicationMasterRequest finishAMRequest = recordFactory
                .newRecordInstance(FinishApplicationMasterRequest.class);
  finishAMRequest.setFinalApplicationStatus(FinalApplicationStatus.SUCCEEDED);

  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(appAttemptId.toString());
  Token<AMRMTokenIdentifier> token = rm.getRMContext().getRMApps().get(appId)
      .getRMAppAttempt(appAttemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  ugi.doAs(new PrivilegedExceptionAction<Object>() {
    @Override
    public Object run() throws Exception {
      rm.getApplicationMasterService()
          .finishApplicationMaster(finishAMRequest);
      return null;
    }
  });

  simulateFinishTimeMS = System.currentTimeMillis() -
      SLSRunner.getRunner().getStartTimeMS();
  // record job running information
  ((ResourceSchedulerWrapper)rm.getResourceScheduler())
       .addAMRuntime(appId, 
                    traceStartTimeMS, traceFinishTimeMS, 
                    simulateStartTimeMS, simulateFinishTimeMS);
}
 
Example 19
Source Project: hadoop   File: MRAMSimulator.java    License: Apache License 2.0 4 votes vote down vote up
@Override
protected void sendContainerRequest()
        throws YarnException, IOException, InterruptedException {
  if (isFinished) {
    return;
  }

  // send out request
  List<ResourceRequest> ask = null;
  if (isAMContainerRunning) {
    if (mapFinished != mapTotal) {
      // map phase
      if (! pendingMaps.isEmpty()) {
        ask = packageRequests(pendingMaps, PRIORITY_MAP);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "request for {1} mappers.", appId, pendingMaps.size()));
        scheduledMaps.addAll(pendingMaps);
        pendingMaps.clear();
      } else if (! pendingFailedMaps.isEmpty() && scheduledMaps.isEmpty()) {
        ask = packageRequests(pendingFailedMaps, PRIORITY_MAP);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "requests for {1} failed mappers.", appId,
                pendingFailedMaps.size()));
        scheduledMaps.addAll(pendingFailedMaps);
        pendingFailedMaps.clear();
      }
    } else if (reduceFinished != reduceTotal) {
      // reduce phase
      if (! pendingReduces.isEmpty()) {
        ask = packageRequests(pendingReduces, PRIORITY_REDUCE);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "requests for {1} reducers.", appId, pendingReduces.size()));
        scheduledReduces.addAll(pendingReduces);
        pendingReduces.clear();
      } else if (! pendingFailedReduces.isEmpty()
              && scheduledReduces.isEmpty()) {
        ask = packageRequests(pendingFailedReduces, PRIORITY_REDUCE);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "request for {1} failed reducers.", appId,
                pendingFailedReduces.size()));
        scheduledReduces.addAll(pendingFailedReduces);
        pendingFailedReduces.clear();
      }
    }
  }
  if (ask == null) {
    ask = new ArrayList<ResourceRequest>();
  }
  
  final AllocateRequest request = createAllocateRequest(ask);
  if (totalContainers == 0) {
    request.setProgress(1.0f);
  } else {
    request.setProgress((float) finishedContainers / totalContainers);
  }

  UserGroupInformation ugi =
          UserGroupInformation.createRemoteUser(appAttemptId.toString());
  Token<AMRMTokenIdentifier> token = rm.getRMContext().getRMApps()
          .get(appAttemptId.getApplicationId())
          .getRMAppAttempt(appAttemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  AllocateResponse response = ugi.doAs(
          new PrivilegedExceptionAction<AllocateResponse>() {
    @Override
    public AllocateResponse run() throws Exception {
      return rm.getApplicationMasterService().allocate(request);
    }
  });
  if (response != null) {
    responseQueue.put(response);
  }
}
 
Example 20
Source Project: big-c   File: MRAMSimulator.java    License: Apache License 2.0 4 votes vote down vote up
@Override
protected void sendContainerRequest()
        throws YarnException, IOException, InterruptedException {
  if (isFinished) {
    return;
  }

  // send out request
  List<ResourceRequest> ask = null;
  if (isAMContainerRunning) {
    if (mapFinished != mapTotal) {
      // map phase
      if (! pendingMaps.isEmpty()) {
        ask = packageRequests(pendingMaps, PRIORITY_MAP);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "request for {1} mappers.", appId, pendingMaps.size()));
        scheduledMaps.addAll(pendingMaps);
        pendingMaps.clear();
      } else if (! pendingFailedMaps.isEmpty() && scheduledMaps.isEmpty()) {
        ask = packageRequests(pendingFailedMaps, PRIORITY_MAP);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "requests for {1} failed mappers.", appId,
                pendingFailedMaps.size()));
        scheduledMaps.addAll(pendingFailedMaps);
        pendingFailedMaps.clear();
      }
    } else if (reduceFinished != reduceTotal) {
      // reduce phase
      if (! pendingReduces.isEmpty()) {
        ask = packageRequests(pendingReduces, PRIORITY_REDUCE);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "requests for {1} reducers.", appId, pendingReduces.size()));
        scheduledReduces.addAll(pendingReduces);
        pendingReduces.clear();
      } else if (! pendingFailedReduces.isEmpty()
              && scheduledReduces.isEmpty()) {
        ask = packageRequests(pendingFailedReduces, PRIORITY_REDUCE);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "request for {1} failed reducers.", appId,
                pendingFailedReduces.size()));
        scheduledReduces.addAll(pendingFailedReduces);
        pendingFailedReduces.clear();
      }
    }
  }
  if (ask == null) {
    ask = new ArrayList<ResourceRequest>();
  }
  
  final AllocateRequest request = createAllocateRequest(ask);
  if (totalContainers == 0) {
    request.setProgress(1.0f);
  } else {
    request.setProgress((float) finishedContainers / totalContainers);
  }

  UserGroupInformation ugi =
          UserGroupInformation.createRemoteUser(appAttemptId.toString());
  Token<AMRMTokenIdentifier> token = rm.getRMContext().getRMApps()
          .get(appAttemptId.getApplicationId())
          .getRMAppAttempt(appAttemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  AllocateResponse response = ugi.doAs(
          new PrivilegedExceptionAction<AllocateResponse>() {
    @Override
    public AllocateResponse run() throws Exception {
      return rm.getApplicationMasterService().allocate(request);
    }
  });
  if (response != null) {
    responseQueue.put(response);
  }
}