mocking hadoopUGI

Author: ifilonenko

docs/running-on-kubernetes.md

@@ -816,7 +816,7 @@ from the other deployment modes. See the [configuration page](configuration.html
   <td>
     Assuming you have set <code>spark.kubernetes.kerberos.enabled</code> to be true. This will let you specify 
     the name of the secret where your existing delegation token data is stored. You must also specify the 
-    label <code>spark.kubernetes.kerberos.tokensecret.name</code> where your data is stored on the secret. 
+    item key <code>spark.kubernetes.kerberos.tokensecret.itemkey</code> where your data is stored on the secret. 
   </td>
 </tr>
 <tr>

resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/HadoopConfBootstrap.scala

@@ -21,7 +21,6 @@ import java.io.File
 import scala.collection.JavaConverters._
 
 import io.fabric8.kubernetes.api.model.{ContainerBuilder, KeyToPathBuilder, PodBuilder}
-import org.apache.hadoop.security.UserGroupInformation
 
 import org.apache.spark.deploy.kubernetes.constants._
 import org.apache.spark.internal.Logging
@@ -42,7 +41,8 @@ private[spark] trait HadoopConfBootstrap {
 
 private[spark] class HadoopConfBootstrapImpl(
   hadoopConfConfigMapName: String,
-  hadoopConfigFiles: Seq[File]) extends HadoopConfBootstrap with Logging{
+  hadoopConfigFiles: Seq[File],
+  hadoopUGI: HadoopUGIUtil) extends HadoopConfBootstrap with Logging{
 
   override def bootstrapMainContainerAndVolumes(
     originalPodWithMainContainer: PodWithMainContainer)
@@ -76,7 +76,7 @@ private[spark] class HadoopConfBootstrapImpl(
         .endEnv()
       .addNewEnv()
         .withName(ENV_SPARK_USER)
-        .withValue(UserGroupInformation.getCurrentUser.getShortUserName)
+        .withValue(hadoopUGI.getShortName)
         .endEnv()
       .build()
     originalPodWithMainContainer.copy(

resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/HadoopUGIUtil.scala

@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.spark.deploy.kubernetes
+
+import org.apache.hadoop.security.UserGroupInformation
+
+private[spark] class HadoopUGIUtil{
+  def getCurrentUser: UserGroupInformation = UserGroupInformation.getCurrentUser
+  def getShortName: String = getCurrentUser.getShortUserName
+  def isSecurityEnabled: Boolean = UserGroupInformation.isSecurityEnabled
+  def loginUserFromKeytabAndReturnUGI(principal: String, keytab: String): UserGroupInformation =
+    UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keytab)
+}

resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/hadoopsteps/HadoopKerberosKeytabResolverStep.scala

@@ -26,13 +26,13 @@ import io.fabric8.kubernetes.api.model.SecretBuilder
 import org.apache.commons.codec.binary.Base64
 import org.apache.hadoop.conf.Configuration
 import org.apache.hadoop.fs.FileSystem
-import org.apache.hadoop.security.{Credentials, UserGroupInformation}
+import org.apache.hadoop.security.Credentials
 import org.apache.hadoop.security.token.{Token, TokenIdentifier}
 import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier
 
 import org.apache.spark.SparkConf
 import org.apache.spark.deploy.SparkHadoopUtil
-import org.apache.spark.deploy.kubernetes.{KerberosTokenConfBootstrapImpl, PodWithMainContainer}
+import org.apache.spark.deploy.kubernetes.{HadoopUGIUtil, KerberosTokenConfBootstrapImpl, PodWithMainContainer}
 import org.apache.spark.deploy.kubernetes.constants._
 import org.apache.spark.internal.Logging
 
@@ -51,16 +51,18 @@ import org.apache.spark.internal.Logging
 private[spark] class HadoopKerberosKeytabResolverStep(
   submissionSparkConf: SparkConf,
   maybePrincipal: Option[String],
-  maybeKeytab: Option[File]) extends HadoopConfigurationStep with Logging{
-   private var originalCredentials: Credentials = _
-   private var dfs : FileSystem = _
-   private var renewer: String = _
-   private var credentials: Credentials = _
-   private var tokens: Iterable[Token[_ <: TokenIdentifier]] = _
-   override def configureContainers(hadoopConfigSpec: HadoopConfigSpec): HadoopConfigSpec = {
+  maybeKeytab: Option[File],
+  hadoopUGI: HadoopUGIUtil) extends HadoopConfigurationStep with Logging{
+    private var originalCredentials: Credentials = _
+    private var dfs : FileSystem = _
+    private var renewer: String = _
+    private var credentials: Credentials = _
+    private var tokens: Iterable[Token[_ <: TokenIdentifier]] = _
+
+    override def configureContainers(hadoopConfigSpec: HadoopConfigSpec): HadoopConfigSpec = {
     val hadoopConf = SparkHadoopUtil.get.newConfiguration(submissionSparkConf)
     logDebug(s"Hadoop Configuration: ${hadoopConf.toString}")
-    if (!UserGroupInformation.isSecurityEnabled) logError("Hadoop not configuration with Kerberos")
+    if (hadoopUGI.isSecurityEnabled) logError("Hadoop not configuration with Kerberos")
     val maybeJobUserUGI =
       for {
         principal <- maybePrincipal
@@ -71,12 +73,12 @@ private[spark] class HadoopKerberosKeytabResolverStep(
         submissionSparkConf.set("spark.yarn.principal", principal)
         submissionSparkConf.set("spark.yarn.keytab", keytab.toURI.toString)
         logDebug("Logged into KDC with keytab using Job User UGI")
-        UserGroupInformation.loginUserFromKeytabAndReturnUGI(
+        hadoopUGI.loginUserFromKeytabAndReturnUGI(
           principal,
           keytab.toURI.toString)
       }
     // In the case that keytab is not specified we will read from Local Ticket Cache
-    val jobUserUGI = maybeJobUserUGI.getOrElse(UserGroupInformation.getCurrentUser)
+    val jobUserUGI = maybeJobUserUGI.getOrElse(hadoopUGI.getCurrentUser)
     // It is necessary to run as jobUserUGI because logged in user != Current User
     jobUserUGI.doAs(new PrivilegedExceptionAction[Void] {
       override def run(): Void = {
@@ -92,12 +94,15 @@ private[spark] class HadoopKerberosKeytabResolverStep(
         logDebug(s"Renewer is: $renewer")
         credentials = new Credentials(originalCredentials)
         dfs.addDelegationTokens(renewer, credentials)
+        // This is difficult to Mock and will require refactoring
         tokens = credentials.getAllTokens.asScala
         logDebug(s"Tokens: ${credentials.toString}")
         logDebug(s"All tokens: ${tokens.mkString(",")}")
         logDebug(s"All secret keys: ${credentials.getAllSecretKeys}")
         null
       }})
+    credentials.getAllTokens.asScala.isEmpty
+    tokens.isEmpty
     if (tokens.isEmpty) logError("Did not obtain any Delegation Tokens")
     val data = serialize(credentials)
     val renewalTime = getTokenRenewalInterval(tokens, hadoopConf).getOrElse(Long.MaxValue)

resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/hadoopsteps/HadoopStepsOrchestrator.scala

@@ -19,7 +19,7 @@ package org.apache.spark.deploy.kubernetes.submit.submitsteps.hadoopsteps
 import java.io.File
 
 import org.apache.spark.SparkConf
-import org.apache.spark.deploy.kubernetes.{HadoopConfBootstrapImpl, OptionRequirements}
+import org.apache.spark.deploy.kubernetes.{HadoopConfBootstrapImpl, HadoopUGIUtil, OptionRequirements}
 import org.apache.spark.deploy.kubernetes.config._
 import org.apache.spark.internal.Logging
 
@@ -39,6 +39,7 @@ private[spark] class HadoopStepsOrchestrator(
    private val maybeExistingSecretItemKey =
      submissionSparkConf.get(KUBERNETES_KERBEROS_DT_SECRET_ITEM_KEY)
    private val hadoopConfigurationFiles = getHadoopConfFiles(hadoopConfDir)
+   private val hadoopUGI = new HadoopUGIUtil
    logInfo(s"Hadoop Conf directory: $hadoopConfDir")
 
    require(maybeKeytab.forall( _ => isKerberosEnabled ),
@@ -64,7 +65,8 @@ private[spark] class HadoopStepsOrchestrator(
   def getHadoopSteps(): Seq[HadoopConfigurationStep] = {
     val hadoopConfBootstrapImpl = new HadoopConfBootstrapImpl(
       hadoopConfigMapName,
-      hadoopConfigurationFiles)
+      hadoopConfigurationFiles,
+      hadoopUGI)
     val hadoopConfMounterStep = new HadoopConfMounterStep(
       hadoopConfigMapName,
       hadoopConfigurationFiles,
@@ -79,7 +81,8 @@ private[spark] class HadoopStepsOrchestrator(
             new HadoopKerberosKeytabResolverStep(
               submissionSparkConf,
               maybePrincipal,
-              maybeKeytab)))
+              maybeKeytab,
+              hadoopUGI)))
       } else {
         Option.empty[HadoopConfigurationStep]
       }

resource-managers/kubernetes/core/src/main/scala/org/apache/spark/scheduler/cluster/kubernetes/KubernetesClusterManager.scala

@@ -82,11 +82,13 @@ private[spark] class KubernetesClusterManager extends ExternalClusterManager wit
     val hadoopBootStrap = for {
       hadoopConfigMap <- maybeHadoopConfigMap
     } yield {
+      val hadoopUtil = new HadoopUGIUtil
       val hadoopConfigurations = maybeHadoopConfDir.map(
           conf_dir => getHadoopConfFiles(conf_dir)).getOrElse(Array.empty[File])
       new HadoopConfBootstrapImpl(
         hadoopConfigMap,
-        hadoopConfigurations
+        hadoopConfigurations,
+        hadoopUtil
       )
     }
     val kerberosBootstrap = for {

resource-managers/kubernetes/core/src/test/scala/org/apache/spark/deploy/kubernetes/submit/HadoopConfBootstrapSuite.scala

@@ -23,22 +23,34 @@ import scala.collection.JavaConverters._
 
 import com.google.common.io.Files
 import io.fabric8.kubernetes.api.model._
+import org.mockito.{Mock, MockitoAnnotations}
+import org.mockito.Mockito.when
+import org.scalatest.BeforeAndAfter
 
 import org.apache.spark.SparkFunSuite
-import org.apache.spark.deploy.kubernetes.{HadoopConfBootstrapImpl, PodWithMainContainer}
+import org.apache.spark.deploy.kubernetes.{HadoopConfBootstrapImpl, HadoopUGIUtil, PodWithMainContainer}
 import org.apache.spark.deploy.kubernetes.constants._
 import org.apache.spark.util.Utils
 
-
-private[spark] class HadoopConfBootstrapSuite extends SparkFunSuite {
+private[spark] class HadoopConfBootstrapSuite extends SparkFunSuite with BeforeAndAfter{
   private val CONFIG_MAP_NAME = "config-map"
   private val TEMP_HADOOP_FILE = createTempFile("core-site.xml")
   private val HADOOP_FILES = Seq(TEMP_HADOOP_FILE)
+  private val SPARK_USER_VALUE = "sparkUser"
+
+  @Mock
+  private var hadoopUtil: HadoopUGIUtil = _
+
+  before {
+    MockitoAnnotations.initMocks(this)
+    when(hadoopUtil.getShortName).thenReturn(SPARK_USER_VALUE)
+  }
 
   test("Test of bootstrapping hadoop_conf_dir files") {
     val hadoopConfStep = new HadoopConfBootstrapImpl(
       CONFIG_MAP_NAME,
-      HADOOP_FILES)
+      HADOOP_FILES,
+      hadoopUtil)
     val expectedKeyPaths = Seq(
       new KeyToPathBuilder()
         .withKey(TEMP_HADOOP_FILE.toPath.getFileName.toString)
@@ -55,6 +67,7 @@ private[spark] class HadoopConfBootstrapSuite extends SparkFunSuite {
           .endVolume()
         .endSpec()
       .build()
+
     val podWithMain = PodWithMainContainer(
       new PodBuilder().withNewSpec().endSpec().build(),
       new Container())
@@ -64,7 +77,8 @@ private[spark] class HadoopConfBootstrapSuite extends SparkFunSuite {
       (vm.getName, vm.getMountPath)).head === (HADOOP_FILE_VOLUME, HADOOP_CONF_DIR_PATH))
     assert(returnedPodContainer.mainContainer.getEnv.asScala.head ===
     new EnvVarBuilder().withName(ENV_HADOOP_CONF_DIR).withValue(HADOOP_CONF_DIR_PATH).build())
-    assert(returnedPodContainer.mainContainer.getEnv.asScala(1).getName === ENV_SPARK_USER)
+    assert(returnedPodContainer.mainContainer.getEnv.asScala(1) ===
+      new EnvVarBuilder().withName(ENV_SPARK_USER).withValue(SPARK_USER_VALUE).build())
   }
   private def createTempFile(contents: String): File = {
     val dir = Utils.createTempDir()

resource-managers/kubernetes/core/src/test/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/hadoopsteps/HadoopKerberosKeytabResolverStepSuite.scala

@@ -23,25 +23,73 @@ import scala.collection.JavaConverters._
 
 import com.google.common.io.Files
 import io.fabric8.kubernetes.api.model._
+import org.apache.hadoop.fs.FileSystem
+import org.apache.hadoop.io.Text
+import org.apache.hadoop.security.Credentials
+import org.apache.hadoop.security.UserGroupInformation
+import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier
+import org.apache.hadoop.security.token.Token
+import org.mockito.{Mock, MockitoAnnotations}
+import org.mockito.Matchers.any
+import org.mockito.Mockito.when
+import org.mockito.invocation.InvocationOnMock
+import org.mockito.stubbing.Answer
+import org.scalatest.BeforeAndAfter
 
 import org.apache.spark.{SparkConf, SparkFunSuite}
+import org.apache.spark.deploy.SparkHadoopUtil
+import org.apache.spark.deploy.kubernetes.HadoopUGIUtil
 import org.apache.spark.deploy.kubernetes.constants._
 import org.apache.spark.util.Utils
 
-
-
-private[spark] class HadoopKerberosKeytabResolverStepSuite extends SparkFunSuite {
+private[spark] class HadoopKerberosKeytabResolverStepSuite
+  extends SparkFunSuite with BeforeAndAfter{
   private val POD_LABEL = Map("bootstrap" -> "true")
   private val DRIVER_CONTAINER_NAME = "driver-container"
   private val TEMP_KEYTAB_FILE = createTempFile("keytab")
   private val KERB_PRINCIPAL = "[email protected]"
+  private val SPARK_USER_VALUE = "sparkUser"
+  private var oldCredentials = new Credentials()
+  private val TEST_IDENTIFIER = "identifier"
+  private val TEST_PASSWORD = "password"
+  private val TEST_TOKEN_VALUE = "data"
+  private def getByteArray(input: String) = input.toCharArray.map(_.toByte)
+  private def getStringFromArray(input: Array[Byte]) = new String(input)
+  private val TEST_TOKEN = new Token[AbstractDelegationTokenIdentifier](
+    getByteArray(TEST_IDENTIFIER),
+    getByteArray(TEST_PASSWORD),
+    new Text("kind"),
+    new Text("service"))
+  oldCredentials.addToken(new Text("testToken"), TEST_TOKEN)
+  private val dfs = FileSystem.get(SparkHadoopUtil.get.newConfiguration(new SparkConf()))
+  private val hadoopUGI = new HadoopUGIUtil()
+
+  @Mock
+  private var hadoopUtil: HadoopUGIUtil = _
+
+  @Mock
+  private var ugi: UserGroupInformation = _
+
+  before {
+    MockitoAnnotations.initMocks(this)
+    when(hadoopUtil.loginUserFromKeytabAndReturnUGI(any[String], any[String]))
+      .thenAnswer(new Answer[UserGroupInformation] {
+      override def answer(invocation: InvocationOnMock): UserGroupInformation = {
+        hadoopUGI.getCurrentUser
+      }
+    })
+    when(hadoopUtil.getCurrentUser).thenReturn(ugi)
+    when(hadoopUtil.getShortName).thenReturn(SPARK_USER_VALUE)
+    when(ugi.getCredentials).thenReturn(oldCredentials)
+  }
 
-  // TODO: Require mocking of UGI methods
   test("Testing keytab login") {
+    when(hadoopUtil.isSecurityEnabled).thenReturn(true)
     val keytabStep = new HadoopKerberosKeytabResolverStep(
       new SparkConf(),
       Some(KERB_PRINCIPAL),
-      Some(TEMP_KEYTAB_FILE))
+      Some(TEMP_KEYTAB_FILE),
+      hadoopUtil)
     val hadoopConfSpec = HadoopConfigSpec(
       Map.empty[String, String],
       new PodBuilder()