You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@gobblin.apache.org by su...@apache.org on 2019/11/16 22:19:02 UTC
[incubator-gobblin] branch master updated: [GOBBLIN-967] Change
token refresh method in YarnContainerSecirityManager
This is an automated email from the ASF dual-hosted git repository.
suvasude pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-gobblin.git
The following commit(s) were added to refs/heads/master by this push:
new 6c099ff [GOBBLIN-967] Change token refresh method in YarnContainerSecirityManager
6c099ff is described below
commit 6c099ff7c82c66ff683c7a7f3e96d3d03c13f9a6
Author: Zihan Li <zi...@zihli-mn1.linkedin.biz>
AuthorDate: Sat Nov 16 14:18:56 2019 -0800
[GOBBLIN-967] Change token refresh method in YarnContainerSecirityManager
Closes #2813 from ZihanLi58/GOBBLIN-967
---
.../gobblin/yarn/YarnContainerSecurityManager.java | 20 +++++++++-----------
.../apache/gobblin/yarn/YarnSecurityManagerTest.java | 7 ++++---
2 files changed, 13 insertions(+), 14 deletions(-)
diff --git a/gobblin-yarn/src/main/java/org/apache/gobblin/yarn/YarnContainerSecurityManager.java b/gobblin-yarn/src/main/java/org/apache/gobblin/yarn/YarnContainerSecurityManager.java
index 12f8d74..060da6a 100644
--- a/gobblin-yarn/src/main/java/org/apache/gobblin/yarn/YarnContainerSecurityManager.java
+++ b/gobblin-yarn/src/main/java/org/apache/gobblin/yarn/YarnContainerSecurityManager.java
@@ -18,10 +18,10 @@
package org.apache.gobblin.yarn;
import java.io.IOException;
-import java.util.Collection;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
@@ -71,7 +71,7 @@ public class YarnContainerSecurityManager extends AbstractIdleService {
@Subscribe
public void handleTokenFileUpdatedEvent(DelegationTokenUpdatedEvent delegationTokenUpdatedEvent) {
try {
- addDelegationTokens(readDelegationTokens(this.tokenFilePath));
+ addCredentials(readCredentials(this.tokenFilePath));
} catch (IOException ioe) {
throw Throwables.propagate(ioe);
}
@@ -91,18 +91,16 @@ public class YarnContainerSecurityManager extends AbstractIdleService {
* Read the {@link Token}s stored in the token file.
*/
@VisibleForTesting
- Collection<Token<? extends TokenIdentifier>> readDelegationTokens(Path tokenFilePath) throws IOException {
- LOGGER.info("Reading updated token from token file: " + tokenFilePath);
- return YarnHelixUtils.readTokensFromFile(tokenFilePath, this.fs.getConf());
+ Credentials readCredentials(Path tokenFilePath) throws IOException {
+ LOGGER.info("Reading updated credentials from token file: " + tokenFilePath);
+ return Credentials.readTokenStorageFile(tokenFilePath, this.fs.getConf());
}
@VisibleForTesting
- void addDelegationTokens(Collection<Token<? extends TokenIdentifier>> tokens) throws IOException {
- for (Token<? extends TokenIdentifier> token : tokens) {
- if (!UserGroupInformation.getCurrentUser().addToken(token)) {
- LOGGER.error(String.format("Failed to add token %s to user %s",
- token.toString(), UserGroupInformation.getLoginUser().getShortUserName()));
- }
+ void addCredentials(Credentials credentials) throws IOException {
+ for (Token<? extends TokenIdentifier> token : credentials.getAllTokens()) {
+ LOGGER.info("updating "+token.toString());
}
+ UserGroupInformation.getCurrentUser().addCredentials(credentials);
}
}
diff --git a/gobblin-yarn/src/test/java/org/apache/gobblin/yarn/YarnSecurityManagerTest.java b/gobblin-yarn/src/test/java/org/apache/gobblin/yarn/YarnSecurityManagerTest.java
index ee15a21..14a8d5b 100644
--- a/gobblin-yarn/src/test/java/org/apache/gobblin/yarn/YarnSecurityManagerTest.java
+++ b/gobblin-yarn/src/test/java/org/apache/gobblin/yarn/YarnSecurityManagerTest.java
@@ -29,6 +29,7 @@ import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.io.Text;
+import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.helix.HelixManager;
@@ -183,9 +184,9 @@ public class YarnSecurityManagerTest {
@Test(dependsOnMethods = "testWriteDelegationTokenToFile")
public void testYarnContainerSecurityManager() throws IOException {
- Collection<Token<?>> tokens = this.yarnContainerSecurityManager.readDelegationTokens(this.tokenFilePath);
- assertToken(tokens);
- this.yarnContainerSecurityManager.addDelegationTokens(tokens);
+ Credentials credentials = this.yarnContainerSecurityManager.readCredentials(this.tokenFilePath);
+ assertToken(credentials.getAllTokens());
+ this.yarnContainerSecurityManager.addCredentials(credentials);
assertToken(UserGroupInformation.getCurrentUser().getTokens());
}