[
https://issues.apache.org/jira/browse/MAPREDUCE-4043?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jason Lowe updated MAPREDUCE-4043:
----------------------------------
Attachment: MAPREDUCE-4043.patch
Attaching patch with a test case.
It occurred to me that we may want to file a followup JIRA to clean up a few
things.
* It seems unnecessary to pass the job token and credentials separately when we
always combine the job token into the credentials before building the container
launch context.
* It's unclear to me whether we still need the appTokens file that is placed
into HDFS by the job submitter, localized by the NM, and finally read in by the
AM. I believe the AM's credentials sent in the AM's container launch context
already contains the same information.
> Secret keys set in Credentials are not seen by tasks
> ----------------------------------------------------
>
> Key: MAPREDUCE-4043
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-4043
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: mrv2, security
> Affects Versions: 0.23.2
> Reporter: Jason Lowe
> Assignee: Jason Lowe
> Priority: Blocker
> Attachments: MAPREDUCE-4043.patch, MAPREDUCE-4043.patch
>
>
> The following scenario works in 0.20.205 but no longer works in 0.23:
> 1) During job submission, a secret key is set by calling
> jobConf.getCredentials().addSecretKey(Text, byte[])
> 2) A map task retrieves the secret key by calling
> jobConf.getCredentials().getSecretKey(Text)
> In 205 the secret key is retrieved successfully but in 0.23 the secret key is
> missing.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
