/// <exception cref="System.Exception"/>
public virtual void TestHAUtilClonesDelegationTokens()
{
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = GetDelegationToken
(fs, "JobTracker");
UserGroupInformation ugi = UserGroupInformation.CreateRemoteUser("test");
URI haUri = new URI("hdfs://my-ha-uri/");
token.SetService(HAUtil.BuildTokenServiceForLogicalUri(haUri, HdfsConstants.HdfsUriScheme
));
ugi.AddToken(token);
ICollection <IPEndPoint> nnAddrs = new HashSet <IPEndPoint>();
nnAddrs.AddItem(new IPEndPoint("localhost", nn0.GetNameNodeAddress().Port));
nnAddrs.AddItem(new IPEndPoint("localhost", nn1.GetNameNodeAddress().Port));
HAUtil.CloneDelegationTokenForLogicalUri(ugi, haUri, nnAddrs);
ICollection <Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> > tokens = ugi
.GetTokens();
NUnit.Framework.Assert.AreEqual(3, tokens.Count);
Log.Info("Tokens:\n" + Joiner.On("\n").Join(tokens));
DelegationTokenSelector dts = new DelegationTokenSelector();
// check that the token selected for one of the physical IPC addresses
// matches the one we received
foreach (IPEndPoint addr in nnAddrs)
{
Text ipcDtService = SecurityUtil.BuildTokenService(addr);
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token2 = dts.SelectToken
(ipcDtService, ugi.GetTokens());
NUnit.Framework.Assert.IsNotNull(token2);
Assert.AssertArrayEquals(token.GetIdentifier(), token2.GetIdentifier());
Assert.AssertArrayEquals(token.GetPassword(), token2.GetPassword());
}
// switch to host-based tokens, shouldn't match existing tokens
SecurityUtilTestHelper.SetTokenServiceUseIp(false);
foreach (IPEndPoint addr_1 in nnAddrs)
{
Text ipcDtService = SecurityUtil.BuildTokenService(addr_1);
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token2 = dts.SelectToken
(ipcDtService, ugi.GetTokens());
NUnit.Framework.Assert.IsNull(token2);
}
// reclone the tokens, and see if they match now
HAUtil.CloneDelegationTokenForLogicalUri(ugi, haUri, nnAddrs);
foreach (IPEndPoint addr_2 in nnAddrs)
{
Text ipcDtService = SecurityUtil.BuildTokenService(addr_2);
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token2 = dts.SelectToken
(ipcDtService, ugi.GetTokens());
NUnit.Framework.Assert.IsNotNull(token2);
Assert.AssertArrayEquals(token.GetIdentifier(), token2.GetIdentifier());
Assert.AssertArrayEquals(token.GetPassword(), token2.GetPassword());
}
}
/// <exception cref="System.Exception"/>
public virtual void TestHdfsGetCanonicalServiceName()
{
Configuration conf = dfs.GetConf();
URI haUri = HATestUtil.GetLogicalUri(cluster);
AbstractFileSystem afs = AbstractFileSystem.CreateFileSystem(haUri, conf);
string haService = HAUtil.BuildTokenServiceForLogicalUri(haUri, HdfsConstants.HdfsUriScheme
).ToString();
NUnit.Framework.Assert.AreEqual(haService, afs.GetCanonicalServiceName());
Org.Apache.Hadoop.Security.Token.Token <object> token = afs.GetDelegationTokens(UserGroupInformation
.GetCurrentUser().GetShortUserName())[0];
NUnit.Framework.Assert.AreEqual(haService, token.GetService().ToString());
// make sure the logical uri is handled correctly
token.Renew(conf);
token.Cancel(conf);
}
/// <summary>
/// HDFS-3062: DistributedFileSystem.getCanonicalServiceName() throws an
/// exception if the URI is a logical URI.
/// </summary>
/// <remarks>
/// HDFS-3062: DistributedFileSystem.getCanonicalServiceName() throws an
/// exception if the URI is a logical URI. This bug fails the combination of
/// ha + mapred + security.
/// </remarks>
/// <exception cref="System.Exception"/>
public virtual void TestDFSGetCanonicalServiceName()
{
URI hAUri = HATestUtil.GetLogicalUri(cluster);
string haService = HAUtil.BuildTokenServiceForLogicalUri(hAUri, HdfsConstants.HdfsUriScheme
).ToString();
NUnit.Framework.Assert.AreEqual(haService, dfs.GetCanonicalServiceName());
string renewer = UserGroupInformation.GetCurrentUser().GetShortUserName();
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = GetDelegationToken
(dfs, renewer);
NUnit.Framework.Assert.AreEqual(haService, token.GetService().ToString());
// make sure the logical uri is handled correctly
token.Renew(dfs.GetConf());
token.Cancel(dfs.GetConf());
}
> DelegationToken()
{
string delegation = Param(DelegationParam.Name);
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>();
token.DecodeFromUrlString(delegation);
URI nnUri = URI.Create(HdfsConstants.HdfsUriScheme + "://" + NamenodeId());
bool isLogical = HAUtil.IsLogicalUri(conf, nnUri);
if (isLogical)
{
token.SetService(HAUtil.BuildTokenServiceForLogicalUri(nnUri, HdfsConstants.HdfsUriScheme
));
}
else
{
token.SetService(SecurityUtil.BuildTokenService(nnUri));
}
return(token);
}