List of usage examples for org.apache.hadoop.security Credentials numberOfTokens
public int numberOfTokens()
From source file:org.apache.falcon.catalog.HiveCatalogService.java
License:Apache License
private static Credentials getCredentials(Configuration conf) throws IOException { final String tokenFile = System.getenv("HADOOP_TOKEN_FILE_LOCATION"); if (tokenFile == null) { return null; }//from w ww . ja va 2s . c om try { LOG.info("Adding credentials/delegation tokens from token file={} to conf", tokenFile); Credentials credentials = Credentials.readTokenStorageFile(new File(tokenFile), conf); LOG.info("credentials numberOfTokens={}, numberOfSecretKeys={}", credentials.numberOfTokens(), credentials.numberOfSecretKeys()); return credentials; } catch (IOException e) { LOG.warn("error while fetching credentials from {}", tokenFile); } return null; }
From source file:org.apache.reef.runtime.yarn.client.UserCredentialSecurityTokenProvider.java
License:Apache License
@Override public byte[] getTokens() { try {/*from ww w . ja v a 2s. c o m*/ final UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); final Credentials credentials = ugi.getCredentials(); if (credentials.numberOfTokens() > 0) { try (final DataOutputBuffer dob = new DataOutputBuffer()) { credentials.writeTokenStorageToStream(dob); return dob.getData(); } } } catch (IOException e) { LOG.log(Level.WARNING, "Could not access tokens in user credentials.", e); } LOG.log(Level.FINE, "No security token found."); return null; }
From source file:org.apache.slider.client.TokensOperation.java
License:Apache License
public int actionTokens(ActionTokensArgs args, FileSystem fs, Configuration conf, YarnClientImpl yarnClient) throws IOException, YarnException { Credentials credentials; String footnote = ""; UserGroupInformation user = UserGroupInformation.getCurrentUser(); boolean isSecure = UserGroupInformation.isSecurityEnabled(); if (args.keytab != null) { File keytab = args.keytab; if (!keytab.isFile()) { throw new NotFoundException(E_NO_KEYTAB + keytab.getAbsolutePath()); }//www . jav a 2 s . c om String principal = args.principal; log.info("Logging in as {} from keytab {}", principal, keytab); user = UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keytab.getCanonicalPath()); } Credentials userCredentials = user.getCredentials(); File output = args.output; if (output != null) { if (!isSecure) { throw new BadClusterStateException(E_INSECURE); } credentials = new Credentials(userCredentials); // filesystem addRMRenewableFSDelegationTokens(conf, fs, credentials); addRMDelegationToken(yarnClient, credentials); if (maybeAddTimelineToken(conf, credentials) != null) { log.debug("Added timeline token"); } saveTokens(output, credentials); String filename = output.getCanonicalPath(); footnote = String.format( "%d tokens saved to %s\n" + "To use these in the environment:\n" + "export %s=%s", credentials.numberOfTokens(), filename, UserGroupInformation.HADOOP_TOKEN_FILE_LOCATION, filename); } else if (args.source != null) { File source = args.source; log.info("Reading credentials from file {}", source); if (!source.isFile()) { throw new NotFoundException(E_MISSING_SOURCE_FILE + source.getAbsolutePath()); } credentials = Credentials.readTokenStorageFile(args.source, conf); } else { StringBuffer origin = new StringBuffer(); File file = locateEnvCredentials(System.getenv(), conf, origin); if (file != null) { log.info("Credential Source {}", origin); } else { log.info("Credential source: logged in user"); } credentials = userCredentials; } // list the tokens log.info("\n{}", dumpTokens(credentials, "\n")); if (!footnote.isEmpty()) { log.info(footnote); } return 0; }
From source file:org.apache.tez.common.impl.LogUtils.java
License:Apache License
public static void logCredentials(Log log, Credentials credentials, String identifier) { if (log.isDebugEnabled()) { StringBuilder sb = new StringBuilder(); sb.append("#" + identifier + "Tokens=").append(credentials.numberOfTokens()); if (credentials.numberOfTokens() > 0) { sb.append(", Services: "); for (Token<?> t : credentials.getAllTokens()) { sb.append(t.getService()).append(","); }//from w ww .jav a2 s . co m } log.debug(sb.toString()); } }
From source file:org.apache.tez.common.TezCommonUtils.java
License:Apache License
public static String getCredentialsInfo(Credentials credentials, String identifier) { StringBuilder sb = new StringBuilder(); sb.append("Credentials: #" + identifier + "Tokens=").append(credentials.numberOfTokens()); if (credentials.numberOfTokens() > 0) { sb.append(", Services="); Iterator<Token<?>> tokenItr = credentials.getAllTokens().iterator(); if (tokenItr.hasNext()) { Token token = tokenItr.next(); sb.append(token.getService()).append("(").append(token.getKind()).append(")"); }/*from ww w . j ava 2s. co m*/ while (tokenItr.hasNext()) { Token token = tokenItr.next(); sb.append(",").append(token.getService()).append("(").append(token.getKind()).append(")"); } } return sb.toString(); }
From source file:org.apache.tez.dag.api.TestDAGPlan.java
License:Apache License
@Test(timeout = 5000) public void testCredentialsSerde() { DAG dag = DAG.create("testDag"); ProcessorDescriptor pd1 = ProcessorDescriptor.create("processor1") .setUserPayload(UserPayload.create(ByteBuffer.wrap("processor1Bytes".getBytes()))); ProcessorDescriptor pd2 = ProcessorDescriptor.create("processor2") .setUserPayload(UserPayload.create(ByteBuffer.wrap("processor2Bytes".getBytes()))); Vertex v1 = Vertex.create("v1", pd1, 10, Resource.newInstance(1024, 1)); Vertex v2 = Vertex.create("v2", pd2, 1, Resource.newInstance(1024, 1)); v1.setTaskLaunchCmdOpts("").setTaskEnvironment(new HashMap<String, String>()) .addTaskLocalFiles(new HashMap<String, LocalResource>()); v2.setTaskLaunchCmdOpts("").setTaskEnvironment(new HashMap<String, String>()) .addTaskLocalFiles(new HashMap<String, LocalResource>()); InputDescriptor inputDescriptor = InputDescriptor.create("input") .setUserPayload(UserPayload.create(ByteBuffer.wrap("inputBytes".getBytes()))); OutputDescriptor outputDescriptor = OutputDescriptor.create("output") .setUserPayload(UserPayload.create(ByteBuffer.wrap("outputBytes".getBytes()))); Edge edge = Edge.create(v1, v2, EdgeProperty.create(DataMovementType.SCATTER_GATHER, DataSourceType.PERSISTED, SchedulingType.SEQUENTIAL, outputDescriptor, inputDescriptor)); dag.addVertex(v1).addVertex(v2).addEdge(edge); Credentials dagCredentials = new Credentials(); Token<TokenIdentifier> token1 = new Token<TokenIdentifier>(); Token<TokenIdentifier> token2 = new Token<TokenIdentifier>(); dagCredentials.addToken(new Text("Token1"), token1); dagCredentials.addToken(new Text("Token2"), token2); dag.setCredentials(dagCredentials);//from w w w.ja v a 2 s. co m DAGPlan dagProto = dag.createDag(new TezConfiguration(), null, null, null, true); assertTrue(dagProto.hasCredentialsBinary()); Credentials fetchedCredentials = DagTypeConverters .convertByteStringToCredentials(dagProto.getCredentialsBinary()); assertEquals(2, fetchedCredentials.numberOfTokens()); assertNotNull(fetchedCredentials.getToken(new Text("Token1"))); assertNotNull(fetchedCredentials.getToken(new Text("Token2"))); }
From source file:org.apache.tez.dag.app.rm.container.AMContainerHelpers.java
License:Apache License
/** * Create the common {@link ContainerLaunchContext} for all attempts. * * @param applicationACLs//from w w w . j a va2s .com */ private static ContainerLaunchContext createCommonContainerLaunchContext( Map<ApplicationAccessType, String> applicationACLs, Credentials credentials, Map<String, LocalResource> localResources) { // Application environment Map<String, String> environment = new HashMap<String, String>(); // Service data Map<String, ByteBuffer> serviceData = new HashMap<String, ByteBuffer>(); // Tokens // Setup up task credentials buffer ByteBuffer containerCredentialsBuffer = ByteBuffer.wrap(new byte[] {}); try { Credentials containerCredentials = new Credentials(); // All Credentials need to be set so that YARN can localize the resources // correctly, even though they may not be used by all tasks which will run // on this container. LOG.info("Adding #" + credentials.numberOfTokens() + " tokens and #" + credentials.numberOfSecretKeys() + " secret keys for NM use for launching container"); containerCredentials.addAll(credentials); DataOutputBuffer containerTokens_dob = new DataOutputBuffer(); containerCredentials.writeTokenStorageToStream(containerTokens_dob); containerCredentialsBuffer = ByteBuffer.wrap(containerTokens_dob.getData(), 0, containerTokens_dob.getLength()); // Add shuffle token LOG.info("Putting shuffle token in serviceData"); serviceData.put(TezConstants.TEZ_SHUFFLE_HANDLER_SERVICE_ID, serializeServiceData(TokenCache.getSessionToken(containerCredentials))); } catch (IOException e) { throw new TezUncheckedException(e); } // Construct the actual Container // The null fields are per-container and will be constructed for each // container separately. ContainerLaunchContext container = ContainerLaunchContext.newInstance(localResources, environment, null, serviceData, containerCredentialsBuffer, applicationACLs); return container; }
From source file:org.apache.tez.engine.common.security.TokenCache.java
License:Apache License
/** * load job token from a file// www. ja v a 2 s .c o m * @param conf * @throws IOException */ @InterfaceAudience.Private public static Credentials loadTokens(String jobTokenFile, Configuration conf) throws IOException { Path localJobTokenFile = new Path("file:///" + jobTokenFile); Credentials ts = Credentials.readTokenStorageFile(localJobTokenFile, conf); if (LOG.isDebugEnabled()) { LOG.debug("Task: Loaded jobTokenFile from: " + localJobTokenFile.toUri().getPath() + "; num of sec keys = " + ts.numberOfSecretKeys() + " Number of tokens " + ts.numberOfTokens()); } return ts; }
From source file:org.apache.tez.runtime.task.TezChild.java
License:Apache License
/** * Setup// w ww . j a v a 2 s .c om * * @param containerTask * the new task specification. Must be a valid task * @param childUGI * the old UGI instance being used * @return childUGI */ UserGroupInformation handleNewTaskCredentials(ContainerTask containerTask, UserGroupInformation childUGI) { // Re-use the UGI only if the Credentials have not changed. Preconditions.checkState(!containerTask.shouldDie()); Preconditions.checkState(containerTask.getTaskSpec() != null); if (containerTask.haveCredentialsChanged()) { LOG.info("Refreshing UGI since Credentials have changed"); Credentials taskCreds = containerTask.getCredentials(); if (taskCreds != null) { LOG.info("Credentials : #Tokens=" + taskCreds.numberOfTokens() + ", #SecretKeys=" + taskCreds.numberOfSecretKeys()); childUGI = UserGroupInformation.createRemoteUser(user); childUGI.addCredentials(containerTask.getCredentials()); } else { LOG.info("Not loading any credentials, since no credentials provided"); } } return childUGI; }