slfan1989 commented on code in PR #5185:
URL: https://github.com/apache/hadoop/pull/5185#discussion_r1049129569
##########
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-router/src/main/java/org/apache/hadoop/yarn/server/router/webapp/FederationInterceptorREST.java:
##########
@@ -1564,25 +1581,178 @@ public Response updateAppQueue(AppQueue targetQueue,
HttpServletRequest hsr,
throw new RuntimeException("updateAppQueue Failed.");
}
+ /**
+ * This method posts a delegation token from the client.
+ *
+ * @param tokenData the token to delegate. It is a content param.
+ * @param hsr the servlet request.
+ * @return Response containing the status code.
+ * @throws AuthorizationException if Kerberos auth failed.
+ * @throws IOException if the delegation failed.
+ * @throws InterruptedException if interrupted.
+ * @throws Exception in case of bad request.
+ */
@Override
- public Response postDelegationToken(DelegationToken tokenData,
- HttpServletRequest hsr) throws AuthorizationException, IOException,
- InterruptedException, Exception {
- throw new NotImplementedException("Code is not implemented");
+ public Response postDelegationToken(DelegationToken tokenData,
HttpServletRequest hsr)
+ throws AuthorizationException, IOException, InterruptedException,
Exception {
+
+ if (tokenData == null || hsr == null) {
+ throw new IllegalArgumentException("Parameter error, the tokenData or
hsr is null.");
+ }
+
+ try {
+ // get Caller UserGroupInformation
+ Configuration conf = federationFacade.getConf();
+ UserGroupInformation callerUGI = getKerberosUserGroupInformation(conf,
hsr);
+
+ // create a delegation token
+ return createDelegationToken(tokenData, callerUGI);
+ } catch (YarnException e) {
+ LOG.error("Create delegation token request failed.", e);
+ return Response.status(Status.FORBIDDEN).entity(e.getMessage()).build();
+ }
}
+ /**
+ * Create DelegationToken.
+ *
+ * @param dtoken DelegationToken Data.
+ * @param callerUGI UserGroupInformation.
+ * @return Response.
+ * @throws Exception An exception occurred when creating a delegationToken.
+ */
+ private Response createDelegationToken(DelegationToken dtoken,
UserGroupInformation callerUGI)
+ throws IOException, InterruptedException {
+
+ String renewer = dtoken.getRenewer();
+
+ GetDelegationTokenResponse resp = callerUGI.doAs(
+ (PrivilegedExceptionAction<GetDelegationTokenResponse>) () -> {
+ GetDelegationTokenRequest createReq =
GetDelegationTokenRequest.newInstance(renewer);
+ return this.getRouterClientRMService().getDelegationToken(createReq);
+ });
+
+ org.apache.hadoop.yarn.api.records.Token token =
resp.getRMDelegationToken();
Review Comment:
Thanks for your suggestion, I will modify the code.
##########
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-router/src/test/java/org/apache/hadoop/yarn/server/router/webapp/TestFederationInterceptorREST.java:
##########
@@ -156,6 +172,31 @@ public void setUp() {
Assert.fail();
Review Comment:
I will fix it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
