Merge pull request #45 from OhJuhun/impelement-delegation-token-maxli…

…fetime Impelement delegation token maxlifetime
kzk · Mar 12, 2024 · 188f0d2 · 188f0d2
2 parents 1fc1f7d + 032c462
commit 188f0d2
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -102,8 +102,8 @@ Note that net/https and openssl libraries must be available:
 Note that [gssapi](https://github.com/zenchild/gssapi) library must be available:
 
     client = WebHDFS::Client.new('hostname', 14000)
-    # or if you want to use client delegation token with renewing per 8 hours
-    client = WebHDFS::Client.new('hostname', 14000, username, nil, nil, nil, {}, 8)
+    # or if you want to use client delegation token with renewing per 8 hours and delegation token max-lifetime is 7 days
+    client = WebHDFS::Client.new('hostname', 14000, username, nil, nil, nil, {}, 8, 168)
 
     client.kerberos = true
     client.kerberos_keytab = "/path/to/project.keytab"

diff --git a/lib/webhdfs/client_v1.rb b/lib/webhdfs/client_v1.rb
@@ -38,7 +38,7 @@ def ssl_verify_mode=(mode)
       @ssl_verify_mode = mode
     end
 
-    def initialize(host='localhost', port=50070, username=nil, doas=nil, proxy_address=nil, proxy_port=nil, http_headers={}, renew_kerberos_delegation_token_time_hour=nil)
+    def initialize(host='localhost', port=50070, username=nil, doas=nil, proxy_address=nil, proxy_port=nil, http_headers={}, renew_kerberos_delegation_token_time_hour=nil,kerberos_delegation_token_max_lifetime_hour=nil)
       @host = host
       @port = port
       @username = username
@@ -61,21 +61,27 @@ def initialize(host='localhost', port=50070, username=nil, doas=nil, proxy_addre
       @kerberos = false
       @kerberos_keytab = nil
       @renew_kerberos_delegation_token_time_hour = renew_kerberos_delegation_token_time_hour
+      @kerberos_delegation_token_max_lifetime_hour = kerberos_delegation_token_max_lifetime_hour
       @kerberos_delegation_token = nil
+      @kerberos_token_created_at = Time.now
       @kerberos_token_updated_at = Time.now
       @http_headers = http_headers
     end
 
     def should_kerberos_token_updated?
-      @kerberos_token_updated_at + (@renew_kerberos_delegation_token_time_hour * 60 * 60) <= Time.now
+      (@kerberos_token_updated_at + (@renew_kerberos_delegation_token_time_hour * 60 * 60) <= Time.now) || is_delegation_token_lifetime_expired?
     end
 
+    def is_delegation_token_lifetime_expired?
+      (@kerberos_token_created_at + (@kerberos_delegation_token_max_lifetime_hour * 60 * 60 ) <= Time.now)
+    end
 
     def get_cached_kerberos_delegation_token(force_renew=nil)
       return @kerberos_delegation_token if @kerberos_delegation_token && !should_kerberos_token_updated? && !force_renew
 
-      if !@kerberos_delegation_token || force_renew
+      if !@kerberos_delegation_token || force_renew || is_delegation_token_lifetime_expired?
         @kerberos_delegation_token = get_kerberos_delegation_token(@username)
+        @kerberos_token_created_at = Time.now
         @kerberos_token_updated_at = Time.now
       else
         renew_kerberos_delegation_token(@kerberos_delegation_token)