org.apache.hadoop.yarn.security.client.ClientToAMTokenIdentifier Java Examples

The following examples show how to use org.apache.hadoop.yarn.security.client.ClientToAMTokenIdentifier. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: TestClientToAMTokens.java    From big-c with Apache License 2.0 6 votes vote down vote up
private void verifyNewVersionToken(final Configuration conf, final CustomAM am,
    Token<ClientToAMTokenIdentifier> token, MockRM rm) throws IOException,
    InterruptedException {
  UserGroupInformation ugi;
  ugi = UserGroupInformation.createRemoteUser("me");
  
  Token<ClientToAMTokenIdentifier> newToken = 
      new Token<ClientToAMTokenIdentifier>(
          new ClientToAMTokenIdentifierForTest(token.decodeIdentifier(), "message"),
          am.getClientToAMTokenSecretManager());
  newToken.setService(token.getService());
  
  ugi.addToken(newToken);

  ugi.doAs(new PrivilegedExceptionAction<Void>() {
    @Override
    public Void run() throws Exception {
      CustomProtocol client =
          (CustomProtocol) RPC.getProxy(CustomProtocol.class, 1L, am.address,
            conf);
      client.ping();
      Assert.assertTrue(am.pinged);
      return null;
    }
  });
}
 
Example #2
Source File: RMAppAttemptImpl.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Override
public Token<ClientToAMTokenIdentifier> createClientToken(String client) {
  this.readLock.lock();

  try {
    Token<ClientToAMTokenIdentifier> token = null;
    ClientToAMTokenSecretManagerInRM secretMgr =
        this.rmContext.getClientToAMTokenSecretManager();
    if (client != null &&
        secretMgr.getMasterKey(this.applicationAttemptId) != null) {
      token = new Token<ClientToAMTokenIdentifier>(
          new ClientToAMTokenIdentifier(this.applicationAttemptId, client),
          secretMgr);
    }
    return token;
  } finally {
    this.readLock.unlock();
  }
}
 
Example #3
Source File: TestClientToAMTokens.java    From big-c with Apache License 2.0 6 votes vote down vote up
private void verifyValidToken(final Configuration conf, final CustomAM am,
    Token<ClientToAMTokenIdentifier> token) throws IOException,
    InterruptedException {
  UserGroupInformation ugi;
  ugi = UserGroupInformation.createRemoteUser("me");
  ugi.addToken(token);

  ugi.doAs(new PrivilegedExceptionAction<Void>() {
    @Override
    public Void run() throws Exception {
      CustomProtocol client =
          (CustomProtocol) RPC.getProxy(CustomProtocol.class, 1L, am.address,
            conf);
      client.ping();
      Assert.assertTrue(am.pinged);
      return null;
    }
  });
}
 
Example #4
Source File: TestClientToAMTokens.java    From hadoop with Apache License 2.0 6 votes vote down vote up
private void verifyNewVersionToken(final Configuration conf, final CustomAM am,
    Token<ClientToAMTokenIdentifier> token, MockRM rm) throws IOException,
    InterruptedException {
  UserGroupInformation ugi;
  ugi = UserGroupInformation.createRemoteUser("me");
  
  Token<ClientToAMTokenIdentifier> newToken = 
      new Token<ClientToAMTokenIdentifier>(
          new ClientToAMTokenIdentifierForTest(token.decodeIdentifier(), "message"),
          am.getClientToAMTokenSecretManager());
  newToken.setService(token.getService());
  
  ugi.addToken(newToken);

  ugi.doAs(new PrivilegedExceptionAction<Void>() {
    @Override
    public Void run() throws Exception {
      CustomProtocol client =
          (CustomProtocol) RPC.getProxy(CustomProtocol.class, 1L, am.address,
            conf);
      client.ping();
      Assert.assertTrue(am.pinged);
      return null;
    }
  });
}
 
Example #5
Source File: TestClientToAMTokens.java    From hadoop with Apache License 2.0 6 votes vote down vote up
private void verifyValidToken(final Configuration conf, final CustomAM am,
    Token<ClientToAMTokenIdentifier> token) throws IOException,
    InterruptedException {
  UserGroupInformation ugi;
  ugi = UserGroupInformation.createRemoteUser("me");
  ugi.addToken(token);

  ugi.doAs(new PrivilegedExceptionAction<Void>() {
    @Override
    public Void run() throws Exception {
      CustomProtocol client =
          (CustomProtocol) RPC.getProxy(CustomProtocol.class, 1L, am.address,
            conf);
      client.ping();
      Assert.assertTrue(am.pinged);
      return null;
    }
  });
}
 
Example #6
Source File: RMAppAttemptImpl.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Override
public Token<ClientToAMTokenIdentifier> createClientToken(String client) {
  this.readLock.lock();

  try {
    Token<ClientToAMTokenIdentifier> token = null;
    ClientToAMTokenSecretManagerInRM secretMgr =
        this.rmContext.getClientToAMTokenSecretManager();
    if (client != null &&
        secretMgr.getMasterKey(this.applicationAttemptId) != null) {
      token = new Token<ClientToAMTokenIdentifier>(
          new ClientToAMTokenIdentifier(this.applicationAttemptId, client),
          secretMgr);
    }
    return token;
  } finally {
    this.readLock.unlock();
  }
}
 
Example #7
Source File: ClientToAMTokenIdentifierForTest.java    From hadoop with Apache License 2.0 5 votes vote down vote up
public ClientToAMTokenIdentifierForTest(
    ClientToAMTokenIdentifier tokenIdentifier, String message) {
  ClientToAMTokenIdentifierForTestProto.Builder builder = 
      ClientToAMTokenIdentifierForTestProto.newBuilder();
  builder.setAppAttemptId(tokenIdentifier.getProto().getAppAttemptId());
  builder.setClientName(tokenIdentifier.getProto().getClientName());
  builder.setMessage(message);
  proto = builder.build();
}
 
Example #8
Source File: TestClientToAMTokens.java    From big-c with Apache License 2.0 5 votes vote down vote up
private void verifyTokenWithTamperedUserName(final Configuration conf,
    final CustomAM am, Token<ClientToAMTokenIdentifier> token)
    throws IOException {
  // Malicious user, messes with appId
  UserGroupInformation ugi = UserGroupInformation.createRemoteUser("me");
  ClientToAMTokenIdentifier maliciousID =
      new ClientToAMTokenIdentifier(am.appAttemptId, "evilOrc");

  verifyTamperedToken(conf, am, token, ugi, maliciousID);
}
 
Example #9
Source File: TestClientToAMTokens.java    From big-c with Apache License 2.0 5 votes vote down vote up
private void verifyTokenWithTamperedID(final Configuration conf,
    final CustomAM am, Token<ClientToAMTokenIdentifier> token)
    throws IOException {
  // Malicious user, messes with appId
  UserGroupInformation ugi = UserGroupInformation.createRemoteUser("me");
  ClientToAMTokenIdentifier maliciousID =
      new ClientToAMTokenIdentifier(BuilderUtils.newApplicationAttemptId(
        BuilderUtils.newApplicationId(am.appAttemptId.getApplicationId()
          .getClusterTimestamp(), 42), 43), UserGroupInformation
        .getCurrentUser().getShortUserName());

  verifyTamperedToken(conf, am, token, ugi, maliciousID);
}
 
Example #10
Source File: ClientToAMTokenIdentifierForTest.java    From big-c with Apache License 2.0 5 votes vote down vote up
public ClientToAMTokenIdentifierForTest(
    ClientToAMTokenIdentifier tokenIdentifier, String message) {
  ClientToAMTokenIdentifierForTestProto.Builder builder = 
      ClientToAMTokenIdentifierForTestProto.newBuilder();
  builder.setAppAttemptId(tokenIdentifier.getProto().getAppAttemptId());
  builder.setClientName(tokenIdentifier.getProto().getClientName());
  builder.setMessage(message);
  proto = builder.build();
}
 
Example #11
Source File: TestYARNTokenIdentifier.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test
public void testClientToAMTokenIdentifier() throws IOException {
  ApplicationAttemptId appAttemptId = ApplicationAttemptId.newInstance(
      ApplicationId.newInstance(1, 1), 1);
  
  String clientName = "user";

  ClientToAMTokenIdentifier token = new ClientToAMTokenIdentifier(
      appAttemptId, clientName);
  
  ClientToAMTokenIdentifier anotherToken = new ClientToAMTokenIdentifier();
  
  byte[] tokenContent = token.getBytes();
  DataInputBuffer dib = new DataInputBuffer();
  dib.reset(tokenContent, tokenContent.length);
  anotherToken.readFields(dib);
      
  // verify the whole record equals with original record
  Assert.assertEquals("Token is not the same after serialization " +
      "and deserialization.", token, anotherToken);
      
  Assert.assertEquals("ApplicationAttemptId from proto is not the same with original token",
      anotherToken.getApplicationAttemptID(), appAttemptId);
  
  Assert.assertEquals("clientName from proto is not the same with original token",
      anotherToken.getClientName(), clientName);
}
 
Example #12
Source File: TestYARNTokenIdentifier.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testClientToAMTokenIdentifier() throws IOException {
  ApplicationAttemptId appAttemptId = ApplicationAttemptId.newInstance(
      ApplicationId.newInstance(1, 1), 1);
  
  String clientName = "user";

  ClientToAMTokenIdentifier token = new ClientToAMTokenIdentifier(
      appAttemptId, clientName);
  
  ClientToAMTokenIdentifier anotherToken = new ClientToAMTokenIdentifier();
  
  byte[] tokenContent = token.getBytes();
  DataInputBuffer dib = new DataInputBuffer();
  dib.reset(tokenContent, tokenContent.length);
  anotherToken.readFields(dib);
      
  // verify the whole record equals with original record
  Assert.assertEquals("Token is not the same after serialization " +
      "and deserialization.", token, anotherToken);
      
  Assert.assertEquals("ApplicationAttemptId from proto is not the same with original token",
      anotherToken.getApplicationAttemptID(), appAttemptId);
  
  Assert.assertEquals("clientName from proto is not the same with original token",
      anotherToken.getClientName(), clientName);
}
 
Example #13
Source File: TestRMAppAttemptTransitions.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test
public void testGetClientToken() throws Exception {
  assumeTrue(isSecurityEnabled);
  Container amContainer = allocateApplicationAttempt();

  // before attempt is launched, can not get ClientToken
  Token<ClientToAMTokenIdentifier> token =
      applicationAttempt.createClientToken(null);
  Assert.assertNull(token);
  token = applicationAttempt.createClientToken("clientuser");
  Assert.assertNull(token);

  launchApplicationAttempt(amContainer);
  // after attempt is launched , can get ClientToken
  token = applicationAttempt.createClientToken(null);
  Assert.assertNull(token);
  token = applicationAttempt.createClientToken("clientuser");
  Assert.assertNotNull(token);

  applicationAttempt.handle(new RMAppAttemptEvent(applicationAttempt
    .getAppAttemptId(), RMAppAttemptEventType.KILL));
  assertEquals(YarnApplicationAttemptState.LAUNCHED,
      applicationAttempt.createApplicationAttemptState());
  sendAttemptUpdateSavedEvent(applicationAttempt);
  // after attempt is killed, can not get Client Token
  token = applicationAttempt.createClientToken(null);
  Assert.assertNull(token);
  token = applicationAttempt.createClientToken("clientuser");
  Assert.assertNull(token);
}
 
Example #14
Source File: TestRMAppAttemptTransitions.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testGetClientToken() throws Exception {
  assumeTrue(isSecurityEnabled);
  Container amContainer = allocateApplicationAttempt();

  // before attempt is launched, can not get ClientToken
  Token<ClientToAMTokenIdentifier> token =
      applicationAttempt.createClientToken(null);
  Assert.assertNull(token);
  token = applicationAttempt.createClientToken("clientuser");
  Assert.assertNull(token);

  launchApplicationAttempt(amContainer);
  // after attempt is launched , can get ClientToken
  token = applicationAttempt.createClientToken(null);
  Assert.assertNull(token);
  token = applicationAttempt.createClientToken("clientuser");
  Assert.assertNotNull(token);

  applicationAttempt.handle(new RMAppAttemptEvent(applicationAttempt
    .getAppAttemptId(), RMAppAttemptEventType.KILL));
  assertEquals(YarnApplicationAttemptState.LAUNCHED,
      applicationAttempt.createApplicationAttemptState());
  sendAttemptUpdateSavedEvent(applicationAttempt);
  // after attempt is killed, can not get Client Token
  token = applicationAttempt.createClientToken(null);
  Assert.assertNull(token);
  token = applicationAttempt.createClientToken("clientuser");
  Assert.assertNull(token);
}
 
Example #15
Source File: TestClientToAMTokens.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private void verifyTokenWithTamperedUserName(final Configuration conf,
    final CustomAM am, Token<ClientToAMTokenIdentifier> token)
    throws IOException {
  // Malicious user, messes with appId
  UserGroupInformation ugi = UserGroupInformation.createRemoteUser("me");
  ClientToAMTokenIdentifier maliciousID =
      new ClientToAMTokenIdentifier(am.appAttemptId, "evilOrc");

  verifyTamperedToken(conf, am, token, ugi, maliciousID);
}
 
Example #16
Source File: TestClientToAMTokens.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private void verifyTokenWithTamperedID(final Configuration conf,
    final CustomAM am, Token<ClientToAMTokenIdentifier> token)
    throws IOException {
  // Malicious user, messes with appId
  UserGroupInformation ugi = UserGroupInformation.createRemoteUser("me");
  ClientToAMTokenIdentifier maliciousID =
      new ClientToAMTokenIdentifier(BuilderUtils.newApplicationAttemptId(
        BuilderUtils.newApplicationId(am.appAttemptId.getApplicationId()
          .getClusterTimestamp(), 42), 43), UserGroupInformation
        .getCurrentUser().getShortUserName());

  verifyTamperedToken(conf, am, token, ugi, maliciousID);
}
 
Example #17
Source File: TezClientUtils.java    From incubator-tez with Apache License 2.0 5 votes vote down vote up
@Private
public static DAGClientAMProtocolBlockingPB getAMProxy(final Configuration conf, String amHost,
    int amRpcPort, org.apache.hadoop.yarn.api.records.Token clientToAMToken) throws IOException {

  final InetSocketAddress serviceAddr = new InetSocketAddress(amHost, amRpcPort);
  UserGroupInformation userUgi = UserGroupInformation.createRemoteUser(UserGroupInformation
      .getCurrentUser().getUserName());
  if (clientToAMToken != null) {
    Token<ClientToAMTokenIdentifier> token = ConverterUtils.convertFromYarn(clientToAMToken,
        serviceAddr);
    userUgi.addToken(token);
  }
  if (LOG.isDebugEnabled()) {
    LOG.debug("Connecting to Tez AM at " + serviceAddr);
  }
  DAGClientAMProtocolBlockingPB proxy = null;
  try {
    proxy = userUgi.doAs(new PrivilegedExceptionAction<DAGClientAMProtocolBlockingPB>() {
      @Override
      public DAGClientAMProtocolBlockingPB run() throws IOException {
        RPC.setProtocolEngine(conf, DAGClientAMProtocolBlockingPB.class, ProtobufRpcEngine.class);
        return (DAGClientAMProtocolBlockingPB) RPC.getProxy(DAGClientAMProtocolBlockingPB.class,
            0, serviceAddr, conf);
      }
    });
  } catch (InterruptedException e) {
    throw new IOException("Failed to connect to AM", e);
  }
  return proxy;
}
 
Example #18
Source File: TezClientUtils.java    From tez with Apache License 2.0 5 votes vote down vote up
@Private
public static DAGClientAMProtocolBlockingPB getAMProxy(final Configuration conf, String amHost,
    int amRpcPort, org.apache.hadoop.yarn.api.records.Token clientToAMToken,
    UserGroupInformation userUgi) throws IOException {

  final InetSocketAddress serviceAddr = NetUtils.createSocketAddrForHost(amHost, amRpcPort);
  if (clientToAMToken != null) {
    Token<ClientToAMTokenIdentifier> token = ConverterUtils.convertFromYarn(clientToAMToken,
        serviceAddr);
    userUgi.addToken(token);
  }
  if (LOG.isDebugEnabled()) {
    LOG.debug("Connecting to Tez AM at " + serviceAddr);
  }
  DAGClientAMProtocolBlockingPB proxy = null;
  try {
    proxy = userUgi.doAs(new PrivilegedExceptionAction<DAGClientAMProtocolBlockingPB>() {
      @Override
      public DAGClientAMProtocolBlockingPB run() throws IOException {
        RPC.setProtocolEngine(conf, DAGClientAMProtocolBlockingPB.class, ProtobufRpcEngine.class);
        return (DAGClientAMProtocolBlockingPB) RPC.getProxy(DAGClientAMProtocolBlockingPB.class,
            0, serviceAddr, conf);
      }
    });
  } catch (InterruptedException e) {
    throw new IOException("Failed to connect to AM", e);
  }
  return proxy;
}
 
Example #19
Source File: RMAppImpl.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Override
public ApplicationReport createAndGetApplicationReport(String clientUserName,
    boolean allowAccess) {
  this.readLock.lock();

  try {
    ApplicationAttemptId currentApplicationAttemptId = null;
    org.apache.hadoop.yarn.api.records.Token clientToAMToken = null;
    String trackingUrl = UNAVAILABLE;
    String host = UNAVAILABLE;
    String origTrackingUrl = UNAVAILABLE;
    int rpcPort = -1;
    ApplicationResourceUsageReport appUsageReport =
        RMServerUtils.DUMMY_APPLICATION_RESOURCE_USAGE_REPORT;
    FinalApplicationStatus finishState = getFinalApplicationStatus();
    String diags = UNAVAILABLE;
    float progress = 0.0f;
    org.apache.hadoop.yarn.api.records.Token amrmToken = null;
    if (allowAccess) {
      trackingUrl = getDefaultProxyTrackingUrl();
      if (this.currentAttempt != null) {
        currentApplicationAttemptId = this.currentAttempt.getAppAttemptId();
        trackingUrl = this.currentAttempt.getTrackingUrl();
        origTrackingUrl = this.currentAttempt.getOriginalTrackingUrl();
        if (UserGroupInformation.isSecurityEnabled()) {
          // get a token so the client can communicate with the app attempt
          // NOTE: token may be unavailable if the attempt is not running
          Token<ClientToAMTokenIdentifier> attemptClientToAMToken =
              this.currentAttempt.createClientToken(clientUserName);
          if (attemptClientToAMToken != null) {
            clientToAMToken = BuilderUtils.newClientToAMToken(
                attemptClientToAMToken.getIdentifier(),
                attemptClientToAMToken.getKind().toString(),
                attemptClientToAMToken.getPassword(),
                attemptClientToAMToken.getService().toString());
          }
        }
        host = this.currentAttempt.getHost();
        rpcPort = this.currentAttempt.getRpcPort();
        appUsageReport = currentAttempt.getApplicationResourceUsageReport();
        progress = currentAttempt.getProgress();
      }
      diags = this.diagnostics.toString();

      if (currentAttempt != null && 
          currentAttempt.getAppAttemptState() == RMAppAttemptState.LAUNCHED) {
        if (getApplicationSubmissionContext().getUnmanagedAM() &&
            clientUserName != null && getUser().equals(clientUserName)) {
          Token<AMRMTokenIdentifier> token = currentAttempt.getAMRMToken();
          if (token != null) {
            amrmToken = BuilderUtils.newAMRMToken(token.getIdentifier(),
                token.getKind().toString(), token.getPassword(),
                token.getService().toString());
          }
        }
      }

      RMAppMetrics rmAppMetrics = getRMAppMetrics();
      appUsageReport.setMemorySeconds(rmAppMetrics.getMemorySeconds());
      appUsageReport.setVcoreSeconds(rmAppMetrics.getVcoreSeconds());
    }

    if (currentApplicationAttemptId == null) {
      currentApplicationAttemptId = 
          BuilderUtils.newApplicationAttemptId(this.applicationId, 
              DUMMY_APPLICATION_ATTEMPT_NUMBER);
    }

    return BuilderUtils.newApplicationReport(this.applicationId,
        currentApplicationAttemptId, this.user, this.queue,
        this.name, host, rpcPort, clientToAMToken,
        createApplicationState(), diags,
        trackingUrl, this.startTime, this.finishTime, finishState,
        appUsageReport, origTrackingUrl, progress, this.applicationType, 
        amrmToken, applicationTags);
  } finally {
    this.readLock.unlock();
  }
}
 
Example #20
Source File: TestClientToAMTokens.java    From big-c with Apache License 2.0 4 votes vote down vote up
private void verifyTamperedToken(final Configuration conf, final CustomAM am,
    Token<ClientToAMTokenIdentifier> token, UserGroupInformation ugi,
    ClientToAMTokenIdentifier maliciousID) {
  Token<ClientToAMTokenIdentifier> maliciousToken =
      new Token<ClientToAMTokenIdentifier>(maliciousID.getBytes(),
        token.getPassword(), token.getKind(),
        token.getService());
  ugi.addToken(maliciousToken);

  try {
    ugi.doAs(new PrivilegedExceptionAction<Void>()  {
      @Override
      public Void run() throws Exception {
        try {
          CustomProtocol client =
              (CustomProtocol) RPC.getProxy(CustomProtocol.class, 1L,
                am.address, conf);
          client.ping();
          fail("Connection initiation with illegally modified "
              + "tokens is expected to fail.");
          return null;
        } catch (YarnException ex) {
          fail("Cannot get a YARN remote exception as "
              + "it will indicate RPC success");
          throw ex;
        }
      }
    });
  } catch (Exception e) {
    Assert.assertEquals(RemoteException.class.getName(), e.getClass()
        .getName());
    e = ((RemoteException)e).unwrapRemoteException();
    Assert
      .assertEquals(SaslException.class
        .getCanonicalName(), e.getClass().getCanonicalName());
    Assert.assertTrue(e
      .getMessage()
      .contains(
        "DIGEST-MD5: digest response format violation. "
            + "Mismatched response."));
    Assert.assertFalse(am.pinged);
  }
}
 
Example #21
Source File: TestClientToAMTokens.java    From hadoop with Apache License 2.0 4 votes vote down vote up
private void verifyTamperedToken(final Configuration conf, final CustomAM am,
    Token<ClientToAMTokenIdentifier> token, UserGroupInformation ugi,
    ClientToAMTokenIdentifier maliciousID) {
  Token<ClientToAMTokenIdentifier> maliciousToken =
      new Token<ClientToAMTokenIdentifier>(maliciousID.getBytes(),
        token.getPassword(), token.getKind(),
        token.getService());
  ugi.addToken(maliciousToken);

  try {
    ugi.doAs(new PrivilegedExceptionAction<Void>()  {
      @Override
      public Void run() throws Exception {
        try {
          CustomProtocol client =
              (CustomProtocol) RPC.getProxy(CustomProtocol.class, 1L,
                am.address, conf);
          client.ping();
          fail("Connection initiation with illegally modified "
              + "tokens is expected to fail.");
          return null;
        } catch (YarnException ex) {
          fail("Cannot get a YARN remote exception as "
              + "it will indicate RPC success");
          throw ex;
        }
      }
    });
  } catch (Exception e) {
    Assert.assertEquals(RemoteException.class.getName(), e.getClass()
        .getName());
    e = ((RemoteException)e).unwrapRemoteException();
    Assert
      .assertEquals(SaslException.class
        .getCanonicalName(), e.getClass().getCanonicalName());
    Assert.assertTrue(e
      .getMessage()
      .contains(
        "DIGEST-MD5: digest response format violation. "
            + "Mismatched response."));
    Assert.assertFalse(am.pinged);
  }
}
 
Example #22
Source File: RMAppImpl.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Override
public ApplicationReport createAndGetApplicationReport(String clientUserName,
    boolean allowAccess) {
  this.readLock.lock();

  try {
    ApplicationAttemptId currentApplicationAttemptId = null;
    org.apache.hadoop.yarn.api.records.Token clientToAMToken = null;
    String trackingUrl = UNAVAILABLE;
    String host = UNAVAILABLE;
    String origTrackingUrl = UNAVAILABLE;
    int rpcPort = -1;
    ApplicationResourceUsageReport appUsageReport =
        RMServerUtils.DUMMY_APPLICATION_RESOURCE_USAGE_REPORT;
    FinalApplicationStatus finishState = getFinalApplicationStatus();
    String diags = UNAVAILABLE;
    float progress = 0.0f;
    org.apache.hadoop.yarn.api.records.Token amrmToken = null;
    if (allowAccess) {
      trackingUrl = getDefaultProxyTrackingUrl();
      if (this.currentAttempt != null) {
        currentApplicationAttemptId = this.currentAttempt.getAppAttemptId();
        trackingUrl = this.currentAttempt.getTrackingUrl();
        origTrackingUrl = this.currentAttempt.getOriginalTrackingUrl();
        if (UserGroupInformation.isSecurityEnabled()) {
          // get a token so the client can communicate with the app attempt
          // NOTE: token may be unavailable if the attempt is not running
          Token<ClientToAMTokenIdentifier> attemptClientToAMToken =
              this.currentAttempt.createClientToken(clientUserName);
          if (attemptClientToAMToken != null) {
            clientToAMToken = BuilderUtils.newClientToAMToken(
                attemptClientToAMToken.getIdentifier(),
                attemptClientToAMToken.getKind().toString(),
                attemptClientToAMToken.getPassword(),
                attemptClientToAMToken.getService().toString());
          }
        }
        host = this.currentAttempt.getHost();
        rpcPort = this.currentAttempt.getRpcPort();
        appUsageReport = currentAttempt.getApplicationResourceUsageReport();
        progress = currentAttempt.getProgress();
      }
      diags = this.diagnostics.toString();

      if (currentAttempt != null && 
          currentAttempt.getAppAttemptState() == RMAppAttemptState.LAUNCHED) {
        if (getApplicationSubmissionContext().getUnmanagedAM() &&
            clientUserName != null && getUser().equals(clientUserName)) {
          Token<AMRMTokenIdentifier> token = currentAttempt.getAMRMToken();
          if (token != null) {
            amrmToken = BuilderUtils.newAMRMToken(token.getIdentifier(),
                token.getKind().toString(), token.getPassword(),
                token.getService().toString());
          }
        }
      }

      RMAppMetrics rmAppMetrics = getRMAppMetrics();
      appUsageReport.setMemorySeconds(rmAppMetrics.getMemorySeconds());
      appUsageReport.setVcoreSeconds(rmAppMetrics.getVcoreSeconds());
      appUsageReport.setGcoreSeconds(rmAppMetrics.getGcoreSeconds());
    }

    if (currentApplicationAttemptId == null) {
      currentApplicationAttemptId = 
          BuilderUtils.newApplicationAttemptId(this.applicationId, 
              DUMMY_APPLICATION_ATTEMPT_NUMBER);
    }

    return BuilderUtils.newApplicationReport(this.applicationId,
        currentApplicationAttemptId, this.user, this.queue,
        this.name, host, rpcPort, clientToAMToken,
        createApplicationState(), diags,
        trackingUrl, this.startTime, this.finishTime, finishState,
        appUsageReport, origTrackingUrl, progress, this.applicationType, 
        amrmToken, applicationTags);
  } finally {
    this.readLock.unlock();
  }
}
 
Example #23
Source File: RMAppAttempt.java    From big-c with Apache License 2.0 2 votes vote down vote up
/**
 * Create a token for authenticating a client connection to the app attempt
 * @param clientName the name of the client requesting the token
 * @return the token or null if the attempt is not running
 */
Token<ClientToAMTokenIdentifier> createClientToken(String clientName);
 
Example #24
Source File: RMAppAttempt.java    From hadoop with Apache License 2.0 2 votes vote down vote up
/**
 * Create a token for authenticating a client connection to the app attempt
 * @param clientName the name of the client requesting the token
 * @return the token or null if the attempt is not running
 */
Token<ClientToAMTokenIdentifier> createClientToken(String clientName);