Examples with TimelineDelegationTokenIdentifier org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier used on opensource projects

Search in sources :

Example 6 with TimelineDelegationTokenIdentifier

use of org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier in project hadoop by apache.

the class TimelineDelegationTokenIdentifierData method getTokenIdentifier.

public TimelineDelegationTokenIdentifier getTokenIdentifier() throws IOException {
    ByteArrayInputStream in = new ByteArrayInputStream(builder.getTokenIdentifier().toByteArray());
    TimelineDelegationTokenIdentifier identifer = new TimelineDelegationTokenIdentifier();
    identifer.readFields(new DataInputStream(in));
    return identifer;
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) TimelineDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier) DataInputStream(java.io.DataInputStream)

Example 7 with TimelineDelegationTokenIdentifier

use of org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier in project hadoop by apache.

the class TestLeveldbTimelineStateStore method testTokenStore.

@Test
public void testTokenStore() throws Exception {
    initAndStartTimelineServiceStateStoreService();
    TimelineServiceState state = store.loadState();
    assertTrue("token state not empty", state.tokenState.isEmpty());
    assertTrue("key state not empty", state.tokenMasterKeyState.isEmpty());
    final DelegationKey key1 = new DelegationKey(1, 2, "keyData1".getBytes());
    final TimelineDelegationTokenIdentifier token1 = new TimelineDelegationTokenIdentifier(new Text("tokenOwner1"), new Text("tokenRenewer1"), new Text("tokenUser1"));
    token1.setSequenceNumber(1);
    token1.getBytes();
    final Long tokenDate1 = 1L;
    final TimelineDelegationTokenIdentifier token2 = new TimelineDelegationTokenIdentifier(new Text("tokenOwner2"), new Text("tokenRenewer2"), new Text("tokenUser2"));
    token2.setSequenceNumber(12345678);
    token2.getBytes();
    final Long tokenDate2 = 87654321L;
    store.storeTokenMasterKey(key1);
    try {
        store.storeTokenMasterKey(key1);
        fail("redundant store of key undetected");
    } catch (IOException e) {
    // expected
    }
    store.storeToken(token1, tokenDate1);
    store.storeToken(token2, tokenDate2);
    try {
        store.storeToken(token1, tokenDate1);
        fail("redundant store of token undetected");
    } catch (IOException e) {
    // expected
    }
    store.close();
    initAndStartTimelineServiceStateStoreService();
    state = store.loadState();
    assertEquals("incorrect loaded token count", 2, state.tokenState.size());
    assertTrue("missing token 1", state.tokenState.containsKey(token1));
    assertEquals("incorrect token 1 date", tokenDate1, state.tokenState.get(token1));
    assertTrue("missing token 2", state.tokenState.containsKey(token2));
    assertEquals("incorrect token 2 date", tokenDate2, state.tokenState.get(token2));
    assertEquals("incorrect master key count", 1, state.tokenMasterKeyState.size());
    assertTrue("missing master key 1", state.tokenMasterKeyState.contains(key1));
    assertEquals("incorrect latest sequence number", 12345678, state.getLatestSequenceNumber());
    final DelegationKey key2 = new DelegationKey(3, 4, "keyData2".getBytes());
    final DelegationKey key3 = new DelegationKey(5, 6, "keyData3".getBytes());
    final TimelineDelegationTokenIdentifier token3 = new TimelineDelegationTokenIdentifier(new Text("tokenOwner3"), new Text("tokenRenewer3"), new Text("tokenUser3"));
    token3.setSequenceNumber(12345679);
    token3.getBytes();
    final Long tokenDate3 = 87654321L;
    store.removeToken(token1);
    store.storeTokenMasterKey(key2);
    final Long newTokenDate2 = 975318642L;
    store.updateToken(token2, newTokenDate2);
    store.removeTokenMasterKey(key1);
    store.storeTokenMasterKey(key3);
    store.storeToken(token3, tokenDate3);
    store.close();
    initAndStartTimelineServiceStateStoreService();
    state = store.loadState();
    assertEquals("incorrect loaded token count", 2, state.tokenState.size());
    assertFalse("token 1 not removed", state.tokenState.containsKey(token1));
    assertTrue("missing token 2", state.tokenState.containsKey(token2));
    assertEquals("incorrect token 2 date", newTokenDate2, state.tokenState.get(token2));
    assertTrue("missing token 3", state.tokenState.containsKey(token3));
    assertEquals("incorrect token 3 date", tokenDate3, state.tokenState.get(token3));
    assertEquals("incorrect master key count", 2, state.tokenMasterKeyState.size());
    assertFalse("master key 1 not removed", state.tokenMasterKeyState.contains(key1));
    assertTrue("missing master key 2", state.tokenMasterKeyState.contains(key2));
    assertTrue("missing master key 3", state.tokenMasterKeyState.contains(key3));
    assertEquals("incorrect latest sequence number", 12345679, state.getLatestSequenceNumber());
    store.close();
}
Also used : TimelineServiceState(org.apache.hadoop.yarn.server.timeline.recovery.TimelineStateStore.TimelineServiceState) DelegationKey(org.apache.hadoop.security.token.delegation.DelegationKey) TimelineDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier) Text(org.apache.hadoop.io.Text) IOException(java.io.IOException) Test(org.junit.Test)

Example 8 with TimelineDelegationTokenIdentifier

use of org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier in project hadoop by apache.

the class TestTimelineAuthenticationFilter method testDelegationTokenOperations.

@Test
public void testDelegationTokenOperations() throws Exception {
    TimelineClient httpUserClient = KerberosTestUtils.doAs(HTTP_USER + "/localhost", new Callable<TimelineClient>() {

        @Override
        public TimelineClient call() throws Exception {
            return createTimelineClientForUGI();
        }
    });
    UserGroupInformation httpUser = KerberosTestUtils.doAs(HTTP_USER + "/localhost", new Callable<UserGroupInformation>() {

        @Override
        public UserGroupInformation call() throws Exception {
            return UserGroupInformation.getCurrentUser();
        }
    });
    // Let HTTP user to get the delegation for itself
    Token<TimelineDelegationTokenIdentifier> token = httpUserClient.getDelegationToken(httpUser.getShortUserName());
    Assert.assertNotNull(token);
    TimelineDelegationTokenIdentifier tDT = token.decodeIdentifier();
    Assert.assertNotNull(tDT);
    Assert.assertEquals(new Text(HTTP_USER), tDT.getOwner());
    // Renew token
    Assert.assertFalse(token.getService().toString().isEmpty());
    // Renew the token from the token service address
    long renewTime1 = httpUserClient.renewDelegationToken(token);
    Thread.sleep(100);
    token.setService(new Text());
    Assert.assertTrue(token.getService().toString().isEmpty());
    // If the token service address is not avaiable, it still can be renewed
    // from the configured address
    long renewTime2 = httpUserClient.renewDelegationToken(token);
    Assert.assertTrue(renewTime1 < renewTime2);
    // Cancel token
    Assert.assertTrue(token.getService().toString().isEmpty());
    // If the token service address is not avaiable, it still can be canceled
    // from the configured address
    httpUserClient.cancelDelegationToken(token);
    // Renew should not be successful because the token is canceled
    try {
        httpUserClient.renewDelegationToken(token);
        Assert.fail();
    } catch (Exception e) {
        Assert.assertTrue(e.getMessage().contains("Renewal request for unknown token"));
    }
    // Let HTTP user to get the delegation token for FOO user
    UserGroupInformation fooUgi = UserGroupInformation.createProxyUser(FOO_USER, httpUser);
    TimelineClient fooUserClient = fooUgi.doAs(new PrivilegedExceptionAction<TimelineClient>() {

        @Override
        public TimelineClient run() throws Exception {
            return createTimelineClientForUGI();
        }
    });
    token = fooUserClient.getDelegationToken(httpUser.getShortUserName());
    Assert.assertNotNull(token);
    tDT = token.decodeIdentifier();
    Assert.assertNotNull(tDT);
    Assert.assertEquals(new Text(FOO_USER), tDT.getOwner());
    Assert.assertEquals(new Text(HTTP_USER), tDT.getRealUser());
    // Renew token as the renewer
    final Token<TimelineDelegationTokenIdentifier> tokenToRenew = token;
    renewTime1 = httpUserClient.renewDelegationToken(tokenToRenew);
    renewTime2 = httpUserClient.renewDelegationToken(tokenToRenew);
    Assert.assertTrue(renewTime1 < renewTime2);
    // Cancel token
    Assert.assertFalse(tokenToRenew.getService().toString().isEmpty());
    // Cancel the token from the token service address
    fooUserClient.cancelDelegationToken(tokenToRenew);
    // Renew should not be successful because the token is canceled
    try {
        httpUserClient.renewDelegationToken(tokenToRenew);
        Assert.fail();
    } catch (Exception e) {
        Assert.assertTrue(e.getMessage().contains("Renewal request for unknown token"));
    }
    // Let HTTP user to get the delegation token for BAR user
    UserGroupInformation barUgi = UserGroupInformation.createProxyUser(BAR_USER, httpUser);
    TimelineClient barUserClient = barUgi.doAs(new PrivilegedExceptionAction<TimelineClient>() {

        @Override
        public TimelineClient run() {
            return createTimelineClientForUGI();
        }
    });
    try {
        barUserClient.getDelegationToken(httpUser.getShortUserName());
        Assert.fail();
    } catch (Exception e) {
        Assert.assertTrue(e.getCause() instanceof AuthorizationException || e.getCause() instanceof AuthenticationException);
    }
}
Also used : AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) TimelineDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier) Text(org.apache.hadoop.io.Text) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) TimelineClient(org.apache.hadoop.yarn.client.api.TimelineClient) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) Test(org.junit.Test)

Example 9 with TimelineDelegationTokenIdentifier

use of org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier in project hadoop by apache.

the class YarnClientImpl method addTimelineDelegationToken.

private void addTimelineDelegationToken(ContainerLaunchContext clc) throws YarnException, IOException {
    Credentials credentials = new Credentials();
    DataInputByteBuffer dibb = new DataInputByteBuffer();
    ByteBuffer tokens = clc.getTokens();
    if (tokens != null) {
        dibb.reset(tokens);
        credentials.readTokenStorageStream(dibb);
        tokens.rewind();
    }
    // one more
    for (org.apache.hadoop.security.token.Token<? extends TokenIdentifier> token : credentials.getAllTokens()) {
        if (token.getKind().equals(TimelineDelegationTokenIdentifier.KIND_NAME)) {
            return;
        }
    }
    org.apache.hadoop.security.token.Token<TimelineDelegationTokenIdentifier> timelineDelegationToken = getTimelineDelegationToken();
    if (timelineDelegationToken == null) {
        return;
    }
    credentials.addToken(timelineService, timelineDelegationToken);
    if (LOG.isDebugEnabled()) {
        LOG.debug("Add timline delegation token into credentials: " + timelineDelegationToken);
    }
    DataOutputBuffer dob = new DataOutputBuffer();
    credentials.writeTokenStorageToStream(dob);
    tokens = ByteBuffer.wrap(dob.getData(), 0, dob.getLength());
    clc.setTokens(tokens);
}
Also used : DataInputByteBuffer(org.apache.hadoop.io.DataInputByteBuffer) DataOutputBuffer(org.apache.hadoop.io.DataOutputBuffer) TimelineDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier) ByteBuffer(java.nio.ByteBuffer) DataInputByteBuffer(org.apache.hadoop.io.DataInputByteBuffer) Credentials(org.apache.hadoop.security.Credentials)

Example 10 with TimelineDelegationTokenIdentifier

use of org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier in project tez by apache.

the class TestATSV15HistoryLoggingService method createService.

private ATSV15HistoryLoggingService createService(int numDagsPerGroup) throws IOException, YarnException {
    ATSV15HistoryLoggingService service = new ATSV15HistoryLoggingService();
    appContext = mock(AppContext.class);
    when(appContext.getApplicationID()).thenReturn(appId);
    when(appContext.getHadoopShim()).thenReturn(new HadoopShim() {
    });
    service.setAppContext(appContext);
    Configuration conf = new Configuration(false);
    if (numDagsPerGroup != -1) {
        conf.setInt(TezConfiguration.TEZ_HISTORY_LOGGING_TIMELINE_NUM_DAGS_PER_GROUP, numDagsPerGroup);
    }
    service.init(conf);
    // Set timeline service.
    timelineClient = mock(TimelineClient.class);
    entityLog = new HashMap<>();
    // timelineClient.init(conf);
    when(timelineClient.getDelegationToken(anyString())).thenReturn(null);
    when(timelineClient.renewDelegationToken(Matchers.<Token<TimelineDelegationTokenIdentifier>>any())).thenReturn(0L);
    when(timelineClient.putEntities(Matchers.<TimelineEntity>anyVararg())).thenAnswer(new Answer() {

        @Override
        public TimelinePutResponse answer(InvocationOnMock invocation) throws Throwable {
            return putEntityHelper(DEFAULT_GROUP_ID, invocation.getArguments(), 0);
        }
    });
    when(timelineClient.putEntities(any(ApplicationAttemptId.class), any(TimelineEntityGroupId.class), Matchers.<TimelineEntity>anyVararg())).thenAnswer(new Answer() {

        @Override
        public TimelinePutResponse answer(InvocationOnMock invocation) throws Throwable {
            return putEntityHelper(invocation.getArgumentAt(1, TimelineEntityGroupId.class), invocation.getArguments(), 2);
        }
    });
    service.timelineClient = timelineClient;
    return service;
}
Also used : HadoopShim(org.apache.tez.hadoop.shim.HadoopShim) Configuration(org.apache.hadoop.conf.Configuration) TezConfiguration(org.apache.tez.dag.api.TezConfiguration) AppContext(org.apache.tez.dag.app.AppContext) TimelineDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier) TimelinePutResponse(org.apache.hadoop.yarn.api.records.timeline.TimelinePutResponse) ApplicationAttemptId(org.apache.hadoop.yarn.api.records.ApplicationAttemptId) TimelineEntityGroupId(org.apache.hadoop.yarn.api.records.timeline.TimelineEntityGroupId) TimelineClient(org.apache.hadoop.yarn.client.api.TimelineClient) Answer(org.mockito.stubbing.Answer) InvocationOnMock(org.mockito.invocation.InvocationOnMock)

Aggregations

TimelineDelegationTokenIdentifier (org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier)10 Text (org.apache.hadoop.io.Text)6 Test (org.junit.Test)6 Configuration (org.apache.hadoop.conf.Configuration)4 TimelineClient (org.apache.hadoop.yarn.client.api.TimelineClient)4 YarnConfiguration (org.apache.hadoop.yarn.conf.YarnConfiguration)4 IOException (java.io.IOException)3 ByteBuffer (java.nio.ByteBuffer)2 DataInputByteBuffer (org.apache.hadoop.io.DataInputByteBuffer)2 DataOutputBuffer (org.apache.hadoop.io.DataOutputBuffer)2 Credentials (org.apache.hadoop.security.Credentials)2 TimelinePutResponse (org.apache.hadoop.yarn.api.records.timeline.TimelinePutResponse)2 YarnException (org.apache.hadoop.yarn.exceptions.YarnException)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 DataInputStream (java.io.DataInputStream)1 File (java.io.File)1 DataInputBuffer (org.apache.hadoop.io.DataInputBuffer)1 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1 AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)1 AuthorizationException (org.apache.hadoop.security.authorize.AuthorizationException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial