// Test the DT mast key in the state-store when the mast key is being rolled.
/// <exception cref="System.Exception"/>
public virtual void TestRMDTMasterKeyStateOnRollingMasterKey()
{
MemoryRMStateStore memStore = new MemoryRMStateStore();
memStore.Init(conf);
RMStateStore.RMState rmState = memStore.GetState();
IDictionary <RMDelegationTokenIdentifier, long> rmDTState = rmState.GetRMDTSecretManagerState
().GetTokenState();
ICollection <DelegationKey> rmDTMasterKeyState = rmState.GetRMDTSecretManagerState
().GetMasterKeyState();
MockRM rm1 = new TestRMDelegationTokens.MyMockRM(this, conf, memStore);
rm1.Start();
// on rm start, two master keys are created.
// One is created at RMDTSecretMgr.startThreads.updateCurrentKey();
// the other is created on the first run of
// tokenRemoverThread.rollMasterKey()
RMDelegationTokenSecretManager dtSecretManager = rm1.GetRMContext().GetRMDelegationTokenSecretManager
();
// assert all master keys are saved
NUnit.Framework.Assert.AreEqual(dtSecretManager.GetAllMasterKeys(), rmDTMasterKeyState
);
ICollection <DelegationKey> expiringKeys = new HashSet <DelegationKey>();
Sharpen.Collections.AddAll(expiringKeys, dtSecretManager.GetAllMasterKeys());
// request to generate a RMDelegationToken
GetDelegationTokenRequest request = Org.Mockito.Mockito.Mock <GetDelegationTokenRequest
>();
Org.Mockito.Mockito.When(request.GetRenewer()).ThenReturn("renewer1");
GetDelegationTokenResponse response = rm1.GetClientRMService().GetDelegationToken
(request);
Org.Apache.Hadoop.Yarn.Api.Records.Token delegationToken = response.GetRMDelegationToken
();
Org.Apache.Hadoop.Security.Token.Token <RMDelegationTokenIdentifier> token1 = ConverterUtils
.ConvertFromYarn(delegationToken, (Text)null);
RMDelegationTokenIdentifier dtId1 = token1.DecodeIdentifier();
// For all keys that still remain in memory, we should have them stored
// in state-store also.
while (((TestRMDelegationTokens.TestRMDelegationTokenSecretManager)dtSecretManager
).numUpdatedKeys.Get() < 3)
{
((TestRMDelegationTokens.TestRMDelegationTokenSecretManager)dtSecretManager).CheckCurrentKeyInStateStore
(rmDTMasterKeyState);
Sharpen.Thread.Sleep(100);
}
// wait for token to expire and remove from state-store
// rollMasterKey is called every 1 second.
int count = 0;
while (rmDTState.Contains(dtId1) && count < 100)
{
Sharpen.Thread.Sleep(100);
count++;
}
rm1.Stop();
}
/// <exception cref="System.Exception"/>
public virtual void Recover(RMStateStore.RMState rmState)
{
Log.Info("recovering RMDelegationTokenSecretManager.");
// recover RMDTMasterKeys
foreach (DelegationKey dtKey in rmState.GetRMDTSecretManagerState().GetMasterKeyState
())
{
AddKey(dtKey);
}
// recover RMDelegationTokens
IDictionary <RMDelegationTokenIdentifier, long> rmDelegationTokens = rmState.GetRMDTSecretManagerState
().GetTokenState();
this.delegationTokenSequenceNumber = rmState.GetRMDTSecretManagerState().GetDTSequenceNumber
();
foreach (KeyValuePair <RMDelegationTokenIdentifier, long> entry in rmDelegationTokens)
{
AddPersistedDelegationToken(entry.Key, entry.Value);
}
}
/// <exception cref="System.Exception"/>
protected internal override void StoreRMDTMasterKeyState(DelegationKey delegationKey
)
{
lock (this)
{
ICollection <DelegationKey> rmDTMasterKeyState = state.rmSecretManagerState.GetMasterKeyState
();
if (rmDTMasterKeyState.Contains(delegationKey))
{
IOException e = new IOException("RMDTMasterKey with keyID: " + delegationKey.GetKeyId
() + " is already stored");
Log.Info("Error storing info for RMDTMasterKey with keyID: " + delegationKey.GetKeyId
(), e);
throw e;
}
state.GetRMDTSecretManagerState().GetMasterKeyState().AddItem(delegationKey);
Log.Info("Store RMDT master key with key id: " + delegationKey.GetKeyId() + ". Currently rmDTMasterKeyState size: "
+ rmDTMasterKeyState.Count);
}
}
// Test all expired keys are removed from state-store.
/// <exception cref="System.Exception"/>
public virtual void TestRemoveExpiredMasterKeyInRMStateStore()
{
MemoryRMStateStore memStore = new MemoryRMStateStore();
memStore.Init(conf);
RMStateStore.RMState rmState = memStore.GetState();
ICollection <DelegationKey> rmDTMasterKeyState = rmState.GetRMDTSecretManagerState
().GetMasterKeyState();
MockRM rm1 = new TestRMDelegationTokens.MyMockRM(this, conf, memStore);
rm1.Start();
RMDelegationTokenSecretManager dtSecretManager = rm1.GetRMContext().GetRMDelegationTokenSecretManager
();
// assert all master keys are saved
NUnit.Framework.Assert.AreEqual(dtSecretManager.GetAllMasterKeys(), rmDTMasterKeyState
);
ICollection <DelegationKey> expiringKeys = new HashSet <DelegationKey>();
Sharpen.Collections.AddAll(expiringKeys, dtSecretManager.GetAllMasterKeys());
// wait for expiringKeys to expire
while (true)
{
bool allExpired = true;
foreach (DelegationKey key in expiringKeys)
{
if (rmDTMasterKeyState.Contains(key))
{
allExpired = false;
}
}
if (allExpired)
{
break;
}
Sharpen.Thread.Sleep(500);
}
}