[
https://issues.apache.org/jira/browse/MAPREDUCE-4764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13493959#comment-13493959
]
Ivan A. Veselovsky commented on MAPREDUCE-4764:
-----------------------------------------------
Hi, Daryn,
I'd like to clarify our plan of improvements in this test.
Currently the test writes the token into a file, then sets the file name as
MRJobConfig.MAPREDUCE_JOB_CREDENTIALS_BINARY value in the config, and also
passes the same file name as a value of a dedicated config property
(KEY_SECURITY_TOKEN).
In the job: it gets the tokens from the job context
(context.getCredentials().getAllTokens()), and gets the delegation token from
there by the known key: let it be token X.
After that it gets the binary file name from the job config (key
KEY_SECURITY_TOKEN), reads the file, de-serializing the token: let it be token
Y.
Then the job asserts X.equals(Y).
This way the binary token propagation and serialization/de-serialization is
checked, and this pretty much corresponds to the test name.
As I understand, you suggested to check also that the same delegation token is
present in UserGroupInformation.getCurrentUser().getTokens(), right?
So, If I add this check, will you be okay with that test? Or, do you have other
suggestions on how to improve it?
> repair test org.apache.hadoop.mapreduce.security.TestBinaryTokenFile
> --------------------------------------------------------------------
>
> Key: MAPREDUCE-4764
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-4764
> Project: Hadoop Map/Reduce
> Issue Type: Improvement
> Reporter: Ivan A. Veselovsky
> Attachments: MAPREDUCE-4764-trunk.patch
>
>
> the test is @Ignore-ed, and fails being enabled.
> Suggested to repair it to fill the coverage gap.
> Problems fixed in the test:
> (1) MRConfig.FRAMEWORK_NAME and YarnConfiguration.RM_PRINCIPAL properties
> must be correctly set in the configuration to correctly enable the security
> in the way this test implies.
> (2) The property MRJobConfig.MAPREDUCE_JOB_CREDENTIALS_BINARY now is not
> passed into the Job configuration -- it is intentionally deleted from there.
> So, we pass the binary file name in another dedicated property.
> (3) The test was using deprecated cluster classes. All them are updated to
> the modern analogs.
> (4) The delegation token found in the job context is now correctly compared
> to the one deserialized from the binary file.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
