Java Code Examples for org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier

The following examples show how to use org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: big-c   Source File: RMDelegationTokenIdentifierForTest.java    License: Apache License 2.0 6 votes vote down vote up
public RMDelegationTokenIdentifierForTest(RMDelegationTokenIdentifier token,
    String message) {
  if (token.getOwner() != null) {
    setOwner(new Text(token.getOwner()));
  }
  if (token.getRenewer() != null) {
    setRenewer(new Text(token.getRenewer()));
  }
  if (token.getRealUser() != null) {
    setRealUser(new Text(token.getRealUser()));
  }
  setIssueDate(token.getIssueDate());
  setMaxDate(token.getMaxDate());
  setSequenceNumber(token.getSequenceNumber());
  setMasterKeyId(token.getMasterKeyId());
  builder.setMessage(message);
}
 
Example 2
Source Project: Bats   Source File: StramClientUtils.java    License: Apache License 2.0 6 votes vote down vote up
public void addRMDelegationToken(final String renewer, final Credentials credentials) throws IOException, YarnException
{
  // Get the ResourceManager delegation rmToken
  final org.apache.hadoop.yarn.api.records.Token rmDelegationToken = clientRM.getRMDelegationToken(new Text(renewer));

  Token<RMDelegationTokenIdentifier> token;
  // TODO: Use the utility method getRMDelegationTokenService in ClientRMProxy to remove the separate handling of
  // TODO: HA and non-HA cases when hadoop dependency is changed to hadoop 2.4 or above
  if (ConfigUtils.isRMHAEnabled(conf)) {
    LOG.info("Yarn Resource Manager HA is enabled");
    token = getRMHAToken(rmDelegationToken);
  } else {
    LOG.info("Yarn Resource Manager HA is not enabled");
    InetSocketAddress rmAddress = conf.getSocketAddr(YarnConfiguration.RM_ADDRESS,
        YarnConfiguration.DEFAULT_RM_ADDRESS,
        YarnConfiguration.DEFAULT_RM_PORT);

    token = ConverterUtils.convertFromYarn(rmDelegationToken, rmAddress);
  }

  LOG.info("RM dt {}", token);

  credentials.addToken(token.getService(), token);
}
 
Example 3
Source Project: attic-apex-core   Source File: StramClientUtils.java    License: Apache License 2.0 6 votes vote down vote up
public void addRMDelegationToken(final String renewer, final Credentials credentials) throws IOException, YarnException
{
  // Get the ResourceManager delegation rmToken
  final org.apache.hadoop.yarn.api.records.Token rmDelegationToken = clientRM.getRMDelegationToken(new Text(renewer));

  Token<RMDelegationTokenIdentifier> token;
  // TODO: Use the utility method getRMDelegationTokenService in ClientRMProxy to remove the separate handling of
  // TODO: HA and non-HA cases when hadoop dependency is changed to hadoop 2.4 or above
  if (ConfigUtils.isRMHAEnabled(conf)) {
    LOG.info("Yarn Resource Manager HA is enabled");
    token = getRMHAToken(rmDelegationToken);
  } else {
    LOG.info("Yarn Resource Manager HA is not enabled");
    InetSocketAddress rmAddress = conf.getSocketAddr(YarnConfiguration.RM_ADDRESS,
        YarnConfiguration.DEFAULT_RM_ADDRESS,
        YarnConfiguration.DEFAULT_RM_PORT);

    token = ConverterUtils.convertFromYarn(rmDelegationToken, rmAddress);
  }

  LOG.info("RM dt {}", token);

  credentials.addToken(token.getService(), token);
}
 
Example 4
Source Project: hadoop   Source File: RMDelegationTokenSecretManager.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void recover(RMState rmState) throws Exception {

  LOG.info("recovering RMDelegationTokenSecretManager.");
  // recover RMDTMasterKeys
  for (DelegationKey dtKey : rmState.getRMDTSecretManagerState()
    .getMasterKeyState()) {
    addKey(dtKey);
  }

  // recover RMDelegationTokens
  Map<RMDelegationTokenIdentifier, Long> rmDelegationTokens =
      rmState.getRMDTSecretManagerState().getTokenState();
  this.delegationTokenSequenceNumber =
      rmState.getRMDTSecretManagerState().getDTSequenceNumber();
  for (Map.Entry<RMDelegationTokenIdentifier, Long> entry : rmDelegationTokens
    .entrySet()) {
    addPersistedDelegationToken(entry.getKey(), entry.getValue());
  }
}
 
Example 5
Source Project: big-c   Source File: MemoryRMStateStore.java    License: Apache License 2.0 6 votes vote down vote up
private void storeOrUpdateRMDT(RMDelegationTokenIdentifier rmDTIdentifier,
    Long renewDate, boolean isUpdate) throws Exception {
  Map<RMDelegationTokenIdentifier, Long> rmDTState =
      state.rmSecretManagerState.getTokenState();
  if (rmDTState.containsKey(rmDTIdentifier)) {
    IOException e = new IOException("RMDelegationToken: " + rmDTIdentifier
        + "is already stored.");
    LOG.info("Error storing info for RMDelegationToken: " + rmDTIdentifier, e);
    throw e;
  }
  rmDTState.put(rmDTIdentifier, renewDate);
  if(!isUpdate) {
    state.rmSecretManagerState.dtSequenceNumber = 
        rmDTIdentifier.getSequenceNumber();
  }
  LOG.info("Store RMDT with sequence number "
           + rmDTIdentifier.getSequenceNumber());
}
 
Example 6
Source Project: hadoop   Source File: ZKRMStateStore.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected synchronized void removeRMDelegationTokenState(
    RMDelegationTokenIdentifier rmDTIdentifier) throws Exception {
  String nodeRemovePath =
      getNodePath(delegationTokensRootPath, DELEGATION_TOKEN_PREFIX
          + rmDTIdentifier.getSequenceNumber());
  if (LOG.isDebugEnabled()) {
    LOG.debug("Removing RMDelegationToken_"
        + rmDTIdentifier.getSequenceNumber());
  }
  if (existsWithRetries(nodeRemovePath, false) != null) {
    ArrayList<Op> opList = new ArrayList<Op>();
    opList.add(Op.delete(nodeRemovePath, -1));
    doDeleteMultiWithRetries(opList);
  } else {
    LOG.debug("Attempted to delete a non-existing znode " + nodeRemovePath);
  }
}
 
Example 7
Source Project: hadoop   Source File: ZKRMStateStore.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected synchronized void updateRMDelegationTokenState(
    RMDelegationTokenIdentifier rmDTIdentifier, Long renewDate)
    throws Exception {
  ArrayList<Op> opList = new ArrayList<Op>();
  String nodeRemovePath =
      getNodePath(delegationTokensRootPath, DELEGATION_TOKEN_PREFIX
          + rmDTIdentifier.getSequenceNumber());
  if (existsWithRetries(nodeRemovePath, false) == null) {
    // in case znode doesn't exist
    addStoreOrUpdateOps(opList, rmDTIdentifier, renewDate, false);
    LOG.debug("Attempted to update a non-existing znode " + nodeRemovePath);
  } else {
    // in case znode exists
    addStoreOrUpdateOps(opList, rmDTIdentifier, renewDate, true);
  }
  doStoreMultiWithRetries(opList);
}
 
Example 8
Source Project: hadoop   Source File: MemoryRMStateStore.java    License: Apache License 2.0 6 votes vote down vote up
private void storeOrUpdateRMDT(RMDelegationTokenIdentifier rmDTIdentifier,
    Long renewDate, boolean isUpdate) throws Exception {
  Map<RMDelegationTokenIdentifier, Long> rmDTState =
      state.rmSecretManagerState.getTokenState();
  if (rmDTState.containsKey(rmDTIdentifier)) {
    IOException e = new IOException("RMDelegationToken: " + rmDTIdentifier
        + "is already stored.");
    LOG.info("Error storing info for RMDelegationToken: " + rmDTIdentifier, e);
    throw e;
  }
  rmDTState.put(rmDTIdentifier, renewDate);
  if(!isUpdate) {
    state.rmSecretManagerState.dtSequenceNumber = 
        rmDTIdentifier.getSequenceNumber();
  }
  LOG.info("Store RMDT with sequence number "
           + rmDTIdentifier.getSequenceNumber());
}
 
Example 9
Source Project: attic-apex-core   Source File: StramClientUtils.java    License: Apache License 2.0 6 votes vote down vote up
private Token<RMDelegationTokenIdentifier> getRMHAToken(org.apache.hadoop.yarn.api.records.Token rmDelegationToken)
{
  // Build a list of service addresses to form the service name
  ArrayList<String> services = new ArrayList<>();
  for (String rmId : ConfigUtils.getRMHAIds(conf)) {
    LOG.info("Yarn Resource Manager id: {}", rmId);
    // Set RM_ID to get the corresponding RM_ADDRESS
    services.add(SecurityUtil.buildTokenService(getRMHAAddress(rmId)).toString());
  }
  Text rmTokenService = new Text(Joiner.on(',').join(services));

  return new Token<>(
      rmDelegationToken.getIdentifier().array(),
      rmDelegationToken.getPassword().array(),
      new Text(rmDelegationToken.getKind()),
      rmTokenService);
}
 
Example 10
Source Project: hadoop   Source File: TestRMWebServicesDelegationTokens.java    License: Apache License 2.0 6 votes vote down vote up
private void assertTokenCancelled(String encodedToken) throws Exception {
  Token<RMDelegationTokenIdentifier> realToken =
      new Token<RMDelegationTokenIdentifier>();
  realToken.decodeFromUrlString(encodedToken);
  RMDelegationTokenIdentifier ident = rm.getRMContext()
    .getRMDelegationTokenSecretManager().decodeTokenIdentifier(realToken);
  boolean exceptionCaught = false;
  try {
    rm.getRMContext().getRMDelegationTokenSecretManager()
      .verifyToken(ident, realToken.getPassword());
  } catch (InvalidToken it) {
    exceptionCaught = true;
  }
  assertTrue("InvalidToken exception not thrown", exceptionCaught);
  assertFalse(rm.getRMContext().getRMDelegationTokenSecretManager()
    .getAllTokens().containsKey(ident));
}
 
Example 11
Source Project: big-c   Source File: TestClientRMService.java    License: Apache License 2.0 6 votes vote down vote up
private void checkTokenRenewal(UserGroupInformation owner,
    UserGroupInformation renewer) throws IOException, YarnException {
  RMDelegationTokenIdentifier tokenIdentifier =
      new RMDelegationTokenIdentifier(
          new Text(owner.getUserName()), new Text(renewer.getUserName()), null);
  Token<?> token =
      new Token<RMDelegationTokenIdentifier>(tokenIdentifier, dtsm);
  org.apache.hadoop.yarn.api.records.Token dToken = BuilderUtils.newDelegationToken(
      token.getIdentifier(), token.getKind().toString(),
      token.getPassword(), token.getService().toString());
  RenewDelegationTokenRequest request =
      Records.newRecord(RenewDelegationTokenRequest.class);
  request.setDelegationToken(dToken);

  RMContext rmContext = mock(RMContext.class);
  ClientRMService rmService = new ClientRMService(
      rmContext, null, null, null, null, dtsm);
  rmService.renewDelegationToken(request);
}
 
Example 12
Source Project: big-c   Source File: TestClientRMService.java    License: Apache License 2.0 6 votes vote down vote up
private void checkTokenCancellation(ClientRMService rmService,
    UserGroupInformation owner, UserGroupInformation renewer)
    throws IOException, YarnException {
  RMDelegationTokenIdentifier tokenIdentifier =
      new RMDelegationTokenIdentifier(new Text(owner.getUserName()),
        new Text(renewer.getUserName()), null);
  Token<?> token =
      new Token<RMDelegationTokenIdentifier>(tokenIdentifier, dtsm);
  org.apache.hadoop.yarn.api.records.Token dToken =
      BuilderUtils.newDelegationToken(token.getIdentifier(), token.getKind()
        .toString(), token.getPassword(), token.getService().toString());
  CancelDelegationTokenRequest request =
      Records.newRecord(CancelDelegationTokenRequest.class);
  request.setDelegationToken(dToken);
  rmService.cancelDelegationToken(request);
}
 
Example 13
Source Project: big-c   Source File: RMDelegationTokenSecretManager.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void recover(RMState rmState) throws Exception {

  LOG.info("recovering RMDelegationTokenSecretManager.");
  // recover RMDTMasterKeys
  for (DelegationKey dtKey : rmState.getRMDTSecretManagerState()
    .getMasterKeyState()) {
    addKey(dtKey);
  }

  // recover RMDelegationTokens
  Map<RMDelegationTokenIdentifier, Long> rmDelegationTokens =
      rmState.getRMDTSecretManagerState().getTokenState();
  this.delegationTokenSequenceNumber =
      rmState.getRMDTSecretManagerState().getDTSequenceNumber();
  for (Map.Entry<RMDelegationTokenIdentifier, Long> entry : rmDelegationTokens
    .entrySet()) {
    addPersistedDelegationToken(entry.getKey(), entry.getValue());
  }
}
 
Example 14
Source Project: big-c   Source File: ClientRMService.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public RenewDelegationTokenResponse renewDelegationToken(
    RenewDelegationTokenRequest request) throws YarnException {
  try {
    if (!isAllowedDelegationTokenOp()) {
      throw new IOException(
          "Delegation Token can be renewed only with kerberos authentication");
    }
    
    org.apache.hadoop.yarn.api.records.Token protoToken = request.getDelegationToken();
    Token<RMDelegationTokenIdentifier> token = new Token<RMDelegationTokenIdentifier>(
        protoToken.getIdentifier().array(), protoToken.getPassword().array(),
        new Text(protoToken.getKind()), new Text(protoToken.getService()));

    String user = getRenewerForToken(token);
    long nextExpTime = rmDTSecretManager.renewToken(token, user);
    RenewDelegationTokenResponse renewResponse = Records
        .newRecord(RenewDelegationTokenResponse.class);
    renewResponse.setNextExpirationTime(nextExpTime);
    return renewResponse;
  } catch (IOException e) {
    throw RPCUtil.getRemoteException(e);
  }
}
 
Example 15
Source Project: big-c   Source File: ClientRMService.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public CancelDelegationTokenResponse cancelDelegationToken(
    CancelDelegationTokenRequest request) throws YarnException {
  try {
    if (!isAllowedDelegationTokenOp()) {
      throw new IOException(
          "Delegation Token can be cancelled only with kerberos authentication");
    }
    org.apache.hadoop.yarn.api.records.Token protoToken = request.getDelegationToken();
    Token<RMDelegationTokenIdentifier> token = new Token<RMDelegationTokenIdentifier>(
        protoToken.getIdentifier().array(), protoToken.getPassword().array(),
        new Text(protoToken.getKind()), new Text(protoToken.getService()));

    String user = UserGroupInformation.getCurrentUser().getUserName();
    rmDTSecretManager.cancelToken(token, user);
    return Records.newRecord(CancelDelegationTokenResponse.class);
  } catch (IOException e) {
    throw RPCUtil.getRemoteException(e);
  }
}
 
Example 16
Source Project: hadoop   Source File: RMDelegationTokenSecretManager.java    License: Apache License 2.0 5 votes vote down vote up
@Private
@VisibleForTesting
public synchronized Map<RMDelegationTokenIdentifier, Long> getAllTokens() {
  Map<RMDelegationTokenIdentifier, Long> allTokens =
      new HashMap<RMDelegationTokenIdentifier, Long>();

  for (Map.Entry<RMDelegationTokenIdentifier,
      DelegationTokenInformation> entry : currentTokens.entrySet()) {
    allTokens.put(entry.getKey(), entry.getValue().getRenewDate());
  }
  return allTokens;
}
 
Example 17
Source Project: hadoop   Source File: RMDelegationTokenSecretManager.java    License: Apache License 2.0 5 votes vote down vote up
public long getRenewDate(RMDelegationTokenIdentifier ident)
    throws InvalidToken {
  DelegationTokenInformation info = currentTokens.get(ident);
  if (info == null) {
    throw new InvalidToken("token (" + ident.toString()
        + ") can't be found in cache");
  }
  return info.getRenewDate();
}
 
Example 18
Source Project: hadoop   Source File: RMWebServices.java    License: Apache License 2.0 5 votes vote down vote up
private Response createDelegationToken(DelegationToken tokenData,
    HttpServletRequest hsr, UserGroupInformation callerUGI)
    throws AuthorizationException, IOException, InterruptedException,
    Exception {

  final String renewer = tokenData.getRenewer();
  GetDelegationTokenResponse resp;
  try {
    resp =
        callerUGI
          .doAs(new PrivilegedExceptionAction<GetDelegationTokenResponse>() {
            @Override
            public GetDelegationTokenResponse run() throws IOException,
                YarnException {
              GetDelegationTokenRequest createReq =
                  GetDelegationTokenRequest.newInstance(renewer);
              return rm.getClientRMService().getDelegationToken(createReq);
            }
          });
  } catch (Exception e) {
    LOG.info("Create delegation token request failed", e);
    throw e;
  }

  Token<RMDelegationTokenIdentifier> tk =
      new Token<RMDelegationTokenIdentifier>(resp.getRMDelegationToken()
        .getIdentifier().array(), resp.getRMDelegationToken().getPassword()
        .array(), new Text(resp.getRMDelegationToken().getKind()), new Text(
        resp.getRMDelegationToken().getService()));
  RMDelegationTokenIdentifier identifier = tk.decodeIdentifier();
  long currentExpiration =
      rm.getRMContext().getRMDelegationTokenSecretManager()
        .getRenewDate(identifier);
  DelegationToken respToken =
      new DelegationToken(tk.encodeToUrlString(), renewer, identifier
        .getOwner().toString(), tk.getKind().toString(), currentExpiration,
        identifier.getMaxDate());
  return Response.status(Status.OK).entity(respToken).build();
}
 
Example 19
Source Project: hadoop   Source File: RMWebServices.java    License: Apache License 2.0 5 votes vote down vote up
private Token<RMDelegationTokenIdentifier> extractToken(
    HttpServletRequest request) {
  String encodedToken = request.getHeader(DELEGATION_TOKEN_HEADER);
  if (encodedToken == null) {
    String msg =
        "Header '" + DELEGATION_TOKEN_HEADER
            + "' containing encoded token not found";
    throw new BadRequestException(msg);
  }
  return extractToken(encodedToken);
}
 
Example 20
Source Project: hadoop   Source File: RMWebServices.java    License: Apache License 2.0 5 votes vote down vote up
private Token<RMDelegationTokenIdentifier> extractToken(String encodedToken) {
  Token<RMDelegationTokenIdentifier> token =
      new Token<RMDelegationTokenIdentifier>();
  try {
    token.decodeFromUrlString(encodedToken);
  } catch (Exception ie) {
    String msg = "Could not decode encoded token";
    throw new BadRequestException(msg);
  }
  return token;
}
 
Example 21
Source Project: big-c   Source File: ClientRMService.java    License: Apache License 2.0 5 votes vote down vote up
private String getRenewerForToken(Token<RMDelegationTokenIdentifier> token)
    throws IOException {
  UserGroupInformation user = UserGroupInformation.getCurrentUser();
  UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
  // we can always renew our own tokens
  return loginUser.getUserName().equals(user.getUserName())
      ? token.decodeIdentifier().getRenewer().toString()
      : user.getShortUserName();
}
 
Example 22
Source Project: hadoop   Source File: LeveldbRMStateStore.java    License: Apache License 2.0 5 votes vote down vote up
private void storeOrUpdateRMDT(RMDelegationTokenIdentifier tokenId,
    Long renewDate, boolean isUpdate) throws IOException {
  String tokenKey = getRMDTTokenNodeKey(tokenId);
  RMDelegationTokenIdentifierData tokenData =
      new RMDelegationTokenIdentifierData(tokenId, renewDate);
  if (LOG.isDebugEnabled()) {
    LOG.debug("Storing token to " + tokenKey);
  }
  try {
    WriteBatch batch = db.createWriteBatch();
    try {
      batch.put(bytes(tokenKey), tokenData.toByteArray());
      if(!isUpdate) {
        ByteArrayOutputStream bs = new ByteArrayOutputStream();
        try (DataOutputStream ds = new DataOutputStream(bs)) {
          ds.writeInt(tokenId.getSequenceNumber());
        }
        if (LOG.isDebugEnabled()) {
          LOG.debug("Storing " + tokenId.getSequenceNumber() + " to "
              + RM_DT_SEQUENCE_NUMBER_KEY);   
        }
        batch.put(bytes(RM_DT_SEQUENCE_NUMBER_KEY), bs.toByteArray());
      }
      db.write(batch);
    } finally {
      batch.close();
    }
  } catch (DBException e) {
    throw new IOException(e);
  }
}
 
Example 23
Source Project: hadoop   Source File: ZKRMStateStore.java    License: Apache License 2.0 5 votes vote down vote up
private void addStoreOrUpdateOps(ArrayList<Op> opList,
    RMDelegationTokenIdentifier rmDTIdentifier, Long renewDate,
    boolean isUpdate) throws Exception {
  // store RM delegation token
  String nodeCreatePath =
      getNodePath(delegationTokensRootPath, DELEGATION_TOKEN_PREFIX
          + rmDTIdentifier.getSequenceNumber());
  ByteArrayOutputStream seqOs = new ByteArrayOutputStream();
  DataOutputStream seqOut = new DataOutputStream(seqOs);
  RMDelegationTokenIdentifierData identifierData =
      new RMDelegationTokenIdentifierData(rmDTIdentifier, renewDate);
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug((isUpdate ? "Storing " : "Updating ") + "RMDelegationToken_" +
          rmDTIdentifier.getSequenceNumber());
    }

    if (isUpdate) {
      opList.add(Op.setData(nodeCreatePath, identifierData.toByteArray(), -1));
    } else {
      opList.add(Op.create(nodeCreatePath, identifierData.toByteArray(), zkAcl,
          CreateMode.PERSISTENT));
      // Update Sequence number only while storing DT
      seqOut.writeInt(rmDTIdentifier.getSequenceNumber());
      if (LOG.isDebugEnabled()) {
        LOG.debug((isUpdate ? "Storing " : "Updating ") +
                  dtSequenceNumberPath + ". SequenceNumber: "
                  + rmDTIdentifier.getSequenceNumber());
      }
      opList.add(Op.setData(dtSequenceNumberPath, seqOs.toByteArray(), -1));
    }
  } finally {
    seqOs.close();
  }
}
 
Example 24
Source Project: hadoop   Source File: MemoryRMStateStore.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public synchronized void removeRMDelegationTokenState(
    RMDelegationTokenIdentifier rmDTIdentifier) throws Exception{
  Map<RMDelegationTokenIdentifier, Long> rmDTState =
      state.rmSecretManagerState.getTokenState();
  rmDTState.remove(rmDTIdentifier);
  LOG.info("Remove RMDT with sequence number "
      + rmDTIdentifier.getSequenceNumber());
}
 
Example 25
Source Project: hadoop   Source File: MemoryRMStateStore.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected synchronized void updateRMDelegationTokenState(
    RMDelegationTokenIdentifier rmDTIdentifier, Long renewDate)
    throws Exception {
  removeRMDelegationTokenState(rmDTIdentifier);
  storeOrUpdateRMDT(rmDTIdentifier, renewDate, true);
  LOG.info("Update RMDT with sequence number "
      + rmDTIdentifier.getSequenceNumber());
}
 
Example 26
Source Project: big-c   Source File: TestRMWebServicesDelegationTokens.java    License: Apache License 2.0 5 votes vote down vote up
private void verifyKerberosAuthCreate(String mType, String cType,
    String reqBody, String renUser) throws Exception {
  final String mediaType = mType;
  final String contentType = cType;
  final String body = reqBody;
  final String renewer = renUser;
  KerberosTestUtils.doAsClient(new Callable<Void>() {
    @Override
    public Void call() throws Exception {
      ClientResponse response =
          resource().path("ws").path("v1").path("cluster")
            .path("delegation-token").accept(contentType)
            .entity(body, mediaType).post(ClientResponse.class);
      assertEquals(Status.OK, response.getClientResponseStatus());
      DelegationToken tok = getDelegationTokenFromResponse(response);
      assertFalse(tok.getToken().isEmpty());
      Token<RMDelegationTokenIdentifier> token =
          new Token<RMDelegationTokenIdentifier>();
      token.decodeFromUrlString(tok.getToken());
      assertEquals(renewer, token.decodeIdentifier().getRenewer().toString());
      assertValidRMToken(tok.getToken());
      DelegationToken dtoken = new DelegationToken();
      response =
          resource().path("ws").path("v1").path("cluster")
            .path("delegation-token").accept(contentType)
            .entity(dtoken, mediaType).post(ClientResponse.class);
      assertEquals(Status.OK, response.getClientResponseStatus());
      tok = getDelegationTokenFromResponse(response);
      assertFalse(tok.getToken().isEmpty());
      token = new Token<RMDelegationTokenIdentifier>();
      token.decodeFromUrlString(tok.getToken());
      assertEquals("", token.decodeIdentifier().getRenewer().toString());
      assertValidRMToken(tok.getToken());
      return null;
    }
  });
}
 
Example 27
Source Project: big-c   Source File: ZKRMStateStore.java    License: Apache License 2.0 5 votes vote down vote up
private void addStoreOrUpdateOps(ArrayList<Op> opList,
    RMDelegationTokenIdentifier rmDTIdentifier, Long renewDate,
    boolean isUpdate) throws Exception {
  // store RM delegation token
  String nodeCreatePath =
      getNodePath(delegationTokensRootPath, DELEGATION_TOKEN_PREFIX
          + rmDTIdentifier.getSequenceNumber());
  ByteArrayOutputStream seqOs = new ByteArrayOutputStream();
  DataOutputStream seqOut = new DataOutputStream(seqOs);
  RMDelegationTokenIdentifierData identifierData =
      new RMDelegationTokenIdentifierData(rmDTIdentifier, renewDate);
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug((isUpdate ? "Storing " : "Updating ") + "RMDelegationToken_" +
          rmDTIdentifier.getSequenceNumber());
    }

    if (isUpdate) {
      opList.add(Op.setData(nodeCreatePath, identifierData.toByteArray(), -1));
    } else {
      opList.add(Op.create(nodeCreatePath, identifierData.toByteArray(), zkAcl,
          CreateMode.PERSISTENT));
      // Update Sequence number only while storing DT
      seqOut.writeInt(rmDTIdentifier.getSequenceNumber());
      if (LOG.isDebugEnabled()) {
        LOG.debug((isUpdate ? "Storing " : "Updating ") +
                  dtSequenceNumberPath + ". SequenceNumber: "
                  + rmDTIdentifier.getSequenceNumber());
      }
      opList.add(Op.setData(dtSequenceNumberPath, seqOs.toByteArray(), -1));
    }
  } finally {
    seqOs.close();
  }
}
 
Example 28
Source Project: hadoop   Source File: FileSystemRMStateStore.java    License: Apache License 2.0 5 votes vote down vote up
private void storeOrUpdateRMDelegationTokenState(
    RMDelegationTokenIdentifier identifier, Long renewDate,
    boolean isUpdate) throws Exception {
  Path nodeCreatePath =
      getNodePath(rmDTSecretManagerRoot,
        DELEGATION_TOKEN_PREFIX + identifier.getSequenceNumber());
  RMDelegationTokenIdentifierData identifierData =
      new RMDelegationTokenIdentifierData(identifier, renewDate);
  if (isUpdate) {
    LOG.info("Updating RMDelegationToken_" + identifier.getSequenceNumber());
    updateFile(nodeCreatePath, identifierData.toByteArray(), true);
  } else {
    LOG.info("Storing RMDelegationToken_" + identifier.getSequenceNumber());
    writeFileWithRetries(nodeCreatePath, identifierData.toByteArray(), true);

    // store sequence number
    Path latestSequenceNumberPath = getNodePath(rmDTSecretManagerRoot,
          DELEGATION_TOKEN_SEQUENCE_NUMBER_PREFIX
          + identifier.getSequenceNumber());
    LOG.info("Storing " + DELEGATION_TOKEN_SEQUENCE_NUMBER_PREFIX
        + identifier.getSequenceNumber());
    if (dtSequenceNumberPath == null) {
      if (!createFileWithRetries(latestSequenceNumberPath)) {
        throw new Exception("Failed to create " + latestSequenceNumberPath);
      }
    } else {
      if (!renameFileWithRetries(dtSequenceNumberPath,
          latestSequenceNumberPath)) {
        throw new Exception("Failed to rename " + dtSequenceNumberPath);
      }
    }
    dtSequenceNumberPath = latestSequenceNumberPath;
  }
}
 
Example 29
Source Project: hadoop   Source File: RMDelegationTokenIdentifierData.java    License: Apache License 2.0 5 votes vote down vote up
public RMDelegationTokenIdentifier getTokenIdentifier() throws IOException {
  ByteArrayInputStream in =
      new ByteArrayInputStream(builder.getTokenIdentifier().toByteArray());
  RMDelegationTokenIdentifier identifer = new RMDelegationTokenIdentifier();
  identifer.readFields(new DataInputStream(in));
  return identifer;
}
 
Example 30
Source Project: hadoop   Source File: TestRMWebServicesDelegationTokens.java    License: Apache License 2.0 5 votes vote down vote up
private void verifyKerberosAuthCreate(String mType, String cType,
    String reqBody, String renUser) throws Exception {
  final String mediaType = mType;
  final String contentType = cType;
  final String body = reqBody;
  final String renewer = renUser;
  KerberosTestUtils.doAsClient(new Callable<Void>() {
    @Override
    public Void call() throws Exception {
      ClientResponse response =
          resource().path("ws").path("v1").path("cluster")
            .path("delegation-token").accept(contentType)
            .entity(body, mediaType).post(ClientResponse.class);
      assertEquals(Status.OK, response.getClientResponseStatus());
      DelegationToken tok = getDelegationTokenFromResponse(response);
      assertFalse(tok.getToken().isEmpty());
      Token<RMDelegationTokenIdentifier> token =
          new Token<RMDelegationTokenIdentifier>();
      token.decodeFromUrlString(tok.getToken());
      assertEquals(renewer, token.decodeIdentifier().getRenewer().toString());
      assertValidRMToken(tok.getToken());
      DelegationToken dtoken = new DelegationToken();
      response =
          resource().path("ws").path("v1").path("cluster")
            .path("delegation-token").accept(contentType)
            .entity(dtoken, mediaType).post(ClientResponse.class);
      assertEquals(Status.OK, response.getClientResponseStatus());
      tok = getDelegationTokenFromResponse(response);
      assertFalse(tok.getToken().isEmpty());
      token = new Token<RMDelegationTokenIdentifier>();
      token.decodeFromUrlString(tok.getToken());
      assertEquals("", token.decodeIdentifier().getRenewer().toString());
      assertValidRMToken(tok.getToken());
      return null;
    }
  });
}