Andreas Neumann created HDFS-10296: -------------------------------------- Summary: FileContext.getDelegationTokens() fails to obtain KMS delegation token Key: HDFS-10296 URL: https://issues.apache.org/jira/browse/HDFS-10296 Project: Hadoop HDFS Issue Type: Bug Components: encryption Affects Versions: 2.6.0 Environment: CDH 5.6 with a Java KMS Reporter: Andreas Neumann
This little program demonstrates the problem: With FileSystem, we can get both the HDFS and the kms-dt token, whereas with FileContext, we can only obtain the HDFS delegation token. {code} public class SimpleTest { public static void main(String[] args) throws IOException { YarnConfiguration hConf = new YarnConfiguration(); String renewer = "renewer"; FileContext fc = FileContext.getFileContext(hConf); List<Token<?>> tokens = fc.getDelegationTokens(new Path("/"), renewer); for (Token<?> token : tokens) { System.out.println("Token from FC: " + token); } FileSystem fs = FileSystem.get(hConf); for (Token<?> token : fs.addDelegationTokens(renewer, new Credentials())) { System.out.println("Token from FS: " + token); } } } {code} Sample output (host/user name x'ed out): {noformat} Token from FC: Kind: HDFS_DELEGATION_TOKEN, Service: ha-hdfs:xxx, Ident: (HDFS_DELEGATION_TOKEN token 49 for xxx) Token from FS: Kind: HDFS_DELEGATION_TOKEN, Service: ha-hdfs:xxx, Ident: (HDFS_DELEGATION_TOKEN token 50 for xxx) Token from FS: Kind: kms-dt, Service: xx.xx.xx.xx:16000, Ident: 00 04 63 64 61 70 07 72 65 6e 65 77 65 72 00 8a 01 54 16 96 c2 95 8a 01 54 3a a3 46 95 0e 02 {noformat} Apparently FileContext does not return the KMS token. -- This message was sent by Atlassian JIRA (v6.3.4#6332)