/// <exception cref="System.Exception"/>
private void ValidateLazyTokenFetch(Configuration clusterConf)
{
string testUser = "******";
UserGroupInformation ugi = UserGroupInformation.CreateUserForTesting(testUser, new
string[] { "supergroup" });
WebHdfsFileSystem fs = ugi.DoAs(new _PrivilegedExceptionAction_304(this, clusterConf
));
// verify token ops don't get a token
NUnit.Framework.Assert.IsNull(fs.GetRenewToken());
Org.Apache.Hadoop.Security.Token.Token <object> token = ((Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>)fs.GetDelegationToken(null));
fs.RenewDelegationToken(token);
fs.CancelDelegationToken(token);
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).GetDelegationToken();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).ReplaceExpiredDelegationToken
();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).SetDelegationToken(Matchers.Any
<Org.Apache.Hadoop.Security.Token.Token>());
NUnit.Framework.Assert.IsNull(fs.GetRenewToken());
Org.Mockito.Mockito.Reset(fs);
// verify first non-token op gets a token
Path p = new Path("/f");
fs.Create(p, (short)1).Close();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Times(1)).GetDelegationToken();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).ReplaceExpiredDelegationToken
();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Times(1)).GetDelegationToken(Matchers.AnyString
());
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Times(1)).SetDelegationToken(Matchers.Any
<Org.Apache.Hadoop.Security.Token.Token>());
token = fs.GetRenewToken();
NUnit.Framework.Assert.IsNotNull(token);
NUnit.Framework.Assert.AreEqual(testUser, GetTokenOwner(token));
NUnit.Framework.Assert.AreEqual(fs.GetTokenKind(), token.GetKind());
Org.Mockito.Mockito.Reset(fs);
// verify prior token is reused
fs.GetFileStatus(p);
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Times(1)).GetDelegationToken();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).ReplaceExpiredDelegationToken
();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).GetDelegationToken(Matchers.AnyString
());
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).SetDelegationToken(Matchers.Any
<Org.Apache.Hadoop.Security.Token.Token>());
Org.Apache.Hadoop.Security.Token.Token <object> token2 = fs.GetRenewToken();
NUnit.Framework.Assert.IsNotNull(token2);
NUnit.Framework.Assert.AreEqual(fs.GetTokenKind(), token.GetKind());
NUnit.Framework.Assert.AreSame(token, token2);
Org.Mockito.Mockito.Reset(fs);
// verify renew of expired token fails w/o getting a new token
token = fs.GetRenewToken();
fs.CancelDelegationToken(token);
try
{
fs.RenewDelegationToken(token);
NUnit.Framework.Assert.Fail("should have failed");
}
catch (SecretManager.InvalidToken)
{
}
catch (Exception ex)
{
NUnit.Framework.Assert.Fail("wrong exception:" + ex);
}
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).GetDelegationToken();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).ReplaceExpiredDelegationToken
();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).GetDelegationToken(Matchers.AnyString
());
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).SetDelegationToken(Matchers.Any
<Org.Apache.Hadoop.Security.Token.Token>());
token2 = fs.GetRenewToken();
NUnit.Framework.Assert.IsNotNull(token2);
NUnit.Framework.Assert.AreEqual(fs.GetTokenKind(), token.GetKind());
NUnit.Framework.Assert.AreSame(token, token2);
Org.Mockito.Mockito.Reset(fs);
// verify cancel of expired token fails w/o getting a new token
try
{
fs.CancelDelegationToken(token);
NUnit.Framework.Assert.Fail("should have failed");
}
catch (SecretManager.InvalidToken)
{
}
catch (Exception ex)
{
NUnit.Framework.Assert.Fail("wrong exception:" + ex);
}
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).GetDelegationToken();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).ReplaceExpiredDelegationToken
();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).GetDelegationToken(Matchers.AnyString
());
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).SetDelegationToken(Matchers.Any
<Org.Apache.Hadoop.Security.Token.Token>());
token2 = fs.GetRenewToken();
NUnit.Framework.Assert.IsNotNull(token2);
NUnit.Framework.Assert.AreEqual(fs.GetTokenKind(), token.GetKind());
NUnit.Framework.Assert.AreSame(token, token2);
Org.Mockito.Mockito.Reset(fs);
// verify an expired token is replaced with a new token
fs.Open(p).Close();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Times(2)).GetDelegationToken();
// first bad, then good
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Times(1)).ReplaceExpiredDelegationToken
();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Times(1)).GetDelegationToken(null
);
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Times(1)).SetDelegationToken(Matchers.Any
<Org.Apache.Hadoop.Security.Token.Token>());
token2 = fs.GetRenewToken();
NUnit.Framework.Assert.IsNotNull(token2);
NUnit.Framework.Assert.AreEqual(fs.GetTokenKind(), token.GetKind());
NUnit.Framework.Assert.AreNotSame(token, token2);
NUnit.Framework.Assert.AreEqual(testUser, GetTokenOwner(token2));
Org.Mockito.Mockito.Reset(fs);
// verify with open because it's a little different in how it
// opens connections
fs.CancelDelegationToken(fs.GetRenewToken());
InputStream @is = fs.Open(p);
@is.Read();
@is.Close();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Times(2)).GetDelegationToken();
// first bad, then good
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Times(1)).ReplaceExpiredDelegationToken
();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Times(1)).GetDelegationToken(null
);
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Times(1)).SetDelegationToken(Matchers.Any
<Org.Apache.Hadoop.Security.Token.Token>());
token2 = fs.GetRenewToken();
NUnit.Framework.Assert.IsNotNull(token2);
NUnit.Framework.Assert.AreEqual(fs.GetTokenKind(), token.GetKind());
NUnit.Framework.Assert.AreNotSame(token, token2);
NUnit.Framework.Assert.AreEqual(testUser, GetTokenOwner(token2));
Org.Mockito.Mockito.Reset(fs);
// verify fs close cancels the token
fs.Close();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).GetDelegationToken();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).ReplaceExpiredDelegationToken
();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).GetDelegationToken(Matchers.AnyString
());
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).SetDelegationToken(Matchers.Any
<Org.Apache.Hadoop.Security.Token.Token>());
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Times(1)).CancelDelegationToken
(Matchers.Eq(token2));
// add a token to ugi for a new fs, verify it uses that token
token = ((Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>)fs.GetDelegationToken
(null));
ugi.AddToken(token);
fs = ugi.DoAs(new _PrivilegedExceptionAction_426(this, clusterConf));
NUnit.Framework.Assert.IsNull(fs.GetRenewToken());
fs.GetFileStatus(new Path("/"));
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Times(1)).GetDelegationToken();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).ReplaceExpiredDelegationToken
();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).GetDelegationToken(Matchers.AnyString
());
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Times(1)).SetDelegationToken(Matchers.Eq
(token));
token2 = fs.GetRenewToken();
NUnit.Framework.Assert.IsNotNull(token2);
NUnit.Framework.Assert.AreEqual(fs.GetTokenKind(), token.GetKind());
NUnit.Framework.Assert.AreSame(token, token2);
Org.Mockito.Mockito.Reset(fs);
// verify it reuses the prior ugi token
fs.GetFileStatus(new Path("/"));
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Times(1)).GetDelegationToken();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).ReplaceExpiredDelegationToken
();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).GetDelegationToken(Matchers.AnyString
());
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).SetDelegationToken(Matchers.Any
<Org.Apache.Hadoop.Security.Token.Token>());
token2 = fs.GetRenewToken();
NUnit.Framework.Assert.IsNotNull(token2);
NUnit.Framework.Assert.AreEqual(fs.GetTokenKind(), token.GetKind());
NUnit.Framework.Assert.AreSame(token, token2);
Org.Mockito.Mockito.Reset(fs);
// verify an expired ugi token is NOT replaced with a new token
fs.CancelDelegationToken(token);
for (int i = 0; i < 2; i++)
{
try
{
fs.GetFileStatus(new Path("/"));
NUnit.Framework.Assert.Fail("didn't fail");
}
catch (SecretManager.InvalidToken)
{
}
catch (Exception ex)
{
NUnit.Framework.Assert.Fail("wrong exception:" + ex);
}
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Times(1)).GetDelegationToken();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Times(1)).ReplaceExpiredDelegationToken
();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).GetDelegationToken(Matchers.AnyString
());
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).SetDelegationToken(Matchers.Any
<Org.Apache.Hadoop.Security.Token.Token>());
token2 = fs.GetRenewToken();
NUnit.Framework.Assert.IsNotNull(token2);
NUnit.Framework.Assert.AreEqual(fs.GetTokenKind(), token.GetKind());
NUnit.Framework.Assert.AreSame(token, token2);
Org.Mockito.Mockito.Reset(fs);
}
// verify fs close does NOT cancel the ugi token
fs.Close();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).GetDelegationToken();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).ReplaceExpiredDelegationToken
();
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).GetDelegationToken(Matchers.AnyString
());
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).SetDelegationToken(Matchers.Any
<Org.Apache.Hadoop.Security.Token.Token>());
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).CancelDelegationToken
(Matchers.Any <Org.Apache.Hadoop.Security.Token.Token>());
}