hdfs/src/test/hdfs/org/apache/hadoop/hdfs/server/namenode/TestCheckPointForSecurityTokens.java - hadoop - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.hadoop.hdfs.server.namenode;

 import junit.framework.Assert;
 import java.io.*;
 import java.net.URI;
 import java.util.Collection;

 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hdfs.DistributedFileSystem;
 import org.apache.hadoop.hdfs.HdfsConfiguration;
 import org.apache.hadoop.hdfs.MiniDFSCluster;
 import org.apache.hadoop.hdfs.protocol.FSConstants.SafeModeAction;
 import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
 import org.apache.hadoop.hdfs.server.common.HdfsConstants.StartupOption;
 import org.apache.hadoop.hdfs.tools.DFSAdmin;
 import org.apache.hadoop.hdfs.DFSConfigKeys;
 import org.apache.hadoop.io.Text;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.Token;
 import org.junit.Test;

 /**
  * This class tests the creation and validation of a checkpoint.
  */
 public class TestCheckPointForSecurityTokens {
   static final long seed = 0xDEADBEEFL;
   static final int blockSize = 4096;
   static final int fileSize = 8192;
   static final int numDatanodes = 3;
   short replication = 3;
   MiniDFSCluster cluster = null;

   NameNode startNameNode( Configuration conf,
                           String imageDirs,
                           String editsDirs,
                           StartupOption start) throws IOException {
     conf.set(DFSConfigKeys.FS_DEFAULT_NAME_KEY, "hdfs://localhost:0");
     conf.set(DFSConfigKeys.DFS_NAMENODE_HTTP_ADDRESS_KEY, "0.0.0.0:0");
     conf.set(DFSConfigKeys.DFS_NAMENODE_NAME_DIR_KEY, imageDirs);
     conf.set(DFSConfigKeys.DFS_NAMENODE_EDITS_DIR_KEY, editsDirs);
     String[] args = new String[]{start.getName()};
     NameNode nn = NameNode.createNameNode(args, conf);
     Assert.assertTrue(nn.isInSafeMode());
     return nn;
   }

   private void cancelToken(Token<DelegationTokenIdentifier> token)
       throws IOException {
     cluster.getNamesystem().cancelDelegationToken(token);
   }

   private void renewToken(Token<DelegationTokenIdentifier> token)
       throws IOException {
       cluster.getNamesystem().renewDelegationToken(token);
   }

   /**
    * Tests save namepsace.
    */
   @Test
   public void testSaveNamespace() throws IOException {
     DistributedFileSystem fs = null;
     try {
       Configuration conf = new HdfsConfiguration();
       cluster = new MiniDFSCluster(conf, numDatanodes, true, null);
       cluster.waitActive();
       fs = (DistributedFileSystem)(cluster.getFileSystem());
       FSNamesystem namesystem = cluster.getNamesystem();
       namesystem.getDelegationTokenSecretManager().startThreads();
       String renewer = UserGroupInformation.getLoginUser().getUserName();
       Token<DelegationTokenIdentifier> token1 = namesystem
           .getDelegationToken(new Text(renewer));
       Token<DelegationTokenIdentifier> token2 = namesystem
           .getDelegationToken(new Text(renewer));

       // Saving image without safe mode should fail
       DFSAdmin admin = new DFSAdmin(conf);
       String[] args = new String[]{"-saveNamespace"};

       // verify that the edits file is NOT empty
       Collection<URI> editsDirs = cluster.getNameEditsDirs();
       for(URI uri : editsDirs) {
         File ed = new File(uri.getPath());
         Assert.assertTrue(new File(ed, "current/edits").length() > Integer.SIZE/Byte.SIZE);
       }

       // Saving image in safe mode should succeed
       fs.setSafeMode(SafeModeAction.SAFEMODE_ENTER);
       try {
         admin.run(args);
       } catch(Exception e) {
         throw new IOException(e.getMessage());
       }
       // verify that the edits file is empty
       for(URI uri : editsDirs) {
         File ed = new File(uri.getPath());
         Assert.assertTrue(new File(ed, "current/edits").length() == Integer.SIZE/Byte.SIZE);
       }

       // restart cluster
       cluster.shutdown();
       cluster = null;

       cluster = new MiniDFSCluster(conf, numDatanodes, false, null);
       cluster.waitActive();
       //Should be able to renew & cancel the delegation token after cluster restart
       try {
         renewToken(token1);
         renewToken(token2);
       } catch (IOException e) {
         Assert.fail("Could not renew or cancel the token");
       }

       namesystem = cluster.getNamesystem();
       namesystem.getDelegationTokenSecretManager().startThreads();
       Token<DelegationTokenIdentifier> token3 = namesystem
           .getDelegationToken(new Text(renewer));
       Token<DelegationTokenIdentifier> token4 = namesystem
           .getDelegationToken(new Text(renewer));

       // restart cluster again
       cluster.shutdown();
       cluster = null;

       cluster = new MiniDFSCluster(conf, numDatanodes, false, null);
       cluster.waitActive();

       namesystem = cluster.getNamesystem();
       namesystem.getDelegationTokenSecretManager().startThreads();
       Token<DelegationTokenIdentifier> token5 = namesystem
           .getDelegationToken(new Text(renewer));

       try {
         renewToken(token1);
         renewToken(token2);
         renewToken(token3);
         renewToken(token4);
         renewToken(token5);

       } catch (IOException e) {
         Assert.fail("Could not renew or cancel the token");
       }

       // restart cluster again
       cluster.shutdown();
       cluster = null;

       cluster = new MiniDFSCluster(conf, numDatanodes, false, null);
       cluster.waitActive();

       namesystem = cluster.getNamesystem();
       namesystem.getDelegationTokenSecretManager().startThreads();
       try {
         renewToken(token1);
         cancelToken(token1);
         renewToken(token2);
         cancelToken(token2);
         renewToken(token3);
         cancelToken(token3);
         renewToken(token4);
         cancelToken(token4);
         renewToken(token5);
         cancelToken(token5);
       } catch (IOException e) {
         Assert.fail("Could not renew or cancel the token");
       }

     } finally {
       if(fs != null) fs.close();
       if(cluster!= null) cluster.shutdown();
     }
   }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.hadoop.hdfs.server.namenode;

	import junit.framework.Assert;
	import java.io.*;
	import java.net.URI;
	import java.util.Collection;

	import org.apache.hadoop.conf.Configuration;
	import org.apache.hadoop.hdfs.DistributedFileSystem;
	import org.apache.hadoop.hdfs.HdfsConfiguration;
	import org.apache.hadoop.hdfs.MiniDFSCluster;
	import org.apache.hadoop.hdfs.protocol.FSConstants.SafeModeAction;
	import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
	import org.apache.hadoop.hdfs.server.common.HdfsConstants.StartupOption;
	import org.apache.hadoop.hdfs.tools.DFSAdmin;
	import org.apache.hadoop.hdfs.DFSConfigKeys;
	import org.apache.hadoop.io.Text;
	import org.apache.hadoop.security.UserGroupInformation;
	import org.apache.hadoop.security.token.Token;
	import org.junit.Test;

	/**
	* This class tests the creation and validation of a checkpoint.
	*/
	public class TestCheckPointForSecurityTokens {
	static final long seed = 0xDEADBEEFL;
	static final int blockSize = 4096;
	static final int fileSize = 8192;
	static final int numDatanodes = 3;
	short replication = 3;
	MiniDFSCluster cluster = null;

	NameNode startNameNode( Configuration conf,
	String imageDirs,
	String editsDirs,
	StartupOption start) throws IOException {
	conf.set(DFSConfigKeys.FS_DEFAULT_NAME_KEY, "hdfs://localhost:0");
	conf.set(DFSConfigKeys.DFS_NAMENODE_HTTP_ADDRESS_KEY, "0.0.0.0:0");
	conf.set(DFSConfigKeys.DFS_NAMENODE_NAME_DIR_KEY, imageDirs);
	conf.set(DFSConfigKeys.DFS_NAMENODE_EDITS_DIR_KEY, editsDirs);
	String[] args = new String[]{start.getName()};
	NameNode nn = NameNode.createNameNode(args, conf);
	Assert.assertTrue(nn.isInSafeMode());
	return nn;
	}

	private void cancelToken(Token<DelegationTokenIdentifier> token)
	throws IOException {
	cluster.getNamesystem().cancelDelegationToken(token);
	}

	private void renewToken(Token<DelegationTokenIdentifier> token)
	throws IOException {
	cluster.getNamesystem().renewDelegationToken(token);
	}

	/**
	* Tests save namepsace.
	*/
	@Test
	public void testSaveNamespace() throws IOException {
	DistributedFileSystem fs = null;
	try {
	Configuration conf = new HdfsConfiguration();
	cluster = new MiniDFSCluster(conf, numDatanodes, true, null);
	cluster.waitActive();
	fs = (DistributedFileSystem)(cluster.getFileSystem());
	FSNamesystem namesystem = cluster.getNamesystem();
	namesystem.getDelegationTokenSecretManager().startThreads();
	String renewer = UserGroupInformation.getLoginUser().getUserName();
	Token<DelegationTokenIdentifier> token1 = namesystem
	.getDelegationToken(new Text(renewer));
	Token<DelegationTokenIdentifier> token2 = namesystem
	.getDelegationToken(new Text(renewer));

	// Saving image without safe mode should fail
	DFSAdmin admin = new DFSAdmin(conf);
	String[] args = new String[]{"-saveNamespace"};

	// verify that the edits file is NOT empty
	Collection<URI> editsDirs = cluster.getNameEditsDirs();
	for(URI uri : editsDirs) {
	File ed = new File(uri.getPath());
	Assert.assertTrue(new File(ed, "current/edits").length() > Integer.SIZE/Byte.SIZE);
	}

	// Saving image in safe mode should succeed
	fs.setSafeMode(SafeModeAction.SAFEMODE_ENTER);
	try {
	admin.run(args);
	} catch(Exception e) {
	throw new IOException(e.getMessage());
	}
	// verify that the edits file is empty
	for(URI uri : editsDirs) {
	File ed = new File(uri.getPath());
	Assert.assertTrue(new File(ed, "current/edits").length() == Integer.SIZE/Byte.SIZE);
	}

	// restart cluster
	cluster.shutdown();
	cluster = null;

	cluster = new MiniDFSCluster(conf, numDatanodes, false, null);
	cluster.waitActive();
	//Should be able to renew & cancel the delegation token after cluster restart
	try {
	renewToken(token1);
	renewToken(token2);
	} catch (IOException e) {
	Assert.fail("Could not renew or cancel the token");
	}

	namesystem = cluster.getNamesystem();
	namesystem.getDelegationTokenSecretManager().startThreads();
	Token<DelegationTokenIdentifier> token3 = namesystem
	.getDelegationToken(new Text(renewer));
	Token<DelegationTokenIdentifier> token4 = namesystem
	.getDelegationToken(new Text(renewer));

	// restart cluster again
	cluster.shutdown();
	cluster = null;

	cluster = new MiniDFSCluster(conf, numDatanodes, false, null);
	cluster.waitActive();

	namesystem = cluster.getNamesystem();
	namesystem.getDelegationTokenSecretManager().startThreads();
	Token<DelegationTokenIdentifier> token5 = namesystem
	.getDelegationToken(new Text(renewer));

	try {
	renewToken(token1);
	renewToken(token2);
	renewToken(token3);
	renewToken(token4);
	renewToken(token5);

	} catch (IOException e) {
	Assert.fail("Could not renew or cancel the token");
	}

	// restart cluster again
	cluster.shutdown();
	cluster = null;

	cluster = new MiniDFSCluster(conf, numDatanodes, false, null);
	cluster.waitActive();

	namesystem = cluster.getNamesystem();
	namesystem.getDelegationTokenSecretManager().startThreads();
	try {
	renewToken(token1);
	cancelToken(token1);
	renewToken(token2);
	cancelToken(token2);
	renewToken(token3);
	cancelToken(token3);
	renewToken(token4);
	cancelToken(token4);
	renewToken(token5);
	cancelToken(token5);
	} catch (IOException e) {
	Assert.fail("Could not renew or cancel the token");
	}

	} finally {
	if(fs != null) fs.close();
	if(cluster!= null) cluster.shutdown();
	}
	}
	}