You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Varun Vasudev (JIRA)" <ji...@apache.org> on 2014/06/30 13:53:26 UTC
[jira] [Updated] (YARN-2232) ClientRMService doesn't allow
delegation token owner to cancel their own token
[ https://issues.apache.org/jira/browse/YARN-2232?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Varun Vasudev updated YARN-2232:
--------------------------------
Attachment: apache-yarn-2232.0.patch
Uploaded patch with fix.
> ClientRMService doesn't allow delegation token owner to cancel their own token
> ------------------------------------------------------------------------------
>
> Key: YARN-2232
> URL: https://issues.apache.org/jira/browse/YARN-2232
> Project: Hadoop YARN
> Issue Type: Bug
> Reporter: Varun Vasudev
> Assignee: Varun Vasudev
> Attachments: apache-yarn-2232.0.patch
>
>
> The ClientRMSerivce doesn't allow delegation token owners to cancel their own tokens. The root cause is this piece of code from the cancelDelegationToken function -
> {noformat}
> String user = getRenewerForToken(token);
> ...
> private String getRenewerForToken(Token<RMDelegationTokenIdentifier> token) throws IOException {
> UserGroupInformation user = UserGroupInformation.getCurrentUser();
> UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
> // we can always renew our own tokens
> return loginUser.getUserName().equals(user.getUserName())
> ? token.decodeIdentifier().getRenewer().toString()
> : user.getShortUserName();
> }
> {noformat}
> It ends up passing the user short name to the cancelToken function whereas AbstractDelegationTokenSecretManager::cancelToken expects the full user name.
--
This message was sent by Atlassian JIRA
(v6.2#6252)