// Test the DT mast key in the state-store when the mast key is being rolled. /// <exception cref="System.Exception"/> public virtual void TestRMDTMasterKeyStateOnRollingMasterKey() { MemoryRMStateStore memStore = new MemoryRMStateStore(); memStore.Init(conf); RMStateStore.RMState rmState = memStore.GetState(); IDictionary <RMDelegationTokenIdentifier, long> rmDTState = rmState.GetRMDTSecretManagerState ().GetTokenState(); ICollection <DelegationKey> rmDTMasterKeyState = rmState.GetRMDTSecretManagerState ().GetMasterKeyState(); MockRM rm1 = new TestRMDelegationTokens.MyMockRM(this, conf, memStore); rm1.Start(); // on rm start, two master keys are created. // One is created at RMDTSecretMgr.startThreads.updateCurrentKey(); // the other is created on the first run of // tokenRemoverThread.rollMasterKey() RMDelegationTokenSecretManager dtSecretManager = rm1.GetRMContext().GetRMDelegationTokenSecretManager (); // assert all master keys are saved NUnit.Framework.Assert.AreEqual(dtSecretManager.GetAllMasterKeys(), rmDTMasterKeyState ); ICollection <DelegationKey> expiringKeys = new HashSet <DelegationKey>(); Sharpen.Collections.AddAll(expiringKeys, dtSecretManager.GetAllMasterKeys()); // request to generate a RMDelegationToken GetDelegationTokenRequest request = Org.Mockito.Mockito.Mock <GetDelegationTokenRequest >(); Org.Mockito.Mockito.When(request.GetRenewer()).ThenReturn("renewer1"); GetDelegationTokenResponse response = rm1.GetClientRMService().GetDelegationToken (request); Org.Apache.Hadoop.Yarn.Api.Records.Token delegationToken = response.GetRMDelegationToken (); Org.Apache.Hadoop.Security.Token.Token <RMDelegationTokenIdentifier> token1 = ConverterUtils .ConvertFromYarn(delegationToken, (Text)null); RMDelegationTokenIdentifier dtId1 = token1.DecodeIdentifier(); // For all keys that still remain in memory, we should have them stored // in state-store also. while (((TestRMDelegationTokens.TestRMDelegationTokenSecretManager)dtSecretManager ).numUpdatedKeys.Get() < 3) { ((TestRMDelegationTokens.TestRMDelegationTokenSecretManager)dtSecretManager).CheckCurrentKeyInStateStore (rmDTMasterKeyState); Sharpen.Thread.Sleep(100); } // wait for token to expire and remove from state-store // rollMasterKey is called every 1 second. int count = 0; while (rmDTState.Contains(dtId1) && count < 100) { Sharpen.Thread.Sleep(100); count++; } rm1.Stop(); }
/// <exception cref="System.IO.IOException"/> public virtual GetDelegationTokenResponse GetDelegationToken(GetDelegationTokenRequest request) { UserGroupInformation ugi = UserGroupInformation.GetCurrentUser(); // Verify that the connection is kerberos authenticated if (!this.IsAllowedDelegationTokenOp()) { throw new IOException("Delegation Token can be issued only with kerberos authentication" ); } GetDelegationTokenResponse response = this.recordFactory.NewRecordInstance <GetDelegationTokenResponse >(); string user = ugi.GetUserName(); Text owner = new Text(user); Text realUser = null; if (ugi.GetRealUser() != null) { realUser = new Text(ugi.GetRealUser().GetUserName()); } MRDelegationTokenIdentifier tokenIdentifier = new MRDelegationTokenIdentifier(owner , new Text(request.GetRenewer()), realUser); Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier> realJHSToken = new Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier>(tokenIdentifier , this._enclosing.jhsDTSecretManager); Org.Apache.Hadoop.Yarn.Api.Records.Token mrDToken = Org.Apache.Hadoop.Yarn.Api.Records.Token .NewInstance(realJHSToken.GetIdentifier(), realJHSToken.GetKind().ToString(), realJHSToken .GetPassword(), realJHSToken.GetService().ToString()); response.SetDelegationToken(mrDToken); return(response); }
/// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/> public override GetDelegationTokenResponse GetDelegationToken(GetDelegationTokenRequest request) { this._enclosing.ResetStartFailoverFlag(true); // make sure failover has been triggered NUnit.Framework.Assert.IsTrue(this._enclosing.WaittingForFailOver()); return(GetDelegationTokenResponse.NewInstance(this._enclosing.CreateFakeToken())); }
/// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/> /// <exception cref="System.IO.IOException"/> public Org.Apache.Hadoop.Yarn.Api.Records.Token Run() { GetDelegationTokenRequest request = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <GetDelegationTokenRequest>(); request.SetRenewer(renewerString); return(clientRMService.GetDelegationToken(request).GetRMDelegationToken()); }
/// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/> /// <exception cref="System.IO.IOException"/> public override Org.Apache.Hadoop.Yarn.Api.Records.Token GetRMDelegationToken(Text renewer) { /* get the token from RM */ GetDelegationTokenRequest rmDTRequest = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <GetDelegationTokenRequest>(); rmDTRequest.SetRenewer(renewer.ToString()); GetDelegationTokenResponse response = rmClient.GetDelegationToken(rmDTRequest); return(response.GetRMDelegationToken()); }
internal virtual Org.Apache.Hadoop.Security.Token.Token <object> GetDelegationTokenFromHS (MRClientProtocol hsProxy) { GetDelegationTokenRequest request = recordFactory.NewRecordInstance <GetDelegationTokenRequest >(); request.SetRenewer(Master.GetMasterPrincipal(conf)); Org.Apache.Hadoop.Yarn.Api.Records.Token mrDelegationToken; mrDelegationToken = hsProxy.GetDelegationToken(request).GetDelegationToken(); return(ConverterUtils.ConvertFromYarn(mrDelegationToken, hsProxy.GetConnectAddress ())); }
/// <exception cref="System.IO.IOException"/> public virtual GetDelegationTokenResponse GetDelegationToken(GetDelegationTokenRequest request) { SecurityProtos.GetDelegationTokenRequestProto requestProto = ((GetDelegationTokenRequestPBImpl )request).GetProto(); try { return(new GetDelegationTokenResponsePBImpl(proxy.GetDelegationToken(null, requestProto ))); } catch (ServiceException e) { throw UnwrapAndThrowException(e); } }
public GetDelegationTokenResponse Answer(InvocationOnMock invocation) { GetDelegationTokenRequest request = (GetDelegationTokenRequest)invocation.GetArguments ()[0]; NUnit.Framework.Assert.AreEqual(masterPrincipal, request.GetRenewer()); Org.Apache.Hadoop.Yarn.Api.Records.Token token = TestYARNRunner.recordFactory.NewRecordInstance <Org.Apache.Hadoop.Yarn.Api.Records.Token>(); token.SetKind(string.Empty); token.SetService(string.Empty); token.SetIdentifier(ByteBuffer.Allocate(0)); token.SetPassword(ByteBuffer.Allocate(0)); GetDelegationTokenResponse tokenResponse = TestYARNRunner.recordFactory.NewRecordInstance <GetDelegationTokenResponse>(); tokenResponse.SetDelegationToken(token); return(tokenResponse); }
/// <exception cref="System.IO.IOException"/> public virtual GetDelegationTokenResponse GetDelegationToken(GetDelegationTokenRequest request) { throw new IOException("MR AM not authorized to issue delegation" + " token"); }
/// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/> /// <exception cref="System.IO.IOException"/> public virtual GetDelegationTokenResponse GetDelegationToken(GetDelegationTokenRequest request) { return(null); }
/// <exception cref="System.IO.IOException"/> public virtual GetDelegationTokenResponse GetDelegationToken(GetDelegationTokenRequest request) { /* Should not be invoked by anyone. */ throw new NotImplementedException(); }