[
https://issues.apache.org/jira/browse/YARN-2232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14048587#comment-14048587
]
Hadoop QA commented on YARN-2232:
---------------------------------
{color:green}+1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12653327/apache-yarn-2232.2.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 1 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 1.3.9) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager.
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-YARN-Build/4157//testReport/
Console output: https://builds.apache.org/job/PreCommit-YARN-Build/4157//console
This message is automatically generated.
> ClientRMService doesn't allow delegation token owner to cancel their own
> token in secure mode
> ---------------------------------------------------------------------------------------------
>
> Key: YARN-2232
> URL: https://issues.apache.org/jira/browse/YARN-2232
> Project: Hadoop YARN
> Issue Type: Bug
> Reporter: Varun Vasudev
> Assignee: Varun Vasudev
> Attachments: apache-yarn-2232.0.patch, apache-yarn-2232.1.patch,
> apache-yarn-2232.2.patch
>
>
> The ClientRMSerivce doesn't allow delegation token owners to cancel their own
> tokens. The root cause is this piece of code from the cancelDelegationToken
> function -
> {noformat}
> String user = getRenewerForToken(token);
> ...
> private String getRenewerForToken(Token<RMDelegationTokenIdentifier> token)
> throws IOException {
> UserGroupInformation user = UserGroupInformation.getCurrentUser();
> UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
> // we can always renew our own tokens
> return loginUser.getUserName().equals(user.getUserName())
> ? token.decodeIdentifier().getRenewer().toString()
> : user.getShortUserName();
> }
> {noformat}
> It ends up passing the user short name to the cancelToken function whereas
> AbstractDelegationTokenSecretManager::cancelToken expects the full user name.
> This bug occurs in secure mode and is not an issue with simple auth.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
