TestDelegationTokenFetcher.java example

Explorer
yarn-comment-master
/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.hadoop.tools;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Iterator;

import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.FileSystemTestHelper;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.DistributedFileSystem;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.tools.DelegationTokenFetcher;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenRenewer;
import org.junit.Before;
import org.junit.Test;

public class TestDelegationTokenFetcher {
  private DistributedFileSystem dfs;
  private Configuration conf;
  private URI uri;
  private static final String SERVICE_VALUE = "localhost:2005";
  private static final Text KIND = new Text("TESTING-TOKEN-KIND");
  private static String tokenFile = "file.dta";

  @Before 
  public void init() throws URISyntaxException, IOException {
    dfs = mock(DistributedFileSystem.class);
    conf = new Configuration();
    uri = new URI("hdfs://" + SERVICE_VALUE);
    FileSystemTestHelper.addFileSystemForTesting(uri, conf, dfs);
  }
  
  public static class FakeRenewer extends TokenRenewer {
    static Token<?> lastRenewed = null;
    static Token<?> lastCanceled = null;

    @Override
    public boolean handleKind(Text kind) {
      return KIND.equals(kind);
    }

    @Override
    public boolean isManaged(Token<?> token) throws IOException {
      return true;
    }

    @Override
    public long renew(Token<?> token, Configuration conf) {
      lastRenewed = token;
      return 0;
    }

    @Override
    public void cancel(Token<?> token, Configuration conf) {
      lastCanceled = token;
    }
    
    public static void reset() {
      lastRenewed = null;
      lastCanceled = null;
    }
  }

  /**
   * Verify that when the DelegationTokenFetcher runs, it talks to the Namenode,
   * pulls out the correct user's token and successfully serializes it to disk.
   */
  @SuppressWarnings("deprecation")
  @Test
  public void expectedTokenIsRetrievedFromDFS() throws Exception {
    final byte[] ident = new DelegationTokenIdentifier(new Text("owner"),
        new Text("renewer"), new Text("realuser")).getBytes();
    final byte[] pw = new byte[] { 42 };
    final Text service = new Text(uri.toString());
    final String user = 
        UserGroupInformation.getCurrentUser().getShortUserName();

    // Create a token for the fetcher to fetch, wire NN to return it when asked
    // for this particular user.
    Token<DelegationTokenIdentifier> t = 
      new Token<DelegationTokenIdentifier>(ident, pw, KIND, service);
    when(dfs.getDelegationToken(eq((String) null))).thenReturn(t);
    when(dfs.renewDelegationToken(eq(t))).thenReturn(1000L);
    when(dfs.getUri()).thenReturn(uri);
    FakeRenewer.reset();

    FileSystem fileSys = FileSystem.getLocal(conf);
    try {
      DelegationTokenFetcher.main(new String[] { "-fs", uri.toString(),
          tokenFile });
      Path p = new Path(fileSys.getWorkingDirectory(), tokenFile);
      Credentials creds = Credentials.readTokenStorageFile(p, conf);
      Iterator<Token<?>> itr = creds.getAllTokens().iterator();
      // make sure we got back exactly the 1 token we expected
      assertTrue(itr.hasNext());
      assertEquals(t, itr.next());
      assertTrue(!itr.hasNext());

      DelegationTokenFetcher.main(new String[] { "--print", tokenFile });
      DelegationTokenFetcher.main(new String[] { "--renew", tokenFile });
      assertEquals(t, FakeRenewer.lastRenewed);
      FakeRenewer.reset();

      DelegationTokenFetcher.main(new String[] { "--cancel", tokenFile });
      assertEquals(t, FakeRenewer.lastCanceled);
    } finally {
      fileSys.delete(new Path(tokenFile), true);
    }
  }
}