private static Text getClusterId(Token<AuthenticationTokenIdentifier> token) throws IOException { return token.getService() != null ? token.getService() : new Text("default"); }
/** Match token service field to alias text. True if alias is null. */ private static boolean matchAlias(Token<?> token, Text alias) { return alias == null || token.getService().equals(alias); }
/** * Decode the given token's service field into an InetAddress * @param token from which to obtain the service * @return InetAddress for the service */ public static InetSocketAddress getTokenServiceAddr(Token<?> token) { return NetUtils.createSocketAddr(token.getService().toString()); }
/** * Add a token to this UGI * * @param token Token to be added * @return true on successful add of new token */ public boolean addToken(Token<? extends TokenIdentifier> token) { return (token != null) ? addToken(token.getService(), token) : false; }
@Override public Token<AuthenticationTokenIdentifier> selectToken(Text serviceName, Collection<Token<? extends TokenIdentifier>> tokens) { if (serviceName != null) { for (Token ident : tokens) { if (serviceName.equals(ident.getService()) && AuthenticationTokenIdentifier.AUTH_TOKEN_TYPE.equals(ident.getKind())) { if (LOG.isDebugEnabled()) { LOG.debug("Returning token "+ident); } return (Token<AuthenticationTokenIdentifier>)ident; } } } LOG.debug("No matching token found"); return null; } }
@SuppressWarnings("unchecked") @Override public Token<TokenIdent> selectToken(Text service, Collection<Token<? extends TokenIdentifier>> tokens) { if (service == null) { return null; } for (Token<? extends TokenIdentifier> token : tokens) { if (kindName.equals(token.getKind()) && service.equals(token.getService())) { return (Token<TokenIdent>) token; } } return null; } }
private static KeyProvider createKeyProvider( Token<?> token, Configuration conf) throws IOException { String service = token.getService().toString(); URI uri; if (service != null && service.startsWith(SCHEME_NAME + ":/")) { LOG.debug("Creating key provider with token service value {}", service); uri = URI.create(service); } else { // conf fallback uri = KMSUtil.getKeyProviderUri(conf); } return (uri != null) ? KMSUtil.createKeyProviderFromUri(conf, uri) : null; } }
@Override public Token<LlapTokenIdentifier> selectToken(Text service, Collection<Token<? extends TokenIdentifier>> tokens) { if (service == null) return null; if (LOG.isDebugEnabled()) { LOG.debug("Looking for a token with service " + service); } for (Token<? extends TokenIdentifier> token : tokens) { if (LOG.isDebugEnabled()) { LOG.debug("Token = " + token.getKind() + "; service = " + token.getService()); } if (LlapTokenIdentifier.KIND_NAME.equals(token.getKind()) && service.equals(token.getService())) { @SuppressWarnings("unchecked") Token<LlapTokenIdentifier> result = (Token<LlapTokenIdentifier>)token; return result; } } return null; } }
/** * Returns the Token of the specified kind associated with this user, * or null if the Token is not present. * * @param kind the kind of token * @param service service on which the token is supposed to be used * @return the token of the specified kind. */ public Token<?> getToken(String kind, String service) throws IOException { for (Token<?> token : ugi.getTokens()) { if (token.getKind().toString().equals(kind) && (service != null && token.getService().toString().equals(service))) { return token; } } return null; }
credentials.addToken(token.getService(), token); LOG.info("Added HBase Kerberos security token to credentials."); } catch (ClassNotFoundException
private static void getHdfsToken(Configuration conf, Credentials cred) throws IOException { FileSystem fs = FileSystem.get(conf); LOG.info("Getting DFS token from " + fs.getUri()); Token<?> fsToken = fs.getDelegationToken(getMRTokenRenewerInternal(new JobConf()).toString()); if (fsToken == null) { LOG.error("Failed to fetch DFS token for "); throw new IOException("Failed to fetch DFS token."); } LOG.info("Created DFS token: " + fsToken.toString()); LOG.info("Token kind: " + fsToken.getKind()); LOG.info("Token id: " + Arrays.toString(fsToken.getIdentifier())); LOG.info("Token service: " + fsToken.getService()); cred.addToken(fsToken.getService(), fsToken); }
public Object run() throws IOException { Credentials cred = new Credentials(); for(Token<?> fsToken : fsTokens) { cred.addToken(fsToken.getService(), fsToken); } cred.addToken(msToken.getService(), msToken); cred.writeTokenStorageFile(tokenPath, conf); return null; } });
private static void getJtToken(Credentials cred) throws IOException { try { JobConf jobConf = new JobConf(); JobClient jobClient = new JobClient(jobConf); LOG.info("Pre-fetching JT token from JobTracker"); Token<DelegationTokenIdentifier> mrdt = jobClient.getDelegationToken(getMRTokenRenewerInternal(jobConf)); if (mrdt == null) { LOG.error("Failed to fetch JT token"); throw new IOException("Failed to fetch JT token."); } LOG.info("Created JT token: " + mrdt.toString()); LOG.info("Token kind: " + mrdt.getKind()); LOG.info("Token id: " + Arrays.toString(mrdt.getIdentifier())); LOG.info("Token service: " + mrdt.getService()); cred.addToken(mrdt.getService(), mrdt); } catch (InterruptedException ie) { throw new IOException(ie); } }
/** * Converts a Token instance (with embedded identifier) to the protobuf representation. * * @param token the Token instance to copy * @return the protobuf Token message */ public static AuthenticationProtos.Token toToken(Token<AuthenticationTokenIdentifier> token) { AuthenticationProtos.Token.Builder builder = AuthenticationProtos.Token.newBuilder(); builder.setIdentifier(ByteString.copyFrom(token.getIdentifier())); builder.setPassword(ByteString.copyFrom(token.getPassword())); if (token.getService() != null) { builder.setService(ByteString.copyFromUtf8(token.getService().toString())); } return builder.build(); }
/** * Construct a TokenProto from this Token instance. * @return a new TokenProto object holding copies of data in this instance */ public TokenProto toTokenProto() { return TokenProto.newBuilder(). setIdentifier(ByteString.copyFrom(this.getIdentifier())). setPassword(ByteString.copyFrom(this.getPassword())). setKindBytes(ByteString.copyFrom( this.getKind().getBytes(), 0, this.getKind().getLength())). setServiceBytes(ByteString.copyFrom( this.getService().getBytes(), 0, this.getService().getLength())). build(); }
/** * Write a {@link Token} to a given file. * * @param token the token to write * @param tokenFilePath the token file path * @param configuration a {@link Configuration} object carrying Hadoop configuration properties * @throws IOException */ public static void writeTokenToFile(Token<? extends TokenIdentifier> token, Path tokenFilePath, Configuration configuration) throws IOException { Credentials credentials = new Credentials(); credentials.addToken(token.getService(), token); credentials.writeTokenStorageFile(tokenFilePath, configuration); }
/** * Checks for an authentication token for the given user, obtaining a new token if necessary, * and adds it to the credentials for the given map reduce job. * * @param conn The HBase cluster connection * @param user The user for whom to obtain the token * @param job The job instance in which the token should be stored * @throws IOException If making a remote call to the authentication service fails * @throws InterruptedException If executing as the given user is interrupted */ public static void addTokenForJob(final Connection conn, User user, Job job) throws IOException, InterruptedException { Token<AuthenticationTokenIdentifier> token = getAuthToken(conn.getConfiguration(), user); if (token == null) { token = obtainToken(conn, user); } job.getCredentials().addToken(token.getService(), token); }
/** * Checks for an authentication token for the given user, obtaining a new token if necessary, * and adds it to the credentials for the given map reduce job. * * @param conn The HBase cluster connection * @param user The user for whom to obtain the token * @param job The job configuration in which the token should be stored * @throws IOException If making a remote call to the authentication service fails * @throws InterruptedException If executing as the given user is interrupted */ public static void addTokenForJob(final Connection conn, final JobConf job, User user) throws IOException, InterruptedException { Token<AuthenticationTokenIdentifier> token = getAuthToken(conn.getConfiguration(), user); if (token == null) { token = obtainToken(conn, user); } job.getCredentials().addToken(token.getService(), token); }
/** * Checks if an authentication tokens exists for the connected cluster, * obtaining one if needed and adding it to the user's credentials. * * @param conn The HBase cluster connection * @param user The user for whom to obtain the token * @throws IOException If making a remote call to the authentication service fails * @throws InterruptedException If executing as the given user is interrupted * @return true if the token was added, false if it already existed */ public static boolean addTokenIfMissing(Connection conn, User user) throws IOException, InterruptedException { Token<AuthenticationTokenIdentifier> token = getAuthToken(conn.getConfiguration(), user); if (token == null) { token = obtainToken(conn, user); user.getUGI().addToken(token.getService(), token); return true; } return false; }
/** * Generate a DelegationTokenAuthenticatedURL.Token from the given generic * typed delegation token. * * @param dToken The delegation token. * @return The DelegationTokenAuthenticatedURL.Token, with its delegation * token set to the delegation token passed in. */ private DelegationTokenAuthenticatedURL.Token generateDelegationToken( final Token<?> dToken) { DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token(); Token<AbstractDelegationTokenIdentifier> dt = new Token<>(dToken.getIdentifier(), dToken.getPassword(), dToken.getKind(), dToken.getService()); token.setDelegationToken(dt); return token; }