// Test the DT mast key in the state-store when the mast key is being rolled.
        /// <exception cref="System.Exception"/>
        public virtual void TestRMDTMasterKeyStateOnRollingMasterKey()
        {
            MemoryRMStateStore memStore = new MemoryRMStateStore();

            memStore.Init(conf);
            RMStateStore.RMState rmState = memStore.GetState();
            IDictionary <RMDelegationTokenIdentifier, long> rmDTState = rmState.GetRMDTSecretManagerState
                                                                            ().GetTokenState();
            ICollection <DelegationKey> rmDTMasterKeyState = rmState.GetRMDTSecretManagerState
                                                                 ().GetMasterKeyState();
            MockRM rm1 = new TestRMDelegationTokens.MyMockRM(this, conf, memStore);

            rm1.Start();
            // on rm start, two master keys are created.
            // One is created at RMDTSecretMgr.startThreads.updateCurrentKey();
            // the other is created on the first run of
            // tokenRemoverThread.rollMasterKey()
            RMDelegationTokenSecretManager dtSecretManager = rm1.GetRMContext().GetRMDelegationTokenSecretManager
                                                                 ();

            // assert all master keys are saved
            NUnit.Framework.Assert.AreEqual(dtSecretManager.GetAllMasterKeys(), rmDTMasterKeyState
                                            );
            ICollection <DelegationKey> expiringKeys = new HashSet <DelegationKey>();

            Sharpen.Collections.AddAll(expiringKeys, dtSecretManager.GetAllMasterKeys());
            // request to generate a RMDelegationToken
            GetDelegationTokenRequest request = Org.Mockito.Mockito.Mock <GetDelegationTokenRequest
                                                                          >();

            Org.Mockito.Mockito.When(request.GetRenewer()).ThenReturn("renewer1");
            GetDelegationTokenResponse response = rm1.GetClientRMService().GetDelegationToken
                                                      (request);

            Org.Apache.Hadoop.Yarn.Api.Records.Token delegationToken = response.GetRMDelegationToken
                                                                           ();
            Org.Apache.Hadoop.Security.Token.Token <RMDelegationTokenIdentifier> token1 = ConverterUtils
                                                                                          .ConvertFromYarn(delegationToken, (Text)null);
            RMDelegationTokenIdentifier dtId1 = token1.DecodeIdentifier();

            // For all keys that still remain in memory, we should have them stored
            // in state-store also.
            while (((TestRMDelegationTokens.TestRMDelegationTokenSecretManager)dtSecretManager
                    ).numUpdatedKeys.Get() < 3)
            {
                ((TestRMDelegationTokens.TestRMDelegationTokenSecretManager)dtSecretManager).CheckCurrentKeyInStateStore
                    (rmDTMasterKeyState);
                Sharpen.Thread.Sleep(100);
            }
            // wait for token to expire and remove from state-store
            // rollMasterKey is called every 1 second.
            int count = 0;

            while (rmDTState.Contains(dtId1) && count < 100)
            {
                Sharpen.Thread.Sleep(100);
                count++;
            }
            rm1.Stop();
        }
Esempio n. 2
0
        /// <exception cref="System.Exception"/>
        public virtual void Recover(RMStateStore.RMState rmState)
        {
            Log.Info("recovering RMDelegationTokenSecretManager.");
            // recover RMDTMasterKeys
            foreach (DelegationKey dtKey in rmState.GetRMDTSecretManagerState().GetMasterKeyState
                         ())
            {
                AddKey(dtKey);
            }
            // recover RMDelegationTokens
            IDictionary <RMDelegationTokenIdentifier, long> rmDelegationTokens = rmState.GetRMDTSecretManagerState
                                                                                     ().GetTokenState();

            this.delegationTokenSequenceNumber = rmState.GetRMDTSecretManagerState().GetDTSequenceNumber
                                                     ();
            foreach (KeyValuePair <RMDelegationTokenIdentifier, long> entry in rmDelegationTokens)
            {
                AddPersistedDelegationToken(entry.Key, entry.Value);
            }
        }
Esempio n. 3
0
 /// <exception cref="System.Exception"/>
 protected internal override void StoreRMDTMasterKeyState(DelegationKey delegationKey
                                                          )
 {
     lock (this)
     {
         ICollection <DelegationKey> rmDTMasterKeyState = state.rmSecretManagerState.GetMasterKeyState
                                                              ();
         if (rmDTMasterKeyState.Contains(delegationKey))
         {
             IOException e = new IOException("RMDTMasterKey with keyID: " + delegationKey.GetKeyId
                                                 () + " is already stored");
             Log.Info("Error storing info for RMDTMasterKey with keyID: " + delegationKey.GetKeyId
                          (), e);
             throw e;
         }
         state.GetRMDTSecretManagerState().GetMasterKeyState().AddItem(delegationKey);
         Log.Info("Store RMDT master key with key id: " + delegationKey.GetKeyId() + ". Currently rmDTMasterKeyState size: "
                  + rmDTMasterKeyState.Count);
     }
 }
        // Test all expired keys are removed from state-store.
        /// <exception cref="System.Exception"/>
        public virtual void TestRemoveExpiredMasterKeyInRMStateStore()
        {
            MemoryRMStateStore memStore = new MemoryRMStateStore();

            memStore.Init(conf);
            RMStateStore.RMState        rmState            = memStore.GetState();
            ICollection <DelegationKey> rmDTMasterKeyState = rmState.GetRMDTSecretManagerState
                                                                 ().GetMasterKeyState();
            MockRM rm1 = new TestRMDelegationTokens.MyMockRM(this, conf, memStore);

            rm1.Start();
            RMDelegationTokenSecretManager dtSecretManager = rm1.GetRMContext().GetRMDelegationTokenSecretManager
                                                                 ();

            // assert all master keys are saved
            NUnit.Framework.Assert.AreEqual(dtSecretManager.GetAllMasterKeys(), rmDTMasterKeyState
                                            );
            ICollection <DelegationKey> expiringKeys = new HashSet <DelegationKey>();

            Sharpen.Collections.AddAll(expiringKeys, dtSecretManager.GetAllMasterKeys());
            // wait for expiringKeys to expire
            while (true)
            {
                bool allExpired = true;
                foreach (DelegationKey key in expiringKeys)
                {
                    if (rmDTMasterKeyState.Contains(key))
                    {
                        allExpired = false;
                    }
                }
                if (allExpired)
                {
                    break;
                }
                Sharpen.Thread.Sleep(500);
            }
        }