001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 019 package org.apache.hadoop.yarn.security; 020 021 import java.io.DataInput; 022 import java.io.DataOutput; 023 import java.io.IOException; 024 025 import org.apache.commons.logging.Log; 026 import org.apache.commons.logging.LogFactory; 027 import org.apache.hadoop.classification.InterfaceAudience; 028 import org.apache.hadoop.classification.InterfaceAudience.Public; 029 import org.apache.hadoop.classification.InterfaceStability.Evolving; 030 import org.apache.hadoop.io.Text; 031 import org.apache.hadoop.security.UserGroupInformation; 032 import org.apache.hadoop.security.token.Token; 033 import org.apache.hadoop.security.token.TokenIdentifier; 034 import org.apache.hadoop.yarn.api.records.ApplicationAttemptId; 035 import org.apache.hadoop.yarn.api.records.ApplicationId; 036 import org.apache.hadoop.yarn.api.records.ContainerId; 037 import org.apache.hadoop.yarn.api.records.Resource; 038 039 /** 040 * TokenIdentifier for a container. Encodes {@link ContainerId}, 041 * {@link Resource} needed by the container and the target NMs host-address. 042 * 043 */ 044 @Public 045 @Evolving 046 public class ContainerTokenIdentifier extends TokenIdentifier { 047 048 private static Log LOG = LogFactory.getLog(ContainerTokenIdentifier.class); 049 050 public static final Text KIND = new Text("ContainerToken"); 051 052 private ContainerId containerId; 053 private String nmHostAddr; 054 private String appSubmitter; 055 private Resource resource; 056 private long expiryTimeStamp; 057 private int masterKeyId; 058 private long rmIdentifier; 059 060 public ContainerTokenIdentifier(ContainerId containerID, String hostName, 061 String appSubmitter, Resource r, long expiryTimeStamp, int masterKeyId, 062 long rmIdentifier) { 063 this.containerId = containerID; 064 this.nmHostAddr = hostName; 065 this.appSubmitter = appSubmitter; 066 this.resource = r; 067 this.expiryTimeStamp = expiryTimeStamp; 068 this.masterKeyId = masterKeyId; 069 this.rmIdentifier = rmIdentifier; 070 } 071 072 /** 073 * Default constructor needed by RPC layer/SecretManager. 074 */ 075 public ContainerTokenIdentifier() { 076 } 077 078 public ContainerId getContainerID() { 079 return this.containerId; 080 } 081 082 public String getApplicationSubmitter() { 083 return this.appSubmitter; 084 } 085 086 public String getNmHostAddress() { 087 return this.nmHostAddr; 088 } 089 090 public Resource getResource() { 091 return this.resource; 092 } 093 094 public long getExpiryTimeStamp() { 095 return this.expiryTimeStamp; 096 } 097 098 public int getMasterKeyId() { 099 return this.masterKeyId; 100 } 101 102 /** 103 * Get the RMIdentifier of RM in which containers are allocated 104 * @return RMIdentifier 105 */ 106 public long getRMIdentifer() { 107 return this.rmIdentifier; 108 } 109 110 @Override 111 public void write(DataOutput out) throws IOException { 112 LOG.debug("Writing ContainerTokenIdentifier to RPC layer: " + this); 113 ApplicationAttemptId applicationAttemptId = this.containerId 114 .getApplicationAttemptId(); 115 ApplicationId applicationId = applicationAttemptId.getApplicationId(); 116 out.writeLong(applicationId.getClusterTimestamp()); 117 out.writeInt(applicationId.getId()); 118 out.writeInt(applicationAttemptId.getAttemptId()); 119 out.writeInt(this.containerId.getId()); 120 out.writeUTF(this.nmHostAddr); 121 out.writeUTF(this.appSubmitter); 122 out.writeInt(this.resource.getMemory()); 123 out.writeInt(this.resource.getVirtualCores()); 124 out.writeLong(this.expiryTimeStamp); 125 out.writeInt(this.masterKeyId); 126 out.writeLong(this.rmIdentifier); 127 } 128 129 @Override 130 public void readFields(DataInput in) throws IOException { 131 ApplicationId applicationId = 132 ApplicationId.newInstance(in.readLong(), in.readInt()); 133 ApplicationAttemptId applicationAttemptId = 134 ApplicationAttemptId.newInstance(applicationId, in.readInt()); 135 this.containerId = 136 ContainerId.newInstance(applicationAttemptId, in.readInt()); 137 this.nmHostAddr = in.readUTF(); 138 this.appSubmitter = in.readUTF(); 139 int memory = in.readInt(); 140 int vCores = in.readInt(); 141 this.resource = Resource.newInstance(memory, vCores); 142 this.expiryTimeStamp = in.readLong(); 143 this.masterKeyId = in.readInt(); 144 this.rmIdentifier = in.readLong(); 145 } 146 147 @Override 148 public Text getKind() { 149 return KIND; 150 } 151 152 @Override 153 public UserGroupInformation getUser() { 154 return UserGroupInformation.createRemoteUser(this.containerId.toString()); 155 } 156 157 // TODO: Needed? 158 @InterfaceAudience.Private 159 public static class Renewer extends Token.TrivialRenewer { 160 @Override 161 protected Text getKind() { 162 return KIND; 163 } 164 } 165 }