/// <exception cref="System.IO.IOException"/>
/// <exception cref="System.Exception"/>
private void CheckShortCircuitRenewCancel(IPEndPoint rmAddr, IPEndPoint serviceAddr
, bool shouldShortCircuit)
{
Configuration conf = new Configuration();
conf.SetClass(YarnConfiguration.IpcRpcImpl, typeof(TestClientRMTokens.YarnBadRPC)
, typeof(YarnRPC));
RMDelegationTokenSecretManager secretManager = Org.Mockito.Mockito.Mock <RMDelegationTokenSecretManager
>();
RMDelegationTokenIdentifier.Renewer.SetSecretManager(secretManager, rmAddr);
RMDelegationTokenIdentifier ident = new RMDelegationTokenIdentifier(new Text("owner"
), new Text("renewer"), null);
Org.Apache.Hadoop.Security.Token.Token <RMDelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token
<RMDelegationTokenIdentifier>(ident, secretManager);
SecurityUtil.SetTokenService(token, serviceAddr);
if (shouldShortCircuit)
{
token.Renew(conf);
Org.Mockito.Mockito.Verify(secretManager).RenewToken(Matchers.Eq(token), Matchers.Eq
("renewer"));
Org.Mockito.Mockito.Reset(secretManager);
token.Cancel(conf);
Org.Mockito.Mockito.Verify(secretManager).CancelToken(Matchers.Eq(token), Matchers.Eq
("renewer"));
}
else
{
try
{
token.Renew(conf);
NUnit.Framework.Assert.Fail();
}
catch (RuntimeException e)
{
NUnit.Framework.Assert.AreEqual("getProxy", e.Message);
}
Org.Mockito.Mockito.Verify(secretManager, Org.Mockito.Mockito.Never()).RenewToken
(Matchers.Any <Org.Apache.Hadoop.Security.Token.Token>(), Matchers.AnyString());
try
{
token.Cancel(conf);
NUnit.Framework.Assert.Fail();
}
catch (RuntimeException e)
{
NUnit.Framework.Assert.AreEqual("getProxy", e.Message);
}
Org.Mockito.Mockito.Verify(secretManager, Org.Mockito.Mockito.Never()).CancelToken
(Matchers.Any <Org.Apache.Hadoop.Security.Token.Token>(), Matchers.AnyString());
}
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="System.Exception"/>
private void Cancel()
{
T fs = weakFs.Get();
if (fs != null)
{
token.Cancel(fs.GetConf());
}
}
/// <exception cref="System.Exception"/>
public virtual void TestHdfsGetCanonicalServiceName()
{
Configuration conf = dfs.GetConf();
URI haUri = HATestUtil.GetLogicalUri(cluster);
AbstractFileSystem afs = AbstractFileSystem.CreateFileSystem(haUri, conf);
string haService = HAUtil.BuildTokenServiceForLogicalUri(haUri, HdfsConstants.HdfsUriScheme
).ToString();
NUnit.Framework.Assert.AreEqual(haService, afs.GetCanonicalServiceName());
Org.Apache.Hadoop.Security.Token.Token <object> token = afs.GetDelegationTokens(UserGroupInformation
.GetCurrentUser().GetShortUserName())[0];
NUnit.Framework.Assert.AreEqual(haService, token.GetService().ToString());
// make sure the logical uri is handled correctly
token.Renew(conf);
token.Cancel(conf);
}
/// <summary>
/// HDFS-3062: DistributedFileSystem.getCanonicalServiceName() throws an
/// exception if the URI is a logical URI.
/// </summary>
/// <remarks>
/// HDFS-3062: DistributedFileSystem.getCanonicalServiceName() throws an
/// exception if the URI is a logical URI. This bug fails the combination of
/// ha + mapred + security.
/// </remarks>
/// <exception cref="System.Exception"/>
public virtual void TestDFSGetCanonicalServiceName()
{
URI hAUri = HATestUtil.GetLogicalUri(cluster);
string haService = HAUtil.BuildTokenServiceForLogicalUri(hAUri, HdfsConstants.HdfsUriScheme
).ToString();
NUnit.Framework.Assert.AreEqual(haService, dfs.GetCanonicalServiceName());
string renewer = UserGroupInformation.GetCurrentUser().GetShortUserName();
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = GetDelegationToken
(dfs, renewer);
NUnit.Framework.Assert.AreEqual(haService, token.GetService().ToString());
// make sure the logical uri is handled correctly
token.Renew(dfs.GetConf());
token.Cancel(dfs.GetConf());
}
