diff --git a/.tfile.crc b/.tfile.crc new file mode 100644 index 0000000..4bc98ce Binary files /dev/null and b/.tfile.crc differ diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/util/RmDtFetcher.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/util/RmDtFetcher.java new file mode 100644 index 0000000..8d2b782 --- /dev/null +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/util/RmDtFetcher.java @@ -0,0 +1,90 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.yarn.util; + +import java.net.URI; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.io.Text; +import org.apache.hadoop.security.Credentials; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.token.DtFetcher; +import org.apache.hadoop.security.token.Token; +import org.apache.hadoop.security.token.TokenIdentifier; +import org.apache.hadoop.yarn.client.api.YarnClient; +import org.apache.hadoop.yarn.conf.YarnConfiguration; + +/** + * DtFetcher is an interface which permits the abstraction and separation of + * delegation token fetch implementaions across different packages and + * compilation units. Resolution of fetcher impl will be done at runtime. + */ +public class RmDtFetcher implements DtFetcher { + private static final Log LOG = LogFactory.getLog(RmDtFetcher.class); + + private static final String SERVICE_NAME = "rm"; + + /** + * Returns the service name, which is also a valid URL prefix. + */ + public Text getServiceName() { + return new Text(SERVICE_NAME); + } + + public boolean isTokenRequired() { + return UserGroupInformation.isSecurityEnabled(); + } + + /** + * Returns RMDelegationToken object via YarnClient. + * @param conf - Configuration object used to init YarnClient. + * @param creds - Credentials object to which token(s) will be added. + * @param renewer - String object holding the renewer. + * @param url - String url to override RM_ADDRESS in conf. + * Example RM DT URL: rm://localhost:8032/ + * @return RMDelegationToken + * @throws YarnException when YarnClient.getRMDelegationToken() fails. + * @throws IOException when YarnClient.getRMDelegationToken() fails. + */ + public Token addDelegationTokens(Configuration conf, Credentials creds, + String renewer, String url) throws Exception { + Text r = (renewer != null) ? new Text(renewer) : new Text(""); + if (url != null) { + LOG.info("Using override " + url); + URI uri = new URI(url); + conf.set(YarnConfiguration.RM_ADDRESS, + uri.getHost() + ":" + uri.getPort()); + } + Token token = null; + YarnConfiguration yarnConf = new YarnConfiguration(conf); + try(YarnClient yarnClient = YarnClient.createYarnClient()) { + yarnClient.init(yarnConf); + yarnClient.start(); + org.apache.hadoop.yarn.api.records.Token yarnToken = + yarnClient.getRMDelegationToken(r); + token = ConverterUtils.convertFromYarn(yarnToken, + new Text(yarnToken.getService())); + creds.addToken(token.getService(), token); + } + return token; + } +} diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/util/TimelineDtFetcher.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/util/TimelineDtFetcher.java new file mode 100644 index 0000000..f0f283a --- /dev/null +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/util/TimelineDtFetcher.java @@ -0,0 +1,86 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.yarn.util; + +import java.net.URI; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.io.Text; +import org.apache.hadoop.security.Credentials; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.token.DtFetcher; +import org.apache.hadoop.security.token.Token; +import org.apache.hadoop.yarn.client.api.TimelineClient; +import org.apache.hadoop.yarn.conf.YarnConfiguration; +import org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier; + +/** + * DtFetcher is an interface which permits the abstraction and separation of + * delegation token fetch implementaions across different packages and + * compilation units. Resolution of fetcher impl will be done at runtime. + */ +public class TimelineDtFetcher implements DtFetcher { + private static final Log LOG = LogFactory.getLog(TimelineDtFetcher.class); + + private static final String SERVICE_NAME = "timeline"; + + /** + * Returns the service name, which is also a valid URL prefix. + */ + public Text getServiceName() { + return new Text(SERVICE_NAME); + } + + public boolean isTokenRequired() { + return UserGroupInformation.isSecurityEnabled(); + } + + /** + * Returns TimelineDelegationToken object via TimelineClient. + * @param conf - Configuration object used to init TimelineClient. + * @param creds - Credentials object to which token(s) will be added. + * @param renewer - String object holding the renewer. + * @param url - String url overrides TIMELINE_SERVICE_WEBAPP_ADDRESS in conf. + * Example timeline DT URL: timeline://localhost:8188 + * @return TimelineDelegationToken with renewer. + * @throws YarnException when TimelineClient.getDelegationToken() fails. + * @throws IOException when TimelineClient.getDelegationToken() fails. + */ + public Token addDelegationTokens(Configuration conf, Credentials creds, + String renewer, String url) throws Exception { + if (renewer == null) renewer = ""; + if (url != null) { + URI uri = new URI(url); + conf.set(YarnConfiguration.TIMELINE_SERVICE_WEBAPP_ADDRESS, + uri.getHost() + ":" + uri.getPort()); + } + Token token = null; + YarnConfiguration yarnConf = new YarnConfiguration(conf); + try(TimelineClient timelineClient = TimelineClient.createTimelineClient()) { + timelineClient.init(yarnConf); + timelineClient.start(); + token = timelineClient.getDelegationToken(renewer); + creds.addToken(token.getService(), token); + } + return token; + } +} diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/resources/META-INF/services/org.apache.hadoop.security.token.DtFetcher b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/resources/META-INF/services/org.apache.hadoop.security.token.DtFetcher new file mode 100644 index 0000000..4322e78 --- /dev/null +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/resources/META-INF/services/org.apache.hadoop.security.token.DtFetcher @@ -0,0 +1,17 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +org.apache.hadoop.yarn.util.RmDtFetcher +org.apache.hadoop.yarn.util.TimelineDtFetcher diff --git a/tfile b/tfile new file mode 100644 index 0000000..56e72f0 Binary files /dev/null and b/tfile differ