public ClientRMServiceForTest(TestClientRMTokens _enclosing, Configuration conf, ResourceScheduler scheduler, RMDelegationTokenSecretManager rmDTSecretManager) : base(Org.Mockito.Mockito.Mock <RMContext>(), scheduler, Org.Mockito.Mockito.Mock <RMAppManager>(), new ApplicationACLsManager(conf), new QueueACLsManager(scheduler , conf), rmDTSecretManager) { this._enclosing = _enclosing; }
public MyClientRMService(RMContext rmContext, YarnScheduler scheduler, RMAppManager rmAppManager, ApplicationACLsManager applicationACLsManager, QueueACLsManager queueACLsManager , RMDelegationTokenSecretManager rmDTSecretManager) : base(rmContext, scheduler, rmAppManager, applicationACLsManager, queueACLsManager , rmDTSecretManager) { this.rmContext = rmContext; }
private static RMDelegationTokenSecretManager CreateRMDelegationTokenSecretManager (long secretKeyInterval, long tokenMaxLifetime, long tokenRenewInterval) { RMContext rmContext = Org.Mockito.Mockito.Mock <RMContext>(); Org.Mockito.Mockito.When(rmContext.GetStateStore()).ThenReturn(new NullRMStateStore ()); RMDelegationTokenSecretManager rmDtSecretManager = new RMDelegationTokenSecretManager (secretKeyInterval, tokenMaxLifetime, tokenRenewInterval, 3600000, rmContext); return(rmDtSecretManager); }
/// <exception cref="System.IO.IOException"/> /// <exception cref="System.Exception"/> private void CheckShortCircuitRenewCancel(IPEndPoint rmAddr, IPEndPoint serviceAddr , bool shouldShortCircuit) { Configuration conf = new Configuration(); conf.SetClass(YarnConfiguration.IpcRpcImpl, typeof(TestClientRMTokens.YarnBadRPC) , typeof(YarnRPC)); RMDelegationTokenSecretManager secretManager = Org.Mockito.Mockito.Mock <RMDelegationTokenSecretManager >(); RMDelegationTokenIdentifier.Renewer.SetSecretManager(secretManager, rmAddr); RMDelegationTokenIdentifier ident = new RMDelegationTokenIdentifier(new Text("owner" ), new Text("renewer"), null); Org.Apache.Hadoop.Security.Token.Token <RMDelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <RMDelegationTokenIdentifier>(ident, secretManager); SecurityUtil.SetTokenService(token, serviceAddr); if (shouldShortCircuit) { token.Renew(conf); Org.Mockito.Mockito.Verify(secretManager).RenewToken(Matchers.Eq(token), Matchers.Eq ("renewer")); Org.Mockito.Mockito.Reset(secretManager); token.Cancel(conf); Org.Mockito.Mockito.Verify(secretManager).CancelToken(Matchers.Eq(token), Matchers.Eq ("renewer")); } else { try { token.Renew(conf); NUnit.Framework.Assert.Fail(); } catch (RuntimeException e) { NUnit.Framework.Assert.AreEqual("getProxy", e.Message); } Org.Mockito.Mockito.Verify(secretManager, Org.Mockito.Mockito.Never()).RenewToken (Matchers.Any <Org.Apache.Hadoop.Security.Token.Token>(), Matchers.AnyString()); try { token.Cancel(conf); NUnit.Framework.Assert.Fail(); } catch (RuntimeException e) { NUnit.Framework.Assert.AreEqual("getProxy", e.Message); } Org.Mockito.Mockito.Verify(secretManager, Org.Mockito.Mockito.Never()).CancelToken (Matchers.Any <Org.Apache.Hadoop.Security.Token.Token>(), Matchers.AnyString()); } }
/// <summary>Construct the service.</summary> public RMSecretManagerService(Configuration conf, RMContextImpl rmContext) : base(typeof(Org.Apache.Hadoop.Yarn.Server.Resourcemanager.RMSecretManagerService ).FullName) { this.rmContext = rmContext; // To initialize correctly, these managers should be created before // being called serviceInit(). nmTokenSecretManager = CreateNMTokenSecretManager(conf); rmContext.SetNMTokenSecretManager(nmTokenSecretManager); containerTokenSecretManager = CreateContainerTokenSecretManager(conf); rmContext.SetContainerTokenSecretManager(containerTokenSecretManager); clientToAMSecretManager = CreateClientToAMTokenSecretManager(); rmContext.SetClientToAMTokenSecretManager(clientToAMSecretManager); amRmTokenSecretManager = CreateAMRMTokenSecretManager(conf, this.rmContext); rmContext.SetAMRMTokenSecretManager(amRmTokenSecretManager); rmDTSecretManager = CreateRMDelegationTokenSecretManager(conf, rmContext); rmContext.SetRMDelegationTokenSecretManager(rmDTSecretManager); }
public virtual void SetRMDelegationTokenSecretManager(RMDelegationTokenSecretManager delegationTokenSecretManager) { activeServiceContext.SetRMDelegationTokenSecretManager(delegationTokenSecretManager ); }
public CustomedClientRMService(MiniYARNClusterForHATesting _enclosing, RMContext rmContext, YarnScheduler scheduler, RMAppManager rmAppManager, ApplicationACLsManager applicationACLsManager, QueueACLsManager queueACLsManager, RMDelegationTokenSecretManager rmDTSecretManager) : base(rmContext, scheduler, rmAppManager, applicationACLsManager, queueACLsManager , rmDTSecretManager) { this._enclosing = _enclosing; }
public virtual void TestDelegationToken() { YarnConfiguration conf = new YarnConfiguration(); conf.Set(YarnConfiguration.RmPrincipal, "testuser/[email protected]"); conf.Set(CommonConfigurationKeysPublic.HadoopSecurityAuthentication, "kerberos"); UserGroupInformation.SetConfiguration(conf); ResourceScheduler scheduler = CreateMockScheduler(conf); long initialInterval = 10000l; long maxLifetime = 20000l; long renewInterval = 10000l; RMDelegationTokenSecretManager rmDtSecretManager = CreateRMDelegationTokenSecretManager (initialInterval, maxLifetime, renewInterval); rmDtSecretManager.StartThreads(); Log.Info("Creating DelegationTokenSecretManager with initialInterval: " + initialInterval + ", maxLifetime: " + maxLifetime + ", renewInterval: " + renewInterval); ClientRMService clientRMService = new TestClientRMTokens.ClientRMServiceForTest(this , conf, scheduler, rmDtSecretManager); clientRMService.Init(conf); clientRMService.Start(); ApplicationClientProtocol clientRMWithDT = null; try { // Create a user for the renewr and fake the authentication-method UserGroupInformation loggedInUser = UserGroupInformation.CreateRemoteUser("*****@*****.**" ); NUnit.Framework.Assert.AreEqual("testrenewer", loggedInUser.GetShortUserName()); // Default realm is APACHE.ORG loggedInUser.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.Kerberos ); Token token = GetDelegationToken(loggedInUser, clientRMService, loggedInUser.GetShortUserName ()); long tokenFetchTime = Runtime.CurrentTimeMillis(); Log.Info("Got delegation token at: " + tokenFetchTime); // Now try talking to RMService using the delegation token clientRMWithDT = GetClientRMProtocolWithDT(token, clientRMService.GetBindAddress( ), "loginuser1", conf); GetNewApplicationRequest request = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord < GetNewApplicationRequest>(); try { clientRMWithDT.GetNewApplication(request); } catch (IOException e) { NUnit.Framework.Assert.Fail("Unexpected exception" + e); } catch (YarnException e) { NUnit.Framework.Assert.Fail("Unexpected exception" + e); } // Renew after 50% of token age. while (Runtime.CurrentTimeMillis() < tokenFetchTime + initialInterval / 2) { Sharpen.Thread.Sleep(500l); } long nextExpTime = RenewDelegationToken(loggedInUser, clientRMService, token); long renewalTime = Runtime.CurrentTimeMillis(); Log.Info("Renewed token at: " + renewalTime + ", NextExpiryTime: " + nextExpTime); // Wait for first expiry, but before renewed expiry. while (Runtime.CurrentTimeMillis() > tokenFetchTime + initialInterval && Runtime. CurrentTimeMillis() < nextExpTime) { Sharpen.Thread.Sleep(500l); } Sharpen.Thread.Sleep(50l); // Valid token because of renewal. try { clientRMWithDT.GetNewApplication(request); } catch (IOException e) { NUnit.Framework.Assert.Fail("Unexpected exception" + e); } catch (YarnException e) { NUnit.Framework.Assert.Fail("Unexpected exception" + e); } // Wait for expiry. while (Runtime.CurrentTimeMillis() < renewalTime + renewInterval) { Sharpen.Thread.Sleep(500l); } Sharpen.Thread.Sleep(50l); Log.Info("At time: " + Runtime.CurrentTimeMillis() + ", token should be invalid"); // Token should have expired. try { clientRMWithDT.GetNewApplication(request); NUnit.Framework.Assert.Fail("Should not have succeeded with an expired token"); } catch (Exception e) { NUnit.Framework.Assert.AreEqual(typeof(SecretManager.InvalidToken).FullName, e.GetType ().FullName); NUnit.Framework.Assert.IsTrue(e.Message.Contains("is expired")); } // Test cancellation // Stop the existing proxy, start another. if (clientRMWithDT != null) { RPC.StopProxy(clientRMWithDT); clientRMWithDT = null; } token = GetDelegationToken(loggedInUser, clientRMService, loggedInUser.GetShortUserName ()); tokenFetchTime = Runtime.CurrentTimeMillis(); Log.Info("Got delegation token at: " + tokenFetchTime); // Now try talking to RMService using the delegation token clientRMWithDT = GetClientRMProtocolWithDT(token, clientRMService.GetBindAddress( ), "loginuser2", conf); request = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <GetNewApplicationRequest> (); try { clientRMWithDT.GetNewApplication(request); } catch (IOException e) { NUnit.Framework.Assert.Fail("Unexpected exception" + e); } catch (YarnException e) { NUnit.Framework.Assert.Fail("Unexpected exception" + e); } CancelDelegationToken(loggedInUser, clientRMService, token); if (clientRMWithDT != null) { RPC.StopProxy(clientRMWithDT); clientRMWithDT = null; } // Creating a new connection. clientRMWithDT = GetClientRMProtocolWithDT(token, clientRMService.GetBindAddress( ), "loginuser2", conf); Log.Info("Cancelled delegation token at: " + Runtime.CurrentTimeMillis()); // Verify cancellation worked. try { clientRMWithDT.GetNewApplication(request); NUnit.Framework.Assert.Fail("Should not have succeeded with a cancelled delegation token" ); } catch (IOException) { } catch (YarnException) { } // Test new version token // Stop the existing proxy, start another. if (clientRMWithDT != null) { RPC.StopProxy(clientRMWithDT); clientRMWithDT = null; } token = GetDelegationToken(loggedInUser, clientRMService, loggedInUser.GetShortUserName ()); byte[] tokenIdentifierContent = ((byte[])token.GetIdentifier().Array()); RMDelegationTokenIdentifier tokenIdentifier = new RMDelegationTokenIdentifier(); DataInputBuffer dib = new DataInputBuffer(); dib.Reset(tokenIdentifierContent, tokenIdentifierContent.Length); tokenIdentifier.ReadFields(dib); // Construct new version RMDelegationTokenIdentifier with additional field RMDelegationTokenIdentifierForTest newVersionTokenIdentifier = new RMDelegationTokenIdentifierForTest (tokenIdentifier, "message"); Org.Apache.Hadoop.Security.Token.Token <RMDelegationTokenIdentifier> newRMDTtoken = new Org.Apache.Hadoop.Security.Token.Token <RMDelegationTokenIdentifier>(newVersionTokenIdentifier , rmDtSecretManager); Org.Apache.Hadoop.Yarn.Api.Records.Token newToken = BuilderUtils.NewDelegationToken (newRMDTtoken.GetIdentifier(), newRMDTtoken.GetKind().ToString(), newRMDTtoken.GetPassword (), newRMDTtoken.GetService().ToString()); // Now try talking to RMService using the new version delegation token clientRMWithDT = GetClientRMProtocolWithDT(newToken, clientRMService.GetBindAddress (), "loginuser3", conf); request = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <GetNewApplicationRequest> (); try { clientRMWithDT.GetNewApplication(request); } catch (IOException e) { NUnit.Framework.Assert.Fail("Unexpected exception" + e); } catch (YarnException e) { NUnit.Framework.Assert.Fail("Unexpected exception" + e); } } finally { rmDtSecretManager.StopThreads(); // TODO PRECOMMIT Close proxies. if (clientRMWithDT != null) { RPC.StopProxy(clientRMWithDT); } } }
public _ClientRMService_541(RMContext baseArg1, YarnScheduler baseArg2, RMAppManager baseArg3, ApplicationACLsManager baseArg4, QueueACLsManager baseArg5, RMDelegationTokenSecretManager baseArg6) : base(baseArg1, baseArg2, baseArg3, baseArg4, baseArg5, baseArg6) { }
public virtual void SetRMDelegationTokenSecretManager(RMDelegationTokenSecretManager delegationTokenSecretManager) { this.rmDelegationTokenSecretManager = delegationTokenSecretManager; }