Java Code Examples for org.apache.hadoop.security.UserGroupInformation#getTokens()

The following examples show how to use org.apache.hadoop.security.UserGroupInformation#getTokens() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: Flink-CEPplus   File: Utils.java    License: Apache License 2.0 6 votes vote down vote up
public static void setTokensFor(ContainerLaunchContext amContainer, List<Path> paths, Configuration conf) throws IOException {
	Credentials credentials = new Credentials();
	// for HDFS
	TokenCache.obtainTokensForNamenodes(credentials, paths.toArray(new Path[0]), conf);
	// for HBase
	obtainTokenForHBase(credentials, conf);
	// for user
	UserGroupInformation currUsr = UserGroupInformation.getCurrentUser();

	Collection<Token<? extends TokenIdentifier>> usrTok = currUsr.getTokens();
	for (Token<? extends TokenIdentifier> token : usrTok) {
		final Text id = new Text(token.getIdentifier());
		LOG.info("Adding user token " + id + " with " + token);
		credentials.addToken(id, token);
	}
	try (DataOutputBuffer dob = new DataOutputBuffer()) {
		credentials.writeTokenStorageToStream(dob);

		if (LOG.isDebugEnabled()) {
			LOG.debug("Wrote tokens. Credentials buffer length: " + dob.getLength());
		}

		ByteBuffer securityTokens = ByteBuffer.wrap(dob.getData(), 0, dob.getLength());
		amContainer.setTokens(securityTokens);
	}
}
 
Example 2
Source Project: flink   File: Utils.java    License: Apache License 2.0 6 votes vote down vote up
public static void setTokensFor(ContainerLaunchContext amContainer, List<Path> paths, Configuration conf) throws IOException {
	Credentials credentials = new Credentials();
	// for HDFS
	TokenCache.obtainTokensForNamenodes(credentials, paths.toArray(new Path[0]), conf);
	// for HBase
	obtainTokenForHBase(credentials, conf);
	// for user
	UserGroupInformation currUsr = UserGroupInformation.getCurrentUser();

	Collection<Token<? extends TokenIdentifier>> usrTok = currUsr.getTokens();
	for (Token<? extends TokenIdentifier> token : usrTok) {
		final Text id = new Text(token.getIdentifier());
		LOG.info("Adding user token " + id + " with " + token);
		credentials.addToken(id, token);
	}
	try (DataOutputBuffer dob = new DataOutputBuffer()) {
		credentials.writeTokenStorageToStream(dob);

		if (LOG.isDebugEnabled()) {
			LOG.debug("Wrote tokens. Credentials buffer length: " + dob.getLength());
		}

		ByteBuffer securityTokens = ByteBuffer.wrap(dob.getData(), 0, dob.getLength());
		amContainer.setTokens(securityTokens);
	}
}
 
Example 3
Source Project: flink   File: Utils.java    License: Apache License 2.0 6 votes vote down vote up
public static void setTokensFor(ContainerLaunchContext amContainer, List<Path> paths, Configuration conf) throws IOException {
	Credentials credentials = new Credentials();
	// for HDFS
	TokenCache.obtainTokensForNamenodes(credentials, paths.toArray(new Path[0]), conf);
	// for HBase
	obtainTokenForHBase(credentials, conf);
	// for user
	UserGroupInformation currUsr = UserGroupInformation.getCurrentUser();

	Collection<Token<? extends TokenIdentifier>> usrTok = currUsr.getTokens();
	for (Token<? extends TokenIdentifier> token : usrTok) {
		final Text id = new Text(token.getIdentifier());
		LOG.info("Adding user token " + id + " with " + token);
		credentials.addToken(id, token);
	}
	try (DataOutputBuffer dob = new DataOutputBuffer()) {
		credentials.writeTokenStorageToStream(dob);

		if (LOG.isDebugEnabled()) {
			LOG.debug("Wrote tokens. Credentials buffer length: " + dob.getLength());
		}

		ByteBuffer securityTokens = ByteBuffer.wrap(dob.getData(), 0, dob.getLength());
		amContainer.setTokens(securityTokens);
	}
}
 
Example 4
Source Project: stratosphere   File: Utils.java    License: Apache License 2.0 6 votes vote down vote up
public static void setTokensFor(ContainerLaunchContext amContainer, Path[] paths, Configuration conf) throws IOException {
	Credentials credentials = new Credentials();
	// for HDFS
	TokenCache.obtainTokensForNamenodes(credentials, paths, conf);
	// for user
	UserGroupInformation currUsr = UserGroupInformation.getCurrentUser();
	
	Collection<Token<? extends TokenIdentifier>> usrTok = currUsr.getTokens();
	for(Token<? extends TokenIdentifier> token : usrTok) {
		final Text id = new Text(token.getIdentifier());
		LOG.info("Adding user token "+id+" with "+token);
		credentials.addToken(id, token);
	}
	DataOutputBuffer dob = new DataOutputBuffer();
	credentials.writeTokenStorageToStream(dob);
	LOG.debug("Wrote tokens. Credentials buffer length: "+dob.getLength());
	
	ByteBuffer securityTokens = ByteBuffer.wrap(dob.getData(), 0, dob.getLength());
	amContainer.setTokens(securityTokens);
}
 
Example 5
Source Project: SpyGlass   File: HBaseTap.java    License: Apache License 2.0 6 votes vote down vote up
private void obtainToken(JobConf conf) {
  if (User.isHBaseSecurityEnabled(conf)) {
    String user = conf.getUser();
    LOG.info("obtaining HBase token for: {}", user);
    try {
      UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
      user = currentUser.getUserName();
      Credentials credentials = conf.getCredentials();
      for (Token t : currentUser.getTokens()) {
        LOG.debug("Token {} is available", t);
        if ("HBASE_AUTH_TOKEN".equalsIgnoreCase(t.getKind().toString()))
          credentials.addToken(t.getKind(), t);
      }
    } catch (IOException e) {
      throw new TapException("Unable to obtain HBase auth token for " + user, e);
    }
  }
}
 
Example 6
Source Project: Flink-CEPplus   File: HadoopUtils.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Indicates whether the current user has an HDFS delegation token.
 */
public static boolean hasHDFSDelegationToken() throws Exception {
	UserGroupInformation loginUser = UserGroupInformation.getCurrentUser();
	Collection<Token<? extends TokenIdentifier>> usrTok = loginUser.getTokens();
	for (Token<? extends TokenIdentifier> token : usrTok) {
		if (token.getKind().equals(HDFS_DELEGATION_TOKEN_KIND)) {
			return true;
		}
	}
	return false;
}
 
Example 7
Source Project: flink   File: HadoopUtils.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Indicates whether the current user has an HDFS delegation token.
 */
public static boolean hasHDFSDelegationToken() throws Exception {
	UserGroupInformation loginUser = UserGroupInformation.getCurrentUser();
	Collection<Token<? extends TokenIdentifier>> usrTok = loginUser.getTokens();
	for (Token<? extends TokenIdentifier> token : usrTok) {
		if (token.getKind().equals(HDFS_DELEGATION_TOKEN_KIND)) {
			return true;
		}
	}
	return false;
}
 
Example 8
Source Project: flink   File: HadoopUtils.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Indicates whether the user has an HDFS delegation token.
 */
public static boolean hasHDFSDelegationToken(UserGroupInformation ugi) {
	Collection<Token<? extends TokenIdentifier>> usrTok = ugi.getTokens();
	for (Token<? extends TokenIdentifier> token : usrTok) {
		if (token.getKind().equals(HDFS_DELEGATION_TOKEN_KIND)) {
			return true;
		}
	}
	return false;
}
 
Example 9
@Test
public void testAMRMTokenUpdate() throws Exception {
  Configuration conf = new Configuration();
  ApplicationAttemptId attemptId = ApplicationAttemptId.newInstance(
      ApplicationId.newInstance(1, 1), 1);
  AMRMTokenIdentifier oldTokenId = new AMRMTokenIdentifier(attemptId, 1);
  AMRMTokenIdentifier newTokenId = new AMRMTokenIdentifier(attemptId, 2);
  Token<AMRMTokenIdentifier> oldToken = new Token<AMRMTokenIdentifier>(
      oldTokenId.getBytes(), "oldpassword".getBytes(), oldTokenId.getKind(),
      new Text());
  Token<AMRMTokenIdentifier> newToken = new Token<AMRMTokenIdentifier>(
      newTokenId.getBytes(), "newpassword".getBytes(), newTokenId.getKind(),
      new Text());

  MockScheduler scheduler = new MockScheduler();
  scheduler.amToken = newToken;

  final LocalContainerAllocator lca =
      new StubbedLocalContainerAllocator(scheduler);
  lca.init(conf);
  lca.start();

  UserGroupInformation testUgi = UserGroupInformation.createUserForTesting(
      "someuser", new String[0]);
  testUgi.addToken(oldToken);
  testUgi.doAs(new PrivilegedExceptionAction<Void>() {
        @Override
        public Void run() throws Exception {
          lca.heartbeat();
          return null;
        }
  });
  lca.close();

  // verify there is only one AMRM token in the UGI and it matches the
  // updated token from the RM
  int tokenCount = 0;
  Token<? extends TokenIdentifier> ugiToken = null;
  for (Token<? extends TokenIdentifier> token : testUgi.getTokens()) {
    if (AMRMTokenIdentifier.KIND_NAME.equals(token.getKind())) {
      ugiToken = token;
      ++tokenCount;
    }
  }

  Assert.assertEquals("too many AMRM tokens", 1, tokenCount);
  Assert.assertArrayEquals("token identifier not updated",
      newToken.getIdentifier(), ugiToken.getIdentifier());
  Assert.assertArrayEquals("token password not updated",
      newToken.getPassword(), ugiToken.getPassword());
  Assert.assertEquals("AMRM token service not updated",
      new Text(ClientRMProxy.getAMRMTokenService(conf)),
      ugiToken.getService());
}
 
Example 10
Source Project: hadoop   File: TestRMContainerAllocator.java    License: Apache License 2.0 4 votes vote down vote up
@Test(timeout=60000)
public void testAMRMTokenUpdate() throws Exception {
  LOG.info("Running testAMRMTokenUpdate");

  final String rmAddr = "somermaddress:1234";
  final Configuration conf = new YarnConfiguration();
  conf.setLong(
    YarnConfiguration.RM_AMRM_TOKEN_MASTER_KEY_ROLLING_INTERVAL_SECS, 8);
  conf.setLong(YarnConfiguration.RM_AM_EXPIRY_INTERVAL_MS, 2000);
  conf.set(YarnConfiguration.RM_SCHEDULER_ADDRESS, rmAddr);

  final MyResourceManager rm = new MyResourceManager(conf);
  rm.start();
  AMRMTokenSecretManager secretMgr =
      rm.getRMContext().getAMRMTokenSecretManager();
  DrainDispatcher dispatcher = (DrainDispatcher) rm.getRMContext()
      .getDispatcher();

  // Submit the application
  RMApp app = rm.submitApp(1024);
  dispatcher.await();

  MockNM amNodeManager = rm.registerNode("amNM:1234", 2048);
  amNodeManager.nodeHeartbeat(true);
  dispatcher.await();

  final ApplicationAttemptId appAttemptId = app.getCurrentAppAttempt()
      .getAppAttemptId();
  final ApplicationId appId = app.getApplicationId();
  rm.sendAMLaunched(appAttemptId);
  dispatcher.await();

  JobId jobId = MRBuilderUtils.newJobId(appAttemptId.getApplicationId(), 0);
  final Job mockJob = mock(Job.class);
  when(mockJob.getReport()).thenReturn(
      MRBuilderUtils.newJobReport(jobId, "job", "user", JobState.RUNNING, 0,
          0, 0, 0, 0, 0, 0, "jobfile", null, false, ""));

  final Token<AMRMTokenIdentifier> oldToken = rm.getRMContext().getRMApps()
      .get(appId).getRMAppAttempt(appAttemptId).getAMRMToken();
  Assert.assertNotNull("app should have a token", oldToken);
  UserGroupInformation testUgi = UserGroupInformation.createUserForTesting(
      "someuser", new String[0]);
  Token<AMRMTokenIdentifier> newToken = testUgi.doAs(
      new PrivilegedExceptionAction<Token<AMRMTokenIdentifier>>() {
        @Override
        public Token<AMRMTokenIdentifier> run() throws Exception {
          MyContainerAllocator allocator = new MyContainerAllocator(rm, conf,
              appAttemptId, mockJob);

          // Keep heartbeating until RM thinks the token has been updated
          Token<AMRMTokenIdentifier> currentToken = oldToken;
          long startTime = Time.monotonicNow();
          while (currentToken == oldToken) {
            if (Time.monotonicNow() - startTime > 20000) {
              Assert.fail("Took to long to see AMRM token change");
            }
            Thread.sleep(100);
            allocator.schedule();
            currentToken = rm.getRMContext().getRMApps().get(appId)
                .getRMAppAttempt(appAttemptId).getAMRMToken();
          }

          return currentToken;
        }
      });

  // verify there is only one AMRM token in the UGI and it matches the
  // updated token from the RM
  int tokenCount = 0;
  Token<? extends TokenIdentifier> ugiToken = null;
  for (Token<? extends TokenIdentifier> token : testUgi.getTokens()) {
    if (AMRMTokenIdentifier.KIND_NAME.equals(token.getKind())) {
      ugiToken = token;
      ++tokenCount;
    }
  }

  Assert.assertEquals("too many AMRM tokens", 1, tokenCount);
  Assert.assertArrayEquals("token identifier not updated",
      newToken.getIdentifier(), ugiToken.getIdentifier());
  Assert.assertArrayEquals("token password not updated",
      newToken.getPassword(), ugiToken.getPassword());
  Assert.assertEquals("AMRM token service not updated",
      new Text(rmAddr), ugiToken.getService());
}
 
Example 11
Source Project: hadoop   File: TestMRJobs.java    License: Apache License 2.0 4 votes vote down vote up
public void testSleepJobWithSecurityOn() throws IOException,
    InterruptedException, ClassNotFoundException {

  LOG.info("\n\n\nStarting testSleepJobWithSecurityOn().");

  if (!(new File(MiniMRYarnCluster.APPJAR)).exists()) {
    return;
  }

  mrCluster.getConfig().set(
      CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
      "kerberos");
  mrCluster.getConfig().set(YarnConfiguration.RM_KEYTAB, "/etc/krb5.keytab");
  mrCluster.getConfig().set(YarnConfiguration.NM_KEYTAB, "/etc/krb5.keytab");
  mrCluster.getConfig().set(YarnConfiguration.RM_PRINCIPAL,
      "rm/[email protected]");
  mrCluster.getConfig().set(YarnConfiguration.NM_PRINCIPAL,
      "nm/[email protected]");
  UserGroupInformation.setConfiguration(mrCluster.getConfig());

  // Keep it in here instead of after RM/NM as multiple user logins happen in
  // the same JVM.
  UserGroupInformation user = UserGroupInformation.getCurrentUser();

  LOG.info("User name is " + user.getUserName());
  for (Token<? extends TokenIdentifier> str : user.getTokens()) {
    LOG.info("Token is " + str.encodeToUrlString());
  }
  user.doAs(new PrivilegedExceptionAction<Void>() {
    @Override
    public Void run() throws Exception {  
      SleepJob sleepJob = new SleepJob();
      sleepJob.setConf(mrCluster.getConfig());
      Job job = sleepJob.createJob(3, 0, 10000, 1, 0, 0);
      // //Job with reduces
      // Job job = sleepJob.createJob(3, 2, 10000, 1, 10000, 1);
      job.addFileToClassPath(APP_JAR); // The AppMaster jar itself.
      job.submit();
      String trackingUrl = job.getTrackingURL();
      String jobId = job.getJobID().toString();
      job.waitForCompletion(true);
      Assert.assertEquals(JobStatus.State.SUCCEEDED, job.getJobState());
      Assert.assertTrue("Tracking URL was " + trackingUrl +
                        " but didn't Match Job ID " + jobId ,
        trackingUrl.endsWith(jobId.substring(jobId.lastIndexOf("_")) + "/"));
      return null;
    }
  });

  // TODO later:  add explicit "isUber()" checks of some sort
}
 
Example 12
@Test
public void testAMRMTokenUpdate() throws Exception {
  Configuration conf = new Configuration();
  ApplicationAttemptId attemptId = ApplicationAttemptId.newInstance(
      ApplicationId.newInstance(1, 1), 1);
  AMRMTokenIdentifier oldTokenId = new AMRMTokenIdentifier(attemptId, 1);
  AMRMTokenIdentifier newTokenId = new AMRMTokenIdentifier(attemptId, 2);
  Token<AMRMTokenIdentifier> oldToken = new Token<AMRMTokenIdentifier>(
      oldTokenId.getBytes(), "oldpassword".getBytes(), oldTokenId.getKind(),
      new Text());
  Token<AMRMTokenIdentifier> newToken = new Token<AMRMTokenIdentifier>(
      newTokenId.getBytes(), "newpassword".getBytes(), newTokenId.getKind(),
      new Text());

  MockScheduler scheduler = new MockScheduler();
  scheduler.amToken = newToken;

  final LocalContainerAllocator lca =
      new StubbedLocalContainerAllocator(scheduler);
  lca.init(conf);
  lca.start();

  UserGroupInformation testUgi = UserGroupInformation.createUserForTesting(
      "someuser", new String[0]);
  testUgi.addToken(oldToken);
  testUgi.doAs(new PrivilegedExceptionAction<Void>() {
        @Override
        public Void run() throws Exception {
          lca.heartbeat();
          return null;
        }
  });
  lca.close();

  // verify there is only one AMRM token in the UGI and it matches the
  // updated token from the RM
  int tokenCount = 0;
  Token<? extends TokenIdentifier> ugiToken = null;
  for (Token<? extends TokenIdentifier> token : testUgi.getTokens()) {
    if (AMRMTokenIdentifier.KIND_NAME.equals(token.getKind())) {
      ugiToken = token;
      ++tokenCount;
    }
  }

  Assert.assertEquals("too many AMRM tokens", 1, tokenCount);
  Assert.assertArrayEquals("token identifier not updated",
      newToken.getIdentifier(), ugiToken.getIdentifier());
  Assert.assertArrayEquals("token password not updated",
      newToken.getPassword(), ugiToken.getPassword());
  Assert.assertEquals("AMRM token service not updated",
      new Text(ClientRMProxy.getAMRMTokenService(conf)),
      ugiToken.getService());
}
 
Example 13
Source Project: big-c   File: TestRMContainerAllocator.java    License: Apache License 2.0 4 votes vote down vote up
@Test(timeout=60000)
public void testAMRMTokenUpdate() throws Exception {
  LOG.info("Running testAMRMTokenUpdate");

  final String rmAddr = "somermaddress:1234";
  final Configuration conf = new YarnConfiguration();
  conf.setLong(
    YarnConfiguration.RM_AMRM_TOKEN_MASTER_KEY_ROLLING_INTERVAL_SECS, 8);
  conf.setLong(YarnConfiguration.RM_AM_EXPIRY_INTERVAL_MS, 2000);
  conf.set(YarnConfiguration.RM_SCHEDULER_ADDRESS, rmAddr);

  final MyResourceManager rm = new MyResourceManager(conf);
  rm.start();
  AMRMTokenSecretManager secretMgr =
      rm.getRMContext().getAMRMTokenSecretManager();
  DrainDispatcher dispatcher = (DrainDispatcher) rm.getRMContext()
      .getDispatcher();

  // Submit the application
  RMApp app = rm.submitApp(1024);
  dispatcher.await();

  MockNM amNodeManager = rm.registerNode("amNM:1234", 2048);
  amNodeManager.nodeHeartbeat(true);
  dispatcher.await();

  final ApplicationAttemptId appAttemptId = app.getCurrentAppAttempt()
      .getAppAttemptId();
  final ApplicationId appId = app.getApplicationId();
  rm.sendAMLaunched(appAttemptId);
  dispatcher.await();

  JobId jobId = MRBuilderUtils.newJobId(appAttemptId.getApplicationId(), 0);
  final Job mockJob = mock(Job.class);
  when(mockJob.getReport()).thenReturn(
      MRBuilderUtils.newJobReport(jobId, "job", "user", JobState.RUNNING, 0,
          0, 0, 0, 0, 0, 0, "jobfile", null, false, ""));

  final Token<AMRMTokenIdentifier> oldToken = rm.getRMContext().getRMApps()
      .get(appId).getRMAppAttempt(appAttemptId).getAMRMToken();
  Assert.assertNotNull("app should have a token", oldToken);
  UserGroupInformation testUgi = UserGroupInformation.createUserForTesting(
      "someuser", new String[0]);
  Token<AMRMTokenIdentifier> newToken = testUgi.doAs(
      new PrivilegedExceptionAction<Token<AMRMTokenIdentifier>>() {
        @Override
        public Token<AMRMTokenIdentifier> run() throws Exception {
          MyContainerAllocator allocator = new MyContainerAllocator(rm, conf,
              appAttemptId, mockJob);

          // Keep heartbeating until RM thinks the token has been updated
          Token<AMRMTokenIdentifier> currentToken = oldToken;
          long startTime = Time.monotonicNow();
          while (currentToken == oldToken) {
            if (Time.monotonicNow() - startTime > 20000) {
              Assert.fail("Took to long to see AMRM token change");
            }
            Thread.sleep(100);
            allocator.schedule();
            currentToken = rm.getRMContext().getRMApps().get(appId)
                .getRMAppAttempt(appAttemptId).getAMRMToken();
          }

          return currentToken;
        }
      });

  // verify there is only one AMRM token in the UGI and it matches the
  // updated token from the RM
  int tokenCount = 0;
  Token<? extends TokenIdentifier> ugiToken = null;
  for (Token<? extends TokenIdentifier> token : testUgi.getTokens()) {
    if (AMRMTokenIdentifier.KIND_NAME.equals(token.getKind())) {
      ugiToken = token;
      ++tokenCount;
    }
  }

  Assert.assertEquals("too many AMRM tokens", 1, tokenCount);
  Assert.assertArrayEquals("token identifier not updated",
      newToken.getIdentifier(), ugiToken.getIdentifier());
  Assert.assertArrayEquals("token password not updated",
      newToken.getPassword(), ugiToken.getPassword());
  Assert.assertEquals("AMRM token service not updated",
      new Text(rmAddr), ugiToken.getService());
}
 
Example 14
Source Project: big-c   File: TestMRJobs.java    License: Apache License 2.0 4 votes vote down vote up
public void testSleepJobWithSecurityOn() throws IOException,
    InterruptedException, ClassNotFoundException {

  LOG.info("\n\n\nStarting testSleepJobWithSecurityOn().");

  if (!(new File(MiniMRYarnCluster.APPJAR)).exists()) {
    return;
  }

  mrCluster.getConfig().set(
      CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
      "kerberos");
  mrCluster.getConfig().set(YarnConfiguration.RM_KEYTAB, "/etc/krb5.keytab");
  mrCluster.getConfig().set(YarnConfiguration.NM_KEYTAB, "/etc/krb5.keytab");
  mrCluster.getConfig().set(YarnConfiguration.RM_PRINCIPAL,
      "rm/[email protected]");
  mrCluster.getConfig().set(YarnConfiguration.NM_PRINCIPAL,
      "nm/[email protected]");
  UserGroupInformation.setConfiguration(mrCluster.getConfig());

  // Keep it in here instead of after RM/NM as multiple user logins happen in
  // the same JVM.
  UserGroupInformation user = UserGroupInformation.getCurrentUser();

  LOG.info("User name is " + user.getUserName());
  for (Token<? extends TokenIdentifier> str : user.getTokens()) {
    LOG.info("Token is " + str.encodeToUrlString());
  }
  user.doAs(new PrivilegedExceptionAction<Void>() {
    @Override
    public Void run() throws Exception {  
      SleepJob sleepJob = new SleepJob();
      sleepJob.setConf(mrCluster.getConfig());
      Job job = sleepJob.createJob(3, 0, 10000, 1, 0, 0);
      // //Job with reduces
      // Job job = sleepJob.createJob(3, 2, 10000, 1, 10000, 1);
      job.addFileToClassPath(APP_JAR); // The AppMaster jar itself.
      job.submit();
      String trackingUrl = job.getTrackingURL();
      String jobId = job.getJobID().toString();
      job.waitForCompletion(true);
      Assert.assertEquals(JobStatus.State.SUCCEEDED, job.getJobState());
      Assert.assertTrue("Tracking URL was " + trackingUrl +
                        " but didn't Match Job ID " + jobId ,
        trackingUrl.endsWith(jobId.substring(jobId.lastIndexOf("_")) + "/"));
      return null;
    }
  });

  // TODO later:  add explicit "isUber()" checks of some sort
}