[ https://issues.apache.org/jira/browse/YARN-1214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13772325#comment-13772325 ]
Bikas Saha commented on YARN-1214: ---------------------------------- Can you please mark the following with LimitedPrivate("RMStateStore") and leave a comment saying this is exposed only for state store. Normal operation must invoke the secret manager and not use the local key directly. Both in RMAppAttempt.java and RMAppAttemptImpl.java {code} RMAppAttemptImpl.getClientTokenMasterKey() {code} The first assert should be moved after moveCurrentAttemptToLaunchedState(). The second assert should be copied before moveCurrentAttemptToLaunchedState() and changed to false. {code} Assert.assertNull(report.getClientToAMToken()); + moveCurrentAttemptToLaunchedState(app.getCurrentAppAttempt()); report = app.createAndGetApplicationReport("clientuser", true); Assert.assertNotNull(report.getClientToAMToken()); {code} The first assert should be retained and change to assertNull. We can re-use the same assert (with true) instead of querying the secret manager for the master key. {code} + verify(clientToAMTokenManager).createMasterKey( applicationAttempt.getAppAttemptId()); - assertNotNull(applicationAttempt.createClientToken("some client")); } assertNull(applicationAttempt.createClientToken(null)); assertNotNull(applicationAttempt.getAMRMToken()); @@ -428,7 +429,10 @@ private void testAppAttemptLaunchedState(Container container) { assertEquals(RMAppAttemptState.LAUNCHED, applicationAttempt.getAppAttemptState()); assertEquals(container, applicationAttempt.getMasterContainer()); - + if (UserGroupInformation.isSecurityEnabled()) { + Assert.assertNotNull(clientToAMTokenManager + .getMasterKey(applicationAttempt.getAppAttemptId())); + } {code} TestClientToAMTokens. Assert that clientToken is null before and not null after. > Register ClientToken MasterKey in SecretManager after it is saved > ----------------------------------------------------------------- > > Key: YARN-1214 > URL: https://issues.apache.org/jira/browse/YARN-1214 > Project: Hadoop YARN > Issue Type: Sub-task > Components: resourcemanager > Reporter: Jian He > Assignee: Jian He > Attachments: YARN-1214.patch > > > Currently, app attempt ClientToken master key is registered before it is > saved. This can cause problem that before the master key is saved, client > gets the token and RM also crashes, RM cannot reloads the master key back > after it restarts as it is not saved. As a result, client is holding an > invalid token. > We can register the client token master key after it is saved in the store. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira