goiri commented on code in PR #5185:
URL: https://github.com/apache/hadoop/pull/5185#discussion_r1049126669
##########
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-router/src/main/java/org/apache/hadoop/yarn/server/router/webapp/FederationInterceptorREST.java:
##########
@@ -1564,25 +1581,178 @@ public Response updateAppQueue(AppQueue targetQueue,
HttpServletRequest hsr,
throw new RuntimeException("updateAppQueue Failed.");
}
+ /**
+ * This method posts a delegation token from the client.
+ *
+ * @param tokenData the token to delegate. It is a content param.
+ * @param hsr the servlet request.
+ * @return Response containing the status code.
+ * @throws AuthorizationException if Kerberos auth failed.
+ * @throws IOException if the delegation failed.
+ * @throws InterruptedException if interrupted.
+ * @throws Exception in case of bad request.
+ */
@Override
- public Response postDelegationToken(DelegationToken tokenData,
- HttpServletRequest hsr) throws AuthorizationException, IOException,
- InterruptedException, Exception {
- throw new NotImplementedException("Code is not implemented");
+ public Response postDelegationToken(DelegationToken tokenData,
HttpServletRequest hsr)
+ throws AuthorizationException, IOException, InterruptedException,
Exception {
+
+ if (tokenData == null || hsr == null) {
+ throw new IllegalArgumentException("Parameter error, the tokenData or
hsr is null.");
+ }
+
+ try {
+ // get Caller UserGroupInformation
+ Configuration conf = federationFacade.getConf();
+ UserGroupInformation callerUGI = getKerberosUserGroupInformation(conf,
hsr);
+
+ // create a delegation token
+ return createDelegationToken(tokenData, callerUGI);
+ } catch (YarnException e) {
+ LOG.error("Create delegation token request failed.", e);
+ return Response.status(Status.FORBIDDEN).entity(e.getMessage()).build();
+ }
}
+ /**
+ * Create DelegationToken.
+ *
+ * @param dtoken DelegationToken Data.
+ * @param callerUGI UserGroupInformation.
+ * @return Response.
+ * @throws Exception An exception occurred when creating a delegationToken.
+ */
+ private Response createDelegationToken(DelegationToken dtoken,
UserGroupInformation callerUGI)
+ throws IOException, InterruptedException {
+
+ String renewer = dtoken.getRenewer();
+
+ GetDelegationTokenResponse resp = callerUGI.doAs(
+ (PrivilegedExceptionAction<GetDelegationTokenResponse>) () -> {
+ GetDelegationTokenRequest createReq =
GetDelegationTokenRequest.newInstance(renewer);
+ return this.getRouterClientRMService().getDelegationToken(createReq);
+ });
+
+ org.apache.hadoop.yarn.api.records.Token token =
resp.getRMDelegationToken();
Review Comment:
Or maybe even the `DelegationToken respToken`
##########
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-router/src/main/java/org/apache/hadoop/yarn/server/router/webapp/FederationInterceptorREST.java:
##########
@@ -1564,25 +1581,178 @@ public Response updateAppQueue(AppQueue targetQueue,
HttpServletRequest hsr,
throw new RuntimeException("updateAppQueue Failed.");
}
+ /**
+ * This method posts a delegation token from the client.
+ *
+ * @param tokenData the token to delegate. It is a content param.
+ * @param hsr the servlet request.
+ * @return Response containing the status code.
+ * @throws AuthorizationException if Kerberos auth failed.
+ * @throws IOException if the delegation failed.
+ * @throws InterruptedException if interrupted.
+ * @throws Exception in case of bad request.
+ */
@Override
- public Response postDelegationToken(DelegationToken tokenData,
- HttpServletRequest hsr) throws AuthorizationException, IOException,
- InterruptedException, Exception {
- throw new NotImplementedException("Code is not implemented");
+ public Response postDelegationToken(DelegationToken tokenData,
HttpServletRequest hsr)
+ throws AuthorizationException, IOException, InterruptedException,
Exception {
+
+ if (tokenData == null || hsr == null) {
+ throw new IllegalArgumentException("Parameter error, the tokenData or
hsr is null.");
+ }
+
+ try {
+ // get Caller UserGroupInformation
+ Configuration conf = federationFacade.getConf();
+ UserGroupInformation callerUGI = getKerberosUserGroupInformation(conf,
hsr);
+
+ // create a delegation token
+ return createDelegationToken(tokenData, callerUGI);
+ } catch (YarnException e) {
+ LOG.error("Create delegation token request failed.", e);
+ return Response.status(Status.FORBIDDEN).entity(e.getMessage()).build();
+ }
}
+ /**
+ * Create DelegationToken.
+ *
+ * @param dtoken DelegationToken Data.
+ * @param callerUGI UserGroupInformation.
+ * @return Response.
+ * @throws Exception An exception occurred when creating a delegationToken.
+ */
+ private Response createDelegationToken(DelegationToken dtoken,
UserGroupInformation callerUGI)
+ throws IOException, InterruptedException {
+
+ String renewer = dtoken.getRenewer();
+
+ GetDelegationTokenResponse resp = callerUGI.doAs(
+ (PrivilegedExceptionAction<GetDelegationTokenResponse>) () -> {
+ GetDelegationTokenRequest createReq =
GetDelegationTokenRequest.newInstance(renewer);
+ return this.getRouterClientRMService().getDelegationToken(createReq);
+ });
+
+ org.apache.hadoop.yarn.api.records.Token token =
resp.getRMDelegationToken();
Review Comment:
It might be cleaner to have a static method for this:
```
private static Token<RMDelegationTokenIdentifier>
getToken(GetDelegationTokenResponse resp) {
```
##########
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-router/src/test/java/org/apache/hadoop/yarn/server/router/webapp/TestFederationInterceptorREST.java:
##########
@@ -156,6 +172,31 @@ public void setUp() {
Assert.fail();
Review Comment:
This is from before but if we just surface the exception we don't need to
add the fail().
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
