Varun Vasudev created YARN-2232: ----------------------------------- Summary: ClientRMService doesn't allow delegation token owner to cancel their own token Key: YARN-2232 URL: https://issues.apache.org/jira/browse/YARN-2232 Project: Hadoop YARN Issue Type: Bug Reporter: Varun Vasudev Assignee: Varun Vasudev Attachments: apache-yarn-2232.0.patch
The ClientRMSerivce doesn't allow delegation token owners to cancel their own tokens. The root cause is this piece of code from the cancelDelegationToken function - {noformat} String user = getRenewerForToken(token); ... private String getRenewerForToken(Token<RMDelegationTokenIdentifier> token) throws IOException { UserGroupInformation user = UserGroupInformation.getCurrentUser(); UserGroupInformation loginUser = UserGroupInformation.getLoginUser(); // we can always renew our own tokens return loginUser.getUserName().equals(user.getUserName()) ? token.decodeIdentifier().getRenewer().toString() : user.getShortUserName(); } {noformat} It ends up passing the user short name to the cancelToken function whereas AbstractDelegationTokenSecretManager::cancelToken expects the full user name. -- This message was sent by Atlassian JIRA (v6.2#6252)