Examples of org.apache.hadoop.yarn.api.records.Token

• org.apache.hadoop.yarn.api.records.Token

  Token is the security entity used by the framework to verify authenticity of any resource.

            String containerMgrBindAddr, ContainerId containerId)
            throws IOException {
          InetSocketAddress addr = NetUtils.getConnectAddress(server);
          String containerManagerBindAddr =
              addr.getHostName() + ":" + addr.getPort();
          Token token =
              tokenSecretManager.createNMToken(
                containerId.getApplicationAttemptId(),
                NodeId.newInstance(addr.getHostName(), addr.getPort()), "user");
          ContainerManagementProtocolProxy cmProxy =
              new ContainerManagementProtocolProxy(conf);

  synchronized public StartContainersResponse startContainers(
      StartContainersRequest requests)
  throws YarnException {

    for (StartContainerRequest request : requests.getStartContainerRequests()) {
      Token containerToken = request.getContainerToken();
      ContainerTokenIdentifier tokenId = null;

      try {
        tokenId = BuilderUtils.newContainerTokenIdentifier(containerToken);
      } catch (IOException e) {

      byte[] password, ContainerTokenIdentifier tokenIdentifier) {
    // RPC layer client expects ip:port as service for tokens
    InetSocketAddress addr =
        NetUtils.createSocketAddrForHost(nodeId.getHost(), nodeId.getPort());
    // NOTE: use SecurityUtil.setTokenService if this becomes a "real" token
    Token containerToken =
        newToken(Token.class, tokenIdentifier.getBytes(),
          ContainerTokenIdentifier.KIND.toString(), password, SecurityUtil
            .buildTokenService(addr).toString());
    return containerToken;
  }

  @SuppressWarnings("static-access")
  @Override
  protected UserGroupInformation getUser() {
    InetSocketAddress rpcAddress = getRpcAddress(getConfiguration());
    Token token = NMTokenCacheCompat.getNMTokenCache().getNMToken(container.getNodeId().toString());

    // this is what node manager requires for auth
    UserGroupInformation user =
        UserGroupInformation.createRemoteUser(container.getId().getApplicationAttemptId().toString());
    org.apache.hadoop.security.token.Token<NMTokenIdentifier> nmToken =

    return response.getApplicationReport();
  }

  public org.apache.hadoop.security.token.Token<AMRMTokenIdentifier>
      getAMRMToken(ApplicationId appId) throws YarnException, IOException {
    Token token = getApplicationReport(appId).getAMRMToken();
    org.apache.hadoop.security.token.Token<AMRMTokenIdentifier> amrmToken =
        null;
    if (token != null) {
      amrmToken = ConverterUtils.convertFromYarn(token, null);
    }

    containerLaunchContext.setLocalResources(localResources);

    // set up the rest of the container
    List<String> commands = Arrays.asList(Shell.getRunScriptCommand(scriptFile));
    containerLaunchContext.setCommands(commands);
    Token containerToken = createContainerToken(cId);

    StartContainerRequest scRequest =
        StartContainerRequest.newInstance(containerLaunchContext,
          containerToken);
    List<StartContainerRequest> list = new ArrayList<StartContainerRequest>();

  protected Token createContainerToken(ContainerId cId) throws InvalidToken {
    Resource r = BuilderUtils.newResource(1024, 1);
    ContainerTokenIdentifier containerTokenIdentifier =
        new ContainerTokenIdentifier(cId, context.getNodeId().toString(), user,
          r, System.currentTimeMillis() + 10000L, 123, DUMMY_RM_IDENTIFIER);
    Token containerToken =
        BuilderUtils.newContainerToken(
          context.getNodeId(),
          context.getContainerTokenSecretManager().retrievePassword(
            containerTokenIdentifier), containerTokenIdentifier);
    return containerToken;

    } while (containerTokenSecretManager.getCurrentKey().getKeyId()
        == tamperedContainerTokenSecretManager.getCurrentKey().getKeyId());

    Resource r = Resource.newInstance(1230, 2);
    // Creating modified containerToken
    Token containerToken =
        tamperedContainerTokenSecretManager.createContainerToken(cId, nodeId,
            user, r);
    Token nmToken =
        nmTokenSecretManagerInRM.createNMToken(appAttemptId, nodeId, user);
    YarnRPC rpc = YarnRPC.create(conf);
    StringBuilder sb = new StringBuilder("Given Container ");
    sb.append(cId);
    sb.append(" seems to have an illegally generated token.");

      for (int i=0; i < assignedContainers; ++i) {

        NodeId nodeId = node.getRMNode().getNodeID();
        ContainerId containerId = BuilderUtils.newContainerId(application
            .getApplicationAttemptId(), application.getNewContainerId());
        Token containerToken = null;

        containerToken =
            this.rmContext.getContainerTokenSecretManager()
              .createContainerToken(containerId, nodeId, application.getUser(),
                capability);

      // Did we previously reserve containers at this 'priority'?
      if (rmContainer != null){
        unreserve(application, priority, node, rmContainer);
      }

      Token containerToken =
          createContainerToken(application, container);
      if (containerToken == null) {
        // Something went wrong...
        return Resources.none();
      }