[ https://issues.apache.org/jira/browse/HADOOP-13627?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Xiao Chen updated HADOOP-13627: ------------------------------- Attachment: HADOOP-13627.01.patch Patch 1 attached to trigger a jenkins. Also ready for review. Some things open for discussion: bq. maybe, getUGIFromTicketCache to throw this rather than an RTE I see your point, and I tend to agree. Would we consider this incompatible though? My guess is yes, then maybe we can defer it to hadoop 3. bq. move things off simple IOEs Converted all possible method signatures from IOE to {{KerberosAuthException}}. This should still be compatible since client used to see a superclass exception, IOE, thrown. Don't think we need to update {{SecurityUtil}}. bq. keep KDiag in sync with this Seems it's not catching IOE currently ([example|https://github.com/apache/hadoop/blob/branch-3.0.0-alpha1/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/KDiag.java#L596]) so I kept as-is. Feel free to point out if I missed anything. > Have an explicit KerberosAuthException for UGI to throw, text from public > constants > ----------------------------------------------------------------------------------- > > Key: HADOOP-13627 > URL: https://issues.apache.org/jira/browse/HADOOP-13627 > Project: Hadoop Common > Issue Type: Sub-task > Components: security > Affects Versions: 2.7.3 > Reporter: Steve Loughran > Assignee: Xiao Chen > Attachments: HADOOP-13627.01.patch > > > UGI creates simple IOEs on failure, making it impossible to catch them, > ignore them, have smart retry logic around them, etc. > # Have an explicit exception like {{KerberosAuthException extends > IOException}} to raise instead. We can't use {{AuthenticationException}} as > that doesn't extend IOE. > # move {{UGI}}, {{SecurityUtil}} and things related off simple IOEs and into > the new one > # review exceptions raised and consider if they can provide more information > # for the strings that get created, put them as public static constants, so > that tests can look for them explicitly —tests that don't break if the text > is changed. > # maybe, {{getUGIFromTicketCache}} to throw this rather than an RTE if no > login principals were found (it throws IOEs on login failures, after all) > # keep KDiag in sync with this -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org