public virtual void TestNodeHeartBeatResponse() { NodeHeartbeatResponse record = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <NodeHeartbeatResponse >(); IDictionary <ApplicationId, ByteBuffer> appCredentials = new Dictionary <ApplicationId , ByteBuffer>(); Credentials app1Cred = new Credentials(); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token1 = new Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>(); token1.SetKind(new Text("kind1")); app1Cred.AddToken(new Text("token1"), token1); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token2 = new Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>(); token2.SetKind(new Text("kind2")); app1Cred.AddToken(new Text("token2"), token2); DataOutputBuffer dob = new DataOutputBuffer(); app1Cred.WriteTokenStorageToStream(dob); ByteBuffer byteBuffer1 = ByteBuffer.Wrap(dob.GetData(), 0, dob.GetLength()); appCredentials[ApplicationId.NewInstance(1234, 1)] = byteBuffer1; record.SetSystemCredentialsForApps(appCredentials); NodeHeartbeatResponse proto = new NodeHeartbeatResponsePBImpl(((NodeHeartbeatResponsePBImpl )record).GetProto()); NUnit.Framework.Assert.AreEqual(appCredentials, proto.GetSystemCredentialsForApps ()); }
/// <exception cref="System.IO.IOException"/> private static UserGroupInformation GetTokenUGI(ServletContext context, HttpServletRequest request, string tokenString, Configuration conf) { Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>(); token.DecodeFromUrlString(tokenString); IPEndPoint serviceAddress = GetNNServiceAddress(context, request); if (serviceAddress != null) { SecurityUtil.SetTokenService(token, serviceAddress); token.SetKind(DelegationTokenIdentifier.HdfsDelegationKind); } ByteArrayInputStream buf = new ByteArrayInputStream(token.GetIdentifier()); DataInputStream @in = new DataInputStream(buf); DelegationTokenIdentifier id = new DelegationTokenIdentifier(); id.ReadFields(@in); if (context != null) { NameNode nn = NameNodeHttpServer.GetNameNodeFromContext(context); if (nn != null) { // Verify the token. nn.GetNamesystem().VerifyToken(id, token.GetPassword()); } } UserGroupInformation ugi = id.GetUser(); ugi.AddToken(token); return(ugi); }
/// <exception cref="System.IO.IOException"/> private void InjectToken() { if (UserGroupInformation.IsSecurityEnabled()) { Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = @params .DelegationToken(); token.SetKind(DelegationTokenIdentifier.HdfsDelegationKind); ugi.AddToken(token); } }
/// <exception cref="System.IO.IOException"/> private WebHdfsFileSystem GetWebHdfsFileSystem(UserGroupInformation ugi, Configuration conf) { if (UserGroupInformation.IsSecurityEnabled()) { DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(new Text(ugi.GetUserName ()), null, null); FSNamesystem namesystem = Org.Mockito.Mockito.Mock <FSNamesystem>(); DelegationTokenSecretManager dtSecretManager = new DelegationTokenSecretManager(86400000 , 86400000, 86400000, 86400000, namesystem); dtSecretManager.StartThreads(); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>(dtId, dtSecretManager); SecurityUtil.SetTokenService(token, NetUtils.CreateSocketAddr(uri.GetAuthority()) ); token.SetKind(WebHdfsFileSystem.TokenKind); ugi.AddToken(token); } return((WebHdfsFileSystem)FileSystem.Get(uri, conf)); }
/// <exception cref="System.Exception"/> public virtual void TestGetHSDelegationToken() { try { Configuration conf = new Configuration(); // Setup mock service IPEndPoint mockRmAddress = new IPEndPoint("localhost", 4444); Text rmTokenSevice = SecurityUtil.BuildTokenService(mockRmAddress); IPEndPoint mockHsAddress = new IPEndPoint("localhost", 9200); Text hsTokenSevice = SecurityUtil.BuildTokenService(mockHsAddress); // Setup mock rm token RMDelegationTokenIdentifier tokenIdentifier = new RMDelegationTokenIdentifier(new Text("owner"), new Text("renewer"), new Text("real")); Org.Apache.Hadoop.Security.Token.Token <RMDelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <RMDelegationTokenIdentifier>(new byte[0], new byte[0], tokenIdentifier.GetKind( ), rmTokenSevice); token.SetKind(RMDelegationTokenIdentifier.KindName); // Setup mock history token Org.Apache.Hadoop.Yarn.Api.Records.Token historyToken = Org.Apache.Hadoop.Yarn.Api.Records.Token .NewInstance(new byte[0], MRDelegationTokenIdentifier.KindName.ToString(), new byte [0], hsTokenSevice.ToString()); GetDelegationTokenResponse getDtResponse = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <GetDelegationTokenResponse>(); getDtResponse.SetDelegationToken(historyToken); // mock services MRClientProtocol mockHsProxy = Org.Mockito.Mockito.Mock <MRClientProtocol>(); Org.Mockito.Mockito.DoReturn(mockHsAddress).When(mockHsProxy).GetConnectAddress(); Org.Mockito.Mockito.DoReturn(getDtResponse).When(mockHsProxy).GetDelegationToken( Matchers.Any <GetDelegationTokenRequest>()); ResourceMgrDelegate rmDelegate = Org.Mockito.Mockito.Mock <ResourceMgrDelegate>(); Org.Mockito.Mockito.DoReturn(rmTokenSevice).When(rmDelegate).GetRMDelegationTokenService (); ClientCache clientCache = Org.Mockito.Mockito.Mock <ClientCache>(); Org.Mockito.Mockito.DoReturn(mockHsProxy).When(clientCache).GetInitializedHSProxy (); Credentials creds = new Credentials(); YARNRunner yarnRunner = new YARNRunner(conf, rmDelegate, clientCache); // No HS token if no RM token yarnRunner.AddHistoryToken(creds); Org.Mockito.Mockito.Verify(mockHsProxy, Org.Mockito.Mockito.Times(0)).GetDelegationToken (Matchers.Any <GetDelegationTokenRequest>()); // No HS token if RM token, but secirity disabled. creds.AddToken(new Text("rmdt"), token); yarnRunner.AddHistoryToken(creds); Org.Mockito.Mockito.Verify(mockHsProxy, Org.Mockito.Mockito.Times(0)).GetDelegationToken (Matchers.Any <GetDelegationTokenRequest>()); conf.Set(CommonConfigurationKeys.HadoopSecurityAuthentication, "kerberos"); UserGroupInformation.SetConfiguration(conf); creds = new Credentials(); // No HS token if no RM token, security enabled yarnRunner.AddHistoryToken(creds); Org.Mockito.Mockito.Verify(mockHsProxy, Org.Mockito.Mockito.Times(0)).GetDelegationToken (Matchers.Any <GetDelegationTokenRequest>()); // HS token if RM token present, security enabled creds.AddToken(new Text("rmdt"), token); yarnRunner.AddHistoryToken(creds); Org.Mockito.Mockito.Verify(mockHsProxy, Org.Mockito.Mockito.Times(1)).GetDelegationToken (Matchers.Any <GetDelegationTokenRequest>()); // No additional call to get HS token if RM and HS token present yarnRunner.AddHistoryToken(creds); Org.Mockito.Mockito.Verify(mockHsProxy, Org.Mockito.Mockito.Times(1)).GetDelegationToken (Matchers.Any <GetDelegationTokenRequest>()); } finally { // Back to defaults. UserGroupInformation.SetConfiguration(new Configuration()); } }