@VisibleForTesting Token<?> getDelegationTokenFromHS(MRClientProtocol hsProxy) throws IOException, InterruptedException { GetDelegationTokenRequest request = recordFactory .newRecordInstance(GetDelegationTokenRequest.class); request.setRenewer(Master.getMasterPrincipal(conf)); org.apache.hadoop.yarn.api.records.Token mrDelegationToken; mrDelegationToken = hsProxy.getDelegationToken(request) .getDelegationToken(); return ConverterUtils.convertFromYarn(mrDelegationToken, hsProxy.getConnectAddress()); }
@VisibleForTesting Token<?> getDelegationTokenFromHS(MRClientProtocol hsProxy) throws IOException, InterruptedException { GetDelegationTokenRequest request = recordFactory .newRecordInstance(GetDelegationTokenRequest.class); request.setRenewer(Master.getMasterPrincipal(conf)); org.apache.hadoop.yarn.api.records.Token mrDelegationToken; mrDelegationToken = hsProxy.getDelegationToken(request) .getDelegationToken(); return ConverterUtils.convertFromYarn(mrDelegationToken, hsProxy.getConnectAddress()); }
/** * Add an MR_DELEGATION_TOKEN to the {@link Credentials} provided. * @param credentials the credentials object which is updated * @param config launcher AM configuration * @param props properties for getting credential token or certificate * @param context workflow context * @throws Exception thrown if failed */ @Override public void updateCredentials(Credentials credentials, Configuration config, CredentialsProperties props, ActionExecutor.Context context) throws Exception { try { LOG.debug("Instantiating JHS Proxy"); MRClientProtocol hsProxy = instantiateHistoryProxy(config, context); Text hsService = SecurityUtil.buildTokenService(hsProxy.getConnectAddress()); LOG.debug("Getting delegation token for {0}", hsService.toString()); Token<?> jhsToken = getDelegationTokenFromJHS(hsProxy, new HadoopTokenHelper().getServerPrincipal(config)); LOG.debug("Acquired token {0}", jhsToken); credentials.addToken(hsService, jhsToken); } catch (IOException | InterruptedException ex) { LOG.debug("exception in updateCredentials", ex); throw new CredentialException(ErrorCode.E0512, ex.getMessage(), ex); } }
/** * Add an MR_DELEGATION_TOKEN to the {@link Credentials} provided. * @param credentials the credentials object which is updated * @param config launcher AM configuration * @param props properties for getting credential token or certificate * @param context workflow context * @throws Exception thrown if failed */ @Override public void updateCredentials(Credentials credentials, Configuration config, CredentialsProperties props, ActionExecutor.Context context) throws Exception { try { LOG.debug("Instantiating JHS Proxy"); MRClientProtocol hsProxy = instantiateHistoryProxy(config, context); Text hsService = SecurityUtil.buildTokenService(hsProxy.getConnectAddress()); LOG.debug("Getting delegation token for {0}", hsService.toString()); Token<?> jhsToken = getDelegationTokenFromJHS(hsProxy, new HadoopTokenHelper().getServerPrincipal(config)); LOG.debug("Acquired token {0}", jhsToken); credentials.addToken(hsService, jhsToken); } catch (IOException | InterruptedException ex) { LOG.debug("exception in updateCredentials", ex); throw new CredentialException(ErrorCode.E0512, ex.getMessage(), ex); } }
@VisibleForTesting void addHistoryToken(Credentials ts) throws IOException, InterruptedException { /* check if we have a hsproxy, if not, no need */ MRClientProtocol hsProxy = clientCache.getInitializedHSProxy(); if (UserGroupInformation.isSecurityEnabled() && (hsProxy != null)) { /* * note that get delegation token was called. Again this is hack for oozie * to make sure we add history server delegation tokens to the credentials */ RMDelegationTokenSelector tokenSelector = new RMDelegationTokenSelector(); Text service = resMgrDelegate.getRMDelegationTokenService(); if (tokenSelector.selectToken(service, ts.getAllTokens()) != null) { Text hsService = SecurityUtil.buildTokenService(hsProxy .getConnectAddress()); if (ts.getToken(hsService) == null) { ts.addToken(hsService, getDelegationTokenFromHS(hsProxy)); } } } }
@VisibleForTesting void addHistoryToken(Credentials ts) throws IOException, InterruptedException { /* check if we have a hsproxy, if not, no need */ MRClientProtocol hsProxy = clientCache.getInitializedHSProxy(); if (UserGroupInformation.isSecurityEnabled() && (hsProxy != null)) { /* * note that get delegation token was called. Again this is hack for oozie * to make sure we add history server delegation tokens to the credentials */ RMDelegationTokenSelector tokenSelector = new RMDelegationTokenSelector(); Text service = resMgrDelegate.getRMDelegationTokenService(); if (tokenSelector.selectToken(service, ts.getAllTokens()) != null) { Text hsService = SecurityUtil.buildTokenService(hsProxy .getConnectAddress()); if (ts.getToken(hsService) == null) { ts.addToken(hsService, getDelegationTokenFromHS(hsProxy)); } } } }
/** * Get a Delegation token from the JHS. * Copied over from YARNRunner in Hadoop. * @param hsProxy protcol used to get the token * @return The RM_DELEGATION_TOKEN that can be used to talk to JHS * @throws IOException * @throws InterruptedException */ private Token<?> getDelegationTokenFromJHS(final MRClientProtocol hsProxy, final String renewer) throws IOException, InterruptedException { GetDelegationTokenRequest request = RecordFactoryProvider .getRecordFactory(null).newRecordInstance(GetDelegationTokenRequest.class); LOG.debug("Creating requsest to JHS using renewer [{0}]", renewer); request.setRenewer(renewer); org.apache.hadoop.yarn.api.records.Token mrDelegationToken = hsProxy.getDelegationToken(request) .getDelegationToken(); LOG.debug("Got token to JHS : {0}. Converting token.", mrDelegationToken); return ConverterUtils.convertFromYarn(mrDelegationToken, hsProxy.getConnectAddress()); }
doReturn(mockHsAddress).when(mockHsProxy).getConnectAddress(); doReturn(getDtResponse).when(mockHsProxy).getDelegationToken( any(GetDelegationTokenRequest.class));
/** * Get a Delegation token from the JHS. * Copied over from YARNRunner in Hadoop. * @param hsProxy protcol used to get the token * @return The RM_DELEGATION_TOKEN that can be used to talk to JHS * @throws IOException * @throws InterruptedException */ private Token<?> getDelegationTokenFromJHS(final MRClientProtocol hsProxy, final String renewer) throws IOException, InterruptedException { GetDelegationTokenRequest request = RecordFactoryProvider .getRecordFactory(null).newRecordInstance(GetDelegationTokenRequest.class); LOG.debug("Creating requsest to JHS using renewer [{0}]", renewer); request.setRenewer(renewer); org.apache.hadoop.yarn.api.records.Token mrDelegationToken = hsProxy.getDelegationToken(request) .getDelegationToken(); LOG.debug("Got token to JHS : {0}. Converting token.", mrDelegationToken); return ConverterUtils.convertFromYarn(mrDelegationToken, hsProxy.getConnectAddress()); }