/// <exception cref="System.IO.IOException"/> /// <exception cref="System.Exception"/> private void CheckShortCircuitRenewCancel(IPEndPoint rmAddr, IPEndPoint serviceAddr , bool shouldShortCircuit) { Configuration conf = new Configuration(); conf.SetClass(YarnConfiguration.IpcRpcImpl, typeof(TestClientRMTokens.YarnBadRPC) , typeof(YarnRPC)); RMDelegationTokenSecretManager secretManager = Org.Mockito.Mockito.Mock <RMDelegationTokenSecretManager >(); RMDelegationTokenIdentifier.Renewer.SetSecretManager(secretManager, rmAddr); RMDelegationTokenIdentifier ident = new RMDelegationTokenIdentifier(new Text("owner" ), new Text("renewer"), null); Org.Apache.Hadoop.Security.Token.Token <RMDelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <RMDelegationTokenIdentifier>(ident, secretManager); SecurityUtil.SetTokenService(token, serviceAddr); if (shouldShortCircuit) { token.Renew(conf); Org.Mockito.Mockito.Verify(secretManager).RenewToken(Matchers.Eq(token), Matchers.Eq ("renewer")); Org.Mockito.Mockito.Reset(secretManager); token.Cancel(conf); Org.Mockito.Mockito.Verify(secretManager).CancelToken(Matchers.Eq(token), Matchers.Eq ("renewer")); } else { try { token.Renew(conf); NUnit.Framework.Assert.Fail(); } catch (RuntimeException e) { NUnit.Framework.Assert.AreEqual("getProxy", e.Message); } Org.Mockito.Mockito.Verify(secretManager, Org.Mockito.Mockito.Never()).RenewToken (Matchers.Any <Org.Apache.Hadoop.Security.Token.Token>(), Matchers.AnyString()); try { token.Cancel(conf); NUnit.Framework.Assert.Fail(); } catch (RuntimeException e) { NUnit.Framework.Assert.AreEqual("getProxy", e.Message); } Org.Mockito.Mockito.Verify(secretManager, Org.Mockito.Mockito.Never()).CancelToken (Matchers.Any <Org.Apache.Hadoop.Security.Token.Token>(), Matchers.AnyString()); } }
/// <exception cref="System.Exception"/> public virtual void TestHdfsGetCanonicalServiceName() { Configuration conf = dfs.GetConf(); URI haUri = HATestUtil.GetLogicalUri(cluster); AbstractFileSystem afs = AbstractFileSystem.CreateFileSystem(haUri, conf); string haService = HAUtil.BuildTokenServiceForLogicalUri(haUri, HdfsConstants.HdfsUriScheme ).ToString(); NUnit.Framework.Assert.AreEqual(haService, afs.GetCanonicalServiceName()); Org.Apache.Hadoop.Security.Token.Token <object> token = afs.GetDelegationTokens(UserGroupInformation .GetCurrentUser().GetShortUserName())[0]; NUnit.Framework.Assert.AreEqual(haService, token.GetService().ToString()); // make sure the logical uri is handled correctly token.Renew(conf); token.Cancel(conf); }
/// <summary> /// HDFS-3062: DistributedFileSystem.getCanonicalServiceName() throws an /// exception if the URI is a logical URI. /// </summary> /// <remarks> /// HDFS-3062: DistributedFileSystem.getCanonicalServiceName() throws an /// exception if the URI is a logical URI. This bug fails the combination of /// ha + mapred + security. /// </remarks> /// <exception cref="System.Exception"/> public virtual void TestDFSGetCanonicalServiceName() { URI hAUri = HATestUtil.GetLogicalUri(cluster); string haService = HAUtil.BuildTokenServiceForLogicalUri(hAUri, HdfsConstants.HdfsUriScheme ).ToString(); NUnit.Framework.Assert.AreEqual(haService, dfs.GetCanonicalServiceName()); string renewer = UserGroupInformation.GetCurrentUser().GetShortUserName(); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = GetDelegationToken (dfs, renewer); NUnit.Framework.Assert.AreEqual(haService, token.GetService().ToString()); // make sure the logical uri is handled correctly token.Renew(dfs.GetConf()); token.Cancel(dfs.GetConf()); }
/// <summary>Renew or replace the delegation token for this file system.</summary> /// <remarks> /// Renew or replace the delegation token for this file system. /// It can only be called when the action is not in the queue. /// </remarks> /// <returns/> /// <exception cref="System.IO.IOException"/> /// <exception cref="System.Exception"/> private bool Renew() { T fs = weakFs.Get(); bool b = fs != null; if (b) { lock (fs) { try { long expires = token.Renew(fs.GetConf()); UpdateRenewalTime(expires - Time.Now()); } catch (IOException ie) { try { Org.Apache.Hadoop.Security.Token.Token <object>[] tokens = fs.AddDelegationTokens( null, null); if (tokens.Length == 0) { throw new IOException("addDelegationTokens returned no tokens"); } token = tokens[0]; UpdateRenewalTime(renewCycle); fs.SetDelegationToken(token); } catch (IOException) { isValid = false; throw new IOException("Can't renew or get new delegation token ", ie); } } } } return(b); }