// To avoid using cached client /// <exception cref="System.Exception"/> public virtual void TestAMRMMasterKeysUpdate() { AtomicReference <AMRMTokenSecretManager> spySecretMgrRef = new AtomicReference <AMRMTokenSecretManager >(); MockRM rm = new _MockRM_349(this, spySecretMgrRef, conf); // Skip the login. rm.Start(); MockNM nm = rm.RegisterNode("127.0.0.1:1234", 8000); RMApp app = rm.SubmitApp(200); MockAM am = MockRM.LaunchAndRegisterAM(app, rm, nm); AMRMTokenSecretManager spySecretMgr = spySecretMgrRef.Get(); // Do allocate. Should not update AMRMToken AllocateResponse response = am.Allocate(Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <AllocateRequest>()); NUnit.Framework.Assert.IsNull(response.GetAMRMToken()); Org.Apache.Hadoop.Security.Token.Token <AMRMTokenIdentifier> oldToken = rm.GetRMContext ().GetRMApps()[app.GetApplicationId()].GetRMAppAttempt(am.GetApplicationAttemptId ()).GetAMRMToken(); // roll over the master key // Do allocate again. the AM should get the latest AMRMToken rm.GetRMContext().GetAMRMTokenSecretManager().RollMasterKey(); response = am.Allocate(Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <AllocateRequest >()); NUnit.Framework.Assert.IsNotNull(response.GetAMRMToken()); Org.Apache.Hadoop.Security.Token.Token <AMRMTokenIdentifier> amrmToken = ConverterUtils .ConvertFromYarn(response.GetAMRMToken(), new Text(response.GetAMRMToken().GetService ())); NUnit.Framework.Assert.AreEqual(amrmToken.DecodeIdentifier().GetKeyId(), rm.GetRMContext ().GetAMRMTokenSecretManager().GetMasterKey().GetMasterKey().GetKeyId()); // Do allocate again with the same old token and verify the RM sends // back the last generated token instead of generating it again. Org.Mockito.Mockito.Reset(spySecretMgr); UserGroupInformation ugi = UserGroupInformation.CreateUserForTesting(am.GetApplicationAttemptId ().ToString(), new string[0]); ugi.AddTokenIdentifier(oldToken.DecodeIdentifier()); response = am.DoAllocateAs(ugi, Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <AllocateRequest >()); NUnit.Framework.Assert.IsNotNull(response.GetAMRMToken()); Org.Mockito.Mockito.Verify(spySecretMgr, Org.Mockito.Mockito.Never()).CreateAndGetAMRMToken (Matchers.IsA <ApplicationAttemptId>()); // Do allocate again with the updated token and verify we do not // receive a new token to use. response = am.Allocate(Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <AllocateRequest >()); NUnit.Framework.Assert.IsNull(response.GetAMRMToken()); // Activate the next master key. Since there is new master key generated // in AMRMTokenSecretManager. The AMRMToken will not get updated for AM rm.GetRMContext().GetAMRMTokenSecretManager().ActivateNextMasterKey(); response = am.Allocate(Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <AllocateRequest >()); NUnit.Framework.Assert.IsNull(response.GetAMRMToken()); rm.Stop(); }