[
https://issues.apache.org/jira/browse/YARN-1214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13772325#comment-13772325
]
Bikas Saha commented on YARN-1214:
----------------------------------
Can you please mark the following with LimitedPrivate("RMStateStore") and leave
a comment saying this is exposed only for state store. Normal operation must
invoke the secret manager and not use the local key directly. Both in
RMAppAttempt.java and RMAppAttemptImpl.java
{code}
RMAppAttemptImpl.getClientTokenMasterKey()
{code}
The first assert should be moved after moveCurrentAttemptToLaunchedState(). The
second assert should be copied before moveCurrentAttemptToLaunchedState() and
changed to false.
{code}
Assert.assertNull(report.getClientToAMToken());
+ moveCurrentAttemptToLaunchedState(app.getCurrentAppAttempt());
report = app.createAndGetApplicationReport("clientuser", true);
Assert.assertNotNull(report.getClientToAMToken());
{code}
The first assert should be retained and change to assertNull. We can re-use the
same assert (with true) instead of querying the secret manager for the master
key.
{code}
+ verify(clientToAMTokenManager).createMasterKey(
applicationAttempt.getAppAttemptId());
- assertNotNull(applicationAttempt.createClientToken("some client"));
}
assertNull(applicationAttempt.createClientToken(null));
assertNotNull(applicationAttempt.getAMRMToken());
@@ -428,7 +429,10 @@ private void testAppAttemptLaunchedState(Container
container) {
assertEquals(RMAppAttemptState.LAUNCHED,
applicationAttempt.getAppAttemptState());
assertEquals(container, applicationAttempt.getMasterContainer());
-
+ if (UserGroupInformation.isSecurityEnabled()) {
+ Assert.assertNotNull(clientToAMTokenManager
+ .getMasterKey(applicationAttempt.getAppAttemptId()));
+ }
{code}
TestClientToAMTokens. Assert that clientToken is null before and not null after.
> Register ClientToken MasterKey in SecretManager after it is saved
> -----------------------------------------------------------------
>
> Key: YARN-1214
> URL: https://issues.apache.org/jira/browse/YARN-1214
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: resourcemanager
> Reporter: Jian He
> Assignee: Jian He
> Attachments: YARN-1214.patch
>
>
> Currently, app attempt ClientToken master key is registered before it is
> saved. This can cause problem that before the master key is saved, client
> gets the token and RM also crashes, RM cannot reloads the master key back
> after it restarts as it is not saved. As a result, client is holding an
> invalid token.
> We can register the client token master key after it is saved in the store.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
