Andreas Neumann created HDFS-10296:
--------------------------------------
Summary: FileContext.getDelegationTokens() fails to obtain KMS
delegation token
Key: HDFS-10296
URL: https://issues.apache.org/jira/browse/HDFS-10296
Project: Hadoop HDFS
Issue Type: Bug
Components: encryption
Affects Versions: 2.6.0
Environment: CDH 5.6 with a Java KMS
Reporter: Andreas Neumann
This little program demonstrates the problem: With FileSystem, we can get both
the HDFS and the kms-dt token, whereas with FileContext, we can only obtain the
HDFS delegation token.
{code}
public class SimpleTest {
public static void main(String[] args) throws IOException {
YarnConfiguration hConf = new YarnConfiguration();
String renewer = "renewer";
FileContext fc = FileContext.getFileContext(hConf);
List<Token<?>> tokens = fc.getDelegationTokens(new Path("/"), renewer);
for (Token<?> token : tokens) {
System.out.println("Token from FC: " + token);
}
FileSystem fs = FileSystem.get(hConf);
for (Token<?> token : fs.addDelegationTokens(renewer, new Credentials())) {
System.out.println("Token from FS: " + token);
}
}
}
{code}
Sample output (host/user name x'ed out):
{noformat}
Token from FC: Kind: HDFS_DELEGATION_TOKEN, Service: ha-hdfs:xxx, Ident:
(HDFS_DELEGATION_TOKEN token 49 for xxx)
Token from FS: Kind: HDFS_DELEGATION_TOKEN, Service: ha-hdfs:xxx, Ident:
(HDFS_DELEGATION_TOKEN token 50 for xxx)
Token from FS: Kind: kms-dt, Service: xx.xx.xx.xx:16000, Ident: 00 04 63 64 61
70 07 72 65 6e 65 77 65 72 00 8a 01 54 16 96 c2 95 8a 01 54 3a a3 46 95 0e 02
{noformat}
Apparently FileContext does not return the KMS token.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
