[jira] [Updated] (HADOOP-13627) Have an explicit KerberosAuthException for UGI to throw, text from public constants

Wed, 21 Sep 2016 16:31:47 -0700 

     [ 
https://issues.apache.org/jira/browse/HADOOP-13627?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Xiao Chen updated HADOOP-13627:
-------------------------------
    Attachment: HADOOP-13627.01.patch

Patch 1 attached to trigger a jenkins. Also ready for review.

Some things open for discussion:
bq. maybe, getUGIFromTicketCache to throw this rather than an RTE
I see your point, and I tend to agree. Would we consider this incompatible 
though? My guess is yes, then maybe we can defer it to hadoop 3.

bq. move things off simple IOEs
Converted all possible method signatures from IOE to {{KerberosAuthException}}. 
This should still be compatible since client used to see a superclass 
exception, IOE, thrown. Don't think we need to update {{SecurityUtil}}.

bq. keep KDiag in sync with this
Seems it's not catching IOE currently 
([example|https://github.com/apache/hadoop/blob/branch-3.0.0-alpha1/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/KDiag.java#L596])
 so I kept as-is. Feel free to point out if I missed anything.

> Have an explicit KerberosAuthException for UGI to throw, text from public 
> constants
> -----------------------------------------------------------------------------------
>
>                 Key: HADOOP-13627
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13627
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 2.7.3
>            Reporter: Steve Loughran
>            Assignee: Xiao Chen
>         Attachments: HADOOP-13627.01.patch
>
>
> UGI creates simple IOEs on failure, making it impossible to catch them, 
> ignore them, have smart retry logic around them, etc.
> # Have an explicit exception like {{KerberosAuthException extends 
> IOException}} to raise instead. We can't use {{AuthenticationException}} as 
> that doesn't extend IOE.
> # move {{UGI}}, {{SecurityUtil}} and things related off simple IOEs and into 
> the new one
> # review exceptions raised and consider if they can provide more information
> # for the strings that get created, put them as public static constants, so 
> that tests can look for them explicitly —tests that don't break if the text 
> is changed.
> # maybe, {{getUGIFromTicketCache}} to throw this rather than an RTE if no 
> login principals were found (it throws IOEs on login failures, after all)
> # keep KDiag in sync with this



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to