diff --git a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/metrics/FederationMBean.java b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/metrics/FederationMBean.java index 8f24fcbbd13..e33a77e039d 100644 --- a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/metrics/FederationMBean.java +++ b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/metrics/FederationMBean.java @@ -244,4 +244,10 @@ public interface FederationMBean { * @return String label for the current router state. */ String getRouterStatus(); + + /** + * Get the current number of delegation tokens in memory. + * @return number of DTs + */ + long getCurrentTokensCount(); } diff --git a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/metrics/FederationMetrics.java b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/metrics/FederationMetrics.java index a39f17d2a48..a196098b9d4 100644 --- a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/metrics/FederationMetrics.java +++ b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/metrics/FederationMetrics.java @@ -57,6 +57,7 @@ import org.apache.hadoop.hdfs.server.federation.router.RBFConfigKeys; import org.apache.hadoop.hdfs.server.federation.router.Router; import org.apache.hadoop.hdfs.server.federation.router.RouterRpcServer; +import org.apache.hadoop.hdfs.server.federation.router.security.RouterSecurityManager; import org.apache.hadoop.hdfs.server.federation.store.MembershipStore; import org.apache.hadoop.hdfs.server.federation.store.MountTableStore; import org.apache.hadoop.hdfs.server.federation.store.RouterStore; @@ -604,6 +605,16 @@ public String getRouterStatus() { return this.router.getRouterState().toString(); } + @Override + public long getCurrentTokensCount() { + RouterSecurityManager mgr = + this.router.getRpcServer().getRouterSecurityManager(); + if (mgr != null && mgr.getSecretManager() != null) { + return mgr.getSecretManager().getCurrentTokensSize(); + } + return -1; + } + /** * Build a set of unique values found in all namespaces. * diff --git a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/fs/contract/router/RouterHDFSContract.java b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/fs/contract/router/RouterHDFSContract.java index 46339a388b8..572da902fc3 100644 --- a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/fs/contract/router/RouterHDFSContract.java +++ b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/fs/contract/router/RouterHDFSContract.java @@ -47,8 +47,13 @@ public static void createCluster() throws IOException { } public static void createCluster(Configuration conf) throws IOException { + createCluster(true, 2, conf); + } + + public static void createCluster( + boolean ha, int numNameServices, Configuration conf) throws IOException { try { - cluster = new MiniRouterDFSCluster(true, 2, conf); + cluster = new MiniRouterDFSCluster(ha, numNameServices, conf); // Start NNs and DNs and wait until ready cluster.startCluster(conf); diff --git a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/fs/contract/router/TestRouterHDFSContractDelegationToken.java b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/fs/contract/router/TestRouterHDFSContractDelegationToken.java index 062079f1760..137c2ab8802 100644 --- a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/fs/contract/router/TestRouterHDFSContractDelegationToken.java +++ b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/fs/contract/router/TestRouterHDFSContractDelegationToken.java @@ -18,11 +18,18 @@ package org.apache.hadoop.fs.contract.router; +import static org.apache.hadoop.fs.contract.router.SecurityConfUtil.initSecurity; +import static org.apache.hadoop.hdfs.server.federation.metrics.TestFederationMetrics.FEDERATION_BEAN; + +import java.io.IOException; + import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.Path; import org.apache.hadoop.fs.contract.AbstractFSContract; import org.apache.hadoop.fs.contract.AbstractFSContractTestBase; import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier; +import org.apache.hadoop.hdfs.server.federation.FederationTestUtils; +import org.apache.hadoop.hdfs.server.federation.metrics.FederationMBean; import org.apache.hadoop.security.token.SecretManager; import org.apache.hadoop.security.token.Token; import org.junit.AfterClass; @@ -31,9 +38,6 @@ import org.junit.Test; import org.junit.rules.ExpectedException; -import java.io.IOException; -import static org.apache.hadoop.fs.contract.router.SecurityConfUtil.initSecurity; - /** * Test to verify router contracts for delegation token operations. */ @@ -42,7 +46,7 @@ public class TestRouterHDFSContractDelegationToken @BeforeClass public static void createCluster() throws Exception { - RouterHDFSContract.createCluster(initSecurity()); + RouterHDFSContract.createCluster(false, 1, initSecurity()); } @AfterClass @@ -60,6 +64,10 @@ protected AbstractFSContract createContract(Configuration conf) { @Test public void testRouterDelegationToken() throws Exception { + FederationMBean bean = FederationTestUtils.getBean( + FEDERATION_BEAN, FederationMBean.class); + // Initially there is no token in memory + assertEquals(0, bean.getCurrentTokensCount()); // Generate delegation token Token token = (Token) getFileSystem() @@ -81,6 +89,8 @@ public void testRouterDelegationToken() throws Exception { assertTrue(sequenceNumber > 0); long existingMaxTime = token.decodeIdentifier().getMaxDate(); assertTrue(identifier.getMaxDate() >= identifier.getIssueDate()); + // one token is expected after the generation + assertEquals(1, bean.getCurrentTokensCount()); // Renew delegation token long expiryTime = token.renew(initSecurity()); @@ -92,9 +102,11 @@ public void testRouterDelegationToken() throws Exception { identifier = token.decodeIdentifier(); assertEquals(identifier.getMasterKeyId(), masterKeyId); assertEquals(identifier.getSequenceNumber(), sequenceNumber); + assertEquals(1, bean.getCurrentTokensCount()); // Cancel delegation token token.cancel(initSecurity()); + assertEquals(0, bean.getCurrentTokensCount()); // Renew a cancelled token exceptionRule.expect(SecretManager.InvalidToken.class);