[
https://issues.apache.org/jira/browse/HADOOP-12563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15056987#comment-15056987
]
Matthew Paduano commented on HADOOP-12563:
------------------------------------------
I agree with the comment about addDelegationTokens. I changed the interface
in DtFetcher to
use this more general signature and included the Credentials object in the
interface so that the
DtFetcher implementation class may have full control over how the tokens are
placed into the
credentials map.
Re -fs and the abstraction used here: I agree that ServiceLoader<DtFetcher>
is "reabstracting"
one method (getDelegationToken) from the FileSystem layer. FileSystem et al
are nicely abstracted.
But FileSystem is not generalized to other services (e.g. Yarn). I think what
is needed here is a
generalization of that FileSystem abstraction. getServiceName, or something
like it, is needed
as a key to identify the implementation to use (this could be the generalized
analog of -fs, once
that analog exists).
Perhaps someone can think about the proper way to generalize implementations
across
different projects/services so that new service specific tools can be more
cleanly abstracted. I
think this is a separate JIRA from this one though. This ticket changes the
serialization format
of the token files and adds the ability to add multiple tokens to a single file.
The alias thing is a bit of a hack. We have discussed adding alias as a new
field (or using
the key from the credentials object) rather than overwriting the service field
in the token. But
in order to keep the scope of this ticket more limited, we decided to leave the
behavior as it
is for now so that we can get this new functionality rolled out. Changing that
behavior will
involve checking all the places Token is used.
> Updated utility to create/modify token files
> --------------------------------------------
>
> Key: HADOOP-12563
> URL: https://issues.apache.org/jira/browse/HADOOP-12563
> Project: Hadoop Common
> Issue Type: New Feature
> Affects Versions: 3.0.0
> Reporter: Allen Wittenauer
> Assignee: Matthew Paduano
> Attachments: HADOOP-12563.01.patch, HADOOP-12563.02.patch,
> HADOOP-12563.03.patch, HADOOP-12563.04.patch, HADOOP-12563.05.patch,
> HADOOP-12563.06.patch, example_dtutil_commands_and_output.txt,
> generalized_token_case.pdf
>
>
> hdfs fetchdt is missing some critical features and is geared almost
> exclusively towards HDFS operations. Additionally, the token files that are
> created use Java serializations which are hard/impossible to deal with in
> other languages. It should be replaced with a better utility in common that
> can read/write protobuf-based token files, has enough flexibility to be used
> with other services, and offers key functionality such as append and rename.
> The old version file format should still be supported for backward
> compatibility, but will be effectively deprecated.
> A follow-on JIRA will deprecrate fetchdt.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
