[ https://issues.apache.org/jira/browse/YARN-2232?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Varun Vasudev updated YARN-2232: -------------------------------- Attachment: apache-yarn-2232.0.patch Uploaded patch with fix. > ClientRMService doesn't allow delegation token owner to cancel their own token > ------------------------------------------------------------------------------ > > Key: YARN-2232 > URL: https://issues.apache.org/jira/browse/YARN-2232 > Project: Hadoop YARN > Issue Type: Bug > Reporter: Varun Vasudev > Assignee: Varun Vasudev > Attachments: apache-yarn-2232.0.patch > > > The ClientRMSerivce doesn't allow delegation token owners to cancel their own > tokens. The root cause is this piece of code from the cancelDelegationToken > function - > {noformat} > String user = getRenewerForToken(token); > ... > private String getRenewerForToken(Token<RMDelegationTokenIdentifier> token) > throws IOException { > UserGroupInformation user = UserGroupInformation.getCurrentUser(); > UserGroupInformation loginUser = UserGroupInformation.getLoginUser(); > // we can always renew our own tokens > return loginUser.getUserName().equals(user.getUserName()) > ? token.decodeIdentifier().getRenewer().toString() > : user.getShortUserName(); > } > {noformat} > It ends up passing the user short name to the cancelToken function whereas > AbstractDelegationTokenSecretManager::cancelToken expects the full user name. -- This message was sent by Atlassian JIRA (v6.2#6252)