[ https://issues.apache.org/jira/browse/HADOOP-7967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13291215#comment-13291215 ]
Daryn Sharp commented on HADOOP-7967: ------------------------------------- Certainly. I suggested in a May 8 comment to commit this minimal patch (essentially the original patch minus the bits that have since gone in on separate jiras), with the more extensive changes implemented on a followup jira. The high level summary of the patch for this jira: # I fixed the existing apis, with no semantic changes, in order to maintain backwards-compat # A filesystem's service always matches the token's service to prevent dups since tokens have always been fetched if a filesystem's service is not already in the creds # Ability to query a fs for its set of leaf filesystems # {{FileSystem}} obtains only missing tokens for a fs, instead of getting all tokens and ignoring the dups # {{ViewFileSystem}} won't get tokens for identical mountpoints # Implicit side-effects include being able to better stack multi-token and/or filtered filesystems The remaining followup work is the (incompatible) api changes, auto-population of the given credentials, and new methods like getting direct child filesystems. This patch does not conflict or complicate the larger goal since it only fixes the existing apis. > Need generalized multi-token filesystem support > ----------------------------------------------- > > Key: HADOOP-7967 > URL: https://issues.apache.org/jira/browse/HADOOP-7967 > Project: Hadoop Common > Issue Type: Bug > Components: fs, security > Affects Versions: 0.23.1, 0.24.0 > Reporter: Daryn Sharp > Assignee: Daryn Sharp > Attachments: HADOOP-7967-2.patch, HADOOP-7967-3.patch, > HADOOP-7967-4.patch, HADOOP-7967-compat.patch, HADOOP-7967.patch > > > Multi-token filesystem support and its interactions with the MR > {{TokenCache}} is problematic. The {{TokenCache}} tries to assume it has the > knowledge to know if the tokens for a filesystem are available, which it > can't possibly know for multi-token filesystems. Filtered filesystems are > also problematic, such as har on viewfs. When mergeFs is implemented, it too > will become a problem with the current implementation. Currently > {{FileSystem}} will leak tokens even when some tokens are already present. > The decision for token acquisition, and which tokens, should be pushed all > the way down into the {{FileSystem}} level. The {{TokenCache}} should be > ignorant and simply request tokens from each {{FileSystem}}. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira