hadoop-mapreduce-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From omal...@apache.org
Subject svn commit: r908272 - in /hadoop/mapreduce/trunk/src: java/org/apache/hadoop/mapreduce/security/token/delegation/ test/mapred/org/apache/hadoop/mapreduce/security/token/ test/mapred/org/apache/hadoop/mapreduce/security/token/delegation/
Date Tue, 09 Feb 2010 23:09:02 GMT
Author: omalley
Date: Tue Feb  9 23:08:59 2010
New Revision: 908272

URL: http://svn.apache.org/viewvc?rev=908272&view=rev
Log:
MAPREDUCE-1433. Add a delegation token for MapReduce. (omalley)

Added:
    hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/token/delegation/
    hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/token/delegation/DelegationTokenIdentifier.java
    hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/token/delegation/DelegationTokenSecretManager.java
    hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/token/delegation/DelegationTokenSelector.java
    hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapreduce/security/token/
    hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapreduce/security/token/delegation/
    hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapreduce/security/token/delegation/TestDelegationToken.java

Added: hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/token/delegation/DelegationTokenIdentifier.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/token/delegation/DelegationTokenIdentifier.java?rev=908272&view=auto
==============================================================================
--- hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/token/delegation/DelegationTokenIdentifier.java
(added)
+++ hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/token/delegation/DelegationTokenIdentifier.java
Tue Feb  9 23:08:59 2010
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.mapreduce.security.token.delegation;
+
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.io.Text;
+import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
+
+/**
+ * A delegation token identifier that is specific to MapReduce.
+ */
+@InterfaceAudience.Private
+public class DelegationTokenIdentifier 
+    extends AbstractDelegationTokenIdentifier {
+  static final Text MAPREDUCE_DELEGATION_KIND = 
+    new Text("MAPREDUCE_DELEGATION_TOKEN");
+
+  /**
+   * Create an empty delegation token identifier for reading into.
+   */
+  public DelegationTokenIdentifier() {
+  }
+
+  /**
+   * Create a new delegation token identifier
+   * @param owner the effective username of the token owner
+   * @param renewer the username of the renewer
+   * @param realUser the real username of the token owner
+   */
+  public DelegationTokenIdentifier(Text owner, Text renewer, Text realUser) {
+    super(owner, renewer, realUser);
+  }
+
+  @Override
+  public Text getKind() {
+    return MAPREDUCE_DELEGATION_KIND;
+  }
+
+}

Added: hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/token/delegation/DelegationTokenSecretManager.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/token/delegation/DelegationTokenSecretManager.java?rev=908272&view=auto
==============================================================================
--- hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/token/delegation/DelegationTokenSecretManager.java
(added)
+++ hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/token/delegation/DelegationTokenSecretManager.java
Tue Feb  9 23:08:59 2010
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.mapreduce.security.token.delegation;
+
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
+
+/**
+ * A MapReduce specific delegation token secret manager.
+ * The secret manager is responsible for generating and accepting the password
+ * for each token.
+ */
+@InterfaceAudience.Private
+public class DelegationTokenSecretManager
+    extends AbstractDelegationTokenSecretManager<DelegationTokenIdentifier> {
+
+  /**
+   * Create a secret manager
+   * @param delegationKeyUpdateInterval the number of seconds for rolling new
+   *        secret keys.
+   * @param delegationTokenMaxLifetime the maximum lifetime of the delegation
+   *        tokens
+   * @param delegationTokenRenewInterval how often the tokens must be renewed
+   * @param delegationTokenRemoverScanInterval how often the tokens are scanned
+   *        for expired tokens
+   */
+  public DelegationTokenSecretManager(long delegationKeyUpdateInterval,
+                                      long delegationTokenMaxLifetime, 
+                                      long delegationTokenRenewInterval,
+                                      long delegationTokenRemoverScanInterval) {
+    super(delegationKeyUpdateInterval, delegationTokenMaxLifetime,
+          delegationTokenRenewInterval, delegationTokenRemoverScanInterval);
+  }
+
+  @Override
+  public DelegationTokenIdentifier createIdentifier() {
+    return new DelegationTokenIdentifier();
+  }
+
+}

Added: hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/token/delegation/DelegationTokenSelector.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/token/delegation/DelegationTokenSelector.java?rev=908272&view=auto
==============================================================================
--- hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/token/delegation/DelegationTokenSelector.java
(added)
+++ hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/token/delegation/DelegationTokenSelector.java
Tue Feb  9 23:08:59 2010
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.mapreduce.security.token.delegation;
+
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSelector;
+
+/**
+ * A delegation token that is specialized for MapReduce
+ */
+@InterfaceAudience.Private
+public class DelegationTokenSelector
+    extends AbstractDelegationTokenSelector<DelegationTokenIdentifier>{
+
+  public DelegationTokenSelector() {
+    super(DelegationTokenIdentifier.MAPREDUCE_DELEGATION_KIND);
+  }
+}

Added: hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapreduce/security/token/delegation/TestDelegationToken.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapreduce/security/token/delegation/TestDelegationToken.java?rev=908272&view=auto
==============================================================================
--- hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapreduce/security/token/delegation/TestDelegationToken.java
(added)
+++ hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapreduce/security/token/delegation/TestDelegationToken.java
Tue Feb  9 23:08:59 2010
@@ -0,0 +1,93 @@
+/** Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.mapreduce.security.token.delegation;
+
+import java.io.DataInputStream;
+import java.io.DataOutputStream;
+import java.security.PrivilegedExceptionAction;
+
+import org.apache.hadoop.io.DataInputBuffer;
+import org.apache.hadoop.io.DataOutputBuffer;
+import org.apache.hadoop.io.Text;
+import org.apache.hadoop.mapred.JobClient;
+import org.apache.hadoop.mapred.JobConf;
+import org.apache.hadoop.mapred.MiniMRCluster;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.token.Token;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+public class TestDelegationToken {
+  private MiniMRCluster cluster;
+  private UserGroupInformation user1;
+  private UserGroupInformation user2;
+  
+  @Before
+  public void setup() throws Exception {
+    user1 = UserGroupInformation.createUserForTesting("alice", 
+                                                      new String[]{"users"});
+    user2 = UserGroupInformation.createUserForTesting("bob", 
+                                                      new String[]{"users"});
+    cluster = new MiniMRCluster(0,0,1,"file:///",1);
+  }
+  
+  @Test
+  public void testDelegationToken() throws Exception {
+    
+    JobClient client;
+    client = user1.doAs(new PrivilegedExceptionAction<JobClient>(){
+
+      @Override
+      public JobClient run() throws Exception {
+        return new JobClient(cluster.createJobConf());
+      }});
+    JobClient bobClient;
+    bobClient = user2.doAs(new PrivilegedExceptionAction<JobClient>(){
+
+      @Override
+      public JobClient run() throws Exception {
+        return new JobClient(cluster.createJobConf());
+      }});
+    
+    Token<DelegationTokenIdentifier> token = 
+      client.getDelegationToken(new Text(user1.getUserName()));
+    
+    DataInputBuffer inBuf = new DataInputBuffer();
+    byte[] bytes = token.getIdentifier();
+    inBuf.reset(bytes, bytes.length);
+    DelegationTokenIdentifier ident = new DelegationTokenIdentifier();
+    ident.readFields(inBuf);
+    
+    assertEquals("alice", ident.getUser().getUserName());
+    long createTime = ident.getIssueDate();
+    long maxTime = ident.getMaxDate();
+    long currentTime = System.currentTimeMillis();
+    System.out.println("create time: " + createTime);
+    System.out.println("current time: " + currentTime);
+    System.out.println("max time: " + maxTime);
+    assertTrue("createTime < current", createTime < currentTime);
+    assertTrue("current < maxTime", currentTime < maxTime);
+    assertTrue("alice renew", client.renewDelegationToken(token));
+    assertTrue("alice renew", client.renewDelegationToken(token));
+    assertFalse("bob renew", bobClient.renewDelegationToken(token));
+    assertFalse("bob cancel", bobClient.cancelDelegationToken(token));
+    assertTrue("alice cancel", client.cancelDelegationToken(token));
+    assertFalse("second alice cancel", client.cancelDelegationToken(token));
+  }
+}



Mime
View raw message