Java Code Examples for org.apache.hadoop.security.Credentials

The following examples show how to use org.apache.hadoop.security.Credentials. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: hadoop   Source File: TestEncryptionZonesWithKMS.java    License: Apache License 2.0 6 votes vote down vote up
@Test(timeout = 120000)
public void testDelegationToken() throws Exception {
  final String renewer = "JobTracker";
  UserGroupInformation.createRemoteUser(renewer);

  Credentials creds = new Credentials();
  Token<?> tokens[] = fs.addDelegationTokens(renewer, creds);
  DistributedFileSystem.LOG.debug("Delegation tokens: " +
      Arrays.asList(tokens));
  Assert.assertEquals(2, tokens.length);
  Assert.assertEquals(2, creds.numberOfTokens());
  
  // If the dt exists, will not get again
  tokens = fs.addDelegationTokens(renewer, creds);
  Assert.assertEquals(0, tokens.length);
  Assert.assertEquals(2, creds.numberOfTokens());
}
 
Example 2
Source Project: hadoop   Source File: TokenCache.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * get delegation token for a specific FS
 * @param fs
 * @param credentials
 * @param p
 * @param conf
 * @throws IOException
 */
static void obtainTokensForNamenodesInternal(FileSystem fs, 
    Credentials credentials, Configuration conf) throws IOException {
  String delegTokenRenewer = Master.getMasterPrincipal(conf);
  if (delegTokenRenewer == null || delegTokenRenewer.length() == 0) {
    throw new IOException(
        "Can't get Master Kerberos principal for use as renewer");
  }
  mergeBinaryTokens(credentials, conf);

  final Token<?> tokens[] = fs.addDelegationTokens(delegTokenRenewer,
                                                   credentials);
  if (tokens != null) {
    for (Token<?> token : tokens) {
      LOG.info("Got dt for " + fs.getUri() + "; "+token);
    }
  }
}
 
Example 3
Source Project: big-c   Source File: TestFileSystemTokens.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testFsWithMyOwnAndChildTokens() throws Exception {
  Credentials credentials = new Credentials();
  Text service1 = new Text("singleTokenFs1");
  Text service2 = new Text("singleTokenFs2");
  Text myService = new Text("multiTokenFs");
  Token<?> token = mock(Token.class);
  credentials.addToken(service2, token);

  MockFileSystem fs1 = createFileSystemForServiceName(service1);
  MockFileSystem fs2 = createFileSystemForServiceName(service2);
  MockFileSystem multiFs = createFileSystemForServiceName(myService, fs1, fs2);
  
  multiFs.addDelegationTokens(renewer, credentials);
  verifyTokenFetch(multiFs, true); // its own token and also of its children
  verifyTokenFetch(fs1, true);
  verifyTokenFetch(fs2, false);  // we had added its token to credentials 
  
  assertEquals(3, credentials.numberOfTokens());
  assertNotNull(credentials.getToken(myService));
  assertNotNull(credentials.getToken(service1));
  assertNotNull(credentials.getToken(service2));
}
 
Example 4
Source Project: flink   Source File: HadoopInputFormatBase.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public HadoopInputSplit[] createInputSplits(int minNumSplits)
		throws IOException {
	configuration.setInt("mapreduce.input.fileinputformat.split.minsize", minNumSplits);

	JobContext jobContext = new JobContextImpl(configuration, new JobID());

	jobContext.getCredentials().addAll(this.credentials);
	Credentials currentUserCreds = getCredentialsFromUGI(UserGroupInformation.getCurrentUser());
	if (currentUserCreds != null) {
		jobContext.getCredentials().addAll(currentUserCreds);
	}

	List<org.apache.hadoop.mapreduce.InputSplit> splits;
	try {
		splits = this.mapreduceInputFormat.getSplits(jobContext);
	} catch (InterruptedException e) {
		throw new IOException("Could not get Splits.", e);
	}
	HadoopInputSplit[] hadoopInputSplits = new HadoopInputSplit[splits.size()];

	for (int i = 0; i < hadoopInputSplits.length; i++) {
		hadoopInputSplits[i] = new HadoopInputSplit(i, splits.get(i), jobContext);
	}
	return hadoopInputSplits;
}
 
Example 5
Source Project: hadoop   Source File: TestTokenCache.java    License: Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("deprecation")
@Test
public void testGetTokensForNamenodes() throws IOException,
    URISyntaxException {
  Path TEST_ROOT_DIR =
      new Path(System.getProperty("test.build.data", "test/build/data"));
  // ick, but need fq path minus file:/
  String binaryTokenFile =
      FileSystem.getLocal(conf)
        .makeQualified(new Path(TEST_ROOT_DIR, "tokenFile")).toUri()
        .getPath();

  MockFileSystem fs1 = createFileSystemForServiceName("service1");
  Credentials creds = new Credentials();
  Token<?> token1 = fs1.getDelegationToken(renewer);
  creds.addToken(token1.getService(), token1);
  // wait to set, else the obtain tokens call above will fail with FNF
  conf.set(MRJobConfig.MAPREDUCE_JOB_CREDENTIALS_BINARY, binaryTokenFile);
  creds.writeTokenStorageFile(new Path(binaryTokenFile), conf);
  TokenCache.obtainTokensForNamenodesInternal(fs1, creds, conf);
  String fs_addr = fs1.getCanonicalServiceName();
  Token<?> nnt = TokenCache.getDelegationToken(creds, fs_addr);
  assertNotNull("Token for nn is null", nnt);
}
 
Example 6
Source Project: hadoop   Source File: TestFileSystemTokens.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testFsWithDuplicateChildren() throws Exception {
  Credentials credentials = new Credentials();
  Text service = new Text("singleTokenFs1");

  MockFileSystem fs = createFileSystemForServiceName(service);
  MockFileSystem multiFs =
      createFileSystemForServiceName(null, fs, new FilterFileSystem(fs));
  
  multiFs.addDelegationTokens(renewer, credentials);
  verifyTokenFetch(multiFs, false);
  verifyTokenFetch(fs, true);
  
  assertEquals(1, credentials.numberOfTokens());
  assertNotNull(credentials.getToken(service));
}
 
Example 7
Source Project: SpyGlass   Source File: HBaseTap.java    License: Apache License 2.0 6 votes vote down vote up
private void obtainToken(JobConf conf) {
  if (User.isHBaseSecurityEnabled(conf)) {
    String user = conf.getUser();
    LOG.info("obtaining HBase token for: {}", user);
    try {
      UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
      user = currentUser.getUserName();
      Credentials credentials = conf.getCredentials();
      for (Token t : currentUser.getTokens()) {
        LOG.debug("Token {} is available", t);
        if ("HBASE_AUTH_TOKEN".equalsIgnoreCase(t.getKind().toString()))
          credentials.addToken(t.getKind(), t);
      }
    } catch (IOException e) {
      throw new TapException("Unable to obtain HBase auth token for " + user, e);
    }
  }
}
 
Example 8
Source Project: tez   Source File: TestTezClientUtils.java    License: Apache License 2.0 6 votes vote down vote up
@Test(timeout = 2000)
// this test checks if the priority field is set properly in the
// ApplicationSubmissionContext
public void testAppSubmissionContextForPriority() throws Exception {
  TezConfiguration tezConf = new TezConfiguration();
  tezConf.set(TezConfiguration.TEZ_AM_STAGING_DIR, STAGING_DIR.getAbsolutePath());
  int testpriority = 999;
  ApplicationId appId = ApplicationId.newInstance(1000, 1);
  Credentials credentials = new Credentials();
  TezClientUtils.createSessionToken(appId.toString(),
      new JobTokenSecretManager(), credentials);
  tezConf.setBoolean(TezConfiguration.TEZ_IGNORE_LIB_URIS, true);
  Map<String, LocalResource> m = new HashMap<String, LocalResource>();
  tezConf.setInt(TezConfiguration.TEZ_AM_APPLICATION_PRIORITY, testpriority);
  AMConfiguration amConf =
      new AMConfiguration(tezConf, new HashMap<String, LocalResource>(), credentials);
  ApplicationSubmissionContext appcontext;
  appcontext = TezClientUtils.createApplicationSubmissionContext(
      appId, null, "dagname",
      amConf, m,
      credentials, false,
      new TezApiVersionInfo(), null, null);
  assertEquals(testpriority, appcontext.getPriority().getPriority());
}
 
Example 9
Source Project: hadoop   Source File: MRApp.java    License: Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("rawtypes")
public TestJob(JobId jobId, ApplicationAttemptId applicationAttemptId,
    Configuration conf, EventHandler eventHandler,
    TaskAttemptListener taskAttemptListener, Clock clock,
    OutputCommitter committer, boolean newApiCommitter,
    String user, AppContext appContext,
    JobStateInternal forcedState, String diagnostic) {
  super(jobId, getApplicationAttemptId(applicationId, getStartCount()),
      conf, eventHandler, taskAttemptListener,
      new JobTokenSecretManager(), new Credentials(), clock,
      getCompletedTaskFromPreviousRun(), metrics, committer,
      newApiCommitter, user, System.currentTimeMillis(), getAllAMInfos(),
      appContext, forcedState, diagnostic);

  // This "this leak" is okay because the retained pointer is in an
  //  instance variable.
  localStateMachine = localFactory.make(this);
}
 
Example 10
Source Project: hadoop   Source File: TestRMAppTransitions.java    License: Apache License 2.0 6 votes vote down vote up
@Test (timeout = 30000)
public void testAppRecoverPath() throws IOException {
  LOG.info("--- START: testAppRecoverPath ---");
  ApplicationSubmissionContext sub =
      Records.newRecord(ApplicationSubmissionContext.class);
  ContainerLaunchContext clc =
      Records.newRecord(ContainerLaunchContext.class);
  Credentials credentials = new Credentials();
  DataOutputBuffer dob = new DataOutputBuffer();
  credentials.writeTokenStorageToStream(dob);
  ByteBuffer securityTokens =
      ByteBuffer.wrap(dob.getData(), 0, dob.getLength());
  clc.setTokens(securityTokens);
  sub.setAMContainerSpec(clc);
  testCreateAppSubmittedRecovery(sub);
}
 
Example 11
Source Project: big-c   Source File: ApplicationAttemptStateData.java    License: Apache License 2.0 6 votes vote down vote up
public static ApplicationAttemptStateData newInstance(
    ApplicationAttemptId attemptId, Container container,
    Credentials attemptTokens, long startTime, RMAppAttemptState finalState,
    String finalTrackingUrl, String diagnostics,
    FinalApplicationStatus amUnregisteredFinalStatus, int exitStatus,
    long finishTime, long memorySeconds, long vcoreSeconds) {
  ApplicationAttemptStateData attemptStateData =
      Records.newRecord(ApplicationAttemptStateData.class);
  attemptStateData.setAttemptId(attemptId);
  attemptStateData.setMasterContainer(container);
  attemptStateData.setAppAttemptTokens(attemptTokens);
  attemptStateData.setState(finalState);
  attemptStateData.setFinalTrackingUrl(finalTrackingUrl);
  attemptStateData.setDiagnostics(diagnostics == null ? "" : diagnostics);
  attemptStateData.setStartTime(startTime);
  attemptStateData.setFinalApplicationStatus(amUnregisteredFinalStatus);
  attemptStateData.setAMContainerExitStatus(exitStatus);
  attemptStateData.setFinishTime(finishTime);
  attemptStateData.setMemorySeconds(memorySeconds);
  attemptStateData.setVcoreSeconds(vcoreSeconds);
  return attemptStateData;
}
 
Example 12
Source Project: hadoop   Source File: TestDelegationTokenRemoteFetcher.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Call fetch token using http server 
 */
@Test
public void expectedTokenIsRetrievedFromHttp() throws Exception {
  bootstrap = startHttpServer(httpPort, testToken, serviceUrl);
  DelegationTokenFetcher.main(new String[] { "-webservice=" + serviceUrl,
      tokenFile });
  Path p = new Path(fileSys.getWorkingDirectory(), tokenFile);
  Credentials creds = Credentials.readTokenStorageFile(p, conf);
  Iterator<Token<?>> itr = creds.getAllTokens().iterator();
  assertTrue("token not exist error", itr.hasNext());
  Token<?> fetchedToken = itr.next();
  Assert.assertArrayEquals("token wrong identifier error",
      testToken.getIdentifier(), fetchedToken.getIdentifier());
  Assert.assertArrayEquals("token wrong password error",
      testToken.getPassword(), fetchedToken.getPassword());
  if (assertionError != null)
    throw assertionError;
}
 
Example 13
Source Project: hadoop-ozone   Source File: OzoneKMSUtil.java    License: Apache License 2.0 5 votes vote down vote up
public static URI getKeyProviderUri(UserGroupInformation ugi,
    URI namespaceUri, String kmsUriSrv, ConfigurationSource conf)
    throws IOException {
  URI keyProviderUri = null;
  Credentials credentials = ugi.getCredentials();
  Text credsKey = null;
  if (namespaceUri != null) {
    // from ugi
    credsKey = getKeyProviderMapKey(namespaceUri);
    byte[] keyProviderUriBytes = credentials.getSecretKey(credsKey);
    if (keyProviderUriBytes != null) {
      keyProviderUri = URI.create(bytes2String(keyProviderUriBytes));
    }
  }
  if (keyProviderUri == null) {
    // from client conf
    if (kmsUriSrv == null) {
      Configuration hadoopConfig =
          LegacyHadoopConfigurationSource.asHadoopConfiguration(conf);
      keyProviderUri = KMSUtil.getKeyProviderUri(
          hadoopConfig, keyProviderUriKeyName);
    } else if (!kmsUriSrv.isEmpty()) {
      // from om server
      keyProviderUri = URI.create(kmsUriSrv);
    }
  }
  // put back into UGI
  if (keyProviderUri != null && credsKey != null) {
    credentials.addSecretKey(
        credsKey, StringUtils.string2Bytes(keyProviderUri.toString()));
  }

  return keyProviderUri;
}
 
Example 14
Source Project: tez   Source File: TestTokenCache.java    License: Apache License 2.0 5 votes vote down vote up
@Test(timeout = 5000)
@SuppressWarnings("deprecation")
public void testBinaryCredentials() throws Exception {
  String binaryTokenFile = null;
  try {
    Path TEST_ROOT_DIR = new Path("target");
    binaryTokenFile = FileSystem.getLocal(conf).makeQualified(
      new Path(TEST_ROOT_DIR, "tokenFile")).toUri().getPath();

    MockFileSystem fs1 = createFileSystemForServiceName("service1");
    MockFileSystem fs2 = createFileSystemForServiceName("service2");

    // get the tokens for fs1 & fs2 and write out to binary creds file
    Credentials creds = new Credentials();
    Token<?> token1 = fs1.getDelegationToken(renewer);
    Token<?> token2 = fs2.getDelegationToken(renewer);
    creds.addToken(token1.getService(), token1);
    creds.addToken(token2.getService(), token2);
    creds.writeTokenStorageFile(new Path(binaryTokenFile), conf);


    Credentials newCreds = new Credentials();
    TokenCache.mergeBinaryTokens(newCreds, conf, binaryTokenFile);

    Assert.assertTrue(newCreds.getAllTokens().size() > 0);
    checkTokens(creds, newCreds);
  } finally {
    if (binaryTokenFile != null) {
      try {
        FileSystem.getLocal(conf).delete(new Path(binaryTokenFile));
      } catch (IOException e) {
        // Ignore
      }
    }
  }
}
 
Example 15
Source Project: sqoop-on-spark   Source File: ResourceRequest.java    License: Apache License 2.0 5 votes vote down vote up
public Token<?>[] addDelegationTokens(String strURL, String renewer,
                                      Credentials credentials) throws IOException {
  Token<?>[] tokens = null;
  Text dtService = getDelegationTokenService(strURL);
  Token<?> token = credentials.getToken(dtService);
  if (token == null) {
    URL url = new URL(strURL);
    DelegationTokenAuthenticatedURL authUrl =
            new DelegationTokenAuthenticatedURL(new ConnectionConfigurator() {
              @Override
              public HttpURLConnection configure(HttpURLConnection conn) throws IOException {
                return conn;
              }
            });
    try {
      token = authUrl.getDelegationToken(url, authToken, renewer);
      if (token != null) {
        credentials.addToken(token.getService(), token);
        tokens = new Token<?>[]{token};
      } else {
        throw new IOException("Got NULL as delegation token");
      }
    } catch (AuthenticationException ex) {
      throw new IOException(ex);
    }
  }
  return tokens;
}
 
Example 16
Source Project: big-c   Source File: TestTaskImpl.java    License: Apache License 2.0 5 votes vote down vote up
public MockTaskImpl(JobId jobId, int partition,
    EventHandler eventHandler, Path remoteJobConfFile, JobConf conf,
    TaskAttemptListener taskAttemptListener,
    Token<JobTokenIdentifier> jobToken,
    Credentials credentials, Clock clock, int startCount,
    MRAppMetrics metrics, AppContext appContext, TaskType taskType) {
  super(jobId, taskType , partition, eventHandler,
      remoteJobConfFile, conf, taskAttemptListener,
      jobToken, credentials, clock,
      startCount, metrics, appContext);
  this.taskType = taskType;
}
 
Example 17
Source Project: incubator-tez   Source File: TestTaskImpl.java    License: Apache License 2.0 5 votes vote down vote up
@Before
public void setup() {
  conf = new Configuration();
  taskAttemptListener = mock(TaskAttemptListener.class);
  taskHeartbeatHandler = mock(TaskHeartbeatHandler.class);
  credentials = new Credentials();
  clock = new SystemClock();
  locationHint = new TaskLocationHint(null, null);

  appId = ApplicationId.newInstance(System.currentTimeMillis(), 1);
  dagId = TezDAGID.getInstance(appId, 1);
  vertexId = TezVertexID.getInstance(dagId, 1);
  appContext = mock(AppContext.class, RETURNS_DEEP_STUBS);
  mockContainerId = mock(ContainerId.class);
  mockContainer = mock(Container.class);
  mockAMContainer = mock(AMContainer.class);
  mockNodeId = mock(NodeId.class);
  when(mockContainer.getId()).thenReturn(mockContainerId);
  when(mockContainer.getNodeId()).thenReturn(mockNodeId);
  when(mockAMContainer.getContainer()).thenReturn(mockContainer);
  when(appContext.getAllContainers().get(mockContainerId)).thenReturn(mockAMContainer);
  taskResource = Resource.newInstance(1024, 1);
  localResources = new HashMap<String, LocalResource>();
  environment = new HashMap<String, String>();
  javaOpts = "";
  leafVertex = false;
  containerContext = new ContainerContext(localResources, credentials,
      environment, javaOpts);
  Vertex vertex = mock(Vertex.class);
  eventHandler = new TestEventHandler();
  
  mockTask = new MockTaskImpl(vertexId, partition,
      eventHandler, conf, taskAttemptListener, clock,
      taskHeartbeatHandler, appContext, leafVertex, locationHint,
      taskResource, containerContext, vertex);
}
 
Example 18
Source Project: hadoop   Source File: ReduceTaskAttemptImpl.java    License: Apache License 2.0 5 votes vote down vote up
public ReduceTaskAttemptImpl(TaskId id, int attempt,
    EventHandler eventHandler, Path jobFile, int partition,
    int numMapTasks, JobConf conf,
    TaskAttemptListener taskAttemptListener,
    Token<JobTokenIdentifier> jobToken,
    Credentials credentials, Clock clock,
    AppContext appContext) {
  super(id, attempt, eventHandler, taskAttemptListener, jobFile, partition,
      conf, new String[] {}, jobToken, credentials, clock,
      appContext);
  this.numMapTasks = numMapTasks;
}
 
Example 19
Source Project: tez   Source File: InputSplitInfoMem.java    License: Apache License 2.0 5 votes vote down vote up
public InputSplitInfoMem(org.apache.hadoop.mapred.InputSplit[] oldSplits,
    List<TaskLocationHint> taskLocationHints, int numTasks, Credentials credentials,
    Configuration conf) {
  this.isNewSplit = false;
  this.oldFormatSplits = oldSplits;
  this.taskLocationHints = taskLocationHints;
  this.numTasks = numTasks;
  this.credentials = credentials;
  this.conf = conf;
}
 
Example 20
Source Project: tez   Source File: ContainerTask.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void readFields(DataInput in) throws IOException {
  shouldDie = in.readBoolean();
  boolean taskComing = in.readBoolean();
  if (taskComing) {
    taskSpec = new TaskSpec();
    taskSpec.readFields(in);
  }
  int numAdditionalResources = in.readInt();
  additionalResources = Maps.newHashMap();
  if (numAdditionalResources != -1) {
    for (int i = 0 ; i < numAdditionalResources ; i++) {
      String resourceName = in.readUTF();
      TezLocalResource localResource = new TezLocalResource();
      localResource.readFields(in);
      additionalResources.put(resourceName, localResource);
    }
  }
  credentialsChanged = in.readBoolean();
  if (credentialsChanged) {
    boolean hasCredentials = in.readBoolean();
    if (hasCredentials) {
      credentials = new Credentials();
      credentials.readFields(in);
    }
  }
}
 
Example 21
Source Project: hadoop   Source File: TestProtocolRecords.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testNodeHeartBeatResponse() throws IOException {
  NodeHeartbeatResponse record =
      Records.newRecord(NodeHeartbeatResponse.class);
  Map<ApplicationId, ByteBuffer> appCredentials =
      new HashMap<ApplicationId, ByteBuffer>();
  Credentials app1Cred = new Credentials();

  Token<DelegationTokenIdentifier> token1 =
      new Token<DelegationTokenIdentifier>();
  token1.setKind(new Text("kind1"));
  app1Cred.addToken(new Text("token1"), token1);
  Token<DelegationTokenIdentifier> token2 =
      new Token<DelegationTokenIdentifier>();
  token2.setKind(new Text("kind2"));
  app1Cred.addToken(new Text("token2"), token2);

  DataOutputBuffer dob = new DataOutputBuffer();
  app1Cred.writeTokenStorageToStream(dob);
  ByteBuffer byteBuffer1 = ByteBuffer.wrap(dob.getData(), 0, dob.getLength());
  appCredentials.put(ApplicationId.newInstance(1234, 1), byteBuffer1);
  record.setSystemCredentialsForApps(appCredentials);

  NodeHeartbeatResponse proto =
      new NodeHeartbeatResponsePBImpl(
        ((NodeHeartbeatResponsePBImpl) record).getProto());
  Assert.assertEquals(appCredentials, proto.getSystemCredentialsForApps());
}
 
Example 22
Source Project: incubator-tez   Source File: TestTokenCache.java    License: Apache License 2.0 5 votes vote down vote up
private void checkTokens(Credentials creds, Credentials newCreds) {
  Assert.assertEquals(creds.getAllTokens().size(),
      newCreds.getAllTokens().size());
  for (Token<?> token : newCreds.getAllTokens()) {
    Token<?> credsToken = creds.getToken(token.getService());
    Assert.assertTrue(credsToken != null);
    Assert.assertEquals(token, credsToken);
  }
}
 
Example 23
Source Project: hadoop   Source File: TokenCache.java    License: Apache License 2.0 5 votes vote down vote up
static void obtainTokensForNamenodesInternal(Credentials credentials,
    Path[] ps, Configuration conf) throws IOException {
  Set<FileSystem> fsSet = new HashSet<FileSystem>();
  for(Path p: ps) {
    fsSet.add(p.getFileSystem(conf));
  }
  for (FileSystem fs : fsSet) {
    obtainTokensForNamenodesInternal(fs, credentials, conf);
  }
}
 
Example 24
Source Project: hadoop   Source File: LogHandlerAppStartedEvent.java    License: Apache License 2.0 5 votes vote down vote up
public LogHandlerAppStartedEvent(ApplicationId appId, String user,
    Credentials credentials, ContainerLogsRetentionPolicy retentionPolicy,
    Map<ApplicationAccessType, String> appAcls,
    LogAggregationContext logAggregationContext) {
  super(LogHandlerEventType.APPLICATION_STARTED);
  this.applicationId = appId;
  this.user = user;
  this.credentials = credentials;
  this.retentionPolicy = retentionPolicy;
  this.appAcls = appAcls;
  this.logAggregationContext = logAggregationContext;
}
 
Example 25
Source Project: jstorm   Source File: JstormMasterContext.java    License: Apache License 2.0 5 votes vote down vote up
public JstormMasterContext(String user, ContainerId containerId,
                           ApplicationAttemptId applicationAttemptId,
                           long appSubmitTime, String nodeHostString,
                           Configuration yarnConfig) {
    this.user = user;
    this.containerId = containerId;
    this.attemptId = applicationAttemptId;
    this.credentials = new Credentials();
    this.submitTime = appSubmitTime;
    this.address = nodeHostString;
    this.config = yarnConfig;
}
 
Example 26
Source Project: incubator-gobblin   Source File: GobblinYarnAppLauncher.java    License: Apache License 2.0 5 votes vote down vote up
private void setupSecurityTokens(ContainerLaunchContext containerLaunchContext) throws IOException {
  Credentials credentials = UserGroupInformation.getCurrentUser().getCredentials();

  // Pass on the credentials from the hadoop token file if present.
  // The value in the token file takes precedence.
  if (System.getenv(HADOOP_TOKEN_FILE_LOCATION) != null) {
    Credentials tokenFileCredentials = Credentials.readTokenStorageFile(new File(System.getenv(HADOOP_TOKEN_FILE_LOCATION)),
        new Configuration());
    credentials.addAll(tokenFileCredentials);
  }

  String tokenRenewer = this.yarnConfiguration.get(YarnConfiguration.RM_PRINCIPAL);
  if (tokenRenewer == null || tokenRenewer.length() == 0) {
    throw new IOException("Failed to get master Kerberos principal for the RM to use as renewer");
  }

  // For now, only getting tokens for the default file-system.
  Token<?> tokens[] = this.fs.addDelegationTokens(tokenRenewer, credentials);
  if (tokens != null) {
    for (Token<?> token : tokens) {
      LOGGER.info("Got delegation token for " + this.fs.getUri() + "; " + token);
    }
  }

  Closer closer = Closer.create();
  try {
    DataOutputBuffer dataOutputBuffer = closer.register(new DataOutputBuffer());
    credentials.writeTokenStorageToStream(dataOutputBuffer);
    ByteBuffer fsTokens = ByteBuffer.wrap(dataOutputBuffer.getData(), 0, dataOutputBuffer.getLength());
    containerLaunchContext.setTokens(fsTokens);
  } catch (Throwable t) {
    throw closer.rethrow(t);
  } finally {
    closer.close();
  }
}
 
Example 27
Source Project: big-c   Source File: YarnChild.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Utility method to check if the Encrypted Spill Key needs to be set into the
 * user credentials of the user running the Map / Reduce Task
 * @param task The Map / Reduce task to set the Encrypted Spill information in
 * @throws Exception
 */
public static void setEncryptedSpillKeyIfRequired(Task task) throws
        Exception {
  if ((task != null) && (task.getEncryptedSpillKey() != null) && (task
          .getEncryptedSpillKey().length > 1)) {
    Credentials creds =
            UserGroupInformation.getCurrentUser().getCredentials();
    TokenCache.setEncryptedSpillKey(task.getEncryptedSpillKey(), creds);
    UserGroupInformation.getCurrentUser().addCredentials(creds);
  }
}
 
Example 28
Source Project: big-c   Source File: TestJobImpl.java    License: Apache License 2.0 5 votes vote down vote up
private boolean testUberDecision(Configuration conf) {
  JobID jobID = JobID.forName("job_1234567890000_0001");
  JobId jobId = TypeConverter.toYarn(jobID);
  MRAppMetrics mrAppMetrics = MRAppMetrics.create();
  JobImpl job =
      new JobImpl(jobId, ApplicationAttemptId.newInstance(
        ApplicationId.newInstance(0, 0), 0), conf, mock(EventHandler.class),
        null, new JobTokenSecretManager(), new Credentials(), null, null,
        mrAppMetrics, null, true, null, 0, null, null, null, null);
  InitTransition initTransition = getInitTransition(2);
  JobEvent mockJobEvent = mock(JobEvent.class);
  initTransition.transition(job, mockJobEvent);
  boolean isUber = job.isUber();
  return isUber;
}
 
Example 29
Source Project: twill   Source File: YarnUtils.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Encodes the given {@link Credentials} as bytes.
 */
public static ByteBuffer encodeCredentials(Credentials credentials) {
  try {
    DataOutputBuffer out = new DataOutputBuffer();
    credentials.writeTokenStorageToStream(out);
    return ByteBuffer.wrap(out.getData(), 0, out.getLength());
  } catch (IOException e) {
    // Shouldn't throw
    LOG.error("Failed to encode Credentials.", e);
    throw Throwables.propagate(e);
  }
}
 
Example 30
Source Project: tez   Source File: TokenCache.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * 
 * @return session token
 */
@SuppressWarnings("unchecked")
@InterfaceAudience.Private
public static Token<JobTokenIdentifier> getSessionToken(Credentials credentials) {
  Token<?> token = credentials.getToken(SESSION_TOKEN);
  if (token == null) {
    return null;
  }
  return (Token<JobTokenIdentifier>) token;
}