Examples with RMDelegationTokenIdentifier org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier used on opensource projects

Search in sources :

Example 1 with RMDelegationTokenIdentifier

use of org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier in project hadoop by apache.

the class TestTokenClientRMService method checkTokenRenewal.

private void checkTokenRenewal(UserGroupInformation owner, UserGroupInformation renewer) throws IOException, YarnException {
    RMDelegationTokenIdentifier tokenIdentifier = new RMDelegationTokenIdentifier(new Text(owner.getUserName()), new Text(renewer.getUserName()), null);
    Token<?> token = new Token<RMDelegationTokenIdentifier>(tokenIdentifier, dtsm);
    org.apache.hadoop.yarn.api.records.Token dToken = BuilderUtils.newDelegationToken(token.getIdentifier(), token.getKind().toString(), token.getPassword(), token.getService().toString());
    RenewDelegationTokenRequest request = Records.newRecord(RenewDelegationTokenRequest.class);
    request.setDelegationToken(dToken);
    RMContext rmContext = mock(RMContext.class);
    ClientRMService rmService = new ClientRMService(rmContext, null, null, null, null, dtsm);
    rmService.renewDelegationToken(request);
}
Also used : RenewDelegationTokenRequest(org.apache.hadoop.yarn.api.protocolrecords.RenewDelegationTokenRequest) Text(org.apache.hadoop.io.Text) Token(org.apache.hadoop.security.token.Token) RMDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)

Example 2 with RMDelegationTokenIdentifier

use of org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier in project hadoop by apache.

the class TestMemoryRMStateStore method testNotifyStoreOperationFailed.

@Test
public void testNotifyStoreOperationFailed() throws Exception {
    RMStateStore store = new MemoryRMStateStore() {

        @Override
        public synchronized void removeRMDelegationTokenState(RMDelegationTokenIdentifier rmDTIdentifier) throws Exception {
            throw new Exception("testNotifyStoreOperationFailed");
        }
    };
    Configuration conf = new Configuration();
    conf.setBoolean(YarnConfiguration.RM_HA_ENABLED, true);
    store.init(conf);
    ResourceManager mockRM = mock(ResourceManager.class);
    store.setResourceManager(mockRM);
    RMDelegationTokenIdentifier mockTokenId = mock(RMDelegationTokenIdentifier.class);
    store.removeRMDelegationToken(mockTokenId);
    assertTrue("RMStateStore should have been in fenced state", store.isFencedState());
    store = new MemoryRMStateStore() {

        @Override
        public synchronized void removeRMDelegationToken(RMDelegationTokenIdentifier rmDTIdentifier) {
            notifyStoreOperationFailed(new Exception("testNotifyStoreOperationFailed"));
        }
    };
    store.init(conf);
    store.setResourceManager(mockRM);
    store.removeRMDelegationToken(mockTokenId);
    assertTrue("RMStateStore should have been in fenced state", store.isFencedState());
}
Also used : YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration) Configuration(org.apache.hadoop.conf.Configuration) RMDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier) ResourceManager(org.apache.hadoop.yarn.server.resourcemanager.ResourceManager) Test(org.junit.Test)

Example 3 with RMDelegationTokenIdentifier

use of org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier in project hadoop by apache.

the class TestZKRMStateStore method testFencedState.

@Test
public void testFencedState() throws Exception {
    TestZKRMStateStoreTester zkTester = new TestZKRMStateStoreTester();
    RMStateStore store = zkTester.getRMStateStore();
    // Move state to FENCED from ACTIVE
    store.updateFencedState();
    assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
    long submitTime = System.currentTimeMillis();
    long startTime = submitTime + 1000;
    // Add a new app
    RMApp mockApp = mock(RMApp.class);
    ApplicationSubmissionContext context = new ApplicationSubmissionContextPBImpl();
    when(mockApp.getSubmitTime()).thenReturn(submitTime);
    when(mockApp.getStartTime()).thenReturn(startTime);
    when(mockApp.getApplicationSubmissionContext()).thenReturn(context);
    when(mockApp.getUser()).thenReturn("test");
    store.storeNewApplication(mockApp);
    assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
    // Add a new attempt
    ClientToAMTokenSecretManagerInRM clientToAMTokenMgr = new ClientToAMTokenSecretManagerInRM();
    ApplicationAttemptId attemptId = ApplicationAttemptId.fromString("appattempt_1234567894321_0001_000001");
    SecretKey clientTokenMasterKey = clientToAMTokenMgr.createMasterKey(attemptId);
    RMAppAttemptMetrics mockRmAppAttemptMetrics = mock(RMAppAttemptMetrics.class);
    Container container = new ContainerPBImpl();
    container.setId(ContainerId.fromString("container_1234567891234_0001_01_000001"));
    RMAppAttempt mockAttempt = mock(RMAppAttempt.class);
    when(mockAttempt.getAppAttemptId()).thenReturn(attemptId);
    when(mockAttempt.getMasterContainer()).thenReturn(container);
    when(mockAttempt.getClientTokenMasterKey()).thenReturn(clientTokenMasterKey);
    when(mockAttempt.getRMAppAttemptMetrics()).thenReturn(mockRmAppAttemptMetrics);
    when(mockRmAppAttemptMetrics.getAggregateAppResourceUsage()).thenReturn(new AggregateAppResourceUsage(0, 0));
    store.storeNewApplicationAttempt(mockAttempt);
    assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
    long finishTime = submitTime + 1000;
    // Update attempt
    ApplicationAttemptStateData newAttemptState = ApplicationAttemptStateData.newInstance(attemptId, container, store.getCredentialsFromAppAttempt(mockAttempt), startTime, RMAppAttemptState.FINISHED, "testUrl", "test", FinalApplicationStatus.SUCCEEDED, 100, finishTime, 0, 0, 0, 0);
    store.updateApplicationAttemptState(newAttemptState);
    assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
    // Update app
    ApplicationStateData appState = ApplicationStateData.newInstance(submitTime, startTime, context, "test");
    store.updateApplicationState(appState);
    assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
    // Remove app
    store.removeApplication(mockApp);
    assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
    // store RM delegation token;
    RMDelegationTokenIdentifier dtId1 = new RMDelegationTokenIdentifier(new Text("owner1"), new Text("renewer1"), new Text("realuser1"));
    Long renewDate1 = new Long(System.currentTimeMillis());
    dtId1.setSequenceNumber(1111);
    store.storeRMDelegationToken(dtId1, renewDate1);
    assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
    store.updateRMDelegationToken(dtId1, renewDate1);
    assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
    // remove delegation key;
    store.removeRMDelegationToken(dtId1);
    assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
    // store delegation master key;
    DelegationKey key = new DelegationKey(1234, 4321, "keyBytes".getBytes());
    store.storeRMDTMasterKey(key);
    assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
    // remove delegation master key;
    store.removeRMDTMasterKey(key);
    assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
    // store or update AMRMToken;
    store.storeOrUpdateAMRMTokenSecretManager(null, false);
    assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
    store.close();
}
Also used : RMApp(org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp) RMAppAttemptMetrics(org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.RMAppAttemptMetrics) ClientToAMTokenSecretManagerInRM(org.apache.hadoop.yarn.server.resourcemanager.security.ClientToAMTokenSecretManagerInRM) RMAppAttempt(org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.RMAppAttempt) ContainerPBImpl(org.apache.hadoop.yarn.api.records.impl.pb.ContainerPBImpl) Text(org.apache.hadoop.io.Text) ApplicationAttemptId(org.apache.hadoop.yarn.api.records.ApplicationAttemptId) ApplicationStateData(org.apache.hadoop.yarn.server.resourcemanager.recovery.records.ApplicationStateData) RMDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier) SecretKey(javax.crypto.SecretKey) Container(org.apache.hadoop.yarn.api.records.Container) ApplicationSubmissionContextPBImpl(org.apache.hadoop.yarn.api.records.impl.pb.ApplicationSubmissionContextPBImpl) DelegationKey(org.apache.hadoop.security.token.delegation.DelegationKey) ApplicationSubmissionContext(org.apache.hadoop.yarn.api.records.ApplicationSubmissionContext) ApplicationAttemptStateData(org.apache.hadoop.yarn.server.resourcemanager.recovery.records.ApplicationAttemptStateData) AggregateAppResourceUsage(org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.AggregateAppResourceUsage) Test(org.junit.Test)

Example 4 with RMDelegationTokenIdentifier

use of org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier in project hadoop by apache.

the class LeveldbRMStateStore method loadRMDTSecretManagerTokens.

private int loadRMDTSecretManagerTokens(RMState state) throws IOException {
    int numTokens = 0;
    LeveldbIterator iter = null;
    try {
        iter = new LeveldbIterator(db);
        iter.seek(bytes(RM_DT_TOKEN_KEY_PREFIX));
        while (iter.hasNext()) {
            Entry<byte[], byte[]> entry = iter.next();
            String key = asString(entry.getKey());
            if (!key.startsWith(RM_DT_TOKEN_KEY_PREFIX)) {
                break;
            }
            RMDelegationTokenIdentifierData tokenData = loadDelegationToken(entry.getValue());
            RMDelegationTokenIdentifier tokenId = tokenData.getTokenIdentifier();
            long renewDate = tokenData.getRenewDate();
            state.rmSecretManagerState.delegationTokenState.put(tokenId, renewDate);
            ++numTokens;
            if (LOG.isDebugEnabled()) {
                LOG.debug("Loaded RM delegation token from " + key + ": tokenId=" + tokenId + ", renewDate=" + renewDate);
            }
        }
    } catch (DBException e) {
        throw new IOException(e);
    } finally {
        if (iter != null) {
            iter.close();
        }
    }
    return numTokens;
}
Also used : DBException(org.iq80.leveldb.DBException) RMDelegationTokenIdentifierData(org.apache.hadoop.yarn.server.resourcemanager.recovery.records.RMDelegationTokenIdentifierData) LeveldbIterator(org.apache.hadoop.yarn.server.utils.LeveldbIterator) JniDBFactory.asString(org.fusesource.leveldbjni.JniDBFactory.asString) RMDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier) IOException(java.io.IOException)

Example 5 with RMDelegationTokenIdentifier

use of org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier in project hadoop by apache.

the class TestClientRMTokens method checkShortCircuitRenewCancel.

@SuppressWarnings("unchecked")
private void checkShortCircuitRenewCancel(InetSocketAddress rmAddr, InetSocketAddress serviceAddr, boolean shouldShortCircuit) throws IOException, InterruptedException {
    Configuration conf = new Configuration();
    conf.setClass(YarnConfiguration.IPC_RPC_IMPL, YarnBadRPC.class, YarnRPC.class);
    RMDelegationTokenSecretManager secretManager = mock(RMDelegationTokenSecretManager.class);
    RMDelegationTokenIdentifier.Renewer.setSecretManager(secretManager, rmAddr);
    RMDelegationTokenIdentifier ident = new RMDelegationTokenIdentifier(new Text("owner"), new Text("renewer"), null);
    Token<RMDelegationTokenIdentifier> token = new Token<RMDelegationTokenIdentifier>(ident, secretManager);
    SecurityUtil.setTokenService(token, serviceAddr);
    if (shouldShortCircuit) {
        token.renew(conf);
        verify(secretManager).renewToken(eq(token), eq("renewer"));
        reset(secretManager);
        token.cancel(conf);
        verify(secretManager).cancelToken(eq(token), eq("renewer"));
    } else {
        try {
            token.renew(conf);
            fail();
        } catch (RuntimeException e) {
            assertEquals("getProxy", e.getMessage());
        }
        verify(secretManager, never()).renewToken(any(Token.class), anyString());
        try {
            token.cancel(conf);
            fail();
        } catch (RuntimeException e) {
            assertEquals("getProxy", e.getMessage());
        }
        verify(secretManager, never()).cancelToken(any(Token.class), anyString());
    }
}
Also used : Configuration(org.apache.hadoop.conf.Configuration) YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration) RMDelegationTokenSecretManager(org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager) Text(org.apache.hadoop.io.Text) InvalidToken(org.apache.hadoop.security.token.SecretManager.InvalidToken) Token(org.apache.hadoop.security.token.Token) RMDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)

Aggregations

RMDelegationTokenIdentifier (org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)30 Token (org.apache.hadoop.security.token.Token)15 Text (org.apache.hadoop.io.Text)13 IOException (java.io.IOException)12 Test (org.junit.Test)11 InvalidToken (org.apache.hadoop.security.token.SecretManager.InvalidToken)8 DelegationKey (org.apache.hadoop.security.token.delegation.DelegationKey)6 YarnConfiguration (org.apache.hadoop.yarn.conf.YarnConfiguration)6 Configuration (org.apache.hadoop.conf.Configuration)5 Credentials (org.apache.hadoop.security.Credentials)5 GetDelegationTokenResponse (org.apache.hadoop.yarn.api.protocolrecords.GetDelegationTokenResponse)5 DelegationToken (org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.DelegationToken)5 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)4 GetDelegationTokenRequest (org.apache.hadoop.yarn.api.protocolrecords.GetDelegationTokenRequest)4 YarnException (org.apache.hadoop.yarn.exceptions.YarnException)4 RMApp (org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)4 ByteArrayInputStream (java.io.ByteArrayInputStream)3 DataInputStream (java.io.DataInputStream)3 UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)3 AccessControlException (java.security.AccessControlException)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial