// To avoid using cached client
/// <exception cref="System.Exception"/>
public virtual void TestAMRMMasterKeysUpdate()
{
AtomicReference <AMRMTokenSecretManager> spySecretMgrRef = new AtomicReference <AMRMTokenSecretManager
>();
MockRM rm = new _MockRM_349(this, spySecretMgrRef, conf);
// Skip the login.
rm.Start();
MockNM nm = rm.RegisterNode("127.0.0.1:1234", 8000);
RMApp app = rm.SubmitApp(200);
MockAM am = MockRM.LaunchAndRegisterAM(app, rm, nm);
AMRMTokenSecretManager spySecretMgr = spySecretMgrRef.Get();
// Do allocate. Should not update AMRMToken
AllocateResponse response = am.Allocate(Org.Apache.Hadoop.Yarn.Util.Records.NewRecord
<AllocateRequest>());
NUnit.Framework.Assert.IsNull(response.GetAMRMToken());
Org.Apache.Hadoop.Security.Token.Token <AMRMTokenIdentifier> oldToken = rm.GetRMContext
().GetRMApps()[app.GetApplicationId()].GetRMAppAttempt(am.GetApplicationAttemptId
()).GetAMRMToken();
// roll over the master key
// Do allocate again. the AM should get the latest AMRMToken
rm.GetRMContext().GetAMRMTokenSecretManager().RollMasterKey();
response = am.Allocate(Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <AllocateRequest
>());
NUnit.Framework.Assert.IsNotNull(response.GetAMRMToken());
Org.Apache.Hadoop.Security.Token.Token <AMRMTokenIdentifier> amrmToken = ConverterUtils
.ConvertFromYarn(response.GetAMRMToken(), new Text(response.GetAMRMToken().GetService
()));
NUnit.Framework.Assert.AreEqual(amrmToken.DecodeIdentifier().GetKeyId(), rm.GetRMContext
().GetAMRMTokenSecretManager().GetMasterKey().GetMasterKey().GetKeyId());
// Do allocate again with the same old token and verify the RM sends
// back the last generated token instead of generating it again.
Org.Mockito.Mockito.Reset(spySecretMgr);
UserGroupInformation ugi = UserGroupInformation.CreateUserForTesting(am.GetApplicationAttemptId
().ToString(), new string[0]);
ugi.AddTokenIdentifier(oldToken.DecodeIdentifier());
response = am.DoAllocateAs(ugi, Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <AllocateRequest
>());
NUnit.Framework.Assert.IsNotNull(response.GetAMRMToken());
Org.Mockito.Mockito.Verify(spySecretMgr, Org.Mockito.Mockito.Never()).CreateAndGetAMRMToken
(Matchers.IsA <ApplicationAttemptId>());
// Do allocate again with the updated token and verify we do not
// receive a new token to use.
response = am.Allocate(Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <AllocateRequest
>());
NUnit.Framework.Assert.IsNull(response.GetAMRMToken());
// Activate the next master key. Since there is new master key generated
// in AMRMTokenSecretManager. The AMRMToken will not get updated for AM
rm.GetRMContext().GetAMRMTokenSecretManager().ActivateNextMasterKey();
response = am.Allocate(Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <AllocateRequest
>());
NUnit.Framework.Assert.IsNull(response.GetAMRMToken());
rm.Stop();
}
