CredentialsTestJob.java

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.apache.hadoop.mapreduce.security;

import java.io.IOException;


import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.conf.Configured;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.io.IntWritable;
import org.apache.hadoop.io.NullWritable;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.mapreduce.Job;
import org.apache.hadoop.mapreduce.MRJobConfig;
import org.apache.hadoop.mapreduce.Mapper;
import org.apache.hadoop.mapreduce.Reducer;
import org.apache.hadoop.mapreduce.SleepJob;
import org.apache.hadoop.mapreduce.lib.input.FileInputFormat;
import org.apache.hadoop.mapreduce.lib.output.NullOutputFormat;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.util.Tool;
import org.apache.hadoop.util.ToolRunner;

/**
 * class for testing transport of keys via Credentials . 
 * Client passes a list of keys in the Credentials object. 
 * The mapper and reducer checks whether it can access the keys
 * from Credentials.
 */
public class CredentialsTestJob extends Configured implements Tool {

  private static final int NUM_OF_KEYS = 10;

  private static void checkSecrets(Credentials ts) {
    if  ( ts == null){
      throw new RuntimeException("The credentials are not available"); 
      // fail the test
    }

    for(int i=0; i<NUM_OF_KEYS; i++) {
      String secretName = "alias"+i;
      // get token storage and a key
      byte[] secretValue =  ts.getSecretKey(new Text(secretName));
      System.out.println(secretValue);

      if (secretValue == null){
        throw new RuntimeException("The key "+ secretName + " is not available. "); 
        // fail the test
      }

      String secretValueStr = new String (secretValue);

      if  ( !("password"+i).equals(secretValueStr)){
        throw new RuntimeException("The key "+ secretName +
            " is not correct. Expected value is "+ ("password"+i) +
            ". Actual value is " + secretValueStr); // fail the test
      }        
    }
  }

  public static class CredentialsTestMapper 
  extends Mapper<IntWritable, IntWritable, IntWritable, NullWritable> {
    Credentials ts;

    protected void setup(Context context) 
    throws IOException, InterruptedException {
      ts = context.getCredentials();
    }

    public void map(IntWritable key, IntWritable value, Context context
    ) throws IOException, InterruptedException {
      checkSecrets(ts);

    }
  }

  public static class CredentialsTestReducer  
  extends Reducer<IntWritable, NullWritable, NullWritable, NullWritable> {
    Credentials ts;

    protected void setup(Context context) 
    throws IOException, InterruptedException {
      ts = context.getCredentials();
    }

    public void reduce(IntWritable key, Iterable<NullWritable> values,
        Context context)
    throws IOException {
      checkSecrets(ts);
    }
  }

  public static void main(String[] args) throws Exception {
    int res = ToolRunner.run(new Configuration(), new CredentialsTestJob(), args);
    System.exit(res);
  }

  public Job createJob() 
  throws IOException {
    Configuration conf = getConf();
    conf.setInt(MRJobConfig.NUM_MAPS, 1);
    Job job = Job.getInstance(conf, "test");
    job.setNumReduceTasks(1);
    job.setJarByClass(CredentialsTestJob.class);
    job.setNumReduceTasks(1);
    job.setMapperClass(CredentialsTestJob.CredentialsTestMapper.class);
    job.setMapOutputKeyClass(IntWritable.class);
    job.setMapOutputValueClass(NullWritable.class);
    job.setReducerClass(CredentialsTestJob.CredentialsTestReducer.class);
    job.setInputFormatClass(SleepJob.SleepInputFormat.class);
    job.setPartitionerClass(SleepJob.SleepJobPartitioner.class);
    job.setOutputFormatClass(NullOutputFormat.class);
    job.setSpeculativeExecution(false);
    job.setJobName("test job");
    FileInputFormat.addInputPath(job, new Path("ignored"));
    return job;
  }

  public int run(String[] args) throws Exception {

    Job job = createJob();
    return job.waitForCompletion(true) ? 0 : 1;
  }

}