Java Code Examples for org.apache.hadoop.yarn.security.NMTokenIdentifier#getApplicationAttemptId()

The following examples show how to use org.apache.hadoop.yarn.security.NMTokenIdentifier#getApplicationAttemptId() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: NMTokenSecretManagerInNM.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * This method will be used to verify NMTokens generated by different master
 * keys.
 */
@Override
public synchronized byte[] retrievePassword(NMTokenIdentifier identifier)
    throws InvalidToken {
  int keyId = identifier.getKeyId();
  ApplicationAttemptId appAttemptId = identifier.getApplicationAttemptId();

  /*
   * MasterKey used for retrieving password will be as follows. 1) By default
   * older saved master key will be used. 2) If identifier's master key id
   * matches that of previous master key id then previous key will be used. 3)
   * If identifier's master key id matches that of current master key id then
   * current key will be used.
   */
  MasterKeyData oldMasterKey = oldMasterKeys.get(appAttemptId);
  MasterKeyData masterKeyToUse = oldMasterKey;
  if (previousMasterKey != null
      && keyId == previousMasterKey.getMasterKey().getKeyId()) {
    masterKeyToUse = previousMasterKey;
  } else if (keyId == currentMasterKey.getMasterKey().getKeyId()) {
    masterKeyToUse = currentMasterKey;
  }
  
  if (nodeId != null && !identifier.getNodeId().equals(nodeId)) {
    throw new InvalidToken("Given NMToken for application : "
        + appAttemptId.toString() + " is not valid for current node manager."
        + "expected : " + nodeId.toString() + " found : "
        + identifier.getNodeId().toString());
  }
  
  if (masterKeyToUse != null) {
    byte[] password = retrivePasswordInternal(identifier, masterKeyToUse);
    LOG.debug("NMToken password retrieved successfully!!");
    return password;
  }

  throw new InvalidToken("Given NMToken for application : "
      + appAttemptId.toString() + " seems to have been generated illegally.");
}
 
Example 2
Source File: NMTokenSecretManagerInNM.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * This will be called by startContainer. It will add the master key into
 * the cache used for starting this container. This should be called before
 * validating the startContainer request.
 */
public synchronized void appAttemptStartContainer(
    NMTokenIdentifier identifier)
    throws org.apache.hadoop.security.token.SecretManager.InvalidToken {
  ApplicationAttemptId appAttemptId = identifier.getApplicationAttemptId();
  if (!appToAppAttemptMap.containsKey(appAttemptId.getApplicationId())) {
    // First application attempt for the given application
    appToAppAttemptMap.put(appAttemptId.getApplicationId(),
      new ArrayList<ApplicationAttemptId>());
  }
  MasterKeyData oldKey = oldMasterKeys.get(appAttemptId);

  if (oldKey == null) {
    // This is a new application attempt.
    appToAppAttemptMap.get(appAttemptId.getApplicationId()).add(appAttemptId);
  }
  if (oldKey == null
      || oldKey.getMasterKey().getKeyId() != identifier.getKeyId()) {
    // Update key only if it is modified.
    LOG.debug("NMToken key updated for application attempt : "
        + identifier.getApplicationAttemptId().toString());
    if (identifier.getKeyId() == currentMasterKey.getMasterKey()
      .getKeyId()) {
      updateAppAttemptKey(appAttemptId, currentMasterKey);
    } else if (previousMasterKey != null
        && identifier.getKeyId() == previousMasterKey.getMasterKey()
          .getKeyId()) {
      updateAppAttemptKey(appAttemptId, previousMasterKey);
    } else {
      throw new InvalidToken(
        "Older NMToken should not be used while starting the container.");
    }
  }
}
 
Example 3
Source File: NMTokenSecretManagerInNM.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * This method will be used to verify NMTokens generated by different master
 * keys.
 */
@Override
public synchronized byte[] retrievePassword(NMTokenIdentifier identifier)
    throws InvalidToken {
  int keyId = identifier.getKeyId();
  ApplicationAttemptId appAttemptId = identifier.getApplicationAttemptId();

  /*
   * MasterKey used for retrieving password will be as follows. 1) By default
   * older saved master key will be used. 2) If identifier's master key id
   * matches that of previous master key id then previous key will be used. 3)
   * If identifier's master key id matches that of current master key id then
   * current key will be used.
   */
  MasterKeyData oldMasterKey = oldMasterKeys.get(appAttemptId);
  MasterKeyData masterKeyToUse = oldMasterKey;
  if (previousMasterKey != null
      && keyId == previousMasterKey.getMasterKey().getKeyId()) {
    masterKeyToUse = previousMasterKey;
  } else if (keyId == currentMasterKey.getMasterKey().getKeyId()) {
    masterKeyToUse = currentMasterKey;
  }
  
  if (nodeId != null && !identifier.getNodeId().equals(nodeId)) {
    throw new InvalidToken("Given NMToken for application : "
        + appAttemptId.toString() + " is not valid for current node manager."
        + "expected : " + nodeId.toString() + " found : "
        + identifier.getNodeId().toString());
  }
  
  if (masterKeyToUse != null) {
    byte[] password = retrivePasswordInternal(identifier, masterKeyToUse);
    LOG.debug("NMToken password retrieved successfully!!");
    return password;
  }

  throw new InvalidToken("Given NMToken for application : "
      + appAttemptId.toString() + " seems to have been generated illegally.");
}
 
Example 4
Source File: NMTokenSecretManagerInNM.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * This will be called by startContainer. It will add the master key into
 * the cache used for starting this container. This should be called before
 * validating the startContainer request.
 */
public synchronized void appAttemptStartContainer(
    NMTokenIdentifier identifier)
    throws org.apache.hadoop.security.token.SecretManager.InvalidToken {
  ApplicationAttemptId appAttemptId = identifier.getApplicationAttemptId();
  if (!appToAppAttemptMap.containsKey(appAttemptId.getApplicationId())) {
    // First application attempt for the given application
    appToAppAttemptMap.put(appAttemptId.getApplicationId(),
      new ArrayList<ApplicationAttemptId>());
  }
  MasterKeyData oldKey = oldMasterKeys.get(appAttemptId);

  if (oldKey == null) {
    // This is a new application attempt.
    appToAppAttemptMap.get(appAttemptId.getApplicationId()).add(appAttemptId);
  }
  if (oldKey == null
      || oldKey.getMasterKey().getKeyId() != identifier.getKeyId()) {
    // Update key only if it is modified.
    LOG.debug("NMToken key updated for application attempt : "
        + identifier.getApplicationAttemptId().toString());
    if (identifier.getKeyId() == currentMasterKey.getMasterKey()
      .getKeyId()) {
      updateAppAttemptKey(appAttemptId, currentMasterKey);
    } else if (previousMasterKey != null
        && identifier.getKeyId() == previousMasterKey.getMasterKey()
          .getKeyId()) {
      updateAppAttemptKey(appAttemptId, previousMasterKey);
    } else {
      throw new InvalidToken(
        "Older NMToken should not be used while starting the container.");
    }
  }
}