[jira] [Updated] (HADOOP-13815) TestKMS#testDelegationTokensOpsSimple and TestKMS#testDelegationTokensOpsKerberized Fails in Trunk

Mon, 14 Nov 2016 21:15:59 -0800 

     [ 
https://issues.apache.org/jira/browse/HADOOP-13815?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Xiao Chen updated HADOOP-13815:
-------------------------------
    Attachment: HADOOP-13815.02.patch

Hi [~brahmareddy],

I didn't add the token itself to assertion because I think the test here is 
just verifying the renew action failed with another renewer. What the token 
decodes to is a bit irrelevant. Also understand your concern as there may be 
other 'tries to renew a token' instances, so changed to a more unique text in 
patch 2. What do you think?

About running tests... sorry for breaking this of course. I think that's a pain 
point now. Even if we manually run hadoop-common, the hdfs one in HADOOP-13813 
is still missing.... The only way I think would be to do a full unit-test run. 
:( We should keep in mind of this in the future, so when a hadoop-common change 
touches some basic things, we should diligently run a full test.
Since yarn also uses delegation tokens, I suggest to have a full run anyway to 
be sure. [~yzhangal], would you be able to do that?

> TestKMS#testDelegationTokensOpsSimple and 
> TestKMS#testDelegationTokensOpsKerberized Fails in Trunk
> --------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-13815
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13815
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: test
>            Reporter: Brahma Reddy Battula
>            Assignee: Xiao Chen
>         Attachments: HADOOP-13815.01.patch, HADOOP-13815.02.patch
>
>
> {noformat}
> Expected to find 'tries to renew a token with renewer' but got unexpected 
> exception:java.io.IOException: HTTP status [403], message 
> [org.apache.hadoop.security.AccessControlException: client tries to renew a 
> token (kms-dt owner=client, renewer=client1, realUser=, 
> issueDate=1479025952525, maxDate=1479630752525, sequenceNumber=1, 
> masterKeyId=2) with non-matching renewer client1]
>  at 
> org.apache.hadoop.util.HttpExceptionUtils.validateResponse(HttpExceptionUtils.java:169)
>  at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.doDelegationTokenOperation(DelegationTokenAuthenticator.java:300)
>  at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.renewDelegationToken(DelegationTokenAuthenticator.java:216)
>  at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.renewDelegationToken(DelegationTokenAuthenticatedURL.java:415)
>  at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$2.run(KMSClientProvider.java:906)
>  at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$2.run(KMSClientProvider.java:903)
>  at java.security.AccessController.doPrivileged(Native Method)
>  at javax.security.auth.Subject.doAs(Subject.java:422)
>  at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1857)
>  at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.renewDelegationToken(KMSClientProvider.java:902)
>  at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$KMSTokenRenewer.renew(KMSClientProvider.java:183)
>  at org.apache.hadoop.security.token.Token.renew(Token.java:490)
>  at 
> org.apache.hadoop.crypto.key.kms.server.TestKMS$14$1.run(TestKMS.java:1820)
>  at 
> org.apache.hadoop.crypto.key.kms.server.TestKMS$14$1.run(TestKMS.java:1793)
>  at java.security.AccessController.doPrivileged(Native Method)
>  at javax.security.auth.Subject.doAs(Subject.java:422)
>  at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1857)
>  at org.apache.hadoop.crypto.key.kms.server.TestKMS.doAs(TestKMS.java:292)
>  at 
> org.apache.hadoop.crypto.key.kms.server.TestKMS.access$100(TestKMS.java:80)
>  at org.apache.hadoop.crypto.key.kms.server.TestKMS$14.call(TestKMS.java:1793)
>  at org.apache.hadoop.crypto.key.kms.server.TestKMS$14.call(TestKMS.java:1785)
>  at 
> org.apache.hadoop.crypto.key.kms.server.TestKMS.runServer(TestKMS.java:140)
>  at 
> org.apache.hadoop.crypto.key.kms.server.TestKMS.runServer(TestKMS.java:122)
>  at 
> org.apache.hadoop.crypto.key.kms.server.TestKMS.testDelegationTokensOps(TestKMS.java:1785)
>  at 
> org.apache.hadoop.crypto.key.kms.server.TestKMS.testDelegationTokensOpsKerberized(TestKMS.java:1768)
> {noformat}
>  *Reference:* 
> https://builds.apache.org/job/hadoop-qbt-trunk-java8-linux-x86/224/testReport/junit/



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to