[
https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16737215#comment-16737215
]
Gabor Bota edited comment on HADOOP-14556 at 1/8/19 3:31 PM:
-------------------------------------------------------------
Thanks for working on this [[email protected]]!
Tested the newest patch against eu-west-1 with {{mvn verify -Dparallel-tests
-DtestsThreadCount=8 -Ds3guard -Ddynamo -Dauth}} (I usually run tests with
these params).
I had the following error:
{noformat}
[ERROR] Tests run: 6, Failures: 0, Errors: 2, Skipped: 0, Time elapsed: 20.79 s
<<< FAILURE! - in
org.apache.hadoop.fs.s3a.auth.delegation.ITestRoleDelegationTokens
[ERROR]
testCreateAndUseDT(org.apache.hadoop.fs.s3a.auth.delegation.ITestRoleDelegationTokens)
Time elapsed: 3.484 s <<< ERROR!
java.lang.IllegalStateException: No role ARN defined in fs.s3a.assumed.role.arn
at
com.google.common.base.Preconditions.checkState(Preconditions.java:145)
at
org.apache.hadoop.fs.s3a.auth.delegation.RoleTokenBinding.createTokenIdentifier(RoleTokenBinding.java:134)
at
org.apache.hadoop.fs.s3a.auth.delegation.RoleTokenBinding.createTokenIdentifier(RoleTokenBinding.java:50)
at
org.apache.hadoop.fs.s3a.auth.delegation.AbstractDelegationTokenBinding.createDelegationToken(AbstractDelegationTokenBinding.java:140)
at
org.apache.hadoop.fs.s3a.auth.delegation.S3ADelegationTokens.createDelegationToken(S3ADelegationTokens.java:422)
at
org.apache.hadoop.fs.s3a.auth.delegation.ITestSessionDelegationTokens.testCreateAndUseDT(ITestSessionDelegationTokens.java:176)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at
org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.junit.rules.TestWatcher$1.evaluate(TestWatcher.java:55)
at
org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:298)
at
org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:292)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.lang.Thread.run(Thread.java:748)
[ERROR]
testSaveLoadTokens(org.apache.hadoop.fs.s3a.auth.delegation.ITestRoleDelegationTokens)
Time elapsed: 2.145 s <<< ERROR!
java.lang.IllegalStateException: No role ARN defined in fs.s3a.assumed.role.arn
at
com.google.common.base.Preconditions.checkState(Preconditions.java:145)
at
org.apache.hadoop.fs.s3a.auth.delegation.RoleTokenBinding.createTokenIdentifier(RoleTokenBinding.java:134)
at
org.apache.hadoop.fs.s3a.auth.delegation.RoleTokenBinding.createTokenIdentifier(RoleTokenBinding.java:50)
at
org.apache.hadoop.fs.s3a.auth.delegation.AbstractDelegationTokenBinding.createDelegationToken(AbstractDelegationTokenBinding.java:140)
at
org.apache.hadoop.fs.s3a.auth.delegation.S3ADelegationTokens.createDelegationToken(S3ADelegationTokens.java:422)
at
org.apache.hadoop.fs.s3a.auth.delegation.ITestSessionDelegationTokens.testSaveLoadTokens(ITestSessionDelegationTokens.java:121)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at
org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.junit.rules.TestWatcher$1.evaluate(TestWatcher.java:55)
at
org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:298)
at
org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:292)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.lang.Thread.run(Thread.java:748)
{noformat}
But re-running just the {{ITestSessionDelegationTokens}} there were no errors.
Could this be a flaky test? (edit: no, this is failing when running the iTests
with the params above)
There are also some whitespace and checkstyle issues in the patch.
was (Author: gabor.bota):
Thanks for working on this [[email protected]]!
Tested the newest patch against eu-west-1 with {{mvn verify -Dparallel-tests
-DtestsThreadCount=8 -Ds3guard -Ddynamo -Dauth}} (I usually run tests with
these params).
I had the following error:
{noformat}
[ERROR] Tests run: 6, Failures: 0, Errors: 2, Skipped: 0, Time elapsed: 20.79 s
<<< FAILURE! - in
org.apache.hadoop.fs.s3a.auth.delegation.ITestRoleDelegationTokens
[ERROR]
testCreateAndUseDT(org.apache.hadoop.fs.s3a.auth.delegation.ITestRoleDelegationTokens)
Time elapsed: 3.484 s <<< ERROR!
java.lang.IllegalStateException: No role ARN defined in fs.s3a.assumed.role.arn
at
com.google.common.base.Preconditions.checkState(Preconditions.java:145)
at
org.apache.hadoop.fs.s3a.auth.delegation.RoleTokenBinding.createTokenIdentifier(RoleTokenBinding.java:134)
at
org.apache.hadoop.fs.s3a.auth.delegation.RoleTokenBinding.createTokenIdentifier(RoleTokenBinding.java:50)
at
org.apache.hadoop.fs.s3a.auth.delegation.AbstractDelegationTokenBinding.createDelegationToken(AbstractDelegationTokenBinding.java:140)
at
org.apache.hadoop.fs.s3a.auth.delegation.S3ADelegationTokens.createDelegationToken(S3ADelegationTokens.java:422)
at
org.apache.hadoop.fs.s3a.auth.delegation.ITestSessionDelegationTokens.testCreateAndUseDT(ITestSessionDelegationTokens.java:176)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at
org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.junit.rules.TestWatcher$1.evaluate(TestWatcher.java:55)
at
org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:298)
at
org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:292)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.lang.Thread.run(Thread.java:748)
[ERROR]
testSaveLoadTokens(org.apache.hadoop.fs.s3a.auth.delegation.ITestRoleDelegationTokens)
Time elapsed: 2.145 s <<< ERROR!
java.lang.IllegalStateException: No role ARN defined in fs.s3a.assumed.role.arn
at
com.google.common.base.Preconditions.checkState(Preconditions.java:145)
at
org.apache.hadoop.fs.s3a.auth.delegation.RoleTokenBinding.createTokenIdentifier(RoleTokenBinding.java:134)
at
org.apache.hadoop.fs.s3a.auth.delegation.RoleTokenBinding.createTokenIdentifier(RoleTokenBinding.java:50)
at
org.apache.hadoop.fs.s3a.auth.delegation.AbstractDelegationTokenBinding.createDelegationToken(AbstractDelegationTokenBinding.java:140)
at
org.apache.hadoop.fs.s3a.auth.delegation.S3ADelegationTokens.createDelegationToken(S3ADelegationTokens.java:422)
at
org.apache.hadoop.fs.s3a.auth.delegation.ITestSessionDelegationTokens.testSaveLoadTokens(ITestSessionDelegationTokens.java:121)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at
org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.junit.rules.TestWatcher$1.evaluate(TestWatcher.java:55)
at
org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:298)
at
org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:292)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.lang.Thread.run(Thread.java:748)
{noformat}
But re-running just the {{ITestSessionDelegationTokens}} there were no errors.
Could this be a flaky test?
There are also some whitespace and checkstyle issues in the patch.
> S3A to support Delegation Tokens
> --------------------------------
>
> Key: HADOOP-14556
> URL: https://issues.apache.org/jira/browse/HADOOP-14556
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
> Affects Versions: 3.3.0
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Priority: Major
> Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch,
> HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch,
> HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch,
> HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch,
> HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch,
> HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch,
> HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch,
> HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch,
> HADOOP-14556-024.patch, HADOOP-14556-025.patch, HADOOP-14556-026.patch,
> HADOOP-14556-027.patch, HADOOP-14556-028.patch, HADOOP-14556.oath-002.patch,
> HADOOP-14556.oath.patch
>
>
> S3A to support delegation tokens where
> * an authenticated client can request a token via
> {{FileSystem.getDelegationToken()}}
> * Amazon's token service is used to request short-lived session secret & id;
> these will be saved in the token and marshalled with jobs
> * A new authentication provider will look for a token for the current user
> and authenticate the user if found
> This will not support renewals; the lifespan of a token will be limited to
> the initial duration. Also, as you can't request an STS token from a
> temporary session, IAM instances won't be able to issue tokens.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
