Example 26 with RMDelegationTokenIdentifier
use of org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier in project hadoop by apache.
the class ClientRMService method getDelegationToken.
@Override
public GetDelegationTokenResponse getDelegationToken(GetDelegationTokenRequest request) throws YarnException {
try {
// Verify that the connection is kerberos authenticated
if (!isAllowedDelegationTokenOp()) {
throw new IOException("Delegation Token can be issued only with kerberos authentication");
}
GetDelegationTokenResponse response = recordFactory.newRecordInstance(GetDelegationTokenResponse.class);
UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
Text owner = new Text(ugi.getUserName());
Text realUser = null;
if (ugi.getRealUser() != null) {
realUser = new Text(ugi.getRealUser().getUserName());
}
RMDelegationTokenIdentifier tokenIdentifier = new RMDelegationTokenIdentifier(owner, new Text(request.getRenewer()), realUser);
Token<RMDelegationTokenIdentifier> realRMDTtoken = new Token<RMDelegationTokenIdentifier>(tokenIdentifier, this.rmDTSecretManager);
response.setRMDelegationToken(BuilderUtils.newDelegationToken(realRMDTtoken.getIdentifier(), realRMDTtoken.getKind().toString(), realRMDTtoken.getPassword(), realRMDTtoken.getService().toString()));
return response;
} catch (IOException io) {
throw RPCUtil.getRemoteException(io);
}
}
Also used :
GetDelegationTokenResponse(org.apache.hadoop.yarn.api.protocolrecords.GetDelegationTokenResponse)
Text(org.apache.hadoop.io.Text)
Token(org.apache.hadoop.security.token.Token)
IOException(java.io.IOException)
RMDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 27 with RMDelegationTokenIdentifier
use of org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier in project hadoop by apache.
the class MemoryRMStateStore method storeOrUpdateRMDT.
private void storeOrUpdateRMDT(RMDelegationTokenIdentifier rmDTIdentifier, Long renewDate, boolean isUpdate) throws Exception {
Map<RMDelegationTokenIdentifier, Long> rmDTState = state.rmSecretManagerState.getTokenState();
if (rmDTState.containsKey(rmDTIdentifier)) {
IOException e = new IOException("RMDelegationToken: " + rmDTIdentifier + "is already stored.");
LOG.info("Error storing info for RMDelegationToken: " + rmDTIdentifier, e);
throw e;
}
rmDTState.put(rmDTIdentifier, renewDate);
if (!isUpdate) {
state.rmSecretManagerState.dtSequenceNumber = rmDTIdentifier.getSequenceNumber();
}
LOG.info("Store RMDT with sequence number " + rmDTIdentifier.getSequenceNumber());
}
Also used :
RMDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)
IOException(java.io.IOException)
Example 28 with RMDelegationTokenIdentifier
use of org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier in project hadoop by apache.
the class FileSystemRMStateStore method loadRMDTSecretManagerState.
private void loadRMDTSecretManagerState(RMState rmState) throws Exception {
checkAndResumeUpdateOperation(rmDTSecretManagerRoot);
FileStatus[] childNodes = listStatusWithRetries(rmDTSecretManagerRoot);
for (FileStatus childNodeStatus : childNodes) {
assert childNodeStatus.isFile();
String childNodeName = childNodeStatus.getPath().getName();
if (checkAndRemovePartialRecordWithRetries(childNodeStatus.getPath())) {
continue;
}
if (childNodeName.startsWith(DELEGATION_TOKEN_SEQUENCE_NUMBER_PREFIX)) {
rmState.rmSecretManagerState.dtSequenceNumber = Integer.parseInt(childNodeName.split("_")[1]);
continue;
}
Path childNodePath = getNodePath(rmDTSecretManagerRoot, childNodeName);
byte[] childData = readFileWithRetries(childNodePath, childNodeStatus.getLen());
ByteArrayInputStream is = new ByteArrayInputStream(childData);
try (DataInputStream fsIn = new DataInputStream(is)) {
if (childNodeName.startsWith(DELEGATION_KEY_PREFIX)) {
DelegationKey key = new DelegationKey();
key.readFields(fsIn);
rmState.rmSecretManagerState.masterKeyState.add(key);
if (LOG.isDebugEnabled()) {
LOG.debug("Loaded delegation key: keyId=" + key.getKeyId() + ", expirationDate=" + key.getExpiryDate());
}
} else if (childNodeName.startsWith(DELEGATION_TOKEN_PREFIX)) {
RMDelegationTokenIdentifierData identifierData = new RMDelegationTokenIdentifierData();
identifierData.readFields(fsIn);
RMDelegationTokenIdentifier identifier = identifierData.getTokenIdentifier();
long renewDate = identifierData.getRenewDate();
rmState.rmSecretManagerState.delegationTokenState.put(identifier, renewDate);
if (LOG.isDebugEnabled()) {
LOG.debug("Loaded RMDelegationTokenIdentifier: " + identifier + " renewDate=" + renewDate);
}
} else {
LOG.warn("Unknown file for recovering RMDelegationTokenSecretManager");
}
}
}
}
Also used :
Path(org.apache.hadoop.fs.Path)
RMDelegationTokenIdentifierData(org.apache.hadoop.yarn.server.resourcemanager.recovery.records.RMDelegationTokenIdentifierData)
FileStatus(org.apache.hadoop.fs.FileStatus)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DelegationKey(org.apache.hadoop.security.token.delegation.DelegationKey)
RMDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)
DataInputStream(java.io.DataInputStream)
FSDataInputStream(org.apache.hadoop.fs.FSDataInputStream)
Example 29 with RMDelegationTokenIdentifier
use of org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier in project hadoop by apache.
the class ZKRMStateStore method loadRMDelegationTokenState.
private void loadRMDelegationTokenState(RMState rmState) throws Exception {
List<String> childNodes = getChildren(delegationTokensRootPath);
for (String childNodeName : childNodes) {
String childNodePath = getNodePath(delegationTokensRootPath, childNodeName);
byte[] childData = getData(childNodePath);
if (childData == null) {
LOG.warn("Content of " + childNodePath + " is broken.");
continue;
}
ByteArrayInputStream is = new ByteArrayInputStream(childData);
try (DataInputStream fsIn = new DataInputStream(is)) {
if (childNodeName.startsWith(DELEGATION_TOKEN_PREFIX)) {
RMDelegationTokenIdentifierData identifierData = new RMDelegationTokenIdentifierData();
identifierData.readFields(fsIn);
RMDelegationTokenIdentifier identifier = identifierData.getTokenIdentifier();
long renewDate = identifierData.getRenewDate();
rmState.rmSecretManagerState.delegationTokenState.put(identifier, renewDate);
if (LOG.isDebugEnabled()) {
LOG.debug("Loaded RMDelegationTokenIdentifier: " + identifier + " renewDate=" + renewDate);
}
}
}
}
}
Also used :
RMDelegationTokenIdentifierData(org.apache.hadoop.yarn.server.resourcemanager.recovery.records.RMDelegationTokenIdentifierData)
ByteArrayInputStream(java.io.ByteArrayInputStream)
RMDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)
DataInputStream(java.io.DataInputStream)
Example 30 with RMDelegationTokenIdentifier
use of org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier in project hadoop by apache.
the class RMDelegationTokenIdentifierData method getTokenIdentifier.
public RMDelegationTokenIdentifier getTokenIdentifier() throws IOException {
ByteArrayInputStream in = new ByteArrayInputStream(builder.getTokenIdentifier().toByteArray());
RMDelegationTokenIdentifier identifer = new RMDelegationTokenIdentifier();
identifer.readFields(new DataInputStream(in));
return identifer;
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
RMDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)
DataInputStream(java.io.DataInputStream)
Aggregations
RMDelegationTokenIdentifier (org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)30
Token (org.apache.hadoop.security.token.Token)15
Text (org.apache.hadoop.io.Text)13
IOException (java.io.IOException)12
Test (org.junit.Test)11
InvalidToken (org.apache.hadoop.security.token.SecretManager.InvalidToken)8
DelegationKey (org.apache.hadoop.security.token.delegation.DelegationKey)6
YarnConfiguration (org.apache.hadoop.yarn.conf.YarnConfiguration)6
Configuration (org.apache.hadoop.conf.Configuration)5
Credentials (org.apache.hadoop.security.Credentials)5
GetDelegationTokenResponse (org.apache.hadoop.yarn.api.protocolrecords.GetDelegationTokenResponse)5
DelegationToken (org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.DelegationToken)5
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)4
GetDelegationTokenRequest (org.apache.hadoop.yarn.api.protocolrecords.GetDelegationTokenRequest)4
YarnException (org.apache.hadoop.yarn.exceptions.YarnException)4
RMApp (org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)4
ByteArrayInputStream (java.io.ByteArrayInputStream)3
DataInputStream (java.io.DataInputStream)3
UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)3
AccessControlException (java.security.AccessControlException)3
