From af0842589359ad800427337ad2c84fac09907f72 Mon Sep 17 00:00:00 2001
From: Jonathan Eagles <jeagles@gmail.com>
Date: Mon, 9 Feb 2015 17:56:05 -0600
Subject: [PATCH] YARN-2971. RM uses conf instead of token service address to
 renew timeline delegation tokens (jeagles)

---
 hadoop-yarn-project/CHANGES.txt               |  3 +++
 .../client/api/impl/TimelineClientImpl.java   | 22 ++++++++++++++-----
 .../client/api/impl/TestTimelineClient.java   | 14 ++++++++++--
 3 files changed, 31 insertions(+), 8 deletions(-)

diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt
index 578a8cc2886..634a0e7425c 100644
--- a/hadoop-yarn-project/CHANGES.txt
+++ b/hadoop-yarn-project/CHANGES.txt
@@ -519,6 +519,9 @@ Release 2.7.0 - UNRELEASED
     YARN-3094. Reset timer for liveness monitors after RM recovery. (Jun Gong
     via jianhe)
 
+    YARN-2971. RM uses conf instead of token service address to renew timeline
+    delegation tokens (jeagles)
+
 Release 2.6.0 - 2014-11-18
 
   INCOMPATIBLE CHANGES
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java
index de9d8da766d..0b88632805d 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java
@@ -23,6 +23,7 @@ import java.io.IOException;
 import java.lang.reflect.UndeclaredThrowableException;
 import java.net.ConnectException;
 import java.net.HttpURLConnection;
+import java.net.InetSocketAddress;
 import java.net.URI;
 import java.net.URL;
 import java.net.URLConnection;
@@ -45,6 +46,7 @@ import org.apache.hadoop.classification.InterfaceAudience.Private;
 import org.apache.hadoop.classification.InterfaceStability.Unstable;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.authentication.client.ConnectionConfigurator;
 import org.apache.hadoop.security.ssl.SSLFactory;
 import org.apache.hadoop.security.token.Token;
@@ -373,12 +375,14 @@ public class TimelineClientImpl extends TimelineClient {
         == UserGroupInformation.AuthenticationMethod.PROXY;
     final String doAsUser = isProxyAccess ?
         UserGroupInformation.getCurrentUser().getShortUserName() : null;
+    boolean useHttps = YarnConfiguration.useHttps(this.getConfig());
+    final String scheme = useHttps ? "https" : "http";
+    final InetSocketAddress address = SecurityUtil.getTokenServiceAddr(timelineDT);
     PrivilegedExceptionAction<Long> renewDTAction =
         new PrivilegedExceptionAction<Long>() {
 
           @Override
-          public Long run()
-              throws Exception {
+          public Long run() throws Exception {
             // If the timeline DT to renew is different than cached, replace it.
             // Token to set every time for retry, because when exception happens,
             // DelegationTokenAuthenticatedURL will reset it to null;
@@ -388,8 +392,10 @@ public class TimelineClientImpl extends TimelineClient {
             DelegationTokenAuthenticatedURL authUrl =
                 new DelegationTokenAuthenticatedURL(authenticator,
                     connConfigurator);
+            final URI serviceURI = new URI(scheme, null, address.getHostName(),
+                address.getPort(), RESOURCE_URI_STR, null, null);
             return authUrl
-                .renewDelegationToken(resURI.toURL(), token, doAsUser);
+                .renewDelegationToken(serviceURI.toURL(), token, doAsUser);
           }
         };
     return (Long) operateDelegationToken(renewDTAction);
@@ -405,12 +411,14 @@ public class TimelineClientImpl extends TimelineClient {
         == UserGroupInformation.AuthenticationMethod.PROXY;
     final String doAsUser = isProxyAccess ?
         UserGroupInformation.getCurrentUser().getShortUserName() : null;
+    boolean useHttps = YarnConfiguration.useHttps(this.getConfig());
+    final String scheme = useHttps ? "https" : "http";
+    final InetSocketAddress address = SecurityUtil.getTokenServiceAddr(timelineDT);
     PrivilegedExceptionAction<Void> cancelDTAction =
         new PrivilegedExceptionAction<Void>() {
 
           @Override
-          public Void run()
-              throws Exception {
+          public Void run() throws Exception {
             // If the timeline DT to cancel is different than cached, replace it.
             // Token to set every time for retry, because when exception happens,
             // DelegationTokenAuthenticatedURL will reset it to null;
@@ -420,7 +428,9 @@ public class TimelineClientImpl extends TimelineClient {
             DelegationTokenAuthenticatedURL authUrl =
                 new DelegationTokenAuthenticatedURL(authenticator,
                     connConfigurator);
-            authUrl.cancelDelegationToken(resURI.toURL(), token, doAsUser);
+            final URI serviceURI = new URI(scheme, null, address.getHostName(),
+                address.getPort(), RESOURCE_URI_STR, null, null);
+            authUrl.cancelDelegationToken(serviceURI.toURL(), token, doAsUser);
             return null;
           }
         };
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineClient.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineClient.java
index c8027a20215..859a6c9e222 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineClient.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineClient.java
@@ -238,7 +238,10 @@ public class TestTimelineClient {
             new TimelineDelegationTokenIdentifier(
                 new Text("tester"), new Text("tester"), new Text("tester"));
         client.renewDelegationToken(
-            new Token<TimelineDelegationTokenIdentifier>(timelineDT, dtManager));
+            new Token<TimelineDelegationTokenIdentifier>(timelineDT.getBytes(),
+                dtManager.createPassword(timelineDT),
+                timelineDT.getKind(),
+                new Text("0.0.0.0:8188")));
         assertFail();
       } catch (RuntimeException ce) {
         assertException(client, ce);
@@ -250,7 +253,10 @@ public class TestTimelineClient {
             new TimelineDelegationTokenIdentifier(
                 new Text("tester"), new Text("tester"), new Text("tester"));
         client.cancelDelegationToken(
-            new Token<TimelineDelegationTokenIdentifier>(timelineDT, dtManager));
+            new Token<TimelineDelegationTokenIdentifier>(timelineDT.getBytes(),
+                dtManager.createPassword(timelineDT),
+                timelineDT.getKind(),
+                new Text("0.0.0.0:8188")));
         assertFail();
       } catch (RuntimeException ce) {
         assertException(client, ce);
@@ -371,5 +377,9 @@ public class TestTimelineClient {
       return new TimelineDelegationTokenIdentifier();
     }
 
+    @Override
+    public synchronized byte[] createPassword(TimelineDelegationTokenIdentifier identifier) {
+      return super.createPassword(identifier);
+    }
   }
 }