[jira] [Commented] (HADOOP-13815) TestKMS#testDelegationTokensOpsSimple and TestKMS#testDelegationTokensOpsKerberized Fails in Trunk

Tue, 15 Nov 2016 11:23:13 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-13815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15668003#comment-15668003
 ] 

Xiaoyu Yao commented on HADOOP-13815:
-------------------------------------

Thanks [~brahmareddy] for reporting the issue and [~xiaochen] for working on 
this.  
As an alternative, we can keep the original verification by decoding the KMS DT 
identifier like below. I've tested that both failure cases passed with the 
change below.

{code}
               } catch (Exception e) {
+                byte[] tokenId = token.getIdentifier();
+                DelegationTokenIdentifier identifier =
+                    new 
DelegationTokenIdentifier(KMSDelegationToken.TOKEN_KIND);
+                identifier.readFields(new DataInputStream(
+                        new ByteArrayInputStream(tokenId)));
+
                 GenericTestUtils.assertExceptionContains(
-                    "tries to renew a token with renewer", e);
+                    "tries to renew a token (" + identifier + ")", e);
               }
{code}

> TestKMS#testDelegationTokensOpsSimple and 
> TestKMS#testDelegationTokensOpsKerberized Fails in Trunk
> --------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-13815
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13815
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: test
>            Reporter: Brahma Reddy Battula
>            Assignee: Xiao Chen
>         Attachments: HADOOP-13815.01.patch, HADOOP-13815.02.patch
>
>
> {noformat}
> Expected to find 'tries to renew a token with renewer' but got unexpected 
> exception:java.io.IOException: HTTP status [403], message 
> [org.apache.hadoop.security.AccessControlException: client tries to renew a 
> token (kms-dt owner=client, renewer=client1, realUser=, 
> issueDate=1479025952525, maxDate=1479630752525, sequenceNumber=1, 
> masterKeyId=2) with non-matching renewer client1]
>  at 
> org.apache.hadoop.util.HttpExceptionUtils.validateResponse(HttpExceptionUtils.java:169)
>  at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.doDelegationTokenOperation(DelegationTokenAuthenticator.java:300)
>  at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.renewDelegationToken(DelegationTokenAuthenticator.java:216)
>  at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.renewDelegationToken(DelegationTokenAuthenticatedURL.java:415)
>  at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$2.run(KMSClientProvider.java:906)
>  at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$2.run(KMSClientProvider.java:903)
>  at java.security.AccessController.doPrivileged(Native Method)
>  at javax.security.auth.Subject.doAs(Subject.java:422)
>  at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1857)
>  at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.renewDelegationToken(KMSClientProvider.java:902)
>  at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$KMSTokenRenewer.renew(KMSClientProvider.java:183)
>  at org.apache.hadoop.security.token.Token.renew(Token.java:490)
>  at 
> org.apache.hadoop.crypto.key.kms.server.TestKMS$14$1.run(TestKMS.java:1820)
>  at 
> org.apache.hadoop.crypto.key.kms.server.TestKMS$14$1.run(TestKMS.java:1793)
>  at java.security.AccessController.doPrivileged(Native Method)
>  at javax.security.auth.Subject.doAs(Subject.java:422)
>  at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1857)
>  at org.apache.hadoop.crypto.key.kms.server.TestKMS.doAs(TestKMS.java:292)
>  at 
> org.apache.hadoop.crypto.key.kms.server.TestKMS.access$100(TestKMS.java:80)
>  at org.apache.hadoop.crypto.key.kms.server.TestKMS$14.call(TestKMS.java:1793)
>  at org.apache.hadoop.crypto.key.kms.server.TestKMS$14.call(TestKMS.java:1785)
>  at 
> org.apache.hadoop.crypto.key.kms.server.TestKMS.runServer(TestKMS.java:140)
>  at 
> org.apache.hadoop.crypto.key.kms.server.TestKMS.runServer(TestKMS.java:122)
>  at 
> org.apache.hadoop.crypto.key.kms.server.TestKMS.testDelegationTokensOps(TestKMS.java:1785)
>  at 
> org.apache.hadoop.crypto.key.kms.server.TestKMS.testDelegationTokensOpsKerberized(TestKMS.java:1768)
> {noformat}
>  *Reference:* 
> https://builds.apache.org/job/hadoop-qbt-trunk-java8-linux-x86/224/testReport/junit/



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to