public virtual void TestDelegationTokenRpc() { ClientProtocol mockNN = Org.Mockito.Mockito.Mock <ClientProtocol>(); FSNamesystem mockNameSys = Org.Mockito.Mockito.Mock <FSNamesystem>(); DelegationTokenSecretManager sm = new DelegationTokenSecretManager(DFSConfigKeys. DfsNamenodeDelegationKeyUpdateIntervalDefault, DFSConfigKeys.DfsNamenodeDelegationKeyUpdateIntervalDefault , DFSConfigKeys.DfsNamenodeDelegationTokenMaxLifetimeDefault, 3600000, mockNameSys ); sm.StartThreads(); Org.Apache.Hadoop.Ipc.Server server = new RPC.Builder(conf).SetProtocol(typeof(ClientProtocol )).SetInstance(mockNN).SetBindAddress(Address).SetPort(0).SetNumHandlers(5).SetVerbose (true).SetSecretManager(sm).Build(); server.Start(); UserGroupInformation current = UserGroupInformation.GetCurrentUser(); IPEndPoint addr = NetUtils.GetConnectAddress(server); string user = current.GetUserName(); Text owner = new Text(user); DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(owner, owner, null ); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>(dtId, sm); SecurityUtil.SetTokenService(token, addr); Log.Info("Service for token is " + token.GetService()); current.AddToken(token); current.DoAs(new _PrivilegedExceptionAction_100(addr, server)); }
/// <exception cref="System.IO.IOException"/> private WebHdfsFileSystem GetWebHdfsFileSystem(UserGroupInformation ugi, Configuration conf) { if (UserGroupInformation.IsSecurityEnabled()) { DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(new Text(ugi.GetUserName ()), null, null); FSNamesystem namesystem = Org.Mockito.Mockito.Mock <FSNamesystem>(); DelegationTokenSecretManager dtSecretManager = new DelegationTokenSecretManager(86400000 , 86400000, 86400000, 86400000, namesystem); dtSecretManager.StartThreads(); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>(dtId, dtSecretManager); SecurityUtil.SetTokenService(token, NetUtils.CreateSocketAddr(uri.GetAuthority()) ); token.SetKind(WebHdfsFileSystem.TokenKind); ugi.AddToken(token); } return((WebHdfsFileSystem)FileSystem.Get(uri, conf)); }
/// <exception cref="System.IO.IOException"/> /// <exception cref="System.Exception"/> public virtual void TestEditsForCancelOnTokenExpire() { long renewInterval = 2000; Configuration conf = new Configuration(); conf.SetBoolean(DFSConfigKeys.DfsNamenodeDelegationTokenAlwaysUseKey, true); conf.SetLong(DfsNamenodeDelegationTokenRenewIntervalKey, renewInterval); conf.SetLong(DfsNamenodeDelegationTokenMaxLifetimeKey, renewInterval * 2); Text renewer = new Text(UserGroupInformation.GetCurrentUser().GetUserName()); FSImage fsImage = Org.Mockito.Mockito.Mock <FSImage>(); FSEditLog log = Org.Mockito.Mockito.Mock <FSEditLog>(); Org.Mockito.Mockito.DoReturn(log).When(fsImage).GetEditLog(); FSNamesystem fsn = new FSNamesystem(conf, fsImage); DelegationTokenSecretManager dtsm = fsn.GetDelegationTokenSecretManager(); try { dtsm.StartThreads(); // get two tokens Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token1 = fsn.GetDelegationToken (renewer); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token2 = fsn.GetDelegationToken (renewer); DelegationTokenIdentifier ident1 = token1.DecodeIdentifier(); DelegationTokenIdentifier ident2 = token2.DecodeIdentifier(); // verify we got the tokens Org.Mockito.Mockito.Verify(log, Org.Mockito.Mockito.Times(1)).LogGetDelegationToken (Eq(ident1), AnyLong()); Org.Mockito.Mockito.Verify(log, Org.Mockito.Mockito.Times(1)).LogGetDelegationToken (Eq(ident2), AnyLong()); // this is a little tricky because DTSM doesn't let us set scan interval // so need to periodically sleep, then stop/start threads to force scan // renew first token 1/2 to expire Sharpen.Thread.Sleep(renewInterval / 2); fsn.RenewDelegationToken(token2); Org.Mockito.Mockito.Verify(log, Org.Mockito.Mockito.Times(1)).LogRenewDelegationToken (Eq(ident2), AnyLong()); // force scan and give it a little time to complete dtsm.StopThreads(); dtsm.StartThreads(); Sharpen.Thread.Sleep(250); // no token has expired yet Org.Mockito.Mockito.Verify(log, Org.Mockito.Mockito.Times(0)).LogCancelDelegationToken (Eq(ident1)); Org.Mockito.Mockito.Verify(log, Org.Mockito.Mockito.Times(0)).LogCancelDelegationToken (Eq(ident2)); // sleep past expiration of 1st non-renewed token Sharpen.Thread.Sleep(renewInterval / 2); dtsm.StopThreads(); dtsm.StartThreads(); Sharpen.Thread.Sleep(250); // non-renewed token should have implicitly been cancelled Org.Mockito.Mockito.Verify(log, Org.Mockito.Mockito.Times(1)).LogCancelDelegationToken (Eq(ident1)); Org.Mockito.Mockito.Verify(log, Org.Mockito.Mockito.Times(0)).LogCancelDelegationToken (Eq(ident2)); // sleep past expiration of 2nd renewed token Sharpen.Thread.Sleep(renewInterval / 2); dtsm.StopThreads(); dtsm.StartThreads(); Sharpen.Thread.Sleep(250); // both tokens should have been implicitly cancelled by now Org.Mockito.Mockito.Verify(log, Org.Mockito.Mockito.Times(1)).LogCancelDelegationToken (Eq(ident1)); Org.Mockito.Mockito.Verify(log, Org.Mockito.Mockito.Times(1)).LogCancelDelegationToken (Eq(ident2)); } finally { dtsm.StopThreads(); } }