[GitHub] spark pull request: [SPARK-11073] [core] [yarn] Remove akka depend...

Mon, 26 Oct 2015 07:11:55 -0700 

Github user tgravescs commented on a diff in the pull request:

    https://github.com/apache/spark/pull/9257#discussion_r42997294
  
    --- Diff: core/src/main/scala/org/apache/spark/SecurityManager.scala ---
    @@ -365,33 +366,37 @@ private[spark] class SecurityManager(sparkConf: 
SparkConf)
        * we throw an exception.
        */
       private def generateSecretKey(): String = {
    -    if (!isAuthenticationEnabled) return null
    -    // first check to see if the secret is already set, else generate a 
new one if on yarn
    -    val sCookie = if (SparkHadoopUtil.get.isYarnMode) {
    -      val secretKey = 
SparkHadoopUtil.get.getSecretKeyFromUserCredentials(sparkSecretLookupKey)
    -      if (secretKey != null) {
    -        logDebug("in yarn mode, getting secret from credentials")
    -        return new Text(secretKey).toString
    +    if (!isAuthenticationEnabled) {
    +      null
    +    } else if (SparkHadoopUtil.get.isYarnMode) {
    +      // In YARN mode, the secure cookie will be created by the driver and 
stashed in the
    +      // user's credentials, where executors can get it. The check for an 
array of size 0
    +      // is because of the test code in YarnSparkHadoopUtilSuite.
    +      val secretKey = 
SparkHadoopUtil.get.getSecretKeyFromUserCredentials(SECRET_LOOKUP_KEY)
    +      if (secretKey == null || secretKey.length == 0) {
    +        val rnd = new SecureRandom()
    +        val length = 
sparkConf.getInt("spark.authenticate.secretBitLength", 256) / 8
    +        val secret = new Array[Byte](length)
    +        rnd.nextBytes(secret)
    +
    +        val cookie = HashCodes.fromBytes(secret).toString()
    +        
SparkHadoopUtil.get.addSecretKeyToUserCredentials(SECRET_LOOKUP_KEY, cookie)
    +        cookie
           } else {
    -        logDebug("getSecretKey: yarn mode, secret key from credentials is 
null")
    --- End diff --
    
    any reason not to leave the debug messages?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to