[jira] [Updated] (KUDU-2379) Spark generates a broken authentication credentials PB
[ https://issues.apache.org/jira/browse/KUDU-2379?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Todd Lipcon updated KUDU-2379: -- Status: In Review (was: Open) > Spark generates a broken authentication credentials PB > -- > > Key: KUDU-2379 > URL: https://issues.apache.org/jira/browse/KUDU-2379 > Project: Kudu > Issue Type: Bug > Components: java, spark >Affects Versions: 1.7.0 >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Blocker > > KUDU-2259 introduced a regression which causes Spark to not work properly on > secure clusters. The issue is the following: > - the driver calls exportAuthenticationCredentials() > -- the client hasn't yet talked to the master, so it doesn't have any > credentials yet, despite having a keytab available > -- the code is as follows: > {code} > byte[] authnData = securityContext.exportAuthenticationCredentials(); > if (authnData != null) { > return Deferred.fromResult(authnData); > } > {code} > -- previously, authnData would be null in this case, and it would fall > through to connect to the cluster and then export a proper token. > -- with the new implementation, an authnData is returned which is devoid of > real credentials but contains a realUser. So, it's non-null, and it gets > returned immediately > - the tasks then get credentials with no tokens and can't connect -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KUDU-2379) Spark generates a broken authentication credentials PB
[ https://issues.apache.org/jira/browse/KUDU-2379?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Todd Lipcon updated KUDU-2379: -- Code Review: https://gerrit.cloudera.org/#/c/9814/ > Spark generates a broken authentication credentials PB > -- > > Key: KUDU-2379 > URL: https://issues.apache.org/jira/browse/KUDU-2379 > Project: Kudu > Issue Type: Bug > Components: java, spark >Affects Versions: 1.7.0 >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Blocker > > KUDU-2259 introduced a regression which causes Spark to not work properly on > secure clusters. The issue is the following: > - the driver calls exportAuthenticationCredentials() > -- the client hasn't yet talked to the master, so it doesn't have any > credentials yet, despite having a keytab available > -- the code is as follows: > {code} > byte[] authnData = securityContext.exportAuthenticationCredentials(); > if (authnData != null) { > return Deferred.fromResult(authnData); > } > {code} > -- previously, authnData would be null in this case, and it would fall > through to connect to the cluster and then export a proper token. > -- with the new implementation, an authnData is returned which is devoid of > real credentials but contains a realUser. So, it's non-null, and it gets > returned immediately > - the tasks then get credentials with no tokens and can't connect -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KUDU-2379) Spark generates a broken authentication credentials PB
[ https://issues.apache.org/jira/browse/KUDU-2379?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Todd Lipcon updated KUDU-2379: -- Resolution: Fixed Fix Version/s: 1.7.1 1.8.0 Status: Resolved (was: In Review) > Spark generates a broken authentication credentials PB > -- > > Key: KUDU-2379 > URL: https://issues.apache.org/jira/browse/KUDU-2379 > Project: Kudu > Issue Type: Bug > Components: java, spark >Affects Versions: 1.7.0 >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Blocker > Fix For: 1.8.0, 1.7.1 > > > KUDU-2259 introduced a regression which causes Spark to not work properly on > secure clusters. The issue is the following: > - the driver calls exportAuthenticationCredentials() > -- the client hasn't yet talked to the master, so it doesn't have any > credentials yet, despite having a keytab available > -- the code is as follows: > {code} > byte[] authnData = securityContext.exportAuthenticationCredentials(); > if (authnData != null) { > return Deferred.fromResult(authnData); > } > {code} > -- previously, authnData would be null in this case, and it would fall > through to connect to the cluster and then export a proper token. > -- with the new implementation, an authnData is returned which is devoid of > real credentials but contains a realUser. So, it's non-null, and it gets > returned immediately > - the tasks then get credentials with no tokens and can't connect -- This message was sent by Atlassian JIRA (v7.6.3#76005)