Example 26 with TokenIdentifier
use of org.apache.hadoop.security.token.TokenIdentifier in project hadoop by apache.
the class ContainerManagerImpl method selectNMTokenIdentifier.
// Obtain the needed ContainerTokenIdentifier from the remote-UGI. RPC layer
// currently sets only the required id, but iterate through anyways just to
// be sure.
@Private
@VisibleForTesting
protected NMTokenIdentifier selectNMTokenIdentifier(UserGroupInformation remoteUgi) {
Set<TokenIdentifier> tokenIdentifiers = remoteUgi.getTokenIdentifiers();
NMTokenIdentifier resultId = null;
for (TokenIdentifier id : tokenIdentifiers) {
if (id instanceof NMTokenIdentifier) {
resultId = (NMTokenIdentifier) id;
break;
}
}
return resultId;
}
Also used :
NMTokenIdentifier(org.apache.hadoop.yarn.security.NMTokenIdentifier)
TokenIdentifier(org.apache.hadoop.security.token.TokenIdentifier)
ContainerTokenIdentifier(org.apache.hadoop.yarn.security.ContainerTokenIdentifier)
NMTokenIdentifier(org.apache.hadoop.yarn.security.NMTokenIdentifier)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
Private(org.apache.hadoop.classification.InterfaceAudience.Private)
Example 27 with TokenIdentifier
use of org.apache.hadoop.security.token.TokenIdentifier in project hadoop by apache.
the class MockResourceManagerFacade method getAppIdentifier.
private static String getAppIdentifier() throws IOException {
AMRMTokenIdentifier result = null;
UserGroupInformation remoteUgi = UserGroupInformation.getCurrentUser();
Set<TokenIdentifier> tokenIds = remoteUgi.getTokenIdentifiers();
for (TokenIdentifier tokenId : tokenIds) {
if (tokenId instanceof AMRMTokenIdentifier) {
result = (AMRMTokenIdentifier) tokenId;
break;
}
}
return result != null ? result.getApplicationAttemptId().toString() : "";
}
Also used :
AMRMTokenIdentifier(org.apache.hadoop.yarn.security.AMRMTokenIdentifier)
TokenIdentifier(org.apache.hadoop.security.token.TokenIdentifier)
AMRMTokenIdentifier(org.apache.hadoop.yarn.security.AMRMTokenIdentifier)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 28 with TokenIdentifier
use of org.apache.hadoop.security.token.TokenIdentifier in project hadoop by apache.
the class TestDelegationTokensWithHA method testHAUtilClonesDelegationTokens.
@Test(timeout = 300000)
public void testHAUtilClonesDelegationTokens() throws Exception {
final Token<DelegationTokenIdentifier> token = getDelegationToken(fs, "JobTracker");
UserGroupInformation ugi = UserGroupInformation.createRemoteUser("test");
URI haUri = new URI("hdfs://my-ha-uri/");
token.setService(HAUtilClient.buildTokenServiceForLogicalUri(haUri, HdfsConstants.HDFS_URI_SCHEME));
ugi.addToken(token);
Collection<InetSocketAddress> nnAddrs = new HashSet<InetSocketAddress>();
nnAddrs.add(new InetSocketAddress("localhost", nn0.getNameNodeAddress().getPort()));
nnAddrs.add(new InetSocketAddress("localhost", nn1.getNameNodeAddress().getPort()));
HAUtil.cloneDelegationTokenForLogicalUri(ugi, haUri, nnAddrs);
Collection<Token<? extends TokenIdentifier>> tokens = ugi.getTokens();
assertEquals(3, tokens.size());
LOG.info("Tokens:\n" + Joiner.on("\n").join(tokens));
DelegationTokenSelector dts = new DelegationTokenSelector();
// matches the one we received
for (InetSocketAddress addr : nnAddrs) {
Text ipcDtService = SecurityUtil.buildTokenService(addr);
Token<DelegationTokenIdentifier> token2 = dts.selectToken(ipcDtService, ugi.getTokens());
assertNotNull(token2);
assertArrayEquals(token.getIdentifier(), token2.getIdentifier());
assertArrayEquals(token.getPassword(), token2.getPassword());
}
// switch to host-based tokens, shouldn't match existing tokens
SecurityUtilTestHelper.setTokenServiceUseIp(false);
for (InetSocketAddress addr : nnAddrs) {
Text ipcDtService = SecurityUtil.buildTokenService(addr);
Token<DelegationTokenIdentifier> token2 = dts.selectToken(ipcDtService, ugi.getTokens());
assertNull(token2);
}
// reclone the tokens, and see if they match now
HAUtil.cloneDelegationTokenForLogicalUri(ugi, haUri, nnAddrs);
for (InetSocketAddress addr : nnAddrs) {
Text ipcDtService = SecurityUtil.buildTokenService(addr);
Token<DelegationTokenIdentifier> token2 = dts.selectToken(ipcDtService, ugi.getTokens());
assertNotNull(token2);
assertArrayEquals(token.getIdentifier(), token2.getIdentifier());
assertArrayEquals(token.getPassword(), token2.getPassword());
}
}
Also used :
TokenIdentifier(org.apache.hadoop.security.token.TokenIdentifier)
DelegationTokenIdentifier(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier)
DelegationTokenIdentifier(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier)
InetSocketAddress(java.net.InetSocketAddress)
Token(org.apache.hadoop.security.token.Token)
Text(org.apache.hadoop.io.Text)
URI(java.net.URI)
DelegationTokenSelector(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSelector)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
HashSet(java.util.HashSet)
Test(org.junit.Test)
Example 29 with TokenIdentifier
use of org.apache.hadoop.security.token.TokenIdentifier in project hadoop by apache.
the class TestUserGroupInformation method testTokenIdentifiers.
@Test(timeout = 30000)
public void testTokenIdentifiers() throws Exception {
UserGroupInformation ugi = UserGroupInformation.createUserForTesting("TheDoctor", new String[] { "TheTARDIS" });
TokenIdentifier t1 = mock(TokenIdentifier.class);
TokenIdentifier t2 = mock(TokenIdentifier.class);
ugi.addTokenIdentifier(t1);
ugi.addTokenIdentifier(t2);
Collection<TokenIdentifier> z = ugi.getTokenIdentifiers();
assertTrue(z.contains(t1));
assertTrue(z.contains(t2));
assertEquals(2, z.size());
// ensure that the token identifiers are passed through doAs
Collection<TokenIdentifier> otherSet = ugi.doAs(new PrivilegedExceptionAction<Collection<TokenIdentifier>>() {
@Override
public Collection<TokenIdentifier> run() throws IOException {
return UserGroupInformation.getCurrentUser().getTokenIdentifiers();
}
});
assertTrue(otherSet.contains(t1));
assertTrue(otherSet.contains(t2));
assertEquals(2, otherSet.size());
}
Also used :
TestTokenIdentifier(org.apache.hadoop.ipc.TestRpcBase.TestTokenIdentifier)
TokenIdentifier(org.apache.hadoop.security.token.TokenIdentifier)
Collection(java.util.Collection)
IOException(java.io.IOException)
Test(org.junit.Test)
Example 30 with TokenIdentifier
use of org.apache.hadoop.security.token.TokenIdentifier in project hadoop by apache.
the class TestFileSystemTokens method createFileSystemForServiceName.
public static MockFileSystem createFileSystemForServiceName(final Text service, final FileSystem... children) throws IOException {
final MockFileSystem fs = new MockFileSystem();
final MockFileSystem mockFs = fs.getRawFileSystem();
if (service != null) {
when(mockFs.getCanonicalServiceName()).thenReturn(service.toString());
when(mockFs.getDelegationToken(any(String.class))).thenAnswer(new Answer<Token<?>>() {
@Override
public Token<?> answer(InvocationOnMock invocation) throws Throwable {
Token<?> token = new Token<TokenIdentifier>();
token.setService(service);
return token;
}
});
}
when(mockFs.getChildFileSystems()).thenReturn(children);
return fs;
}
Also used :
TokenIdentifier(org.apache.hadoop.security.token.TokenIdentifier)
InvocationOnMock(org.mockito.invocation.InvocationOnMock)
Token(org.apache.hadoop.security.token.Token)
MockFileSystem(org.apache.hadoop.fs.FileSystemTestHelper.MockFileSystem)
Aggregations
TokenIdentifier (org.apache.hadoop.security.token.TokenIdentifier)35
Token (org.apache.hadoop.security.token.Token)25
Text (org.apache.hadoop.io.Text)16
Credentials (org.apache.hadoop.security.Credentials)13
Test (org.junit.Test)12
IOException (java.io.IOException)11
Configuration (org.apache.hadoop.conf.Configuration)7
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)6
URI (java.net.URI)5
ByteBuffer (java.nio.ByteBuffer)5
DataOutputBuffer (org.apache.hadoop.io.DataOutputBuffer)5
HashMap (java.util.HashMap)4
AMRMTokenIdentifier (org.apache.hadoop.yarn.security.AMRMTokenIdentifier)4
InetSocketAddress (java.net.InetSocketAddress)3
AuthenticationToken (org.apache.accumulo.core.client.security.tokens.AuthenticationToken)3
TestTokenIdentifier (org.apache.hadoop.ipc.TestRpcBase.TestTokenIdentifier)3
IAutoCredentials (org.apache.storm.security.auth.IAutoCredentials)3
File (java.io.File)2
ArrayList (java.util.ArrayList)2
Collection (java.util.Collection)2
