[
https://issues.apache.org/jira/browse/MAPREDUCE-6838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16127518#comment-16127518
]
Varun Saxena commented on MAPREDUCE-6838:
-----------------------------------------
I have added a E2E test case with security enabled, in the patch. This is to
primarily check if token goes all the way to AM and used by AM to publish
entities.
Have used a single kerberos principal for all the components, based on the
current user running the test.
Moreover, in AM, we use the job config which may not have same values of
hadoop.security.token.service.use_ip config as NM which generates the token. In
our deployments, we will keep this config same across both client and NM end
but not sure if we can make an assumption. So, for ATSv2, in
DelegationTokenAuthenticatedURL I have passed a flag to indicate if we can
ignore this config while looking for token in UGI. At the NM end, we would not
use the config to generate token service as well. Thoughts?
The patch depends on YARN-7006 so not submitting it.
> [ATSv2 Security] Add timeline delegation token received in allocate response
> to UGI
> -----------------------------------------------------------------------------------
>
> Key: MAPREDUCE-6838
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-6838
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Reporter: Varun Saxena
> Assignee: Varun Saxena
> Labels: yarn-5355-merge-blocker
> Attachments: MAPREDUCE-6838-YARN-5355.01.patch,
> MAPREDUCE-6838-YARN-5355.02.patch, MAPREDUCE-6838-YARN-5355.03.patch
>
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
