diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/api/records/ClientToken.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/api/records/ClientToken.java new file mode 100644 index 0000000000..92c4d9eb5d --- /dev/null +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/api/records/ClientToken.java @@ -0,0 +1,39 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.yarn.api.records; + +import org.apache.hadoop.classification.InterfaceAudience.Public; +import org.apache.hadoop.classification.InterfaceStability.Stable; + +/** + *

+ * ClientToken is the security token used by the AMs to verify + * authenticity of any client. + *

+ * + *

+ * The ResourceManager, provides a secure token (via + * {@link ApplicationReport#getClientToken()}) which is verified by the + * ApplicationMaster when the client directly talks to an AM. + *

+ * + */ +@Public +@Stable +public interface ClientToken extends Token {} diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/api/records/Token.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/api/records/Token.java new file mode 100644 index 0000000000..addc234e03 --- /dev/null +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/api/records/Token.java @@ -0,0 +1,82 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.yarn.api.records; + +import java.nio.ByteBuffer; + +import org.apache.hadoop.classification.InterfaceAudience.Private; +import org.apache.hadoop.classification.InterfaceAudience.Public; +import org.apache.hadoop.classification.InterfaceStability.Stable; + +/** + *

Token is the security entity used by the framework + * to verify authenticity of any resource.

+ */ +@Public +@Stable +public interface Token { + /** + * Get the token identifier. + * @return token identifier + */ + @Public + @Stable + ByteBuffer getIdentifier(); + + @Private + @Stable + void setIdentifier(ByteBuffer identifier); + + /** + * Get the token password + * @return token password + */ + @Public + @Stable + ByteBuffer getPassword(); + + @Private + @Stable + void setPassword(ByteBuffer password); + + /** + * Get the token kind. + * @return token kind + */ + @Public + @Stable + String getKind(); + + @Private + @Stable + void setKind(String kind); + + /** + * Get the service to which the token is allocated. + * @return service to which the token is allocated + */ + @Public + @Stable + String getService(); + + @Private + @Stable + void setService(String service); + +} diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/api/records/impl/pb/ClientTokenPBImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/api/records/impl/pb/ClientTokenPBImpl.java new file mode 100644 index 0000000000..6f5c52857e --- /dev/null +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/api/records/impl/pb/ClientTokenPBImpl.java @@ -0,0 +1,33 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.yarn.api.records.impl.pb; + +import org.apache.hadoop.security.proto.SecurityProtos.TokenProto; +import org.apache.hadoop.yarn.api.records.ClientToken; + +public class ClientTokenPBImpl extends TokenPBImpl implements ClientToken { + + public ClientTokenPBImpl() { + super(); + } + + public ClientTokenPBImpl(TokenProto p) { + super(p); + } +} \ No newline at end of file diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/api/records/impl/pb/TokenPBImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/api/records/impl/pb/TokenPBImpl.java new file mode 100644 index 0000000000..fe304e03ad --- /dev/null +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/api/records/impl/pb/TokenPBImpl.java @@ -0,0 +1,165 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.yarn.api.records.impl.pb; + +import java.nio.ByteBuffer; + +import org.apache.hadoop.security.proto.SecurityProtos.TokenProto; +import org.apache.hadoop.security.proto.SecurityProtos.TokenProtoOrBuilder; +import org.apache.hadoop.yarn.api.records.ProtoBase; +import org.apache.hadoop.yarn.api.records.Token; + +public class TokenPBImpl extends ProtoBase implements + Token { + private TokenProto proto = TokenProto.getDefaultInstance(); + private TokenProto.Builder builder = null; + private boolean viaProto = false; + + private ByteBuffer identifier; + private ByteBuffer password; + + public TokenPBImpl() { + builder = TokenProto.newBuilder(); + } + + public TokenPBImpl(TokenProto proto) { + this.proto = proto; + viaProto = true; + } + + public synchronized TokenProto getProto() { + mergeLocalToProto(); + proto = viaProto ? proto : builder.build(); + viaProto = true; + return proto; + } + + private synchronized void mergeLocalToBuilder() { + if (this.identifier != null) { + builder.setIdentifier(convertToProtoFormat(this.identifier)); + } + if (this.password != null) { + builder.setPassword(convertToProtoFormat(this.password)); + } + } + + private synchronized void mergeLocalToProto() { + if (viaProto) + maybeInitBuilder(); + mergeLocalToBuilder(); + proto = builder.build(); + viaProto = true; + } + + private synchronized void maybeInitBuilder() { + if (viaProto || builder == null) { + builder = TokenProto.newBuilder(proto); + } + viaProto = false; + } + + @Override + public synchronized ByteBuffer getIdentifier() { + TokenProtoOrBuilder p = viaProto ? proto : builder; + if (this.identifier != null) { + return this.identifier; + } + if (!p.hasIdentifier()) { + return null; + } + this.identifier = convertFromProtoFormat(p.getIdentifier()); + return this.identifier; + } + + @Override + public synchronized void setIdentifier(ByteBuffer identifier) { + maybeInitBuilder(); + if (identifier == null) + builder.clearIdentifier(); + this.identifier = identifier; + } + + @Override + public synchronized ByteBuffer getPassword() { + TokenProtoOrBuilder p = viaProto ? proto : builder; + if (this.password != null) { + return this.password; + } + if (!p.hasPassword()) { + return null; + } + this.password = convertFromProtoFormat(p.getPassword()); + return this.password; + } + + @Override + public synchronized void setPassword(ByteBuffer password) { + maybeInitBuilder(); + if (password == null) + builder.clearPassword(); + this.password = password; + } + + @Override + public synchronized String getKind() { + TokenProtoOrBuilder p = viaProto ? proto : builder; + if (!p.hasKind()) { + return null; + } + return (p.getKind()); + } + + @Override + public synchronized void setKind(String kind) { + maybeInitBuilder(); + if (kind == null) { + builder.clearKind(); + return; + } + builder.setKind((kind)); + } + + @Override + public synchronized String getService() { + TokenProtoOrBuilder p = viaProto ? proto : builder; + if (!p.hasService()) { + return null; + } + return (p.getService()); + } + + @Override + public synchronized void setService(String service) { + maybeInitBuilder(); + if (service == null) { + builder.clearService(); + return; + } + builder.setService((service)); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("Token { "); + sb.append("kind: ").append(getKind()).append(", "); + sb.append("service: ").append(getService()).append(" }"); + return sb.toString(); + } +}