public virtual void TestDoAs() { KerberosTestUtils.DoAsClient(new _Callable_319()); // this should not work string token = GetDelegationToken("client"); string renewer = "renewer"; string body = "{\"renewer\":\"" + renewer + "\"}"; Uri url = new Uri("http://*****:*****@EXAMPLE.COM", new _Callable_374()); }
public virtual void TestPutDomains() { KerberosTestUtils.DoAs(HttpUser + "/localhost", new _Callable_200(this)); }
public virtual void TestDelegationTokenOperations() { TimelineClient httpUserClient = KerberosTestUtils.DoAs(HttpUser + "/localhost", new _Callable_221(this)); UserGroupInformation httpUser = KerberosTestUtils.DoAs(HttpUser + "/localhost", new _Callable_228()); // Let HTTP user to get the delegation for itself Org.Apache.Hadoop.Security.Token.Token <TimelineDelegationTokenIdentifier> token = httpUserClient.GetDelegationToken(httpUser.GetShortUserName()); NUnit.Framework.Assert.IsNotNull(token); TimelineDelegationTokenIdentifier tDT = token.DecodeIdentifier(); NUnit.Framework.Assert.IsNotNull(tDT); NUnit.Framework.Assert.AreEqual(new Text(HttpUser), tDT.GetOwner()); // Renew token NUnit.Framework.Assert.IsFalse(token.GetService().ToString().IsEmpty()); // Renew the token from the token service address long renewTime1 = httpUserClient.RenewDelegationToken(token); Sharpen.Thread.Sleep(100); token.SetService(new Text()); NUnit.Framework.Assert.IsTrue(token.GetService().ToString().IsEmpty()); // If the token service address is not avaiable, it still can be renewed // from the configured address long renewTime2 = httpUserClient.RenewDelegationToken(token); NUnit.Framework.Assert.IsTrue(renewTime1 < renewTime2); // Cancel token NUnit.Framework.Assert.IsTrue(token.GetService().ToString().IsEmpty()); // If the token service address is not avaiable, it still can be canceled // from the configured address httpUserClient.CancelDelegationToken(token); // Renew should not be successful because the token is canceled try { httpUserClient.RenewDelegationToken(token); NUnit.Framework.Assert.Fail(); } catch (Exception e) { NUnit.Framework.Assert.IsTrue(e.Message.Contains("Renewal request for unknown token" )); } // Let HTTP user to get the delegation token for FOO user UserGroupInformation fooUgi = UserGroupInformation.CreateProxyUser(FooUser, httpUser ); TimelineClient fooUserClient = fooUgi.DoAs(new _PrivilegedExceptionAction_272(this )); token = fooUserClient.GetDelegationToken(httpUser.GetShortUserName()); NUnit.Framework.Assert.IsNotNull(token); tDT = token.DecodeIdentifier(); NUnit.Framework.Assert.IsNotNull(tDT); NUnit.Framework.Assert.AreEqual(new Text(FooUser), tDT.GetOwner()); NUnit.Framework.Assert.AreEqual(new Text(HttpUser), tDT.GetRealUser()); // Renew token as the renewer Org.Apache.Hadoop.Security.Token.Token <TimelineDelegationTokenIdentifier> tokenToRenew = token; renewTime1 = httpUserClient.RenewDelegationToken(tokenToRenew); renewTime2 = httpUserClient.RenewDelegationToken(tokenToRenew); NUnit.Framework.Assert.IsTrue(renewTime1 < renewTime2); // Cancel token NUnit.Framework.Assert.IsFalse(tokenToRenew.GetService().ToString().IsEmpty()); // Cancel the token from the token service address fooUserClient.CancelDelegationToken(tokenToRenew); // Renew should not be successful because the token is canceled try { httpUserClient.RenewDelegationToken(tokenToRenew); NUnit.Framework.Assert.Fail(); } catch (Exception e) { NUnit.Framework.Assert.IsTrue(e.Message.Contains("Renewal request for unknown token" )); } // Let HTTP user to get the delegation token for BAR user UserGroupInformation barUgi = UserGroupInformation.CreateProxyUser(BarUser, httpUser ); TimelineClient barUserClient = barUgi.DoAs(new _PrivilegedExceptionAction_309(this )); try { barUserClient.GetDelegationToken(httpUser.GetShortUserName()); NUnit.Framework.Assert.Fail(); } catch (Exception e) { NUnit.Framework.Assert.IsTrue(e.InnerException is AuthorizationException || e.InnerException is AuthenticationException); } }
public virtual void TestPutTimelineEntities() { KerberosTestUtils.DoAs(HttpUser + "/localhost", new _Callable_178(this)); }