public virtual void TestSomeNodes()
{
Timing timing = new Timing();
ChildReaper reaper = null;
CuratorFramework client = CuratorFrameworkFactory.NewClient(server.GetConnectString
(), timing.Session(), timing.Connection(), new RetryOneTime(1));
try
{
client.Start();
Random r = new Random();
int nonEmptyNodes = 0;
for (int i = 0; i < 10; ++i)
{
client.Create().CreatingParentsIfNeeded().ForPath("/test/" + Extensions.ToString
(i));
if (r.NextBoolean())
{
client.Create().ForPath("/test/" + Extensions.ToString(i) + "/foo");
++nonEmptyNodes;
}
}
reaper = new ChildReaper(client, "/test", Reaper.Mode.ReapUntilDelete, 1);
reaper.Start();
timing.ForWaiting().SleepABit();
Stat stat = client.CheckExists().ForPath("/test");
Assert.Equal(stat.GetNumChildren(), nonEmptyNodes);
}
finally
{
CloseableUtils.CloseQuietly(reaper);
CloseableUtils.CloseQuietly(client);
}
}
public virtual void TestOne()
{
// Test just one ZKSignerSecretProvider to verify that it works in the
// simplest case
long rolloverFrequency = 15 * 1000;
// rollover every 15 sec
// use the same seed so we can predict the RNG
long seed = Runtime.CurrentTimeMillis();
Random rand = new Random(seed);
byte[] secret2 = Runtime.GetBytesForString(System.Convert.ToString(rand.NextLong
()));
byte[] secret1 = Runtime.GetBytesForString(System.Convert.ToString(rand.NextLong
()));
byte[] secret3 = Runtime.GetBytesForString(System.Convert.ToString(rand.NextLong
()));
ZKSignerSecretProvider secretProvider = new ZKSignerSecretProvider(seed);
Properties config = new Properties();
config.SetProperty(ZKSignerSecretProvider.ZookeeperConnectionString, zkServer.GetConnectString
());
config.SetProperty(ZKSignerSecretProvider.ZookeeperPath, "/secret");
try
{
secretProvider.Init(config, GetDummyServletContext(), rolloverFrequency);
byte[] currentSecret = secretProvider.GetCurrentSecret();
byte[][] allSecrets = secretProvider.GetAllSecrets();
Assert.AssertArrayEquals(secret1, currentSecret);
Assert.Equal(2, allSecrets.Length);
Assert.AssertArrayEquals(secret1, allSecrets[0]);
NUnit.Framework.Assert.IsNull(allSecrets[1]);
Thread.Sleep((rolloverFrequency + 2000));
currentSecret = secretProvider.GetCurrentSecret();
allSecrets = secretProvider.GetAllSecrets();
Assert.AssertArrayEquals(secret2, currentSecret);
Assert.Equal(2, allSecrets.Length);
Assert.AssertArrayEquals(secret2, allSecrets[0]);
Assert.AssertArrayEquals(secret1, allSecrets[1]);
Thread.Sleep((rolloverFrequency + 2000));
currentSecret = secretProvider.GetCurrentSecret();
allSecrets = secretProvider.GetAllSecrets();
Assert.AssertArrayEquals(secret3, currentSecret);
Assert.Equal(2, allSecrets.Length);
Assert.AssertArrayEquals(secret3, allSecrets[0]);
Assert.AssertArrayEquals(secret2, allSecrets[1]);
Thread.Sleep((rolloverFrequency + 2000));
}
finally
{
secretProvider.Destroy();
}
}
public virtual void TestMultipleKMSInstancesWithZKSigner()
{
FilePath testDir = TestKMS.GetTestDir();
Configuration conf = CreateBaseKMSConf(testDir);
TestingServer zkServer = new TestingServer();
zkServer.Start();
MiniKMS kms1 = null;
MiniKMS kms2 = null;
conf.Set(KMSAuthenticationFilter.ConfigPrefix + AuthenticationFilter.SignerSecretProvider
, "zookeeper");
conf.Set(KMSAuthenticationFilter.ConfigPrefix + ZKSignerSecretProvider.ZookeeperConnectionString
, zkServer.GetConnectString());
conf.Set(KMSAuthenticationFilter.ConfigPrefix + ZKSignerSecretProvider.ZookeeperPath
, "/secret");
TestKMS.WriteConf(testDir, conf);
try
{
kms1 = new MiniKMS.Builder().SetKmsConfDir(testDir).SetLog4jConfFile("log4j.properties"
).Build();
kms1.Start();
kms2 = new MiniKMS.Builder().SetKmsConfDir(testDir).SetLog4jConfFile("log4j.properties"
).Build();
kms2.Start();
Uri url1 = new Uri(kms1.GetKMSUrl().ToExternalForm() + KMSRESTConstants.ServiceVersion
+ "/" + KMSRESTConstants.KeysNamesResource);
Uri url2 = new Uri(kms2.GetKMSUrl().ToExternalForm() + KMSRESTConstants.ServiceVersion
+ "/" + KMSRESTConstants.KeysNamesResource);
DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token
();
DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL();
UserGroupInformation ugiFoo = UserGroupInformation.CreateUserForTesting("foo", new
string[] { "gfoo" });
UserGroupInformation ugiBar = UserGroupInformation.CreateUserForTesting("bar", new
string[] { "gBar" });
ugiFoo.DoAs(new _PrivilegedExceptionAction_135(aUrl, url1, token));
ugiBar.DoAs(new _PrivilegedExceptionAction_145(aUrl, url2, token));
ugiBar.DoAs(new _PrivilegedExceptionAction_155(aUrl, url2));
}
finally
{
if (kms2 != null)
{
kms2.Stop();
}
if (kms1 != null)
{
kms1.Stop();
}
zkServer.Stop();
}
}
public virtual void TestMultiNodeOperations()
{
for (int i = 0; i < TestRetries; i++)
{
DelegationTokenManager tm1;
DelegationTokenManager tm2 = null;
string connectString = zkServer.GetConnectString();
Configuration conf = GetSecretConf(connectString);
tm1 = new DelegationTokenManager(conf, new Text("bla"));
tm1.Init();
tm2 = new DelegationTokenManager(conf, new Text("bla"));
tm2.Init();
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = (Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>)tm1.CreateToken(UserGroupInformation.GetCurrentUser(
), "foo");
NUnit.Framework.Assert.IsNotNull(token);
tm2.VerifyToken(token);
tm2.RenewToken(token, "foo");
tm1.VerifyToken(token);
tm1.CancelToken(token, "foo");
try
{
VerifyTokenFail(tm2, token);
NUnit.Framework.Assert.Fail("Expected InvalidToken");
}
catch (SecretManager.InvalidToken)
{
}
// Ignore
token = (Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>)tm2.CreateToken
(UserGroupInformation.GetCurrentUser(), "bar");
NUnit.Framework.Assert.IsNotNull(token);
tm1.VerifyToken(token);
tm1.RenewToken(token, "bar");
tm2.VerifyToken(token);
tm2.CancelToken(token, "bar");
try
{
VerifyTokenFail(tm1, token);
NUnit.Framework.Assert.Fail("Expected InvalidToken");
}
catch (SecretManager.InvalidToken)
{
}
// Ignore
VerifyDestroy(tm1, conf);
VerifyDestroy(tm2, conf);
}
}
