Search in sources :

Example 46 with DelegationTokenIdentifier

use of org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier in project hadoop by apache.

the class TestWebHDFSForHA method testClientFailoverWhenStandbyNNHasStaleCredentials.

@Test
public void testClientFailoverWhenStandbyNNHasStaleCredentials() throws IOException {
    Configuration conf = DFSTestUtil.newHAConfiguration(LOGICAL_NAME);
    conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);
    MiniDFSCluster cluster = null;
    WebHdfsFileSystem fs = null;
    try {
        cluster = new MiniDFSCluster.Builder(conf).nnTopology(topo).numDataNodes(0).build();
        HATestUtil.setFailoverConfigurations(cluster, conf, LOGICAL_NAME);
        cluster.waitActive();
        fs = (WebHdfsFileSystem) FileSystem.get(WEBHDFS_URI, conf);
        cluster.transitionToActive(0);
        Token<?> token = fs.getDelegationToken(null);
        final DelegationTokenIdentifier identifier = new DelegationTokenIdentifier();
        identifier.readFields(new DataInputStream(new ByteArrayInputStream(token.getIdentifier())));
        cluster.transitionToStandby(0);
        cluster.transitionToActive(1);
        final DelegationTokenSecretManager secretManager = NameNodeAdapter.getDtSecretManager(cluster.getNamesystem(0));
        ExceptionHandler eh = new ExceptionHandler();
        eh.initResponse(mock(HttpServletResponse.class));
        Response resp = null;
        try {
            secretManager.retrievePassword(identifier);
        } catch (IOException e) {
            // Mimic the UserProvider class logic (server side) by throwing
            // SecurityException here
            Assert.assertTrue(e instanceof SecretManager.InvalidToken);
            resp = eh.toResponse(new SecurityException(e));
        }
        // The Response (resp) below is what the server will send to client
        //
        // BEFORE HDFS-6475 fix, the resp.entity is
        //     {"RemoteException":{"exception":"SecurityException",
        //      "javaClassName":"java.lang.SecurityException",
        //      "message":"Failed to obtain user group information:
        //      org.apache.hadoop.security.token.SecretManager$InvalidToken:
        //        StandbyException"}}
        // AFTER the fix, the resp.entity is
        //     {"RemoteException":{"exception":"StandbyException",
        //      "javaClassName":"org.apache.hadoop.ipc.StandbyException",
        //      "message":"Operation category READ is not supported in
        //       state standby"}}
        //
        // Mimic the client side logic by parsing the response from server
        //
        Map<?, ?> m = (Map<?, ?>) JSON.parse(resp.getEntity().toString());
        RemoteException re = JsonUtilClient.toRemoteException(m);
        Exception unwrapped = re.unwrapRemoteException(StandbyException.class);
        Assert.assertTrue(unwrapped instanceof StandbyException);
    } finally {
        IOUtils.cleanup(null, fs);
        if (cluster != null) {
            cluster.shutdown();
        }
    }
}
Also used : MiniDFSCluster(org.apache.hadoop.hdfs.MiniDFSCluster) Configuration(org.apache.hadoop.conf.Configuration) DelegationTokenIdentifier(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) DataInputStream(java.io.DataInputStream) FSDataInputStream(org.apache.hadoop.fs.FSDataInputStream) StandbyException(org.apache.hadoop.ipc.StandbyException) IOException(java.io.IOException) RemoteException(org.apache.hadoop.ipc.RemoteException) ExceptionHandler(org.apache.hadoop.hdfs.web.resources.ExceptionHandler) HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(javax.ws.rs.core.Response) DelegationTokenSecretManager(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager) StandbyException(org.apache.hadoop.ipc.StandbyException) ByteArrayInputStream(java.io.ByteArrayInputStream) RemoteException(org.apache.hadoop.ipc.RemoteException) HashMap(java.util.HashMap) Map(java.util.Map) Test(org.junit.Test)

Aggregations

DelegationTokenIdentifier (org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier)46 Test (org.junit.Test)28 Text (org.apache.hadoop.io.Text)25 Token (org.apache.hadoop.security.token.Token)21 IOException (java.io.IOException)18 Configuration (org.apache.hadoop.conf.Configuration)13 InvalidToken (org.apache.hadoop.security.token.SecretManager.InvalidToken)12 Credentials (org.apache.hadoop.security.Credentials)11 ByteArrayInputStream (java.io.ByteArrayInputStream)10 DataInputStream (java.io.DataInputStream)10 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)9 ByteBuffer (java.nio.ByteBuffer)7 DataInputByteBuffer (org.apache.hadoop.io.DataInputByteBuffer)7 MockNM (org.apache.hadoop.yarn.server.resourcemanager.MockNM)7 MockRM (org.apache.hadoop.yarn.server.resourcemanager.MockRM)7 TestSecurityMockRM (org.apache.hadoop.yarn.server.resourcemanager.TestRMRestart.TestSecurityMockRM)7 InetSocketAddress (java.net.InetSocketAddress)6 RMApp (org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)6 DelegationTokenSecretManager (org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager)5 YarnConfiguration (org.apache.hadoop.yarn.conf.YarnConfiguration)5