[
https://issues.apache.org/jira/browse/HIVE-26522?focusedWorklogId=807182&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-807182
]
ASF GitHub Bot logged work on HIVE-26522:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 08/Sep/22 21:04
Start Date: 08/Sep/22 21:04
Worklog Time Spent: 10m
Work Description: sonarcloud[bot] commented on PR #3585:
URL: https://github.com/apache/hive/pull/3585#issuecomment-1241232103
Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=3585)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3585&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3585&resolved=false&types=BUG)
[1
Bug](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3585&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3585&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3585&resolved=false&types=VULNERABILITY)
[0
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3585&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=3585&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=3585&resolved=false&types=SECURITY_HOTSPOT)
[0 Security
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=3585&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3585&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3585&resolved=false&types=CODE_SMELL)
[7 Code
Smells](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3585&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=3585&metric=coverage&view=list)
No Coverage information
[](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=3585&metric=duplicated_lines_density&view=list)
No Duplication information
Issue Time Tracking
-------------------
Worklog Id: (was: 807182)
Time Spent: 20m (was: 10m)
> Metastore DelegationToken renewal is ineffective
> ------------------------------------------------
>
> Key: HIVE-26522
> URL: https://issues.apache.org/jira/browse/HIVE-26522
> Project: Hive
> Issue Type: Bug
> Components: Standalone Metastore
> Affects Versions: 2.3.8, 3.1.3
> Reporter: Pavan Lanka
> Assignee: Pavan Lanka
> Priority: Major
> Labels: pull-request-available
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The HMS currently exposes method to renew an obtained delegation token
> {code:java}
> @Override
> public long renewDelegationToken(String tokenStrForm) throws MetaException,
> TException {
> if (localMetaStore) {
> return 0;
> }
> return client.renew_delegation_token(tokenStrForm);
> }{code}
> However on the server side, the renewal of the delegation token does not
> result in the update of the token information with the updated expiry
> {code:java}
> @Override
> public long renewToken(Token<DelegationTokenIdentifier> token, String
> renewer) throws IOException {
> // since renewal is KERBEROS authenticated token may not be cached
> final DelegationTokenIdentifier id = getTokenIdentifier(token);
> DelegationTokenInformation tokenInfo = this.tokenStore.getToken(id);
> if (tokenInfo == null) {
> throw new InvalidToken("token does not exist: " + id); // no token found
> }
> // ensure associated master key is available
> if (!super.allKeys.containsKey(id.getMasterKeyId())) {
> LOGGER.info("Unknown master key (id={}), (re)loading keys from token
> store.",
> id.getMasterKeyId());
> reloadKeys();
> }
> // reuse super renewal logic
> synchronized (this) {
> --> super.currentTokens.put(id, tokenInfo);
> try {
> --> return super.renewToken(token, renewer);
> } finally {
> --> super.currentTokens.remove(id);
> }
> }
> } {code}
> Here you can see that we populate the `super.currentTokens` perform the
> renewal and then remove the token without updating the `tokenStore`
>
> As a result of this even though the call for renewal is successful the
> renewal time is not updated for the token and the token is invalidated based
> on the initial expiry time i.e based on when the token was created.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
