/** * Uses the KeyProviderDelegationTokenExtension to get the delegation token for KMS. * @param renewer User used to renew the delegation tokens * @param credentials Credentials in which to add new delegation tokens * @return credentials with KMS delegation token added if it was successfully retrieved. */ @Override public Credentials addDelegationTokens(String renewer, Credentials credentials) { KeyProviderDelegationTokenExtension tokenExtension = KeyProviderDelegationTokenExtension.createKeyProviderDelegationTokenExtension(provider); try { tokenExtension.addDelegationTokens(renewer, credentials); } catch (IOException e) { LOG.debug("KMS delegation token not updated."); } return credentials; }
@Override public Token<?>[] addDelegationTokens( final String renewer, Credentials credentials) throws IOException { Token<?>[] tokens = super.addDelegationTokens(renewer, credentials); if (dfs.isHDFSEncryptionEnabled()) { KeyProviderDelegationTokenExtension keyProviderDelegationTokenExtension = KeyProviderDelegationTokenExtension. createKeyProviderDelegationTokenExtension(dfs.getKeyProvider()); Token<?>[] kpTokens = keyProviderDelegationTokenExtension. addDelegationTokens(renewer, credentials); if (tokens != null && kpTokens != null) { Token<?>[] all = new Token<?>[tokens.length + kpTokens.length]; System.arraycopy(tokens, 0, all, 0, tokens.length); System.arraycopy(kpTokens, 0, all, tokens.length, kpTokens.length); tokens = all; } else { tokens = (tokens != null) ? tokens : kpTokens; } } return tokens; }
@Override public Token<?>[] addDelegationTokens( final String renewer, Credentials credentials) throws IOException { Token<?>[] tokens = super.addDelegationTokens(renewer, credentials); if (dfs.isHDFSEncryptionEnabled()) { KeyProviderDelegationTokenExtension keyProviderDelegationTokenExtension = KeyProviderDelegationTokenExtension. createKeyProviderDelegationTokenExtension(dfs.getKeyProvider()); Token<?>[] kpTokens = keyProviderDelegationTokenExtension. addDelegationTokens(renewer, credentials); if (tokens != null && kpTokens != null) { Token<?>[] all = new Token<?>[tokens.length + kpTokens.length]; System.arraycopy(tokens, 0, all, 0, tokens.length); System.arraycopy(kpTokens, 0, all, tokens.length, kpTokens.length); tokens = all; } else { tokens = (tokens != null) ? tokens : kpTokens; } } return tokens; }
@Test public void testCreateExtension() throws Exception { Configuration conf = new Configuration(); Credentials credentials = new Credentials(); KeyProvider kp = new UserProvider.Factory().createProvider(new URI("user:///"), conf); KeyProviderDelegationTokenExtension kpDTE1 = KeyProviderDelegationTokenExtension .createKeyProviderDelegationTokenExtension(kp); Assert.assertNotNull(kpDTE1); // Default implementation should be a no-op and return null Assert.assertNull(kpDTE1.addDelegationTokens("user", credentials)); MockKeyProvider mock = mock(MockKeyProvider.class); Mockito.when(mock.getConf()).thenReturn(new Configuration()); when(mock.addDelegationTokens("renewer", credentials)).thenReturn( new Token<?>[]{new Token(null, null, new Text("kind"), new Text( "service"))} ); KeyProviderDelegationTokenExtension kpDTE2 = KeyProviderDelegationTokenExtension .createKeyProviderDelegationTokenExtension(mock); Token<?>[] tokens = kpDTE2.addDelegationTokens("renewer", credentials); Assert.assertNotNull(tokens); Assert.assertEquals("kind", tokens[0].getKind().toString()); }
@Test public void testCreateExtension() throws Exception { Configuration conf = new Configuration(); Credentials credentials = new Credentials(); KeyProvider kp = new UserProvider.Factory().createProvider(new URI("user:///"), conf); KeyProviderDelegationTokenExtension kpDTE1 = KeyProviderDelegationTokenExtension .createKeyProviderDelegationTokenExtension(kp); Assert.assertNotNull(kpDTE1); // Default implementation should be a no-op and return null Assert.assertNull(kpDTE1.addDelegationTokens("user", credentials)); MockKeyProvider mock = mock(MockKeyProvider.class); Mockito.when(mock.getConf()).thenReturn(new Configuration()); when(mock.addDelegationTokens("renewer", credentials)).thenReturn( new Token<?>[]{new Token(null, null, new Text("kind"), new Text( "service"))} ); KeyProviderDelegationTokenExtension kpDTE2 = KeyProviderDelegationTokenExtension .createKeyProviderDelegationTokenExtension(mock); Token<?>[] tokens = kpDTE2.addDelegationTokens("renewer", credentials); Assert.assertNotNull(tokens); Assert.assertEquals("kind", tokens[0].getKind().toString()); }
createKeyProviderDelegationTokenExtension(kp); Credentials credentials = new Credentials(); kpdte.addDelegationTokens("foo", credentials); Assert.assertEquals(1, credentials.getAllTokens().size()); InetSocketAddress kmsAddr = new InetSocketAddress(getKMSUrl().getHost(),