Source code

001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *      http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018
019package org.apache.oozie.action.hadoop;
020
021import org.apache.hadoop.conf.Configuration;
022import org.apache.hadoop.io.Text;
023import org.apache.hadoop.security.Credentials;
024import org.apache.hadoop.security.token.Token;
025import org.apache.hadoop.security.token.TokenIdentifier;
026import org.apache.hadoop.yarn.client.ClientRMProxy;
027import org.apache.hadoop.yarn.client.api.YarnClient;
028import org.apache.hadoop.yarn.util.ConverterUtils;
029import org.apache.oozie.ErrorCode;
030import org.apache.oozie.action.ActionExecutor;
031import org.apache.oozie.service.HadoopAccessorService;
032import org.apache.oozie.service.Services;
033import org.apache.oozie.util.XLog;
034
035public class YarnRMCredentials implements CredentialsProvider {
036    /**
037     * Add an RM_DELEGATION_TOKEN to the {@link Credentials} provided.
038     *
039     * @param credentials the credentials object which is updated
040     * @param config launcher AM configuration
041     * @param props properties for getting credential token or certificate
042     * @param context workflow context
043     * @throws Exception thrown if failed
044     */
045    @Override
046    public void updateCredentials(Credentials credentials, Configuration config, CredentialsProperties props,
047                                  ActionExecutor.Context context) throws Exception {
048        Text rmDelegationTokenService = ClientRMProxy.getRMDelegationTokenService(config);
049        if (rmDelegationTokenService == null) {
050            throw new CredentialException(ErrorCode.E0512, "Can't create RMDelegationTokenService");
051        }
052        try (YarnClient yarnClient = Services.get().get(HadoopAccessorService.class)
053                .createYarnClient(context.getWorkflow().getUser(), config)) {
054            org.apache.hadoop.yarn.api.records.Token rmDelegationToken =
055                    yarnClient.getRMDelegationToken(new Text(new HadoopTokenHelper().getServerPrincipal(config)));
056            if (rmDelegationToken == null) {
057                throw new CredentialException(ErrorCode.E0512, "Returned token is null");
058            }
059            Token<TokenIdentifier> rmToken = ConverterUtils.convertFromYarn(rmDelegationToken, rmDelegationTokenService);
060            credentials.addToken(rmDelegationTokenService, rmToken);
061        } catch (Exception e) {
062            XLog.getLog(getClass()).debug("Exception in updateCredentials", e);
063            throw e;
064        }
065    }
066
067}