Google Git
Sign in
apache / tez / 8b5d40fe831a33c05464c84d40a0f622cfd64d35^! / .
commit8b5d40fe831a33c05464c84d40a0f622cfd64d35[log] [tgz]
authorLászló Bodor <bodorlaszlo0202@gmail.com>Thu Jan 23 11:21:21 2020 +0100
committerLaszlo Bodor <bodorlaszlo0202@gmail.com>Thu Jan 23 11:21:21 2020 +0100
treec1296c41d67bd72b7cdd125e9cb787f994f8dbd4
parentb27e5ddfe40fab0fc493e93dd43a22c9d9f3782c [diff]
TEZ-4102: Let session credentials be merged before merging am launch credentials (László Bodor reviewed by Ashutosh Chauhan)

Signed-off-by: Laszlo Bodor <bodorlaszlo0202@gmail.com>

diff --git a/tez-api/src/main/java/org/apache/tez/client/TezClientUtils.java b/tez-api/src/main/java/org/apache/tez/client/TezClientUtils.java
index 2b21024..2aeabe4 100644
--- a/tez-api/src/main/java/org/apache/tez/client/TezClientUtils.java
+++ b/tez-api/src/main/java/org/apache/tez/client/TezClientUtils.java

@@ -470,19 +470,8 @@
     // Setup required Credentials for the AM launch. DAG specific credentials
     // are handled separately.
     ByteBuffer securityTokens = null;
-    // Setup security tokens
-    Credentials amLaunchCredentials = new Credentials();
-    if (amConfig.getCredentials() != null) {
-      amLaunchCredentials.addAll(amConfig.getCredentials());
-    }
-
-    // Add Staging dir creds to the list of session credentials.
-    TokenCache.obtainTokensForFileSystems(sessionCreds, new Path[]{binaryConfPath}, conf);
-
-    populateTokenCache(conf, sessionCreds);
-
-    // Add session specific credentials to the AM credentials.
-    amLaunchCredentials.mergeAll(sessionCreds);
+    Credentials amLaunchCredentials =
+        prepareAmLaunchCredentials(amConfig, sessionCreds, conf, binaryConfPath);
 
     DataOutputBuffer dob = new DataOutputBuffer();
     amLaunchCredentials.writeTokenStorageToStream(dob);
@@ -703,6 +692,25 @@
 
   }
 
+  static Credentials prepareAmLaunchCredentials(AMConfiguration amConfig, Credentials sessionCreds,
+      TezConfiguration conf, Path binaryConfPath) throws IOException {
+    // Setup security tokens
+    Credentials amLaunchCredentials = new Credentials();
+
+    // Add Staging dir creds to the list of session credentials.
+    TokenCache.obtainTokensForFileSystems(sessionCreds, new Path[] {binaryConfPath }, conf);
+
+    populateTokenCache(conf, sessionCreds);
+
+    // Add session specific credentials to the AM credentials.
+    amLaunchCredentials.mergeAll(sessionCreds);
+
+    if (amConfig.getCredentials() != null) {
+      amLaunchCredentials.mergeAll(amConfig.getCredentials());
+    }
+    return amLaunchCredentials;
+  }
+
   //get secret keys and tokens and store them into TokenCache
   private static void populateTokenCache(TezConfiguration conf, Credentials credentials)
           throws IOException{

diff --git a/tez-api/src/test/java/org/apache/tez/client/TestTezClientUtils.java b/tez-api/src/test/java/org/apache/tez/client/TestTezClientUtils.java
index 581d722..edcec49 100644
--- a/tez-api/src/test/java/org/apache/tez/client/TestTezClientUtils.java
+++ b/tez-api/src/test/java/org/apache/tez/client/TestTezClientUtils.java

@@ -46,8 +46,10 @@
 import org.apache.hadoop.fs.permission.FsPermission;
 import org.apache.hadoop.hdfs.DistributedFileSystem;
 import org.apache.hadoop.io.DataInputByteBuffer;
+import org.apache.hadoop.io.Text;
 import org.apache.hadoop.security.Credentials;
 import org.apache.hadoop.security.token.Token;
+import org.apache.hadoop.security.token.TokenIdentifier;
 import org.apache.hadoop.yarn.api.ApplicationConstants;
 import org.apache.hadoop.yarn.api.ApplicationConstants.Environment;
 import org.apache.hadoop.yarn.api.records.ApplicationId;
@@ -890,5 +892,29 @@
 
   }
 
+  @Test
+  public void testSessionCredentialsMergedBeforeAmConfigCredentials() throws Exception {
+    TezConfiguration conf = new TezConfiguration();
+    Text tokenType = new Text("TEST_TOKEN_TYPE");
+    Text tokenKind = new Text("TEST_TOKEN_KIND");
+    Text tokenService = new Text("TEST_TOKEN_SERVICE");
 
+    Credentials amConfigCredentials = new Credentials();
+    amConfigCredentials.addToken(tokenType,
+        new Token<>("id1".getBytes(), null, tokenKind, tokenService));
+
+    Credentials sessionCredentials = new Credentials();
+    Token<TokenIdentifier> sessionToken =
+        new Token<>("id2".getBytes(), null, tokenKind, tokenService);
+    sessionCredentials.addToken(tokenType, sessionToken);
+
+    AMConfiguration amConfig = new AMConfiguration(conf, null, amConfigCredentials);
+
+    Credentials amLaunchCredentials =
+        TezClientUtils.prepareAmLaunchCredentials(amConfig, sessionCredentials, conf, null);
+
+    // if there is another token in am conf creds of the same token type,
+    // session token should be applied while creating ContainerLaunchContext
+    Assert.assertEquals(sessionToken, amLaunchCredentials.getToken(tokenType));
+  }
 }