[
https://issues.apache.org/jira/browse/HDFS-17138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17753340#comment-17753340
]
ASF GitHub Bot commented on HDFS-17138:
---------------------------------------
goiri commented on code in PR #5921:
URL: https://github.com/apache/hadoop/pull/5921#discussion_r1291733842
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java:
##########
@@ -81,7 +81,12 @@ class AbstractDelegationTokenSecretManager<TokenIdent
= DelegationTokenSecretManagerMetrics.create();
private String formatTokenId(TokenIdent id) {
- return "(" + id + ")";
+ try {
+ return "(" + id + ")";
+ } catch (Exception e) {
+ LOG.warn("Exception in formatTokenId", e);
Review Comment:
What can this exception be?
##########
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/TestDelegationToken.java:
##########
@@ -376,4 +382,61 @@ public void testDelegationTokenIdentifierToString() throws
Exception {
" for SomeUser with renewer JobTracker",
dtId.toStringStable());
}
+
+ public static class MyDelegationTokenSecretManager extends
+ AbstractDelegationTokenSecretManager<DelegationTokenIdentifier> {
+ /**
+ * Create a secret manager
+ *
+ * @param delegationKeyUpdateInterval the number of milliseconds
for rolling
+ * new secret keys.
+ * @param delegationTokenMaxLifetime the maximum lifetime of the
delegation
+ * tokens in milliseconds
+ * @param delegationTokenRenewInterval how often the tokens must be
renewed
+ * in milliseconds
+ * @param delegationTokenRemoverScanInterval how often the tokens are
scanned
+ * for expired tokens in
milliseconds
+ */
+ public MyDelegationTokenSecretManager(long delegationKeyUpdateInterval,
+ long delegationTokenMaxLifetime, long delegationTokenRenewInterval,
+ long delegationTokenRemoverScanInterval) {
+ super(delegationKeyUpdateInterval,
+ delegationTokenMaxLifetime,
+ delegationTokenRenewInterval,
+ delegationTokenRemoverScanInterval);
+ }
+
+ @Override
+ public DelegationTokenIdentifier createIdentifier() {
+ return null;
+ }
+
+ @Override
+ public void logExpireTokens(Collection<DelegationTokenIdentifier>
expiredTokens) throws IOException {
+ super.logExpireTokens(expiredTokens);
+ }
+ }
+
+ @Test
+ public void testLogExpireTokensWhenChangeRules() {
+ MyDelegationTokenSecretManager myDtSecretManager =
+ new MyDelegationTokenSecretManager(10 * 1000, 10 * 1000, 10 * 1000, 10
* 1000);
+ setRules("RULE:[2:$1@$0](SomeUser.*)s/.*/SomeUser/");
+ DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(
+ new Text("SomeUser/[email protected]"),
+ new Text("SomeUser/[email protected]"),
+ new Text("SomeUser/[email protected]"));
+ Set<DelegationTokenIdentifier> expiredTokens = new HashSet();
+ expiredTokens.add(dtId);
+
+ setRules("RULE:[2:$1@$0](OtherUser.*)s/.*/OtherUser/");
+ // rules was modified, causing the existing tokens (May be loaded from
other storage systems like zookeeper)
+ // to fail to match the kerberos rules,
+ // return an exception that cannot be handled
+ try {
+ myDtSecretManager.logExpireTokens(expiredTokens);
+ } catch (Exception e) {
+ Assert.fail("Exception in logExpireTokens");
Review Comment:
If you just let the exception go through, it will fail the test anyway.
##########
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/TestDelegationToken.java:
##########
@@ -376,4 +382,61 @@ public void testDelegationTokenIdentifierToString() throws
Exception {
" for SomeUser with renewer JobTracker",
dtId.toStringStable());
}
+
+ public static class MyDelegationTokenSecretManager extends
+ AbstractDelegationTokenSecretManager<DelegationTokenIdentifier> {
+ /**
+ * Create a secret manager
+ *
+ * @param delegationKeyUpdateInterval the number of milliseconds
for rolling
+ * new secret keys.
+ * @param delegationTokenMaxLifetime the maximum lifetime of the
delegation
+ * tokens in milliseconds
+ * @param delegationTokenRenewInterval how often the tokens must be
renewed
+ * in milliseconds
+ * @param delegationTokenRemoverScanInterval how often the tokens are
scanned
+ * for expired tokens in
milliseconds
+ */
+ public MyDelegationTokenSecretManager(long delegationKeyUpdateInterval,
+ long delegationTokenMaxLifetime, long delegationTokenRenewInterval,
+ long delegationTokenRemoverScanInterval) {
+ super(delegationKeyUpdateInterval,
Review Comment:
Doesn't this happen automatically?
> RBF: We changed the hadoop.security.auth_to_local configuration of one
> router, the other routers stopped working
> ----------------------------------------------------------------------------------------------------------------
>
> Key: HDFS-17138
> URL: https://issues.apache.org/jira/browse/HDFS-17138
> Project: Hadoop HDFS
> Issue Type: Bug
> Environment: hadoop 3.3.0
> Reporter: Xiping Zhang
> Assignee: Xiping Zhang
> Priority: Major
> Labels: pull-request-available
> Attachments: image-2023-08-02-16-20-34-454.png,
> image-2023-08-03-10-32-03-457.png
>
>
> other routersĀ error logļ¼
> !image-2023-08-02-16-20-34-454.png!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
