[
https://issues.apache.org/jira/browse/HADOOP-13255?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiao Chen updated HADOOP-13255:
-------------------------------
Attachment: HADOOP-13255.03.patch
Thanks [~xyao] for the review and suggestions.
I'm neural on #1: it definitely touches less code path and hence safer. OTOH,
it feels like a good idea to try fix it in a more general way, to save us
efforts in finding and fixing all places in the caller.
For #2, please correct me if I misunderstood. The reason we have {{actualUgi}}
is that we want to perform the operation under the creator of the KMSCP.
{{UGI#doAs}} will do this, and once inside the {{doAs}}, {{UGI#getCurrentUser}}
will return the current user considering the doAs stack, which is
{{actualUgi}}. UGI getCurrentUser also has [a comment about
this|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java#L650].
I have added 1 code block in the unit test to show that proxy user works. Not
sure about how to test TOKEN programmatically, but manually verified it to work
as well. (Tested via the webhdsf case in HADOOP-12787, nice fix! :))
> KMSClientProvider should check and renew tgt when doing delegation token
> operations.
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-13255
> URL: https://issues.apache.org/jira/browse/HADOOP-13255
> Project: Hadoop Common
> Issue Type: Bug
> Components: kms
> Reporter: Xiao Chen
> Assignee: Xiao Chen
> Attachments: HADOOP-13255.01.patch, HADOOP-13255.02.patch,
> HADOOP-13255.03.patch
>
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
