[ https://issues.apache.org/jira/browse/YARN-6539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17576316#comment-17576316 ]
ASF GitHub Bot commented on YARN-6539: -------------------------------------- slfan1989 commented on code in PR #4712: URL: https://github.com/apache/hadoop/pull/4712#discussion_r939601070 ########## hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-router/src/test/java/org/apache/hadoop/yarn/server/router/secure/AbstractSecureRouterTest.java: ########## @@ -0,0 +1,265 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.yarn.server.router.secure; + +import org.apache.commons.lang3.StringUtils; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.CommonConfigurationKeysPublic; +import org.apache.hadoop.minikdc.MiniKdc; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.yarn.api.ApplicationClientProtocol; +import org.apache.hadoop.yarn.conf.YarnConfiguration; +import org.apache.hadoop.yarn.server.federation.store.FederationStateStore; +import org.apache.hadoop.yarn.server.federation.store.records.SubClusterId; +import org.apache.hadoop.yarn.server.federation.utils.FederationStateStoreFacade; +import org.apache.hadoop.yarn.server.federation.utils.FederationStateStoreTestUtil; +import org.apache.hadoop.yarn.server.resourcemanager.MockRM; +import org.apache.hadoop.yarn.server.resourcemanager.TestRMRestart; +import org.apache.hadoop.yarn.server.router.Router; +import org.apache.hadoop.yarn.server.router.clientrm.FederationClientInterceptor; +import org.apache.hadoop.yarn.server.router.clientrm.RouterClientRMService; +import org.apache.hadoop.yarn.server.router.rmadmin.DefaultRMAdminRequestInterceptor; +import org.apache.hadoop.yarn.server.router.rmadmin.RouterRMAdminService; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.File; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; +import java.util.Properties; +import java.util.concurrent.ConcurrentHashMap; + +public class AbstractSecureRouterTest { + + public static final String REALM = "EXAMPLE.COM"; + + public static final String ROUTER = "router"; + public static final String LOCALHOST = "localhost"; + public static final String IP127001 = "127.0.0.1"; + public static final String ROUTER_LOCALHOST = "router/" + LOCALHOST; + public static final String ROUTER_127001 = "router/" + IP127001; + public static final String ROUTER_REALM = "router@" + REALM; + public static final String ROUTER_LOCALHOST_REALM = ROUTER_LOCALHOST + "@" + REALM; + + private static final Logger LOG = LoggerFactory.getLogger(AbstractSecureRouterTest.class); + + public static final Configuration CONF; + + static { + CONF = new Configuration(); + CONF.set("hadoop.security.authentication", "kerberos"); + CONF.setBoolean("hadoop.security.authorization", true); + } + + public static final String SUN_SECURITY_KRB5_DEBUG = "sun.security.krb5.debug"; + + public static final String CLIENT_RM_FEDERATION_CLIENT_INTERCEPTOR = + "org.apache.hadoop.yarn.server.router.clientrm.FederationClientInterceptor"; + + public static final String KERBEROS = "kerberos"; + + private static MiniKdc kdc; + private static File routerKeytab; + private static File kdcWorkDir; + private static Properties kdcConf; + + private Router router = null; + + private static Configuration conf; + + private List<SubClusterId> subClusters; + + private final static int NUM_SUBCLUSTER = 4; + + private static ConcurrentHashMap<SubClusterId, MockRM> mockRMs = + new ConcurrentHashMap<>(); + + @BeforeClass + public static void beforeSecureRouterTestClass() throws Exception { + + // Sets up the KDC and Principals. + setupKDCAndPrincipals(); + + // Init YarnConfiguration + conf = new YarnConfiguration(); + conf.set(YarnConfiguration.ROUTER_BIND_HOST, "0.0.0.0"); + conf.set(YarnConfiguration.ROUTER_CLIENTRM_INTERCEPTOR_CLASS_PIPELINE, + CLIENT_RM_FEDERATION_CLIENT_INTERCEPTOR); + conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, KERBEROS); + conf.set(YarnConfiguration.ROUTER_PRINCIPAL, ROUTER_LOCALHOST_REALM); + conf.set(YarnConfiguration.ROUTER_KEYTAB, routerKeytab.getAbsolutePath()); + } + + /** + * Sets up the KDC and Principals. + * + * @throws Exception an error occurred. + */ + public static void setupKDCAndPrincipals() throws Exception { + // set up the KDC + File target = new File(System.getProperty("test.dir", "target")); + kdcWorkDir = new File(target, "kdc"); + kdcWorkDir.mkdirs(); + if (!kdcWorkDir.mkdirs()) { + Assert.assertTrue(kdcWorkDir.isDirectory()); + } + kdcConf = MiniKdc.createConf(); + kdcConf.setProperty(MiniKdc.DEBUG, "true"); + kdc = new MiniKdc(kdcConf, kdcWorkDir); + kdc.start(); + + routerKeytab = createKeytab(ROUTER, "router.keytab"); + } + + /** + * Initialize RM in safe mode. + * + * @throws Exception an error occurred. + */ + public static void setupSecureMockRM() throws Exception { + for (int i = 0; i < NUM_SUBCLUSTER; i++) { + SubClusterId sc = SubClusterId.newInstance(Integer.toString(i)); + if (mockRMs.containsKey(sc)) { + continue; + } + MockRM mockRM = new TestRMRestart.TestSecurityMockRM(conf); + mockRM.start(); + mockRM.registerNode("127.0.0.1:1234", 8 * 1024, 4); Review Comment: Ok, I will modify the code. > Create SecureLogin inside Router > -------------------------------- > > Key: YARN-6539 > URL: https://issues.apache.org/jira/browse/YARN-6539 > Project: Hadoop YARN > Issue Type: Sub-task > Reporter: Giovanni Matteo Fumarola > Assignee: Xie YiFan > Priority: Minor > Labels: pull-request-available > Attachments: YARN-6359_1.patch, YARN-6359_2.patch, > YARN-6539-branch-3.1.0.004.patch, YARN-6539-branch-3.1.0.005.patch, > YARN-6539.006.patch, YARN-6539.007.patch, YARN-6539.008.patch, > YARN-6539_3.patch, YARN-6539_4.patch > > Time Spent: 5.5h > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org