[ https://issues.apache.org/jira/browse/YARN-2232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14047599#comment-14047599 ]
Hadoop QA commented on YARN-2232: --------------------------------- {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12653139/apache-yarn-2232.0.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 1 new or modified test files. {color:red}-1 javac{color:red}. The patch appears to cause the build to fail. Console output: https://builds.apache.org/job/PreCommit-YARN-Build/4143//console This message is automatically generated. > ClientRMService doesn't allow delegation token owner to cancel their own > token in secure mode > --------------------------------------------------------------------------------------------- > > Key: YARN-2232 > URL: https://issues.apache.org/jira/browse/YARN-2232 > Project: Hadoop YARN > Issue Type: Bug > Reporter: Varun Vasudev > Assignee: Varun Vasudev > Attachments: apache-yarn-2232.0.patch > > > The ClientRMSerivce doesn't allow delegation token owners to cancel their own > tokens. The root cause is this piece of code from the cancelDelegationToken > function - > {noformat} > String user = getRenewerForToken(token); > ... > private String getRenewerForToken(Token<RMDelegationTokenIdentifier> token) > throws IOException { > UserGroupInformation user = UserGroupInformation.getCurrentUser(); > UserGroupInformation loginUser = UserGroupInformation.getLoginUser(); > // we can always renew our own tokens > return loginUser.getUserName().equals(user.getUserName()) > ? token.decodeIdentifier().getRenewer().toString() > : user.getShortUserName(); > } > {noformat} > It ends up passing the user short name to the cancelToken function whereas > AbstractDelegationTokenSecretManager::cancelToken expects the full user name. > This bug occurs in secure mode and is not an issue with simple auth. -- This message was sent by Atlassian JIRA (v6.2#6252)