Search in sources :

Example 1 with GetDelegationTokenResponse

use of org.apache.hadoop.mapreduce.v2.api.protocolrecords.GetDelegationTokenResponse in project hadoop by apache.

the class TestYARNRunner method testGetHSDelegationToken.

@Test(timeout = 20000)
public void testGetHSDelegationToken() throws Exception {
    try {
        Configuration conf = new Configuration();
        // Setup mock service
        InetSocketAddress mockRmAddress = new InetSocketAddress("localhost", 4444);
        Text rmTokenSevice = SecurityUtil.buildTokenService(mockRmAddress);
        InetSocketAddress mockHsAddress = new InetSocketAddress("localhost", 9200);
        Text hsTokenSevice = SecurityUtil.buildTokenService(mockHsAddress);
        // Setup mock rm token
        RMDelegationTokenIdentifier tokenIdentifier = new RMDelegationTokenIdentifier(new Text("owner"), new Text("renewer"), new Text("real"));
        Token<RMDelegationTokenIdentifier> token = new Token<RMDelegationTokenIdentifier>(new byte[0], new byte[0], tokenIdentifier.getKind(), rmTokenSevice);
        token.setKind(RMDelegationTokenIdentifier.KIND_NAME);
        // Setup mock history token
        org.apache.hadoop.yarn.api.records.Token historyToken = org.apache.hadoop.yarn.api.records.Token.newInstance(new byte[0], MRDelegationTokenIdentifier.KIND_NAME.toString(), new byte[0], hsTokenSevice.toString());
        GetDelegationTokenResponse getDtResponse = Records.newRecord(GetDelegationTokenResponse.class);
        getDtResponse.setDelegationToken(historyToken);
        // mock services
        MRClientProtocol mockHsProxy = mock(MRClientProtocol.class);
        doReturn(mockHsAddress).when(mockHsProxy).getConnectAddress();
        doReturn(getDtResponse).when(mockHsProxy).getDelegationToken(any(GetDelegationTokenRequest.class));
        ResourceMgrDelegate rmDelegate = mock(ResourceMgrDelegate.class);
        doReturn(rmTokenSevice).when(rmDelegate).getRMDelegationTokenService();
        ClientCache clientCache = mock(ClientCache.class);
        doReturn(mockHsProxy).when(clientCache).getInitializedHSProxy();
        Credentials creds = new Credentials();
        YARNRunner yarnRunner = new YARNRunner(conf, rmDelegate, clientCache);
        // No HS token if no RM token
        yarnRunner.addHistoryToken(creds);
        verify(mockHsProxy, times(0)).getDelegationToken(any(GetDelegationTokenRequest.class));
        // No HS token if RM token, but secirity disabled.
        creds.addToken(new Text("rmdt"), token);
        yarnRunner.addHistoryToken(creds);
        verify(mockHsProxy, times(0)).getDelegationToken(any(GetDelegationTokenRequest.class));
        conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
        UserGroupInformation.setConfiguration(conf);
        creds = new Credentials();
        // No HS token if no RM token, security enabled
        yarnRunner.addHistoryToken(creds);
        verify(mockHsProxy, times(0)).getDelegationToken(any(GetDelegationTokenRequest.class));
        // HS token if RM token present, security enabled
        creds.addToken(new Text("rmdt"), token);
        yarnRunner.addHistoryToken(creds);
        verify(mockHsProxy, times(1)).getDelegationToken(any(GetDelegationTokenRequest.class));
        // No additional call to get HS token if RM and HS token present
        yarnRunner.addHistoryToken(creds);
        verify(mockHsProxy, times(1)).getDelegationToken(any(GetDelegationTokenRequest.class));
    } finally {
        // Back to defaults.
        UserGroupInformation.setConfiguration(new Configuration());
    }
}
Also used : Configuration(org.apache.hadoop.conf.Configuration) YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration) GetDelegationTokenResponse(org.apache.hadoop.mapreduce.v2.api.protocolrecords.GetDelegationTokenResponse) InetSocketAddress(java.net.InetSocketAddress) Text(org.apache.hadoop.io.Text) Token(org.apache.hadoop.security.token.Token) RMDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier) MRClientProtocol(org.apache.hadoop.mapreduce.v2.api.MRClientProtocol) GetDelegationTokenRequest(org.apache.hadoop.mapreduce.v2.api.protocolrecords.GetDelegationTokenRequest) Credentials(org.apache.hadoop.security.Credentials) Test(org.junit.Test)

Example 2 with GetDelegationTokenResponse

use of org.apache.hadoop.mapreduce.v2.api.protocolrecords.GetDelegationTokenResponse in project hadoop by apache.

the class TestYARNRunner method testHistoryServerToken.

@Test(timeout = 20000)
public void testHistoryServerToken() throws Exception {
    //Set the master principal in the config
    conf.set(YarnConfiguration.RM_PRINCIPAL, "foo@LOCAL");
    final String masterPrincipal = Master.getMasterPrincipal(conf);
    final MRClientProtocol hsProxy = mock(MRClientProtocol.class);
    when(hsProxy.getDelegationToken(any(GetDelegationTokenRequest.class))).thenAnswer(new Answer<GetDelegationTokenResponse>() {

        public GetDelegationTokenResponse answer(InvocationOnMock invocation) {
            GetDelegationTokenRequest request = (GetDelegationTokenRequest) invocation.getArguments()[0];
            // check that the renewer matches the cluster's RM principal
            assertEquals(masterPrincipal, request.getRenewer());
            org.apache.hadoop.yarn.api.records.Token token = recordFactory.newRecordInstance(org.apache.hadoop.yarn.api.records.Token.class);
            // none of these fields matter for the sake of the test
            token.setKind("");
            token.setService("");
            token.setIdentifier(ByteBuffer.allocate(0));
            token.setPassword(ByteBuffer.allocate(0));
            GetDelegationTokenResponse tokenResponse = recordFactory.newRecordInstance(GetDelegationTokenResponse.class);
            tokenResponse.setDelegationToken(token);
            return tokenResponse;
        }
    });
    UserGroupInformation.createRemoteUser("someone").doAs(new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
            yarnRunner = new YARNRunner(conf, null, null);
            yarnRunner.getDelegationTokenFromHS(hsProxy);
            verify(hsProxy).getDelegationToken(any(GetDelegationTokenRequest.class));
            return null;
        }
    });
}
Also used : GetDelegationTokenResponse(org.apache.hadoop.mapreduce.v2.api.protocolrecords.GetDelegationTokenResponse) Token(org.apache.hadoop.security.token.Token) IOException(java.io.IOException) MRClientProtocol(org.apache.hadoop.mapreduce.v2.api.MRClientProtocol) GetDelegationTokenRequest(org.apache.hadoop.mapreduce.v2.api.protocolrecords.GetDelegationTokenRequest) InvocationOnMock(org.mockito.invocation.InvocationOnMock) Test(org.junit.Test)

Aggregations

MRClientProtocol (org.apache.hadoop.mapreduce.v2.api.MRClientProtocol)2 GetDelegationTokenRequest (org.apache.hadoop.mapreduce.v2.api.protocolrecords.GetDelegationTokenRequest)2 GetDelegationTokenResponse (org.apache.hadoop.mapreduce.v2.api.protocolrecords.GetDelegationTokenResponse)2 Token (org.apache.hadoop.security.token.Token)2 Test (org.junit.Test)2 IOException (java.io.IOException)1 InetSocketAddress (java.net.InetSocketAddress)1 Configuration (org.apache.hadoop.conf.Configuration)1 Text (org.apache.hadoop.io.Text)1 Credentials (org.apache.hadoop.security.Credentials)1 YarnConfiguration (org.apache.hadoop.yarn.conf.YarnConfiguration)1 RMDelegationTokenIdentifier (org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)1 InvocationOnMock (org.mockito.invocation.InvocationOnMock)1