Example 1 with HadoopModule
use of org.apache.flink.runtime.security.modules.HadoopModule in project flink by apache.
the class YarnTaskExecutorRunnerTest method testPreInstallKerberosKeytabConfiguration.
@Test
public void testPreInstallKerberosKeytabConfiguration() throws Exception {
final String resourceDirPath = Paths.get("src", "test", "resources").toAbsolutePath().toString();
final Map<String, String> envs = new HashMap<>(2);
envs.put(YarnConfigKeys.KEYTAB_PRINCIPAL, "testuser1@domain");
// Try directly resolving local path when no remote keytab path is provided.
envs.put(YarnConfigKeys.LOCAL_KEYTAB_PATH, "src/test/resources/krb5.keytab");
Configuration configuration = new Configuration();
YarnTaskExecutorRunner.setupAndModifyConfiguration(configuration, resourceDirPath, envs);
// the SecurityContext is installed on TaskManager startup
SecurityUtils.install(new SecurityConfiguration(configuration));
final List<SecurityModule> modules = SecurityUtils.getInstalledModules();
Optional<SecurityModule> moduleOpt = modules.stream().filter(module -> module instanceof HadoopModule).findFirst();
if (moduleOpt.isPresent()) {
HadoopModule hadoopModule = (HadoopModule) moduleOpt.get();
assertThat(hadoopModule.getSecurityConfig().getPrincipal(), is("testuser1@domain"));
// Using containString verification as the absolute path varies depending on runtime
// environment
assertThat(hadoopModule.getSecurityConfig().getKeytab(), containsString("src/test/resources/krb5.keytab"));
} else {
fail("Can not find HadoopModule!");
}
assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_KEYTAB), containsString("src/test/resources/krb5.keytab"));
assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL), is("testuser1@domain"));
}
Also used :
SecurityOptions(org.apache.flink.configuration.SecurityOptions)
SecurityModule(org.apache.flink.runtime.security.modules.SecurityModule)
Configuration(org.apache.flink.configuration.Configuration)
Test(org.junit.Test)
HashMap(java.util.HashMap)
SecurityConfiguration(org.apache.flink.runtime.security.SecurityConfiguration)
File(java.io.File)
YarnConfigOptions(org.apache.flink.yarn.configuration.YarnConfigOptions)
HadoopModule(org.apache.flink.runtime.security.modules.HadoopModule)
Assert.assertThat(org.junit.Assert.assertThat)
List(java.util.List)
Paths(java.nio.file.Paths)
Map(java.util.Map)
SecurityUtils(org.apache.flink.runtime.security.SecurityUtils)
TestLogger(org.apache.flink.util.TestLogger)
Optional(java.util.Optional)
Matchers.is(org.hamcrest.Matchers.is)
Assert.fail(org.junit.Assert.fail)
Matchers.containsString(org.hamcrest.Matchers.containsString)
Configuration(org.apache.flink.configuration.Configuration)
SecurityConfiguration(org.apache.flink.runtime.security.SecurityConfiguration)
HashMap(java.util.HashMap)
HadoopModule(org.apache.flink.runtime.security.modules.HadoopModule)
Matchers.containsString(org.hamcrest.Matchers.containsString)
SecurityConfiguration(org.apache.flink.runtime.security.SecurityConfiguration)
SecurityModule(org.apache.flink.runtime.security.modules.SecurityModule)
Test(org.junit.Test)
Example 2 with HadoopModule
use of org.apache.flink.runtime.security.modules.HadoopModule in project flink by apache.
the class YarnTaskExecutorRunnerTest method testDefaultKerberosKeytabConfiguration.
@Test
public void testDefaultKerberosKeytabConfiguration() throws Exception {
final String resourceDirPath = Paths.get("src", "test", "resources").toAbsolutePath().toString();
final Map<String, String> envs = new HashMap<>(2);
envs.put(YarnConfigKeys.KEYTAB_PRINCIPAL, "testuser1@domain");
envs.put(YarnConfigKeys.REMOTE_KEYTAB_PATH, resourceDirPath);
// Local keytab path will be populated from default YarnConfigOptions.LOCALIZED_KEYTAB_PATH
envs.put(YarnConfigKeys.LOCAL_KEYTAB_PATH, YarnConfigOptions.LOCALIZED_KEYTAB_PATH.defaultValue());
Configuration configuration = new Configuration();
YarnTaskExecutorRunner.setupAndModifyConfiguration(configuration, resourceDirPath, envs);
// the SecurityContext is installed on TaskManager startup
SecurityUtils.install(new SecurityConfiguration(configuration));
final List<SecurityModule> modules = SecurityUtils.getInstalledModules();
Optional<SecurityModule> moduleOpt = modules.stream().filter(module -> module instanceof HadoopModule).findFirst();
if (moduleOpt.isPresent()) {
HadoopModule hadoopModule = (HadoopModule) moduleOpt.get();
assertThat(hadoopModule.getSecurityConfig().getPrincipal(), is("testuser1@domain"));
assertThat(hadoopModule.getSecurityConfig().getKeytab(), is(new File(resourceDirPath, YarnConfigOptions.LOCALIZED_KEYTAB_PATH.defaultValue()).getAbsolutePath()));
} else {
fail("Can not find HadoopModule!");
}
assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_KEYTAB), is(new File(resourceDirPath, YarnConfigOptions.LOCALIZED_KEYTAB_PATH.defaultValue()).getAbsolutePath()));
assertThat(configuration.getString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL), is("testuser1@domain"));
}
Also used :
SecurityOptions(org.apache.flink.configuration.SecurityOptions)
SecurityModule(org.apache.flink.runtime.security.modules.SecurityModule)
Configuration(org.apache.flink.configuration.Configuration)
Test(org.junit.Test)
HashMap(java.util.HashMap)
SecurityConfiguration(org.apache.flink.runtime.security.SecurityConfiguration)
File(java.io.File)
YarnConfigOptions(org.apache.flink.yarn.configuration.YarnConfigOptions)
HadoopModule(org.apache.flink.runtime.security.modules.HadoopModule)
Assert.assertThat(org.junit.Assert.assertThat)
List(java.util.List)
Paths(java.nio.file.Paths)
Map(java.util.Map)
SecurityUtils(org.apache.flink.runtime.security.SecurityUtils)
TestLogger(org.apache.flink.util.TestLogger)
Optional(java.util.Optional)
Matchers.is(org.hamcrest.Matchers.is)
Assert.fail(org.junit.Assert.fail)
Matchers.containsString(org.hamcrest.Matchers.containsString)
Configuration(org.apache.flink.configuration.Configuration)
SecurityConfiguration(org.apache.flink.runtime.security.SecurityConfiguration)
HashMap(java.util.HashMap)
HadoopModule(org.apache.flink.runtime.security.modules.HadoopModule)
Matchers.containsString(org.hamcrest.Matchers.containsString)
SecurityConfiguration(org.apache.flink.runtime.security.SecurityConfiguration)
File(java.io.File)
SecurityModule(org.apache.flink.runtime.security.modules.SecurityModule)
Test(org.junit.Test)
Aggregations
File (java.io.File)2
Paths (java.nio.file.Paths)2
HashMap (java.util.HashMap)2
List (java.util.List)2
Map (java.util.Map)2
Optional (java.util.Optional)2
Configuration (org.apache.flink.configuration.Configuration)2
SecurityOptions (org.apache.flink.configuration.SecurityOptions)2
SecurityConfiguration (org.apache.flink.runtime.security.SecurityConfiguration)2
SecurityUtils (org.apache.flink.runtime.security.SecurityUtils)2
HadoopModule (org.apache.flink.runtime.security.modules.HadoopModule)2
SecurityModule (org.apache.flink.runtime.security.modules.SecurityModule)2
TestLogger (org.apache.flink.util.TestLogger)2
YarnConfigOptions (org.apache.flink.yarn.configuration.YarnConfigOptions)2
Matchers.containsString (org.hamcrest.Matchers.containsString)2
Matchers.is (org.hamcrest.Matchers.is)2
Assert.assertThat (org.junit.Assert.assertThat)2
Assert.fail (org.junit.Assert.fail)2
Test (org.junit.Test)2
