[
https://issues.apache.org/jira/browse/MAPREDUCE-3940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13410911#comment-13410911
]
Vinod Kumar Vavilapalli commented on MAPREDUCE-3940:
----------------------------------------------------
bq. For consistency with other managers, would it make more sense for the
expiration check to be in the secret manager, and for it to throw an
InvalidToken exception?
Unfortunately that can't be. That was how the earlier versions of the patch
were implemented but as Sid rightly caught a (big) bug above, that would make
us use the same expiry checks for stopContainer() and getContainerStatus()
calls as well, which is wrong - essentially nobody would be able to stop
containers or get statuses.
> ContainerTokens should have an expiry interval
> ----------------------------------------------
>
> Key: MAPREDUCE-3940
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3940
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2, security
> Affects Versions: 0.23.0
> Reporter: Vinod Kumar Vavilapalli
> Assignee: Vinod Kumar Vavilapalli
> Attachments: MAPREDUCE-3940-20120308.txt,
> MAPREDUCE-3940-20120416.txt, MAPREDUCE-3940-20120425.txt,
> MAPREDUCE-3940-20120709.txt, MAPREDUCE-3940-20120710.txt, MR3940.txt,
> MR3940.txt
>
>
> - RM should generate the expiry time for a container
> - A ContainerToken should have its expire time encoded
> - NMs should reject containers with expired tokens.
> - Expiry interval for a ContainerToken is same as the expiry interval for a
> container.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
