Examples with ApplicationSubmissionContextInfo org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.ApplicationSubmissionContextInfo used on opensource projects

Example 1 with ApplicationSubmissionContextInfo

use of org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.ApplicationSubmissionContextInfo in project hadoop by apache.

the class TestRMWebappAuthentication method testAnonymousKerberosUser.

private void testAnonymousKerberosUser() throws Exception {
    ApplicationSubmissionContextInfo app = new ApplicationSubmissionContextInfo();
    String appid = "application_123_0";
    app.setApplicationId(appid);
    String requestBody = TestRMWebServicesDelegationTokenAuthentication.getMarshalledAppInfo(app);
    URL url = new URL("http://localhost:8088/ws/v1/cluster/apps/new-application");
    HttpURLConnection conn = (HttpURLConnection) url.openConnection();
    TestRMWebServicesDelegationTokenAuthentication.setupConn(conn, "POST", "application/xml", requestBody);
    try {
        conn.getInputStream();
        fail("Anonymous users should not be allowed to get new application ids in secure mode.");
    } catch (IOException ie) {
        assertEquals(Status.FORBIDDEN.getStatusCode(), conn.getResponseCode());
    }
    url = new URL("http://localhost:8088/ws/v1/cluster/apps");
    conn = (HttpURLConnection) url.openConnection();
    TestRMWebServicesDelegationTokenAuthentication.setupConn(conn, "POST", "application/xml", requestBody);
    try {
        conn.getInputStream();
        fail("Anonymous users should not be allowed to submit apps in secure mode.");
    } catch (IOException ie) {
        assertEquals(Status.FORBIDDEN.getStatusCode(), conn.getResponseCode());
    }
    requestBody = "{ \"state\": \"KILLED\"}";
    url = new URL("http://localhost:8088/ws/v1/cluster/apps/application_123_0/state");
    conn = (HttpURLConnection) url.openConnection();
    TestRMWebServicesDelegationTokenAuthentication.setupConn(conn, "PUT", "application/json", requestBody);
    try {
        conn.getInputStream();
        fail("Anonymous users should not be allowed to kill apps in secure mode.");
    } catch (IOException ie) {
        assertEquals(Status.FORBIDDEN.getStatusCode(), conn.getResponseCode());
    }
}

Example 2 with ApplicationSubmissionContextInfo

use of org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.ApplicationSubmissionContextInfo in project hadoop by apache.

the class TestRMWebServicesAppsModification method testAppSubmit.

public void testAppSubmit(String acceptMedia, String contentMedia) throws Exception {
    // create a test app and submit it via rest(after getting an app-id) then
    // get the app details from the rmcontext and check that everything matches
    client().addFilter(new LoggingFilter(System.out));
    String lrKey = "example";
    String queueName = "testqueue";
    // create the queue
    String[] queues = { "default", "testqueue" };
    CapacitySchedulerConfiguration csconf = new CapacitySchedulerConfiguration();
    csconf.setQueues("root", queues);
    csconf.setCapacity("root.default", 50.0f);
    csconf.setCapacity("root.testqueue", 50.0f);
    rm.getResourceScheduler().reinitialize(csconf, rm.getRMContext());
    String appName = "test";
    String appType = "test-type";
    String urlPath = "apps";
    String appId = testGetNewApplication(acceptMedia);
    List<String> commands = new ArrayList<>();
    commands.add("/bin/sleep 5");
    HashMap<String, String> environment = new HashMap<>();
    environment.put("APP_VAR", "ENV_SETTING");
    HashMap<ApplicationAccessType, String> acls = new HashMap<>();
    acls.put(ApplicationAccessType.MODIFY_APP, "testuser1, testuser2");
    acls.put(ApplicationAccessType.VIEW_APP, "testuser3, testuser4");
    Set<String> tags = new HashSet<>();
    tags.add("tag1");
    tags.add("tag 2");
    CredentialsInfo credentials = new CredentialsInfo();
    HashMap<String, String> tokens = new HashMap<>();
    HashMap<String, String> secrets = new HashMap<>();
    secrets.put("secret1", Base64.encodeBase64String("mysecret".getBytes("UTF8")));
    credentials.setSecrets(secrets);
    credentials.setTokens(tokens);
    ApplicationSubmissionContextInfo appInfo = new ApplicationSubmissionContextInfo();
    appInfo.setApplicationId(appId);
    appInfo.setApplicationName(appName);
    appInfo.setMaxAppAttempts(2);
    appInfo.setQueue(queueName);
    appInfo.setApplicationType(appType);
    appInfo.setPriority(0);
    HashMap<String, LocalResourceInfo> lr = new HashMap<>();
    LocalResourceInfo y = new LocalResourceInfo();
    y.setUrl(new URI("http://www.test.com/file.txt"));
    y.setSize(100);
    y.setTimestamp(System.currentTimeMillis());
    y.setType(LocalResourceType.FILE);
    y.setVisibility(LocalResourceVisibility.APPLICATION);
    lr.put(lrKey, y);
    appInfo.getContainerLaunchContextInfo().setResources(lr);
    appInfo.getContainerLaunchContextInfo().setCommands(commands);
    appInfo.getContainerLaunchContextInfo().setEnvironment(environment);
    appInfo.getContainerLaunchContextInfo().setAcls(acls);
    appInfo.getContainerLaunchContextInfo().getAuxillaryServiceData().put("test", Base64.encodeBase64URLSafeString("value12".getBytes("UTF8")));
    appInfo.getContainerLaunchContextInfo().setCredentials(credentials);
    appInfo.getResource().setMemory(1024);
    appInfo.getResource().setvCores(1);
    appInfo.setApplicationTags(tags);
    // Set LogAggregationContextInfo
    String includePattern = "file1";
    String excludePattern = "file2";
    String rolledLogsIncludePattern = "file3";
    String rolledLogsExcludePattern = "file4";
    String className = "policy_class";
    String parameters = "policy_parameter";
    LogAggregationContextInfo logAggregationContextInfo = new LogAggregationContextInfo();
    logAggregationContextInfo.setIncludePattern(includePattern);
    logAggregationContextInfo.setExcludePattern(excludePattern);
    logAggregationContextInfo.setRolledLogsIncludePattern(rolledLogsIncludePattern);
    logAggregationContextInfo.setRolledLogsExcludePattern(rolledLogsExcludePattern);
    logAggregationContextInfo.setLogAggregationPolicyClassName(className);
    logAggregationContextInfo.setLogAggregationPolicyParameters(parameters);
    appInfo.setLogAggregationContextInfo(logAggregationContextInfo);
    // Set attemptFailuresValidityInterval
    long attemptFailuresValidityInterval = 5000;
    appInfo.setAttemptFailuresValidityInterval(attemptFailuresValidityInterval);
    // Set ReservationId
    String reservationId = ReservationId.newInstance(System.currentTimeMillis(), 1).toString();
    appInfo.setReservationId(reservationId);
    ClientResponse response = this.constructWebResource(urlPath).accept(acceptMedia).entity(appInfo, contentMedia).post(ClientResponse.class);
    if (!this.isAuthenticationEnabled()) {
        assertResponseStatusCode(Status.UNAUTHORIZED, response.getStatusInfo());
        return;
    }
    assertResponseStatusCode(Status.ACCEPTED, response.getStatusInfo());
    assertTrue(!response.getHeaders().getFirst(HttpHeaders.LOCATION).isEmpty());
    String locURL = response.getHeaders().getFirst(HttpHeaders.LOCATION);
    assertTrue(locURL.contains("/apps/application"));
    appId = locURL.substring(locURL.indexOf("/apps/") + "/apps/".length());
    WebResource res = resource().uri(new URI(locURL));
    res = res.queryParam("user.name", webserviceUserName);
    response = res.get(ClientResponse.class);
    assertResponseStatusCode(Status.OK, response.getStatusInfo());
    RMApp app = rm.getRMContext().getRMApps().get(ApplicationId.fromString(appId));
    assertEquals(appName, app.getName());
    assertEquals(webserviceUserName, app.getUser());
    assertEquals(2, app.getMaxAppAttempts());
    if (app.getQueue().contains("root.")) {
        queueName = "root." + queueName;
    }
    assertEquals(queueName, app.getQueue());
    assertEquals(appType, app.getApplicationType());
    assertEquals(tags, app.getApplicationTags());
    ContainerLaunchContext ctx = app.getApplicationSubmissionContext().getAMContainerSpec();
    assertEquals(commands, ctx.getCommands());
    assertEquals(environment, ctx.getEnvironment());
    assertEquals(acls, ctx.getApplicationACLs());
    Map<String, LocalResource> appLRs = ctx.getLocalResources();
    assertTrue(appLRs.containsKey(lrKey));
    LocalResource exampleLR = appLRs.get(lrKey);
    assertEquals(URL.fromURI(y.getUrl()), exampleLR.getResource());
    assertEquals(y.getSize(), exampleLR.getSize());
    assertEquals(y.getTimestamp(), exampleLR.getTimestamp());
    assertEquals(y.getType(), exampleLR.getType());
    assertEquals(y.getPattern(), exampleLR.getPattern());
    assertEquals(y.getVisibility(), exampleLR.getVisibility());
    Credentials cs = new Credentials();
    ByteArrayInputStream str = new ByteArrayInputStream(app.getApplicationSubmissionContext().getAMContainerSpec().getTokens().array());
    DataInputStream di = new DataInputStream(str);
    cs.readTokenStorageStream(di);
    Text key = new Text("secret1");
    assertTrue("Secrets missing from credentials object", cs.getAllSecretKeys().contains(key));
    assertEquals("mysecret", new String(cs.getSecretKey(key), "UTF-8"));
    // Check LogAggregationContext
    ApplicationSubmissionContext asc = app.getApplicationSubmissionContext();
    LogAggregationContext lac = asc.getLogAggregationContext();
    assertEquals(includePattern, lac.getIncludePattern());
    assertEquals(excludePattern, lac.getExcludePattern());
    assertEquals(rolledLogsIncludePattern, lac.getRolledLogsIncludePattern());
    assertEquals(rolledLogsExcludePattern, lac.getRolledLogsExcludePattern());
    assertEquals(className, lac.getLogAggregationPolicyClassName());
    assertEquals(parameters, lac.getLogAggregationPolicyParameters());
    // Check attemptFailuresValidityInterval
    assertEquals(attemptFailuresValidityInterval, asc.getAttemptFailuresValidityInterval());
    // Check ReservationId
    assertEquals(reservationId, app.getReservationId().toString());
    response = this.constructWebResource("apps", appId).accept(acceptMedia).get(ClientResponse.class);
    assertResponseStatusCode(Status.OK, response.getStatusInfo());
}

Example 3 with ApplicationSubmissionContextInfo

use of org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.ApplicationSubmissionContextInfo in project hadoop by apache.

the class TestRMWebServicesAppsModification method testAppSubmitErrors.

public void testAppSubmitErrors(String acceptMedia, String contentMedia) throws Exception {
    // submit a bunch of bad requests(correct format but bad values) via the
    // REST API and make sure we get the right error response codes
    String urlPath = "apps";
    ApplicationSubmissionContextInfo appInfo = new ApplicationSubmissionContextInfo();
    ClientResponse response = this.constructWebResource(urlPath).accept(acceptMedia).entity(appInfo, contentMedia).post(ClientResponse.class);
    validateResponseStatus(response, Status.BAD_REQUEST);
    String appId = "random";
    appInfo.setApplicationId(appId);
    response = this.constructWebResource(urlPath).accept(acceptMedia).entity(appInfo, contentMedia).post(ClientResponse.class);
    validateResponseStatus(response, Status.BAD_REQUEST);
    appId = "random_junk";
    appInfo.setApplicationId(appId);
    response = this.constructWebResource(urlPath).accept(acceptMedia).entity(appInfo, contentMedia).post(ClientResponse.class);
    validateResponseStatus(response, Status.BAD_REQUEST);
    // bad resource info
    appInfo.getResource().setMemory(rm.getConfig().getInt(YarnConfiguration.RM_SCHEDULER_MAXIMUM_ALLOCATION_MB, YarnConfiguration.DEFAULT_RM_SCHEDULER_MAXIMUM_ALLOCATION_MB) + 1);
    appInfo.getResource().setvCores(1);
    response = this.constructWebResource(urlPath).accept(acceptMedia).entity(appInfo, contentMedia).post(ClientResponse.class);
    validateResponseStatus(response, Status.BAD_REQUEST);
    appInfo.getResource().setvCores(rm.getConfig().getInt(YarnConfiguration.RM_SCHEDULER_MAXIMUM_ALLOCATION_VCORES, YarnConfiguration.DEFAULT_RM_SCHEDULER_MAXIMUM_ALLOCATION_VCORES) + 1);
    appInfo.getResource().setMemory(CONTAINER_MB);
    response = this.constructWebResource(urlPath).accept(acceptMedia).entity(appInfo, contentMedia).post(ClientResponse.class);
    validateResponseStatus(response, Status.BAD_REQUEST);
}

Example 4 with ApplicationSubmissionContextInfo

use of org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.ApplicationSubmissionContextInfo in project hadoop by apache.

the class TestRMWebServicesHttpStaticUserPermissions method testWebServiceAccess.

// Test that the http static user can't submit or kill apps
// when secure mode is turned on
@Test
public void testWebServiceAccess() throws Exception {
    ApplicationSubmissionContextInfo app = new ApplicationSubmissionContextInfo();
    String appid = "application_123_0";
    app.setApplicationId(appid);
    String submitAppRequestBody = TestRMWebServicesDelegationTokenAuthentication.getMarshalledAppInfo(app);
    URL url = new URL("http://localhost:8088/ws/v1/cluster/apps");
    HttpURLConnection conn = (HttpURLConnection) url.openConnection();
    // we should be access the apps page with the static user
    TestRMWebServicesDelegationTokenAuthentication.setupConn(conn, "GET", "", "");
    try {
        conn.getInputStream();
        assertEquals(Status.OK.getStatusCode(), conn.getResponseCode());
    } catch (IOException e) {
        fail("Got " + conn.getResponseCode() + " instead of 200 accessing " + url.toString());
    }
    conn.disconnect();
    // new-application, submit app and kill should fail with
    // forbidden
    Map<String, Helper> urlRequestMap = new HashMap<String, Helper>();
    String killAppRequestBody = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\n" + "<appstate>\n" + "  <state>KILLED</state>\n" + "</appstate>";
    urlRequestMap.put("http://localhost:8088/ws/v1/cluster/apps", new Helper("POST", submitAppRequestBody));
    urlRequestMap.put("http://localhost:8088/ws/v1/cluster/apps/new-application", new Helper("POST", ""));
    urlRequestMap.put("http://localhost:8088/ws/v1/cluster/apps/app_123_1/state", new Helper("PUT", killAppRequestBody));
    for (Map.Entry<String, Helper> entry : urlRequestMap.entrySet()) {
        URL reqURL = new URL(entry.getKey());
        conn = (HttpURLConnection) reqURL.openConnection();
        String method = entry.getValue().method;
        String body = entry.getValue().requestBody;
        TestRMWebServicesDelegationTokenAuthentication.setupConn(conn, method, "application/xml", body);
        try {
            conn.getInputStream();
            fail("Request " + entry.getKey() + "succeeded but should have failed");
        } catch (IOException e) {
            assertEquals(Status.FORBIDDEN.getStatusCode(), conn.getResponseCode());
            InputStream errorStream = conn.getErrorStream();
            String error = "";
            BufferedReader reader = new BufferedReader(new InputStreamReader(errorStream, "UTF8"));
            for (String line; (line = reader.readLine()) != null; ) {
                error += line;
            }
            reader.close();
            errorStream.close();
            assertEquals("The default static user cannot carry out this operation.", error);
        }
        conn.disconnect();
    }
}

Example 5 with ApplicationSubmissionContextInfo

use of org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.ApplicationSubmissionContextInfo in project hadoop by apache.

the class TestRMWebServicesDelegationTokenAuthentication method testCancelledDelegationToken.

// Test to make sure that cancelled delegation tokens
// are rejected
@Test
public void testCancelledDelegationToken() throws Exception {
    String token = getDelegationToken("client");
    cancelDelegationToken(token);
    ApplicationSubmissionContextInfo app = new ApplicationSubmissionContextInfo();
    String appid = "application_123_0";
    app.setApplicationId(appid);
    String requestBody = getMarshalledAppInfo(app);
    URL url = new URL("http://localhost:8088/ws/v1/cluster/apps");
    HttpURLConnection conn = (HttpURLConnection) url.openConnection();
    conn.setRequestProperty(delegationTokenHeader, token);
    setupConn(conn, "POST", MediaType.APPLICATION_XML, requestBody);
    // auth is kerberos or delegation token
    try {
        conn.getInputStream();
        fail("Authentication should fail with expired delegation tokens");
    } catch (IOException e) {
        assertEquals(Status.FORBIDDEN.getStatusCode(), conn.getResponseCode());
    }
}