Example 1 with HadoopSecurityContext
use of org.apache.flink.runtime.security.contexts.HadoopSecurityContext in project flink by apache.
the class YARNSessionFIFOSecuredITCase method setup.
@BeforeClass
public static void setup() {
LOG.info("starting secure cluster environment for testing");
YARN_CONFIGURATION.setClass(YarnConfiguration.RM_SCHEDULER, FifoScheduler.class, ResourceScheduler.class);
YARN_CONFIGURATION.setInt(YarnConfiguration.NM_PMEM_MB, 768);
YARN_CONFIGURATION.setInt(YarnConfiguration.RM_SCHEDULER_MINIMUM_ALLOCATION_MB, 512);
YARN_CONFIGURATION.set(YarnTestBase.TEST_CLUSTER_NAME_KEY, "flink-yarn-tests-fifo-secured");
SecureTestEnvironment.prepare(tmp);
populateYarnSecureConfigurations(YARN_CONFIGURATION, SecureTestEnvironment.getHadoopServicePrincipal(), SecureTestEnvironment.getTestKeytab());
Configuration flinkConfig = new Configuration();
flinkConfig.setString(SecurityOptions.KERBEROS_LOGIN_KEYTAB, SecureTestEnvironment.getTestKeytab());
flinkConfig.setString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL, SecureTestEnvironment.getHadoopServicePrincipal());
// Setting customized security module class.
TestHadoopModuleFactory.hadoopConfiguration = YARN_CONFIGURATION;
flinkConfig.set(SecurityOptions.SECURITY_MODULE_FACTORY_CLASSES, Collections.singletonList("org.apache.flink.yarn.util.TestHadoopModuleFactory"));
flinkConfig.set(SecurityOptions.SECURITY_CONTEXT_FACTORY_CLASSES, Collections.singletonList("org.apache.flink.yarn.util.TestHadoopSecurityContextFactory"));
SecurityConfiguration securityConfig = new SecurityConfiguration(flinkConfig);
try {
TestingSecurityContext.install(securityConfig, SecureTestEnvironment.getClientSecurityConfigurationMap());
// This is needed to ensure that SecurityUtils are run within a ugi.doAs section
// Since we already logged in here in @BeforeClass, even a no-op security context will
// still work.
Assert.assertTrue("HadoopSecurityContext must be installed", SecurityUtils.getInstalledContext() instanceof HadoopSecurityContext);
SecurityUtils.getInstalledContext().runSecured(new Callable<Object>() {
@Override
public Integer call() {
startYARNSecureMode(YARN_CONFIGURATION, SecureTestEnvironment.getHadoopServicePrincipal(), SecureTestEnvironment.getTestKeytab());
return null;
}
});
} catch (Exception e) {
throw new RuntimeException("Exception occurred while setting up secure test context. Reason: {}", e);
}
}
Also used :
YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration)
Configuration(org.apache.flink.configuration.Configuration)
SecurityConfiguration(org.apache.flink.runtime.security.SecurityConfiguration)
SecurityConfiguration(org.apache.flink.runtime.security.SecurityConfiguration)
HadoopSecurityContext(org.apache.flink.runtime.security.contexts.HadoopSecurityContext)
BeforeClass(org.junit.BeforeClass)
Aggregations
Configuration (org.apache.flink.configuration.Configuration)1
SecurityConfiguration (org.apache.flink.runtime.security.SecurityConfiguration)1
HadoopSecurityContext (org.apache.flink.runtime.security.contexts.HadoopSecurityContext)1
YarnConfiguration (org.apache.hadoop.yarn.conf.YarnConfiguration)1
BeforeClass (org.junit.BeforeClass)1
