@Test(timeout=60000) public void testSelectHdfsDelegationToken() throws Exception { SecurityUtilTestHelper.setTokenServiceUseIp(true); Configuration conf = new Configuration(); conf.setClass("fs.webhdfs.impl", MyWebHdfsFileSystem.class, FileSystem.class); // test with implicit default port URI fsUri = URI.create("webhdfs://localhost"); MyWebHdfsFileSystem fs = (MyWebHdfsFileSystem) FileSystem.get(fsUri, conf); checkTokenSelection(fs, conf); // test with explicit default port fsUri = URI.create("webhdfs://localhost:"+fs.getDefaultPort()); fs = (MyWebHdfsFileSystem) FileSystem.get(fsUri, conf); checkTokenSelection(fs, conf); // test with non-default port fsUri = URI.create("webhdfs://localhost:"+(fs.getDefaultPort()-1)); fs = (MyWebHdfsFileSystem) FileSystem.get(fsUri, conf); checkTokenSelection(fs, conf); }
@Test(timeout = 4000) public void testSelectHdfsDelegationToken() throws Exception { SecurityUtilTestHelper.setTokenServiceUseIp(true); Configuration conf = new Configuration(); conf.setClass("fs.webhdfs.impl", MyWebHdfsFileSystem.class, FileSystem.class); // test with implicit default port URI fsUri = URI.create("webhdfs://localhost"); MyWebHdfsFileSystem fs = (MyWebHdfsFileSystem) FileSystem.get(fsUri, conf); checkTokenSelection(fs, conf); // test with explicit default port fsUri = URI.create("webhdfs://localhost:" + fs.getDefaultPort()); fs = (MyWebHdfsFileSystem) FileSystem.get(fsUri, conf); checkTokenSelection(fs, conf); // test with non-default port fsUri = URI.create("webhdfs://localhost:" + (fs.getDefaultPort() - 1)); fs = (MyWebHdfsFileSystem) FileSystem.get(fsUri, conf); checkTokenSelection(fs, conf); }
@Test public void testNormalContainerAllocationWhenDNSUnavailable() throws Exception{ MockRM rm1 = new MockRM(conf); rm1.start(); MockNM nm1 = rm1.registerNode("unknownhost:1234", 8000); RMApp app1 = rm1.submitApp(200); MockAM am1 = MockRM.launchAndRegisterAM(app1, rm1, nm1); // request a container. am1.allocate("127.0.0.1", 1024, 1, new ArrayList<ContainerId>()); ContainerId containerId2 = ContainerId.newContainerId(am1.getApplicationAttemptId(), 2); rm1.waitForState(nm1, containerId2, RMContainerState.ALLOCATED); // acquire the container. SecurityUtilTestHelper.setTokenServiceUseIp(true); List<Container> containers = am1.allocate(new ArrayList<ResourceRequest>(), new ArrayList<ContainerId>()).getAllocatedContainers(); // not able to fetch the container; Assert.assertEquals(0, containers.size()); SecurityUtilTestHelper.setTokenServiceUseIp(false); containers = am1.allocate(new ArrayList<ResourceRequest>(), new ArrayList<ContainerId>()).getAllocatedContainers(); // should be able to fetch the container; Assert.assertEquals(1, containers.size()); }
@Test(timeout = 30000) public void testAMContainerAllocationWhenDNSUnavailable() throws Exception { MockRM rm1 = new MockRM(conf) { @Override protected RMSecretManagerService createRMSecretManagerService() { return new TestRMSecretManagerService(conf, rmContext); } }; rm1.start(); MockNM nm1 = rm1.registerNode("unknownhost:1234", 8000); SecurityUtilTestHelper.setTokenServiceUseIp(true); RMApp app1 = rm1.submitApp(200); RMAppAttempt attempt = app1.getCurrentAppAttempt(); nm1.nodeHeartbeat(true); // fetching am container will fail, keep retrying 5 times. while (numRetries <= 5) { nm1.nodeHeartbeat(true); Thread.sleep(1000); Assert.assertEquals(RMAppAttemptState.SCHEDULED, attempt.getAppAttemptState()); System.out.println("Waiting for am container to be allocated."); } SecurityUtilTestHelper.setTokenServiceUseIp(false); rm1.waitForState(attempt.getAppAttemptId(), RMAppAttemptState.ALLOCATED); MockRM.launchAndRegisterAM(app1, rm1, nm1); }
@Test public void testNormalContainerAllocationWhenDNSUnavailable() throws Exception{ MockRM rm1 = new MockRM(conf); rm1.start(); MockNM nm1 = rm1.registerNode("unknownhost:1234", 8000); RMApp app1 = rm1.submitApp(200); MockAM am1 = MockRM.launchAndRegisterAM(app1, rm1, nm1); // request a container. am1.allocate("127.0.0.1", 1024, 1, new ArrayList<ContainerId>()); ContainerId containerId2 = ContainerId.newContainerId(am1.getApplicationAttemptId(), 2); rm1.waitForState(nm1, containerId2, RMContainerState.ALLOCATED); // acquire the container. SecurityUtilTestHelper.setTokenServiceUseIp(true); List<Container> containers; try { containers = am1.allocate(new ArrayList<ResourceRequest>(), new ArrayList<ContainerId>()).getAllocatedContainers(); // not able to fetch the container; Assert.assertEquals(0, containers.size()); } finally { SecurityUtilTestHelper.setTokenServiceUseIp(false); } containers = am1.allocate(new ArrayList<ResourceRequest>(), new ArrayList<ContainerId>()).getAllocatedContainers(); // should be able to fetch the container; Assert.assertEquals(1, containers.size()); }
@Test(timeout = 30000) public void testAMContainerAllocationWhenDNSUnavailable() throws Exception { MockRM rm1 = new MockRM(conf) { @Override protected RMSecretManagerService createRMSecretManagerService() { return new TestRMSecretManagerService(conf, rmContext); } }; rm1.start(); MockNM nm1 = rm1.registerNode("unknownhost:1234", 8000); RMApp app1; try { SecurityUtilTestHelper.setTokenServiceUseIp(true); app1 = rm1.submitApp(200); RMAppAttempt attempt = app1.getCurrentAppAttempt(); nm1.nodeHeartbeat(true); // fetching am container will fail, keep retrying 5 times. while (numRetries <= 5) { nm1.nodeHeartbeat(true); Thread.sleep(1000); Assert.assertEquals(RMAppAttemptState.SCHEDULED, attempt.getAppAttemptState()); System.out.println("Waiting for am container to be allocated."); } } finally { SecurityUtilTestHelper.setTokenServiceUseIp(false); } MockRM.launchAndRegisterAM(app1, rm1, nm1); }
@Test public void testHdfsDelegationToken() throws Exception { SecurityUtilTestHelper.setTokenServiceUseIp(true); final Configuration conf = new Configuration(); conf.set(HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); UserGroupInformation user = UserGroupInformation.createUserForTesting("oom", new String[]{"memory"}); Token<?> token = new Token<TokenIdentifier> (new byte[0], new byte[0], DelegationTokenIdentifier.HDFS_DELEGATION_KIND, new Text("127.0.0.1:8020")); user.addToken(token); Token<?> token2 = new Token<TokenIdentifier> (null, null, new Text("other token"), new Text("127.0.0.1:8021")); user.addToken(token2); assertEquals("wrong tokens in user", 2, user.getTokens().size()); FileSystem fs = user.doAs(new PrivilegedExceptionAction<FileSystem>() { @Override public FileSystem run() throws Exception { return FileSystem.get(new URI("hftp://localhost:50470/"), conf); } }); assertSame("wrong kind of file system", HftpFileSystem.class, fs.getClass()); Field renewToken = HftpFileSystem.class.getDeclaredField("renewToken"); renewToken.setAccessible(true); assertSame("wrong token", token, renewToken.get(fs)); }
@Test public void testSelectHftpDelegationToken() throws Exception { SecurityUtilTestHelper.setTokenServiceUseIp(true); Configuration conf = new Configuration(); conf.setClass("fs.hftp.impl", MyHftpFileSystem.class, FileSystem.class); int httpPort = 80; int httpsPort = 443; conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTP_PORT_KEY, httpPort); conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTPS_PORT_KEY, httpsPort); // test with implicit default port URI fsUri = URI.create("hftp://localhost"); MyHftpFileSystem fs = (MyHftpFileSystem) FileSystem.newInstance(fsUri, conf); assertEquals(httpPort, fs.getCanonicalUri().getPort()); checkTokenSelection(fs, httpsPort, conf); // should still use secure port // test with explicit default port fsUri = URI.create("hftp://localhost:"+httpPort); fs = (MyHftpFileSystem) FileSystem.newInstance(fsUri, conf); assertEquals(httpPort, fs.getCanonicalUri().getPort()); checkTokenSelection(fs, httpsPort, conf); // should still use secure port // test with non-default port fsUri = URI.create("hftp://localhost:"+(httpPort+1)); fs = (MyHftpFileSystem) FileSystem.newInstance(fsUri, conf); assertEquals(httpPort+1, fs.getCanonicalUri().getPort()); checkTokenSelection(fs, httpsPort, conf); // should still use secure port conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTPS_PORT_KEY, 5); }
@Test public void testSelectHsftpDelegationToken() throws Exception { SecurityUtilTestHelper.setTokenServiceUseIp(true); Configuration conf = new Configuration(); conf.setClass("fs.hsftp.impl", MyHsftpFileSystem.class, FileSystem.class); int httpPort = 80; int httpsPort = 443; conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTP_PORT_KEY, httpPort); conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTPS_PORT_KEY, httpsPort); // test with implicit default port URI fsUri = URI.create("hsftp://localhost"); MyHsftpFileSystem fs = (MyHsftpFileSystem) FileSystem.newInstance(fsUri, conf); assertEquals(httpsPort, fs.getCanonicalUri().getPort()); checkTokenSelection(fs, httpsPort, conf); // test with explicit default port fsUri = URI.create("hsftp://localhost:"+httpsPort); fs = (MyHsftpFileSystem) FileSystem.newInstance(fsUri, conf); assertEquals(httpsPort, fs.getCanonicalUri().getPort()); checkTokenSelection(fs, httpsPort, conf); // test with non-default port fsUri = URI.create("hsftp://localhost:"+(httpsPort+1)); fs = (MyHsftpFileSystem) FileSystem.newInstance(fsUri, conf); assertEquals(httpsPort+1, fs.getCanonicalUri().getPort()); checkTokenSelection(fs, httpsPort+1, conf); conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTPS_PORT_KEY, 5); }
@Test public void testHdfsDelegationToken() throws Exception { SecurityUtilTestHelper.setTokenServiceUseIp(true); final Configuration conf = new Configuration(); conf.set(HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); UserGroupInformation user = UserGroupInformation .createUserForTesting("oom", new String[]{"memory"}); Token<?> token = new Token<>(new byte[0], new byte[0], DelegationTokenIdentifier.HDFS_DELEGATION_KIND, new Text("127.0.0.1:8020")); user.addToken(token); Token<?> token2 = new Token<>(null, null, new Text("other token"), new Text("127.0.0.1:8021")); user.addToken(token2); assertEquals("wrong tokens in user", 2, user.getTokens().size()); FileSystem fs = user.doAs(new PrivilegedExceptionAction<FileSystem>() { @Override public FileSystem run() throws Exception { return FileSystem.get(new URI("hftp://localhost:50470/"), conf); } }); assertSame("wrong kind of file system", HftpFileSystem.class, fs.getClass()); Field renewToken = HftpFileSystem.class.getDeclaredField("renewToken"); renewToken.setAccessible(true); assertSame("wrong token", token, renewToken.get(fs)); }
@Test public void testSelectHftpDelegationToken() throws Exception { SecurityUtilTestHelper.setTokenServiceUseIp(true); Configuration conf = new Configuration(); conf.setClass("fs.hftp.impl", MyHftpFileSystem.class, FileSystem.class); int httpPort = 80; int httpsPort = 443; conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTP_PORT_KEY, httpPort); conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTPS_PORT_KEY, httpsPort); // test with implicit default port URI fsUri = URI.create("hftp://localhost"); MyHftpFileSystem fs = (MyHftpFileSystem) FileSystem.newInstance(fsUri, conf); assertEquals(httpPort, fs.getCanonicalUri().getPort()); checkTokenSelection(fs, httpsPort, conf); // should still use secure port // test with explicit default port fsUri = URI.create("hftp://localhost:" + httpPort); fs = (MyHftpFileSystem) FileSystem.newInstance(fsUri, conf); assertEquals(httpPort, fs.getCanonicalUri().getPort()); checkTokenSelection(fs, httpsPort, conf); // should still use secure port // test with non-default port fsUri = URI.create("hftp://localhost:" + (httpPort + 1)); fs = (MyHftpFileSystem) FileSystem.newInstance(fsUri, conf); assertEquals(httpPort + 1, fs.getCanonicalUri().getPort()); checkTokenSelection(fs, httpsPort, conf); // should still use secure port conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTPS_PORT_KEY, 5); }
@Test public void testSelectHsftpDelegationToken() throws Exception { SecurityUtilTestHelper.setTokenServiceUseIp(true); Configuration conf = new Configuration(); conf.setClass("fs.hsftp.impl", MyHsftpFileSystem.class, FileSystem.class); int httpPort = 80; int httpsPort = 443; conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTP_PORT_KEY, httpPort); conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTPS_PORT_KEY, httpsPort); // test with implicit default port URI fsUri = URI.create("hsftp://localhost"); MyHsftpFileSystem fs = (MyHsftpFileSystem) FileSystem.newInstance(fsUri, conf); assertEquals(httpsPort, fs.getCanonicalUri().getPort()); checkTokenSelection(fs, httpsPort, conf); // test with explicit default port fsUri = URI.create("hsftp://localhost:" + httpsPort); fs = (MyHsftpFileSystem) FileSystem.newInstance(fsUri, conf); assertEquals(httpsPort, fs.getCanonicalUri().getPort()); checkTokenSelection(fs, httpsPort, conf); // test with non-default port fsUri = URI.create("hsftp://localhost:" + (httpsPort + 1)); fs = (MyHsftpFileSystem) FileSystem.newInstance(fsUri, conf); assertEquals(httpsPort + 1, fs.getCanonicalUri().getPort()); checkTokenSelection(fs, httpsPort + 1, conf); conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTPS_PORT_KEY, 5); }
@Test public void testSelectHftpDelegationToken() throws Exception { SecurityUtilTestHelper.setTokenServiceUseIp(true); Configuration conf = new Configuration(); conf.setClass("fs.hftp.impl", MyHftpFileSystem.class, FileSystem.class); int httpPort = 80; int httpsPort = 443; conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTP_PORT_KEY, httpPort); conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTPS_PORT_KEY, httpsPort); // test with implicit default port URI fsUri = URI.create("hftp://localhost"); MyHftpFileSystem fs = (MyHftpFileSystem) FileSystem.newInstance(fsUri, conf); assertEquals(httpPort, fs.getCanonicalUri().getPort()); checkTokenSelection(fs, httpPort, conf); // test with explicit default port // Make sure it uses the port from the hftp URI. fsUri = URI.create("hftp://localhost:"+httpPort); fs = (MyHftpFileSystem) FileSystem.newInstance(fsUri, conf); assertEquals(httpPort, fs.getCanonicalUri().getPort()); checkTokenSelection(fs, httpPort, conf); // test with non-default port // Make sure it uses the port from the hftp URI. fsUri = URI.create("hftp://localhost:"+(httpPort+1)); fs = (MyHftpFileSystem) FileSystem.newInstance(fsUri, conf); assertEquals(httpPort+1, fs.getCanonicalUri().getPort()); checkTokenSelection(fs, httpPort + 1, conf); conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTPS_PORT_KEY, 5); }
@Test public void testNormalContainerAllocationWhenDNSUnavailable() throws Exception{ YarnConfiguration conf = new YarnConfiguration(); MockRM rm1 = new MockRM(conf); rm1.start(); MockNM nm1 = rm1.registerNode("unknownhost:1234", 8000); RMApp app1 = rm1.submitApp(200); MockAM am1 = MockRM.launchAndRegisterAM(app1, rm1, nm1); // request a container. am1.allocate("127.0.0.1", 1024, 1, new ArrayList<ContainerId>()); ContainerId containerId2 = ContainerId.newInstance(am1.getApplicationAttemptId(), 2); rm1.waitForState(nm1, containerId2, RMContainerState.ALLOCATED); // acquire the container. SecurityUtilTestHelper.setTokenServiceUseIp(true); List<Container> containers = am1.allocate(new ArrayList<ResourceRequest>(), new ArrayList<ContainerId>()).getAllocatedContainers(); // not able to fetch the container; Assert.assertEquals(0, containers.size()); SecurityUtilTestHelper.setTokenServiceUseIp(false); containers = am1.allocate(new ArrayList<ResourceRequest>(), new ArrayList<ContainerId>()).getAllocatedContainers(); // should be able to fetch the container; Assert.assertEquals(1, containers.size()); }
@Test(timeout = 20000) public void testAMContainerAllocationWhenDNSUnavailable() throws Exception { final YarnConfiguration conf = new YarnConfiguration(); MockRM rm1 = new MockRM(conf) { @Override protected RMSecretManagerService createRMSecretManagerService() { return new TestRMSecretManagerService(conf, rmContext); } }; rm1.start(); MockNM nm1 = rm1.registerNode("unknownhost:1234", 8000); SecurityUtilTestHelper.setTokenServiceUseIp(true); RMApp app1 = rm1.submitApp(200); RMAppAttempt attempt = app1.getCurrentAppAttempt(); nm1.nodeHeartbeat(true); // fetching am container will fail, keep retrying 5 times. while (numRetries <= 5) { nm1.nodeHeartbeat(true); Thread.sleep(1000); Assert.assertEquals(RMAppAttemptState.SCHEDULED, attempt.getAppAttemptState()); System.out.println("Waiting for am container to be allocated."); } SecurityUtilTestHelper.setTokenServiceUseIp(false); rm1.waitForState(attempt.getAppAttemptId(), RMAppAttemptState.ALLOCATED); MockRM.launchAndRegisterAM(app1, rm1, nm1); }
private void checkTokenSelection(MyWebHdfsFileSystem fs, Configuration conf) throws IOException { int port = fs.getCanonicalUri().getPort(); // can't clear tokens from ugi, so create a new user everytime UserGroupInformation ugi = UserGroupInformation.createUserForTesting(fs.getUri().getAuthority(), new String[]{}); // use ip-based tokens SecurityUtilTestHelper.setTokenServiceUseIp(true); // test fallback to hdfs token Token<?> hdfsToken = new Token<TokenIdentifier>( new byte[0], new byte[0], DelegationTokenIdentifier.HDFS_DELEGATION_KIND, new Text("127.0.0.1:8020")); ugi.addToken(hdfsToken); // test fallback to hdfs token Token<?> token = fs.selectDelegationToken(ugi); assertNotNull(token); assertEquals(hdfsToken, token); // test webhdfs is favored over hdfs Token<?> webHdfsToken = new Token<TokenIdentifier>( new byte[0], new byte[0], WebHdfsFileSystem.TOKEN_KIND, new Text("127.0.0.1:"+port)); ugi.addToken(webHdfsToken); token = fs.selectDelegationToken(ugi); assertNotNull(token); assertEquals(webHdfsToken, token); // switch to using host-based tokens, no token should match SecurityUtilTestHelper.setTokenServiceUseIp(false); token = fs.selectDelegationToken(ugi); assertNull(token); // test fallback to hdfs token hdfsToken = new Token<TokenIdentifier>( new byte[0], new byte[0], DelegationTokenIdentifier.HDFS_DELEGATION_KIND, new Text("localhost:8020")); ugi.addToken(hdfsToken); token = fs.selectDelegationToken(ugi); assertNotNull(token); assertEquals(hdfsToken, token); // test webhdfs is favored over hdfs webHdfsToken = new Token<TokenIdentifier>( new byte[0], new byte[0], WebHdfsFileSystem.TOKEN_KIND, new Text("localhost:"+port)); ugi.addToken(webHdfsToken); token = fs.selectDelegationToken(ugi); assertNotNull(token); assertEquals(webHdfsToken, token); }
private void checkTokenSelection(HftpFileSystem fs, int port, Configuration conf) throws IOException { UserGroupInformation ugi = UserGroupInformation.createUserForTesting(fs.getUri().getAuthority(), new String[]{}); // use ip-based tokens SecurityUtilTestHelper.setTokenServiceUseIp(true); // test fallback to hdfs token Token<?> hdfsToken = new Token<TokenIdentifier>( new byte[0], new byte[0], DelegationTokenIdentifier.HDFS_DELEGATION_KIND, new Text("127.0.0.1:8020")); ugi.addToken(hdfsToken); // test fallback to hdfs token Token<?> token = fs.selectDelegationToken(ugi); assertNotNull(token); assertEquals(hdfsToken, token); // test hftp is favored over hdfs Token<?> hftpToken = new Token<TokenIdentifier>( new byte[0], new byte[0], HftpFileSystem.TOKEN_KIND, new Text("127.0.0.1:"+port)); ugi.addToken(hftpToken); token = fs.selectDelegationToken(ugi); assertNotNull(token); assertEquals(hftpToken, token); // switch to using host-based tokens, no token should match SecurityUtilTestHelper.setTokenServiceUseIp(false); token = fs.selectDelegationToken(ugi); assertNull(token); // test fallback to hdfs token hdfsToken = new Token<TokenIdentifier>( new byte[0], new byte[0], DelegationTokenIdentifier.HDFS_DELEGATION_KIND, new Text("localhost:8020")); ugi.addToken(hdfsToken); token = fs.selectDelegationToken(ugi); assertNotNull(token); assertEquals(hdfsToken, token); // test hftp is favored over hdfs hftpToken = new Token<TokenIdentifier>( new byte[0], new byte[0], HftpFileSystem.TOKEN_KIND, new Text("localhost:"+port)); ugi.addToken(hftpToken); token = fs.selectDelegationToken(ugi); assertNotNull(token); assertEquals(hftpToken, token); }
@Before public void prepTest() { SecurityUtilTestHelper.setTokenServiceUseIp(true); }
private void checkTokenSelection(MyWebHdfsFileSystem fs, Configuration conf) throws IOException { int port = fs.getCanonicalUri().getPort(); // can't clear tokens from ugi, so create a new user everytime UserGroupInformation ugi = UserGroupInformation .createUserForTesting(fs.getUri().getAuthority(), new String[]{}); // use ip-based tokens SecurityUtilTestHelper.setTokenServiceUseIp(true); // test fallback to hdfs token Token<?> hdfsToken = new Token<>(new byte[0], new byte[0], DelegationTokenIdentifier.HDFS_DELEGATION_KIND, new Text("127.0.0.1:8020")); ugi.addToken(hdfsToken); // test fallback to hdfs token Token<?> token = fs.selectDelegationToken(ugi); assertNotNull(token); assertEquals(hdfsToken, token); // test webhdfs is favored over hdfs Token<?> webHdfsToken = new Token<>(new byte[0], new byte[0], WebHdfsFileSystem.TOKEN_KIND, new Text("127.0.0.1:" + port)); ugi.addToken(webHdfsToken); token = fs.selectDelegationToken(ugi); assertNotNull(token); assertEquals(webHdfsToken, token); // switch to using host-based tokens, no token should match SecurityUtilTestHelper.setTokenServiceUseIp(false); token = fs.selectDelegationToken(ugi); assertNull(token); // test fallback to hdfs token hdfsToken = new Token<>(new byte[0], new byte[0], DelegationTokenIdentifier.HDFS_DELEGATION_KIND, new Text("localhost:8020")); ugi.addToken(hdfsToken); token = fs.selectDelegationToken(ugi); assertNotNull(token); assertEquals(hdfsToken, token); // test webhdfs is favored over hdfs webHdfsToken = new Token<>(new byte[0], new byte[0], WebHdfsFileSystem.TOKEN_KIND, new Text("localhost:" + port)); ugi.addToken(webHdfsToken); token = fs.selectDelegationToken(ugi); assertNotNull(token); assertEquals(webHdfsToken, token); }
private void checkTokenSelection(HftpFileSystem fs, int port, Configuration conf) throws IOException { UserGroupInformation ugi = UserGroupInformation .createUserForTesting(fs.getUri().getAuthority(), new String[]{}); // use ip-based tokens SecurityUtilTestHelper.setTokenServiceUseIp(true); // test fallback to hdfs token Token<?> hdfsToken = new Token<>(new byte[0], new byte[0], DelegationTokenIdentifier.HDFS_DELEGATION_KIND, new Text("127.0.0.1:8020")); ugi.addToken(hdfsToken); // test fallback to hdfs token Token<?> token = fs.selectDelegationToken(ugi); assertNotNull(token); assertEquals(hdfsToken, token); // test hftp is favored over hdfs Token<?> hftpToken = new Token<>(new byte[0], new byte[0], HftpFileSystem.TOKEN_KIND, new Text("127.0.0.1:" + port)); ugi.addToken(hftpToken); token = fs.selectDelegationToken(ugi); assertNotNull(token); assertEquals(hftpToken, token); // switch to using host-based tokens, no token should match SecurityUtilTestHelper.setTokenServiceUseIp(false); token = fs.selectDelegationToken(ugi); assertNull(token); // test fallback to hdfs token hdfsToken = new Token<>(new byte[0], new byte[0], DelegationTokenIdentifier.HDFS_DELEGATION_KIND, new Text("localhost:8020")); ugi.addToken(hdfsToken); token = fs.selectDelegationToken(ugi); assertNotNull(token); assertEquals(hdfsToken, token); // test hftp is favored over hdfs hftpToken = new Token<>(new byte[0], new byte[0], HftpFileSystem.TOKEN_KIND, new Text("localhost:" + port)); ugi.addToken(hftpToken); token = fs.selectDelegationToken(ugi); assertNotNull(token); assertEquals(hftpToken, token); }
