[jira] [Updated] (HADOOP-12659) Incorrect usage of config parameters in token manager of KMS

Fri, 18 Dec 2015 19:16:37 -0800 

     [ 
https://issues.apache.org/jira/browse/HADOOP-12659?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mingliang Liu updated HADOOP-12659:
-----------------------------------
    Status: Patch Available  (was: Open)

> Incorrect usage of config parameters in token manager of KMS
> ------------------------------------------------------------
>
>                 Key: HADOOP-12659
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12659
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.6.2, 2.7.1
>            Reporter: Tianyin Xu
>            Assignee: Mingliang Liu
>         Attachments: HADOOP-12659.000.patch
>
>
> Hi, the usage of the following configs of Key Management Server (KMS) are 
> problematic: 
> {{hadoop.kms.authentication.delegation-token.renew-interval.sec}}
> {{hadoop.kms.authentication.delegation-token.removal-scan-interval.sec}}
> The name indicates that the units are {{sec}}, and the online doc shows that 
> the default values are {{86400}} and {{3600}}, respectively.
> https://hadoop.apache.org/docs/stable/hadoop-kms/index.html
> which is also defined in
> {code:title=DelegationTokenManager.java|borderStyle=solid}
>  55   public static final String RENEW_INTERVAL = PREFIX + 
> "renew-interval.sec";
>  56   public static final long RENEW_INTERVAL_DEFAULT = 24 * 60 * 60;
>  ...
>  58   public static final String REMOVAL_SCAN_INTERVAL = PREFIX +
>  59       "removal-scan-interval.sec";
>  60   public static final long REMOVAL_SCAN_INTERVAL_DEFAULT = 60 * 60;
> {code}
> However, in {{DelegationTokenManager.java}} and 
> {{ZKDelegationTokenSecretManager.java}}, these two parameters are used 
> incorrectly.
> 1. *{{DelegationTokenManager.java}}*
> {code}
>  70           conf.getLong(RENEW_INTERVAL, RENEW_INTERVAL_DEFAULT) * 1000,
>  71           conf.getLong(REMOVAL_SCAN_INTERVAL, 
>  72               REMOVAL_SCAN_INTERVAL_DEFAULT * 1000));
> {code}
> Apparently, at Line 72, {{REMOVAL_SCAN_INTERVAL}} should be used in the same 
> way as {{RENEW_INTERVAL}}, like
> {code}
> 72c72
> <               REMOVAL_SCAN_INTERVAL_DEFAULT * 1000));
> ---
> >               REMOVAL_SCAN_INTERVAL_DEFAULT) * 1000);
> {code}
> Currently, the unit of 
> {{hadoop.kms.authentication.delegation-token.removal-scan-interval.sec}} is 
> not {{sec}} but {{millisec}}.
> 2. *{{ZKDelegationTokenSecretManager.java}}*
> {code}
> 142         conf.getLong(DelegationTokenManager.RENEW_INTERVAL,
> 143             DelegationTokenManager.RENEW_INTERVAL_DEFAULT * 1000),
> 144         conf.getLong(DelegationTokenManager.REMOVAL_SCAN_INTERVAL,
> 145             DelegationTokenManager.REMOVAL_SCAN_INTERVAL_DEFAULT) * 1000);
> {code}
>  The situation is the opposite in this class that 
> {{hadoop.kms.authentication.delegation-token.renew-interval.sec}} is wrong 
> but the other is correct...
> A patch should be like
> {code}
> 143c143
> <             DelegationTokenManager.RENEW_INTERVAL_DEFAULT * 1000),
> ---
> >             DelegationTokenManager.RENEW_INTERVAL_DEFAULT) * 1000,
> {code}
> Thanks!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to