hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/tools/TestDelegationTokenFetcher.java - hadoop - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.hadoop.hdfs.tools;

 import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 import static org.mockito.Matchers.anyString;
 import static org.mockito.Mockito.doReturn;
 import static org.mockito.Mockito.doThrow;
 import static org.mockito.Mockito.mock;

 import java.io.IOException;
 import java.util.Iterator;

 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.FileSystem;
 import org.apache.hadoop.fs.LocalFileSystem;
 import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.hdfs.DistributedFileSystem;
 import org.apache.hadoop.hdfs.MiniDFSCluster;
 import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
 import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
 import org.apache.hadoop.io.Text;
 import org.apache.hadoop.security.AccessControlException;
 import org.apache.hadoop.security.Credentials;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.test.GenericTestUtils;
 import org.apache.hadoop.tools.FakeRenewer;
 import org.junit.Assert;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.TemporaryFolder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 public class TestDelegationTokenFetcher {
   private static final Logger LOG = LoggerFactory.getLogger(
       TestDelegationTokenFetcher.class);

   private Configuration conf = new Configuration();

   @Rule
   public TemporaryFolder f = new TemporaryFolder();
   private static final String tokenFile = "token";

   /**
    * try to fetch token without http server with IOException
    */
   @Test(expected = IOException.class)
   public void testTokenFetchFail() throws Exception {
     WebHdfsFileSystem fs = mock(WebHdfsFileSystem.class);
     doThrow(new IOException()).when(fs).getDelegationToken(anyString());
     Path p = new Path(f.getRoot().getAbsolutePath(), tokenFile);
     DelegationTokenFetcher.saveDelegationToken(conf, fs, null, p);
   }

   /**
    * Call fetch token using http server
    */
   @Test
   public void expectedTokenIsRetrievedFromHttp() throws Exception {
     final Token<DelegationTokenIdentifier> testToken = new Token<DelegationTokenIdentifier>(
         "id".getBytes(), "pwd".getBytes(), FakeRenewer.KIND, new Text(
             "127.0.0.1:1234"));

     WebHdfsFileSystem fs = mock(WebHdfsFileSystem.class);

     doReturn(testToken).when(fs).getDelegationToken(anyString());
     Path p = new Path(f.getRoot().getAbsolutePath(), tokenFile);
     DelegationTokenFetcher.saveDelegationToken(conf, fs, null, p);

     Credentials creds = Credentials.readTokenStorageFile(p, conf);
     Iterator<Token<?>> itr = creds.getAllTokens().iterator();
     assertTrue("token not exist error", itr.hasNext());

     Token<?> fetchedToken = itr.next();
     Assert.assertArrayEquals("token wrong identifier error",
         testToken.getIdentifier(), fetchedToken.getIdentifier());
     Assert.assertArrayEquals("token wrong password error",
         testToken.getPassword(), fetchedToken.getPassword());

     DelegationTokenFetcher.renewTokens(conf, p);
     Assert.assertEquals(testToken, FakeRenewer.getLastRenewed());

     DelegationTokenFetcher.cancelTokens(conf, p);
     Assert.assertEquals(testToken, FakeRenewer.getLastCanceled());
   }

   /**
    * If token returned is null, saveDelegationToken should not
    * throw nullPointerException
    */
   @Test
   public void testReturnedTokenIsNull() throws Exception {
     WebHdfsFileSystem fs = mock(WebHdfsFileSystem.class);
     doReturn(null).when(fs).getDelegationToken(anyString());
     Path p = new Path(f.getRoot().getAbsolutePath(), tokenFile);
     DelegationTokenFetcher.saveDelegationToken(conf, fs, null, p);
     // When Token returned is null, TokenFile should not exist
     Assert.assertFalse(p.getFileSystem(conf).exists(p));

   }

   @Test
   public void testDelegationTokenWithoutRenewerViaRPC() throws Exception {
     conf.setBoolean(DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);
     MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).numDataNodes(0)
         .build();
     try {
       cluster.waitActive();
       DistributedFileSystem fs = cluster.getFileSystem();
       // Should be able to fetch token without renewer.
       LocalFileSystem localFileSystem = FileSystem.getLocal(conf);
       Path p = new Path(f.getRoot().getAbsolutePath(), tokenFile);
       p = localFileSystem.makeQualified(p);
       DelegationTokenFetcher.saveDelegationToken(conf, fs, null, p);
       Credentials creds = Credentials.readTokenStorageFile(p, conf);
       Iterator<Token<?>> itr = creds.getAllTokens().iterator();
       assertTrue("token not exist error", itr.hasNext());
       final Token token = itr.next();
       assertNotNull("Token should be there without renewer", token);

       // Test compatibility of DelegationTokenFetcher.printTokensToString
       String expectedNonVerbose = "Token (HDFS_DELEGATION_TOKEN token 1 for " +
           System.getProperty("user.name") + " with renewer ) for";
       String resNonVerbose =
           DelegationTokenFetcher.printTokensToString(conf, p, false);
       assertTrue("The non verbose output is expected to start with \""
           + expectedNonVerbose +"\"",
           resNonVerbose.startsWith(expectedNonVerbose));
       LOG.info(resNonVerbose);
       LOG.info(
           DelegationTokenFetcher.printTokensToString(conf, p, true));

       try {
         // Without renewer renewal of token should fail.
         DelegationTokenFetcher.renewTokens(conf, p);
         fail("Should have failed to renew");
       } catch (AccessControlException e) {
         GenericTestUtils.assertExceptionContains("tried to renew a token ("
             + token.decodeIdentifier() + ") without a renewer", e);
       }
     } finally {
       cluster.shutdown();
     }
   }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.hadoop.hdfs.tools;

	import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY;
	import static org.junit.Assert.assertNotNull;
	import static org.junit.Assert.assertTrue;
	import static org.junit.Assert.fail;
	import static org.mockito.Matchers.anyString;
	import static org.mockito.Mockito.doReturn;
	import static org.mockito.Mockito.doThrow;
	import static org.mockito.Mockito.mock;

	import java.io.IOException;
	import java.util.Iterator;

	import org.apache.hadoop.conf.Configuration;
	import org.apache.hadoop.fs.FileSystem;
	import org.apache.hadoop.fs.LocalFileSystem;
	import org.apache.hadoop.fs.Path;
	import org.apache.hadoop.hdfs.DistributedFileSystem;
	import org.apache.hadoop.hdfs.MiniDFSCluster;
	import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
	import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
	import org.apache.hadoop.io.Text;
	import org.apache.hadoop.security.AccessControlException;
	import org.apache.hadoop.security.Credentials;
	import org.apache.hadoop.security.token.Token;
	import org.apache.hadoop.test.GenericTestUtils;
	import org.apache.hadoop.tools.FakeRenewer;
	import org.junit.Assert;
	import org.junit.Rule;
	import org.junit.Test;
	import org.junit.rules.TemporaryFolder;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	public class TestDelegationTokenFetcher {
	private static final Logger LOG = LoggerFactory.getLogger(
	TestDelegationTokenFetcher.class);

	private Configuration conf = new Configuration();

	@Rule
	public TemporaryFolder f = new TemporaryFolder();
	private static final String tokenFile = "token";

	/**
	* try to fetch token without http server with IOException
	*/
	@Test(expected = IOException.class)
	public void testTokenFetchFail() throws Exception {
	WebHdfsFileSystem fs = mock(WebHdfsFileSystem.class);
	doThrow(new IOException()).when(fs).getDelegationToken(anyString());
	Path p = new Path(f.getRoot().getAbsolutePath(), tokenFile);
	DelegationTokenFetcher.saveDelegationToken(conf, fs, null, p);
	}

	/**
	* Call fetch token using http server
	*/
	@Test
	public void expectedTokenIsRetrievedFromHttp() throws Exception {
	final Token<DelegationTokenIdentifier> testToken = new Token<DelegationTokenIdentifier>(
	"id".getBytes(), "pwd".getBytes(), FakeRenewer.KIND, new Text(
	"127.0.0.1:1234"));

	WebHdfsFileSystem fs = mock(WebHdfsFileSystem.class);

	doReturn(testToken).when(fs).getDelegationToken(anyString());
	Path p = new Path(f.getRoot().getAbsolutePath(), tokenFile);
	DelegationTokenFetcher.saveDelegationToken(conf, fs, null, p);

	Credentials creds = Credentials.readTokenStorageFile(p, conf);
	Iterator<Token<?>> itr = creds.getAllTokens().iterator();
	assertTrue("token not exist error", itr.hasNext());

	Token<?> fetchedToken = itr.next();
	Assert.assertArrayEquals("token wrong identifier error",
	testToken.getIdentifier(), fetchedToken.getIdentifier());
	Assert.assertArrayEquals("token wrong password error",
	testToken.getPassword(), fetchedToken.getPassword());

	DelegationTokenFetcher.renewTokens(conf, p);
	Assert.assertEquals(testToken, FakeRenewer.getLastRenewed());

	DelegationTokenFetcher.cancelTokens(conf, p);
	Assert.assertEquals(testToken, FakeRenewer.getLastCanceled());
	}

	/**
	* If token returned is null, saveDelegationToken should not
	* throw nullPointerException
	*/
	@Test
	public void testReturnedTokenIsNull() throws Exception {
	WebHdfsFileSystem fs = mock(WebHdfsFileSystem.class);
	doReturn(null).when(fs).getDelegationToken(anyString());
	Path p = new Path(f.getRoot().getAbsolutePath(), tokenFile);
	DelegationTokenFetcher.saveDelegationToken(conf, fs, null, p);
	// When Token returned is null, TokenFile should not exist
	Assert.assertFalse(p.getFileSystem(conf).exists(p));

	}

	@Test
	public void testDelegationTokenWithoutRenewerViaRPC() throws Exception {
	conf.setBoolean(DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);
	MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).numDataNodes(0)
	.build();
	try {
	cluster.waitActive();
	DistributedFileSystem fs = cluster.getFileSystem();
	// Should be able to fetch token without renewer.
	LocalFileSystem localFileSystem = FileSystem.getLocal(conf);
	Path p = new Path(f.getRoot().getAbsolutePath(), tokenFile);
	p = localFileSystem.makeQualified(p);
	DelegationTokenFetcher.saveDelegationToken(conf, fs, null, p);
	Credentials creds = Credentials.readTokenStorageFile(p, conf);
	Iterator<Token<?>> itr = creds.getAllTokens().iterator();
	assertTrue("token not exist error", itr.hasNext());
	final Token token = itr.next();
	assertNotNull("Token should be there without renewer", token);

	// Test compatibility of DelegationTokenFetcher.printTokensToString
	String expectedNonVerbose = "Token (HDFS_DELEGATION_TOKEN token 1 for " +
	System.getProperty("user.name") + " with renewer ) for";
	String resNonVerbose =
	DelegationTokenFetcher.printTokensToString(conf, p, false);
	assertTrue("The non verbose output is expected to start with \""
	+ expectedNonVerbose +"\"",
	resNonVerbose.startsWith(expectedNonVerbose));
	LOG.info(resNonVerbose);
	LOG.info(
	DelegationTokenFetcher.printTokensToString(conf, p, true));

	try {
	// Without renewer renewal of token should fail.
	DelegationTokenFetcher.renewTokens(conf, p);
	fail("Should have failed to renew");
	} catch (AccessControlException e) {
	GenericTestUtils.assertExceptionContains("tried to renew a token ("
	+ token.decodeIdentifier() + ") without a renewer", e);
	}
	} finally {
	cluster.shutdown();
	}
	}
	}