Java Code Examples for org.apache.hadoop.security.token.Token#setService()

@Override
public Token<DelegationTokenIdentifier> getDelegationToken(
    final String renewer) throws IOException {
  final HttpOpParam.Op op = GetOpParam.Op.GETDELEGATIONTOKEN;
  Token<DelegationTokenIdentifier> token =
      new FsPathResponseRunner<Token<DelegationTokenIdentifier>>(
          op, null, new RenewerParam(renewer)) {
    @Override
    Token<DelegationTokenIdentifier> decodeResponse(Map<?,?> json)
        throws IOException {
      return JsonUtil.toDelegationToken(json);
    }
  }.run();
  if (token != null) {
    token.setService(tokenServiceName);
  } else {
    if (disallowFallbackToInsecureCluster) {
      throw new AccessControlException(CANT_FALLBACK_TO_INSECURE_MSG);
    }
  }
  return token;
}
 

private void verifyNewVersionToken(final Configuration conf, final CustomAM am,
    Token<ClientToAMTokenIdentifier> token, MockRM rm) throws IOException,
    InterruptedException {
  UserGroupInformation ugi;
  ugi = UserGroupInformation.createRemoteUser("me");
  
  Token<ClientToAMTokenIdentifier> newToken = 
      new Token<ClientToAMTokenIdentifier>(
          new ClientToAMTokenIdentifierForTest(token.decodeIdentifier(), "message"),
          am.getClientToAMTokenSecretManager());
  newToken.setService(token.getService());
  
  ugi.addToken(newToken);

  ugi.doAs(new PrivilegedExceptionAction<Void>() {
    @Override
    public Void run() throws Exception {
      CustomProtocol client =
          (CustomProtocol) RPC.getProxy(CustomProtocol.class, 1L, am.address,
            conf);
      client.ping();
      Assert.assertTrue(am.pinged);
      return null;
    }
  });
}
 

@Before
public void initialize() throws Exception {
  startHACluster(0, false, false, true);
  attemptId = this.cluster.createFakeApplicationAttemptId();
  amClient = ClientRMProxy
      .createRMProxy(this.conf, ApplicationMasterProtocol.class);

  Token<AMRMTokenIdentifier> appToken =
      this.cluster.getResourceManager().getRMContext()
        .getAMRMTokenSecretManager().createAndGetAMRMToken(attemptId);
  appToken.setService(ClientRMProxy.getAMRMTokenService(conf));
  UserGroupInformation.setLoginUser(UserGroupInformation
      .createRemoteUser(UserGroupInformation.getCurrentUser()
          .getUserName()));
  UserGroupInformation.getCurrentUser().addToken(appToken);
  syncToken(appToken);
}
 

/**
 * Get a valid Delegation Token.
 *
 * @param renewer the designated renewer for the token
 * @return Token<OzoneDelegationTokenSelector>
 * @throws IOException
 */
@Override
public Token<OzoneTokenIdentifier> getDelegationToken(Text renewer)
    throws IOException {

  Token<OzoneTokenIdentifier> token =
      ozoneManagerClient.getDelegationToken(renewer);
  if (token != null) {
    token.setService(dtService);
    if (LOG.isDebugEnabled()) {
      LOG.debug("Created token {} for dtService {}", token, dtService);
    }
  } else {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Cannot get ozone delegation token for renewer {} to " +
          "access service {}", renewer, dtService);
    }
  }
  return token;
}
 

Token<DelegationTokenIdentifier> delegationToken() throws IOException {
  String delegation = param(DelegationParam.NAME);
  final Token<DelegationTokenIdentifier> token = new
    Token<DelegationTokenIdentifier>();
  token.decodeFromUrlString(delegation);
  URI nnUri = URI.create(HDFS_URI_SCHEME + "://" + namenodeId());
  boolean isLogical = HAUtil.isLogicalUri(conf, nnUri);
  if (isLogical) {
    token.setService(HAUtil.buildTokenServiceForLogicalUri(nnUri,
      HDFS_URI_SCHEME));
  } else {
    token.setService(SecurityUtil.buildTokenService(nnUri));
  }
  return token;
}
 

public Token<AuthenticationTokenIdentifier> generateToken(String username) {
  AuthenticationTokenIdentifier ident =
      new AuthenticationTokenIdentifier(username);
  Token<AuthenticationTokenIdentifier> token = new Token<>(ident, this);
  if (clusterId.hasId()) {
    token.setService(new Text(clusterId.getId()));
  }
  return token;
}
 

static void createSessionToken(String tokenIdentifier,
    JobTokenSecretManager jobTokenSecretManager,
    Credentials credentials) {
  JobTokenIdentifier identifier = new JobTokenIdentifier(new Text(
      tokenIdentifier));
  Token<JobTokenIdentifier> sessionToken = new Token<JobTokenIdentifier>(identifier,
      jobTokenSecretManager);
  sessionToken.setService(identifier.getJobId());
  TokenCache.setSessionToken(sessionToken, credentials);
}
 

/**
 * Convert a protobuf token into a rpc token and set its service.
 *
 * @param protoToken the yarn token
 * @param service the service for the token
 */
public static <T extends TokenIdentifier> Token<T> convertFromYarn(
    org.apache.hadoop.yarn.api.records.Token protoToken,
    Text service) {
  Token<T> token = new Token<T>(protoToken.getIdentifier().array(),
      protoToken.getPassword().array(),
      new Text(protoToken.getKind()),
      new Text(protoToken.getService()));

  if (service != null) {
    token.setService(service);
  }
  return token;
}
 

private static void setAMRMTokenService(final Configuration conf)
    throws IOException {
  for (Token<? extends TokenIdentifier> token : UserGroupInformation
    .getCurrentUser().getTokens()) {
    if (token.getKind().equals(AMRMTokenIdentifier.KIND_NAME)) {
      token.setService(getAMRMTokenService(conf));
    }
  }
}
 

/**
 * function to fetch hcat token as per the specified hive configuration and then store the token
 * in to the credential store specified .
 *
 * @param userToProxy String value indicating the name of the user the token will be fetched for.
 * @param hiveConf the configuration based off which the hive client will be initialized.
 */
private static Token<DelegationTokenIdentifier> fetchHcatToken(final String userToProxy, final HiveConf hiveConf,
    final String tokenSignatureOverwrite, final IMetaStoreClient hiveClient)
    throws IOException, TException, InterruptedException {

  LOG.info(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname + ": " + hiveConf.get(
      HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname));

  LOG.info(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL.varname + ": " + hiveConf.get(
      HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL.varname));

  final Token<DelegationTokenIdentifier> hcatToken = new Token<>();

  hcatToken.decodeFromUrlString(
      hiveClient.getDelegationToken(userToProxy, UserGroupInformation.getLoginUser().getShortUserName()));

  // overwrite the value of the service property of the token if the signature
  // override is specified.
  // If the service field is set, do not overwrite that
  if (hcatToken.getService().getLength() <= 0 && tokenSignatureOverwrite != null
      && tokenSignatureOverwrite.trim().length() > 0) {
    hcatToken.setService(new Text(tokenSignatureOverwrite.trim().toLowerCase()));

    LOG.info(HIVE_TOKEN_SIGNATURE_KEY + ":" + tokenSignatureOverwrite);
  }

  LOG.info("Created hive metastore token for user:" + userToProxy + " with kind[" + hcatToken.getKind() + "]"
      + " and service[" + hcatToken.getService() + "]");
  return hcatToken;
}
 

@Test
@SuppressWarnings("unchecked")
public void testDelegationTokenSelector() throws Exception {
  TestDelegationTokenSecretManager dtSecretManager = 
    new TestDelegationTokenSecretManager(24*60*60*1000,
      10*1000,1*1000,3600000);
  try {
    dtSecretManager.startThreads();
    AbstractDelegationTokenSelector ds = 
    new AbstractDelegationTokenSelector<TestDelegationTokenIdentifier>(KIND);
    
    //Creates a collection of tokens
    Token<TestDelegationTokenIdentifier> token1 = generateDelegationToken(
        dtSecretManager, "SomeUser1", "JobTracker");
    token1.setService(new Text("MY-SERVICE1"));
    
    Token<TestDelegationTokenIdentifier> token2 = generateDelegationToken(
        dtSecretManager, "SomeUser2", "JobTracker");
    token2.setService(new Text("MY-SERVICE2"));
    
    List<Token<TestDelegationTokenIdentifier>> tokens =
      new ArrayList<Token<TestDelegationTokenIdentifier>>();
    tokens.add(token1);
    tokens.add(token2);
    
    //try to select a token with a given service name (created earlier)
    Token<TestDelegationTokenIdentifier> t = 
      ds.selectToken(new Text("MY-SERVICE1"), tokens);
    Assert.assertEquals(t, token1);
  } finally {
    dtSecretManager.stopThreads();
  }
}
 

/**
 * Set the given token's service to the format expected by the RPC client 
 * @param token a delegation token
 * @param addr the socket for the rpc connection
 */
public static void setTokenService(Token<?> token, InetSocketAddress addr) {
  Text service = buildTokenService(addr);
  if (token != null) {
    token.setService(service);
    if (LOG.isDebugEnabled()) {
      LOG.debug("Acquired token "+token);  // Token#toString() prints service
    }
  } else {
    LOG.warn("Failed to get token for service "+service);
  }
}
 

private String createClientToken(String username, String service) throws IOException
{
  StramDelegationTokenIdentifier tokenIdentifier = new StramDelegationTokenIdentifier(new Text(username), new Text(loginUser), new Text());
  //tokenIdentifier.setSequenceNumber(sequenceNumber.getAndAdd(1));
  //byte[] password = tokenManager.addIdentifier(tokenIdentifier);
  //Token<StramDelegationTokenIdentifier> token = new Token<StramDelegationTokenIdentifier>(tokenIdentifier.getBytes(), password, tokenIdentifier.getKind(), new Text(service));
  Token<StramDelegationTokenIdentifier> token = new Token<>(tokenIdentifier, tokenManager);
  token.setService(new Text(service));
  return token.encodeToUrlString();
}
 

/**
 * function to fetch hcat token as per the specified hive configuration and
 * then store the token in to the credential store specified .
 *
 * @param userToProxy String value indicating the name of the user the token
 *          will be fetched for.
 * @param hiveConf the configuration based off which the hive client will be
 *          initialized.
 * @param logger the logger instance which writes the logging content to the
 *          job logs.
 *
 * @throws IOException
 * @throws TException
 * @throws MetaException
 *
 * */
private Token<DelegationTokenIdentifier> fetchHcatToken(String userToProxy,
    HiveConf hiveConf, String tokenSignatureOverwrite, final Logger logger)
    throws IOException, MetaException, TException {

  logger.info(HiveConf.ConfVars.METASTOREURIS.varname + ": "
      + hiveConf.get(HiveConf.ConfVars.METASTOREURIS.varname));

  logger.info(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname + ": "
      + hiveConf.get(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname));

  logger.info(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL.varname + ": "
      + hiveConf.get(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL.varname));

  HiveMetaStoreClient hiveClient = new HiveMetaStoreClient(hiveConf);
  String hcatTokenStr =
      hiveClient.getDelegationToken(userToProxy, UserGroupInformation
          .getLoginUser().getShortUserName());
  Token<DelegationTokenIdentifier> hcatToken =
      new Token<DelegationTokenIdentifier>();
  hcatToken.decodeFromUrlString(hcatTokenStr);

  // overwrite the value of the service property of the token if the signature
  // override is specified.
  if (tokenSignatureOverwrite != null
      && tokenSignatureOverwrite.trim().length() > 0) {
    hcatToken.setService(new Text(tokenSignatureOverwrite.trim()
        .toLowerCase()));

    logger.info(HIVE_TOKEN_SIGNATURE_KEY + ":"
        + (tokenSignatureOverwrite == null ? "" : tokenSignatureOverwrite));
  }

  logger.info("Created hive metastore token: " + hcatTokenStr);
  logger.info("Token kind: " + hcatToken.getKind());
  logger.info("Token id: " + hcatToken.getIdentifier());
  logger.info("Token service: " + hcatToken.getService());
  return hcatToken;
}
 

@Private
public static void createSessionToken(String tokenIdentifier,
    JobTokenSecretManager jobTokenSecretManager,
    Credentials credentials) {
  JobTokenIdentifier identifier = new JobTokenIdentifier(new Text(
      tokenIdentifier));
  Token<JobTokenIdentifier> sessionToken = new Token<JobTokenIdentifier>(identifier,
      jobTokenSecretManager);
  sessionToken.setService(identifier.getJobId());
  TokenCache.setSessionToken(sessionToken, credentials);
}
 

private Token<StramDelegationTokenIdentifier> allocateDelegationToken(String username, InetSocketAddress address)
{
  StramDelegationTokenIdentifier identifier = new StramDelegationTokenIdentifier(new Text(username), new Text(""), new Text(""));
  String service = address.getAddress().getHostAddress() + ":" + address.getPort();
  Token<StramDelegationTokenIdentifier> stramToken = new Token<>(identifier, delegationTokenManager);
  stramToken.setService(new Text(service));
  return stramToken;
}
 

public static ByteBuffer getTokens(StramDelegationTokenManager delegationTokenManager, InetSocketAddress heartbeatAddress) throws IOException
{
  if (UserGroupInformation.isSecurityEnabled()) {
    UserGroupInformation ugi = UserGroupInformation.getLoginUser();
    StramDelegationTokenIdentifier identifier = new StramDelegationTokenIdentifier(new Text(ugi.getUserName()), new Text(""), new Text(""));
    String service = heartbeatAddress.getAddress().getHostAddress() + ":" + heartbeatAddress.getPort();
    Token<StramDelegationTokenIdentifier> stramToken = new Token<>(identifier, delegationTokenManager);
    stramToken.setService(new Text(service));
    return getTokens(ugi, stramToken);
  }
  return null;
}
 

private String createClientToken(String username, String service) throws IOException
{
  StramDelegationTokenIdentifier tokenIdentifier = new StramDelegationTokenIdentifier(new Text(username), new Text(loginUser), new Text());
  //tokenIdentifier.setSequenceNumber(sequenceNumber.getAndAdd(1));
  //byte[] password = tokenManager.addIdentifier(tokenIdentifier);
  //Token<StramDelegationTokenIdentifier> token = new Token<StramDelegationTokenIdentifier>(tokenIdentifier.getBytes(), password, tokenIdentifier.getKind(), new Text(service));
  Token<StramDelegationTokenIdentifier> token = new Token<>(tokenIdentifier, tokenManager);
  token.setService(new Text(service));
  return token.encodeToUrlString();
}
 

@Override
public Token<?> getDelegationToken(String renewer) throws IOException {
  Token<?> token = new Token<TokenIdentifier>();
  token.setService(new Text(getCanonicalServiceName()));
  return token;
}
 

@Test
public void testBadProgress() throws Exception {
  TezConfiguration conf = new TezConfiguration();
  conf.setBoolean(TezConfiguration.TEZ_AM_CREDENTIALS_MERGE, true);
  conf.setBoolean(TezConfiguration.TEZ_LOCAL_MODE, true);
  conf.set(TezConfiguration.TEZ_AM_STAGING_DIR, TEST_DIR.toString());
  ApplicationId appId = ApplicationId.newInstance(1, 1);
  ApplicationAttemptId attemptId = ApplicationAttemptId.newInstance(appId, 1);

  // create some sample AM credentials
  Credentials amCreds = new Credentials();
  JobTokenSecretManager jtsm = new JobTokenSecretManager();
  JobTokenIdentifier identifier = new JobTokenIdentifier(
      new Text(appId.toString()));
  Token<JobTokenIdentifier> sessionToken =
      new Token<JobTokenIdentifier>(identifier, jtsm);
  sessionToken.setService(identifier.getJobId());
  TokenCache.setSessionToken(sessionToken, amCreds);
  TestTokenSecretManager ttsm = new TestTokenSecretManager();
  Text tokenAlias1 = new Text("alias1");
  Token<TestTokenIdentifier> amToken1 = new Token<TestTokenIdentifier>(
      new TestTokenIdentifier(new Text("amtoken1")), ttsm);
  amCreds.addToken(tokenAlias1, amToken1);

  FileSystem fs = FileSystem.getLocal(conf);
  FSDataOutputStream sessionJarsPBOutStream =
      TezCommonUtils.createFileForAM(fs, new Path(TEST_DIR.toString(),
          TezConstants.TEZ_AM_LOCAL_RESOURCES_PB_FILE_NAME));
  DAGProtos.PlanLocalResourcesProto.getDefaultInstance()
      .writeDelimitedTo(sessionJarsPBOutStream);
  sessionJarsPBOutStream.close();
  DAGAppMaster am = spy(new DAGAppMaster(attemptId,
      ContainerId.newContainerId(attemptId, 1),
      "127.0.0.1", 0, 0, new MonotonicClock(), 1, true,
      TEST_DIR.toString(), new String[] {TEST_DIR.toString()},
      new String[] {TEST_DIR.toString()},
      new TezApiVersionInfo().getVersion(), amCreds,
      "someuser", null));
  when(am.getState()).thenReturn(DAGAppMasterState.RUNNING);
  am.init(conf);
  am.start();
  Credentials dagCreds = new Credentials();
  Token<TestTokenIdentifier> dagToken1 = new Token<TestTokenIdentifier>(
      new TestTokenIdentifier(new Text("dagtoken1")), ttsm);
  dagCreds.addToken(tokenAlias1, dagToken1);
  Text tokenAlias3 = new Text("alias3");
  Token<TestTokenIdentifier> dagToken2 = new Token<TestTokenIdentifier>(
      new TestTokenIdentifier(new Text("dagtoken2")), ttsm);
  dagCreds.addToken(tokenAlias3, dagToken2);
  TezDAGID dagId = TezDAGID.getInstance(appId, 1);
  DAGPlan dagPlan = DAGPlan.newBuilder()
      .setName("somedag")
      .setCredentialsBinary(
          DagTypeConverters.convertCredentialsToProto(dagCreds))
      .build();
  DAGImpl dag = spy(am.createDAG(dagPlan, dagId));
  am.setCurrentDAG(dag);
  when(dag.getState()).thenReturn(DAGState.RUNNING);
  Map<TezVertexID, Vertex> map = new HashMap<TezVertexID, Vertex>();
  TezVertexID mockVertexID = mock(TezVertexID.class);
  Vertex mockVertex = mock(Vertex.class);
  when(mockVertex.getProgress()).thenReturn(Float.NaN);
  map.put(mockVertexID, mockVertex);
  when(dag.getVertices()).thenReturn(map);
  when(dag.getTotalVertices()).thenReturn(1);
  Assert.assertEquals("Progress was NaN and should be reported as 0",
      0, am.getProgress(), 0);
  when(mockVertex.getProgress()).thenReturn(-10f);
  Assert.assertEquals("Progress was negative and should be reported as 0",
      0, am.getProgress(), 0);
  when(mockVertex.getProgress()).thenReturn(1.0000567f);
  Assert.assertEquals(
      "Progress was greater than 1 by a small float precision "
          + "1.0000567 and should be reported as 1",
      1.0f, am.getProgress(), 0.0f);
  when(mockVertex.getProgress()).thenReturn(10f);
  Assert.assertEquals(
      "Progress was greater than 1 and should be reported as 1",
      1.0f, am.getProgress(), 0.0f);
}