List of usage examples for org.apache.hadoop.security Credentials readTokenStorageStream
public void readTokenStorageStream(DataInputStream in) throws IOException
From source file:co.cask.cdap.app.runtime.spark.distributed.SparkExecutionServiceTest.java
License:Apache License
@Test public void testWriteCredentials() throws Exception { ProgramRunId programRunId = new ProgramRunId("ns", "app", ProgramType.SPARK, "test", RunIds.generate().getId());//from w ww.j a v a 2 s . c o m // Start a service that doesn't support workflow token SparkExecutionService service = new SparkExecutionService(locationFactory, InetAddress.getLoopbackAddress().getCanonicalHostName(), programRunId, null); service.startAndWait(); try { SparkExecutionClient client = new SparkExecutionClient(service.getBaseURI(), programRunId); Location targetLocation = locationFactory.create(UUID.randomUUID().toString()).append("credentials"); client.writeCredentials(targetLocation); FileStatus status = dfsCluster.getFileSystem().getFileStatus(new Path(targetLocation.toURI())); // Verify the file permission is 600 Assert.assertEquals(FsAction.READ_WRITE, status.getPermission().getUserAction()); Assert.assertEquals(FsAction.NONE, status.getPermission().getGroupAction()); Assert.assertEquals(FsAction.NONE, status.getPermission().getOtherAction()); // Should be able to deserialize back to credentials Credentials credentials = new Credentials(); try (DataInputStream is = new DataInputStream(targetLocation.getInputStream())) { credentials.readTokenStorageStream(is); } // Call complete to notify the service it has been stopped client.completed(null); } finally { service.stopAndWait(); } }
From source file:co.cask.cdap.app.runtime.spark.SparkCredentialsUpdaterTest.java
License:Apache License
@Test public void testUpdater() throws Exception { Location credentialsDir = Locations.toLocation(TEMPORARY_FOLDER.newFolder()); // Create a updater that don't do any auto-update within the test time and don't cleanup SparkCredentialsUpdater updater = new SparkCredentialsUpdater(createCredentialsSupplier(), credentialsDir, "credentials", TimeUnit.DAYS.toMillis(1), TimeUnit.DAYS.toMillis(1), Integer.MAX_VALUE) { @Override/* w w w .j a v a 2s . c o m*/ long getNextUpdateDelay(Credentials credentials) throws IOException { return TimeUnit.DAYS.toMillis(1); } }; // Before the updater starts, the directory is empty Assert.assertTrue(credentialsDir.list().isEmpty()); UserGroupInformation.getCurrentUser().addToken( new Token<>(Bytes.toBytes("id"), Bytes.toBytes("pass"), new Text("kind"), new Text("service"))); updater.startAndWait(); try { List<Location> expectedFiles = new ArrayList<>(); expectedFiles.add(credentialsDir.append("credentials-1")); for (int i = 1; i <= 10; i++) { Assert.assertEquals(expectedFiles, listAndSort(credentialsDir)); // Read the credentials from the last file Credentials newCredentials = new Credentials(); try (DataInputStream is = new DataInputStream( expectedFiles.get(expectedFiles.size() - 1).getInputStream())) { newCredentials.readTokenStorageStream(is); } // Should contains all tokens of the current user Credentials userCredentials = UserGroupInformation.getCurrentUser().getCredentials(); for (Token<? extends TokenIdentifier> token : userCredentials.getAllTokens()) { Assert.assertEquals(token, newCredentials.getToken(token.getService())); } UserGroupInformation.getCurrentUser().addToken(new Token<>(Bytes.toBytes("id" + i), Bytes.toBytes("pass" + i), new Text("kind" + i), new Text("service" + i))); updater.run(); expectedFiles.add(credentialsDir.append("credentials-" + (i + 1))); } } finally { updater.stopAndWait(); } }
From source file:co.cask.cdap.security.impersonation.RemoteUGIProvider.java
License:Apache License
private static Credentials readCredentials(Location location) throws IOException { Credentials credentials = new Credentials(); try (DataInputStream input = new DataInputStream(new BufferedInputStream(location.getInputStream()))) { credentials.readTokenStorageStream(input); }/*ww w . jav a 2 s.co m*/ LOG.debug("Read credentials from {}", location); return credentials; }
From source file:org.apache.tez.common.TezCommonUtils.java
License:Apache License
public static Credentials parseCredentialsBytes(byte[] credentialsBytes) throws IOException { Credentials credentials = new Credentials(); DataInputBuffer dib = new DataInputBuffer(); try {/*from ww w . j a v a 2 s . co m*/ byte[] tokenBytes = credentialsBytes; dib.reset(tokenBytes, tokenBytes.length); credentials.readTokenStorageStream(dib); return credentials; } finally { dib.close(); } }
From source file:org.apache.tez.dag.api.DagTypeConverters.java
License:Apache License
public static Credentials convertByteStringToCredentials(ByteString byteString) { if (byteString == null) { return null; }/*from w w w .j a v a 2 s. c o m*/ DataInputByteBuffer dib = new DataInputByteBuffer(); dib.reset(byteString.asReadOnlyByteBuffer()); Credentials credentials = new Credentials(); try { credentials.readTokenStorageStream(dib); return credentials; } catch (IOException e) { throw new TezUncheckedException("Failed to deserialize Credentials", e); } }
From source file:org.apache.tez.service.impl.ContainerRunnerImpl.java
License:Apache License
/** * Submit a container which is ready for running. * The regular pull mechanism will be used to fetch work from the AM * @param request// w w w. j a va2s . co m * @throws TezException */ @Override public void queueContainer(RunContainerRequestProto request) throws TezException { LOG.info("Queuing container for execution: " + request); Map<String, String> env = new HashMap<String, String>(); env.putAll(localEnv); env.put(ApplicationConstants.Environment.USER.name(), request.getUser()); String[] localDirs = new String[localDirsBase.length]; // Setup up local dirs to be application specific, and create them. for (int i = 0; i < localDirsBase.length; i++) { localDirs[i] = createAppSpecificLocalDir(localDirsBase[i], request.getApplicationIdString(), request.getUser()); try { localFs.mkdirs(new Path(localDirs[i])); } catch (IOException e) { throw new TezException(e); } } LOG.info("Dirs for {} are {}", request.getContainerIdString(), Arrays.toString(localDirs)); // Setup workingDir. This is otherwise setup as Environment.PWD // Used for re-localization, to add the user specified configuration (conf_pb_binary_stream) String workingDir = localDirs[0]; Credentials credentials = new Credentials(); DataInputBuffer dib = new DataInputBuffer(); byte[] tokenBytes = request.getCredentialsBinary().toByteArray(); dib.reset(tokenBytes, tokenBytes.length); try { credentials.readTokenStorageStream(dib); } catch (IOException e) { throw new TezException(e); } Token<JobTokenIdentifier> jobToken = TokenCache.getSessionToken(credentials); // TODO Unregistering does not happen at the moment, since there's no signals on when an app completes. LOG.info("Registering request with the ShuffleHandler for containerId {}", request.getContainerIdString()); ShuffleHandler.get().registerApplication(request.getApplicationIdString(), jobToken, request.getUser()); ContainerRunnerCallable callable = new ContainerRunnerCallable(request, new Configuration(getConfig()), new ExecutionContextImpl(localAddress.get().getHostName()), env, localDirs, workingDir, credentials, memoryPerExecutor); ListenableFuture<ContainerExecutionResult> future = executorService.submit(callable); Futures.addCallback(future, new ContainerRunnerCallback(request, callable)); }
From source file:org.apache.tez.service.impl.ContainerRunnerImpl.java
License:Apache License
/** * Submit an entire work unit - containerId + TaskSpec. * This is intended for a task push from the AM * * @param request/*from w w w . j av a 2 s .c o m*/ * @throws org.apache.tez.dag.api.TezException */ @Override public void submitWork(SubmitWorkRequestProto request) throws TezException { LOG.info("Queuing work for execution: " + request); checkAndThrowExceptionForTests(request); Map<String, String> env = new HashMap<String, String>(); env.putAll(localEnv); env.put(ApplicationConstants.Environment.USER.name(), request.getUser()); String[] localDirs = new String[localDirsBase.length]; // Setup up local dirs to be application specific, and create them. for (int i = 0; i < localDirsBase.length; i++) { localDirs[i] = createAppSpecificLocalDir(localDirsBase[i], request.getApplicationIdString(), request.getUser()); try { localFs.mkdirs(new Path(localDirs[i])); } catch (IOException e) { throw new TezException(e); } } if (LOG.isDebugEnabled()) { LOG.debug("Dirs are: " + Arrays.toString(localDirs)); } // Setup workingDir. This is otherwise setup as Environment.PWD // Used for re-localization, to add the user specified configuration (conf_pb_binary_stream) String workingDir = localDirs[0]; Credentials credentials = new Credentials(); DataInputBuffer dib = new DataInputBuffer(); byte[] tokenBytes = request.getCredentialsBinary().toByteArray(); dib.reset(tokenBytes, tokenBytes.length); try { credentials.readTokenStorageStream(dib); } catch (IOException e) { throw new TezException(e); } Token<JobTokenIdentifier> jobToken = TokenCache.getSessionToken(credentials); // TODO Unregistering does not happen at the moment, since there's no signals on when an app completes. LOG.info("Registering request with the ShuffleHandler for containerId {}", request.getContainerIdString()); ShuffleHandler.get().registerApplication(request.getApplicationIdString(), jobToken, request.getUser()); TaskRunnerCallable callable = new TaskRunnerCallable(request, new Configuration(getConfig()), new ExecutionContextImpl(localAddress.get().getHostName()), env, localDirs, workingDir, credentials, memoryPerExecutor); ListenableFuture<ContainerExecutionResult> future = executorService.submit(callable); Futures.addCallback(future, new TaskRunnerCallback(request, callable)); }
From source file:org.apache.twill.internal.AbstractTwillService.java
License:Apache License
/** * Attempts to handle secure store update. * * @param message The message received/*from w ww. j a v a2s . com*/ * @return {@code true} if the message requests for secure store update, {@code false} otherwise. */ protected final boolean handleSecureStoreUpdate(Message message) { if (!SystemMessages.SECURE_STORE_UPDATED.equals(message)) { return false; } // If not in secure mode, simply ignore the message. if (!UserGroupInformation.isSecurityEnabled()) { return true; } try { Credentials credentials = new Credentials(); Location location = getSecureStoreLocation(); DataInputStream input = new DataInputStream(new BufferedInputStream(location.getInputStream())); try { credentials.readTokenStorageStream(input); } finally { input.close(); } UserGroupInformation.getCurrentUser().addCredentials(credentials); this.credentials = credentials; LOG.info("Secure store updated from {}.", location.toURI()); } catch (Throwable t) { LOG.error("Failed to update secure store.", t); } return true; }
From source file:org.apache.twill.internal.container.TwillContainerMain.java
License:Apache License
private static void loadSecureStore() throws IOException { if (!UserGroupInformation.isSecurityEnabled()) { return;//from w w w.j a va 2s . c om } File file = new File(Constants.Files.CREDENTIALS); if (file.exists()) { Credentials credentials = new Credentials(); try (DataInputStream input = new DataInputStream(new FileInputStream(file))) { credentials.readTokenStorageStream(input); } UserGroupInformation.getCurrentUser().addCredentials(credentials); LOG.info("Secure store updated from {}", file); } }
From source file:org.apache.twill.internal.yarn.AbstractYarnTwillService.java
License:Apache License
/** * Attempts to handle secure store update. * * @param message The message received//from ww w.jav a2 s. c om * @return {@code true} if the message requests for secure store update, {@code false} otherwise. */ protected final boolean handleSecureStoreUpdate(Message message) { if (!SystemMessages.SECURE_STORE_UPDATED.equals(message)) { return false; } // If not in secure mode, simply ignore the message. if (!UserGroupInformation.isSecurityEnabled()) { return true; } try { Credentials credentials = new Credentials(); Location location = getSecureStoreLocation(); try (DataInputStream input = new DataInputStream(new BufferedInputStream(location.getInputStream()))) { credentials.readTokenStorageStream(input); } UserGroupInformation.getCurrentUser().addCredentials(credentials); // CDAP-5844 Workaround for HDFS-9276, to update HDFS delegation token for long running application in HA mode cloneHaNnCredentials(location, UserGroupInformation.getCurrentUser()); this.credentials = credentials; LOG.info("Secure store updated from {}.", location); } catch (Throwable t) { LOG.error("Failed to update secure store.", t); } return true; }