[ https://issues.apache.org/jira/browse/HADOOP-13815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15668003#comment-15668003 ]
Xiaoyu Yao commented on HADOOP-13815: ------------------------------------- Thanks [~brahmareddy] for reporting the issue and [~xiaochen] for working on this. As an alternative, we can keep the original verification by decoding the KMS DT identifier like below. I've tested that both failure cases passed with the change below. {code} } catch (Exception e) { + byte[] tokenId = token.getIdentifier(); + DelegationTokenIdentifier identifier = + new DelegationTokenIdentifier(KMSDelegationToken.TOKEN_KIND); + identifier.readFields(new DataInputStream( + new ByteArrayInputStream(tokenId))); + GenericTestUtils.assertExceptionContains( - "tries to renew a token with renewer", e); + "tries to renew a token (" + identifier + ")", e); } {code} > TestKMS#testDelegationTokensOpsSimple and > TestKMS#testDelegationTokensOpsKerberized Fails in Trunk > -------------------------------------------------------------------------------------------------- > > Key: HADOOP-13815 > URL: https://issues.apache.org/jira/browse/HADOOP-13815 > Project: Hadoop Common > Issue Type: Bug > Components: test > Reporter: Brahma Reddy Battula > Assignee: Xiao Chen > Attachments: HADOOP-13815.01.patch, HADOOP-13815.02.patch > > > {noformat} > Expected to find 'tries to renew a token with renewer' but got unexpected > exception:java.io.IOException: HTTP status [403], message > [org.apache.hadoop.security.AccessControlException: client tries to renew a > token (kms-dt owner=client, renewer=client1, realUser=, > issueDate=1479025952525, maxDate=1479630752525, sequenceNumber=1, > masterKeyId=2) with non-matching renewer client1] > at > org.apache.hadoop.util.HttpExceptionUtils.validateResponse(HttpExceptionUtils.java:169) > at > org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.doDelegationTokenOperation(DelegationTokenAuthenticator.java:300) > at > org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.renewDelegationToken(DelegationTokenAuthenticator.java:216) > at > org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.renewDelegationToken(DelegationTokenAuthenticatedURL.java:415) > at > org.apache.hadoop.crypto.key.kms.KMSClientProvider$2.run(KMSClientProvider.java:906) > at > org.apache.hadoop.crypto.key.kms.KMSClientProvider$2.run(KMSClientProvider.java:903) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:422) > at > org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1857) > at > org.apache.hadoop.crypto.key.kms.KMSClientProvider.renewDelegationToken(KMSClientProvider.java:902) > at > org.apache.hadoop.crypto.key.kms.KMSClientProvider$KMSTokenRenewer.renew(KMSClientProvider.java:183) > at org.apache.hadoop.security.token.Token.renew(Token.java:490) > at > org.apache.hadoop.crypto.key.kms.server.TestKMS$14$1.run(TestKMS.java:1820) > at > org.apache.hadoop.crypto.key.kms.server.TestKMS$14$1.run(TestKMS.java:1793) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:422) > at > org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1857) > at org.apache.hadoop.crypto.key.kms.server.TestKMS.doAs(TestKMS.java:292) > at > org.apache.hadoop.crypto.key.kms.server.TestKMS.access$100(TestKMS.java:80) > at org.apache.hadoop.crypto.key.kms.server.TestKMS$14.call(TestKMS.java:1793) > at org.apache.hadoop.crypto.key.kms.server.TestKMS$14.call(TestKMS.java:1785) > at > org.apache.hadoop.crypto.key.kms.server.TestKMS.runServer(TestKMS.java:140) > at > org.apache.hadoop.crypto.key.kms.server.TestKMS.runServer(TestKMS.java:122) > at > org.apache.hadoop.crypto.key.kms.server.TestKMS.testDelegationTokensOps(TestKMS.java:1785) > at > org.apache.hadoop.crypto.key.kms.server.TestKMS.testDelegationTokensOpsKerberized(TestKMS.java:1768) > {noformat} > *Reference:* > https://builds.apache.org/job/hadoop-qbt-trunk-java8-linux-x86/224/testReport/junit/ -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org