/// <exception cref="System.Exception"/>
public virtual void TestGetCredsNotSame <T>()
where T : TokenIdentifier
{
UserGroupInformation ugi = UserGroupInformation.CreateRemoteUser("someone");
Credentials creds = ugi.GetCredentials();
// should always get a new copy
NUnit.Framework.Assert.AreNotSame(creds, ugi.GetCredentials());
}
/// <exception cref="System.Exception"/>
public virtual void TestAddCreds <T>()
where T : TokenIdentifier
{
// from Mockito mocks
UserGroupInformation ugi = UserGroupInformation.CreateRemoteUser("someone");
Text service = new Text("service");
Org.Apache.Hadoop.Security.Token.Token <T> t1 = Org.Mockito.Mockito.Mock <Org.Apache.Hadoop.Security.Token.Token
>();
Org.Mockito.Mockito.When(t1.GetService()).ThenReturn(service);
Org.Apache.Hadoop.Security.Token.Token <T> t2 = Org.Mockito.Mockito.Mock <Org.Apache.Hadoop.Security.Token.Token
>();
Org.Mockito.Mockito.When(t2.GetService()).ThenReturn(new Text("service2"));
byte[] secret = new byte[] { };
Text secretKey = new Text("sshhh");
// fill credentials
Credentials creds = new Credentials();
creds.AddToken(t1.GetService(), t1);
creds.AddToken(t2.GetService(), t2);
creds.AddSecretKey(secretKey, secret);
// add creds to ugi, and check ugi
ugi.AddCredentials(creds);
CheckTokens(ugi, t1, t2);
NUnit.Framework.Assert.AreSame(secret, ugi.GetCredentials().GetSecretKey(secretKey
));
}
/// <exception cref="System.Exception"/>
public virtual void TestGetCreds <T>()
where T : TokenIdentifier
{
// from Mockito mocks
UserGroupInformation ugi = UserGroupInformation.CreateRemoteUser("someone");
Text service = new Text("service");
Org.Apache.Hadoop.Security.Token.Token <T> t1 = Org.Mockito.Mockito.Mock <Org.Apache.Hadoop.Security.Token.Token
>();
Org.Mockito.Mockito.When(t1.GetService()).ThenReturn(service);
Org.Apache.Hadoop.Security.Token.Token <T> t2 = Org.Mockito.Mockito.Mock <Org.Apache.Hadoop.Security.Token.Token
>();
Org.Mockito.Mockito.When(t2.GetService()).ThenReturn(new Text("service2"));
Org.Apache.Hadoop.Security.Token.Token <T> t3 = Org.Mockito.Mockito.Mock <Org.Apache.Hadoop.Security.Token.Token
>();
Org.Mockito.Mockito.When(t3.GetService()).ThenReturn(service);
// add token to ugi
ugi.AddToken(t1);
ugi.AddToken(t2);
CheckTokens(ugi, t1, t2);
Credentials creds = ugi.GetCredentials();
creds.AddToken(t3.GetService(), t3);
NUnit.Framework.Assert.AreSame(t3, creds.GetToken(service));
// check that ugi wasn't modified
CheckTokens(ugi, t1, t2);
}
/// <exception cref="System.Exception"/>
public virtual void TestAddNamedToken <T>()
where T : TokenIdentifier
{
// from Mockito mocks
UserGroupInformation ugi = UserGroupInformation.CreateRemoteUser("someone");
Org.Apache.Hadoop.Security.Token.Token <T> t1 = Org.Mockito.Mockito.Mock <Org.Apache.Hadoop.Security.Token.Token
>();
Text service1 = new Text("t1");
Text service2 = new Text("t2");
Org.Mockito.Mockito.When(t1.GetService()).ThenReturn(service1);
// add token
ugi.AddToken(service1, t1);
NUnit.Framework.Assert.AreSame(t1, ugi.GetCredentials().GetToken(service1));
// add token with another name
ugi.AddToken(service2, t1);
NUnit.Framework.Assert.AreSame(t1, ugi.GetCredentials().GetToken(service1));
NUnit.Framework.Assert.AreSame(t1, ugi.GetCredentials().GetToken(service2));
}
/// <exception cref="System.Exception"/>
public virtual void TestUGITokens <T>()
where T : TokenIdentifier
{
// from Mockito mocks
UserGroupInformation ugi = UserGroupInformation.CreateUserForTesting("TheDoctor",
new string[] { "TheTARDIS" });
Org.Apache.Hadoop.Security.Token.Token <T> t1 = Org.Mockito.Mockito.Mock <Org.Apache.Hadoop.Security.Token.Token
>();
Org.Mockito.Mockito.When(t1.GetService()).ThenReturn(new Text("t1"));
Org.Apache.Hadoop.Security.Token.Token <T> t2 = Org.Mockito.Mockito.Mock <Org.Apache.Hadoop.Security.Token.Token
>();
Org.Mockito.Mockito.When(t2.GetService()).ThenReturn(new Text("t2"));
Credentials creds = new Credentials();
byte[] secretKey = new byte[] { };
Text secretName = new Text("shhh");
creds.AddSecretKey(secretName, secretKey);
ugi.AddToken(t1);
ugi.AddToken(t2);
ugi.AddCredentials(creds);
ICollection <Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> > z = ugi.GetTokens
();
Assert.True(z.Contains(t1));
Assert.True(z.Contains(t2));
Assert.Equal(2, z.Count);
Credentials ugiCreds = ugi.GetCredentials();
NUnit.Framework.Assert.AreSame(secretKey, ugiCreds.GetSecretKey(secretName));
Assert.Equal(1, ugiCreds.NumberOfSecretKeys());
try
{
z.Remove(t1);
NUnit.Framework.Assert.Fail("Shouldn't be able to modify token collection from UGI"
);
}
catch (NotSupportedException)
{
}
// Can't modify tokens
// ensure that the tokens are passed through doAs
ICollection <Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> > otherSet = ugi
.DoAs(new _PrivilegedExceptionAction_612());
Assert.True(otherSet.Contains(t1));
Assert.True(otherSet.Contains(t2));
}
public virtual void TestAddTokensToUGI()
{
UserGroupInformation ugi = UserGroupInformation.CreateRemoteUser("someone");
Credentials creds = new Credentials();
for (int i = 0; i < service.Length; i++)
{
creds.AddToken(service[i], token[i]);
}
ugi.AddCredentials(creds);
creds = ugi.GetCredentials();
for (int i_1 = 0; i_1 < service.Length; i_1++)
{
NUnit.Framework.Assert.AreSame(token[i_1], creds.GetToken(service[i_1]));
}
Assert.Equal(service.Length, creds.NumberOfTokens());
}
private void CheckTokens(UserGroupInformation ugi, params Org.Apache.Hadoop.Security.Token.Token
<object>[] tokens)
{
// check the ugi's token collection
ICollection <Org.Apache.Hadoop.Security.Token.Token <object> > ugiTokens = ugi.GetTokens
();
foreach (Org.Apache.Hadoop.Security.Token.Token <object> t in tokens)
{
Assert.True(ugiTokens.Contains(t));
}
Assert.Equal(tokens.Length, ugiTokens.Count);
// check the ugi's credentials
Credentials ugiCreds = ugi.GetCredentials();
foreach (Org.Apache.Hadoop.Security.Token.Token <object> t_1 in tokens)
{
NUnit.Framework.Assert.AreSame(t_1, ugiCreds.GetToken(t_1.GetService()));
}
Assert.Equal(tokens.Length, ugiCreds.NumberOfTokens());
}
/// <exception cref="System.IO.IOException"/>
private UserProvider()
{
user = UserGroupInformation.GetCurrentUser();
credentials = user.GetCredentials();
}
public virtual void TestPrivateTokenExclusion()
{
UserGroupInformation ugi = UserGroupInformation.GetCurrentUser();
TestSaslRPC.TestTokenIdentifier tokenId = new TestSaslRPC.TestTokenIdentifier();
Org.Apache.Hadoop.Security.Token.Token <TestSaslRPC.TestTokenIdentifier> token = new
Org.Apache.Hadoop.Security.Token.Token <TestSaslRPC.TestTokenIdentifier>(tokenId.
GetBytes(), Runtime.GetBytesForString("password"), tokenId.GetKind(), null
);
ugi.AddToken(new Text("regular-token"), token);
// Now add cloned private token
ugi.AddToken(new Text("private-token"), new Token.PrivateToken <TestSaslRPC.TestTokenIdentifier
>(token));
ugi.AddToken(new Text("private-token1"), new Token.PrivateToken <TestSaslRPC.TestTokenIdentifier
>(token));
// Ensure only non-private tokens are returned
ICollection <Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> > tokens = ugi
.GetCredentials().GetAllTokens();
Assert.Equal(1, tokens.Count);
}
// my sleep class
/// <summary>attempts to access tokenCache as from client</summary>
/// <exception cref="System.IO.IOException"/>
/// <exception cref="System.Exception"/>
protected override void Map(IntWritable key, IntWritable value, Mapper.Context context
)
{
// get context token storage:
Credentials contextCredentials = context.GetCredentials();
ICollection <Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> > contextTokenCollection
= contextCredentials.GetAllTokens();
foreach (Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> t in contextTokenCollection)
{
System.Console.Out.WriteLine("Context token: [" + t + "]");
}
if (contextTokenCollection.Count != 2)
{
// one job token and one delegation token
// fail the test:
throw new RuntimeException("Exactly 2 tokens are expected in the contextTokenCollection: "
+ "one job token and one delegation token, but was found " + contextTokenCollection
.Count + " tokens.");
}
Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> dt = contextCredentials.GetToken
(new Text(DelegationTokenKey));
if (dt == null)
{
throw new RuntimeException("Token for key [" + DelegationTokenKey + "] not found in the job context."
);
}
string tokenFile0 = context.GetConfiguration().Get(MRJobConfig.MapreduceJobCredentialsBinary
);
if (tokenFile0 != null)
{
throw new RuntimeException("Token file key [" + MRJobConfig.MapreduceJobCredentialsBinary
+ "] found in the configuration. It should have been removed from the configuration."
);
}
string tokenFile = context.GetConfiguration().Get(KeySecurityTokenFileName);
if (tokenFile == null)
{
throw new RuntimeException("Token file key [" + KeySecurityTokenFileName + "] not found in the job configuration."
);
}
Credentials binaryCredentials = new Credentials();
binaryCredentials.ReadTokenStorageStream(new DataInputStream(new FileInputStream(
tokenFile)));
ICollection <Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> > binaryTokenCollection
= binaryCredentials.GetAllTokens();
if (binaryTokenCollection.Count != 1)
{
throw new RuntimeException("The token collection read from file [" + tokenFile +
"] must have size = 1.");
}
Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> binTok = binaryTokenCollection
.GetEnumerator().Next();
System.Console.Out.WriteLine("The token read from binary file: t = [" + binTok +
"]");
// Verify that dt is same as the token in the file:
if (!dt.Equals(binTok))
{
throw new RuntimeException("Delegation token in job is not same as the token passed in file:"
+ " tokenInFile=[" + binTok + "], dt=[" + dt + "].");
}
// Now test the user tokens.
UserGroupInformation ugi = UserGroupInformation.GetCurrentUser();
// Print all the UGI tokens for diagnostic purposes:
ICollection <Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> > ugiTokenCollection
= ugi.GetTokens();
foreach (Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> t_1 in ugiTokenCollection)
{
System.Console.Out.WriteLine("UGI token: [" + t_1 + "]");
}
Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> ugiToken = ugi.GetCredentials
().GetToken(new Text(DelegationTokenKey));
if (ugiToken == null)
{
throw new RuntimeException("Token for key [" + DelegationTokenKey + "] not found among the UGI tokens."
);
}
if (!ugiToken.Equals(binTok))
{
throw new RuntimeException("UGI token is not same as the token passed in binary file:"
+ " tokenInBinFile=[" + binTok + "], ugiTok=[" + ugiToken + "].");
}
base.Map(key, value, context);
}
/// <exception cref="System.IO.IOException"/>
private UserProvider(Configuration conf)
: base(conf)
{
user = UserGroupInformation.GetCurrentUser();
credentials = user.GetCredentials();
}
