diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/util/RmDtFetcher.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/util/RmDtFetcher.java new file mode 100644 index 0000000..51b7248 --- /dev/null +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/util/RmDtFetcher.java @@ -0,0 +1,79 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.yarn.util; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.io.Text; +import org.apache.hadoop.security.Credentials; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.token.DtFetcher; +import org.apache.hadoop.security.token.Token; +import org.apache.hadoop.security.token.TokenIdentifier; +import org.apache.hadoop.yarn.client.api.YarnClient; +import org.apache.hadoop.yarn.conf.YarnConfiguration; + +/** + * DtFetcher is an interface which permits the abstraction and separation of + * delegation token fetch implementaions across different packages and + * compilation units. Resolution of fetcher impl will be done at runtime. + */ +public class RmDtFetcher implements DtFetcher { + private static final Log LOG = LogFactory.getLog(RmDtFetcher.class); + + private static final String SERVICE_NAME = "rm"; + + /** + * Returns the service name, which is also a valid URL prefix. + */ + public Text getServiceName() { + return new Text(SERVICE_NAME); + } + + public boolean isTokenRequired() { + return UserGroupInformation.isSecurityEnabled(); + } + + /** + * Returns RMDelegationToken object via YarnClient. + * @param conf - a Configuration object used to init YarnClient + * @param creds - a Credentials object to which token(s) will be added + * @param renewer - a String object holding the renewer + * @param url - ignored by RmDtFetcher + * @return a RMDelegationToken + * @throws YarnException when YarnClient.getRMDelegationToken() fails + * @throws IOException when YarnClient.getRMDelegationToken() fails + */ + public Token addDelegationTokens(Configuration conf, Credentials creds, + String renewer, String url) throws Exception { + Text r = (renewer != null) ? new Text(renewer) : new Text(""); + YarnConfiguration yarnConf = new YarnConfiguration(conf); + YarnClient yarnClient = YarnClient.createYarnClient(); + yarnClient.init(yarnConf); + yarnClient.start(); + org.apache.hadoop.yarn.api.records.Token yarnToken = + yarnClient.getRMDelegationToken(r); + Token token = ConverterUtils.convertFromYarn(yarnToken, + new Text(yarnToken.getService())); + creds.addToken(token.getService(), token); + return token; + } +} diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/util/TimelineDtFetcher.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/util/TimelineDtFetcher.java new file mode 100644 index 0000000..144b822 --- /dev/null +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/util/TimelineDtFetcher.java @@ -0,0 +1,77 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.yarn.util; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.io.Text; +import org.apache.hadoop.security.Credentials; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.token.DtFetcher; +import org.apache.hadoop.security.token.Token; +import org.apache.hadoop.yarn.client.api.TimelineClient; +import org.apache.hadoop.yarn.conf.YarnConfiguration; +import org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier; + +/** + * DtFetcher is an interface which permits the abstraction and separation of + * delegation token fetch implementaions across different packages and + * compilation units. Resolution of fetcher impl will be done at runtime. + */ +public class TimelineDtFetcher implements DtFetcher { + private static final Log LOG = LogFactory.getLog(TimelineDtFetcher.class); + + private static final String SERVICE_NAME = "timeline"; + + /** + * Returns the service name, which is also a valid URL prefix. + */ + public Text getServiceName() { + return new Text(SERVICE_NAME); + } + + public boolean isTokenRequired() { + return UserGroupInformation.isSecurityEnabled(); + } + + /** + * Returns TimelineDelegationToken object via TimelineClient. + * @param conf - a Configuration object used to init TimelineClient + * @param creds - a Credentials object to which token(s) will be added + * @param renewer - a String object holding the renewer + * @param url - ignored by TimelineDtFetcher + * @return a TimelineDelegationToken + * @throws YarnException when TimelineClient.getDelegationToken() fails + * @throws IOException when TimelineClient.getDelegationToken() fails + */ + public Token addDelegationTokens(Configuration conf, Credentials creds, + String renewer, String url) throws Exception { + if (renewer == null) renewer = ""; + TimelineClient timelineClient = TimelineClient.createTimelineClient(); + YarnConfiguration yarnConf = new YarnConfiguration(conf); + timelineClient.init(yarnConf); + timelineClient.start(); + Token token = + timelineClient.getDelegationToken(renewer); + creds.addToken(token.getService(), token); + return token; + } +} diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/resources/META-INF/services/org.apache.hadoop.security.token.DtFetcher b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/resources/META-INF/services/org.apache.hadoop.security.token.DtFetcher new file mode 100644 index 0000000..4322e78 --- /dev/null +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/resources/META-INF/services/org.apache.hadoop.security.token.DtFetcher @@ -0,0 +1,17 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +org.apache.hadoop.yarn.util.RmDtFetcher +org.apache.hadoop.yarn.util.TimelineDtFetcher