[ https://issues.apache.org/jira/browse/HDFS-17138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17753340#comment-17753340 ]
ASF GitHub Bot commented on HDFS-17138: --------------------------------------- goiri commented on code in PR #5921: URL: https://github.com/apache/hadoop/pull/5921#discussion_r1291733842 ########## hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java: ########## @@ -81,7 +81,12 @@ class AbstractDelegationTokenSecretManager<TokenIdent = DelegationTokenSecretManagerMetrics.create(); private String formatTokenId(TokenIdent id) { - return "(" + id + ")"; + try { + return "(" + id + ")"; + } catch (Exception e) { + LOG.warn("Exception in formatTokenId", e); Review Comment: What can this exception be? ########## hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/TestDelegationToken.java: ########## @@ -376,4 +382,61 @@ public void testDelegationTokenIdentifierToString() throws Exception { " for SomeUser with renewer JobTracker", dtId.toStringStable()); } + + public static class MyDelegationTokenSecretManager extends + AbstractDelegationTokenSecretManager<DelegationTokenIdentifier> { + /** + * Create a secret manager + * + * @param delegationKeyUpdateInterval the number of milliseconds for rolling + * new secret keys. + * @param delegationTokenMaxLifetime the maximum lifetime of the delegation + * tokens in milliseconds + * @param delegationTokenRenewInterval how often the tokens must be renewed + * in milliseconds + * @param delegationTokenRemoverScanInterval how often the tokens are scanned + * for expired tokens in milliseconds + */ + public MyDelegationTokenSecretManager(long delegationKeyUpdateInterval, + long delegationTokenMaxLifetime, long delegationTokenRenewInterval, + long delegationTokenRemoverScanInterval) { + super(delegationKeyUpdateInterval, + delegationTokenMaxLifetime, + delegationTokenRenewInterval, + delegationTokenRemoverScanInterval); + } + + @Override + public DelegationTokenIdentifier createIdentifier() { + return null; + } + + @Override + public void logExpireTokens(Collection<DelegationTokenIdentifier> expiredTokens) throws IOException { + super.logExpireTokens(expiredTokens); + } + } + + @Test + public void testLogExpireTokensWhenChangeRules() { + MyDelegationTokenSecretManager myDtSecretManager = + new MyDelegationTokenSecretManager(10 * 1000, 10 * 1000, 10 * 1000, 10 * 1000); + setRules("RULE:[2:$1@$0](SomeUser.*)s/.*/SomeUser/"); + DelegationTokenIdentifier dtId = new DelegationTokenIdentifier( + new Text("SomeUser/h...@example.com"), + new Text("SomeUser/h...@example.com"), + new Text("SomeUser/h...@example.com")); + Set<DelegationTokenIdentifier> expiredTokens = new HashSet(); + expiredTokens.add(dtId); + + setRules("RULE:[2:$1@$0](OtherUser.*)s/.*/OtherUser/"); + // rules was modified, causing the existing tokens (May be loaded from other storage systems like zookeeper) + // to fail to match the kerberos rules, + // return an exception that cannot be handled + try { + myDtSecretManager.logExpireTokens(expiredTokens); + } catch (Exception e) { + Assert.fail("Exception in logExpireTokens"); Review Comment: If you just let the exception go through, it will fail the test anyway. ########## hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/TestDelegationToken.java: ########## @@ -376,4 +382,61 @@ public void testDelegationTokenIdentifierToString() throws Exception { " for SomeUser with renewer JobTracker", dtId.toStringStable()); } + + public static class MyDelegationTokenSecretManager extends + AbstractDelegationTokenSecretManager<DelegationTokenIdentifier> { + /** + * Create a secret manager + * + * @param delegationKeyUpdateInterval the number of milliseconds for rolling + * new secret keys. + * @param delegationTokenMaxLifetime the maximum lifetime of the delegation + * tokens in milliseconds + * @param delegationTokenRenewInterval how often the tokens must be renewed + * in milliseconds + * @param delegationTokenRemoverScanInterval how often the tokens are scanned + * for expired tokens in milliseconds + */ + public MyDelegationTokenSecretManager(long delegationKeyUpdateInterval, + long delegationTokenMaxLifetime, long delegationTokenRenewInterval, + long delegationTokenRemoverScanInterval) { + super(delegationKeyUpdateInterval, Review Comment: Doesn't this happen automatically? > RBF: We changed the hadoop.security.auth_to_local configuration of one > router, the other routers stopped working > ---------------------------------------------------------------------------------------------------------------- > > Key: HDFS-17138 > URL: https://issues.apache.org/jira/browse/HDFS-17138 > Project: Hadoop HDFS > Issue Type: Bug > Environment: hadoop 3.3.0 > Reporter: Xiping Zhang > Assignee: Xiping Zhang > Priority: Major > Labels: pull-request-available > Attachments: image-2023-08-02-16-20-34-454.png, > image-2023-08-03-10-32-03-457.png > > > other routersĀ error logļ¼ > !image-2023-08-02-16-20-34-454.png! -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org