Examples with AMRMTokenIdentifier org.apache.hadoop.yarn.security.AMRMTokenIdentifier used on opensource projects

Example 46 with AMRMTokenIdentifier

use of org.apache.hadoop.yarn.security.AMRMTokenIdentifier in project hadoop by apache.

the class DefaultRequestInterceptor method updateAMRMToken.

private void updateAMRMToken(Token token) throws IOException {
    org.apache.hadoop.security.token.Token<AMRMTokenIdentifier> amrmToken = new org.apache.hadoop.security.token.Token<AMRMTokenIdentifier>(token.getIdentifier().array(), token.getPassword().array(), new Text(token.getKind()), new Text(token.getService()));
    // Preserve the token service sent by the RM when adding the token
    // to ensure we replace the previous token setup by the RM.
    // Afterwards we can update the service address for the RPC layer.
    user.addToken(amrmToken);
    amrmToken.setService(ClientRMProxy.getAMRMTokenService(getConf()));
}

Example 47 with AMRMTokenIdentifier

use of org.apache.hadoop.yarn.security.AMRMTokenIdentifier in project hadoop by apache.

the class MockResourceManagerFacade method getAppIdentifier.

private static String getAppIdentifier() throws IOException {
    AMRMTokenIdentifier result = null;
    UserGroupInformation remoteUgi = UserGroupInformation.getCurrentUser();
    Set<TokenIdentifier> tokenIds = remoteUgi.getTokenIdentifiers();
    for (TokenIdentifier tokenId : tokenIds) {
        if (tokenId instanceof AMRMTokenIdentifier) {
            result = (AMRMTokenIdentifier) tokenId;
            break;
        }
    }
    return result != null ? result.getApplicationAttemptId().toString() : "";
}

Example 48 with AMRMTokenIdentifier

use of org.apache.hadoop.yarn.security.AMRMTokenIdentifier in project hadoop by apache.

the class ApplicationMasterService method allocate.

@Override
public AllocateResponse allocate(AllocateRequest request) throws YarnException, IOException {
    AMRMTokenIdentifier amrmTokenIdentifier = YarnServerSecurityUtils.authorizeRequest();
    ApplicationAttemptId appAttemptId = amrmTokenIdentifier.getApplicationAttemptId();
    this.amLivelinessMonitor.receivedPing(appAttemptId);
    /* check if its in cache */
    AllocateResponseLock lock = responseMap.get(appAttemptId);
    if (lock == null) {
        String message = "Application attempt " + appAttemptId + " doesn't exist in ApplicationMasterService cache.";
        LOG.error(message);
        throw new ApplicationAttemptNotFoundException(message);
    }
    synchronized (lock) {
        AllocateResponse lastResponse = lock.getAllocateResponse();
        if (!hasApplicationMasterRegistered(appAttemptId)) {
            String message = "AM is not registered for known application attempt: " + appAttemptId + " or RM had restarted after AM registered. " + " AM should re-register.";
            throw new ApplicationMasterNotRegisteredException(message);
        }
        if ((request.getResponseId() + 1) == lastResponse.getResponseId()) {
            /* old heartbeat */
            return lastResponse;
        } else if (request.getResponseId() + 1 < lastResponse.getResponseId()) {
            String message = "Invalid responseId in AllocateRequest from application attempt: " + appAttemptId + ", expect responseId to be " + (lastResponse.getResponseId() + 1);
            throw new InvalidApplicationMasterRequestException(message);
        }
        AllocateResponse response = recordFactory.newRecordInstance(AllocateResponse.class);
        allocateInternal(amrmTokenIdentifier.getApplicationAttemptId(), request, response);
        // update AMRMToken if the token is rolled-up
        MasterKeyData nextMasterKey = this.rmContext.getAMRMTokenSecretManager().getNextMasterKeyData();
        if (nextMasterKey != null && nextMasterKey.getMasterKey().getKeyId() != amrmTokenIdentifier.getKeyId()) {
            RMApp app = this.rmContext.getRMApps().get(appAttemptId.getApplicationId());
            RMAppAttempt appAttempt = app.getRMAppAttempt(appAttemptId);
            RMAppAttemptImpl appAttemptImpl = (RMAppAttemptImpl) appAttempt;
            Token<AMRMTokenIdentifier> amrmToken = appAttempt.getAMRMToken();
            if (nextMasterKey.getMasterKey().getKeyId() != appAttemptImpl.getAMRMTokenKeyId()) {
                LOG.info("The AMRMToken has been rolled-over. Send new AMRMToken back" + " to application: " + appAttemptId.getApplicationId());
                amrmToken = rmContext.getAMRMTokenSecretManager().createAndGetAMRMToken(appAttemptId);
                appAttemptImpl.setAMRMToken(amrmToken);
            }
            response.setAMRMToken(org.apache.hadoop.yarn.api.records.Token.newInstance(amrmToken.getIdentifier(), amrmToken.getKind().toString(), amrmToken.getPassword(), amrmToken.getService().toString()));
        }
        /*
       * As we are updating the response inside the lock object so we don't
       * need to worry about unregister call occurring in between (which
       * removes the lock object).
       */
        response.setResponseId(lastResponse.getResponseId() + 1);
        lock.setAllocateResponse(response);
        return response;
    }
}