Example 1 with DelegationKey
use of org.apache.hadoop.security.token.delegation.DelegationKey in project hadoop by apache.
the class DelegationTokenSecretManager method loadSecretManagerState.
public synchronized void loadSecretManagerState(SecretManagerState state) throws IOException {
Preconditions.checkState(!running, "Can't load state from image in a running SecretManager.");
currentId = state.section.getCurrentId();
delegationTokenSequenceNumber = state.section.getTokenSequenceNumber();
for (SecretManagerSection.DelegationKey k : state.keys) {
addKey(new DelegationKey(k.getId(), k.getExpiryDate(), k.hasKey() ? k.getKey().toByteArray() : null));
}
for (SecretManagerSection.PersistToken t : state.tokens) {
DelegationTokenIdentifier id = new DelegationTokenIdentifier(new Text(t.getOwner()), new Text(t.getRenewer()), new Text(t.getRealUser()));
id.setIssueDate(t.getIssueDate());
id.setMaxDate(t.getMaxDate());
id.setSequenceNumber(t.getSequenceNumber());
id.setMasterKeyId(t.getMasterKeyId());
addPersistedDelegationToken(id, t.getExpiryDate());
}
}
Also used :
SecretManagerSection(org.apache.hadoop.hdfs.server.namenode.FsImageProto.SecretManagerSection)
DelegationKey(org.apache.hadoop.security.token.delegation.DelegationKey)
Text(org.apache.hadoop.io.Text)
Example 2 with DelegationKey
use of org.apache.hadoop.security.token.delegation.DelegationKey in project hadoop by apache.
the class DelegationTokenSecretManager method addPersistedDelegationToken.
/**
* This method is intended to be used only while reading edit logs.
*
* @param identifier DelegationTokenIdentifier read from the edit logs or
* fsimage
*
* @param expiryTime token expiry time
* @throws IOException
*/
public synchronized void addPersistedDelegationToken(DelegationTokenIdentifier identifier, long expiryTime) throws IOException {
if (running) {
// a safety check
throw new IOException("Can't add persisted delegation token to a running SecretManager.");
}
int keyId = identifier.getMasterKeyId();
DelegationKey dKey = allKeys.get(keyId);
if (dKey == null) {
LOG.warn("No KEY found for persisted identifier " + identifier.toString());
return;
}
byte[] password = createPassword(identifier.getBytes(), dKey.getKey());
if (identifier.getSequenceNumber() > this.delegationTokenSequenceNumber) {
this.delegationTokenSequenceNumber = identifier.getSequenceNumber();
}
if (currentTokens.get(identifier) == null) {
currentTokens.put(identifier, new DelegationTokenInformation(expiryTime, password, getTrackingIdIfEnabled(identifier)));
} else {
throw new IOException("Same delegation token being added twice; invalid entry in fsimage or editlogs");
}
}
Also used :
DelegationKey(org.apache.hadoop.security.token.delegation.DelegationKey)
InterruptedIOException(java.io.InterruptedIOException)
IOException(java.io.IOException)
Example 3 with DelegationKey
use of org.apache.hadoop.security.token.delegation.DelegationKey in project hadoop by apache.
the class ImageLoaderCurrent method processDelegationTokens.
/**
* Process the Delegation Token related section in fsimage.
*
* @param in DataInputStream to process
* @param v Visitor to walk over records
*/
private void processDelegationTokens(DataInputStream in, ImageVisitor v) throws IOException {
v.visit(ImageElement.CURRENT_DELEGATION_KEY_ID, in.readInt());
int numDKeys = in.readInt();
v.visitEnclosingElement(ImageElement.DELEGATION_KEYS, ImageElement.NUM_DELEGATION_KEYS, numDKeys);
for (int i = 0; i < numDKeys; i++) {
DelegationKey key = new DelegationKey();
key.readFields(in);
v.visit(ImageElement.DELEGATION_KEY, key.toString());
}
v.leaveEnclosingElement();
v.visit(ImageElement.DELEGATION_TOKEN_SEQUENCE_NUMBER, in.readInt());
int numDTokens = in.readInt();
v.visitEnclosingElement(ImageElement.DELEGATION_TOKENS, ImageElement.NUM_DELEGATION_TOKENS, numDTokens);
for (int i = 0; i < numDTokens; i++) {
DelegationTokenIdentifier id = new DelegationTokenIdentifier();
id.readFields(in);
long expiryTime = in.readLong();
v.visitEnclosingElement(ImageElement.DELEGATION_TOKEN_IDENTIFIER);
v.visit(ImageElement.DELEGATION_TOKEN_IDENTIFIER_KIND, id.getKind().toString());
v.visit(ImageElement.DELEGATION_TOKEN_IDENTIFIER_SEQNO, id.getSequenceNumber());
v.visit(ImageElement.DELEGATION_TOKEN_IDENTIFIER_OWNER, id.getOwner().toString());
v.visit(ImageElement.DELEGATION_TOKEN_IDENTIFIER_RENEWER, id.getRenewer().toString());
v.visit(ImageElement.DELEGATION_TOKEN_IDENTIFIER_REALUSER, id.getRealUser().toString());
v.visit(ImageElement.DELEGATION_TOKEN_IDENTIFIER_ISSUE_DATE, id.getIssueDate());
v.visit(ImageElement.DELEGATION_TOKEN_IDENTIFIER_MAX_DATE, id.getMaxDate());
v.visit(ImageElement.DELEGATION_TOKEN_IDENTIFIER_EXPIRY_TIME, expiryTime);
v.visit(ImageElement.DELEGATION_TOKEN_IDENTIFIER_MASTER_KEY_ID, id.getMasterKeyId());
// DELEGATION_TOKEN_IDENTIFIER
v.leaveEnclosingElement();
}
// DELEGATION_TOKENS
v.leaveEnclosingElement();
}
Also used :
DelegationKey(org.apache.hadoop.security.token.delegation.DelegationKey)
DelegationTokenIdentifier(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier)
Example 4 with DelegationKey
use of org.apache.hadoop.security.token.delegation.DelegationKey in project hadoop by apache.
the class LeveldbTimelineStateStore method loadTokenMasterKeyData.
private static void loadTokenMasterKeyData(TimelineServiceState state, byte[] keyData) throws IOException {
DelegationKey key = new DelegationKey();
DataInputStream in = new DataInputStream(new ByteArrayInputStream(keyData));
try {
key.readFields(in);
} finally {
IOUtils.cleanup(LOG, in);
}
state.tokenMasterKeyState.add(key);
}
Also used :
DelegationKey(org.apache.hadoop.security.token.delegation.DelegationKey)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DataInputStream(java.io.DataInputStream)
Example 5 with DelegationKey
use of org.apache.hadoop.security.token.delegation.DelegationKey in project hadoop by apache.
the class LeveldbRMStateStore method loadRMDTSecretManagerKeys.
private int loadRMDTSecretManagerKeys(RMState state) throws IOException {
int numKeys = 0;
LeveldbIterator iter = null;
try {
iter = new LeveldbIterator(db);
iter.seek(bytes(RM_DT_MASTER_KEY_KEY_PREFIX));
while (iter.hasNext()) {
Entry<byte[], byte[]> entry = iter.next();
String key = asString(entry.getKey());
if (!key.startsWith(RM_DT_MASTER_KEY_KEY_PREFIX)) {
break;
}
DelegationKey masterKey = loadDelegationKey(entry.getValue());
state.rmSecretManagerState.masterKeyState.add(masterKey);
++numKeys;
if (LOG.isDebugEnabled()) {
LOG.debug("Loaded RM delegation key from " + key + ": keyId=" + masterKey.getKeyId() + ", expirationDate=" + masterKey.getExpiryDate());
}
}
} catch (DBException e) {
throw new IOException(e);
} finally {
if (iter != null) {
iter.close();
}
}
return numKeys;
}
Also used :
DBException(org.iq80.leveldb.DBException)
LeveldbIterator(org.apache.hadoop.yarn.server.utils.LeveldbIterator)
DelegationKey(org.apache.hadoop.security.token.delegation.DelegationKey)
JniDBFactory.asString(org.fusesource.leveldbjni.JniDBFactory.asString)
IOException(java.io.IOException)
Aggregations
DelegationKey (org.apache.hadoop.security.token.delegation.DelegationKey)30
IOException (java.io.IOException)8
Test (org.junit.Test)8
ByteArrayInputStream (java.io.ByteArrayInputStream)7
DataInputStream (java.io.DataInputStream)7
Text (org.apache.hadoop.io.Text)7
RMDelegationTokenIdentifier (org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)6
HashMap (java.util.HashMap)3
HashSet (java.util.HashSet)3
MRDelegationTokenIdentifier (org.apache.hadoop.mapreduce.v2.api.MRDelegationTokenIdentifier)3
MemoryRMStateStore (org.apache.hadoop.yarn.server.resourcemanager.recovery.MemoryRMStateStore)3
RMState (org.apache.hadoop.yarn.server.resourcemanager.recovery.RMStateStore.RMState)3
Configuration (org.apache.hadoop.conf.Configuration)2
FSDataInputStream (org.apache.hadoop.fs.FSDataInputStream)2
SecretManagerSection (org.apache.hadoop.hdfs.server.namenode.FsImageProto.SecretManagerSection)2
HistoryServerState (org.apache.hadoop.mapreduce.v2.hs.HistoryServerStateStoreService.HistoryServerState)2
Token (org.apache.hadoop.security.token.Token)2
GetDelegationTokenRequest (org.apache.hadoop.yarn.api.protocolrecords.GetDelegationTokenRequest)2
GetDelegationTokenResponse (org.apache.hadoop.yarn.api.protocolrecords.GetDelegationTokenResponse)2
MockRM (org.apache.hadoop.yarn.server.resourcemanager.MockRM)2
