diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.HDFS-1623.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.HDFS-1623.txt index 508860c57bc..bf685c91cf2 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.HDFS-1623.txt +++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.HDFS-1623.txt @@ -129,3 +129,5 @@ HDFS-2688. Add tests for quota tracking in an HA cluster. (todd) HDFS-2804. Should not mark blocks under-replicated when exiting safemode (todd) HDFS-2807. Service level authorizartion for HAServiceProtocol. (jitendra) + +HDFS-2809. Add test to verify that delegation tokens are honored after failover. (jitendra and atm) diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/ha/TestHAStateTransitions.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/ha/TestHAStateTransitions.java index fbeaa30a938..5197c6e7647 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/ha/TestHAStateTransitions.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/ha/TestHAStateTransitions.java @@ -19,6 +19,8 @@ import static org.junit.Assert.*; +import java.io.IOException; +import java.net.URISyntaxException; import java.util.concurrent.locks.ReentrantReadWriteLock; import org.apache.commons.logging.Log; @@ -31,13 +33,17 @@ import org.apache.hadoop.hdfs.DFSTestUtil; import org.apache.hadoop.hdfs.MiniDFSCluster; import org.apache.hadoop.hdfs.MiniDFSNNTopology; +import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier; import org.apache.hadoop.hdfs.server.namenode.NameNode; import org.apache.hadoop.hdfs.server.namenode.NameNodeAdapter; import org.apache.hadoop.io.IOUtils; +import org.apache.hadoop.io.Text; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.token.Token; import org.apache.hadoop.test.GenericTestUtils; import org.apache.hadoop.test.MultithreadedTestUtil.TestContext; import org.apache.hadoop.test.MultithreadedTestUtil.RepeatingTestThread; -import org.apache.tools.ant.taskdefs.WaitFor; +import org.junit.Assert; import org.junit.Test; import org.mockito.Mockito; @@ -251,4 +257,41 @@ public void testLeasesRenewedOnTransition() throws Exception { cluster.shutdown(); } } + + /** + * Test that delegation tokens continue to work after the failover. + */ + @Test + public void testDelegationTokensAfterFailover() throws IOException, + URISyntaxException { + Configuration conf = new Configuration(); + MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf) + .nnTopology(MiniDFSNNTopology.simpleHATopology()) + .numDataNodes(0) + .build(); + try { + cluster.waitActive(); + cluster.transitionToActive(0); + NameNode nn1 = cluster.getNameNode(0); + NameNode nn2 = cluster.getNameNode(1); + NameNodeAdapter.getDtSecretManager(nn1.getNamesystem()).startThreads(); + + String renewer = UserGroupInformation.getLoginUser().getUserName(); + Token token = nn1.getRpcServer() + .getDelegationToken(new Text(renewer)); + + LOG.info("Failing over to NN 1"); + cluster.transitionToStandby(0); + cluster.transitionToActive(1); + // Need to explicitly start threads because security is not enabled. + NameNodeAdapter.getDtSecretManager(nn2.getNamesystem()).startThreads(); + + nn2.getRpcServer().renewDelegationToken(token); + nn2.getRpcServer().cancelDelegationToken(token); + token = nn2.getRpcServer().getDelegationToken(new Text(renewer)); + Assert.assertTrue(token != null); + } finally { + cluster.shutdown(); + } + } }