Esempio n. 1
0
        public virtual void TestNodeHeartBeatResponse()
        {
            NodeHeartbeatResponse record = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <NodeHeartbeatResponse
                                                                                          >();
            IDictionary <ApplicationId, ByteBuffer> appCredentials = new Dictionary <ApplicationId
                                                                                     , ByteBuffer>();
            Credentials app1Cred = new Credentials();

            Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token1 = new Org.Apache.Hadoop.Security.Token.Token
                                                                                        <DelegationTokenIdentifier>();
            token1.SetKind(new Text("kind1"));
            app1Cred.AddToken(new Text("token1"), token1);
            Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token2 = new Org.Apache.Hadoop.Security.Token.Token
                                                                                        <DelegationTokenIdentifier>();
            token2.SetKind(new Text("kind2"));
            app1Cred.AddToken(new Text("token2"), token2);
            DataOutputBuffer dob = new DataOutputBuffer();

            app1Cred.WriteTokenStorageToStream(dob);
            ByteBuffer byteBuffer1 = ByteBuffer.Wrap(dob.GetData(), 0, dob.GetLength());

            appCredentials[ApplicationId.NewInstance(1234, 1)] = byteBuffer1;
            record.SetSystemCredentialsForApps(appCredentials);
            NodeHeartbeatResponse proto = new NodeHeartbeatResponsePBImpl(((NodeHeartbeatResponsePBImpl
                                                                            )record).GetProto());

            NUnit.Framework.Assert.AreEqual(appCredentials, proto.GetSystemCredentialsForApps
                                                ());
        }
Esempio n. 2
0
        /// <exception cref="System.IO.IOException"/>
        private static UserGroupInformation GetTokenUGI(ServletContext context, HttpServletRequest
                                                        request, string tokenString, Configuration conf)
        {
            Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token
                                                                                       <DelegationTokenIdentifier>();
            token.DecodeFromUrlString(tokenString);
            IPEndPoint serviceAddress = GetNNServiceAddress(context, request);

            if (serviceAddress != null)
            {
                SecurityUtil.SetTokenService(token, serviceAddress);
                token.SetKind(DelegationTokenIdentifier.HdfsDelegationKind);
            }
            ByteArrayInputStream      buf = new ByteArrayInputStream(token.GetIdentifier());
            DataInputStream           @in = new DataInputStream(buf);
            DelegationTokenIdentifier id  = new DelegationTokenIdentifier();

            id.ReadFields(@in);
            if (context != null)
            {
                NameNode nn = NameNodeHttpServer.GetNameNodeFromContext(context);
                if (nn != null)
                {
                    // Verify the token.
                    nn.GetNamesystem().VerifyToken(id, token.GetPassword());
                }
            }
            UserGroupInformation ugi = id.GetUser();

            ugi.AddToken(token);
            return(ugi);
        }
Esempio n. 3
0
 /// <exception cref="System.IO.IOException"/>
 private void InjectToken()
 {
     if (UserGroupInformation.IsSecurityEnabled())
     {
         Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = @params
                                                                                    .DelegationToken();
         token.SetKind(DelegationTokenIdentifier.HdfsDelegationKind);
         ugi.AddToken(token);
     }
 }
Esempio n. 4
0
 /// <exception cref="System.IO.IOException"/>
 private WebHdfsFileSystem GetWebHdfsFileSystem(UserGroupInformation ugi, Configuration
                                                conf)
 {
     if (UserGroupInformation.IsSecurityEnabled())
     {
         DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(new Text(ugi.GetUserName
                                                                                     ()), null, null);
         FSNamesystem namesystem = Org.Mockito.Mockito.Mock <FSNamesystem>();
         DelegationTokenSecretManager dtSecretManager = new DelegationTokenSecretManager(86400000
                                                                                         , 86400000, 86400000, 86400000, namesystem);
         dtSecretManager.StartThreads();
         Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token
                                                                                    <DelegationTokenIdentifier>(dtId, dtSecretManager);
         SecurityUtil.SetTokenService(token, NetUtils.CreateSocketAddr(uri.GetAuthority())
                                      );
         token.SetKind(WebHdfsFileSystem.TokenKind);
         ugi.AddToken(token);
     }
     return((WebHdfsFileSystem)FileSystem.Get(uri, conf));
 }
Esempio n. 5
0
 /// <exception cref="System.Exception"/>
 public virtual void TestGetHSDelegationToken()
 {
     try
     {
         Configuration conf = new Configuration();
         // Setup mock service
         IPEndPoint mockRmAddress = new IPEndPoint("localhost", 4444);
         Text       rmTokenSevice = SecurityUtil.BuildTokenService(mockRmAddress);
         IPEndPoint mockHsAddress = new IPEndPoint("localhost", 9200);
         Text       hsTokenSevice = SecurityUtil.BuildTokenService(mockHsAddress);
         // Setup mock rm token
         RMDelegationTokenIdentifier tokenIdentifier = new RMDelegationTokenIdentifier(new
                                                                                       Text("owner"), new Text("renewer"), new Text("real"));
         Org.Apache.Hadoop.Security.Token.Token <RMDelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token
                                                                                      <RMDelegationTokenIdentifier>(new byte[0], new byte[0], tokenIdentifier.GetKind(
                                                                                                                        ), rmTokenSevice);
         token.SetKind(RMDelegationTokenIdentifier.KindName);
         // Setup mock history token
         Org.Apache.Hadoop.Yarn.Api.Records.Token historyToken = Org.Apache.Hadoop.Yarn.Api.Records.Token
                                                                 .NewInstance(new byte[0], MRDelegationTokenIdentifier.KindName.ToString(), new byte
                                                                              [0], hsTokenSevice.ToString());
         GetDelegationTokenResponse getDtResponse = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord
                                                    <GetDelegationTokenResponse>();
         getDtResponse.SetDelegationToken(historyToken);
         // mock services
         MRClientProtocol mockHsProxy = Org.Mockito.Mockito.Mock <MRClientProtocol>();
         Org.Mockito.Mockito.DoReturn(mockHsAddress).When(mockHsProxy).GetConnectAddress();
         Org.Mockito.Mockito.DoReturn(getDtResponse).When(mockHsProxy).GetDelegationToken(
             Matchers.Any <GetDelegationTokenRequest>());
         ResourceMgrDelegate rmDelegate = Org.Mockito.Mockito.Mock <ResourceMgrDelegate>();
         Org.Mockito.Mockito.DoReturn(rmTokenSevice).When(rmDelegate).GetRMDelegationTokenService
             ();
         ClientCache clientCache = Org.Mockito.Mockito.Mock <ClientCache>();
         Org.Mockito.Mockito.DoReturn(mockHsProxy).When(clientCache).GetInitializedHSProxy
             ();
         Credentials creds      = new Credentials();
         YARNRunner  yarnRunner = new YARNRunner(conf, rmDelegate, clientCache);
         // No HS token if no RM token
         yarnRunner.AddHistoryToken(creds);
         Org.Mockito.Mockito.Verify(mockHsProxy, Org.Mockito.Mockito.Times(0)).GetDelegationToken
             (Matchers.Any <GetDelegationTokenRequest>());
         // No HS token if RM token, but secirity disabled.
         creds.AddToken(new Text("rmdt"), token);
         yarnRunner.AddHistoryToken(creds);
         Org.Mockito.Mockito.Verify(mockHsProxy, Org.Mockito.Mockito.Times(0)).GetDelegationToken
             (Matchers.Any <GetDelegationTokenRequest>());
         conf.Set(CommonConfigurationKeys.HadoopSecurityAuthentication, "kerberos");
         UserGroupInformation.SetConfiguration(conf);
         creds = new Credentials();
         // No HS token if no RM token, security enabled
         yarnRunner.AddHistoryToken(creds);
         Org.Mockito.Mockito.Verify(mockHsProxy, Org.Mockito.Mockito.Times(0)).GetDelegationToken
             (Matchers.Any <GetDelegationTokenRequest>());
         // HS token if RM token present, security enabled
         creds.AddToken(new Text("rmdt"), token);
         yarnRunner.AddHistoryToken(creds);
         Org.Mockito.Mockito.Verify(mockHsProxy, Org.Mockito.Mockito.Times(1)).GetDelegationToken
             (Matchers.Any <GetDelegationTokenRequest>());
         // No additional call to get HS token if RM and HS token present
         yarnRunner.AddHistoryToken(creds);
         Org.Mockito.Mockito.Verify(mockHsProxy, Org.Mockito.Mockito.Times(1)).GetDelegationToken
             (Matchers.Any <GetDelegationTokenRequest>());
     }
     finally
     {
         // Back to defaults.
         UserGroupInformation.SetConfiguration(new Configuration());
     }
 }