Пример #1
0
        /// <summary>
        /// Download <code>fsimage</code> and <code>edits</code>
        /// files from the name-node.
        /// </summary>
        /// <returns>true if a new image has been downloaded and needs to be loaded</returns>
        /// <exception cref="System.IO.IOException"/>
        internal static bool DownloadCheckpointFiles(Uri nnHostPort, FSImage dstImage, CheckpointSignature
                                                     sig, RemoteEditLogManifest manifest)
        {
            // Sanity check manifest - these could happen if, eg, someone on the
            // NN side accidentally rmed the storage directories
            if (manifest.GetLogs().IsEmpty())
            {
                throw new IOException("Found no edit logs to download on NN since txid " + sig.mostRecentCheckpointTxId
                                      );
            }
            long expectedTxId = sig.mostRecentCheckpointTxId + 1;

            if (manifest.GetLogs()[0].GetStartTxId() != expectedTxId)
            {
                throw new IOException("Bad edit log manifest (expected txid = " + expectedTxId +
                                      ": " + manifest);
            }
            try
            {
                bool b = UserGroupInformation.GetCurrentUser().DoAs(new _PrivilegedExceptionAction_444
                                                                        (dstImage, sig, nnHostPort, manifest));
                // get fsimage
                // get edits file
                // true if we haven't loaded all the transactions represented by the
                // downloaded fsimage.
                return(b);
            }
            catch (Exception e)
            {
                throw new RuntimeException(e);
            }
        }
        public virtual void TestJobTokenRpc()
        {
            TaskUmbilicalProtocol mockTT = Org.Mockito.Mockito.Mock <TaskUmbilicalProtocol>();

            Org.Mockito.Mockito.DoReturn(TaskUmbilicalProtocol.versionID).When(mockTT).GetProtocolVersion
                (Matchers.AnyString(), Matchers.AnyLong());
            Org.Mockito.Mockito.DoReturn(ProtocolSignature.GetProtocolSignature(mockTT, typeof(
                                                                                    TaskUmbilicalProtocol).FullName, TaskUmbilicalProtocol.versionID, 0)).When(mockTT
                                                                                                                                                               ).GetProtocolSignature(Matchers.AnyString(), Matchers.AnyLong(), Matchers.AnyInt
                                                                                                                                                                                          ());
            JobTokenSecretManager sm = new JobTokenSecretManager();
            Server server            = new RPC.Builder(conf).SetProtocol(typeof(TaskUmbilicalProtocol)).
                                       SetInstance(mockTT).SetBindAddress(Address).SetPort(0).SetNumHandlers(5).SetVerbose
                                           (true).SetSecretManager(sm).Build();

            server.Start();
            UserGroupInformation current = UserGroupInformation.GetCurrentUser();
            IPEndPoint           addr    = NetUtils.GetConnectAddress(server);
            string             jobId     = current.GetUserName();
            JobTokenIdentifier tokenId   = new JobTokenIdentifier(new Text(jobId));

            Org.Apache.Hadoop.Security.Token.Token <JobTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token
                                                                                <JobTokenIdentifier>(tokenId, sm);
            sm.AddTokenForJob(jobId, token);
            SecurityUtil.SetTokenService(token, addr);
            Log.Info("Service address for token is " + token.GetService());
            current.AddToken(token);
            current.DoAs(new _PrivilegedExceptionAction_110(addr, server));
        }
        // There are two scenarios when RM failover happens
        // during SubmitApplication Call:
        // 1) RMStateStore already saved the ApplicationState when failover happens
        // 2) RMStateStore did not save the ApplicationState when failover happens
        /// <exception cref="System.Exception"/>
        public virtual void TestHandleRMHADuringSubmitApplicationCallWithSavedApplicationState
            ()
        {
            // Test scenario 1 when RM failover happens
            // druing SubmitApplication Call:
            // RMStateStore already saved the ApplicationState when failover happens
            StartRMs();
            // Submit Application
            // After submission, the applicationState will be saved in RMStateStore.
            RMApp app0 = rm1.SubmitApp(200);

            // Do the failover
            ExplicitFailover();
            // Since the applicationState has already been saved in RMStateStore
            // before failover happens, the current active rm can load the previous
            // applicationState.
            // This RMApp should exist in the RMContext of current active RM
            NUnit.Framework.Assert.IsTrue(rm2.GetRMContext().GetRMApps().Contains(app0.GetApplicationId
                                                                                      ()));
            // When we re-submit the application with same applicationId, it will
            // check whether this application has been exist. If yes, just simply
            // return submitApplicationResponse.
            RMApp app1 = rm2.SubmitApp(200, string.Empty, UserGroupInformation.GetCurrentUser
                                           ().GetShortUserName(), null, false, null, configuration.GetInt(YarnConfiguration
                                                                                                          .RmAmMaxAttempts, YarnConfiguration.DefaultRmAmMaxAttempts), null, null, false,
                                       false, true, app0.GetApplicationId());

            NUnit.Framework.Assert.AreEqual(app1.GetApplicationId(), app0.GetApplicationId());
        }
Пример #4
0
        /// <exception cref="System.Exception"/>
        public virtual void TestUGIAuthMethodInRealUser()
        {
            UserGroupInformation ugi      = UserGroupInformation.GetCurrentUser();
            UserGroupInformation proxyUgi = UserGroupInformation.CreateProxyUser("proxy", ugi
                                                                                 );

            UserGroupInformation.AuthenticationMethod am = UserGroupInformation.AuthenticationMethod
                                                           .Kerberos;
            ugi.SetAuthenticationMethod(am);
            Assert.Equal(am, ugi.GetAuthenticationMethod());
            Assert.Equal(UserGroupInformation.AuthenticationMethod.Proxy,
                         proxyUgi.GetAuthenticationMethod());
            Assert.Equal(am, UserGroupInformation.GetRealAuthenticationMethod
                             (proxyUgi));
            proxyUgi.DoAs(new _PrivilegedExceptionAction_690(am));
            UserGroupInformation proxyUgi2 = new UserGroupInformation(proxyUgi.GetSubject());

            proxyUgi2.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.Proxy
                                              );
            Assert.Equal(proxyUgi, proxyUgi2);
            // Equality should work if authMethod is null
            UserGroupInformation realugi   = UserGroupInformation.GetCurrentUser();
            UserGroupInformation proxyUgi3 = UserGroupInformation.CreateProxyUser("proxyAnother"
                                                                                  , realugi);
            UserGroupInformation proxyUgi4 = new UserGroupInformation(proxyUgi3.GetSubject());

            Assert.Equal(proxyUgi3, proxyUgi4);
        }
Пример #5
0
            /// <exception cref="System.IO.IOException"/>
            public virtual GetDelegationTokenResponse GetDelegationToken(GetDelegationTokenRequest
                                                                         request)
            {
                UserGroupInformation ugi = UserGroupInformation.GetCurrentUser();

                // Verify that the connection is kerberos authenticated
                if (!this.IsAllowedDelegationTokenOp())
                {
                    throw new IOException("Delegation Token can be issued only with kerberos authentication"
                                          );
                }
                GetDelegationTokenResponse response = this.recordFactory.NewRecordInstance <GetDelegationTokenResponse
                                                                                            >();
                string user     = ugi.GetUserName();
                Text   owner    = new Text(user);
                Text   realUser = null;

                if (ugi.GetRealUser() != null)
                {
                    realUser = new Text(ugi.GetRealUser().GetUserName());
                }
                MRDelegationTokenIdentifier tokenIdentifier = new MRDelegationTokenIdentifier(owner
                                                                                              , new Text(request.GetRenewer()), realUser);

                Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier> realJHSToken =
                    new Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier>(tokenIdentifier
                                                                                             , this._enclosing.jhsDTSecretManager);
                Org.Apache.Hadoop.Yarn.Api.Records.Token mrDToken = Org.Apache.Hadoop.Yarn.Api.Records.Token
                                                                    .NewInstance(realJHSToken.GetIdentifier(), realJHSToken.GetKind().ToString(), realJHSToken
                                                                                 .GetPassword(), realJHSToken.GetService().ToString());
                response.SetDelegationToken(mrDToken);
                return(response);
            }
Пример #6
0
        /// <exception cref="System.Exception"/>
        public virtual void TestUniqueDestinationPath()
        {
            Configuration conf    = new Configuration();
            FileContext   files   = FileContext.GetLocalFSFileContext(conf);
            Path          basedir = files.MakeQualified(new Path("target", typeof(TestFSDownload).Name
                                                                 ));

            files.Mkdir(basedir, null, true);
            conf.SetStrings(typeof(TestFSDownload).FullName, basedir.ToString());
            ExecutorService   singleThreadedExec = Executors.NewSingleThreadExecutor();
            LocalDirAllocator dirs = new LocalDirAllocator(typeof(TestFSDownload).FullName);
            Path destPath          = dirs.GetLocalPathForWrite(basedir.ToString(), conf);

            destPath = new Path(destPath, System.Convert.ToString(uniqueNumberGenerator.IncrementAndGet
                                                                      ()));
            Path p = new Path(basedir, "dir" + 0 + ".jar");
            LocalResourceVisibility vis  = LocalResourceVisibility.Private;
            LocalResource           rsrc = CreateJar(files, p, vis);
            FSDownload fsd = new FSDownload(files, UserGroupInformation.GetCurrentUser(), conf
                                            , destPath, rsrc);
            Future <Path> rPath = singleThreadedExec.Submit(fsd);

            singleThreadedExec.Shutdown();
            while (!singleThreadedExec.AwaitTermination(1000, TimeUnit.Milliseconds))
            {
            }
            NUnit.Framework.Assert.IsTrue(rPath.IsDone());
            // Now FSDownload will not create a random directory to localize the
            // resource. Therefore the final localizedPath for the resource should be
            // destination directory (passed as an argument) + file name.
            NUnit.Framework.Assert.AreEqual(destPath, rPath.Get().GetParent());
        }
Пример #7
0
 /// <exception cref="Javax.Servlet.ServletException"/>
 /// <exception cref="System.IO.IOException"/>
 protected override void DoPut(HttpServletRequest request, HttpServletResponse response
                               )
 {
     try
     {
         ServletContext context = GetServletContext();
         FSImage        nnImage = NameNodeHttpServer.GetFsImageFromContext(context);
         Configuration  conf    = (Configuration)GetServletContext().GetAttribute(JspHelper.CurrentConf
                                                                                  );
         ImageServlet.PutImageParams parsedParams = new ImageServlet.PutImageParams(request
                                                                                    , response, conf);
         NameNodeMetrics metrics = NameNode.GetNameNodeMetrics();
         ValidateRequest(context, conf, request, response, nnImage, parsedParams.GetStorageInfoString
                             ());
         UserGroupInformation.GetCurrentUser().DoAs(new _PrivilegedExceptionAction_458(parsedParams
                                                                                       , nnImage, response, request, conf, metrics));
     }
     catch (Exception t)
     {
         // Metrics non-null only when used inside name node
         // Now that we have a new checkpoint, we might be able to
         // remove some old ones.
         string errMsg = "PutImage failed. " + StringUtils.StringifyException(t);
         response.SendError(HttpServletResponse.ScGone, errMsg);
         throw new IOException(errMsg);
     }
 }
Пример #8
0
        /// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/>
        /// <exception cref="System.IO.IOException"/>
        public virtual UseSharedCacheResourceResponse Use(UseSharedCacheResourceRequest request
                                                          )
        {
            UseSharedCacheResourceResponse response = recordFactory.NewRecordInstance <UseSharedCacheResourceResponse
                                                                                       >();
            UserGroupInformation callerUGI;

            try
            {
                callerUGI = UserGroupInformation.GetCurrentUser();
            }
            catch (IOException ie)
            {
                Log.Info("Error getting UGI ", ie);
                throw RPCUtil.GetRemoteException(ie);
            }
            string fileName = this.store.AddResourceReference(request.GetResourceKey(), new SharedCacheResourceReference
                                                                  (request.GetAppId(), callerUGI.GetShortUserName()));

            if (fileName != null)
            {
                response.SetPath(GetCacheEntryFilePath(request.GetResourceKey(), fileName));
                this.metrics.IncCacheHitCount();
            }
            else
            {
                this.metrics.IncCacheMissCount();
            }
            return(response);
        }
Пример #9
0
        /// <summary>Initializes the staging directory and returns the path.</summary>
        /// <remarks>
        /// Initializes the staging directory and returns the path. It also
        /// keeps track of all necessary ownership and permissions
        /// </remarks>
        /// <param name="cluster"/>
        /// <param name="conf"/>
        /// <exception cref="System.IO.IOException"/>
        /// <exception cref="System.Exception"/>
        public static Path GetStagingDir(Cluster cluster, Configuration conf)
        {
            Path                 stagingArea = cluster.GetStagingAreaDir();
            FileSystem           fs          = stagingArea.GetFileSystem(conf);
            string               realUser;
            string               currentUser;
            UserGroupInformation ugi = UserGroupInformation.GetLoginUser();

            realUser    = ugi.GetShortUserName();
            currentUser = UserGroupInformation.GetCurrentUser().GetShortUserName();
            if (fs.Exists(stagingArea))
            {
                FileStatus fsStatus = fs.GetFileStatus(stagingArea);
                string     owner    = fsStatus.GetOwner();
                if (!(owner.Equals(currentUser) || owner.Equals(realUser)))
                {
                    throw new IOException("The ownership on the staging directory " + stagingArea + " is not as expected. "
                                          + "It is owned by " + owner + ". The directory must " + "be owned by the submitter "
                                          + currentUser + " or " + "by " + realUser);
                }
                if (!fsStatus.GetPermission().Equals(JobDirPermission))
                {
                    Log.Info("Permissions on staging directory " + stagingArea + " are " + "incorrect: "
                             + fsStatus.GetPermission() + ". Fixing permissions " + "to correct value " + JobDirPermission
                             );
                    fs.SetPermission(stagingArea, JobDirPermission);
                }
            }
            else
            {
                fs.Mkdirs(stagingArea, new FsPermission(JobDirPermission));
            }
            return(stagingArea);
        }
Пример #10
0
        /// <exception cref="System.IO.IOException"/>
        private HttpURLConnection CreateConnection(Uri url, string method)
        {
            HttpURLConnection conn;

            try
            {
                // if current UGI is different from UGI at constructor time, behave as
                // proxyuser
                UserGroupInformation currentUgi = UserGroupInformation.GetCurrentUser();
                string doAsUser = (currentUgi.GetAuthenticationMethod() == UserGroupInformation.AuthenticationMethod
                                   .Proxy) ? currentUgi.GetShortUserName() : null;
                // creating the HTTP connection using the current UGI at constructor time
                conn = actualUgi.DoAs(new _PrivilegedExceptionAction_478(this, url, doAsUser));
            }
            catch (IOException ex)
            {
                throw;
            }
            catch (UndeclaredThrowableException ex)
            {
                throw new IOException(ex.GetUndeclaredThrowable());
            }
            catch (Exception ex)
            {
                throw new IOException(ex);
            }
            conn.SetUseCaches(false);
            conn.SetRequestMethod(method);
            if (method.Equals(HttpPost) || method.Equals(HttpPut))
            {
                conn.SetDoOutput(true);
            }
            conn = ConfigureConnection(conn);
            return(conn);
        }
Пример #11
0
        /// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/>
        /// <exception cref="System.IO.IOException"/>
        public virtual ReleaseSharedCacheResourceResponse Release(ReleaseSharedCacheResourceRequest
                                                                  request)
        {
            ReleaseSharedCacheResourceResponse response = recordFactory.NewRecordInstance <ReleaseSharedCacheResourceResponse
                                                                                           >();
            UserGroupInformation callerUGI;

            try
            {
                callerUGI = UserGroupInformation.GetCurrentUser();
            }
            catch (IOException ie)
            {
                Log.Info("Error getting UGI ", ie);
                throw RPCUtil.GetRemoteException(ie);
            }
            bool removed = this.store.RemoveResourceReference(request.GetResourceKey(), new SharedCacheResourceReference
                                                                  (request.GetAppId(), callerUGI.GetShortUserName()), true);

            if (removed)
            {
                this.metrics.IncCacheRelease();
            }
            return(response);
        }
Пример #12
0
        /// <exception cref="System.IO.IOException"/>
        public KMSClientProvider(URI uri, Configuration conf)
            : base(conf)
        {
            kmsUrl = CreateServiceURL(ExtractKMSPath(uri));
            if (Runtime.EqualsIgnoreCase("https", new Uri(kmsUrl).Scheme))
            {
                sslFactory = new SSLFactory(SSLFactory.Mode.Client, conf);
                try
                {
                    sslFactory.Init();
                }
                catch (GeneralSecurityException ex)
                {
                    throw new IOException(ex);
                }
            }
            int timeout = conf.GetInt(TimeoutAttr, DefaultTimeout);

            authRetry          = conf.GetInt(AuthRetry, DefaultAuthRetry);
            configurator       = new KMSClientProvider.TimeoutConnConfigurator(timeout, sslFactory);
            encKeyVersionQueue = new ValueQueue <KeyProviderCryptoExtension.EncryptedKeyVersion
                                                 >(conf.GetInt(CommonConfigurationKeysPublic.KmsClientEncKeyCacheSize, CommonConfigurationKeysPublic
                                                               .KmsClientEncKeyCacheSizeDefault), conf.GetFloat(CommonConfigurationKeysPublic.KmsClientEncKeyCacheLowWatermark
                                                                                                                , CommonConfigurationKeysPublic.KmsClientEncKeyCacheLowWatermarkDefault), conf.GetInt
                                                       (CommonConfigurationKeysPublic.KmsClientEncKeyCacheExpiryMs, CommonConfigurationKeysPublic
                                                       .KmsClientEncKeyCacheExpiryDefault), conf.GetInt(CommonConfigurationKeysPublic.KmsClientEncKeyCacheNumRefillThreads
                                                                                                        , CommonConfigurationKeysPublic.KmsClientEncKeyCacheNumRefillThreadsDefault), new
                                                   KMSClientProvider.EncryptedQueueRefiller(this));
            authToken = new DelegationTokenAuthenticatedURL.Token();
            actualUgi = (UserGroupInformation.GetCurrentUser().GetAuthenticationMethod() == UserGroupInformation.AuthenticationMethod
                         .Proxy) ? UserGroupInformation.GetCurrentUser().GetRealUser() : UserGroupInformation
                        .GetCurrentUser();
        }
Пример #13
0
        /// <exception cref="System.Exception"/>
        private void WriteLog(Configuration configuration, string user)
        {
            ApplicationId        appId        = ApplicationIdPBImpl.NewInstance(0, 1);
            ApplicationAttemptId appAttemptId = ApplicationAttemptIdPBImpl.NewInstance(appId,
                                                                                       1);
            ContainerId containerId = ContainerIdPBImpl.NewContainerId(appAttemptId, 1);
            string      path        = "target/logs/" + user + "/logs/application_0_0001/localhost_1234";
            FilePath    f           = new FilePath(path);

            if (!f.GetParentFile().Exists())
            {
                NUnit.Framework.Assert.IsTrue(f.GetParentFile().Mkdirs());
            }
            IList <string>       rootLogDirs = Arrays.AsList("target/logs/logs");
            UserGroupInformation ugi         = UserGroupInformation.GetCurrentUser();

            AggregatedLogFormat.LogWriter writer = new AggregatedLogFormat.LogWriter(configuration
                                                                                     , new Path(path), ugi);
            writer.WriteApplicationOwner(ugi.GetUserName());
            IDictionary <ApplicationAccessType, string> appAcls = new Dictionary <ApplicationAccessType
                                                                                  , string>();

            appAcls[ApplicationAccessType.ViewApp] = ugi.GetUserName();
            writer.WriteApplicationACLs(appAcls);
            writer.Append(new AggregatedLogFormat.LogKey("container_0_0001_01_000001"), new AggregatedLogFormat.LogValue
                              (rootLogDirs, containerId, UserGroupInformation.GetCurrentUser().GetShortUserName
                                  ()));
            writer.Close();
        }
Пример #14
0
        /// <exception cref="System.IO.IOException"/>
        private void DisplayQueueAclsInfoForCurrentUser()
        {
            QueueAclsInfo[]      queueAclsInfoList = jc.GetQueueAclsForCurrentUser();
            UserGroupInformation ugi = UserGroupInformation.GetCurrentUser();

            if (queueAclsInfoList.Length > 0)
            {
                System.Console.Out.WriteLine("Queue acls for user :  "******"\nQueue  Operations");
                System.Console.Out.WriteLine("=====================");
                foreach (QueueAclsInfo queueInfo in queueAclsInfoList)
                {
                    System.Console.Out.Write(queueInfo.GetQueueName() + "  ");
                    string[] ops = queueInfo.GetOperations();
                    Arrays.Sort(ops);
                    int max = ops.Length - 1;
                    for (int j = 0; j < ops.Length; j++)
                    {
                        System.Console.Out.Write(ops[j].ReplaceFirst("acl-", string.Empty));
                        if (j < max)
                        {
                            System.Console.Out.Write(",");
                        }
                    }
                    System.Console.Out.WriteLine();
                }
            }
            else
            {
                System.Console.Out.WriteLine("User " + ugi.GetShortUserName() + " does not have access to any queue. \n"
                                             );
            }
        }
Пример #15
0
        /// <exception cref="System.IO.IOException"/>
        private UserGroupInformation CheckAcls(string method)
        {
            UserGroupInformation user;

            try
            {
                user = UserGroupInformation.GetCurrentUser();
            }
            catch (IOException ioe)
            {
                Log.Warn("Couldn't get current user", ioe);
                HSAuditLogger.LogFailure("UNKNOWN", method, adminAcl.ToString(), HistoryAdminServer
                                         , "Couldn't get current user");
                throw;
            }
            if (!adminAcl.IsUserAllowed(user))
            {
                Log.Warn("User " + user.GetShortUserName() + " doesn't have permission" + " to call '"
                         + method + "'");
                HSAuditLogger.LogFailure(user.GetShortUserName(), method, adminAcl.ToString(), HistoryAdminServer
                                         , HSAuditLogger.AuditConstants.UnauthorizedUser);
                throw new AccessControlException("User " + user.GetShortUserName() + " doesn't have permission"
                                                 + " to call '" + method + "'");
            }
            Log.Info("HS Admin: " + method + " invoked by user " + user.GetShortUserName());
            return(user);
        }
Пример #16
0
        public virtual void TestUsernameExtractionCurrentuser()
        {
            string whoami  = RegistryUtils.GetCurrentUsernameUnencoded(string.Empty);
            string ugiUser = UserGroupInformation.GetCurrentUser().GetShortUserName();

            NUnit.Framework.Assert.AreEqual(ugiUser, whoami);
        }
        public static void SetupCluster()
        {
            Configuration conf = new Configuration();

            conf.SetBoolean(DFSConfigKeys.DfsWebhdfsEnabledKey, true);
            conf.SetLong(DFSConfigKeys.DfsBlockSizeKey, 1024);
            try
            {
                cluster = new MiniDFSCluster.Builder(conf).NumDataNodes(2).Build();
                cluster.WaitActive();
                //change root permission to 777
                cluster.GetFileSystem().SetPermission(new Path("/"), new FsPermission((short)0x1ff
                                                                                      ));
                string uri = WebHdfsFileSystem.Scheme + "://" + conf.Get(DFSConfigKeys.DfsNamenodeHttpAddressKey
                                                                         );
                //get file system as a non-superuser
                UserGroupInformation current = UserGroupInformation.GetCurrentUser();
                UserGroupInformation ugi     = UserGroupInformation.CreateUserForTesting(current.GetShortUserName
                                                                                             () + "x", new string[] { "user" });
                fileSystem = ugi.DoAs(new _PrivilegedExceptionAction_91(uri, conf));
                defaultWorkingDirectory = fileSystem.GetWorkingDirectory();
            }
            catch (Exception e)
            {
                throw new RuntimeException(e);
            }
        }
Пример #18
0
        /// <summary>
        /// Utility method to verify if the current user has access based on the
        /// passed
        /// <see cref="Org.Apache.Hadoop.Security.Authorize.AccessControlList"/>
        /// </summary>
        /// <param name="authorizer">
        /// the
        /// <see cref="Org.Apache.Hadoop.Security.Authorize.AccessControlList"/>
        /// to check against
        /// </param>
        /// <param name="method">the method name to be logged</param>
        /// <param name="module">like AdminService or NodeLabelManager</param>
        /// <param name="Log">the logger to use</param>
        /// <returns>
        ///
        /// <see cref="Org.Apache.Hadoop.Security.UserGroupInformation"/>
        /// of the current user
        /// </returns>
        /// <exception cref="System.IO.IOException"/>
        public static UserGroupInformation VerifyAdminAccess(YarnAuthorizationProvider authorizer
                                                             , string method, string module, Log Log)
        {
            UserGroupInformation user;

            try
            {
                user = UserGroupInformation.GetCurrentUser();
            }
            catch (IOException ioe)
            {
                Log.Warn("Couldn't get current user", ioe);
                RMAuditLogger.LogFailure("UNKNOWN", method, string.Empty, "AdminService", "Couldn't get current user"
                                         );
                throw;
            }
            if (!authorizer.IsAdmin(user))
            {
                Log.Warn("User " + user.GetShortUserName() + " doesn't have permission" + " to call '"
                         + method + "'");
                RMAuditLogger.LogFailure(user.GetShortUserName(), method, string.Empty, module, RMAuditLogger.AuditConstants
                                         .UnauthorizedUser);
                throw new AccessControlException("User " + user.GetShortUserName() + " doesn't have permission"
                                                 + " to call '" + method + "'");
            }
            if (Log.IsTraceEnabled())
            {
                Log.Trace(method + " invoked by user " + user.GetShortUserName());
            }
            return(user);
        }
Пример #19
0
        public virtual void TestUse_ExistingEntry_DupId()
        {
            // Pre-populate the SCM with one cache entry
            store.AddResource("key1", "foo.jar");
            UserGroupInformation testUGI = UserGroupInformation.GetCurrentUser();

            store.AddResourceReference("key1", new SharedCacheResourceReference(CreateAppId(1
                                                                                            , 1L), testUGI.GetShortUserName()));
            NUnit.Framework.Assert.AreEqual(1, store.GetResourceReferences("key1").Count);
            long hits = ClientSCMMetrics.GetInstance().GetCacheHits();
            // Add a new duplicate appId
            UseSharedCacheResourceRequest request = recordFactory.NewRecordInstance <UseSharedCacheResourceRequest
                                                                                     >();

            request.SetResourceKey("key1");
            request.SetAppId(CreateAppId(1, 1L));
            // Expecting default depth of 3 under the shared cache root dir
            string expectedPath = testDir.GetAbsolutePath() + "/k/e/y/key1/foo.jar";

            NUnit.Framework.Assert.AreEqual(expectedPath, clientSCMProxy.Use(request).GetPath
                                                ());
            NUnit.Framework.Assert.AreEqual(1, store.GetResourceReferences("key1").Count);
            NUnit.Framework.Assert.AreEqual("Client SCM metrics aren't updated.", 1, ClientSCMMetrics
                                            .GetInstance().GetCacheHits() - hits);
        }
Пример #20
0
        //@Test (timeout = 60000)
        /// <exception cref="System.IO.IOException"/>
        /// <exception cref="System.Exception"/>
        /// <exception cref="System.TypeLoadException"/>
        public virtual void TestSleepJobWithSecurityOn()
        {
            Log.Info("\n\n\nStarting testSleepJobWithSecurityOn().");
            if (!(new FilePath(MiniMRYarnCluster.Appjar)).Exists())
            {
                return;
            }
            mrCluster.GetConfig().Set(CommonConfigurationKeysPublic.HadoopSecurityAuthentication
                                      , "kerberos");
            mrCluster.GetConfig().Set(YarnConfiguration.RmKeytab, "/etc/krb5.keytab");
            mrCluster.GetConfig().Set(YarnConfiguration.NmKeytab, "/etc/krb5.keytab");
            mrCluster.GetConfig().Set(YarnConfiguration.RmPrincipal, "rm/sightbusy-lx@LOCALHOST"
                                      );
            mrCluster.GetConfig().Set(YarnConfiguration.NmPrincipal, "nm/sightbusy-lx@LOCALHOST"
                                      );
            UserGroupInformation.SetConfiguration(mrCluster.GetConfig());
            // Keep it in here instead of after RM/NM as multiple user logins happen in
            // the same JVM.
            UserGroupInformation user = UserGroupInformation.GetCurrentUser();

            Log.Info("User name is " + user.GetUserName());
            foreach (Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> str in user.GetTokens
                         ())
            {
                Log.Info("Token is " + str.EncodeToUrlString());
            }
            user.DoAs(new _PrivilegedExceptionAction_552());
        }
Пример #21
0
 /// <exception cref="System.Exception"/>
 public Void Run()
 {
     // make sure it is not the same as the login user because we use the
     // same UGI object for every instantiation of the login user and you
     // won't run into the race condition otherwise
     Assert.AssertNotEquals(UserGroupInformation.GetLoginUser(), UserGroupInformation.
                            GetCurrentUser());
     TestUserGroupInformation.GetTokenThread thread = new TestUserGroupInformation.GetTokenThread
                                                          ();
     try
     {
         thread.Start();
         for (int i = 0; i < 100; i++)
         {
             Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> t = Org.Mockito.Mockito.Mock
                                                                          <Org.Apache.Hadoop.Security.Token.Token>();
             Org.Mockito.Mockito.When(t.GetService()).ThenReturn(new Text("t" + i));
             UserGroupInformation.GetCurrentUser().AddToken(t);
             NUnit.Framework.Assert.IsNull("ConcurrentModificationException encountered", thread
                                           .cme);
         }
     }
     catch (ConcurrentModificationException cme)
     {
         Runtime.PrintStackTrace(cme);
         NUnit.Framework.Assert.Fail("ConcurrentModificationException encountered");
     }
     finally
     {
         thread.runThread = false;
         thread.Join(5 * 1000);
     }
     return(null);
 }
Пример #22
0
        /// <exception cref="System.IO.IOException"/>
        private int GetGroups(string[] usernames)
        {
            // Get groups users belongs to
            if (usernames.Length == 0)
            {
                usernames = new string[] { UserGroupInformation.GetCurrentUser().GetUserName() };
            }
            // Get the current configuration
            Configuration conf    = GetConf();
            IPEndPoint    address = conf.GetSocketAddr(JHAdminConfig.JhsAdminAddress, JHAdminConfig
                                                       .DefaultJhsAdminAddress, JHAdminConfig.DefaultJhsAdminPort);
            GetUserMappingsProtocol getUserMappingProtocol = HSProxies.CreateProxy <GetUserMappingsProtocol
                                                                                    >(conf, address, UserGroupInformation.GetCurrentUser());

            foreach (string username in usernames)
            {
                StringBuilder sb = new StringBuilder();
                sb.Append(username + " :");
                foreach (string group in getUserMappingProtocol.GetGroupsForUser(username))
                {
                    sb.Append(" ");
                    sb.Append(group);
                }
                System.Console.Out.WriteLine(sb);
            }
            return(0);
        }
Пример #23
0
            /// <exception cref="System.IO.IOException"/>
            public Void Run()
            {
                UserGroupInformation ugi = UserGroupInformation.GetCurrentUser();

                NUnit.Framework.Assert.IsNotNull(ugi);
                return(null);
            }
        public virtual void TestDelegationTokenRpc()
        {
            ClientProtocol mockNN           = Org.Mockito.Mockito.Mock <ClientProtocol>();
            FSNamesystem   mockNameSys      = Org.Mockito.Mockito.Mock <FSNamesystem>();
            DelegationTokenSecretManager sm = new DelegationTokenSecretManager(DFSConfigKeys.
                                                                               DfsNamenodeDelegationKeyUpdateIntervalDefault, DFSConfigKeys.DfsNamenodeDelegationKeyUpdateIntervalDefault
                                                                               , DFSConfigKeys.DfsNamenodeDelegationTokenMaxLifetimeDefault, 3600000, mockNameSys
                                                                               );

            sm.StartThreads();
            Org.Apache.Hadoop.Ipc.Server server = new RPC.Builder(conf).SetProtocol(typeof(ClientProtocol
                                                                                           )).SetInstance(mockNN).SetBindAddress(Address).SetPort(0).SetNumHandlers(5).SetVerbose
                                                      (true).SetSecretManager(sm).Build();
            server.Start();
            UserGroupInformation current = UserGroupInformation.GetCurrentUser();
            IPEndPoint           addr    = NetUtils.GetConnectAddress(server);
            string user  = current.GetUserName();
            Text   owner = new Text(user);
            DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(owner, owner, null
                                                                           );

            Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token
                                                                                       <DelegationTokenIdentifier>(dtId, sm);
            SecurityUtil.SetTokenService(token, addr);
            Log.Info("Service for token is " + token.GetService());
            current.AddToken(token);
            current.DoAs(new _PrivilegedExceptionAction_100(addr, server));
        }
Пример #25
0
        /// <exception cref="System.Exception"/>
        private static void UploadEmptyContainerLogIntoRemoteDir(UserGroupInformation ugi
                                                                 , Configuration configuration, IList <string> rootLogDirs, NodeId nodeId, ContainerId
                                                                 containerId, Path appDir, FileSystem fs)
        {
            Path path = new Path(appDir, LogAggregationUtils.GetNodeString(nodeId) + Runtime.
                                 CurrentTimeMillis());

            AggregatedLogFormat.LogWriter writer = new AggregatedLogFormat.LogWriter(configuration
                                                                                     , path, ugi);
            writer.WriteApplicationOwner(ugi.GetUserName());
            IDictionary <ApplicationAccessType, string> appAcls = new Dictionary <ApplicationAccessType
                                                                                  , string>();

            appAcls[ApplicationAccessType.ViewApp] = ugi.GetUserName();
            writer.WriteApplicationACLs(appAcls);
            DataOutputStream @out = writer.GetWriter().PrepareAppendKey(-1);

            new AggregatedLogFormat.LogKey(containerId).Write(@out);
            @out.Close();
            @out = writer.GetWriter().PrepareAppendValue(-1);
            new AggregatedLogFormat.LogValue(rootLogDirs, containerId, UserGroupInformation.GetCurrentUser
                                                 ().GetShortUserName()).Write(@out, new HashSet <FilePath>());
            @out.Close();
            writer.Close();
        }
Пример #26
0
        // FIXME:
        // Disabled this test because currently, when shutdown hook triggered at
        // lastRetry in RM view, cleanup will not do. This should be supported after
        // YARN-2261 completed
        //   @Test (timeout = 30000)
        /// <exception cref="System.IO.IOException"/>
        public virtual void TestDeletionofStagingOnKillLastTry()
        {
            conf.Set(MRJobConfig.MapreduceJobDir, stagingJobDir);
            fs = Org.Mockito.Mockito.Mock <FileSystem>();
            Org.Mockito.Mockito.When(fs.Delete(Matchers.Any <Path>(), Matchers.AnyBoolean())).
            ThenReturn(true);
            //Staging Dir exists
            string user       = UserGroupInformation.GetCurrentUser().GetShortUserName();
            Path   stagingDir = MRApps.GetStagingAreaDir(conf, user);

            Org.Mockito.Mockito.When(fs.Exists(stagingDir)).ThenReturn(true);
            ApplicationId        appId     = ApplicationId.NewInstance(Runtime.CurrentTimeMillis(), 0);
            ApplicationAttemptId attemptId = ApplicationAttemptId.NewInstance(appId, 1);
            JobId jobid = recordFactory.NewRecordInstance <JobId>();

            jobid.SetAppId(appId);
            ContainerAllocator mockAlloc = Org.Mockito.Mockito.Mock <ContainerAllocator>();
            MRAppMaster        appMaster = new TestStagingCleanup.TestMRApp(this, attemptId, mockAlloc
                                                                            );

            //no retry
            appMaster.Init(conf);
            NUnit.Framework.Assert.IsTrue("appMaster.isLastAMRetry() is false", appMaster.IsLastAMRetry
                                              ());
            //simulate the process being killed
            MRAppMaster.MRAppMasterShutdownHook hook = new MRAppMaster.MRAppMasterShutdownHook
                                                           (appMaster);
            hook.Run();
            NUnit.Framework.Assert.IsTrue("MRAppMaster isn't stopped", appMaster.IsInState(Service.STATE
                                                                                           .Stopped));
            Org.Mockito.Mockito.Verify(fs).Delete(stagingJobPath, true);
        }
Пример #27
0
            Answer(InvocationOnMock invocation)
            {
                object[] args = invocation.GetArguments();
                NUnit.Framework.Assert.AreEqual(2, args.Length);
                ClientDatanodeProtocolProtos.GetReplicaVisibleLengthRequestProto req = (ClientDatanodeProtocolProtos.GetReplicaVisibleLengthRequestProto
                                                                                        )args[1];
                ICollection <TokenIdentifier> tokenIds = UserGroupInformation.GetCurrentUser().GetTokenIdentifiers
                                                             ();

                NUnit.Framework.Assert.AreEqual("Only one BlockTokenIdentifier expected", 1, tokenIds
                                                .Count);
                long result = 0;

                foreach (TokenIdentifier tokenId in tokenIds)
                {
                    BlockTokenIdentifier id = (BlockTokenIdentifier)tokenId;
                    Log.Info("Got: " + id.ToString());
                    NUnit.Framework.Assert.IsTrue("Received BlockTokenIdentifier is wrong", ident.Equals
                                                      (id));
                    sm.CheckAccess(id, null, PBHelper.Convert(req.GetBlock()), BlockTokenSecretManager.AccessMode
                                   .Write);
                    result = id.GetBlockId();
                }
                return((ClientDatanodeProtocolProtos.GetReplicaVisibleLengthResponseProto)ClientDatanodeProtocolProtos.GetReplicaVisibleLengthResponseProto
                       .NewBuilder().SetLength(result).Build());
            }
Пример #28
0
        public virtual void TestDeletionofStaging()
        {
            conf.Set(MRJobConfig.MapreduceJobDir, stagingJobDir);
            fs = Org.Mockito.Mockito.Mock <FileSystem>();
            Org.Mockito.Mockito.When(fs.Delete(Matchers.Any <Path>(), Matchers.AnyBoolean())).
            ThenReturn(true);
            //Staging Dir exists
            string user       = UserGroupInformation.GetCurrentUser().GetShortUserName();
            Path   stagingDir = MRApps.GetStagingAreaDir(conf, user);

            Org.Mockito.Mockito.When(fs.Exists(stagingDir)).ThenReturn(true);
            ApplicationId        appId     = ApplicationId.NewInstance(Runtime.CurrentTimeMillis(), 0);
            ApplicationAttemptId attemptId = ApplicationAttemptId.NewInstance(appId, 1);
            JobId jobid = recordFactory.NewRecordInstance <JobId>();

            jobid.SetAppId(appId);
            ContainerAllocator mockAlloc = Org.Mockito.Mockito.Mock <ContainerAllocator>();

            NUnit.Framework.Assert.IsTrue(MRJobConfig.DefaultMrAmMaxAttempts > 1);
            MRAppMaster appMaster = new TestStagingCleanup.TestMRApp(this, attemptId, mockAlloc
                                                                     , JobStateInternal.Running, MRJobConfig.DefaultMrAmMaxAttempts);

            appMaster.Init(conf);
            appMaster.Start();
            appMaster.ShutDownJob();
            //test whether notifyIsLastAMRetry called
            NUnit.Framework.Assert.AreEqual(true, ((TestStagingCleanup.TestMRApp)appMaster).GetTestIsLastAMRetry
                                                ());
            Org.Mockito.Mockito.Verify(fs).Delete(stagingJobPath, true);
        }
Пример #29
0
 protected override void ConfigureServlets()
 {
     this.Bind <JAXBContextResolver>();
     this.Bind <RMWebServices>();
     this.Bind <GenericExceptionHandler>();
     try
     {
         this._enclosing.userName = UserGroupInformation.GetCurrentUser().GetShortUserName
                                        ();
     }
     catch (IOException ioe)
     {
         throw new RuntimeException("Unable to get current user name " + ioe.Message, ioe);
     }
     this._enclosing.notUserName = this._enclosing.userName + "abc123";
     this._enclosing.conf        = new YarnConfiguration();
     this._enclosing.conf.Set(YarnConfiguration.YarnAdminAcl, this._enclosing.userName
                              );
     Org.Apache.Hadoop.Yarn.Server.Resourcemanager.Webapp.TestRMWebServicesNodeLabels.
     rm = new MockRM(this._enclosing.conf);
     this.Bind <ResourceManager>().ToInstance(Org.Apache.Hadoop.Yarn.Server.Resourcemanager.Webapp.TestRMWebServicesNodeLabels
                                              .rm);
     this.Filter("/*").Through(typeof(TestRMWebServicesAppsModification.TestRMCustomAuthFilter
                                      ));
     this.Serve("/*").With(typeof(GuiceContainer));
 }
Пример #30
0
        public virtual void TestRefreshAdminAcls()
        {
            // Setting current user to admin acl
            conf.Set(JHAdminConfig.JhsAdminAcl, UserGroupInformation.GetCurrentUser().GetUserName
                         ());
            string[] args = new string[1];
            args[0] = "-refreshAdminAcls";
            hsAdminClient.Run(args);
            // Now I should be able to run any hsadmin command without any exception
            // being thrown
            args[0] = "-refreshSuperUserGroupsConfiguration";
            hsAdminClient.Run(args);
            // Lets remove current user from admin acl
            conf.Set(JHAdminConfig.JhsAdminAcl, "notCurrentUser");
            args[0] = "-refreshAdminAcls";
            hsAdminClient.Run(args);
            // Now I should get an exception if i run any hsadmin command
            Exception th = null;

            args[0] = "-refreshSuperUserGroupsConfiguration";
            try
            {
                hsAdminClient.Run(args);
            }
            catch (Exception e)
            {
                th = e;
            }
            NUnit.Framework.Assert.IsTrue(th is RemoteException);
        }