[
https://issues.apache.org/jira/browse/YARN-9708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583991#comment-17583991
]
ASF GitHub Bot commented on YARN-9708:
--------------------------------------
slfan1989 commented on code in PR #4746:
URL: https://github.com/apache/hadoop/pull/4746#discussion_r953335382
##########
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-router/src/test/java/org/apache/hadoop/yarn/server/router/secure/TestRouterDelegationTokenSecretManager.java:
##########
@@ -0,0 +1,198 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.yarn.server.router.secure;
+
+import org.apache.hadoop.io.Text;
+import org.apache.hadoop.security.token.delegation.DelegationKey;
+import org.apache.hadoop.test.LambdaTestUtils;
+import org.apache.hadoop.util.Time;
+import org.apache.hadoop.yarn.exceptions.YarnException;
+import org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier;
+import org.apache.hadoop.yarn.server.router.clientrm.RouterClientRMService;
+import
org.apache.hadoop.yarn.server.router.security.RouterDelegationTokenSecretManager;
+import org.junit.Assert;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.util.Arrays;
+
+public class TestRouterDelegationTokenSecretManager extends
AbstractSecureRouterTest {
+
+ private static final Logger LOG =
+ LoggerFactory.getLogger(TestRouterDelegationTokenSecretManager.class);
+
+ @Test
+ public void testRouterStoreNewMasterKey() throws Exception {
+ LOG.info("Test RouterDelegationTokenSecretManager: StoreNewMasterKey.");
+
+ // Start the Router in Secure Mode
+ startSecureRouter();
+
+ // Store NewMasterKey
+ RouterClientRMService routerClientRMService =
this.getRouter().getClientRMProxyService();
+ RouterDelegationTokenSecretManager secretManager =
+ routerClientRMService.getRouterDTSecretManager();
+ DelegationKey storeKey = new DelegationKey(1234, 4321,
"keyBytes".getBytes());
+ secretManager.storeNewMasterKey(storeKey);
+
+ // Get DelegationKey
+ DelegationKey paramKey = new DelegationKey(1234, 4321,
"keyBytes".getBytes());
+ DelegationKey responseKey =
secretManager.getMasterKeyByDelegationKey(paramKey);
+
+ Assert.assertNotNull(paramKey);
+ Assert.assertEquals(storeKey.getExpiryDate(), responseKey.getExpiryDate());
+ Assert.assertEquals(storeKey.getKeyId(), responseKey.getKeyId());
+ Assert.assertTrue(Arrays.equals(storeKey.getEncodedKey(),
responseKey.getEncodedKey()));
Review Comment:
I will fix it.
> Yarn Router Support DelegationToken
> -----------------------------------
>
> Key: YARN-9708
> URL: https://issues.apache.org/jira/browse/YARN-9708
> Project: Hadoop YARN
> Issue Type: New Feature
> Components: router
> Affects Versions: 3.1.1
> Reporter: Xie YiFan
> Assignee: fanshilun
> Priority: Minor
> Labels: pull-request-available
> Attachments: Add_getDelegationToken_and_SecureLogin_in_router.patch,
> RMDelegationTokenSecretManager_storeNewMasterKey.svg,
> RouterDelegationTokenSecretManager_storeNewMasterKey.svg
>
>
> 1.we use router as proxy to manage multiple cluster which be independent of
> each other in order to apply unified client. Thus, we implement our
> customized AMRMProxyPolicy that doesn't broadcast ResourceRequest to other
> cluster.
> 2.Our production environment need kerberos. But router doesn't support
> SecureLogin for now.
> https://issues.apache.org/jira/browse/YARN-6539 desn't work. So we
> improvement it.
> 3.Some framework like oozie would get Token via yarnclient#getDelegationToken
> which router doesn't support. Our solution is that adding homeCluster to
> ApplicationSubmissionContextProto & GetDelegationTokenRequestProto. Job would
> be submitted with specified clusterid so that router knows which cluster to
> submit this job. Router would get Token from one RM according to specified
> clusterid when client call getDelegation meanwhile apply some mechanism to
> save this token in memory.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
