Example 6 with MRDelegationTokenIdentifier
use of org.apache.hadoop.mapreduce.v2.api.MRDelegationTokenIdentifier in project hadoop by apache.
the class TestJHSDelegationTokenSecretManager method testRecovery.
@Test
public void testRecovery() throws IOException {
Configuration conf = new Configuration();
HistoryServerStateStoreService store = new HistoryServerMemStateStoreService();
store.init(conf);
store.start();
JHSDelegationTokenSecretManagerForTest mgr = new JHSDelegationTokenSecretManagerForTest(store);
mgr.startThreads();
MRDelegationTokenIdentifier tokenId1 = new MRDelegationTokenIdentifier(new Text("tokenOwner"), new Text("tokenRenewer"), new Text("tokenUser"));
Token<MRDelegationTokenIdentifier> token1 = new Token<MRDelegationTokenIdentifier>(tokenId1, mgr);
MRDelegationTokenIdentifier tokenId2 = new MRDelegationTokenIdentifier(new Text("tokenOwner"), new Text("tokenRenewer"), new Text("tokenUser"));
Token<MRDelegationTokenIdentifier> token2 = new Token<MRDelegationTokenIdentifier>(tokenId2, mgr);
DelegationKey[] keys = mgr.getAllKeys();
long tokenRenewDate1 = mgr.getAllTokens().get(tokenId1).getRenewDate();
long tokenRenewDate2 = mgr.getAllTokens().get(tokenId2).getRenewDate();
mgr.stopThreads();
mgr = new JHSDelegationTokenSecretManagerForTest(store);
mgr.recover(store.loadState());
List<DelegationKey> recoveredKeys = Arrays.asList(mgr.getAllKeys());
for (DelegationKey key : keys) {
assertTrue("key missing after recovery", recoveredKeys.contains(key));
}
assertTrue("token1 missing", mgr.getAllTokens().containsKey(tokenId1));
assertEquals("token1 renew date", tokenRenewDate1, mgr.getAllTokens().get(tokenId1).getRenewDate());
assertTrue("token2 missing", mgr.getAllTokens().containsKey(tokenId2));
assertEquals("token2 renew date", tokenRenewDate2, mgr.getAllTokens().get(tokenId2).getRenewDate());
mgr.startThreads();
mgr.verifyToken(tokenId1, token1.getPassword());
mgr.verifyToken(tokenId2, token2.getPassword());
MRDelegationTokenIdentifier tokenId3 = new MRDelegationTokenIdentifier(new Text("tokenOwner"), new Text("tokenRenewer"), new Text("tokenUser"));
Token<MRDelegationTokenIdentifier> token3 = new Token<MRDelegationTokenIdentifier>(tokenId3, mgr);
assertEquals("sequence number restore", tokenId2.getSequenceNumber() + 1, tokenId3.getSequenceNumber());
mgr.cancelToken(token1, "tokenOwner");
// Testing with full principal name
MRDelegationTokenIdentifier tokenIdFull = new MRDelegationTokenIdentifier(new Text("tokenOwner/localhost@LOCALHOST"), new Text("tokenRenewer"), new Text("tokenUser"));
KerberosName.setRules("RULE:[1:$1]\nRULE:[2:$1]");
Token<MRDelegationTokenIdentifier> tokenFull = new Token<MRDelegationTokenIdentifier>(tokenIdFull, mgr);
// Negative test
try {
mgr.cancelToken(tokenFull, "tokenOwner");
} catch (AccessControlException ace) {
assertTrue(ace.getMessage().contains("is not authorized to cancel the token"));
}
// Succeed to cancel with full principal
mgr.cancelToken(tokenFull, tokenIdFull.getOwner().toString());
long tokenRenewDate3 = mgr.getAllTokens().get(tokenId3).getRenewDate();
mgr.stopThreads();
mgr = new JHSDelegationTokenSecretManagerForTest(store);
mgr.recover(store.loadState());
assertFalse("token1 should be missing", mgr.getAllTokens().containsKey(tokenId1));
assertTrue("token2 missing", mgr.getAllTokens().containsKey(tokenId2));
assertEquals("token2 renew date", tokenRenewDate2, mgr.getAllTokens().get(tokenId2).getRenewDate());
assertTrue("token3 missing", mgr.getAllTokens().containsKey(tokenId3));
assertEquals("token3 renew date", tokenRenewDate3, mgr.getAllTokens().get(tokenId3).getRenewDate());
mgr.startThreads();
mgr.verifyToken(tokenId2, token2.getPassword());
mgr.verifyToken(tokenId3, token3.getPassword());
mgr.stopThreads();
}
Also used :
Configuration(org.apache.hadoop.conf.Configuration)
MRDelegationTokenIdentifier(org.apache.hadoop.mapreduce.v2.api.MRDelegationTokenIdentifier)
AccessControlException(org.apache.hadoop.security.AccessControlException)
Text(org.apache.hadoop.io.Text)
Token(org.apache.hadoop.security.token.Token)
DelegationKey(org.apache.hadoop.security.token.delegation.DelegationKey)
Test(org.junit.Test)
Example 7 with MRDelegationTokenIdentifier
use of org.apache.hadoop.mapreduce.v2.api.MRDelegationTokenIdentifier in project hadoop by apache.
the class HistoryServerFileSystemStateStoreService method loadToken.
private MRDelegationTokenIdentifier loadToken(HistoryServerState state, Path tokenFile, long numTokenFileBytes) throws IOException {
MRDelegationTokenIdentifier tokenId = new MRDelegationTokenIdentifier();
long renewDate;
byte[] tokenData = readFile(tokenFile, numTokenFileBytes);
DataInputStream in = new DataInputStream(new ByteArrayInputStream(tokenData));
try {
tokenId.readFields(in);
renewDate = in.readLong();
} finally {
IOUtils.cleanup(LOG, in);
}
state.tokenState.put(tokenId, renewDate);
return tokenId;
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
MRDelegationTokenIdentifier(org.apache.hadoop.mapreduce.v2.api.MRDelegationTokenIdentifier)
DataInputStream(java.io.DataInputStream)
FSDataInputStream(org.apache.hadoop.fs.FSDataInputStream)
Aggregations
MRDelegationTokenIdentifier (org.apache.hadoop.mapreduce.v2.api.MRDelegationTokenIdentifier)7
Text (org.apache.hadoop.io.Text)4
IOException (java.io.IOException)3
HistoryServerState (org.apache.hadoop.mapreduce.v2.hs.HistoryServerStateStoreService.HistoryServerState)3
DelegationKey (org.apache.hadoop.security.token.delegation.DelegationKey)3
Test (org.junit.Test)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
DataInputStream (java.io.DataInputStream)2
Configuration (org.apache.hadoop.conf.Configuration)1
FSDataInputStream (org.apache.hadoop.fs.FSDataInputStream)1
FileSystem (org.apache.hadoop.fs.FileSystem)1
Path (org.apache.hadoop.fs.Path)1
AccessControlException (org.apache.hadoop.security.AccessControlException)1
Token (org.apache.hadoop.security.token.Token)1
ArgumentMatcher (org.mockito.ArgumentMatcher)1
