Index: hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java =================================================================== diff -u -N -r6a34c9bb29dc3e0370b63b63f26229e3dc90cc13 -ra0c95ee1352bffdde56219e324f1d97505e69a6f --- hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java (.../OzoneDelegationTokenSecretManager.java) (revision 6a34c9bb29dc3e0370b63b63f26229e3dc90cc13) +++ hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java (.../OzoneDelegationTokenSecretManager.java) (revision a0c95ee1352bffdde56219e324f1d97505e69a6f) @@ -81,13 +81,16 @@ * milliseconds * @param dtRemoverScanInterval how often the tokens are scanned for expired * tokens in milliseconds + * @param certClient certificate client to SCM CA */ public OzoneDelegationTokenSecretManager(OzoneConfiguration conf, long tokenMaxLifetime, long tokenRenewInterval, long dtRemoverScanInterval, Text service, - S3SecretManager s3SecretManager) throws IOException { + S3SecretManager s3SecretManager, CertificateClient certClient) + throws IOException { super(new SecurityConfig(conf), tokenMaxLifetime, tokenRenewInterval, service, LOG); + setCertClient(certClient); currentTokens = new ConcurrentHashMap(); this.tokenRemoverScanInterval = dtRemoverScanInterval; this.s3SecretManager = (S3SecretManagerImpl) s3SecretManager; Index: hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretManager.java =================================================================== diff -u -N -rf10d49332522beca7cb7342e68b2acdbe4c974f8 -ra0c95ee1352bffdde56219e324f1d97505e69a6f --- hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretManager.java (.../OzoneSecretManager.java) (revision f10d49332522beca7cb7342e68b2acdbe4c974f8) +++ hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretManager.java (.../OzoneSecretManager.java) (revision a0c95ee1352bffdde56219e324f1d97505e69a6f) @@ -70,6 +70,7 @@ * @param tokenRenewInterval how often the tokens must be renewed in * milliseconds * @param service name of service + * @param logger logger for the secret manager */ public OzoneSecretManager(SecurityConfig secureConf, long tokenMaxLifetime, long tokenRenewInterval, Text service, Logger logger) { @@ -188,7 +189,7 @@ public synchronized void start(CertificateClient client) throws IOException { Preconditions.checkState(!isRunning()); - this.certClient = client; + setCertClient(client); updateCurrentKey(new KeyPair(certClient.getPublicKey(), certClient.getPrivateKey())); setIsRunning(true); @@ -247,5 +248,9 @@ public CertificateClient getCertClient() { return certClient; } + + public void setCertClient(CertificateClient client) { + this.certClient = client; + } } Index: hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java =================================================================== diff -u -N -r071caba5021cb3b5782b516c177541e7aadf4eac -ra0c95ee1352bffdde56219e324f1d97505e69a6f --- hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java (.../OzoneManager.java) (revision 071caba5021cb3b5782b516c177541e7aadf4eac) +++ hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java (.../OzoneManager.java) (revision a0c95ee1352bffdde56219e324f1d97505e69a6f) @@ -794,7 +794,7 @@ return new OzoneDelegationTokenSecretManager(conf, tokenMaxLifetime, tokenRenewInterval, tokenRemoverScanInterval, omRpcAddressTxt, - s3SecretManager); + s3SecretManager, certClient); } private OzoneBlockTokenSecretManager createBlockTokenSecretManager( Index: hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java =================================================================== diff -u -N -rf10d49332522beca7cb7342e68b2acdbe4c974f8 -ra0c95ee1352bffdde56219e324f1d97505e69a6f --- hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java (.../TestOzoneDelegationTokenSecretManager.java) (revision f10d49332522beca7cb7342e68b2acdbe4c974f8) +++ hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java (.../TestOzoneDelegationTokenSecretManager.java) (revision a0c95ee1352bffdde56219e324f1d97505e69a6f) @@ -169,19 +169,41 @@ validateHash(token.getPassword(), token.getIdentifier()); } - @Test - public void testRenewTokenSuccess() throws Exception { + private void restartSecretManager() throws IOException { + secretManager.stop(); + secretManager = null; secretManager = createSecretManager(conf, tokenMaxLifetime, expiryTime, tokenRemoverScanInterval); + } + + private void testRenewTokenSuccessHelper(boolean restartSecretManager) + throws Exception { + secretManager = createSecretManager(conf, tokenMaxLifetime, + expiryTime, tokenRemoverScanInterval); secretManager.start(certificateClient); Token token = secretManager.createToken(TEST_USER, TEST_USER, TEST_USER); Thread.sleep(10 * 5); + + if (restartSecretManager) { + restartSecretManager(); + } + long renewalTime = secretManager.renewToken(token, TEST_USER.toString()); Assert.assertTrue(renewalTime > 0); } + @Test + public void testReloadAndRenewToken() throws Exception { + testRenewTokenSuccessHelper(true); + } + + @Test + public void testRenewTokenSuccess() throws Exception { + testRenewTokenSuccessHelper(false); + } + /** * Tests failure for mismatch in renewer. */ @@ -375,6 +397,7 @@ createSecretManager(OzoneConfiguration config, long tokenMaxLife, long expiry, long tokenRemoverScanTime) throws IOException { return new OzoneDelegationTokenSecretManager(config, tokenMaxLife, - expiry, tokenRemoverScanTime, serviceRpcAdd, s3SecretManager); + expiry, tokenRemoverScanTime, serviceRpcAdd, s3SecretManager, + certificateClient); } } \ No newline at end of file