You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-dev@hadoop.apache.org by "Andreas Neumann (JIRA)" <ji...@apache.org> on 2016/04/15 02:03:25 UTC
[jira] [Created] (HDFS-10296) FileContext.getDelegationTokens()
fails to obtain KMS delegation token
Andreas Neumann created HDFS-10296:
--------------------------------------
Summary: FileContext.getDelegationTokens() fails to obtain KMS delegation token
Key: HDFS-10296
URL: https://issues.apache.org/jira/browse/HDFS-10296
Project: Hadoop HDFS
Issue Type: Bug
Components: encryption
Affects Versions: 2.6.0
Environment: CDH 5.6 with a Java KMS
Reporter: Andreas Neumann
This little program demonstrates the problem: With FileSystem, we can get both the HDFS and the kms-dt token, whereas with FileContext, we can only obtain the HDFS delegation token.
{code}
public class SimpleTest {
public static void main(String[] args) throws IOException {
YarnConfiguration hConf = new YarnConfiguration();
String renewer = "renewer";
FileContext fc = FileContext.getFileContext(hConf);
List<Token<?>> tokens = fc.getDelegationTokens(new Path("/"), renewer);
for (Token<?> token : tokens) {
System.out.println("Token from FC: " + token);
}
FileSystem fs = FileSystem.get(hConf);
for (Token<?> token : fs.addDelegationTokens(renewer, new Credentials())) {
System.out.println("Token from FS: " + token);
}
}
}
{code}
Sample output (host/user name x'ed out):
{noformat}
Token from FC: Kind: HDFS_DELEGATION_TOKEN, Service: ha-hdfs:xxx, Ident: (HDFS_DELEGATION_TOKEN token 49 for xxx)
Token from FS: Kind: HDFS_DELEGATION_TOKEN, Service: ha-hdfs:xxx, Ident: (HDFS_DELEGATION_TOKEN token 50 for xxx)
Token from FS: Kind: kms-dt, Service: xx.xx.xx.xx:16000, Ident: 00 04 63 64 61 70 07 72 65 6e 65 77 65 72 00 8a 01 54 16 96 c2 95 8a 01 54 3a a3 46 95 0e 02
{noformat}
Apparently FileContext does not return the KMS token.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)