org.apache.hadoop.security.Credentials Java Examples

The following examples show how to use org.apache.hadoop.security.Credentials. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: HadoopInputFormatBase.java    From flink with Apache License 2.0 6 votes vote down vote up
@Override
public HadoopInputSplit[] createInputSplits(int minNumSplits)
		throws IOException {
	configuration.setInt("mapreduce.input.fileinputformat.split.minsize", minNumSplits);

	JobContext jobContext = new JobContextImpl(configuration, new JobID());

	jobContext.getCredentials().addAll(this.credentials);
	Credentials currentUserCreds = getCredentialsFromUGI(UserGroupInformation.getCurrentUser());
	if (currentUserCreds != null) {
		jobContext.getCredentials().addAll(currentUserCreds);
	}

	List<org.apache.hadoop.mapreduce.InputSplit> splits;
	try {
		splits = this.mapreduceInputFormat.getSplits(jobContext);
	} catch (InterruptedException e) {
		throw new IOException("Could not get Splits.", e);
	}
	HadoopInputSplit[] hadoopInputSplits = new HadoopInputSplit[splits.size()];

	for (int i = 0; i < hadoopInputSplits.length; i++) {
		hadoopInputSplits[i] = new HadoopInputSplit(i, splits.get(i), jobContext);
	}
	return hadoopInputSplits;
}
 
Example #2
Source File: TestEncryptionZonesWithKMS.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test(timeout = 120000)
public void testDelegationToken() throws Exception {
  final String renewer = "JobTracker";
  UserGroupInformation.createRemoteUser(renewer);

  Credentials creds = new Credentials();
  Token<?> tokens[] = fs.addDelegationTokens(renewer, creds);
  DistributedFileSystem.LOG.debug("Delegation tokens: " +
      Arrays.asList(tokens));
  Assert.assertEquals(2, tokens.length);
  Assert.assertEquals(2, creds.numberOfTokens());
  
  // If the dt exists, will not get again
  tokens = fs.addDelegationTokens(renewer, creds);
  Assert.assertEquals(0, tokens.length);
  Assert.assertEquals(2, creds.numberOfTokens());
}
 
Example #3
Source File: TestDelegationTokenRemoteFetcher.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/**
 * Call fetch token using http server 
 */
@Test
public void expectedTokenIsRetrievedFromHttp() throws Exception {
  bootstrap = startHttpServer(httpPort, testToken, serviceUrl);
  DelegationTokenFetcher.main(new String[] { "-webservice=" + serviceUrl,
      tokenFile });
  Path p = new Path(fileSys.getWorkingDirectory(), tokenFile);
  Credentials creds = Credentials.readTokenStorageFile(p, conf);
  Iterator<Token<?>> itr = creds.getAllTokens().iterator();
  assertTrue("token not exist error", itr.hasNext());
  Token<?> fetchedToken = itr.next();
  Assert.assertArrayEquals("token wrong identifier error",
      testToken.getIdentifier(), fetchedToken.getIdentifier());
  Assert.assertArrayEquals("token wrong password error",
      testToken.getPassword(), fetchedToken.getPassword());
  if (assertionError != null)
    throw assertionError;
}
 
Example #4
Source File: MRApp.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("rawtypes")
public TestJob(JobId jobId, ApplicationAttemptId applicationAttemptId,
    Configuration conf, EventHandler eventHandler,
    TaskAttemptListener taskAttemptListener, Clock clock,
    OutputCommitter committer, boolean newApiCommitter,
    String user, AppContext appContext,
    JobStateInternal forcedState, String diagnostic) {
  super(jobId, getApplicationAttemptId(applicationId, getStartCount()),
      conf, eventHandler, taskAttemptListener,
      new JobTokenSecretManager(), new Credentials(), clock,
      getCompletedTaskFromPreviousRun(), metrics, committer,
      newApiCommitter, user, System.currentTimeMillis(), getAllAMInfos(),
      appContext, forcedState, diagnostic);

  // This "this leak" is okay because the retained pointer is in an
  //  instance variable.
  localStateMachine = localFactory.make(this);
}
 
Example #5
Source File: HBaseTap.java    From SpyGlass with Apache License 2.0 6 votes vote down vote up
private void obtainToken(JobConf conf) {
  if (User.isHBaseSecurityEnabled(conf)) {
    String user = conf.getUser();
    LOG.info("obtaining HBase token for: {}", user);
    try {
      UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
      user = currentUser.getUserName();
      Credentials credentials = conf.getCredentials();
      for (Token t : currentUser.getTokens()) {
        LOG.debug("Token {} is available", t);
        if ("HBASE_AUTH_TOKEN".equalsIgnoreCase(t.getKind().toString()))
          credentials.addToken(t.getKind(), t);
      }
    } catch (IOException e) {
      throw new TapException("Unable to obtain HBase auth token for " + user, e);
    }
  }
}
 
Example #6
Source File: ApplicationAttemptStateData.java    From big-c with Apache License 2.0 6 votes vote down vote up
public static ApplicationAttemptStateData newInstance(
    ApplicationAttemptId attemptId, Container container,
    Credentials attemptTokens, long startTime, RMAppAttemptState finalState,
    String finalTrackingUrl, String diagnostics,
    FinalApplicationStatus amUnregisteredFinalStatus, int exitStatus,
    long finishTime, long memorySeconds, long vcoreSeconds) {
  ApplicationAttemptStateData attemptStateData =
      Records.newRecord(ApplicationAttemptStateData.class);
  attemptStateData.setAttemptId(attemptId);
  attemptStateData.setMasterContainer(container);
  attemptStateData.setAppAttemptTokens(attemptTokens);
  attemptStateData.setState(finalState);
  attemptStateData.setFinalTrackingUrl(finalTrackingUrl);
  attemptStateData.setDiagnostics(diagnostics == null ? "" : diagnostics);
  attemptStateData.setStartTime(startTime);
  attemptStateData.setFinalApplicationStatus(amUnregisteredFinalStatus);
  attemptStateData.setAMContainerExitStatus(exitStatus);
  attemptStateData.setFinishTime(finishTime);
  attemptStateData.setMemorySeconds(memorySeconds);
  attemptStateData.setVcoreSeconds(vcoreSeconds);
  return attemptStateData;
}
 
Example #7
Source File: TestRMAppTransitions.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test (timeout = 30000)
public void testAppRecoverPath() throws IOException {
  LOG.info("--- START: testAppRecoverPath ---");
  ApplicationSubmissionContext sub =
      Records.newRecord(ApplicationSubmissionContext.class);
  ContainerLaunchContext clc =
      Records.newRecord(ContainerLaunchContext.class);
  Credentials credentials = new Credentials();
  DataOutputBuffer dob = new DataOutputBuffer();
  credentials.writeTokenStorageToStream(dob);
  ByteBuffer securityTokens =
      ByteBuffer.wrap(dob.getData(), 0, dob.getLength());
  clc.setTokens(securityTokens);
  sub.setAMContainerSpec(clc);
  testCreateAppSubmittedRecovery(sub);
}
 
Example #8
Source File: TestTokenCache.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("deprecation")
@Test
public void testGetTokensForNamenodes() throws IOException,
    URISyntaxException {
  Path TEST_ROOT_DIR =
      new Path(System.getProperty("test.build.data", "test/build/data"));
  // ick, but need fq path minus file:/
  String binaryTokenFile =
      FileSystem.getLocal(conf)
        .makeQualified(new Path(TEST_ROOT_DIR, "tokenFile")).toUri()
        .getPath();

  MockFileSystem fs1 = createFileSystemForServiceName("service1");
  Credentials creds = new Credentials();
  Token<?> token1 = fs1.getDelegationToken(renewer);
  creds.addToken(token1.getService(), token1);
  // wait to set, else the obtain tokens call above will fail with FNF
  conf.set(MRJobConfig.MAPREDUCE_JOB_CREDENTIALS_BINARY, binaryTokenFile);
  creds.writeTokenStorageFile(new Path(binaryTokenFile), conf);
  TokenCache.obtainTokensForNamenodesInternal(fs1, creds, conf);
  String fs_addr = fs1.getCanonicalServiceName();
  Token<?> nnt = TokenCache.getDelegationToken(creds, fs_addr);
  assertNotNull("Token for nn is null", nnt);
}
 
Example #9
Source File: TokenCache.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/**
 * get delegation token for a specific FS
 * @param fs
 * @param credentials
 * @param p
 * @param conf
 * @throws IOException
 */
static void obtainTokensForNamenodesInternal(FileSystem fs, 
    Credentials credentials, Configuration conf) throws IOException {
  String delegTokenRenewer = Master.getMasterPrincipal(conf);
  if (delegTokenRenewer == null || delegTokenRenewer.length() == 0) {
    throw new IOException(
        "Can't get Master Kerberos principal for use as renewer");
  }
  mergeBinaryTokens(credentials, conf);

  final Token<?> tokens[] = fs.addDelegationTokens(delegTokenRenewer,
                                                   credentials);
  if (tokens != null) {
    for (Token<?> token : tokens) {
      LOG.info("Got dt for " + fs.getUri() + "; "+token);
    }
  }
}
 
Example #10
Source File: TestFileSystemTokens.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Test
public void testFsWithMyOwnAndChildTokens() throws Exception {
  Credentials credentials = new Credentials();
  Text service1 = new Text("singleTokenFs1");
  Text service2 = new Text("singleTokenFs2");
  Text myService = new Text("multiTokenFs");
  Token<?> token = mock(Token.class);
  credentials.addToken(service2, token);

  MockFileSystem fs1 = createFileSystemForServiceName(service1);
  MockFileSystem fs2 = createFileSystemForServiceName(service2);
  MockFileSystem multiFs = createFileSystemForServiceName(myService, fs1, fs2);
  
  multiFs.addDelegationTokens(renewer, credentials);
  verifyTokenFetch(multiFs, true); // its own token and also of its children
  verifyTokenFetch(fs1, true);
  verifyTokenFetch(fs2, false);  // we had added its token to credentials 
  
  assertEquals(3, credentials.numberOfTokens());
  assertNotNull(credentials.getToken(myService));
  assertNotNull(credentials.getToken(service1));
  assertNotNull(credentials.getToken(service2));
}
 
Example #11
Source File: TestFileSystemTokens.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test
public void testFsWithDuplicateChildren() throws Exception {
  Credentials credentials = new Credentials();
  Text service = new Text("singleTokenFs1");

  MockFileSystem fs = createFileSystemForServiceName(service);
  MockFileSystem multiFs =
      createFileSystemForServiceName(null, fs, new FilterFileSystem(fs));
  
  multiFs.addDelegationTokens(renewer, credentials);
  verifyTokenFetch(multiFs, false);
  verifyTokenFetch(fs, true);
  
  assertEquals(1, credentials.numberOfTokens());
  assertNotNull(credentials.getToken(service));
}
 
Example #12
Source File: TestTezClientUtils.java    From tez with Apache License 2.0 6 votes vote down vote up
@Test(timeout = 2000)
// this test checks if the priority field is set properly in the
// ApplicationSubmissionContext
public void testAppSubmissionContextForPriority() throws Exception {
  TezConfiguration tezConf = new TezConfiguration();
  tezConf.set(TezConfiguration.TEZ_AM_STAGING_DIR, STAGING_DIR.getAbsolutePath());
  int testpriority = 999;
  ApplicationId appId = ApplicationId.newInstance(1000, 1);
  Credentials credentials = new Credentials();
  TezClientUtils.createSessionToken(appId.toString(),
      new JobTokenSecretManager(), credentials);
  tezConf.setBoolean(TezConfiguration.TEZ_IGNORE_LIB_URIS, true);
  Map<String, LocalResource> m = new HashMap<String, LocalResource>();
  tezConf.setInt(TezConfiguration.TEZ_AM_APPLICATION_PRIORITY, testpriority);
  AMConfiguration amConf =
      new AMConfiguration(tezConf, new HashMap<String, LocalResource>(), credentials);
  ApplicationSubmissionContext appcontext;
  appcontext = TezClientUtils.createApplicationSubmissionContext(
      appId, null, "dagname",
      amConf, m,
      credentials, false,
      new TezApiVersionInfo(), null, null);
  assertEquals(testpriority, appcontext.getPriority().getPriority());
}
 
Example #13
Source File: TestTokenCache.java    From incubator-tez with Apache License 2.0 5 votes vote down vote up
private void checkTokens(Credentials creds, Credentials newCreds) {
  Assert.assertEquals(creds.getAllTokens().size(),
      newCreds.getAllTokens().size());
  for (Token<?> token : newCreds.getAllTokens()) {
    Token<?> credsToken = creds.getToken(token.getService());
    Assert.assertTrue(credsToken != null);
    Assert.assertEquals(token, credsToken);
  }
}
 
Example #14
Source File: AMContainerTask.java    From incubator-tez with Apache License 2.0 5 votes vote down vote up
public AMContainerTask(boolean shouldDie, TaskSpec tezTask,
    Map<String, LocalResource> additionalResources, Credentials credentials, boolean credentialsChanged) {
  this.shouldDie = shouldDie;
  this.tezTask = tezTask;
  this.additionalResources = additionalResources;
  this.credentials = credentials;
  this.credentialsChanged = credentialsChanged;
}
 
Example #15
Source File: TestProtocolRecords.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test
public void testNodeHeartBeatResponse() throws IOException {
  NodeHeartbeatResponse record =
      Records.newRecord(NodeHeartbeatResponse.class);
  Map<ApplicationId, ByteBuffer> appCredentials =
      new HashMap<ApplicationId, ByteBuffer>();
  Credentials app1Cred = new Credentials();

  Token<DelegationTokenIdentifier> token1 =
      new Token<DelegationTokenIdentifier>();
  token1.setKind(new Text("kind1"));
  app1Cred.addToken(new Text("token1"), token1);
  Token<DelegationTokenIdentifier> token2 =
      new Token<DelegationTokenIdentifier>();
  token2.setKind(new Text("kind2"));
  app1Cred.addToken(new Text("token2"), token2);

  DataOutputBuffer dob = new DataOutputBuffer();
  app1Cred.writeTokenStorageToStream(dob);
  ByteBuffer byteBuffer1 = ByteBuffer.wrap(dob.getData(), 0, dob.getLength());
  appCredentials.put(ApplicationId.newInstance(1234, 1), byteBuffer1);
  record.setSystemCredentialsForApps(appCredentials);

  NodeHeartbeatResponse proto =
      new NodeHeartbeatResponsePBImpl(
        ((NodeHeartbeatResponsePBImpl) record).getProto());
  Assert.assertEquals(appCredentials, proto.getSystemCredentialsForApps());
}
 
Example #16
Source File: ContainerTask.java    From tez with Apache License 2.0 5 votes vote down vote up
@Override
public void readFields(DataInput in) throws IOException {
  shouldDie = in.readBoolean();
  boolean taskComing = in.readBoolean();
  if (taskComing) {
    taskSpec = new TaskSpec();
    taskSpec.readFields(in);
  }
  int numAdditionalResources = in.readInt();
  additionalResources = Maps.newHashMap();
  if (numAdditionalResources != -1) {
    for (int i = 0 ; i < numAdditionalResources ; i++) {
      String resourceName = in.readUTF();
      TezLocalResource localResource = new TezLocalResource();
      localResource.readFields(in);
      additionalResources.put(resourceName, localResource);
    }
  }
  credentialsChanged = in.readBoolean();
  if (credentialsChanged) {
    boolean hasCredentials = in.readBoolean();
    if (hasCredentials) {
      credentials = new Credentials();
      credentials.readFields(in);
    }
  }
}
 
Example #17
Source File: InputSplitInfoMem.java    From tez with Apache License 2.0 5 votes vote down vote up
public InputSplitInfoMem(org.apache.hadoop.mapred.InputSplit[] oldSplits,
    List<TaskLocationHint> taskLocationHints, int numTasks, Credentials credentials,
    Configuration conf) {
  this.isNewSplit = false;
  this.oldFormatSplits = oldSplits;
  this.taskLocationHints = taskLocationHints;
  this.numTasks = numTasks;
  this.credentials = credentials;
  this.conf = conf;
}
 
Example #18
Source File: HadoopFileSystemWrapper.java    From dremio-oss with Apache License 2.0 5 votes vote down vote up
@Override
@LimitedPrivate({"HDFS", "MapReduce"})
public Token<?>[] addDelegationTokens(String renewer, Credentials credentials) throws IOException {
  try (WaitRecorder recorder = OperatorStats.getWaitRecorder(operatorStats)) {
    return underlyingFs.addDelegationTokens(renewer, credentials);
  } catch(FSError e) {
    throw propagateFSError(e);
  }
}
 
Example #19
Source File: ContainerManagerImpl.java    From big-c with Apache License 2.0 5 votes vote down vote up
private ContainerManagerApplicationProto buildAppProto(ApplicationId appId,
    String user, Credentials credentials,
    Map<ApplicationAccessType, String> appAcls,
    LogAggregationContext logAggregationContext) {

  ContainerManagerApplicationProto.Builder builder =
      ContainerManagerApplicationProto.newBuilder();
  builder.setId(((ApplicationIdPBImpl) appId).getProto());
  builder.setUser(user);

  if (logAggregationContext != null) {
    builder.setLogAggregationContext((
        (LogAggregationContextPBImpl)logAggregationContext).getProto());
  }

  builder.clearCredentials();
  if (credentials != null) {
    DataOutputBuffer dob = new DataOutputBuffer();
    try {
      credentials.writeTokenStorageToStream(dob);
      builder.setCredentials(ByteString.copyFrom(dob.getData()));
    } catch (IOException e) {
      // should not occur
      LOG.error("Cannot serialize credentials", e);
    }
  }

  builder.clearAcls();
  if (appAcls != null) {
    for (Map.Entry<ApplicationAccessType, String> acl : appAcls.entrySet()) {
      ApplicationACLMapProto p = ApplicationACLMapProto.newBuilder()
          .setAccessType(ProtoUtils.convertToProtoFormat(acl.getKey()))
          .setAcl(acl.getValue())
          .build();
      builder.addAcls(p);
    }
  }

  return builder.build();
}
 
Example #20
Source File: OzoneKMSUtil.java    From hadoop-ozone with Apache License 2.0 5 votes vote down vote up
public static URI getKeyProviderUri(UserGroupInformation ugi,
    URI namespaceUri, String kmsUriSrv, ConfigurationSource conf)
    throws IOException {
  URI keyProviderUri = null;
  Credentials credentials = ugi.getCredentials();
  Text credsKey = null;
  if (namespaceUri != null) {
    // from ugi
    credsKey = getKeyProviderMapKey(namespaceUri);
    byte[] keyProviderUriBytes = credentials.getSecretKey(credsKey);
    if (keyProviderUriBytes != null) {
      keyProviderUri = URI.create(bytes2String(keyProviderUriBytes));
    }
  }
  if (keyProviderUri == null) {
    // from client conf
    if (kmsUriSrv == null) {
      Configuration hadoopConfig =
          LegacyHadoopConfigurationSource.asHadoopConfiguration(conf);
      keyProviderUri = KMSUtil.getKeyProviderUri(
          hadoopConfig, keyProviderUriKeyName);
    } else if (!kmsUriSrv.isEmpty()) {
      // from om server
      keyProviderUri = URI.create(kmsUriSrv);
    }
  }
  // put back into UGI
  if (keyProviderUri != null && credsKey != null) {
    credentials.addSecretKey(
        credsKey, StringUtils.string2Bytes(keyProviderUri.toString()));
  }

  return keyProviderUri;
}
 
Example #21
Source File: TokenCache.java    From hadoop with Apache License 2.0 5 votes vote down vote up
static void obtainTokensForNamenodesInternal(Credentials credentials,
    Path[] ps, Configuration conf) throws IOException {
  Set<FileSystem> fsSet = new HashSet<FileSystem>();
  for(Path p: ps) {
    fsSet.add(p.getFileSystem(conf));
  }
  for (FileSystem fs : fsSet) {
    obtainTokensForNamenodesInternal(fs, credentials, conf);
  }
}
 
Example #22
Source File: TestFileSystemTokens.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testFsWithNestedDuplicatesChildren() throws Exception {
  Credentials credentials = new Credentials();
  Text service1 = new Text("singleTokenFs1");
  Text service2 = new Text("singleTokenFs2");
  Text service4 = new Text("singleTokenFs4");
  Text multiService = new Text("multiTokenFs");
  Token<?> token2 = mock(Token.class);
  credentials.addToken(service2, token2);
  
  MockFileSystem fs1 = createFileSystemForServiceName(service1);
  MockFileSystem fs1B = createFileSystemForServiceName(service1);
  MockFileSystem fs2 = createFileSystemForServiceName(service2);
  MockFileSystem fs3 = createFileSystemForServiceName(null);
  MockFileSystem fs4 = createFileSystemForServiceName(service4);
  // now let's get dirty!  ensure dup tokens aren't fetched even when
  // repeated and dupped in a nested fs.  fs4 is a real test of the drill
  // down: multi-filter-multi-filter-filter-fs4.
  MockFileSystem multiFs = createFileSystemForServiceName(multiService,
      fs1, fs1B, fs2, fs2, new FilterFileSystem(fs3),
      new FilterFileSystem(new FilterFileSystem(fs4)));
  MockFileSystem superMultiFs = createFileSystemForServiceName(null,
      fs1, fs1B, fs1, new FilterFileSystem(fs3), new FilterFileSystem(multiFs));
  superMultiFs.addDelegationTokens(renewer, credentials);
  verifyTokenFetch(superMultiFs, false); // does not have its own token
  verifyTokenFetch(multiFs, true); // has its own token
  verifyTokenFetch(fs1, true);
  verifyTokenFetch(fs2, false); // we had added its token to credentials
  verifyTokenFetch(fs3, false); // has no tokens
  verifyTokenFetch(fs4, true);
  
  assertEquals(4, credentials.numberOfTokens()); //fs1+fs2+fs4+multifs (fs3=0)
  assertNotNull(credentials.getToken(service1));
  assertNotNull(credentials.getToken(service2));
  assertSame(token2, credentials.getToken(service2));
  assertNotNull(credentials.getToken(multiService));
  assertNotNull(credentials.getToken(service4));
}
 
Example #23
Source File: TestCredentials.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void addAll() {
  Credentials creds = new Credentials();
  creds.addToken(service[0], token[0]);
  creds.addToken(service[1], token[1]);
  creds.addSecretKey(secret[0], secret[0].getBytes());
  creds.addSecretKey(secret[1], secret[1].getBytes());

  Credentials credsToAdd = new Credentials();
  // one duplicate with different value, one new
  credsToAdd.addToken(service[0], token[3]);
  credsToAdd.addToken(service[2], token[2]);
  credsToAdd.addSecretKey(secret[0], secret[3].getBytes());
  credsToAdd.addSecretKey(secret[2], secret[2].getBytes());
  
  creds.addAll(credsToAdd);
  assertEquals(3, creds.numberOfTokens());
  assertEquals(3, creds.numberOfSecretKeys());
  // existing token & secret should be overwritten
  assertEquals(token[3], creds.getToken(service[0]));
  assertEquals(secret[3], new Text(creds.getSecretKey(secret[0])));
  // non-duplicate token & secret should be present
  assertEquals(token[1], creds.getToken(service[1]));
  assertEquals(secret[1], new Text(creds.getSecretKey(secret[1])));
  // new token & secret should be added
  assertEquals(token[2], creds.getToken(service[2]));
  assertEquals(secret[2], new Text(creds.getSecretKey(secret[2])));
}
 
Example #24
Source File: LogHandlerAppStartedEvent.java    From hadoop with Apache License 2.0 5 votes vote down vote up
public LogHandlerAppStartedEvent(ApplicationId appId, String user,
    Credentials credentials, ContainerLogsRetentionPolicy retentionPolicy,
    Map<ApplicationAccessType, String> appAcls,
    LogAggregationContext logAggregationContext) {
  super(LogHandlerEventType.APPLICATION_STARTED);
  this.applicationId = appId;
  this.user = user;
  this.credentials = credentials;
  this.retentionPolicy = retentionPolicy;
  this.appAcls = appAcls;
  this.logAggregationContext = logAggregationContext;
}
 
Example #25
Source File: JstormMasterContext.java    From jstorm with Apache License 2.0 5 votes vote down vote up
public JstormMasterContext(String user, ContainerId containerId,
                           ApplicationAttemptId applicationAttemptId,
                           long appSubmitTime, String nodeHostString,
                           Configuration yarnConfig) {
    this.user = user;
    this.containerId = containerId;
    this.attemptId = applicationAttemptId;
    this.credentials = new Credentials();
    this.submitTime = appSubmitTime;
    this.address = nodeHostString;
    this.config = yarnConfig;
}
 
Example #26
Source File: TokenCache.java    From tez with Apache License 2.0 5 votes vote down vote up
/**
 * 
 * @return session token
 */
@SuppressWarnings("unchecked")
@InterfaceAudience.Private
public static Token<JobTokenIdentifier> getSessionToken(Credentials credentials) {
  Token<?> token = credentials.getToken(SESSION_TOKEN);
  if (token == null) {
    return null;
  }
  return (Token<JobTokenIdentifier>) token;
}
 
Example #27
Source File: GobblinYarnAppLauncher.java    From incubator-gobblin with Apache License 2.0 5 votes vote down vote up
private void setupSecurityTokens(ContainerLaunchContext containerLaunchContext) throws IOException {
  Credentials credentials = UserGroupInformation.getCurrentUser().getCredentials();

  // Pass on the credentials from the hadoop token file if present.
  // The value in the token file takes precedence.
  if (System.getenv(HADOOP_TOKEN_FILE_LOCATION) != null) {
    Credentials tokenFileCredentials = Credentials.readTokenStorageFile(new File(System.getenv(HADOOP_TOKEN_FILE_LOCATION)),
        new Configuration());
    credentials.addAll(tokenFileCredentials);
  }

  String tokenRenewer = this.yarnConfiguration.get(YarnConfiguration.RM_PRINCIPAL);
  if (tokenRenewer == null || tokenRenewer.length() == 0) {
    throw new IOException("Failed to get master Kerberos principal for the RM to use as renewer");
  }

  // For now, only getting tokens for the default file-system.
  Token<?> tokens[] = this.fs.addDelegationTokens(tokenRenewer, credentials);
  if (tokens != null) {
    for (Token<?> token : tokens) {
      LOGGER.info("Got delegation token for " + this.fs.getUri() + "; " + token);
    }
  }

  Closer closer = Closer.create();
  try {
    DataOutputBuffer dataOutputBuffer = closer.register(new DataOutputBuffer());
    credentials.writeTokenStorageToStream(dataOutputBuffer);
    ByteBuffer fsTokens = ByteBuffer.wrap(dataOutputBuffer.getData(), 0, dataOutputBuffer.getLength());
    containerLaunchContext.setTokens(fsTokens);
  } catch (Throwable t) {
    throw closer.rethrow(t);
  } finally {
    closer.close();
  }
}
 
Example #28
Source File: YarnChild.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Utility method to check if the Encrypted Spill Key needs to be set into the
 * user credentials of the user running the Map / Reduce Task
 * @param task The Map / Reduce task to set the Encrypted Spill information in
 * @throws Exception
 */
public static void setEncryptedSpillKeyIfRequired(Task task) throws
        Exception {
  if ((task != null) && (task.getEncryptedSpillKey() != null) && (task
          .getEncryptedSpillKey().length > 1)) {
    Credentials creds =
            UserGroupInformation.getCurrentUser().getCredentials();
    TokenCache.setEncryptedSpillKey(task.getEncryptedSpillKey(), creds);
    UserGroupInformation.getCurrentUser().addCredentials(creds);
  }
}
 
Example #29
Source File: YarnUtils.java    From twill with Apache License 2.0 5 votes vote down vote up
/**
 * Encodes the given {@link Credentials} as bytes.
 */
public static ByteBuffer encodeCredentials(Credentials credentials) {
  try {
    DataOutputBuffer out = new DataOutputBuffer();
    credentials.writeTokenStorageToStream(out);
    return ByteBuffer.wrap(out.getData(), 0, out.getLength());
  } catch (IOException e) {
    // Shouldn't throw
    LOG.error("Failed to encode Credentials.", e);
    throw Throwables.propagate(e);
  }
}
 
Example #30
Source File: TestJobImpl.java    From big-c with Apache License 2.0 5 votes vote down vote up
private boolean testUberDecision(Configuration conf) {
  JobID jobID = JobID.forName("job_1234567890000_0001");
  JobId jobId = TypeConverter.toYarn(jobID);
  MRAppMetrics mrAppMetrics = MRAppMetrics.create();
  JobImpl job =
      new JobImpl(jobId, ApplicationAttemptId.newInstance(
        ApplicationId.newInstance(0, 0), 0), conf, mock(EventHandler.class),
        null, new JobTokenSecretManager(), new Credentials(), null, null,
        mrAppMetrics, null, true, null, 0, null, null, null, null);
  InitTransition initTransition = getInitTransition(2);
  JobEvent mockJobEvent = mock(JobEvent.class);
  initTransition.transition(job, mockJobEvent);
  boolean isUber = job.isUber();
  return isUber;
}