public virtual void TestNodeHeartBeatResponse()
{
NodeHeartbeatResponse record = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <NodeHeartbeatResponse
>();
IDictionary <ApplicationId, ByteBuffer> appCredentials = new Dictionary <ApplicationId
, ByteBuffer>();
Credentials app1Cred = new Credentials();
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token1 = new Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>();
token1.SetKind(new Text("kind1"));
app1Cred.AddToken(new Text("token1"), token1);
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token2 = new Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>();
token2.SetKind(new Text("kind2"));
app1Cred.AddToken(new Text("token2"), token2);
DataOutputBuffer dob = new DataOutputBuffer();
app1Cred.WriteTokenStorageToStream(dob);
ByteBuffer byteBuffer1 = ByteBuffer.Wrap(dob.GetData(), 0, dob.GetLength());
appCredentials[ApplicationId.NewInstance(1234, 1)] = byteBuffer1;
record.SetSystemCredentialsForApps(appCredentials);
NodeHeartbeatResponse proto = new NodeHeartbeatResponsePBImpl(((NodeHeartbeatResponsePBImpl
)record).GetProto());
NUnit.Framework.Assert.AreEqual(appCredentials, proto.GetSystemCredentialsForApps
());
}
/// <exception cref="System.IO.IOException"/>
private static UserGroupInformation GetTokenUGI(ServletContext context, HttpServletRequest
request, string tokenString, Configuration conf)
{
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>();
token.DecodeFromUrlString(tokenString);
IPEndPoint serviceAddress = GetNNServiceAddress(context, request);
if (serviceAddress != null)
{
SecurityUtil.SetTokenService(token, serviceAddress);
token.SetKind(DelegationTokenIdentifier.HdfsDelegationKind);
}
ByteArrayInputStream buf = new ByteArrayInputStream(token.GetIdentifier());
DataInputStream @in = new DataInputStream(buf);
DelegationTokenIdentifier id = new DelegationTokenIdentifier();
id.ReadFields(@in);
if (context != null)
{
NameNode nn = NameNodeHttpServer.GetNameNodeFromContext(context);
if (nn != null)
{
// Verify the token.
nn.GetNamesystem().VerifyToken(id, token.GetPassword());
}
}
UserGroupInformation ugi = id.GetUser();
ugi.AddToken(token);
return(ugi);
}
/// <exception cref="System.IO.IOException"/>
private void InjectToken()
{
if (UserGroupInformation.IsSecurityEnabled())
{
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = @params
.DelegationToken();
token.SetKind(DelegationTokenIdentifier.HdfsDelegationKind);
ugi.AddToken(token);
}
}
/// <exception cref="System.IO.IOException"/>
private WebHdfsFileSystem GetWebHdfsFileSystem(UserGroupInformation ugi, Configuration
conf)
{
if (UserGroupInformation.IsSecurityEnabled())
{
DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(new Text(ugi.GetUserName
()), null, null);
FSNamesystem namesystem = Org.Mockito.Mockito.Mock <FSNamesystem>();
DelegationTokenSecretManager dtSecretManager = new DelegationTokenSecretManager(86400000
, 86400000, 86400000, 86400000, namesystem);
dtSecretManager.StartThreads();
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>(dtId, dtSecretManager);
SecurityUtil.SetTokenService(token, NetUtils.CreateSocketAddr(uri.GetAuthority())
);
token.SetKind(WebHdfsFileSystem.TokenKind);
ugi.AddToken(token);
}
return((WebHdfsFileSystem)FileSystem.Get(uri, conf));
}
/// <exception cref="System.Exception"/>
public virtual void TestGetHSDelegationToken()
{
try
{
Configuration conf = new Configuration();
// Setup mock service
IPEndPoint mockRmAddress = new IPEndPoint("localhost", 4444);
Text rmTokenSevice = SecurityUtil.BuildTokenService(mockRmAddress);
IPEndPoint mockHsAddress = new IPEndPoint("localhost", 9200);
Text hsTokenSevice = SecurityUtil.BuildTokenService(mockHsAddress);
// Setup mock rm token
RMDelegationTokenIdentifier tokenIdentifier = new RMDelegationTokenIdentifier(new
Text("owner"), new Text("renewer"), new Text("real"));
Org.Apache.Hadoop.Security.Token.Token <RMDelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token
<RMDelegationTokenIdentifier>(new byte[0], new byte[0], tokenIdentifier.GetKind(
), rmTokenSevice);
token.SetKind(RMDelegationTokenIdentifier.KindName);
// Setup mock history token
Org.Apache.Hadoop.Yarn.Api.Records.Token historyToken = Org.Apache.Hadoop.Yarn.Api.Records.Token
.NewInstance(new byte[0], MRDelegationTokenIdentifier.KindName.ToString(), new byte
[0], hsTokenSevice.ToString());
GetDelegationTokenResponse getDtResponse = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord
<GetDelegationTokenResponse>();
getDtResponse.SetDelegationToken(historyToken);
// mock services
MRClientProtocol mockHsProxy = Org.Mockito.Mockito.Mock <MRClientProtocol>();
Org.Mockito.Mockito.DoReturn(mockHsAddress).When(mockHsProxy).GetConnectAddress();
Org.Mockito.Mockito.DoReturn(getDtResponse).When(mockHsProxy).GetDelegationToken(
Matchers.Any <GetDelegationTokenRequest>());
ResourceMgrDelegate rmDelegate = Org.Mockito.Mockito.Mock <ResourceMgrDelegate>();
Org.Mockito.Mockito.DoReturn(rmTokenSevice).When(rmDelegate).GetRMDelegationTokenService
();
ClientCache clientCache = Org.Mockito.Mockito.Mock <ClientCache>();
Org.Mockito.Mockito.DoReturn(mockHsProxy).When(clientCache).GetInitializedHSProxy
();
Credentials creds = new Credentials();
YARNRunner yarnRunner = new YARNRunner(conf, rmDelegate, clientCache);
// No HS token if no RM token
yarnRunner.AddHistoryToken(creds);
Org.Mockito.Mockito.Verify(mockHsProxy, Org.Mockito.Mockito.Times(0)).GetDelegationToken
(Matchers.Any <GetDelegationTokenRequest>());
// No HS token if RM token, but secirity disabled.
creds.AddToken(new Text("rmdt"), token);
yarnRunner.AddHistoryToken(creds);
Org.Mockito.Mockito.Verify(mockHsProxy, Org.Mockito.Mockito.Times(0)).GetDelegationToken
(Matchers.Any <GetDelegationTokenRequest>());
conf.Set(CommonConfigurationKeys.HadoopSecurityAuthentication, "kerberos");
UserGroupInformation.SetConfiguration(conf);
creds = new Credentials();
// No HS token if no RM token, security enabled
yarnRunner.AddHistoryToken(creds);
Org.Mockito.Mockito.Verify(mockHsProxy, Org.Mockito.Mockito.Times(0)).GetDelegationToken
(Matchers.Any <GetDelegationTokenRequest>());
// HS token if RM token present, security enabled
creds.AddToken(new Text("rmdt"), token);
yarnRunner.AddHistoryToken(creds);
Org.Mockito.Mockito.Verify(mockHsProxy, Org.Mockito.Mockito.Times(1)).GetDelegationToken
(Matchers.Any <GetDelegationTokenRequest>());
// No additional call to get HS token if RM and HS token present
yarnRunner.AddHistoryToken(creds);
Org.Mockito.Mockito.Verify(mockHsProxy, Org.Mockito.Mockito.Times(1)).GetDelegationToken
(Matchers.Any <GetDelegationTokenRequest>());
}
finally
{
// Back to defaults.
UserGroupInformation.SetConfiguration(new Configuration());
}
}
